From 4cd8233f61647d805383f5786052ef034cebf4e1 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 4 Sep 2012 22:50:28 -0700 Subject: [PATCH] remote_user can now support multiple contacts being logged in at once --- boot.php | 38 +++++++++++++--- include/contact_widgets.php | 13 ++++-- include/conversation.php | 11 ++++- include/items.php | 14 +++++- include/security.php | 16 ++++++- mod/dfrn_poll.php | 8 ++++ mod/display.php | 14 +++++- mod/item.php | 17 ++++++-- mod/photos.php | 86 ++++++++++++++++++++++++++----------- mod/profile.php | 14 +++++- mod/tagger.php | 14 ++---- mod/wall_attach.php | 27 ++++++++---- mod/wall_upload.php | 27 ++++++++---- 13 files changed, 226 insertions(+), 73 deletions(-) diff --git a/boot.php b/boot.php index 03999e31ac..bb58d28086 100644 --- a/boot.php +++ b/boot.php @@ -1025,11 +1025,29 @@ if(! function_exists('get_max_import_size')) { if(! function_exists('profile_load')) { function profile_load(&$a, $nickname, $profile = 0) { - if(remote_user()) { - $r = q("SELECT `profile-id` FROM `contact` WHERE `id` = %d LIMIT 1", - intval($_SESSION['visitor_id'])); - if(count($r)) - $profile = $r[0]['profile-id']; + + $user = q("select uid from user where nickname = '%s' limit 1", + dbesc($nickname) + ); + + if(! ($user && count($user))) { + logger('profile error: ' . $a->query_string, LOGGER_DEBUG); + notice( t('Requested account is not available.') . EOL ); + $a->error = 404; + return; + } + + if(remote_user() && count($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['uid'] == $user[0]['uid']) { + $r = q("SELECT `profile-id` FROM `contact` WHERE `id` = %d LIMIT 1", + intval($visitor['cid']) + ); + if(count($r)) + $profile = $r[0]['profile-id']; + break; + } + } } $r = null; @@ -1144,8 +1162,14 @@ if(! function_exists('profile_sidebar')) { // don't show connect link to authenticated visitors either - if((remote_user()) && ($_SESSION['visitor_visiting'] == $profile['uid'])) - $connect = False; + if(remote_user() && count($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['uid'] == $profile['uid']) { + $connect = false; + break; + } + } + } if(get_my_url() && $profile['unkmail']) $wallmessage = t('Message'); diff --git a/include/contact_widgets.php b/include/contact_widgets.php index ce1cdbad55..ea71b3b707 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -142,9 +142,16 @@ function common_friends_visitor_widget($profile_uid) { $cid = $zcid = 0; - if(can_write_wall($a,$profile_uid)) - $cid = remote_user(); - else { + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['uid'] == $profile_uid) { + $cid = $visitor['cid']; + break; + } + } + } + + if(! $cid) { if(get_my_url()) { $r = q("select id from contact where nurl = '%s' and uid = %d limit 1", dbesc(normalise_link(get_my_url())), diff --git a/include/conversation.php b/include/conversation.php index 1fc0642856..13dfeeadd6 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -411,8 +411,17 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $edpost = array($a->get_baseurl($ssl_state)."/editpost/".$item['id'], t("Edit")); else $edpost = false; - if((intval($item['contact-id']) && $item['contact-id'] == remote_user()) || ($item['uid'] == local_user())) + + if($item['uid'] == local_user()) $dropping = true; + elseif(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['cid'] == $item['contact-id']) { + $dropping = true; + break; + } + } + } $drop = array( 'dropping' => $dropping, diff --git a/include/items.php b/include/items.php index 8de6f7cc8e..8039066af4 100755 --- a/include/items.php +++ b/include/items.php @@ -3702,9 +3702,21 @@ function drop_item($id,$interactive = true) { $owner = $item['uid']; + $cid = 0; + // check if logged in user is either the author or owner of this item - if((local_user() == $item['uid']) || (remote_user() == $item['contact-id']) || (! $interactive)) { + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) { + $cid = $visitor['cid']; + break; + } + } + } + + + if((local_user() == $item['uid']) || ($cid) || (! $interactive)) { logger('delete item: ' . $item['id'], LOGGER_DEBUG); // delete the item diff --git a/include/security.php b/include/security.php index af201d2af1..4621148cd9 100644 --- a/include/security.php +++ b/include/security.php @@ -120,12 +120,26 @@ function can_write_wall(&$a,$owner) { elseif($verified === 1) return false; else { + $cid = 0; + + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['uid'] == $owner) { + $cid = $visitor['cid']; + break; + } + } + } + + if(! $cid) + return false; + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", intval($owner), - intval(remote_user()), + intval($cid), intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), intval(PAGE_COMMUNITY) diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index f3c1454102..0d703dfb31 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -87,6 +87,11 @@ function dfrn_poll_init(&$a) { if((int) $xml->status == 1) { $_SESSION['authenticated'] = 1; + if(! x($_SESSION,'remote')) + $_SESSION['remote'] = array(); + + $_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']); + $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_handle'] = $r[0]['addr']; @@ -516,6 +521,9 @@ function dfrn_poll_content(&$a) { if(((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) { $_SESSION['authenticated'] = 1; + if(! x($_SESSION,'remote')) + $_SESSION['remote'] = array(); + $_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']); $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_visiting'] = $r[0]['uid']; diff --git a/mod/display.php b/mod/display.php index afa61ef026..64df4cc6a9 100644 --- a/mod/display.php +++ b/mod/display.php @@ -35,8 +35,18 @@ function display_content(&$a) { $contact = null; $remote_contact = false; - if(remote_user()) { - $contact_id = $_SESSION['visitor_id']; + $contact_id = 0; + + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $v) { + if($v['uid'] == $a->profile['uid']) { + $contact_id = $v['cid']; + break; + } + } + } + + if($contact_id) { $groups = init_groups_visitor($contact_id); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), diff --git a/mod/item.php b/mod/item.php index 6c1c06f99a..e3230c8643 100644 --- a/mod/item.php +++ b/mod/item.php @@ -306,6 +306,7 @@ function item_post(&$a) { $author = null; $self = false; + $contact_id = 0; if((local_user()) && (local_user() == $profile_uid)) { $self = true; @@ -314,9 +315,19 @@ function item_post(&$a) { ); } elseif(remote_user()) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval(remote_user()) - ); + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $v) { + if($v['uid'] == $profile_uid) { + $contact_id = $v['cid']; + break; + } + } + } + if($contact_id) { + $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", + intval($contact_id) + ); + } } if(count($r)) { diff --git a/mod/photos.php b/mod/photos.php index fa2ddb3477..cf924f399d 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -101,13 +101,25 @@ function photos_post(&$a) { $can_post = true; else { if($community_page && remote_user()) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval(remote_user()), - intval($page_owner_uid) - ); - if(count($r)) { - $can_post = true; - $visitor = remote_user(); + $cid = 0; + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $v) { + if($v['uid'] == $page_owner_uid) { + $cid = $v['cid']; + break; + } + } + } + if($cid) { + + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($cid), + intval($page_owner_uid) + ); + if(count($r)) { + $can_post = true; + $visitor = $cid; + } } } } @@ -871,6 +883,7 @@ function photos_content(&$a) { $visitor = 0; $contact = null; $remote_contact = false; + $contact_id = 0; $owner_uid = $a->data['user']['uid']; @@ -880,15 +893,26 @@ function photos_content(&$a) { $can_post = true; else { if($community_page && remote_user()) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval(remote_user()), - intval($owner_uid) - ); - if(count($r)) { - $can_post = true; - $contact = $r[0]; - $remote_contact = true; - $visitor = remote_user(); + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $v) { + if($v['uid'] == $owner_uid) { + $contact_id = $v['cid']; + break; + } + } + } + if($contact_id) { + + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($owner_uid) + ); + if(count($r)) { + $can_post = true; + $contact = $r[0]; + $remote_contact = true; + $visitor = $cid; + } } } } @@ -896,15 +920,25 @@ function photos_content(&$a) { // perhaps they're visiting - but not a community page, so they wouldn't have write access if(remote_user() && (! $visitor)) { - $contact_id = $_SESSION['visitor_id']; - $groups = init_groups_visitor($contact_id); - $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval(remote_user()), - intval($owner_uid) - ); - if(count($r)) { - $contact = $r[0]; - $remote_contact = true; + $contact_id = 0; + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $v) { + if($v['uid'] == $owner_uid) { + $contact_id = $v['cid']; + break; + } + } + } + if($contact_id) { + $groups = init_groups_visitor($contact_id); + $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($owner_uid) + ); + if(count($r)) { + $contact = $r[0]; + $remote_contact = true; + } } } @@ -1422,7 +1456,7 @@ function photos_content(&$a) { $drop = ''; - if(($item['contact-id'] == remote_user()) || ($item['uid'] == local_user())) + if(($item['contact-id'] == $contact_id) || ($item['uid'] == local_user())) $drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete'))); diff --git a/mod/profile.php b/mod/profile.php index 24cadef3b2..a4dce79180 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -116,8 +116,18 @@ function profile_content(&$a, $update = 0) { $contact = null; $remote_contact = false; - if(remote_user()) { - $contact_id = $_SESSION['visitor_id']; + $contact_id = 0; + + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $v) { + if($v['uid'] == $a->profile['profile_uid']) { + $contact_id = $v['cid']; + break; + } + } + } + + if($contact_id) { $groups = init_groups_visitor($contact_id); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), diff --git a/mod/tagger.php b/mod/tagger.php index 6212e2b9b3..6ae0cebf71 100644 --- a/mod/tagger.php +++ b/mod/tagger.php @@ -47,17 +47,9 @@ function tagger_content(&$a) { if(local_user() != $owner_uid) return; - if(remote_user()) { - $r = q("select * from contact where id = %d AND `uid` = %d limit 1", - intval(remote_user()), - intval($item['uid']) - ); - } - else { - $r = q("select * from contact where self = 1 and uid = %d limit 1", - intval(local_user()) - ); - } + $r = q("select * from contact where self = 1 and uid = %d limit 1", + intval(local_user()) + ); if(count($r)) $contact = $r[0]; else { diff --git a/mod/wall_attach.php b/mod/wall_attach.php index f179b3ca50..c23efc7869 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -29,17 +29,28 @@ function wall_attach_post(&$a) { $can_post = true; else { if($community_page && remote_user()) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval(remote_user()), - intval($page_owner_uid) - ); - if(count($r)) { - $can_post = true; - $visitor = remote_user(); + $cid = 0; + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $v) { + if($v['uid'] == $page_owner_uid) { + $cid = $v['cid']; + break; + } + } + } + if($cid) { + + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($cid), + intval($page_owner_uid) + ); + if(count($r)) { + $can_post = true; + $visitor = $cid; + } } } } - if(! $can_post) { notice( t('Permission denied.') . EOL ); killme(); diff --git a/mod/wall_upload.php b/mod/wall_upload.php index 07d97d17a9..ee1bf3c14c 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -37,14 +37,25 @@ function wall_upload_post(&$a) { $can_post = true; else { if($community_page && remote_user()) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval(remote_user()), - intval($page_owner_uid) - ); - if(count($r)) { - $can_post = true; - $visitor = remote_user(); - $default_cid = $visitor; + $cid = 0; + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $v) { + if($v['uid'] == $page_owner_uid) { + $cid = $v['cid']; + break; + } + } + } + if($cid) { + + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($cid), + intval($page_owner_uid) + ); + if(count($r)) { + $can_post = true; + $visitor = $cid; + } } } }