aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/auth.php4
-rw-r--r--include/nav.php8
-rw-r--r--include/security.php17
3 files changed, 20 insertions, 9 deletions
diff --git a/include/auth.php b/include/auth.php
index f4f75c607..7e04cb2e7 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -14,6 +14,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
unset($_SESSION['administrator']);
unset($_SESSION['cid']);
unset($_SESSION['theme']);
+ unset($_SESSION['page_flags']);
notice( t('Logged out.') . EOL);
goaway($a->get_baseurl());
}
@@ -34,6 +35,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
$a->user = $r[0];
$_SESSION['theme'] = $a->user['theme'];
+ $_SESSION['page_flags'] = $a->user['page-flags'];
if(strlen($a->user['timezone']))
date_default_timezone_set($a->user['timezone']);
@@ -58,6 +60,7 @@ else {
unset($_SESSION['cid']);
unset($_SESSION['theme']);
unset($_SESSION['my_url']);
+ unset($_SESSION['page_flags']);
$encrypted = hash('whirlpool',trim($_POST['password']));
@@ -77,6 +80,7 @@ else {
$_SESSION['uid'] = $r[0]['uid'];
$_SESSION['theme'] = $r[0]['theme'];
$_SESSION['authenticated'] = 1;
+ $_SESSION['page_flags'] = $r[0]['page-flags'];
$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
notice( t("Welcome back ") . $r[0]['username'] . EOL);
diff --git a/include/nav.php b/include/nav.php
index cb0882280..2c9d76bb3 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -27,8 +27,12 @@ else {
$a->page['nav'] .= '<a id="nav-home-link" class="nav-commlink" href="profile/' . $a->user['nickname'] . '">'
. t('Home') . '</a><span id="home-update" class="nav-ajax-left"></span>' . "\r\n";
- $a->page['nav'] .= '<a id="nav-notify-link" class="nav-commlink" href="notifications">' . t('Notifications')
- . '</a><span id="notify-update" class="nav-ajax-left"></span>' . "\r\n";
+ // only show friend requests for normal pages. Other page types have automatic friendship.
+
+ if($_SESSION['page_flags'] == PAGE_NORMAL) {
+ $a->page['nav'] .= '<a id="nav-notify-link" class="nav-commlink" href="notifications">' . t('Notifications')
+ . '</a><span id="notify-update" class="nav-ajax-left"></span>' . "\r\n";
+ }
$a->page['nav'] .= '<a id="nav-messages-link" class="nav-commlink" href="message">' . t('Messages')
. '</a><span id="mail-update" class="nav-ajax-left"></span>' . "\r\n";
diff --git a/include/security.php b/include/security.php
index 630690f9e..cb1077049 100644
--- a/include/security.php
+++ b/include/security.php
@@ -3,15 +3,18 @@
function can_write_wall(&$a,$owner) {
if((! (local_user())) && (! (remote_user())))
return false;
- if((local_user()) && ($_SESSION['uid'] == $owner))
+ $uid = get_uid();
+ if(($uid) && ($uid === $owner))
return true;
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d AND `blocked` = 0 AND `pending` = 0
- AND `readonly` = 0 AND `rel` IN ( %d , %d ) LIMIT 1",
- intval($owner),
- intval($_SESSION['visitor_id']),
- intval(REL_VIP),
- intval(REL_BUD)
+ $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid`
+ WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page_flags` = %d ) LIMIT 1",
+ intval($owner),
+ intval($_SESSION['visitor_id']),
+ intval(REL_VIP),
+ intval(REL_BUD),
+ intval(PAGE_COMMUNITY)
);
if(count($r))
return true;