From 6684107b66c9413f5d79290e097a63b4569c57d3 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Mon, 2 Dec 2013 00:11:31 +0100 Subject: [PATCH 1/2] multiple admin mails. It is now possible to define more than one admin mail address. You can now add multiple addresses, separated by comma. --- boot.php | 6 ++++- include/user.php | 11 +++++--- mod/admin.php | 68 +++++++++++++++++++++++++---------------------- mod/friendica.php | 7 +++-- mod/register.php | 7 +++-- mod/settings.php | 56 ++++++++++++++++++++------------------ 6 files changed, 88 insertions(+), 67 deletions(-) diff --git a/boot.php b/boot.php index 2325c2dac7..00ff2cd697 100644 --- a/boot.php +++ b/boot.php @@ -1906,7 +1906,11 @@ if(! function_exists('feed_birthday')) { if(! function_exists('is_site_admin')) { function is_site_admin() { $a = get_app(); - if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && ($a->user['email'] === $a->config['admin_email'])) + + $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email'])); + + //if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && ($a->user['email'] === $a->config['admin_email'])) + if(local_user() && x($a->user,'email') && x($a->config,'admin_email') && in_array($a->user['email'], $adminlist)) return true; return false; } diff --git a/include/user.php b/include/user.php index 23023abd65..93b34e1f56 100644 --- a/include/user.php +++ b/include/user.php @@ -31,7 +31,7 @@ function create_user($arr) { $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0); $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); - + $tmp_str = $openid_url; if($using_invites) { @@ -96,7 +96,7 @@ function create_user($arr) { // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); // So now we are just looking for a space in the full name. - + $loose_reg = get_config('system','no_regfullname'); if(! $loose_reg) { $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); @@ -110,11 +110,14 @@ function create_user($arr) { if((! valid_email($email)) || (! validate_email($email))) $result['message'] .= t('Not a valid email address.') . EOL; - + // Disallow somebody creating an account using openid that uses the admin email address, // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { + $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); + + //if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { + if((x($a->config,'admin_email')) && in_array(strtolower($email), $adminlist) && strlen($openid_url)) { $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", dbesc($email) ); diff --git a/mod/admin.php b/mod/admin.php index 9215eed82e..c5b862ee59 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -71,7 +71,7 @@ function admin_post(&$a){ } goaway($a->get_baseurl(true) . '/admin' ); - return; // NOTREACHED + return; // NOTREACHED } /** @@ -199,7 +199,7 @@ function admin_page_summary(&$a) { $r = q("SELECT COUNT(id) as `count` FROM `register`"); $pending = $r[0]['count']; - + $r = q("select count(*) as total from deliverq where 1"); $deliverq = (($r) ? $r[0]['total'] : 0); @@ -367,7 +367,7 @@ function admin_page_site_post(&$a){ set_config('system','maximagesize', $maximagesize); set_config('system','max_image_length', $maximagelength); set_config('system','jpeg_quality', $jpegimagequality); - + set_config('config','register_policy', $register_policy); set_config('system','max_daily_registrations', $daily_registrations); set_config('system','account_abandon_days', $abandon_days); @@ -404,7 +404,7 @@ function admin_page_site_post(&$a){ set_config('system','ostatus_poll_interval', $ostatus_poll_interval); set_config('system','diaspora_enabled', $diaspora_enabled); set_config('config','private_addons', $private_addons); - + set_config('system','old_share', $old_share); set_config('system','hide_help', $hide_help); set_config('system','use_fulltext_engine', $use_fulltext_engine); @@ -413,7 +413,7 @@ function admin_page_site_post(&$a){ set_config('system','lockpath', $lockpath); set_config('system','temppath', $temppath); set_config('system','basepath', $basepath); - + info( t('Site settings updated.') . EOL); goaway($a->get_baseurl(true) . '/admin/site' ); return; // NOTREACHED @@ -425,11 +425,11 @@ function admin_page_site_post(&$a){ * @return string */ function admin_page_site(&$a) { - + /* Installed langs */ $lang_choices = array(); $langs = glob('view/*/strings.php'); - + if(is_array($langs) && count($langs)) { if(! in_array('view/en/strings.php',$langs)) $langs[] = 'view/en/'; @@ -439,7 +439,7 @@ function admin_page_site(&$a) { $lang_choices[$t[1]] = $t[1]; } } - + /* Installed themes */ $theme_choices = array(); $theme_choices_mobile = array(); @@ -508,7 +508,7 @@ function admin_page_site(&$a) { '$corporate' => t('Policies'), '$advanced' => t('Advanced'), '$performance' => t('Performance'), - + '$baseurl' => $a->get_baseurl(true), // name, label, value, help string, extra data... '$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), 'UTF-8'), @@ -539,7 +539,7 @@ function admin_page_site(&$a) { '$enotify_no_content' => array('enotify_no_content', t("Don't include post content in email notifications"), get_config('system','enotify_no_content'), t("Don't include the content of a post/comment/private message/etc. in the email notifications that are sent out from this site, as a privacy measure.")), '$private_addons' => array('private_addons', t("Disallow public access to addons listed in the apps menu."), get_config('config','private_addons'), t("Checking this box will restrict addons listed in the apps menu to members only.")), '$disable_embedded' => array('disable_embedded', t("Don't embed private images in posts"), get_config('system','disable_embedded'), t("Don't replace locally-hosted private photos in posts with an embedded copy of the image. This means that contacts who receive posts containing private photos will have to authenticate and load each image, which may take a while.")), - + '$no_multi_reg' => array('no_multi_reg', t("Block multiple registrations"), get_config('system','block_extended_register'), t("Disallow users to register additional accounts for use as pages.")), '$no_openid' => array('no_openid', t("OpenID support"), !get_config('system','no_openid'), t("OpenID support for registration and logins.")), '$no_regfullname' => array('no_regfullname', t("Fullname check"), !get_config('system','no_regfullname'), t("Force users to register with a space between firstname and lastname in Full name, as an antispam measure")), @@ -624,7 +624,7 @@ function admin_page_dbsync(&$a) { '$mark' => t('Mark success (if update was manually applied)'), '$apply' => t('Attempt to execute this update step automatically'), '$failed' => $failed - )); + )); return $o; @@ -643,7 +643,7 @@ function admin_page_users_post(&$a){ $nu_email = ( x($_POST, 'new_user_email') ? $_POST['new_user_email'] : ''); check_form_security_token_redirectOnErr('/admin/users', 'admin_users'); - + if (!($nu_name==="") && !($nu_email==="") && !($nu_nickname==="")) { require_once('include/user.php'); require_once('include/email.php'); @@ -671,7 +671,7 @@ function admin_page_users_post(&$a){ info( t('Registration successful. Email send to user').EOL ); } } - + if (x($_POST,'page_users_block')){ foreach($users as $uid){ q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s", @@ -687,7 +687,7 @@ function admin_page_users_post(&$a){ } notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) ); } - + if (x($_POST,'page_users_approve')){ require_once("mod/regmod.php"); foreach($pending as $hash){ @@ -701,7 +701,7 @@ function admin_page_users_post(&$a){ } } goaway($a->get_baseurl(true) . '/admin/users' ); - return; // NOTREACHED + return; // NOTREACHED } /** @@ -716,14 +716,14 @@ function admin_page_users(&$a){ notice( 'User not found' . EOL); goaway($a->get_baseurl(true) . '/admin/users' ); return ''; // NOTREACHED - } + } switch($a->argv[2]){ case "delete":{ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); // delete user require_once("include/Contact.php"); user_remove($uid); - + notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL); }; break; case "block":{ @@ -737,16 +737,16 @@ function admin_page_users(&$a){ } goaway($a->get_baseurl(true) . '/admin/users' ); return ''; // NOTREACHED - + } - + /* get pending */ $pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email` FROM `register` LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid` LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;"); - - + + /* get users */ $total = q("SELECT count(*) as total FROM `user` where 1"); @@ -754,8 +754,8 @@ function admin_page_users(&$a){ $a->set_pager_total($total[0]['total']); $a->set_pager_itemspage(100); } - - + + $users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro`, `lastitem`.`lastitem_date`, `user`.`account_expired` FROM (SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid` @@ -773,11 +773,14 @@ function admin_page_users(&$a){ intval($a->pager['start']), intval($a->pager['itemspage']) ); - + function _setup_users($e){ - $a = get_app(); + $a = get_app(); + + $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email'])); + $accounts = Array( - t('Normal Account'), + t('Normal Account'), t('Soapbox Account'), t('Community/Celebrity Account'), t('Automatic Friend Account') @@ -786,19 +789,20 @@ function admin_page_users(&$a){ $e['register_date'] = relative_date($e['register_date']); $e['login_date'] = relative_date($e['login_date']); $e['lastitem_date'] = relative_date($e['lastitem_date']); - $e['is_admin'] = ($e['email'] === $a->config['admin_email']); - $e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False); + //$e['is_admin'] = ($e['email'] === $a->config['admin_email']); + $e['is_admin'] = in_array($e['email'], $adminlist); + $e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False); return $e; } $users = array_map("_setup_users", $users); - - + + // Get rid of dashes in key names, Smarty3 can't handle them // and extracting deleted users - + $tmp_users = Array(); $deleted = Array(); - + while(count($users)) { $new_user = Array(); foreach( array_pop($users) as $k => $v) { diff --git a/mod/friendica.php b/mod/friendica.php index a065320a23..b0d3892de8 100644 --- a/mod/friendica.php +++ b/mod/friendica.php @@ -9,7 +9,10 @@ function friendica_init(&$a) { $sql_extra = sprintf(" AND nickname = '%s' ",dbesc($a->config['admin_nickname'])); } if (isset($a->config['admin_email']) && $a->config['admin_email']!=''){ - $r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email'])); + $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email'])); + + //$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email'])); + $r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($adminlist[0])); $admin = array( 'name' => $r[0]['username'], 'profile'=> $a->get_baseurl().'/profile/'.$r[0]['nickname'], @@ -34,7 +37,7 @@ function friendica_init(&$a) { 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => FRIENDICA_PLATFORM, - 'info' => ((x($a->config,'info')) ? $a->config['info'] : '') + 'info' => ((x($a->config,'info')) ? $a->config['info'] : '') ); echo json_encode($data); diff --git a/mod/register.php b/mod/register.php index 9b81ecabb2..1370eb42f1 100644 --- a/mod/register.php +++ b/mod/register.php @@ -23,7 +23,7 @@ function register_post(&$a) { switch($a->config['register_policy']) { - + case REGISTER_OPEN: $blocked = 0; $verified = 1; @@ -118,8 +118,11 @@ function register_post(&$a) { dbesc($lang) ); + $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email'])); + $r = q("SELECT `language` FROM `user` WHERE `email` = '%s' LIMIT 1", - dbesc($a->config['admin_email']) + //dbesc($a->config['admin_email']) + dbesc($adminlist[0]) ); if(count($r)) push_lang($r[0]['language']); diff --git a/mod/settings.php b/mod/settings.php index a75230f339..0038216345 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -4,10 +4,10 @@ function get_theme_config_file($theme){ $a = get_app(); $base_theme = $a->theme_info['extends']; - + if (file_exists("view/theme/$theme/config.php")){ return "view/theme/$theme/config.php"; - } + } if (file_exists("view/theme/$base_theme/config.php")){ return "view/theme/$base_theme/config.php"; } @@ -157,17 +157,17 @@ function settings_post(&$a) { if(($a->argc > 1) && ($a->argv[1] == 'addon')) { check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon'); - + call_hooks('plugin_settings_post', $_POST); return; } if(($a->argc > 1) && ($a->argv[1] == 'connectors')) { - + check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors'); - + if(x($_POST, 'imap-submit')) { - + $mail_server = ((x($_POST,'mail_server')) ? $_POST['mail_server'] : ''); $mail_port = ((x($_POST,'mail_port')) ? $_POST['mail_port'] : ''); $mail_ssl = ((x($_POST,'mail_ssl')) ? strtolower(trim($_POST['mail_ssl'])) : ''); @@ -298,14 +298,14 @@ function settings_post(&$a) { dbesc($theme), intval(local_user()) ); - + call_hooks('display_settings_post', $_POST); goaway($a->get_baseurl(true) . '/settings/display' ); return; // NOTREACHED } check_form_security_token_redirectOnErr('/settings', 'settings'); - + call_hooks('settings_post', $_POST); if((x($_POST,'npassword')) || (x($_POST,'confirm'))) { @@ -325,7 +325,7 @@ function settings_post(&$a) { $err = true; } - // check if the old password was supplied correctly before + // check if the old password was supplied correctly before // changing it to the new value $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); if( $oldpass != $r[0]['password'] ) { @@ -346,7 +346,7 @@ function settings_post(&$a) { } } - + $username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : ''); $email = ((x($_POST,'email')) ? notags(trim($_POST['email'])) : ''); $timezone = ((x($_POST,'timezone')) ? notags(trim($_POST['timezone'])) : ''); @@ -372,7 +372,7 @@ function settings_post(&$a) { $blocktags = (((x($_POST,'blocktags')) && (intval($_POST['blocktags']) == 1)) ? 0: 1); // this setting is inverted! $unkmail = (((x($_POST,'unkmail')) && (intval($_POST['unkmail']) == 1)) ? 1: 0); $cntunkmail = ((x($_POST,'cntunkmail')) ? intval($_POST['cntunkmail']) : 0); - $suggestme = ((x($_POST,'suggestme')) ? intval($_POST['suggestme']) : 0); + $suggestme = ((x($_POST,'suggestme')) ? intval($_POST['suggestme']) : 0); $hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0); $hidewall = (($_POST['hidewall'] == 1) ? 1: 0); $post_newfriend = (($_POST['post_newfriend'] == 1) ? 1: 0); @@ -414,21 +414,25 @@ function settings_post(&$a) { if($email != $a->user['email']) { $email_changed = true; - // check for the correct password - $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); - $password = hash('whirlpool', $_POST['password']); - if ($password != $r[0]['password']) { - $err .= t('Wrong Password') . EOL; - $email = $a->user['email']; - } - // check the email is valid - if(! valid_email($email)) - $err .= t(' Not valid email.'); - // ensure new email is not the admin mail - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) { - $err .= t(' Cannot change to that email.'); + // check for the correct password + $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); + $password = hash('whirlpool', $_POST['password']); + if ($password != $r[0]['password']) { + $err .= t('Wrong Password') . EOL; $email = $a->user['email']; } + // check the email is valid + if(! valid_email($email)) + $err .= t(' Not valid email.'); + // ensure new email is not the admin mail + //if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) { + if(x($a->config,'admin_email')) { + $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); + if (in_array(strtolower($email), $adminlist)) { + $err .= t(' Cannot change to that email.'); + $email = $a->user['email']; + } + } } if(strlen($err)) { @@ -536,7 +540,7 @@ function settings_post(&$a) { dbesc(datetime_convert()), intval(local_user()) ); - } + } if(($old_visibility != $net_publish) || ($page_flags != $old_page_flags)) { // Update global directory in background @@ -561,7 +565,7 @@ function settings_post(&$a) { goaway($a->get_baseurl(true) . '/settings' ); return; // NOTREACHED } - + if(! function_exists('settings_content')) { function settings_content(&$a) { From 70e017745a052906bc8a7c0187c0ea2a3a7adc08 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Mon, 2 Dec 2013 00:41:59 +0100 Subject: [PATCH 2/2] Just some code beautification. --- mod/settings.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mod/settings.php b/mod/settings.php index c8fcf39146..0b0113e9b0 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -317,8 +317,8 @@ function settings_post(&$a) { if((x($_POST,'password')) || (x($_POST,'confirm'))) { $newpass = $_POST['password']; - $confirm = $_POST['confirm']; - $oldpass = hash('whirlpool', $_POST['opassword']); + $confirm = $_POST['confirm']; + $oldpass = hash('whirlpool', $_POST['opassword']); $err = false; if($newpass != $confirm ) {