diff options
| author | friendica <info@friendica.com> | 2013-12-02 19:06:54 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-12-02 19:06:54 -0800 |
| commit | 645e897852c1e9b95923ba5a2faf07f63a49d537 (patch) | |
| tree | 136db4ae2c195b6d96cd0d6a372ff0a423bf74a7 | |
| parent | e0f4a76856bc891f7195ba0044518c24fbfac5a9 (diff) | |
| download | volse-hubzilla-645e897852c1e9b95923ba5a2faf07f63a49d537.tar.gz volse-hubzilla-645e897852c1e9b95923ba5a2faf07f63a49d537.tar.bz2 volse-hubzilla-645e897852c1e9b95923ba5a2faf07f63a49d537.zip | |
more work on magic-auth
| -rw-r--r-- | mod/magic.php | 4 | ||||
| -rw-r--r-- | mod/post.php | 17 |
2 files changed, 17 insertions, 4 deletions
diff --git a/mod/magic.php b/mod/magic.php index 29d16eec5..a268f1ecb 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -20,7 +20,7 @@ function magic_init(&$a) { $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); - $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1" + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", dbesc($basepath) ); @@ -37,7 +37,7 @@ function magic_init(&$a) { // Now try again - $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1" + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", dbesc($basepath) ); } diff --git a/mod/post.php b/mod/post.php index a0628bbfa..a7143aaf1 100644 --- a/mod/post.php +++ b/mod/post.php @@ -28,7 +28,7 @@ function post_init(&$a) { * ** auth => the urlencoded webbie (channel@host.domain) of the channel requesting access ** dest => the desired destination URL (urlencoded) - ** sec => a random string which is also stored on the remote site for use during the verification phase. + ** sec => a random string which is also stored on $mysite for use during the verification phase. ** version => the zot revision * * When this packet is received, an "auth-check" zot message is sent to $mysite. @@ -36,7 +36,7 @@ function post_init(&$a) { * If no information has been recorded about the requesting identity a zot information packet will be retrieved before * continuing. * - * The sender of this packet is a random site user. The recipients will be a single recipient corresponding + * The sender of this packet is a random site channel. The recipients will be a single recipient corresponding * to the guid and guid_sig we have associated with the requesting auth identity * * @@ -578,6 +578,19 @@ function post_post(&$a) { if($msgtype === 'auth_check') { + /** + * Requestor visits /magic/?dest=somewhere on their own site with a browser + * magic redirects them to $destsite/post [with auth args....] + * $destsite sends an auth_check packet to originator site + * The auth_check packet is handled here by the originator's site + * - the browser session is still waiting + * inside $destsite/post for everything to verify + * If everything checks out we'll return a token to $destsite + * and then $destsite will verify the token, authenticate the browser + * session and then redirect to the original destination. + * If authentication fails, the redirection to the original destination + * will still take place but without authentication. + */ logger('mod_zot: auth_check', LOGGER_DEBUG); if(! $encrypted_packet) { |