From d42f86e2189efd5d097209542210e0d80b4dca3b Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 8 Feb 2018 22:18:34 +0000 Subject: [PATCH] We can now delegate again like before --- boot.php | 2 +- include/security.php | 33 ++++++++++++++++++++++++++++----- mod/manage.php | 34 ++++++++++++++++++++++++++++------ src/Database/DBStructure.php | 1 + 4 files changed, 58 insertions(+), 12 deletions(-) diff --git a/boot.php b/boot.php index feca503997..6816915417 100644 --- a/boot.php +++ b/boot.php @@ -39,7 +39,7 @@ define('FRIENDICA_PLATFORM', 'Friendica'); define('FRIENDICA_CODENAME', 'Asparagus'); define('FRIENDICA_VERSION', '3.6-dev'); define('DFRN_PROTOCOL_VERSION', '2.23'); -define('DB_UPDATE_VERSION', 1251); +define('DB_UPDATE_VERSION', 1252); define('NEW_UPDATE_ROUTINE_VERSION', 1170); /** diff --git a/include/security.php b/include/security.php index 45f8d86b10..af424df26c 100644 --- a/include/security.php +++ b/include/security.php @@ -107,12 +107,35 @@ function authenticate_success($user_record, $login_initial = false, $interactive } } - $r = dba::select('user', ['uid', 'username', 'nickname'], - ['password' => $master_record['password'], 'email' => $master_record['email'], 'account_removed' => false]); - if (DBM::is_result($r)) { - $a->identities = dba::inArray($r); + if ($master_record['parent-uid'] == 0) { + // First add our own entry + $a->identities = [['uid' => $master_record['uid'], + 'username' => $master_record['username'], + 'nickname' => $master_record['nickname']]]; + + // Then add all the children + $r = dba::select('user', ['uid', 'username', 'nickname'], + ['parent-uid' => $master_record['uid'], 'account_removed' => false]); + if (DBM::is_result($r)) { + $a->identities = array_merge($a->identities, dba::inArray($r)); + } } else { + // Just ensure that the array is always defined $a->identities = []; + + // First entry is our parent + $r = dba::select('user', ['uid', 'username', 'nickname'], + ['uid' => $master_record['parent-uid'], 'account_removed' => false]); + if (DBM::is_result($r)) { + $a->identities = dba::inArray($r); + } + + // Then add all siblings + $r = dba::select('user', ['uid', 'username', 'nickname'], + ['parent-uid' => $master_record['parent-uid'], 'account_removed' => false]); + if (DBM::is_result($r)) { + $a->identities = array_merge($a->identities, dba::inArray($r)); + } } $r = dba::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname` @@ -146,7 +169,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive // Set the login date for all identities of the user dba::update('user', ['login_date' => DateTimeFormat::utcNow()], - ['password' => $master_record['password'], 'email' => $master_record['email'], 'account_removed' => false]); + ['parent-uid' => $master_record['uid'], 'account_removed' => false]); } if ($login_initial) { diff --git a/mod/manage.php b/mod/manage.php index a454d41473..0f60e704e4 100644 --- a/mod/manage.php +++ b/mod/manage.php @@ -35,8 +35,8 @@ function manage_post(App $a) { $submanage = $r; - $identity = ((x($_POST['identity'])) ? intval($_POST['identity']) : 0); - if (! $identity) { + $identity = (x($_POST['identity']) ? intval($_POST['identity']) : 0); + if (!$identity) { return; } @@ -57,14 +57,36 @@ function manage_post(App $a) { intval($limited_id) ); } else { - $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1", + // Check if the target user is one of our children + $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1", intval($identity), - dbesc($orig_record['email']), - dbesc($orig_record['password']) + dbesc($orig_record['uid']) ); + + // Check if the target user is one of our siblings + if (!DBM::is_result($r) && ($orig_record['parent-uid'] != 0)) { + $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1", + intval($identity), + dbesc($orig_record['parent-uid']) + ); + } + + // Check if it's our parent + if (!DBM::is_result($r) && ($orig_record['parent-uid'] != 0) && ($orig_record['parent-uid'] == $identity)) { + $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", + intval($identity) + ); + } + + // Finally check if it's out own user + if (!DBM::is_result($r) && ($orig_record['uid'] != 0) && ($orig_record['uid'] == $identity)) { + $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", + intval($identity) + ); + } } - if (! DBM::is_result($r)) { + if (!DBM::is_result($r)) { return; } diff --git a/src/Database/DBStructure.php b/src/Database/DBStructure.php index 9ab866de9d..9c3c0d82a3 100644 --- a/src/Database/DBStructure.php +++ b/src/Database/DBStructure.php @@ -1707,6 +1707,7 @@ class DBStructure "comment" => "The local users", "fields" => [ "uid" => ["type" => "mediumint", "not null" => "1", "extra" => "auto_increment", "primary" => "1", "comment" => ""], + "parent-uid" => ["type" => "mediumint", "not null" => "1", "default" => "0", "relation" => ["user" => "uid"], "comment" => "The parent user that has full control about this user"], "guid" => ["type" => "varchar(64)", "not null" => "1", "default" => "", "comment" => ""], "username" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], "password" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],