X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsecurity.php;h=9f160e7884cbada1f9691d362eb936604ba491f9;hb=68e0324c1b50b18f78a754553d487cc20b8de6b1;hp=d92f48a084e6fd226f091d98252fb75727bb25e6;hpb=5c3bce30d65ad219030a84e57f3336cc69f21ead;p=friendica.git

diff --git a/include/security.php b/include/security.php
index d92f48a084..9f160e7884 100644
--- a/include/security.php
+++ b/include/security.php
@@ -46,7 +46,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 			$master_record = $r[0];
 	}
 
-	$r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s'",
+	$r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s' AND `account_removed` = 0 ",
 		dbesc($master_record['password']),
 		dbesc($master_record['email'])
 	);
@@ -56,8 +56,8 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 		$a->identities = array();
 
 	$r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` 
-		from manage left join user on manage.mid = user.uid 
-		where `manage`.`uid` = %d",
+		from manage left join user on manage.mid = user.uid where `user`.`account_removed` = 0
+		and `manage`.`uid` = %d",
 		intval($master_record['uid'])
 	);
 	if($r && count($r))
@@ -266,14 +266,8 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 	 * Profile owner - everything is visible
 	 */
 
-	if($local_user) {
-		if($local_user == $owner_id) {
-			$sql = '';
-		}
-		else {
-			/* logged in user can see hidden walls and feeds that are blocked to unknown users (private == 2) */
-			$sql = " AND private != 1 "; 
-		}
+	if($local_user && ($local_user == $owner_id)) {
+		$sql = '';
 	}
 
 	/**
@@ -306,7 +300,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 			} 
 
 			$sql = sprintf(
-				" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
+				/*" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
 				  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
 				  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
 				  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s'))) 
@@ -315,6 +309,15 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 				intval($remote_user),
 				dbesc($gs),
 				dbesc($gs)
+*/
+				" AND ( private = 0 OR ( private in (1,2) AND wall = 1
+				  AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
+				  AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '')))))
+				",
+				intval($remote_user),
+				dbesc($gs),
+				intval($remote_user),
+				dbesc($gs)
 			);
 		}
 	}