diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/auth.php | 4 | ||||
-rw-r--r-- | include/nav.php | 8 | ||||
-rw-r--r-- | include/security.php | 17 |
3 files changed, 20 insertions, 9 deletions
diff --git a/include/auth.php b/include/auth.php index f4f75c607..7e04cb2e7 100644 --- a/include/auth.php +++ b/include/auth.php @@ -14,6 +14,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) { unset($_SESSION['administrator']); unset($_SESSION['cid']); unset($_SESSION['theme']); + unset($_SESSION['page_flags']); notice( t('Logged out.') . EOL); goaway($a->get_baseurl()); } @@ -34,6 +35,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) { $a->user = $r[0]; $_SESSION['theme'] = $a->user['theme']; + $_SESSION['page_flags'] = $a->user['page-flags']; if(strlen($a->user['timezone'])) date_default_timezone_set($a->user['timezone']); @@ -58,6 +60,7 @@ else { unset($_SESSION['cid']); unset($_SESSION['theme']); unset($_SESSION['my_url']); + unset($_SESSION['page_flags']); $encrypted = hash('whirlpool',trim($_POST['password'])); @@ -77,6 +80,7 @@ else { $_SESSION['uid'] = $r[0]['uid']; $_SESSION['theme'] = $r[0]['theme']; $_SESSION['authenticated'] = 1; + $_SESSION['page_flags'] = $r[0]['page-flags']; $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname']; notice( t("Welcome back ") . $r[0]['username'] . EOL); diff --git a/include/nav.php b/include/nav.php index cb0882280..2c9d76bb3 100644 --- a/include/nav.php +++ b/include/nav.php @@ -27,8 +27,12 @@ else { $a->page['nav'] .= '<a id="nav-home-link" class="nav-commlink" href="profile/' . $a->user['nickname'] . '">' . t('Home') . '</a><span id="home-update" class="nav-ajax-left"></span>' . "\r\n"; - $a->page['nav'] .= '<a id="nav-notify-link" class="nav-commlink" href="notifications">' . t('Notifications') - . '</a><span id="notify-update" class="nav-ajax-left"></span>' . "\r\n"; + // only show friend requests for normal pages. Other page types have automatic friendship. + + if($_SESSION['page_flags'] == PAGE_NORMAL) { + $a->page['nav'] .= '<a id="nav-notify-link" class="nav-commlink" href="notifications">' . t('Notifications') + . '</a><span id="notify-update" class="nav-ajax-left"></span>' . "\r\n"; + } $a->page['nav'] .= '<a id="nav-messages-link" class="nav-commlink" href="message">' . t('Messages') . '</a><span id="mail-update" class="nav-ajax-left"></span>' . "\r\n"; diff --git a/include/security.php b/include/security.php index 630690f9e..cb1077049 100644 --- a/include/security.php +++ b/include/security.php @@ -3,15 +3,18 @@ function can_write_wall(&$a,$owner) { if((! (local_user())) && (! (remote_user()))) return false; - if((local_user()) && ($_SESSION['uid'] == $owner)) + $uid = get_uid(); + if(($uid) && ($uid === $owner)) return true; - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d AND `blocked` = 0 AND `pending` = 0 - AND `readonly` = 0 AND `rel` IN ( %d , %d ) LIMIT 1", - intval($owner), - intval($_SESSION['visitor_id']), - intval(REL_VIP), - intval(REL_BUD) + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` + WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page_flags` = %d ) LIMIT 1", + intval($owner), + intval($_SESSION['visitor_id']), + intval(REL_VIP), + intval(REL_BUD), + intval(PAGE_COMMUNITY) ); if(count($r)) return true; |