aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-07-22 14:34:26 -0700
committerfriendica <info@friendica.com>2013-07-22 14:34:26 -0700
commitf9e61fe07520b99912b842cb81d2db3321f4c361 (patch)
treeef5b1fb6ec183602af655a0ee9d7156ee1f346c4
parent05612a8a7782e8da569e18dc41001235e2b514e6 (diff)
downloadvolse-hubzilla-f9e61fe07520b99912b842cb81d2db3321f4c361.tar.gz
volse-hubzilla-f9e61fe07520b99912b842cb81d2db3321f4c361.tar.bz2
volse-hubzilla-f9e61fe07520b99912b842cb81d2db3321f4c361.zip
remote control - if auth'd visitor is in config system remote_admins (array), become superuser. Literally. Full control. Untested.
-rw-r--r--include/auth.php15
-rw-r--r--version.inc2
2 files changed, 16 insertions, 1 deletions
diff --git a/include/auth.php b/include/auth.php
index fc13725be..c86a54fb1 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -67,6 +67,21 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
}
if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
+ // if our authenticated guest is allowed to take control of the admin channel, make it so.
+ $admins = get_config('system','remote_admin');
+ if($admins && is_array($admins) && in_array($_SESSION['visitor_id'],$admins)) {
+ $x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d ) limit 1",
+ dbesc(get_config('system','admin_email')),
+ intval(ACCOUNT_ROLE_ADMIN)
+ );
+ if($x) {
+ new_cookie(60*60*24); // one day
+ $_SESSION['last_login_date'] = datetime_convert();
+ unset($_SESSION['visitor_id']); // no longer a visitor
+ authenticate_success($x[0], true, true);
+ }
+ }
+
$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1",
dbesc($_SESSION['visitor_id'])
);
diff --git a/version.inc b/version.inc
index b91b9734b..dc81b067f 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-07-21.381
+2013-07-22.382