diff options
author | zotlabs <mike@macgirvin.com> | 2018-01-11 12:13:57 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2018-01-11 12:15:38 -0800 |
commit | 468e976a88fe3027dde1a56b116e495f7edd7d1a (patch) | |
tree | 5ec1bc57ee693aad7f028a71b4bbf882e78a4bb7 /Zotlabs/Module | |
parent | 894b3706e7e10fbcd158f4022f68ed23c1c7defa (diff) | |
download | volse-hubzilla-468e976a88fe3027dde1a56b116e495f7edd7d1a.tar.gz volse-hubzilla-468e976a88fe3027dde1a56b116e495f7edd7d1a.tar.bz2 volse-hubzilla-468e976a88fe3027dde1a56b116e495f7edd7d1a.zip |
OpenWebAuth: can fail after site re-installs; this may need to be pushed forward to master
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r-- | Zotlabs/Module/Owa.php | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index d58fd7a41..9a39fe4c0 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -31,19 +31,21 @@ class Owa extends \Zotlabs\Web\Controller { if($keyId) { $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where hubloc_addr = '%s' limit 1", + where hubloc_addr = '%s' ", dbesc(str_replace('acct:','',$keyId)) ); if($r) { - $hubloc = $r[0]; - $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); - if($verified && $verified['header_signed'] && $verified['header_valid']) { - $ret['success'] = true; - $token = random_string(32); - \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); - $result = ''; - openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); - $ret['encrypted_token'] = base64url_encode($result); + foreach($r as $hubloc) { + $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); + if($verified && $verified['header_signed'] && $verified['header_valid']) { + $ret['success'] = true; + $token = random_string(32); + \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); + $result = ''; + openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); + $ret['encrypted_token'] = base64url_encode($result); + break; + } } } } |