Merge pull request #514 from hmeine/master

[friendica.git] / include / security.php

diff --git a/include/security.php b/include/security.php
index 4621148cd921d0094f9f2a5046defa6e15bf0ffe..2f779f54b97a08179f8dd25e1957327c2291fd28 100644 (file)
--- a/include/security.php
+++ b/include/security.php
@@ -6,6 +6,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 
        $_SESSION['uid'] = $user_record['uid'];
        $_SESSION['theme'] = $user_record['theme'];
+       $_SESSION['mobile-theme'] = get_pconfig($user_record['uid'], 'system', 'mobile_theme');
        $_SESSION['authenticated'] = 1;
        $_SESSION['page_flags'] = $user_record['page-flags'];
        $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $user_record['nickname'];
@@ -213,7 +214,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
                                        $gs .= '|<' . intval($g) . '>';
                        } 
 
-                       $sql = sprintf(
+                       /*$sql = sprintf(
                                " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
                                  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
                                  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
@@ -223,6 +224,16 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
                                intval($remote_user),
                                dbesc($gs),
                                dbesc($gs)
+                       );*/
+                       $sql = sprintf(
+                               " AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
+                                 AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+                                 )
+                               ",
+                               intval($remote_user),
+                               dbesc($gs),
+                               intval($remote_user),
+                               dbesc($gs)
                        );
                }
        }