tobias/friendica
1
0
Fork 0
Code Pull requests Activity

Merge pull request #843 from annando/master

Browse source 
multiple admin mails
This commit is contained in:
fabrixxm 2013-12-02 00:35:13 -08:00
parent acd29f22a0 70e017745a
commit 5f0cb264af
6 changed files with 93 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
boot.php
View file

@ -1906,7 +1906,11 @@ if(! function_exists('feed_birthday')) {
if(! function_exists('is_site_admin')) { if(! function_exists('is_site_admin')) {
function is_site_admin() { function is_site_admin() {
$a = get_app(); $a = get_app();
if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && ($a->user['email'] === $a->config['admin_email']))
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
//if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && ($a->user['email'] === $a->config['admin_email']))
if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && in_array($a->user['email'], $adminlist))
return true; return true;
return false; return false;
} }

11
include/user.php
View file

@ -31,7 +31,7 @@ function create_user($arr) {
$publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0); $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0);
$netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
$tmp_str = $openid_url; $tmp_str = $openid_url;
if($using_invites) { if($using_invites) {
@ -96,7 +96,7 @@ function create_user($arr) {
// $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
// So now we are just looking for a space in the full name. // So now we are just looking for a space in the full name.
$loose_reg = get_config('system','no_regfullname'); $loose_reg = get_config('system','no_regfullname');
if(! $loose_reg) { if(! $loose_reg) {
$username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
@ -110,11 +110,14 @@ function create_user($arr) {
if((! valid_email($email)) || (! validate_email($email))) if((! valid_email($email)) || (! validate_email($email)))
$result['message'] .= t('Not a valid email address.') . EOL; $result['message'] .= t('Not a valid email address.') . EOL;
// Disallow somebody creating an account using openid that uses the admin email address, // Disallow somebody creating an account using openid that uses the admin email address,
// since openid bypasses email verification. We'll allow it if there is not yet an admin account. // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email'])));
//if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
if((x($a->config,'admin_email')) && in_array(strtolower($email), $adminlist) && strlen($openid_url)) {
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
dbesc($email) dbesc($email)
); );

67
mod/admin.php
View file

@ -71,7 +71,7 @@ function admin_post(&$a){
} }
goaway($a->get_baseurl(true) . '/admin' ); goaway($a->get_baseurl(true) . '/admin' );
return; // NOTREACHED return; // NOTREACHED
} }
/** /**
@ -199,7 +199,7 @@ function admin_page_summary(&$a) {
$r = q("SELECT COUNT(id) as `count` FROM `register`"); $r = q("SELECT COUNT(id) as `count` FROM `register`");
$pending = $r[0]['count']; $pending = $r[0]['count'];
$r = q("select count(*) as total from deliverq where 1"); $r = q("select count(*) as total from deliverq where 1");
$deliverq = (($r) ? $r[0]['total'] : 0); $deliverq = (($r) ? $r[0]['total'] : 0);
@ -431,7 +431,7 @@ function admin_page_site_post(&$a){
set_config('system','maximagesize', $maximagesize); set_config('system','maximagesize', $maximagesize);
set_config('system','max_image_length', $maximagelength); set_config('system','max_image_length', $maximagelength);
set_config('system','jpeg_quality', $jpegimagequality); set_config('system','jpeg_quality', $jpegimagequality);
set_config('config','register_policy', $register_policy); set_config('config','register_policy', $register_policy);
set_config('system','max_daily_registrations', $daily_registrations); set_config('system','max_daily_registrations', $daily_registrations);
set_config('system','account_abandon_days', $abandon_days); set_config('system','account_abandon_days', $abandon_days);
@ -468,7 +468,7 @@ function admin_page_site_post(&$a){
set_config('system','ostatus_poll_interval', $ostatus_poll_interval); set_config('system','ostatus_poll_interval', $ostatus_poll_interval);
set_config('system','diaspora_enabled', $diaspora_enabled); set_config('system','diaspora_enabled', $diaspora_enabled);
set_config('config','private_addons', $private_addons); set_config('config','private_addons', $private_addons);
set_config('system','old_share', $old_share); set_config('system','old_share', $old_share);
set_config('system','hide_help', $hide_help); set_config('system','hide_help', $hide_help);
set_config('system','use_fulltext_engine', $use_fulltext_engine); set_config('system','use_fulltext_engine', $use_fulltext_engine);
@ -477,7 +477,7 @@ function admin_page_site_post(&$a){
set_config('system','lockpath', $lockpath); set_config('system','lockpath', $lockpath);
set_config('system','temppath', $temppath); set_config('system','temppath', $temppath);
set_config('system','basepath', $basepath); set_config('system','basepath', $basepath);
info( t('Site settings updated.') . EOL); info( t('Site settings updated.') . EOL);
goaway($a->get_baseurl(true) . '/admin/site' ); goaway($a->get_baseurl(true) . '/admin/site' );
return; // NOTREACHED return; // NOTREACHED
@ -489,11 +489,11 @@ function admin_page_site_post(&$a){
* @return string * @return string
*/ */
function admin_page_site(&$a) { function admin_page_site(&$a) {
/* Installed langs */ /* Installed langs */
$lang_choices = array(); $lang_choices = array();
$langs = glob('view/*/strings.php'); $langs = glob('view/*/strings.php');
if(is_array($langs) && count($langs)) { if(is_array($langs) && count($langs)) {
if(! in_array('view/en/strings.php',$langs)) if(! in_array('view/en/strings.php',$langs))
$langs[] = 'view/en/'; $langs[] = 'view/en/';
@ -503,7 +503,7 @@ function admin_page_site(&$a) {
$lang_choices[$t[1]] = $t[1]; $lang_choices[$t[1]] = $t[1];
} }
} }
/* Installed themes */ /* Installed themes */
$theme_choices = array(); $theme_choices = array();
$theme_choices_mobile = array(); $theme_choices_mobile = array();
@ -573,7 +573,6 @@ function admin_page_site(&$a) {
'$advanced' => t('Advanced'), '$advanced' => t('Advanced'),
'$performance' => t('Performance'), '$performance' => t('Performance'),
'$relocate'=> t('Relocate - WARNING: advanced function. Could make this server unreachable.'), '$relocate'=> t('Relocate - WARNING: advanced function. Could make this server unreachable.'),
'$baseurl' => $a->get_baseurl(true), '$baseurl' => $a->get_baseurl(true),
// name, label, value, help string, extra data... // name, label, value, help string, extra data...
'$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), 'UTF-8'), '$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), 'UTF-8'),
@ -604,7 +603,7 @@ function admin_page_site(&$a) {
'$enotify_no_content' => array('enotify_no_content', t("Don't include post content in email notifications"), get_config('system','enotify_no_content'), t("Don't include the content of a post/comment/private message/etc. in the email notifications that are sent out from this site, as a privacy measure.")), '$enotify_no_content' => array('enotify_no_content', t("Don't include post content in email notifications"), get_config('system','enotify_no_content'), t("Don't include the content of a post/comment/private message/etc. in the email notifications that are sent out from this site, as a privacy measure.")),
'$private_addons' => array('private_addons', t("Disallow public access to addons listed in the apps menu."), get_config('config','private_addons'), t("Checking this box will restrict addons listed in the apps menu to members only.")), '$private_addons' => array('private_addons', t("Disallow public access to addons listed in the apps menu."), get_config('config','private_addons'), t("Checking this box will restrict addons listed in the apps menu to members only.")),
'$disable_embedded' => array('disable_embedded', t("Don't embed private images in posts"), get_config('system','disable_embedded'), t("Don't replace locally-hosted private photos in posts with an embedded copy of the image. This means that contacts who receive posts containing private photos will have to authenticate and load each image, which may take a while.")), '$disable_embedded' => array('disable_embedded', t("Don't embed private images in posts"), get_config('system','disable_embedded'), t("Don't replace locally-hosted private photos in posts with an embedded copy of the image. This means that contacts who receive posts containing private photos will have to authenticate and load each image, which may take a while.")),
'$no_multi_reg' => array('no_multi_reg', t("Block multiple registrations"), get_config('system','block_extended_register'), t("Disallow users to register additional accounts for use as pages.")), '$no_multi_reg' => array('no_multi_reg', t("Block multiple registrations"), get_config('system','block_extended_register'), t("Disallow users to register additional accounts for use as pages.")),
'$no_openid' => array('no_openid', t("OpenID support"), !get_config('system','no_openid'), t("OpenID support for registration and logins.")), '$no_openid' => array('no_openid', t("OpenID support"), !get_config('system','no_openid'), t("OpenID support for registration and logins.")),
'$no_regfullname' => array('no_regfullname', t("Fullname check"), !get_config('system','no_regfullname'), t("Force users to register with a space between firstname and lastname in Full name, as an antispam measure")), '$no_regfullname' => array('no_regfullname', t("Fullname check"), !get_config('system','no_regfullname'), t("Force users to register with a space between firstname and lastname in Full name, as an antispam measure")),
@ -692,7 +691,7 @@ function admin_page_dbsync(&$a) {
'$mark' => t('Mark success (if update was manually applied)'), '$mark' => t('Mark success (if update was manually applied)'),
'$apply' => t('Attempt to execute this update step automatically'), '$apply' => t('Attempt to execute this update step automatically'),
'$failed' => $failed '$failed' => $failed
)); ));
return $o; return $o;
@ -711,7 +710,7 @@ function admin_page_users_post(&$a){
$nu_email = ( x($_POST, 'new_user_email') ? $_POST['new_user_email'] : ''); $nu_email = ( x($_POST, 'new_user_email') ? $_POST['new_user_email'] : '');
check_form_security_token_redirectOnErr('/admin/users', 'admin_users'); check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
if (!($nu_name==="") && !($nu_email==="") && !($nu_nickname==="")) { if (!($nu_name==="") && !($nu_email==="") && !($nu_nickname==="")) {
require_once('include/user.php'); require_once('include/user.php');
require_once('include/email.php'); require_once('include/email.php');
@ -739,7 +738,7 @@ function admin_page_users_post(&$a){
info( t('Registration successful. Email send to user').EOL ); info( t('Registration successful. Email send to user').EOL );
} }
} }
if (x($_POST,'page_users_block')){ if (x($_POST,'page_users_block')){
foreach($users as $uid){ foreach($users as $uid){
q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s", q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s",
@ -755,7 +754,7 @@ function admin_page_users_post(&$a){
} }
notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) ); notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) );
} }
if (x($_POST,'page_users_approve')){ if (x($_POST,'page_users_approve')){
require_once("mod/regmod.php"); require_once("mod/regmod.php");
foreach($pending as $hash){ foreach($pending as $hash){
@ -769,7 +768,7 @@ function admin_page_users_post(&$a){
} }
} }
goaway($a->get_baseurl(true) . '/admin/users' ); goaway($a->get_baseurl(true) . '/admin/users' );
return; // NOTREACHED return; // NOTREACHED
} }
/** /**
@ -784,14 +783,14 @@ function admin_page_users(&$a){
notice( 'User not found' . EOL); notice( 'User not found' . EOL);
goaway($a->get_baseurl(true) . '/admin/users' ); goaway($a->get_baseurl(true) . '/admin/users' );
return ''; // NOTREACHED return ''; // NOTREACHED
} }
switch($a->argv[2]){ switch($a->argv[2]){
case "delete":{ case "delete":{
check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
// delete user // delete user
require_once("include/Contact.php"); require_once("include/Contact.php");
user_remove($uid); user_remove($uid);
notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL); notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL);
}; break; }; break;
case "block":{ case "block":{
@ -805,16 +804,16 @@ function admin_page_users(&$a){
} }
goaway($a->get_baseurl(true) . '/admin/users' ); goaway($a->get_baseurl(true) . '/admin/users' );
return ''; // NOTREACHED return ''; // NOTREACHED
} }
/* get pending */ /* get pending */
$pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email` $pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
FROM `register` FROM `register`
LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid` LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid`
LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;"); LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;");
/* get users */ /* get users */
$total = q("SELECT count(*) as total FROM `user` where 1"); $total = q("SELECT count(*) as total FROM `user` where 1");
@ -822,8 +821,8 @@ function admin_page_users(&$a){
$a->set_pager_total($total[0]['total']); $a->set_pager_total($total[0]['total']);
$a->set_pager_itemspage(100); $a->set_pager_itemspage(100);
} }
$users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro`, `lastitem`.`lastitem_date`, `user`.`account_expired` $users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro`, `lastitem`.`lastitem_date`, `user`.`account_expired`
FROM FROM
(SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid` (SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid`
@ -841,11 +840,14 @@ function admin_page_users(&$a){
intval($a->pager['start']), intval($a->pager['start']),
intval($a->pager['itemspage']) intval($a->pager['itemspage'])
); );
function _setup_users($e){ function _setup_users($e){
$a = get_app(); $a = get_app();
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
$accounts = Array( $accounts = Array(
t('Normal Account'), t('Normal Account'),
t('Soapbox Account'), t('Soapbox Account'),
t('Community/Celebrity Account'), t('Community/Celebrity Account'),
t('Automatic Friend Account') t('Automatic Friend Account')
@ -854,19 +856,20 @@ function admin_page_users(&$a){
$e['register_date'] = relative_date($e['register_date']); $e['register_date'] = relative_date($e['register_date']);
$e['login_date'] = relative_date($e['login_date']); $e['login_date'] = relative_date($e['login_date']);
$e['lastitem_date'] = relative_date($e['lastitem_date']); $e['lastitem_date'] = relative_date($e['lastitem_date']);
$e['is_admin'] = ($e['email'] === $a->config['admin_email']); //$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
$e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False); $e['is_admin'] = in_array($e['email'], $adminlist);
$e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False);
return $e; return $e;
} }
$users = array_map("_setup_users", $users); $users = array_map("_setup_users", $users);
// Get rid of dashes in key names, Smarty3 can't handle them // Get rid of dashes in key names, Smarty3 can't handle them
// and extracting deleted users // and extracting deleted users
$tmp_users = Array(); $tmp_users = Array();
$deleted = Array(); $deleted = Array();
while(count($users)) { while(count($users)) {
$new_user = Array(); $new_user = Array();
foreach( array_pop($users) as $k => $v) { foreach( array_pop($users) as $k => $v) {

7
mod/friendica.php
View file

@ -9,7 +9,10 @@ function friendica_init(&$a) {
$sql_extra = sprintf(" AND nickname = '%s' ",dbesc($a->config['admin_nickname'])); $sql_extra = sprintf(" AND nickname = '%s' ",dbesc($a->config['admin_nickname']));
} }
if (isset($a->config['admin_email']) && $a->config['admin_email']!=''){ if (isset($a->config['admin_email']) && $a->config['admin_email']!=''){
$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email'])); $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
//$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email']));
$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($adminlist[0]));
$admin = array( $admin = array(
'name' => $r[0]['username'], 'name' => $r[0]['username'],
'profile'=> $a->get_baseurl().'/profile/'.$r[0]['nickname'], 'profile'=> $a->get_baseurl().'/profile/'.$r[0]['nickname'],
@ -34,7 +37,7 @@ function friendica_init(&$a) {
'admin' => $admin, 'admin' => $admin,
'site_name' => $a->config['sitename'], 'site_name' => $a->config['sitename'],
'platform' => FRIENDICA_PLATFORM, 'platform' => FRIENDICA_PLATFORM,
'info' => ((x($a->config,'info')) ? $a->config['info'] : '') 'info' => ((x($a->config,'info')) ? $a->config['info'] : '')
); );
echo json_encode($data); echo json_encode($data);

7
mod/register.php
View file

@ -23,7 +23,7 @@ function register_post(&$a) {
switch($a->config['register_policy']) { switch($a->config['register_policy']) {
case REGISTER_OPEN: case REGISTER_OPEN:
$blocked = 0; $blocked = 0;
$verified = 1; $verified = 1;
@ -118,8 +118,11 @@ function register_post(&$a) {
dbesc($lang) dbesc($lang)
); );
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
$r = q("SELECT `language` FROM `user` WHERE `email` = '%s' LIMIT 1", $r = q("SELECT `language` FROM `user` WHERE `email` = '%s' LIMIT 1",
dbesc($a->config['admin_email']) //dbesc($a->config['admin_email'])
dbesc($adminlist[0])
); );
if(count($r)) if(count($r))
push_lang($r[0]['language']); push_lang($r[0]['language']);

68
mod/settings.php
View file

@ -4,10 +4,10 @@
function get_theme_config_file($theme){ function get_theme_config_file($theme){
$a = get_app(); $a = get_app();
$base_theme = $a->theme_info['extends']; $base_theme = $a->theme_info['extends'];
if (file_exists("view/theme/$theme/config.php")){ if (file_exists("view/theme/$theme/config.php")){
return "view/theme/$theme/config.php"; return "view/theme/$theme/config.php";
} }
if (file_exists("view/theme/$base_theme/config.php")){ if (file_exists("view/theme/$base_theme/config.php")){
return "view/theme/$base_theme/config.php"; return "view/theme/$base_theme/config.php";
} }
@ -157,17 +157,17 @@ function settings_post(&$a) {
if(($a->argc > 1) && ($a->argv[1] == 'addon')) { if(($a->argc > 1) && ($a->argv[1] == 'addon')) {
check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon'); check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon');
call_hooks('plugin_settings_post', $_POST); call_hooks('plugin_settings_post', $_POST);
return; return;
} }
if(($a->argc > 1) && ($a->argv[1] == 'connectors')) { if(($a->argc > 1) && ($a->argv[1] == 'connectors')) {
check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors'); check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors');
if(x($_POST, 'imap-submit')) { if(x($_POST, 'imap-submit')) {
$mail_server = ((x($_POST,'mail_server')) ? $_POST['mail_server'] : ''); $mail_server = ((x($_POST,'mail_server')) ? $_POST['mail_server'] : '');
$mail_port = ((x($_POST,'mail_port')) ? $_POST['mail_port'] : ''); $mail_port = ((x($_POST,'mail_port')) ? $_POST['mail_port'] : '');
$mail_ssl = ((x($_POST,'mail_ssl')) ? strtolower(trim($_POST['mail_ssl'])) : ''); $mail_ssl = ((x($_POST,'mail_ssl')) ? strtolower(trim($_POST['mail_ssl'])) : '');
@ -298,27 +298,27 @@ function settings_post(&$a) {
dbesc($theme), dbesc($theme),
intval(local_user()) intval(local_user())
); );
call_hooks('display_settings_post', $_POST); call_hooks('display_settings_post', $_POST);
goaway($a->get_baseurl(true) . '/settings/display' ); goaway($a->get_baseurl(true) . '/settings/display' );
return; // NOTREACHED return; // NOTREACHED
} }
check_form_security_token_redirectOnErr('/settings', 'settings'); check_form_security_token_redirectOnErr('/settings', 'settings');
if (x($_POST,'resend_relocate')) { if (x($_POST,'resend_relocate')) {
proc_run('php', 'include/notifier.php', 'relocate', local_user()); proc_run('php', 'include/notifier.php', 'relocate', local_user());
info(t("Relocate message has been send to your contacts")); info(t("Relocate message has been send to your contacts"));
goaway($a->get_baseurl(true) . '/settings'); goaway($a->get_baseurl(true) . '/settings');
} }
call_hooks('settings_post', $_POST); call_hooks('settings_post', $_POST);
if((x($_POST,'password')) || (x($_POST,'confirm'))) { if((x($_POST,'password')) || (x($_POST,'confirm'))) {
$newpass = $_POST['password']; $newpass = $_POST['password'];
$confirm = $_POST['confirm']; $confirm = $_POST['confirm'];
$oldpass = hash('whirlpool', $_POST['opassword']); $oldpass = hash('whirlpool', $_POST['opassword']);
$err = false; $err = false;
if($newpass != $confirm ) { if($newpass != $confirm ) {
@ -331,7 +331,7 @@ function settings_post(&$a) {
$err = true; $err = true;
} }
// check if the old password was supplied correctly before // check if the old password was supplied correctly before
// changing it to the new value // changing it to the new value
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
if( $oldpass != $r[0]['password'] ) { if( $oldpass != $r[0]['password'] ) {
@ -352,7 +352,7 @@ function settings_post(&$a) {
} }
} }
$username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : ''); $username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : '');
$email = ((x($_POST,'email')) ? notags(trim($_POST['email'])) : ''); $email = ((x($_POST,'email')) ? notags(trim($_POST['email'])) : '');
$timezone = ((x($_POST,'timezone')) ? notags(trim($_POST['timezone'])) : ''); $timezone = ((x($_POST,'timezone')) ? notags(trim($_POST['timezone'])) : '');
@ -378,7 +378,7 @@ function settings_post(&$a) {
$blocktags = (((x($_POST,'blocktags')) && (intval($_POST['blocktags']) == 1)) ? 0: 1); // this setting is inverted! $blocktags = (((x($_POST,'blocktags')) && (intval($_POST['blocktags']) == 1)) ? 0: 1); // this setting is inverted!
$unkmail = (((x($_POST,'unkmail')) && (intval($_POST['unkmail']) == 1)) ? 1: 0); $unkmail = (((x($_POST,'unkmail')) && (intval($_POST['unkmail']) == 1)) ? 1: 0);
$cntunkmail = ((x($_POST,'cntunkmail')) ? intval($_POST['cntunkmail']) : 0); $cntunkmail = ((x($_POST,'cntunkmail')) ? intval($_POST['cntunkmail']) : 0);
$suggestme = ((x($_POST,'suggestme')) ? intval($_POST['suggestme']) : 0); $suggestme = ((x($_POST,'suggestme')) ? intval($_POST['suggestme']) : 0);
$hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0); $hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0);
$hidewall = (($_POST['hidewall'] == 1) ? 1: 0); $hidewall = (($_POST['hidewall'] == 1) ? 1: 0);
$post_newfriend = (($_POST['post_newfriend'] == 1) ? 1: 0); $post_newfriend = (($_POST['post_newfriend'] == 1) ? 1: 0);
@ -420,21 +420,25 @@ function settings_post(&$a) {
if($email != $a->user['email']) { if($email != $a->user['email']) {
$email_changed = true; $email_changed = true;
// check for the correct password // check for the correct password
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
$password = hash('whirlpool', $_POST['mpassword']); $password = hash('whirlpool', $_POST['mpassword']);
if ($password != $r[0]['password']) { if ($password != $r[0]['password']) {
$err .= t('Wrong Password') . EOL; $err .= t('Wrong Password') . EOL;
$email = $a->user['email'];
}
// check the email is valid
if(! valid_email($email))
$err .= t(' Not valid email.');
// ensure new email is not the admin mail
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
$err .= t(' Cannot change to that email.');
$email = $a->user['email']; $email = $a->user['email'];
} }
// check the email is valid
if(! valid_email($email))
$err .= t(' Not valid email.');
// ensure new email is not the admin mail
//if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
if(x($a->config,'admin_email')) {
$adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email'])));
if (in_array(strtolower($email), $adminlist)) {
$err .= t(' Cannot change to that email.');
$email = $a->user['email'];
}
}
} }
if(strlen($err)) { if(strlen($err)) {
@ -542,7 +546,7 @@ function settings_post(&$a) {
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval(local_user()) intval(local_user())
); );
} }
if(($old_visibility != $net_publish) || ($page_flags != $old_page_flags)) { if(($old_visibility != $net_publish) || ($page_flags != $old_page_flags)) {
// Update global directory in background // Update global directory in background
@ -567,7 +571,7 @@ function settings_post(&$a) {
goaway($a->get_baseurl(true) . '/settings' ); goaway($a->get_baseurl(true) . '/settings' );
return; // NOTREACHED return; // NOTREACHED
} }
if(! function_exists('settings_content')) { if(! function_exists('settings_content')) {
function settings_content(&$a) { function settings_content(&$a) {
@ -1082,7 +1086,7 @@ function settings_content(&$a) {
'$uid' => local_user(), '$uid' => local_user(),
'$form_security_token' => get_form_security_token("settings"), '$form_security_token' => get_form_security_token("settings"),
'$nickname_block' => $prof_addr, '$nickname_block' => $prof_addr,
'$h_pass' => t('Password Settings'), '$h_pass' => t('Password Settings'),
'$password1'=> array('password', t('New Password:'), '', ''), '$password1'=> array('password', t('New Password:'), '', ''),
'$password2'=> array('confirm', t('Confirm:'), '', t('Leave password fields blank unless changing')), '$password2'=> array('confirm', t('Confirm:'), '', t('Leave password fields blank unless changing')),
@ -1090,14 +1094,14 @@ function settings_content(&$a) {
'$password4'=> array('mpassword', t('Password:'), '', t('Your current password to confirm the changes')), '$password4'=> array('mpassword', t('Password:'), '', t('Your current password to confirm the changes')),
'$oid_enable' => (! get_config('system','no_openid')), '$oid_enable' => (! get_config('system','no_openid')),
'$openid' => $openid_field, '$openid' => $openid_field,
'$h_basic' => t('Basic Settings'), '$h_basic' => t('Basic Settings'),
'$username' => array('username', t('Full Name:'), $username,''), '$username' => array('username', t('Full Name:'), $username,''),
'$email' => array('email', t('Email Address:'), $email, ''), '$email' => array('email', t('Email Address:'), $email, ''),
'$timezone' => array('timezone_select' , t('Your Timezone:'), select_timezone($timezone), ''), '$timezone' => array('timezone_select' , t('Your Timezone:'), select_timezone($timezone), ''),
'$defloc' => array('defloc', t('Default Post Location:'), $defloc, ''), '$defloc' => array('defloc', t('Default Post Location:'), $defloc, ''),
'$allowloc' => array('allow_location', t('Use Browser Location:'), ($a->user['allow_location'] == 1), ''), '$allowloc' => array('allow_location', t('Use Browser Location:'), ($a->user['allow_location'] == 1), ''),
'$h_prv' => t('Security and Privacy Settings'), '$h_prv' => t('Security and Privacy Settings'),