From 0b6489397a8f5a01c28e61d07548e99ef3e4ff6a Mon Sep 17 00:00:00 2001 From: marcus Date: Wed, 13 Aug 2008 18:06:07 +0000 Subject: Reverted changes so users can now register again. There are critical issues with enable/disable. Primarily: 1) A number of functions do not use the access controls, these throw an exception when accessing a disabled entity. 2) #243 does not seem possible. git-svn-id: https://code.elgg.org/elgg/trunk@1909 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/email/confirm.php | 2 +- actions/register.php | 2 +- engine/lib/entities.php | 8 ++++++-- engine/lib/users.php | 39 ++++++++++++++++++++++++++++++++++++--- 4 files changed, 44 insertions(+), 7 deletions(-) diff --git a/actions/email/confirm.php b/actions/email/confirm.php index 39eb68908..d8597c880 100644 --- a/actions/email/confirm.php +++ b/actions/email/confirm.php @@ -29,7 +29,7 @@ system_message(elgg_echo('email:confirm:success')); $user = get_entity($user_guid); - $user->enable(); + //$user->enable(); notify_user($user_guid, $CONFIG->site->guid, sprintf(elgg_echo('email:validate:success:subject'), $user->username), sprintf(elgg_echo('email:validate:success:body'), $user->name), NULL, 'email'); diff --git a/actions/register.php b/actions/register.php index 059e69f50..e54de28fe 100644 --- a/actions/register.php +++ b/actions/register.php @@ -51,7 +51,7 @@ request_email_validation($guid); // Now disable - $new_user->disable('new_user'); + //$new_user->disable('new_user'); system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename)); diff --git a/engine/lib/entities.php b/engine/lib/entities.php index b434f8f7f..5a794024b 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1485,7 +1485,8 @@ if ($entity->canEdit()) { if ($reason) - $entity->disable_reason = $reason; + create_metadata($guid, 'disable_reason', $reason,'', 0, 2); + //$entity->disable_reason = $reason; $res = update_data("UPDATE {$CONFIG->dbprefix}entities set enabled='no' where guid={$guid}"); @@ -1517,7 +1518,10 @@ access_show_hidden_entities($access_status); - return update_data("UPDATE {$CONFIG->dbprefix}entities set enabled='yes' where guid={$guid}"); + $result = update_data("UPDATE {$CONFIG->dbprefix}entities set enabled='yes' where guid={$guid}"); + $entity->clearMetaData('disable_reason'); + + return $result; } } } diff --git a/engine/lib/users.php b/engine/lib/users.php index 66696ea07..252464d20 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -541,7 +541,7 @@ } -/** + /** * Obtains a list of objects owned by a user's friends * * @param int $user_guid The GUID of the user to get the friends of @@ -771,8 +771,10 @@ $offset = (int)$offset; $time = time() - $seconds; + + $access = get_access_sql_suffix("e"); - $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid = u.guid where u.last_action >= {$time} order by u.last_action desc limit {$offset},{$limit}"; + $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid = u.guid where u.last_action >= {$time} and $access order by u.last_action desc limit {$offset},{$limit}"; return get_data($query, "entity_row_to_elggstar"); } @@ -1154,6 +1156,33 @@ $time = time(); update_data("update {$CONFIG->dbprefix}users_entity set prev_last_action = last_action, last_action = {$time} where guid = {$user_guid}"); + } + + /** + * A permissions plugin hook that grants access to users if they are newly created - allows + * for email activation. + * + * TODO: Do this in a better way! + * + * @param unknown_type $hook + * @param unknown_type $entity_type + * @param unknown_type $returnvalue + * @param unknown_type $params + */ + function new_user_enable_permissions_check($hook, $entity_type, $returnvalue, $params) + { + $entity = $params['entity']; + $user = $params['user']; + if (($entity) && ($entity instanceof ElggUser)) + { + if ( + (($entity->disable_reason == 'new_user') || ( + $entity->last_action == 0 && $entity->last_login == 0 + )) + && (!isloggedin())) + return true; + + } } /** @@ -1228,7 +1257,11 @@ register_plugin_hook('usersettings:save','user','users_settings_save'); register_plugin_hook('search','all','search_list_users_by_name'); - + + + // Handle a special case for newly created users when the user is not logged in + // TODO: handle this better! + //register_plugin_hook('permissions_check','user','new_user_enable_permissions_check'); } /** -- cgit v1.2.3