- $r = q("SELECT id FROM contact WHERE uid = ( SELECT uid FROM user WHERE nickname = '%s' LIMIT 1 ) AND nick = '%s' AND network = '%s' and self = 0 LIMIT 1",
- dbesc($contact_nick),
- dbesc($a->user['nickname']),
- dbesc(NETWORK_DFRN)
+ // We need to find out if $contact_nick is a user on this hub, and if so, if I
+ // am a contact of that user. However, that user may have other contacts with the
+ // same nickname as me on other hubs or other networks. Exclude these by requiring
+ // that the contact have a local URL. I will be the only person with my nickname at
+ // this URL, so if a result is found, then I am a contact of the $contact_nick user.
+ //
+ // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending.
+
+ $baseurl = App::get_baseurl();
+ $domain_st = strpos($baseurl, "://");
+ if($domain_st === false)
+ return;
+ $baseurl = substr($baseurl, $domain_st + 3);
+ $nurl = normalise_link($baseurl);
+
+ /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
+ $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
+ AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
+ dbesc($contact_nick),
+ dbesc($a->user['nickname']),
+ dbesc($baseurl),
+ dbesc($nurl)