more (somewhat minor) but important cleanup for mod_photos so visitors with the correct permissions to add photos can also remove them

mod/photos.php

@@ -157,23 +157,20 @@ function photos_post(&$a) {
 	}
 
 	if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) {
-// FIXME
+
 		// same as above but remove single photo
 
-		if($visitor) {
+		$ob_hash = get_observer_hash();
-			$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource_id` = '%s' LIMIT 1",
+		if(! $ob_hash)
-				intval($visitor),
+			goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
-				intval($page_owner_uid),
+
-				dbesc($a->argv[2])
+		$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1",
-			);
+			dbesc($ob_hash),
-		}
+			intval(local_user()),
-		else {
+			dbesc($a->argv[2])
-			$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' LIMIT 1",
+		);
-				intval(local_user()),
+
-				dbesc($a->argv[2])
+		if($r) {
-			);
-		}
-		if(count($r)) {
 			q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
 				intval($page_owner_uid),
 				dbesc($r[0]['resource_id'])
@@ -200,7 +197,6 @@ function photos_post(&$a) {
 		}
 
 		goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
-		return; // NOTREACHED
 	}
 
 	if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) {