diff options
-rw-r--r-- | actions/email/confirm.php | 2 | ||||
-rw-r--r-- | actions/register.php | 5 | ||||
-rw-r--r-- | engine/lib/entities.php | 15 | ||||
-rw-r--r-- | engine/lib/users.php | 24 |
4 files changed, 29 insertions, 17 deletions
diff --git a/actions/email/confirm.php b/actions/email/confirm.php index d8597c880..39eb68908 100644 --- a/actions/email/confirm.php +++ b/actions/email/confirm.php @@ -29,7 +29,7 @@ system_message(elgg_echo('email:confirm:success')); $user = get_entity($user_guid); - //$user->enable(); + $user->enable(); notify_user($user_guid, $CONFIG->site->guid, sprintf(elgg_echo('email:validate:success:subject'), $user->username), sprintf(elgg_echo('email:validate:success:body'), $user->name), NULL, 'email'); diff --git a/actions/register.php b/actions/register.php index e54de28fe..84cca17ac 100644 --- a/actions/register.php +++ b/actions/register.php @@ -47,11 +47,12 @@ $new_user->admin = 'yes'; } + if (!$new_user->admin) + $new_user->disable('new_user'); // Now disable if not an admin + // Send email validation on register only request_email_validation($guid); - // Now disable - //$new_user->disable('new_user'); system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename)); diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 5a794024b..427dd5c7d 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -86,7 +86,7 @@ $this->attributes['access_id'] = 0; $this->attributes['time_created'] = ""; $this->attributes['time_updated'] = ""; - $this->attributes['enabled'] = ""; + $this->attributes['enabled'] = "yes"; // There now follows a bit of a hack /* Problem: To speed things up, some objects are split over several tables, this means that it requires @@ -1163,24 +1163,23 @@ function can_write_to_container($user_guid = 0, $container_guid = 0, $entity_type = 'all')
{
global $CONFIG;
-
+
$user_guid = (int)$user_guid;
if (!$user_guid) $user_guid = (int) $_SESSION['guid'];
$user = get_entity($user_guid);
$container_guid = (int)$container_guid;
if (!$container_guid) $container_guid = page_owner();
-
if (!$container_guid) return true;
-
+
$container = get_entity($container_guid);
-
+
if (($container) && ($user))
{
-
+
// If the user can edit the container, they can also write to it
if ($container->canEdit()) return true;
-
+
// Basics, see if the user is a member of the group.
if ($container instanceof ElggGroup) {
if (!$container->isMember($user)) {
@@ -1189,7 +1188,7 @@ return true;
}
}
-
+
// See if anyone else has anything to say
return trigger_plugin_hook('container_permissions_check',$entity_type,array('container' => $container, 'user' => $user), false);
diff --git a/engine/lib/users.php b/engine/lib/users.php index 252464d20..677b4c349 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -651,12 +651,13 @@ global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE;
$username = sanitise_string($username); + $access = get_access_sql_suffix('e'); // Caching if ( (isset($USERNAME_TO_GUID_MAP_CACHE[$username])) && (retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username])) ) return retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]); - $row = get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where username='$username'");
+ $row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.username='$username' ");
if ($row) { $USERNAME_TO_GUID_MAP_CACHE[$username] = $row->guid;
return new ElggUser($row); @@ -677,11 +678,13 @@ $code = sanitise_string($code); + $access = get_access_sql_suffix('e'); + // Caching if ( (isset($CODE_TO_GUID_MAP_CACHE[$code])) && (retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code])) ) return retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]); - $row = get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where code='$code'");
+ $row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.code='$code' and $access");
if ($row) { $CODE_TO_GUID_MAP_CACHE[$code] = $row->guid;
return new ElggUser($row); @@ -702,7 +705,9 @@ $email = sanitise_string($email); - $query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email'"; + $access = get_access_sql_suffix('e'); + + $query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email' and $access"; return get_data($query, 'entity_row_to_elggstar'); } @@ -1027,6 +1032,10 @@ return false;
}
+ // See if it exists and is disabled + $access_status = access_get_show_hidden_status(); + access_show_hidden_entities(true); + if (!is_email_address($email)) throw new RegistrationException(elgg_echo('registration:notemail')); if (strlen($username)<4) throw new RegistrationException(elgg_echo('registration:usernametooshort')); @@ -1044,7 +1053,8 @@ { throw new RegistrationException(elgg_echo('registration:dupeemail')); } -
+ + access_show_hidden_entities($access_status);
// Check to see if we've registered the first admin yet.
// If not, this is the first admin user!
@@ -1057,7 +1067,7 @@ $user->name = $name;
$user->access_id = 2; $user->salt = generate_random_cleartext_password(); // Note salt generated before password! - $user->password = generate_user_password($user, $password);
+ $user->password = generate_user_password($user, $password);
$user->save();
if (!$admin) {
@@ -1183,6 +1193,8 @@ return true; } + + return $returnvalue; }
/**
@@ -1261,7 +1273,7 @@ // Handle a special case for newly created users when the user is not logged in // TODO: handle this better! - //register_plugin_hook('permissions_check','user','new_user_enable_permissions_check');
+ register_plugin_hook('permissions_check','all','new_user_enable_permissions_check');
}
/**
|