Merge branch 'master', remote-tracking branch 'remotes/upstream/master'

* remotes/upstream/master:
  apply max-width to images in posts, duepuntozero
  theming for default group selector
  catch more places to apply default group
  make it difficult to setup a private forum with no privacy
  more private forums, default privacy group for new contacts
  tell browser not to cache permission denied (private) photos so that after authenticating we don't have to fight the browser - plus more prvgroup work

* master:

5 files changed, 77 insertions, 5 deletions

diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 2b25095fd..227d72cbf 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -500,6 +500,16 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 				}
 			}
 		}
+
+
+		$g = q("select def_gid from user where uid = %d limit 1",
+			intval($uid)
+		);
+		if($contact && $g && intval($g[0]['def_gid'])) {
+			require_once('include/group.php');
+			group_add_member($uid,'',$contact[0]['id'],$g[0]['def_gid']);
+		}
+
 		// Let's send our user to the contact editor in case they want to
 		// do anything special with this new friend.
 
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 2169c494c..b809929d7 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -370,6 +370,14 @@ function dfrn_request_post(&$a) {
 			if(count($r)) {
 				$contact_id = $r[0]['id'];
 
+				$g = q("select def_gid from user where uid = %d limit 1",
+					intval($uid)
+				);
+				if($g && intval($g[0]['def_gid'])) {
+					require_once('include/group.php');
+					group_add_member($uid,'',$contact_id,$g[0]['def_gid']);
+				}
+
 				$photo = avatar_img($addr);
 
 				$r = q("UPDATE `contact` SET 
diff --git a/mod/follow.php b/mod/follow.php
index 4a7f99bf0..cdecd5f2a 100644
--- a/mod/follow.php
+++ b/mod/follow.php
@@ -109,6 +109,7 @@ function follow_init(&$a) {
 		dbesc($ret['poll'])
 	);			
 
+
 	if(count($r)) {
 		// update contact
 		if($r[0]['rel'] == CONTACT_IS_FOLLOWER || ($network === NETWORK_DIASPORA && $r[0]['rel'] == CONTACT_IS_SHARING)) {
@@ -165,6 +166,15 @@ function follow_init(&$a) {
 	$contact = $r[0];
 	$contact_id  = $r[0]['id'];
 
+
+	$g = q("select def_gid from user where uid = %d limit 1",
+		intval($uid)
+	);
+	if($g && intval($g[0]['def_gid'])) {
+		require_once('include/group.php');
+		group_add_member($uid,'',$contact_id,$g[0]['def_gid']);
+	}
+
 	require_once("Photo.php");
 
 	$photos = import_profile_photo($ret['photo'],$uid,$contact_id);
diff --git a/mod/photo.php b/mod/photo.php
index 1d38fe8e4..3cd8250a9 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -28,6 +28,8 @@ function photo_init(&$a) {
 		}
 	}*/
 
+	$prvcachecontrol = false;
+
 	switch($a->argc) {
 		case 4:
 			$person = $a->argv[3];
@@ -134,6 +136,7 @@ function photo_init(&$a) {
 				);
 				if(count($r)) {
 					$data = file_get_contents('images/nosign.jpg');
+					$prvcachecontrol = true;
 				}
 			}
 		}
@@ -179,8 +182,22 @@ function photo_init(&$a) {
 	}
 
 	header("Content-type: image/jpeg");
- 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
-	header("Cache-Control: max-age=" . (3600*24));
+
+	if($prvcachecontrol) {
+
+		// it is a private photo that they have no permission to view.
+		// tell the browser not to cache it, in case they authenticate
+		// and subsequently have permission to see it
+
+		header("Cache-Control: no-store, no-cache, must-revalidate");
+
+	}
+	else {
+
+	 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
+		header("Cache-Control: max-age=" . (3600*24));
+
+	}
 	echo $data;
 	killme();
 	// NOTREACHED
diff --git a/mod/settings.php b/mod/settings.php
index 5f5b2ab2e..40fa55eea 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -330,6 +330,7 @@ function settings_post(&$a) {
 	$openid           = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url']))   : '');
 	$maxreq           = ((x($_POST,'maxreq'))     ? intval($_POST['maxreq'])             : 0);
 	$expire           = ((x($_POST,'expire'))     ? intval($_POST['expire'])             : 0);
+	$def_gid          = ((x($_POST,'group-selection')) ? intval($_POST['group-selection']) : 0);
 
 
 	$expire_items     = ((x($_POST,'expire_items')) ? intval($_POST['expire_items'])	 : 0);
@@ -355,7 +356,6 @@ function settings_post(&$a) {
 	$post_joingroup   = (($_POST['post_joingroup'] == 1) ? 1: 0);
 	$post_profilechange   = (($_POST['post_profilechange'] == 1) ? 1: 0);
 
-
 	$notify = 0;
 
 	if(x($_POST,'notify1'))
@@ -441,7 +441,20 @@ function settings_post(&$a) {
 	set_pconfig(local_user(),'system','post_profilechange', $post_profilechange);
 
 
-	$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d  WHERE `uid` = %d LIMIT 1",
+	if($page_flags == PAGE_PRVGROUP) {
+		$hidewall = 1;
+		if((! str_contact_allow) && (! str_group_allow) && (! str_contact_deny) && (! $str_group_deny)) {
+			if($def_gid) {
+				info( t('Private forum has no privacy permissions. Using default privacy group.'). EOL);
+				$str_group_allow = '<' . $def_gid . '>';
+			}
+			else {
+				notice( t('Private forum has no privacy permissions and no default privacy group.') . EOL);
+			} 
+		}
+	}
+
+	$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d  WHERE `uid` = %d LIMIT 1",
 			dbesc($username),
 			dbesc($email),
 			dbesc($openid),
@@ -457,6 +470,7 @@ function settings_post(&$a) {
 			intval($maxreq),
 			intval($expire),
 			dbesc($openidserver),
+			intval($def_gid),
 			intval($blockwall),
 			intval($hidewall),
 			intval($blocktags),
@@ -833,6 +847,13 @@ function settings_content(&$a) {
 		'$page_freelove' 	=> array('page-flags', t('Automatic Friend Account'), PAGE_FREELOVE, 
 									t('Automatically approve all connection/friend requests as friends'), 
 									($a->user['page-flags'] == PAGE_FREELOVE)),
+
+		'$page_prvgroup' 	=> array('page-flags', t('Private Forum'), PAGE_PRVGROUP, 
+									t('Private forum - approved members only [Experimental]'), 
+									($a->user['page-flags'] == PAGE_PRVGROUP)),
+
+		'$experimental' => ( (intval(get_config('system','prvgroup_testing'))) ? 'true' : ''),
+
 	));
 
 	$noid = get_config('system','no_openid');
@@ -934,6 +955,9 @@ function settings_content(&$a) {
 		'photos' => array('expire_photos',  t("Expire photos:"), $expire_photos, '', array(t('No'),t('Yes'))),		
 	);
 
+	require_once('include/group.php');
+	$group_select = mini_group_select(local_user(),$a->user['def_gid']);
+
 	$o .= replace_macros($stpl,array(
 		'$ptitle' 	=> t('Account Settings'),
 
@@ -941,7 +965,6 @@ function settings_content(&$a) {
 		'$baseurl' => $a->get_baseurl(true),
 		'$uid' => local_user(),
 		'$form_security_token' => get_form_security_token("settings"),
-		
 		'$nickname_block' => $prof_addr,
 		
 		'$h_pass' 	=> t('Password Settings'),
@@ -968,6 +991,10 @@ function settings_content(&$a) {
 		'$suggestme' => $suggestme,
 		'$blockwall'=> $blockwall, // array('blockwall', t('Allow friends to post to your profile page:'), !$blockwall, ''),
 		'$blocktags'=> $blocktags, // array('blocktags', t('Allow friends to tag your posts:'), !$blocktags, ''),
+
+		'$group_select' => $group_select,
+
+
 		'$expire'	=> $expire_arr,
 
 		'$profile_in_dir' => $profile_in_dir,