aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-01-29 03:39:32 -0800
committerfriendica <info@friendica.com>2014-01-29 03:40:14 -0800
commita1e7c65d51a6472cf7fe95686883f77953d7dfd7 (patch)
treea9cbdcdd22e2a61e7c77a9a6fa0ae04376e8e204
parent6a9d43bcbe167ff3a8f9bd8a2ce93d9fc298fcdf (diff)
downloadvolse-hubzilla-a1e7c65d51a6472cf7fe95686883f77953d7dfd7.tar.gz
volse-hubzilla-a1e7c65d51a6472cf7fe95686883f77953d7dfd7.tar.bz2
volse-hubzilla-a1e7c65d51a6472cf7fe95686883f77953d7dfd7.zip
chatroom permissions enforcement
-rw-r--r--include/chat.php19
1 files changed, 19 insertions, 0 deletions
diff --git a/include/chat.php b/include/chat.php
index 9d90f7970..6bcb003ff 100644
--- a/include/chat.php
+++ b/include/chat.php
@@ -76,8 +76,27 @@ function chatroom_destroy($channel,$arr) {
function chatroom_enter($observer_xchan,$room_id,$status,$client) {
+
if(! $room_id || ! $observer_xchan)
return;
+
+ $r = q("select * from chatroom where cr_id = %d limit 1",
+ intval($room_id)
+ );
+ if(! $r)
+ return;
+ require_once('include/security.php');
+ $sql_extra = permissions_sql($r[0]['cr_uid']);
+
+ $x = q("select * from chatroom where cr_id = %d and uid = %d $sql_extra limit 1",
+ intval($room_id)
+ intval($r[0]['cr_uid'])
+ );
+ if(! $x) {
+ notice( t('Permission denied.') . EOL);
+ return;
+ }
+
$r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1",
dbesc($observer_xchan),
intval($room_id)