1 files changed, 41 insertions, 29 deletions
diff --git a/include/security.php b/include/security.php
index e345636e7..c67a1b400 100644
--- a/include/security.php
+++ b/include/security.php
@@ -12,7 +12,7 @@
  * @param bool $return
  * @param bool $update_lastlog
  */
-function authenticate_success($user_record, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) {
+function authenticate_success($user_record, $channel = null, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) {
 
 	$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
 
@@ -23,11 +23,15 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 		$_SESSION['account_id'] = $user_record['account_id'];
 		$_SESSION['authenticated'] = 1;
 
+		if($channel)
+			$uid_to_load = $channel['channel_id'];
 
-		$uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid']))) 
-			? intval($_SESSION['uid']) 
-			: intval(App::$account['account_default_channel'])
-		);
+		if(! $uid_to_load) {
+			$uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid']))) 
+				? intval($_SESSION['uid']) 
+				: intval(App::$account['account_default_channel'])
+			);
+		}
 
 		if($uid_to_load) {
 			change_channel($uid_to_load);
@@ -85,16 +89,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 function atoken_login($atoken) {
 	if(! $atoken)
 		return false;
-
-	$xchan = atoken_xchan($atoken);
-
 	$_SESSION['authenticated'] = 1;
-	$_SESSION['visitor_id'] = $xchan['xchan_hash'];
+	$_SESSION['visitor_id'] = $atoken['xchan_hash'];
 	$_SESSION['atoken'] = $atoken['atoken_id'];
 
-	\App::set_observer($xchan);
-
-	return [ 'atoken' => true ];
+	\App::set_observer($atoken);
+	return true;
 }
 
 
@@ -102,7 +102,8 @@ function atoken_xchan($atoken) {
 
 	$c = channelx_by_n($atoken['atoken_uid']);
 	if($c) {
-		return [ 
+		return [
+			'atoken_id' => $atoken['atoken_id'], 
 			'xchan_hash' =>  substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'],
 			'xchan_name' => $atoken['atoken_name'],
 			'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(),
@@ -115,7 +116,7 @@ function atoken_xchan($atoken) {
 	
 		];
 	}
-
+	return null;
 }
 
 
@@ -127,6 +128,7 @@ function atoken_xchan($atoken) {
  *
  * @return bool|array false or channel record of the new channel
  */
+
 function change_channel($change_channel) {
 
 	$ret = false;
@@ -476,14 +478,19 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) {
 	$random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : '');
 	if(local_channel())
 		$ret[] = local_channel();
-	$r = q("select channel_id from channel where channel_r_stream > 0 and ( channel_r_stream & %d )>0 and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
-		intval($perms),
-		intval(PAGE_ADULT|PAGE_CENSORED)
+	$x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
+		intval($perms)
 	);
-	if($r) {
-		foreach($r as $rr)
-			if(! in_array($rr['channel_id'], $ret))
-				$ret[] = $rr['channel_id'];
+	if($x) {
+		$ids = ids_to_querystr($x,'uid');
+		$r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
+			intval(PAGE_ADULT|PAGE_CENSORED)
+		);
+		if($r) {
+			foreach($r as $rr)
+				if(! in_array($rr['channel_id'], $ret))
+					$ret[] = $rr['channel_id'];
+		}
 	}
 
 	$str = '';
@@ -509,16 +516,21 @@ function stream_perms_xchans($perms = NULL ) {
 	if(local_channel())
 		$ret[] = get_observer_hash();
 
-	$r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0 and channel_system = 0 and channel_removed = 0 ",
-		intval($perms),
-		intval(PAGE_ADULT|PAGE_CENSORED)
+	$x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
+		intval($perms)
 	);
-	if($r) {
-		foreach($r as $rr)
-			if(! in_array($rr['channel_hash'], $ret))
-				$ret[] = $rr['channel_hash'];
-	}
+	if($x) {
+		$ids = ids_to_querystr($x,'uid');
+		$r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ",
+			intval(PAGE_ADULT|PAGE_CENSORED)
+		);
 
+		if($r) {
+			foreach($r as $rr)
+				if(! in_array($rr['channel_hash'], $ret))
+					$ret[] = $rr['channel_hash'];
+		}
+	}
 	$str = '';
 	if($ret) {
 		foreach($ret as $rr) {