diff --git a/mod/network.php b/mod/network.php index 2d385a1dda..c5961dfadf 100644 --- a/mod/network.php +++ b/mod/network.php @@ -38,7 +38,7 @@ function network_content(&$a, $update = false) { '$baseurl' => $a->get_baseurl(), '$visitor' => 'block', '$lockstate' => 'unlock', - '$acl' => populate_acl(), + '$acl' => populate_acl($a->user), '$profile_uid' => $_SESSION['uid'] )); diff --git a/mod/photos.php b/mod/photos.php index 82f3c13ecc..e680bc5a2f 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -323,7 +323,7 @@ function photos_content(&$a) { '$filestext' => t('Select files to upload: '), '$albumselect' => $albumselect, '$permissions' => t('Permissions'), - '$aclselect' => populate_acl(), + '$aclselect' => populate_acl($a->user), '$archive' => $a->get_baseurl() . '/jumploader_z.jar', '$nojava' => t('Use the following controls only if the Java uploader (above) fails to launch.'), '$uploadurl' => $a->get_baseurl() . '/photos', diff --git a/mod/profile.php b/mod/profile.php index c8cfc4eddd..9d9eb05b6b 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -123,13 +123,16 @@ function profile_content(&$a, $update = false) { require_once('view/acl_selectors.php'); $tpl = file_get_contents("view/jot.tpl"); - + if(is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid'])))) + $lockstate = 'lock'; + else + $lockstate = 'unlock'; $o .= replace_macros($tpl,array( '$baseurl' => $a->get_baseurl(), '$return_path' => $a->cmd, '$visitor' => (($_SESSION['uid'] == $a->profile['profile_uid']) ? 'block' : 'none'), - '$lockstate' => 'unlock', - '$acl' => (($_SESSION['uid'] == $a->profile['profile_uid']) ? populate_acl() : ''), + '$lockstate' => $lockstate, + '$acl' => (($_SESSION['uid'] == $a->profile['profile_uid']) ? populate_acl($a->user) : ''), '$profile_uid' => $a->profile['profile_uid'] )); } diff --git a/mod/settings.php b/mod/settings.php index 98f86c92f7..252e0efe32 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -15,12 +15,13 @@ function settings_init(&$a) { function settings_post(&$a) { + if(! local_user()) { - notice( "Permission denied." . EOL); + notice( t('Permission denied.') . EOL); return; } if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) { - $_SESSION['sysmsg'] .= "Permission denied." . EOL; + notice( t('Permission denied.') . EOL); return; } if((x($_POST,'password')) || (x($_POST,'confirm'))) { @@ -30,12 +31,12 @@ function settings_post(&$a) { $err = false; if($newpass != $confirm ) { - $_SESSION['sysmsg'] .= "Passwords do not match. Password unchanged." . EOL; + notice( t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if((! x($newpass)) || (! x($confirm))) { - $_SESSION['sysmsg'] .= "Empty passwords are not allowed. Password unchanged." . EOL; + notice( t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } @@ -45,9 +46,9 @@ function settings_post(&$a) { dbesc($password), intval($_SESSION['uid'])); if($r) - $_SESSION['sysmsg'] .= "Password changed." . EOL; + notice( t('Password changed.') . EOL); else - $_SESSION['sysmsg'] .= "Password update failed. Please try again." . EOL; + notice( t('Password update failed. Please try again.') . EOL); } } @@ -63,24 +64,24 @@ function settings_post(&$a) { if($username != $a->user['username']) { $username_changed = true; if(strlen($username) > 40) - $err .= " Please use a shorter name."; + $err .= t(' Please use a shorter name.'); if(strlen($username) < 3) - $err .= " Name too short."; + $err .= t(' Name too short.'); } if($email != $a->user['email']) { $email_changed = true; if(!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,6}',$email)) - $err .= " Not valid email."; + $err .= t(' Not valid email.'); $r = q("SELECT `uid` FROM `user` WHERE `email` = '%s' LIMIT 1", dbesc($email) ); if($r !== NULL && count($r)) - $err .= " This email address is already registered." . EOL; + $err .= t(' This email address is already registered.'); } if(strlen($err)) { - $_SESSION['sysmsg'] .= $err . EOL; + notice($err . EOL); return; } if($timezone != $a->user['timezone']) { @@ -88,15 +89,50 @@ function settings_post(&$a) { if(strlen($timezone)) date_default_timezone_set($timezone); } - if($email_changed || $username_changed || $zone_changed ) { - $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `timezone` = '%s' WHERE `uid` = %d LIMIT 1", + + $str_group_allow = ''; + $group_allow = $_POST['group_allow']; + if(is_array($group_allow)) { + array_walk($group_allow,'sanitise_acl'); + $str_group_allow = implode('',$group_allow); + } + + $str_contact_allow = ''; + $contact_allow = $_POST['contact_allow']; + if(is_array($contact_allow)) { + array_walk($contact_allow,'sanitise_acl'); + $str_contact_allow = implode('',$contact_allow); + } + + $str_group_deny = ''; + $group_deny = $_POST['group_deny']; + if(is_array($group_deny)) { + array_walk($group_deny,'sanitise_acl'); + $str_group_deny = implode('',$group_deny); + } + + $str_contact_deny = ''; + $contact_deny = $_POST['contact_deny']; + if(is_array($contact_deny)) { + array_walk($contact_deny,'sanitise_acl'); + $str_contact_deny = implode('',$contact_deny); + } + + + + $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($timezone), - intval($_SESSION['uid'])); - if($r) - $_SESSION['sysmsg'] .= "Settings updated." . EOL; - } + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($_SESSION['uid']) + ); + if($r) + notice( t('Settings updated.') . EOL); + if($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout @@ -161,7 +197,8 @@ function settings_content(&$a) { '$nickname_block' => $nickname_block, '$timezone' => $timezone, '$zoneselect' => select_timezone($timezone), - '$acl_select' => populate_acl() + '$permissions' => t('Default Post Permissions'), + '$aclselect' => populate_acl($a->user) )); return $o; diff --git a/view/acl_selectors.php b/view/acl_selectors.php index 0ffdc8ab38..71c2447218 100644 --- a/view/acl_selectors.php +++ b/view/acl_selectors.php @@ -69,8 +69,28 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p return $o; } +function fixacl(&$item) { + $item = intval(str_replace(array('<','>'),array('',''),$item)); +} -function populate_acl() { +function populate_acl($user = null) { + + $allow_cid = $allow_gid = $deny_cid = $deny_gid = false; + + if(is_array($user)) { + $allow_cid = ((strlen($user['allow_cid'])) + ? explode('><', $user['allow_cid']) : array() ); + $allow_gid = ((strlen($user['allow_gid'])) + ? explode('><', $user['allow_gid']) : array() ); + $deny_cid = ((strlen($user['deny_cid'])) + ? explode('><', $user['deny_cid']) : array() ); + $deny_gid = ((strlen($user['deny_gid'])) + ? explode('><', $user['deny_gid']) : array() ); + array_walk($allow_cid,'fixacl'); + array_walk($allow_gid,'fixacl'); + array_walk($deny_cid,'fixacl'); + array_walk($deny_gid,'fixacl'); + } $o = ''; $o .= '
Leave password fields blank unless changing @@ -41,6 +55,10 @@ Leave password fields blank unless changing
+ + + +