commit
5f0cb264af
6 changed files with 93 additions and 73 deletions
6
boot.php
6
boot.php
|
@ -1906,7 +1906,11 @@ if(! function_exists('feed_birthday')) {
|
|||
if(! function_exists('is_site_admin')) {
|
||||
function is_site_admin() {
|
||||
$a = get_app();
|
||||
if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && ($a->user['email'] === $a->config['admin_email']))
|
||||
|
||||
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
|
||||
|
||||
//if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && ($a->user['email'] === $a->config['admin_email']))
|
||||
if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && in_array($a->user['email'], $adminlist))
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -114,7 +114,10 @@ function create_user($arr) {
|
|||
// Disallow somebody creating an account using openid that uses the admin email address,
|
||||
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
|
||||
|
||||
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
|
||||
$adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email'])));
|
||||
|
||||
//if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
|
||||
if((x($a->config,'admin_email')) && in_array(strtolower($email), $adminlist) && strlen($openid_url)) {
|
||||
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
|
||||
dbesc($email)
|
||||
);
|
||||
|
|
|
@ -573,7 +573,6 @@ function admin_page_site(&$a) {
|
|||
'$advanced' => t('Advanced'),
|
||||
'$performance' => t('Performance'),
|
||||
'$relocate'=> t('Relocate - WARNING: advanced function. Could make this server unreachable.'),
|
||||
|
||||
'$baseurl' => $a->get_baseurl(true),
|
||||
// name, label, value, help string, extra data...
|
||||
'$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), 'UTF-8'),
|
||||
|
@ -843,7 +842,10 @@ function admin_page_users(&$a){
|
|||
);
|
||||
|
||||
function _setup_users($e){
|
||||
$a = get_app();
|
||||
$a = get_app();
|
||||
|
||||
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
|
||||
|
||||
$accounts = Array(
|
||||
t('Normal Account'),
|
||||
t('Soapbox Account'),
|
||||
|
@ -854,8 +856,9 @@ function admin_page_users(&$a){
|
|||
$e['register_date'] = relative_date($e['register_date']);
|
||||
$e['login_date'] = relative_date($e['login_date']);
|
||||
$e['lastitem_date'] = relative_date($e['lastitem_date']);
|
||||
$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
|
||||
$e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False);
|
||||
//$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
|
||||
$e['is_admin'] = in_array($e['email'], $adminlist);
|
||||
$e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False);
|
||||
return $e;
|
||||
}
|
||||
$users = array_map("_setup_users", $users);
|
||||
|
|
|
@ -9,7 +9,10 @@ function friendica_init(&$a) {
|
|||
$sql_extra = sprintf(" AND nickname = '%s' ",dbesc($a->config['admin_nickname']));
|
||||
}
|
||||
if (isset($a->config['admin_email']) && $a->config['admin_email']!=''){
|
||||
$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email']));
|
||||
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
|
||||
|
||||
//$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email']));
|
||||
$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($adminlist[0]));
|
||||
$admin = array(
|
||||
'name' => $r[0]['username'],
|
||||
'profile'=> $a->get_baseurl().'/profile/'.$r[0]['nickname'],
|
||||
|
|
|
@ -118,8 +118,11 @@ function register_post(&$a) {
|
|||
dbesc($lang)
|
||||
);
|
||||
|
||||
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
|
||||
|
||||
$r = q("SELECT `language` FROM `user` WHERE `email` = '%s' LIMIT 1",
|
||||
dbesc($a->config['admin_email'])
|
||||
//dbesc($a->config['admin_email'])
|
||||
dbesc($adminlist[0])
|
||||
);
|
||||
if(count($r))
|
||||
push_lang($r[0]['language']);
|
||||
|
|
|
@ -317,8 +317,8 @@ function settings_post(&$a) {
|
|||
if((x($_POST,'password')) || (x($_POST,'confirm'))) {
|
||||
|
||||
$newpass = $_POST['password'];
|
||||
$confirm = $_POST['confirm'];
|
||||
$oldpass = hash('whirlpool', $_POST['opassword']);
|
||||
$confirm = $_POST['confirm'];
|
||||
$oldpass = hash('whirlpool', $_POST['opassword']);
|
||||
|
||||
$err = false;
|
||||
if($newpass != $confirm ) {
|
||||
|
@ -420,21 +420,25 @@ function settings_post(&$a) {
|
|||
|
||||
if($email != $a->user['email']) {
|
||||
$email_changed = true;
|
||||
// check for the correct password
|
||||
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
|
||||
$password = hash('whirlpool', $_POST['mpassword']);
|
||||
if ($password != $r[0]['password']) {
|
||||
$err .= t('Wrong Password') . EOL;
|
||||
$email = $a->user['email'];
|
||||
}
|
||||
// check the email is valid
|
||||
if(! valid_email($email))
|
||||
$err .= t(' Not valid email.');
|
||||
// ensure new email is not the admin mail
|
||||
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
|
||||
$err .= t(' Cannot change to that email.');
|
||||
// check for the correct password
|
||||
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
|
||||
$password = hash('whirlpool', $_POST['mpassword']);
|
||||
if ($password != $r[0]['password']) {
|
||||
$err .= t('Wrong Password') . EOL;
|
||||
$email = $a->user['email'];
|
||||
}
|
||||
// check the email is valid
|
||||
if(! valid_email($email))
|
||||
$err .= t(' Not valid email.');
|
||||
// ensure new email is not the admin mail
|
||||
//if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
|
||||
if(x($a->config,'admin_email')) {
|
||||
$adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email'])));
|
||||
if (in_array(strtolower($email), $adminlist)) {
|
||||
$err .= t(' Cannot change to that email.');
|
||||
$email = $a->user['email'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(strlen($err)) {
|
||||
|
|
Loading…
Reference in a new issue