summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorspiderr <spider@viovio.com>2014-02-05 14:01:55 -0500
committerspiderr <spider@viovio.com>2014-02-05 14:01:55 -0500
commit2454f3743a7446b63b43f5c632957d3b44998861 (patch)
tree83db82447969c7dc28a04ac71d2969eddcab59e3
parent9dd71cd347a6e6267c7ff04901cf54bb06098348 (diff)
parentb4685356007d18f4cfe5fd57eb7a32f5ecdbad72 (diff)
downloadusers-2454f3743a7446b63b43f5c632957d3b44998861.tar.gz
users-2454f3743a7446b63b43f5c632957d3b44998861.tar.bz2
users-2454f3743a7446b63b43f5c632957d3b44998861.zip
change code to HTTP_UNAUTHORIZED
-rw-r--r--BitUser.php5
-rw-r--r--lookup_user_inc.php1
2 files changed, 5 insertions, 1 deletions
diff --git a/BitUser.php b/BitUser.php
index 177786b..9a38c0a 100644
--- a/BitUser.php
+++ b/BitUser.php
@@ -2373,8 +2373,11 @@ class BitUser extends LibertyMime {
// this won't work right now, we need to alter userslib::interpret_home() to interpret a real name
$iHomepage = $pHash['real_name'];
}
+ if( empty( $pHash['users_information'] ) ) {
+ $pHash['users_information'] = $gBitSystem->mDb->getOne( "SELECT pref_value FROM liberty_content_prefs lcp INNER JOIN users_users uu ON (lcp.content_id=uu.content_id) WHERE uu.login=? AND pref_name='users_information'", array( $pHash['login'] ), 1, NULL, 86400 );
+ }
- if( $pUseLink && $gBitUser->hasPermission( 'p_users_view_user_homepage' )) {
+ if( $pUseLink && $gBitUser->hasPermission( 'p_users_view_user_homepage' ) && (empty( $pHash['users_information'] ) || $pHash['users_information'] == 'public') ) {
$ret = '<a class="username" title="'.( !empty( $pHash['link_title'] ) ? $pHash['link_title'] : tra( 'Profile for' ).' '.htmlspecialchars( $displayName ))
.'" href="'.BitUser::getDisplayUrlFromHash( $pHash ).'">'
. htmlspecialchars( isset( $pHash['link_label'] ) ? $pHash['link_label'] : $displayName )
diff --git a/lookup_user_inc.php b/lookup_user_inc.php
index a9dfe83..a774f13 100644
--- a/lookup_user_inc.php
+++ b/lookup_user_inc.php
@@ -39,6 +39,7 @@ if( isset( $_REQUEST['home'] )) {
if( !$gBitUser->hasPermission( 'p_users_admin' ) ) {
if( $gQueryUser->mUserId != $gBitUser->mUserId && $gQueryUser->getPreference( 'users_information' ) == 'private' ) {
// don't spit error for SEO reasons
+ $gBitSmarty->assign( 'metaNoIndex', TRUE );
$gBitSystem->fatalError( tra( "This information is private" ) , NULL, NULL, HttpStatusCodes::HTTP_UNAUTHORIZED );
}
}