commit
5f0cb264af
6 changed files with 93 additions and 73 deletions
6
boot.php
6
boot.php
|
@ -1906,7 +1906,11 @@ if(! function_exists('feed_birthday')) {
|
||||||
if(! function_exists('is_site_admin')) {
|
if(! function_exists('is_site_admin')) {
|
||||||
function is_site_admin() {
|
function is_site_admin() {
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && ($a->user['email'] === $a->config['admin_email']))
|
|
||||||
|
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
|
||||||
|
|
||||||
|
//if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && ($a->user['email'] === $a->config['admin_email']))
|
||||||
|
if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && in_array($a->user['email'], $adminlist))
|
||||||
return true;
|
return true;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -114,7 +114,10 @@ function create_user($arr) {
|
||||||
// Disallow somebody creating an account using openid that uses the admin email address,
|
// Disallow somebody creating an account using openid that uses the admin email address,
|
||||||
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
|
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
|
||||||
|
|
||||||
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
|
$adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email'])));
|
||||||
|
|
||||||
|
//if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
|
||||||
|
if((x($a->config,'admin_email')) && in_array(strtolower($email), $adminlist) && strlen($openid_url)) {
|
||||||
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
|
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
|
||||||
dbesc($email)
|
dbesc($email)
|
||||||
);
|
);
|
||||||
|
|
|
@ -573,7 +573,6 @@ function admin_page_site(&$a) {
|
||||||
'$advanced' => t('Advanced'),
|
'$advanced' => t('Advanced'),
|
||||||
'$performance' => t('Performance'),
|
'$performance' => t('Performance'),
|
||||||
'$relocate'=> t('Relocate - WARNING: advanced function. Could make this server unreachable.'),
|
'$relocate'=> t('Relocate - WARNING: advanced function. Could make this server unreachable.'),
|
||||||
|
|
||||||
'$baseurl' => $a->get_baseurl(true),
|
'$baseurl' => $a->get_baseurl(true),
|
||||||
// name, label, value, help string, extra data...
|
// name, label, value, help string, extra data...
|
||||||
'$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), 'UTF-8'),
|
'$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), 'UTF-8'),
|
||||||
|
@ -843,7 +842,10 @@ function admin_page_users(&$a){
|
||||||
);
|
);
|
||||||
|
|
||||||
function _setup_users($e){
|
function _setup_users($e){
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
|
|
||||||
|
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
|
||||||
|
|
||||||
$accounts = Array(
|
$accounts = Array(
|
||||||
t('Normal Account'),
|
t('Normal Account'),
|
||||||
t('Soapbox Account'),
|
t('Soapbox Account'),
|
||||||
|
@ -854,8 +856,9 @@ function admin_page_users(&$a){
|
||||||
$e['register_date'] = relative_date($e['register_date']);
|
$e['register_date'] = relative_date($e['register_date']);
|
||||||
$e['login_date'] = relative_date($e['login_date']);
|
$e['login_date'] = relative_date($e['login_date']);
|
||||||
$e['lastitem_date'] = relative_date($e['lastitem_date']);
|
$e['lastitem_date'] = relative_date($e['lastitem_date']);
|
||||||
$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
|
//$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
|
||||||
$e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False);
|
$e['is_admin'] = in_array($e['email'], $adminlist);
|
||||||
|
$e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False);
|
||||||
return $e;
|
return $e;
|
||||||
}
|
}
|
||||||
$users = array_map("_setup_users", $users);
|
$users = array_map("_setup_users", $users);
|
||||||
|
|
|
@ -9,7 +9,10 @@ function friendica_init(&$a) {
|
||||||
$sql_extra = sprintf(" AND nickname = '%s' ",dbesc($a->config['admin_nickname']));
|
$sql_extra = sprintf(" AND nickname = '%s' ",dbesc($a->config['admin_nickname']));
|
||||||
}
|
}
|
||||||
if (isset($a->config['admin_email']) && $a->config['admin_email']!=''){
|
if (isset($a->config['admin_email']) && $a->config['admin_email']!=''){
|
||||||
$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email']));
|
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
|
||||||
|
|
||||||
|
//$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email']));
|
||||||
|
$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($adminlist[0]));
|
||||||
$admin = array(
|
$admin = array(
|
||||||
'name' => $r[0]['username'],
|
'name' => $r[0]['username'],
|
||||||
'profile'=> $a->get_baseurl().'/profile/'.$r[0]['nickname'],
|
'profile'=> $a->get_baseurl().'/profile/'.$r[0]['nickname'],
|
||||||
|
|
|
@ -118,8 +118,11 @@ function register_post(&$a) {
|
||||||
dbesc($lang)
|
dbesc($lang)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
|
||||||
|
|
||||||
$r = q("SELECT `language` FROM `user` WHERE `email` = '%s' LIMIT 1",
|
$r = q("SELECT `language` FROM `user` WHERE `email` = '%s' LIMIT 1",
|
||||||
dbesc($a->config['admin_email'])
|
//dbesc($a->config['admin_email'])
|
||||||
|
dbesc($adminlist[0])
|
||||||
);
|
);
|
||||||
if(count($r))
|
if(count($r))
|
||||||
push_lang($r[0]['language']);
|
push_lang($r[0]['language']);
|
||||||
|
|
|
@ -317,8 +317,8 @@ function settings_post(&$a) {
|
||||||
if((x($_POST,'password')) || (x($_POST,'confirm'))) {
|
if((x($_POST,'password')) || (x($_POST,'confirm'))) {
|
||||||
|
|
||||||
$newpass = $_POST['password'];
|
$newpass = $_POST['password'];
|
||||||
$confirm = $_POST['confirm'];
|
$confirm = $_POST['confirm'];
|
||||||
$oldpass = hash('whirlpool', $_POST['opassword']);
|
$oldpass = hash('whirlpool', $_POST['opassword']);
|
||||||
|
|
||||||
$err = false;
|
$err = false;
|
||||||
if($newpass != $confirm ) {
|
if($newpass != $confirm ) {
|
||||||
|
@ -420,21 +420,25 @@ function settings_post(&$a) {
|
||||||
|
|
||||||
if($email != $a->user['email']) {
|
if($email != $a->user['email']) {
|
||||||
$email_changed = true;
|
$email_changed = true;
|
||||||
// check for the correct password
|
// check for the correct password
|
||||||
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
|
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
|
||||||
$password = hash('whirlpool', $_POST['mpassword']);
|
$password = hash('whirlpool', $_POST['mpassword']);
|
||||||
if ($password != $r[0]['password']) {
|
if ($password != $r[0]['password']) {
|
||||||
$err .= t('Wrong Password') . EOL;
|
$err .= t('Wrong Password') . EOL;
|
||||||
$email = $a->user['email'];
|
|
||||||
}
|
|
||||||
// check the email is valid
|
|
||||||
if(! valid_email($email))
|
|
||||||
$err .= t(' Not valid email.');
|
|
||||||
// ensure new email is not the admin mail
|
|
||||||
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
|
|
||||||
$err .= t(' Cannot change to that email.');
|
|
||||||
$email = $a->user['email'];
|
$email = $a->user['email'];
|
||||||
}
|
}
|
||||||
|
// check the email is valid
|
||||||
|
if(! valid_email($email))
|
||||||
|
$err .= t(' Not valid email.');
|
||||||
|
// ensure new email is not the admin mail
|
||||||
|
//if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
|
||||||
|
if(x($a->config,'admin_email')) {
|
||||||
|
$adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email'])));
|
||||||
|
if (in_array(strtolower($email), $adminlist)) {
|
||||||
|
$err .= t(' Cannot change to that email.');
|
||||||
|
$email = $a->user['email'];
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(strlen($err)) {
|
if(strlen($err)) {
|
||||||
|
|
Loading…
Reference in a new issue