diff options
| author | friendica <info@friendica.com> | 2012-10-23 17:14:50 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2012-10-23 17:14:50 -0700 |
| commit | 8e8482355baa55a5c9e3cb3553eecf5a733e2897 (patch) | |
| tree | 69aebb07dd105280cb40997f172b90e58c555510 /mod/wall_attach.php | |
| parent | 756dcd115e5785dc009bce1e75ebb54c8009dfa7 (diff) | |
| download | volse-hubzilla-8e8482355baa55a5c9e3cb3553eecf5a733e2897.tar.gz volse-hubzilla-8e8482355baa55a5c9e3cb3553eecf5a733e2897.tar.bz2 volse-hubzilla-8e8482355baa55a5c9e3cb3553eecf5a733e2897.zip | |
more heavy lifting
Diffstat (limited to 'mod/wall_attach.php')
| -rw-r--r-- | mod/wall_attach.php | 81 |
1 files changed, 47 insertions, 34 deletions
diff --git a/mod/wall_attach.php b/mod/wall_attach.php index b32e2b877..1b539031b 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -5,52 +5,65 @@ require_once('include/datetime.php'); function wall_attach_post(&$a) { - if($a->argc > 1) { - $nick = $a->argv[1]; - $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", + + // Figure out who owns the page and if they allow attachments + + if(argc() > 1) { + $nick = argv(1); + $r = q("SELECT channel.* from channel where channel_address = '%s' limit 1", dbesc($nick) ); - if(! count($r)) + if(! ($r && count($r))) return; + $channel = $r[0]; } else return; + $can_post = false; + + $visitor = 0; - $page_owner_uid = $r[0]['uid']; - $page_owner_cid = $r[0]['id']; - $page_owner_nick = $r[0]['nickname']; - $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); + $page_owner_uid = $channel['channel_id']; + + +// $page_owner_cid = $r[0]['id']; +// $page_owner_nick = $r[0]['nickname']; +// $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); if((local_user()) && (local_user() == $page_owner_uid)) $can_post = true; - else { - if($community_page && remote_user()) { - $cid = 0; - if(is_array($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $page_owner_uid) { - $cid = $v['cid']; - break; - } - } - } - if($cid) { - - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), - intval($page_owner_uid) - ); - if(count($r)) { - $can_post = true; - $visitor = $cid; - } - } - } - } + +// FIXME for forum and guests +// else { +// if($community_page && remote_user()) { +// $cid = 0; +// if(is_array($_SESSION['remote'])) { +// foreach($_SESSION['remote'] as $v) { +// if($v['uid'] == $page_owner_uid) { +// $cid = $v['cid']; +// break; +// } +// } +// } +// if($cid) {// + +// $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", +// intval($cid), +// intval($page_owner_uid) +// ); +// if(count($r)) { +// $can_post = true; +// $visitor = $cid; +// } +// } +// } +// } + + if(! $can_post) { notice( t('Permission denied.') . EOL ); killme(); @@ -98,7 +111,7 @@ function wall_attach_post(&$a) { dbesc($filedata), dbesc($created), dbesc($created), - dbesc('<' . $page_owner_cid . '>'), + dbesc('<' . $channel['channel_hash'] . '>'), dbesc(''), dbesc(''), dbesc('') @@ -111,7 +124,7 @@ function wall_attach_post(&$a) { killme(); } - $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", + $r = q("SELECT `hash` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", intval($page_owner_uid), dbesc($created), dbesc($hash) |