diff options
| author | friendica <info@friendica.com> | 2013-07-22 14:34:26 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-07-22 14:34:26 -0700 |
| commit | f9e61fe07520b99912b842cb81d2db3321f4c361 (patch) | |
| tree | ef5b1fb6ec183602af655a0ee9d7156ee1f346c4 /include/auth.php | |
| parent | 05612a8a7782e8da569e18dc41001235e2b514e6 (diff) | |
| download | volse-hubzilla-f9e61fe07520b99912b842cb81d2db3321f4c361.tar.gz volse-hubzilla-f9e61fe07520b99912b842cb81d2db3321f4c361.tar.bz2 volse-hubzilla-f9e61fe07520b99912b842cb81d2db3321f4c361.zip | |
remote control - if auth'd visitor is in config system remote_admins (array), become superuser. Literally. Full control. Untested.
Diffstat (limited to 'include/auth.php')
| -rw-r--r-- | include/auth.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/include/auth.php b/include/auth.php index fc13725be..c86a54fb1 100644 --- a/include/auth.php +++ b/include/auth.php @@ -67,6 +67,21 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p } if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { + // if our authenticated guest is allowed to take control of the admin channel, make it so. + $admins = get_config('system','remote_admin'); + if($admins && is_array($admins) && in_array($_SESSION['visitor_id'],$admins)) { + $x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d ) limit 1", + dbesc(get_config('system','admin_email')), + intval(ACCOUNT_ROLE_ADMIN) + ); + if($x) { + new_cookie(60*60*24); // one day + $_SESSION['last_login_date'] = datetime_convert(); + unset($_SESSION['visitor_id']); // no longer a visitor + authenticate_success($x[0], true, true); + } + } + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1", dbesc($_SESSION['visitor_id']) ); |