1 files changed, 47 insertions, 39 deletions
diff --git a/include/security.php b/include/security.php
index e691939fb..4738e473b 100644
--- a/include/security.php
+++ b/include/security.php
@@ -1,4 +1,4 @@
-<?php
+<?php /** @file */
 
 function authenticate_success($user_record, $login_initial = false, $interactive = false,$return = false,$update_lastlog = false) {
 
@@ -34,6 +34,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 	else {
 		$_SESSION['uid'] = $user_record['uid'];
 		$_SESSION['theme'] = $user_record['theme'];
+		$_SESSION['mobile_theme'] = get_pconfig($user_record['uid'], 'system', 'mobile_theme');
 		$_SESSION['authenticated'] = 1;
 		$_SESSION['page_flags'] = $user_record['page-flags'];
 		$_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $user_record['nickname'];
@@ -148,6 +149,7 @@ function change_channel($change_channel) {
 			$_SESSION['uid'] = intval($r[0]['channel_id']);
 			get_app()->set_channel($r[0]);
 			$_SESSION['theme'] = $r[0]['channel_theme'];
+			$_SESSION['mobile_theme'] = get_pconfig(local_user(),'system', 'mobile_theme');
 			date_default_timezone_set($r[0]['channel_timezone']);
 			$ret = $r[0];
 		}
@@ -205,26 +207,29 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
 
 
 	else {
-		$observer = get_app()->get_observer();
-		$groups = init_groups_visitor($remote_user);
-
-		$gs = '<<>>'; // should be impossible to match
-
-		if(is_array($groups) && count($groups)) {
-			foreach($groups as $g)
-				$gs .= '|<' . $g . '>';
-		} 
-		$sql = sprintf(
-			" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
-			  AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
-			  )
-			",
-			dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
-			dbesc($gs),
-			dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
-			dbesc($gs)
-		);
+		$observer = get_observer_hash();
+		if($observer) {
+			$groups = init_groups_visitor($observer);
+
+			$gs = '<<>>'; // should be impossible to match
+
+			if(is_array($groups) && count($groups)) {
+				foreach($groups as $g)
+					$gs .= '|<' . $g . '>';
+			} 
+			$sql = sprintf(
+				" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+				  AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+				  )
+				",
+				dbesc(protect_sprintf( '%<' . $observer . '>%')),
+				dbesc($gs),
+				dbesc(protect_sprintf( '%<' . $observer . '>%')),
+				dbesc($gs)
+			);
+		}
 	}
+
 	return $sql;
 }
 
@@ -260,25 +265,28 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 
 
 	else {
-		$observer = get_app()->get_observer();
-		$groups = init_groups_visitor($remote_user);
-
-		$gs = '<<>>'; // should be impossible to match
-
-		if(is_array($groups) && count($groups)) {
-			foreach($groups as $g)
-				$gs .= '|<' . $g . '>';
-		} 
-		$sql = sprintf(
-			" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
-			  AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
-			  )
-			",
-			dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
-			dbesc($gs),
-			dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
-			dbesc($gs)
-		);
+		$observer = get_observer_hash();
+
+		if($observer) {
+			$groups = init_groups_visitor($observer);
+
+			$gs = '<<>>'; // should be impossible to match
+
+			if(is_array($groups) && count($groups)) {
+				foreach($groups as $g)
+					$gs .= '|<' . $g . '>';
+			} 
+			$sql = sprintf(
+				" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+				  AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+				  )
+				",
+				dbesc(protect_sprintf( '%<' . $observer . '>%')),
+				dbesc($gs),
+				dbesc(protect_sprintf( '%<' . $observer . '>%')),
+				dbesc($gs)
+			);
+		}
 	}
 	return $sql;
 }