diff options
Diffstat (limited to 'mod/profile.php')
-rw-r--r-- | mod/profile.php | 43 |
1 files changed, 7 insertions, 36 deletions
diff --git a/mod/profile.php b/mod/profile.php index f2dd7f4df..e9b144ffd 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -164,48 +164,19 @@ function profile_content(&$a, $update = 0) { } } - // Construct permissions - - // default permissions - anonymous user - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - // Profile owner - everything is visible - if($is_owner) { - $sql_extra = ''; - - // Oh - while we're here... reset the Unseen messages - $r = q("UPDATE `item` SET `unseen` = 0 WHERE `wall` = 1 AND `unseen` = 1 AND `uid` = %d", - intval($_SESSION['uid']) + intval(local_user()) ); - } - // authenticated visitor - here lie dragons - // If $remotecontact is true, we know that not only is this a remotely authenticated - // person, but that it is *our* contact, which is important in multi-user mode. - - elseif($remote_contact) { - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + /** + * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups + */ + + $sql_extra = permissions_sql($a->profile['profile_uid'],$remote_contact,$groups); + $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` |