Diabook - move pause icon.

[friendica.git] / include / security.php

diff --git a/include/security.php b/include/security.php
index 10bb692bbb2dfff5624c0851413c13ee86682a3a..56d4cad36fa529eb821b48692e1cb9aceef5f478 100644 (file)
--- a/include/security.php
+++ b/include/security.php
@@ -1,6 +1,6 @@
 <?php
 
-function authenticate_success($user_record, $login_initial = false, $interactive = false) {
+function authenticate_success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) {
 
        $a = get_app();
 
@@ -65,6 +65,8 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 
        if($login_initial)
                logger('auth_identities: ' . print_r($a->identities,true), LOGGER_DEBUG);
+       if($login_refresh)
+               logger('auth_identities refresh: ' . print_r($a->identities,true), LOGGER_DEBUG);
 
        $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
                intval($_SESSION['uid']));
@@ -76,7 +78,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 
        header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"');
 
-       if($login_initial) {
+       if($login_initial || $login_refresh) {
                $l = get_browser_language();
 
                q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d LIMIT 1",
@@ -84,7 +86,8 @@ function authenticate_success($user_record, $login_initial = false, $interactive
                        dbesc($l),
                        intval($_SESSION['uid'])
                );
-
+       }
+       if($login_initial) {
                call_hooks('logged_in', $a->user);
 
                if(($a->module !== 'home') && isset($_SESSION['return_url']))
@@ -214,7 +217,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
                                        $gs .= '|<' . intval($g) . '>';
                        } 
 
-                       $sql = sprintf(
+                       /*$sql = sprintf(
                                " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
                                  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
                                  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
@@ -224,6 +227,16 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
                                intval($remote_user),
                                dbesc($gs),
                                dbesc($gs)
+                       );*/
+                       $sql = sprintf(
+                               " AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
+                                 AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+                                 )
+                               ",
+                               intval($remote_user),
+                               dbesc($gs),
+                               intval($remote_user),
+                               dbesc($gs)
                        );
                }
        }
@@ -361,3 +374,23 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
                killme();
        }
 }
+
+// Returns an array of group id's this contact is a member of.
+// This array will only contain group id's related to the uid of this
+// DFRN contact. They are *not* neccessarily unique across the entire site. 
+
+
+if(! function_exists('init_groups_visitor')) {
+function init_groups_visitor($contact_id) {
+       $groups = array();
+       $r = q("SELECT `gid` FROM `group_member` 
+               WHERE `contact-id` = %d ",
+               intval($contact_id)
+       );
+       if(count($r)) {
+               foreach($r as $rr)
+                       $groups[] = $rr['gid'];
+       }
+       return $groups;
+}}
+