diff options
| -rw-r--r-- | auth.php | 79 | ||||
| -rw-r--r-- | include/group.php | 105 | ||||
| -rw-r--r-- | mod/contacts.php | 2 | ||||
| -rw-r--r-- | mod/dfrn_poll.php | 2 | ||||
| -rw-r--r-- | mod/notifications.php | 2 | ||||
| -rw-r--r-- | nav.php | 23 |
6 files changed, 108 insertions, 105 deletions
diff --git a/auth.php b/auth.php deleted file mode 100644 index e22651cdd..000000000 --- a/auth.php +++ /dev/null @@ -1,79 +0,0 @@ -<?php - -// login/logout - -if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] == 'login'))) { - if($_POST['auth-params'] == 'logout' || $a->module == "logout") { - unset($_SESSION['authenticated']); - unset($_SESSION['uid']); - unset($_SESSION['visitor_id']); - unset($_SESSION['administrator']); - $_SESSION['sysmsg'] = "Logged out." . EOL; - goaway($a->get_baseurl()); - } - if(x($_SESSION,'uid')) { - $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", - intval($_SESSION['uid'])); - if($r === NULL || (! count($r))) { - goaway($a->get_baseurl()); - } - $a->user = $r[0]; - if(strlen($a->user['timezone'])) - date_default_timezone_set($a->user['timezone']); - - } -} -else { - unset($_SESSION['authenticated']); - unset($_SESSION['uid']); - unset($_SESSION['visitor_id']); - unset($_SESSION['administrator']); - $encrypted = hash('whirlpool',trim($_POST['password'])); - - if((x($_POST,'auth-params')) && $_POST['auth-params'] == 'login') { - $r = q("SELECT * FROM `user` - WHERE `email` = '%s' AND `password` = '%s' LIMIT 1", - dbesc(trim($_POST['login-name'])), - dbesc($encrypted)); - if(($r === false) || (! count($r))) { - $_SESSION['sysmsg'] = 'Login failed.' . EOL ; - goaway($a->get_baseurl()); - } - $_SESSION['uid'] = $r[0]['uid']; - $_SESSION['admin'] = $r[0]['admin']; - $_SESSION['authenticated'] = 1; - if(x($r[0],'nickname')) - $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname']; - else - $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['uid']; - - $_SESSION['sysmsg'] = "Welcome back " . $r[0]['username'] . EOL; - $a->user = $r[0]; - if(strlen($a->user['timezone'])) - date_default_timezone_set($a->user['timezone']); - - } -} - -// Returns an array of group names this contact is a member of. -// Since contact-id's are unique and each "belongs" to a given user uid, -// this array will only contain group names related to the uid of this -// DFRN contact. They are *not* neccessarily unique across the entire site. - - -if(! function_exists('init_groups_visitor')) { -function init_groups_visitor($contact_id) { - $groups = array(); - $r = q("SELECT `group_member`.`gid`, `group`.`name` - FROM `group_member` LEFT JOIN `group` ON `group_member`.`gid` = `group`.`id` - WHERE `group_member`.`contact-id` = %d ", - intval($contact_id) - ); - if(count($r)) { - foreach($r as $rr) - $groups[] = $rr['name']; - } - return $groups; -}} - - diff --git a/include/group.php b/include/group.php new file mode 100644 index 000000000..e92e4480b --- /dev/null +++ b/include/group.php @@ -0,0 +1,105 @@ +<?php + + +function group_add($uid,$name) { + + $ret = false; + if(x($uid) && x($name)) { + $r = group_byname($uid,$name); // check for dups + if($r !== false) + return true; + $r = q("INSERT INTO `group` ( `uid`', `name` ) + VALUES( %d, '%s' ) ", + intval($uid), + dbesc($name) + ); + $ret = $r; + } + return $ret; +} + + +function group_rmv($uid,$name) { + $ret = false; + if(x($uid) && x($name)) { + $r = q("SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' LIMIT 1", + intval($uid), + dbesc($name) + } + if(count($r)) + $group_id = $r[0]['id']; + if(! $group_id) + return false; + + // remove all members + $r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d ", + intval($uid), + intval($group_id) + ); + + // remove group + $r = q("DELETE FROM `group` WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval($uid), + dbesc($name) + ); + + $ret = $r; + + } + // TODO!! remove this group from all content ACL's !! + + return $ret; +} + +function group_byname($uid,$name) { + if((! $uid) || (! strlen($name))) + return false; + $r = q("SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' LIMIT 1", + intval($uid), + dbesc($name) + ); + if(count($r)) + return $r[0]['id']; + return false; +} + +function group_rmv_member($uid,$name,$member) { + $gid = group_byname($uid,$name); + if(! $gid) + return false; + if(! ( $uid && $gid && $member)) + return false; + $r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND `contact-id` = %d LIMIT 1 ", + intval($uid), + intval($gid), + intval($member) + ); + return $r; + + +} + + +function group_add_member($uid,$name,$member) { + $gid = group_byname($uid,$name); + if((! $gid) || (! $uid) || (! $member)) + return false; + + $r = q("SELECT * FROM `group_member` WHERE `uid` = %d AND `id` = %d AND `contact-id` = %d LIMIT 1", + intval($uid), + intval($gid), + intval($member) + ); + if(count($r)) + return true; // You might question this, but + // we indicate success because the group was in fact created + // -- It was just created at another time + if(! count($r)) + $r = q("INSERT INTO `group_member` (`uid`, `gid`, `contact-id`) + VALUES( %d, %d, %d ) ", + intval($uid), + intval($gid), + intval($member) + ); + return $r; +}
\ No newline at end of file diff --git a/mod/contacts.php b/mod/contacts.php index b14377cea..5435df7b2 100644 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -52,7 +52,7 @@ function contacts_post(&$a) { } } if($intval($contact_id)) - q("DELETE * FROM `item` WHERE `contact-id` = %d ", + q("DELETE FROM `item` WHERE `contact-id` = %d LIMIT 1", intval($contact_id) ); diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index e7f4b0786..da60eb629 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -46,7 +46,7 @@ function dfrn_poll_init(&$a) { if((x($type)) && ($type == 'profile-check')) { - q("DELETE FROM `expire` WHERE `expire` < " . time()); + q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time())); $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC", dbesc($dfrn_id)); if(count($r)) diff --git a/mod/notifications.php b/mod/notifications.php index 1064729ff..6ade0c0bb 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -28,7 +28,7 @@ function notifications_post(&$a) { return; } if($_POST['submit'] == 'Discard') { - $r = q("DELETE `intro` WHERE `id` = %d LIMIT 1", intval($intro_id)); + $r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", intval($intro_id)); $r = q("DELETE `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($request_id), intval($_SESSION['uid'])); diff --git a/nav.php b/nav.php deleted file mode 100644 index c51c56ad2..000000000 --- a/nav.php +++ /dev/null @@ -1,23 +0,0 @@ - -<?php - $a->page['nav'] .= "<span id=\"nav-link-wrapper\" >\r\n"; - - if(x($_SESSION,'uid')) { - - $a->page['nav'] .= "<a id=\"nav-notify-link\" class=\"nav-commlink\" href=\"notifications\">Notifications</a>\r\n"; - - $a->page['nav'] .= "<a id=\"nav-messages-link\" class=\"nav-commlink\" href=\"Messages\">Messages</a>\r\n"; - - - $a->page['nav'] .= "<a id=\"nav-logout-link\" class=\"nav-link\" href=\"logout\">Logout</a>\r\n"; - - $a->page['nav'] .= "<a id=\"nav-settings-link\" class=\"nav-link\" href=\"settings\">Settings</a>\r\n"; - - $a->page['nav'] .= "<a id=\"nav-profiles-link\" class=\"nav-link\" href=\"profiles\">Profiles</a>\r\n"; - - $a->page['nav'] .= "<a id=\"nav-contacts-link\" class=\"nav-link\" href=\"contacts\">Contacts</a>\r\n"; - - $a->page['nav'] .= "<a id=\"nav-home-link\" class=\"nav-link\" href=\"profile/{$_SESSION['uid']}\">Home</a>\r\n"; - - } - $a->page['nav'] .= "</span>\r\n<span id=\"nav-end\"></span>\r\n"; |