aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/photos.php13
-rw-r--r--mod/zfinger.php2
2 files changed, 9 insertions, 6 deletions
diff --git a/mod/photos.php b/mod/photos.php
index c90793d8c..ee9691e34 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -20,11 +20,17 @@ function photos_init(&$a) {
dbesc($nick)
);
- if(! ($r && count($r)))
+ if(! $r)
return;
$a->data['channel'] = $r[0];
+ $o .= '<div class="vcard">';
+ $o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
+ $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
+ $o .= '</div>';
+
+
$sql_extra = permissions_sql($a->data['channel']['channel_id']);
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra order by created desc",
@@ -34,11 +40,6 @@ function photos_init(&$a) {
if(count($albums)) {
$a->data['albums'] = $albums;
// FIXME
- $o .= '<div class="vcard">';
- $o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
- $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
- $o .= '</div>';
-
$albums_visible = ((intval($a->data['user']['hidewall']) && (! local_user()) && (! remote_user())) ? false : true);
if($albums_visible) {
diff --git a/mod/zfinger.php b/mod/zfinger.php
index c1ab8dc7d..ea8da0c23 100644
--- a/mod/zfinger.php
+++ b/mod/zfinger.php
@@ -68,6 +68,8 @@ function zfinger_init(&$a) {
$ret['target'] = $ztarget;
$ret['target_sig'] = $zsig;
+// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery.
+
$ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig)
? base64url_encode(hash('whirlpool',$ztarget . $zsig,true))
: '' ),false);