1 files changed, 49 insertions, 16 deletions

diff --git a/include/account.php b/include/account.php
index ad69b4d9a..0c07bd85f 100644
--- a/include/account.php
+++ b/include/account.php
@@ -17,10 +17,38 @@ require_once('include/crypto.php');
 require_once('include/channel.php');
 
 
-function get_account_by_id($account_id) {
-	$r = q("select * from account where account_id = %d",
-		intval($account_id)
-	);
+/**
+ * Returns the id of a locally logged in account or false.
+ *
+ * Returns the numeric account id of the current session if authenticated, or
+ * false otherwise.
+ *
+ * @note It is possible to be authenticated, and not connected to a channel.
+ *
+ * @return int|false Numeric account id or false.
+ */
+function get_account_id(): int|false {
+	if (isset($_SESSION['account_id'])) {
+		return intval($_SESSION['account_id']);
+	}
+
+	if (App::$account) {
+		return intval(App::$account['account_id']);
+	}
+
+	return false;
+}
+
+/**
+ * Get the account with the given id from the database.
+ *
+ * @param int $account_id	The numeric id of the account to fetch.
+ *
+ * @return array|false	An array containing the attributes of the requested
+ *		account, or false if it could not be retreived.
+ */
+function get_account_by_id(int $account_id): array|false {
+	$r = q("select * from account where account_id = %d", $account_id);
 	return (($r) ? $r[0] : false);
 }
 
@@ -117,11 +145,16 @@ function check_account_invite($invite_code) {
 }
 
 function check_account_admin($arr) {
-	if(is_site_admin())
+	if (is_site_admin()) {
 		return true;
+	}
+
 	$admin_email = trim(Config::Get('system','admin_email'));
-	if(strlen($admin_email) && $admin_email === trim($arr['email']))
+
+	if (strlen($admin_email) && $admin_email === trim($arr['reg_email'])) {
 		return true;
+	}
+
 	return false;
 }
 
@@ -163,18 +196,18 @@ function create_account_from_register($arr) {
 	if($default_service_class === false)
 		$default_service_class = '';
 
-	$roles = 0;
-	// prevent form hackery
-	if($roles & ACCOUNT_ROLE_ADMIN) {
-		$admin_result = check_account_admin($arr);
-		if(! $admin_result) {
-			$roles = 0;
-		}
+	// any accounts available ?
+	$total = q("SELECT COUNT(*) AS total FROM account");
+
+	if ($total && intval($total[0]['total']) === 0 && !check_account_admin($register[0])) {
+		logger('create_account: first account is not admin');
+		$result['message'] = t('First account is not admin.');
+		return $result;
 	}
 
-	// any accounts available ?
-	$isa = q("SELECT COUNT(*) AS isa FROM account");
-	if ($isa && $isa[0]['isa'] == 0) {
+	$roles = 0;
+
+	if (check_account_admin($register[0])) {
 		$roles = ACCOUNT_ROLE_ADMIN;
 	}