diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/poco.php | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/mod/poco.php b/mod/poco.php index 86b300c61..384c19f8f 100644 --- a/mod/poco.php +++ b/mod/poco.php @@ -4,8 +4,10 @@ function poco_init(&$a) { $system_mode = false; - if(intval(get_config('system','block_public'))) + if(intval(get_config('system','block_public')) && (! local_user()) && (! remote_user())) { + logger('mod_poco: block_public'); http_status_exit(401); + } $observer = $a->get_observer(); @@ -14,8 +16,10 @@ function poco_init(&$a) { } if(! x($user)) { $c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1"); - if(! $c) + if(! $c) { + logger('mod_poco: system mode. No candidates.', LOGGER_DEBUG); http_status_exit(401); + } $system_mode = true; } @@ -35,19 +39,23 @@ function poco_init(&$a) { if(argc() > 4 && intval(argv(4)) && $justme == false) $cid = intval(argv(4)); - if(! $system_mode) { $r = q("SELECT channel.channel_id from channel where channel_address = '%s' limit 1", dbesc($user) ); - if(! $r) + if(! $r) { + logger('mod_poco: user mode. Account not found. ' . $user); http_status_exit(404); + } $channel_id = $r[0]['channel_id']; + $ohash = (($observer) ? $observer['xchan_hash'] : ''); - if(! perm_is_allowed($channel_id,(($observer) ? $observer['xchan_hash'] : ''),'view_contacts')) - http_status_exit(404); + if(! perm_is_allowed($channel_id,$ohash,'view_contacts')) { + logger('mod_poco: user mode. Permission denied for ' . $ohash . ' user: ' . $user); + http_status_exit(401); + } } |