diff options
| author | friendica <info@friendica.com> | 2012-03-05 15:04:43 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2012-03-05 15:04:43 -0800 |
| commit | c37ffd2999453de17bd6b0c98b708a0f55bacdc7 (patch) | |
| tree | a301d318eeeb1ddece3c17d71ed10a9bd066c500 /include/security.php | |
| parent | 0d9c2ca06f9394bc039a43410d3902338e8412a1 (diff) | |
| download | volse-hubzilla-c37ffd2999453de17bd6b0c98b708a0f55bacdc7.tar.gz volse-hubzilla-c37ffd2999453de17bd6b0c98b708a0f55bacdc7.tar.bz2 volse-hubzilla-c37ffd2999453de17bd6b0c98b708a0f55bacdc7.zip | |
can_write_wall documentation
Diffstat (limited to 'include/security.php')
| -rwxr-xr-x | include/security.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/include/security.php b/include/security.php index bc2c9f0bf..6b8128bdd 100755 --- a/include/security.php +++ b/include/security.php @@ -108,14 +108,18 @@ function can_write_wall(&$a,$owner) { if(remote_user()) { - // user remembered decision and avoid a DB lookup for each and every display item + // use remembered decision and avoid a DB lookup for each and every display item // DO NOT use this function if there are going to be multiple owners + // We have a contact-id for an authenticated remote user, this block determines if the contact + // belongs to this page owner, and has the necessary permissions to post content + if($verified === 2) return true; elseif($verified === 1) return false; else { + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", @@ -125,6 +129,7 @@ function can_write_wall(&$a,$owner) { intval(CONTACT_IS_FRIEND), intval(PAGE_COMMUNITY) ); + if(count($r)) { $verified = 2; return true; |