diff options
Diffstat (limited to 'include/security.php')
-rw-r--r-- | include/security.php | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/include/security.php b/include/security.php index 630690f9e..cb1077049 100644 --- a/include/security.php +++ b/include/security.php @@ -3,15 +3,18 @@ function can_write_wall(&$a,$owner) { if((! (local_user())) && (! (remote_user()))) return false; - if((local_user()) && ($_SESSION['uid'] == $owner)) + $uid = get_uid(); + if(($uid) && ($uid === $owner)) return true; - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d AND `blocked` = 0 AND `pending` = 0 - AND `readonly` = 0 AND `rel` IN ( %d , %d ) LIMIT 1", - intval($owner), - intval($_SESSION['visitor_id']), - intval(REL_VIP), - intval(REL_BUD) + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` + WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page_flags` = %d ) LIMIT 1", + intval($owner), + intval($_SESSION['visitor_id']), + intval(REL_VIP), + intval(REL_BUD), + intval(PAGE_COMMUNITY) ); if(count($r)) return true; |