include/security.php

   1 <?php
   2
   3 function can_write_wall(&$a,$owner) {
   4
   5         static $verified = 0;
   6
   7         if((! (local_user())) && (! (remote_user())))
   8                 return false;
   9
  10         $uid = local_user();
  11
  12         if(($uid) && ($uid == $owner)) {
  13                 return true;
  14         }
  15
  16         if(remote_user()) {
  17
  18                 // user remembered decision and avoid a DB lookup for each and every display item
  19                 // DO NOT use this function if there are going to be multiple owners
  20
  21                 if($verified === 2)
  22                         return true;
  23                 elseif($verified === 1)
  24                         return false;
  25                 else {
  26                         $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid`
  27                                 WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
  28                                 AND `user`.`blockwall` = 0 AND `readonly` = 0  AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
  29                                 intval($owner),
  30                                 intval(remote_user()),
  31                                 intval(REL_VIP),
  32                                 intval(REL_BUD),
  33                                 intval(PAGE_COMMUNITY)
  34                         );
  35                         if(count($r)) {
  36                                 $verified = 2;
  37                                 return true;
  38                         }
  39                         else {
  40                                 $verified = 1;
  41                         }
  42                 }
  43         }
  44
  45         return false;
  46 }