aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/entities.php15
-rw-r--r--engine/lib/users.php24
2 files changed, 25 insertions, 14 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 5a794024b..427dd5c7d 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -86,7 +86,7 @@
$this->attributes['access_id'] = 0;
$this->attributes['time_created'] = "";
$this->attributes['time_updated'] = "";
- $this->attributes['enabled'] = "";
+ $this->attributes['enabled'] = "yes";
// There now follows a bit of a hack
/* Problem: To speed things up, some objects are split over several tables, this means that it requires
@@ -1163,24 +1163,23 @@
function can_write_to_container($user_guid = 0, $container_guid = 0, $entity_type = 'all')
{
global $CONFIG;
-
+
$user_guid = (int)$user_guid;
if (!$user_guid) $user_guid = (int) $_SESSION['guid'];
$user = get_entity($user_guid);
$container_guid = (int)$container_guid;
if (!$container_guid) $container_guid = page_owner();
-
if (!$container_guid) return true;
-
+
$container = get_entity($container_guid);
-
+
if (($container) && ($user))
{
-
+
// If the user can edit the container, they can also write to it
if ($container->canEdit()) return true;
-
+
// Basics, see if the user is a member of the group.
if ($container instanceof ElggGroup) {
if (!$container->isMember($user)) {
@@ -1189,7 +1188,7 @@
return true;
}
}
-
+
// See if anyone else has anything to say
return trigger_plugin_hook('container_permissions_check',$entity_type,array('container' => $container, 'user' => $user), false);
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 252464d20..677b4c349 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -651,12 +651,13 @@
global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE;
$username = sanitise_string($username);
+ $access = get_access_sql_suffix('e');
// Caching
if ( (isset($USERNAME_TO_GUID_MAP_CACHE[$username])) && (retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username])) )
return retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]);
- $row = get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where username='$username'");
+ $row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.username='$username' ");
if ($row) {
$USERNAME_TO_GUID_MAP_CACHE[$username] = $row->guid;
return new ElggUser($row);
@@ -677,11 +678,13 @@
$code = sanitise_string($code);
+ $access = get_access_sql_suffix('e');
+
// Caching
if ( (isset($CODE_TO_GUID_MAP_CACHE[$code])) && (retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code])) )
return retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]);
- $row = get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where code='$code'");
+ $row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.code='$code' and $access");
if ($row) {
$CODE_TO_GUID_MAP_CACHE[$code] = $row->guid;
return new ElggUser($row);
@@ -702,7 +705,9 @@
$email = sanitise_string($email);
- $query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email'";
+ $access = get_access_sql_suffix('e');
+
+ $query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email' and $access";
return get_data($query, 'entity_row_to_elggstar');
}
@@ -1027,6 +1032,10 @@
return false;
}
+ // See if it exists and is disabled
+ $access_status = access_get_show_hidden_status();
+ access_show_hidden_entities(true);
+
if (!is_email_address($email)) throw new RegistrationException(elgg_echo('registration:notemail'));
if (strlen($username)<4) throw new RegistrationException(elgg_echo('registration:usernametooshort'));
@@ -1044,7 +1053,8 @@
{
throw new RegistrationException(elgg_echo('registration:dupeemail'));
}
-
+
+ access_show_hidden_entities($access_status);
// Check to see if we've registered the first admin yet.
// If not, this is the first admin user!
@@ -1057,7 +1067,7 @@
$user->name = $name;
$user->access_id = 2;
$user->salt = generate_random_cleartext_password(); // Note salt generated before password!
- $user->password = generate_user_password($user, $password);
+ $user->password = generate_user_password($user, $password);
$user->save();
if (!$admin) {
@@ -1183,6 +1193,8 @@
return true;
}
+
+ return $returnvalue;
}
/**
@@ -1261,7 +1273,7 @@
// Handle a special case for newly created users when the user is not logged in
// TODO: handle this better!
- //register_plugin_hook('permissions_check','user','new_user_enable_permissions_check');
+ register_plugin_hook('permissions_check','all','new_user_enable_permissions_check');
}
/**