diff options
author | friendica <info@friendica.com> | 2014-01-29 03:39:32 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-01-29 03:40:14 -0800 |
commit | a1e7c65d51a6472cf7fe95686883f77953d7dfd7 (patch) | |
tree | a9cbdcdd22e2a61e7c77a9a6fa0ae04376e8e204 | |
parent | 6a9d43bcbe167ff3a8f9bd8a2ce93d9fc298fcdf (diff) | |
download | volse-hubzilla-a1e7c65d51a6472cf7fe95686883f77953d7dfd7.tar.gz volse-hubzilla-a1e7c65d51a6472cf7fe95686883f77953d7dfd7.tar.bz2 volse-hubzilla-a1e7c65d51a6472cf7fe95686883f77953d7dfd7.zip |
chatroom permissions enforcement
-rw-r--r-- | include/chat.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/include/chat.php b/include/chat.php index 9d90f7970..6bcb003ff 100644 --- a/include/chat.php +++ b/include/chat.php @@ -76,8 +76,27 @@ function chatroom_destroy($channel,$arr) { function chatroom_enter($observer_xchan,$room_id,$status,$client) { + if(! $room_id || ! $observer_xchan) return; + + $r = q("select * from chatroom where cr_id = %d limit 1", + intval($room_id) + ); + if(! $r) + return; + require_once('include/security.php'); + $sql_extra = permissions_sql($r[0]['cr_uid']); + + $x = q("select * from chatroom where cr_id = %d and uid = %d $sql_extra limit 1", + intval($room_id) + intval($r[0]['cr_uid']) + ); + if(! $x) { + notice( t('Permission denied.') . EOL); + return; + } + $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", dbesc($observer_xchan), intval($room_id) |