diff --git a/boot.php b/boot.php
index e1850fe29..9ccbfe667 100755
--- a/boot.php
+++ b/boot.php
@@ -9,9 +9,9 @@ require_once('include/nav.php');
require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica');
-define ( 'FRIENDICA_VERSION', '2.3.1235' );
+define ( 'FRIENDICA_VERSION', '2.3.1236' );
define ( 'DFRN_PROTOCOL_VERSION', '2.22' );
-define ( 'DB_UPDATE_VERSION', 1116 );
+define ( 'DB_UPDATE_VERSION', 1117 );
define ( 'EOL', "
\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
diff --git a/database.sql b/database.sql
index 5b7c870df..68b8ea076 100755
--- a/database.sql
+++ b/database.sql
@@ -769,4 +769,11 @@ INDEX ( `twit` ),
INDEX ( `stat` )
) ENGINE = MyISAM DEFAULT CHARSET=utf8;
+CREATE TABLE IF NOT EXISTS `manage` {
+`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`uid` INT NOT NULL ,
+`mid` INT NOT NULL,
+INDEX ( `uid` ),
+INDEX ( `mid` )
+) ENGINE = MyISAM DEFAULT CHARSET=utf8;
diff --git a/include/security.php b/include/security.php
index f3f16e1bc..394986f27 100755
--- a/include/security.php
+++ b/include/security.php
@@ -34,13 +34,30 @@ function authenticate_success($user_record, $login_initial = false, $interactive
$a->timezone = $a->user['timezone'];
}
- $r = q("SELECT `uid`,`username` FROM `user` WHERE `password` = '%s' AND `email` = '%s'",
- dbesc($a->user['password']),
- dbesc($a->user['email'])
+ $master_record = $a->user;
+ if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) {
+ $r = q("select * from user where uid = %d limit 1",
+ intval($_SESSION['submanage'])
+ );
+ if(count($r))
+ $master_record = $r[0];
+ }
+
+ $r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s'",
+ dbesc($master_record['password']),
+ dbesc($master_record['email'])
);
if(count($r))
$a->identities = $r;
+ else
+ $a->identities = array();
+ $r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` from manage left join user on manage.mid = user.uid
+ where `manage`.`uid` = %d",
+ intval($master_record['uid'])
+ );
+ if(count($r))
+ $a->identities = array_merge($a->identities,$r);
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
intval($_SESSION['uid']));
diff --git a/mod/manage.php b/mod/manage.php
index 41ec81129..ec4dcd8a0 100755
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -3,18 +3,56 @@
function manage_post(&$a) {
- if(! local_user() || ! is_array($a->identities))
+ if(! local_user())
return;
+ $uid = local_user();
+ $orig_record = $a->user;
+
+ if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) {
+ $r = q("select * from user where uid = %d limit 1",
+ intval($_SESSION['submanage'])
+ );
+ if(count($r)) {
+ $uid = intval($r[0]['uid']);
+ $orig_record = $r[0];
+ }
+ }
+
+ $r = q("select * from manage where uid = %d",
+ intval($uid)
+ );
+
+ $submanage = $r;
+
$identity = ((x($_POST['identity'])) ? intval($_POST['identity']) : 0);
if(! $identity)
return;
- $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1",
- intval($identity),
- dbesc($a->user['email']),
- dbesc($a->user['password'])
- );
+ $limited_id = 0;
+ $original_id = $uid;
+
+ if(count($submanage)) {
+ foreach($submanage as $m) {
+ if($identity == $m['mid']) {
+ $limited_id = $m['mid'];
+ break;
+ }
+ }
+ }
+
+ if($limited_id) {
+ $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+ intval($limited_id)
+ );
+ }
+ else {
+ $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1",
+ intval($identity),
+ dbesc($orig_record['email']),
+ dbesc($orig_record['password'])
+ );
+ }
if(! count($r))
return;
@@ -27,11 +65,15 @@ function manage_post(&$a) {
unset($_SESSION['theme']);
unset($_SESSION['page_flags']);
unset($_SESSION['return_url']);
-
+ if(x($_SESSION,'submanage'))
+ unset($_SESSION['submanage']);
require_once('include/security.php');
authenticate_success($r[0],true,true);
+ if($limited_id)
+ $_SESSION['submanage'] = $original_id;
+
goaway($a->get_baseurl() . '/profile/' . $a->user['nickname']);
// NOTREACHED
}
@@ -40,23 +82,15 @@ function manage_post(&$a) {
function manage_content(&$a) {
- if(! local_user() || ! is_array($a->identities)) {
+ if(! local_user()) {
notice( t('Permission denied.') . EOL);
return;
}
- $r = q("SELECT * FROM `user` WHERE `email` = '%s' AND `password` = '%s'",
- dbesc($a->user['email']),
- dbesc($a->user['password'])
- );
- if(! count($r))
- return;
-
-
$o = '