5 files changed, 36 insertions, 32 deletions

diff --git a/include/Contact.php b/include/Contact.php
index 611371db6..1c61470e1 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -263,7 +263,7 @@ function rrmdir($path)
     return false;
 }
 
-function channel_remove($channel_id, $local = true, $unset_session=true) {
+function channel_remove($channel_id, $local = true, $unset_session=false) {
 
 	if(! $channel_id)
 		return;
@@ -389,8 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
 	proc_run('php','include/directory.php',$channel_id);
 
 	if($channel_id == local_channel() && $unset_session) {
-		unset($_SESSION['authenticated']);
-		unset($_SESSION['uid']);
+		nuke_session();
 		goaway($a->get_baseurl());
 	}
 
diff --git a/include/attach.php b/include/attach.php
index 2777b5813..343922a52 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -846,7 +846,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 
 	// Caution: This re-uses $sql_options set further above
 
-	$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_options limit 1",
+	$r = q("select * from attach where uid = %d and hash = '%s' $sql_options limit 1",
 		intval($channel_id),
 		dbesc($hash)
 	);
diff --git a/include/auth.php b/include/auth.php
index 4f0c4c928..1a7110c20 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -12,33 +12,6 @@
 require_once('include/api_auth.php');
 require_once('include/security.php');
 
-/**
- * @brief Resets the current session.
- *
- * @return void
- */
-function nuke_session() {
-	new_cookie(0); // 0 means delete on browser exit
-
-	unset($_SESSION['authenticated']);
-	unset($_SESSION['account_id']);
-	unset($_SESSION['uid']);
-	unset($_SESSION['visitor_id']);
-	unset($_SESSION['administrator']);
-	unset($_SESSION['cid']);
-	unset($_SESSION['theme']);
-	unset($_SESSION['mobile_theme']);
-	unset($_SESSION['show_mobile']);
-	unset($_SESSION['page_flags']);
-	unset($_SESSION['delegate']);
-	unset($_SESSION['delegate_channel']);
-	unset($_SESSION['my_url']);
-	unset($_SESSION['my_address']);
-	unset($_SESSION['addr']);
-	unset($_SESSION['return_url']);
-	unset($_SESSION['remote_service_class']);
-	unset($_SESSION['remote_hub']);
-}
 
 /**
  * @brief Verify login credentials.
diff --git a/include/security.php b/include/security.php
index 215cc92cb..f3cf2d1b6 100644
--- a/include/security.php
+++ b/include/security.php
@@ -415,7 +415,7 @@ function init_groups_visitor($contact_id) {
 	$r = q("SELECT hash FROM `groups` left join group_member on groups.id = group_member.gid WHERE xchan = '%s' ",
 		dbesc($contact_id)
 	);
-	if(count($r)) {
+	if($r) {
 		foreach($r as $rr)
 			$groups[] = $rr['hash'];
 	}
diff --git a/include/session.php b/include/session.php
index 43bba528b..6060e4712 100644
--- a/include/session.php
+++ b/include/session.php
@@ -12,6 +12,38 @@
 $session_exists = 0;
 $session_expire = 180000;
 
+
+/**
+ * @brief Resets the current session.
+ *
+ * @return void
+ */
+
+function nuke_session() {
+	new_cookie(0); // 0 means delete on browser exit
+
+	unset($_SESSION['authenticated']);
+	unset($_SESSION['account_id']);
+	unset($_SESSION['uid']);
+	unset($_SESSION['visitor_id']);
+	unset($_SESSION['administrator']);
+	unset($_SESSION['cid']);
+	unset($_SESSION['theme']);
+	unset($_SESSION['mobile_theme']);
+	unset($_SESSION['show_mobile']);
+	unset($_SESSION['page_flags']);
+	unset($_SESSION['delegate']);
+	unset($_SESSION['delegate_channel']);
+	unset($_SESSION['my_url']);
+	unset($_SESSION['my_address']);
+	unset($_SESSION['addr']);
+	unset($_SESSION['return_url']);
+	unset($_SESSION['remote_service_class']);
+	unset($_SESSION['remote_hub']);
+}
+
+
+
 function new_cookie($time) {
 	$old_sid = session_id();