aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-02-18 20:59:25 -0800
committerfriendica <info@friendica.com>2014-02-18 20:59:25 -0800
commit24d119b8c4e94ed130577e4e4a8d17ea13c406ac (patch)
tree96327bd990038c66f0e644c505522cb424a1bbd0
parent6ac81c936077caa7167ddc3a2eb3c1022826d5d9 (diff)
downloadvolse-hubzilla-24d119b8c4e94ed130577e4e4a8d17ea13c406ac.tar.gz
volse-hubzilla-24d119b8c4e94ed130577e4e4a8d17ea13c406ac.tar.bz2
volse-hubzilla-24d119b8c4e94ed130577e4e4a8d17ea13c406ac.zip
introduce a new privacy level "PERMS_AUTHED" to indicate somebody that is able to successfully authenticate (but is not necessarily in this network).
-rwxr-xr-xboot.php1
-rw-r--r--include/auth.php2
-rw-r--r--include/permissions.php8
-rw-r--r--mod/openid.php68
-rw-r--r--mod/settings.php3
-rw-r--r--view/js/mod_settings.js24
6 files changed, 84 insertions, 22 deletions
diff --git a/boot.php b/boot.php
index b875014bd..1d8ec2143 100755
--- a/boot.php
+++ b/boot.php
@@ -279,6 +279,7 @@ define ( 'PERMS_NETWORK' , 0x0002 );
define ( 'PERMS_SITE' , 0x0004 );
define ( 'PERMS_CONTACTS' , 0x0008 );
define ( 'PERMS_SPECIFIC' , 0x0080 );
+define ( 'PERMS_AUTHED' , 0x0100 );
// Address book flags
diff --git a/include/auth.php b/include/auth.php
index 425715014..a3b028c73 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -93,7 +93,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
}
}
- $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1",
+ $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1",
dbesc($_SESSION['visitor_id'])
);
if($r) {
diff --git a/include/permissions.php b/include/permissions.php
index 0cbb5b984..eb1a7966f 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -88,6 +88,11 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
// These take priority over all other settings.
if($observer_xchan) {
+ if($r[0][$channel_perm] & PERMS_AUTHED) {
+ $ret[$perm_name] = true;
+ continue;
+ }
+
if(! $abook_checked) {
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
@@ -240,6 +245,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return false;
if($observer_xchan) {
+ if($r[0][$channel_perm] & PERMS_AUTHED)
+ return true;
+
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
intval($uid),
diff --git a/mod/openid.php b/mod/openid.php
index e1c71f9ee..1ab8749ee 100644
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -76,10 +76,11 @@ function openid_content(&$a) {
// no xchan...
// create one.
- // We should probably probe the openid url.
+ // We should probably probe the openid url and figure out if they have any kind of social presence we might be able to
+ // scrape some identifying info from.
$name = $authid;
- $url = $_REQUEST['openid_identity'];
+ $url = trim($_REQUEST['openid_identity'],'/');
if(strpos($url,'http') === false)
$url = 'https://' . $url;
$pphoto = get_default_profile_photo();
@@ -115,19 +116,70 @@ function openid_content(&$a) {
require_once('library/urlify/URLify.php');
$x = strtolower(URLify::transliterate($nick));
- if(! $addr)
+ if($nick & $host)
$addr = $nick . '@' . $host;
$network = 'unknown';
if($photosq)
$pphoto = $photosq;
- elseif($photo)
- $pphoto = $photo;
+ elseif($photo_other)
+ $pphoto = $photo_other;
+
+ $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,
+ xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date,
+ xchan_name_date, xchan_flags)
+ values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d) ",
+ dbesc($url),
+ dbesc(''),
+ dbesc(''),
+ dbesc(''),
+ dbesc('image/jpeg'),
+ dbesc($pphoto),
+ dbesc($addr),
+ dbesc($url),
+ dbesc(''),
+ dbesc(''),
+ dbesc(''),
+ dbesc($name),
+ dbesc($network),
+ dbesc(datetime_convert()),
+ dbesc(datetime_convert()),
+ intval(XCHAN_FLAGS_HIDDEN)
+ );
+ if($x) {
+ $r = q("select * from xchan where xchan_hash = '%s' limit 1",
+ dbesc($url)
+ );
+ if($r) {
+
+ $photos = import_profile_photo($pphoto,$url);
+ if($photos) {
+ $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s',
+ xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1",
+ dbesc(datetime_convert()),
+ dbesc($photos[0]),
+ dbesc($photos[1]),
+ dbesc($photos[2]),
+ dbesc($photos[3]),
+ dbesc($url)
+ );
+ }
- // add the xchan record and xconfig for the openid
+ set_xconfig($url,'system','openid',$authid);
+ $_SESSION['authenticated'] = 1;
+ $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
+ $_SESSION['my_address'] = $r[0]['xchan_addr'];
+ $arr = array('xchan' => $r[0], 'session' => $_SESSION);
+ call_hooks('magic_auth_openid_success',$arr);
+ $a->set_observer($r[0]);
+ info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name']));
+ logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
+ if($_SESSION['return_url'])
+ goaway($_SESSION['return_url']);
+ goaway(z_root());
+ }
+ }
- // NOTREACHED
- // actually it is reached until the other bits get written
}
}
notice( t('Login failed.') . EOL);
diff --git a/mod/settings.php b/mod/settings.php
index 97965d0fd..5b0a8e8f2 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -798,6 +798,7 @@ function settings_content(&$a) {
array( t('Anybody in your address book'), PERMS_CONTACTS),
array( t('Anybody on this website'), PERMS_SITE),
array( t('Anybody in this network'), PERMS_NETWORK),
+ array( t('Anybody authenticated'), PERMS_AUTHED),
array( t('Anybody on the internet'), PERMS_PUBLIC)
);
@@ -979,7 +980,7 @@ function settings_content(&$a) {
'$h_descadvn' => t('Change the behaviour of this account for special situations'),
'$pagetype' => $pagetype,
'$expert' => feature_enabled(local_user(),'expert'),
- '$hint' => t('Please enable expert mode (in Settings > Additional features) to adjust!'),
+ '$hint' => t('Please enable expert mode (in <a href="settings/features">Settings > Additional features</a>) to adjust!'),
));
diff --git a/view/js/mod_settings.js b/view/js/mod_settings.js
index 16101db57..8cd062f43 100644
--- a/view/js/mod_settings.js
+++ b/view/js/mod_settings.js
@@ -72,12 +72,12 @@ function channel_privacy_macro(n) {
$('#id_profile_in_directory').val(0);
}
if(n == 2) {
- $('#id_view_stream option').eq(5).attr('selected','selected');
- $('#id_view_profile option').eq(5).attr('selected','selected');
- $('#id_view_photos option').eq(5).attr('selected','selected');
- $('#id_view_contacts option').eq(5).attr('selected','selected');
- $('#id_view_storage option').eq(5).attr('selected','selected');
- $('#id_view_pages option').eq(5).attr('selected','selected');
+ $('#id_view_stream option').eq(6).attr('selected','selected');
+ $('#id_view_profile option').eq(6).attr('selected','selected');
+ $('#id_view_photos option').eq(6).attr('selected','selected');
+ $('#id_view_contacts option').eq(6).attr('selected','selected');
+ $('#id_view_storage option').eq(6).attr('selected','selected');
+ $('#id_view_pages option').eq(6).attr('selected','selected');
$('#id_send_stream option').eq(2).attr('selected','selected');
$('#id_post_wall option').eq(1).attr('selected','selected');
$('#id_post_comments option').eq(2).attr('selected','selected');
@@ -95,12 +95,12 @@ function channel_privacy_macro(n) {
$('#id_profile_in_directory').val(1);
}
if(n == 3) {
- $('#id_view_stream option').eq(5).attr('selected','selected');
- $('#id_view_profile option').eq(5).attr('selected','selected');
- $('#id_view_photos option').eq(5).attr('selected','selected');
- $('#id_view_contacts option').eq(5).attr('selected','selected');
- $('#id_view_storage option').eq(5).attr('selected','selected');
- $('#id_view_pages option').eq(5).attr('selected','selected');
+ $('#id_view_stream option').eq(6).attr('selected','selected');
+ $('#id_view_profile option').eq(6).attr('selected','selected');
+ $('#id_view_photos option').eq(6).attr('selected','selected');
+ $('#id_view_contacts option').eq(6).attr('selected','selected');
+ $('#id_view_storage option').eq(6).attr('selected','selected');
+ $('#id_view_pages option').eq(6).attr('selected','selected');
$('#id_send_stream option').eq(4).attr('selected','selected');
$('#id_post_wall option').eq(4).attr('selected','selected');
$('#id_post_comments option').eq(4).attr('selected','selected');