Closes #227 and #243: Hopefully this has the fscking thing nailed to the wall.

Please report any problems, especially is they relate to access permissions (granted when you shouldn't or denied when you should) git-svn-id: https://code.elgg.org/elgg/trunk@1912 36083f99-b078-4883-b0ff-0f9b5a30f544
author: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-08-13 22:27:01 +0000
committer: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-08-13 22:27:01 +0000
commit: 96d830c50c7650229b4fad2bdcb3e863ec0bdc2a (patch)
tree: a07a441cdaeb8a2f1e613fd631fd7d096b42c519
parent: 2d508007f90be53f1895f284844ba1e1d52ac14c (diff)
download: elgg-96d830c50c7650229b4fad2bdcb3e863ec0bdc2a.tar.gz
elgg-96d830c50c7650229b4fad2bdcb3e863ec0bdc2a.tar.bz2
4 files changed, 29 insertions, 17 deletions
diff --git a/actions/email/confirm.php b/actions/email/confirm.php
index d8597c880..39eb68908 100644
--- a/actions/email/confirm.php
+++ b/actions/email/confirm.php
@@ -29,7 +29,7 @@
 			system_message(elgg_echo('email:confirm:success'));
 		
 			$user = get_entity($user_guid);
-			//$user->enable();
+			$user->enable();
 			
 			notify_user($user_guid, $CONFIG->site->guid, sprintf(elgg_echo('email:validate:success:subject'), $user->username), sprintf(elgg_echo('email:validate:success:body'), $user->name), NULL, 'email');
 			
diff --git a/actions/register.php b/actions/register.php
index e54de28fe..84cca17ac 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -47,11 +47,12 @@
 						$new_user->admin = 'yes';
 					}
 					
+					if (!$new_user->admin)
+						$new_user->disable('new_user');	// Now disable if not an admin
+					
 					// Send email validation on register only
 					request_email_validation($guid);
 					
-					// Now disable
-					//$new_user->disable('new_user');
 					
 					system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
 					
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 5a794024b..427dd5c7d 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -86,7 +86,7 @@
 			$this->attributes['access_id'] = 0;
 			$this->attributes['time_created'] = "";
 			$this->attributes['time_updated'] = "";
-			$this->attributes['enabled'] = "";
+			$this->attributes['enabled'] = "yes";
 			
 			// There now follows a bit of a hack
 			/* Problem: To speed things up, some objects are split over several tables, this means that it requires
@@ -1163,24 +1163,23 @@
 	function can_write_to_container($user_guid = 0, $container_guid = 0, $entity_type = 'all')
 	{
 		global $CONFIG;
-		
+	
 		$user_guid = (int)$user_guid;
 		if (!$user_guid) $user_guid = (int) $_SESSION['guid'];
 		$user = get_entity($user_guid);
 		
 		$container_guid = (int)$container_guid;
 		if (!$container_guid) $container_guid = page_owner();
-		
 		if (!$container_guid) return true;
-		
+
 		$container = get_entity($container_guid);
-		
+
 		if (($container) && ($user))
 		{
-			
+
 			// If the user can edit the container, they can also write to it
 			if ($container->canEdit()) return true;
-			
+		
 			// Basics, see if the user is a member of the group.
 			if ($container instanceof ElggGroup) {
 				if (!$container->isMember($user)) {
@@ -1189,7 +1188,7 @@
 					return true;
 				}
 			}
-				
+			
 			// See if anyone else has anything to say
 			return trigger_plugin_hook('container_permissions_check',$entity_type,array('container' => $container, 'user' => $user), false);
 			
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 252464d20..677b4c349 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -651,12 +651,13 @@
 		global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE;
 		
 		$username = sanitise_string($username);
+		$access = get_access_sql_suffix('e');
 		
 		// Caching
 		if ( (isset($USERNAME_TO_GUID_MAP_CACHE[$username])) && (retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username])) )
 			return retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]);
 		
-		$row = get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where username='$username'");
+		$row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.username='$username' ");
 		if ($row) {
 			$USERNAME_TO_GUID_MAP_CACHE[$username] = $row->guid;
 			return new ElggUser($row);
@@ -677,11 +678,13 @@
 		
 		$code = sanitise_string($code);
 		
+		$access = get_access_sql_suffix('e');
+		
 		// Caching
 		if ( (isset($CODE_TO_GUID_MAP_CACHE[$code])) && (retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code])) )
 			return retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]);
 		
-		$row = get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where code='$code'");
+		$row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.code='$code' and $access");
 		if ($row) {
 			$CODE_TO_GUID_MAP_CACHE[$code] = $row->guid;
 			return new ElggUser($row);
@@ -702,7 +705,9 @@
 		
 		$email = sanitise_string($email);
 		
-		$query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email'";
+		$access = get_access_sql_suffix('e');
+		
+		$query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email' and $access";
 		
 		return get_data($query, 'entity_row_to_elggstar');
 	}
@@ -1027,6 +1032,10 @@
 					return false;
 				}	
 			
+			// See if it exists and is disabled
+			$access_status = access_get_show_hidden_status();
+			access_show_hidden_entities(true);
+				
 			if (!is_email_address($email)) throw new RegistrationException(elgg_echo('registration:notemail'));
 			
 			if (strlen($username)<4) throw new RegistrationException(elgg_echo('registration:usernametooshort'));
@@ -1044,7 +1053,8 @@
 			{
 				throw new RegistrationException(elgg_echo('registration:dupeemail'));
 			}
-			
+			
+			access_show_hidden_entities($access_status);
 			
 		// Check to see if we've registered the first admin yet.
 		// If not, this is the first admin user!
@@ -1057,7 +1067,7 @@
 			$user->name = $name;
 			$user->access_id = 2;
 			$user->salt = generate_random_cleartext_password(); // Note salt generated before password!
-			$user->password = generate_user_password($user, $password);
+			$user->password = generate_user_password($user, $password); 
 			$user->save();
 			
 			if (!$admin) {
@@ -1183,6 +1193,8 @@
 				return true;
 			
 		}
+		
+		return $returnvalue;
 	}
 	
 	/**
@@ -1261,7 +1273,7 @@
 		
 		// Handle a special case for newly created users when the user is not logged in
 		// TODO: handle this better!
-		//register_plugin_hook('permissions_check','user','new_user_enable_permissions_check');
+		register_plugin_hook('permissions_check','all','new_user_enable_permissions_check');
 	}
 	
 	/**
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-08-13 22:27:01 +0000
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-08-13 22:27:01 +0000
commit	96d830c50c7650229b4fad2bdcb3e863ec0bdc2a (patch)
tree	a07a441cdaeb8a2f1e613fd631fd7d096b42c519
parent	2d508007f90be53f1895f284844ba1e1d52ac14c (diff)
download	elgg-96d830c50c7650229b4fad2bdcb3e863ec0bdc2a.tar.gz elgg-96d830c50c7650229b4fad2bdcb3e863ec0bdc2a.tar.bz2