aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
authorAndrew Manning <tamanning@zoho.com>2016-07-21 21:14:54 -0400
committerAndrew Manning <tamanning@zoho.com>2016-07-21 21:14:54 -0400
commit5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6 (patch)
tree84b9b847f384c42a462a0035142b4b5757906922 /include/security.php
parentd504197a786eb46a780278fccb529daa13bfa443 (diff)
parent8566f9130395ecdbe19f9fce85a26dac39d9fe24 (diff)
downloadvolse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.tar.gz
volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.tar.bz2
volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.zip
Merge remote-tracking branch 'upstream/dev' into website-import
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php70
1 files changed, 41 insertions, 29 deletions
diff --git a/include/security.php b/include/security.php
index e345636e7..c67a1b400 100644
--- a/include/security.php
+++ b/include/security.php
@@ -12,7 +12,7 @@
* @param bool $return
* @param bool $update_lastlog
*/
-function authenticate_success($user_record, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) {
+function authenticate_success($user_record, $channel = null, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) {
$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
@@ -23,11 +23,15 @@ function authenticate_success($user_record, $login_initial = false, $interactive
$_SESSION['account_id'] = $user_record['account_id'];
$_SESSION['authenticated'] = 1;
+ if($channel)
+ $uid_to_load = $channel['channel_id'];
- $uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid'])))
- ? intval($_SESSION['uid'])
- : intval(App::$account['account_default_channel'])
- );
+ if(! $uid_to_load) {
+ $uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid'])))
+ ? intval($_SESSION['uid'])
+ : intval(App::$account['account_default_channel'])
+ );
+ }
if($uid_to_load) {
change_channel($uid_to_load);
@@ -85,16 +89,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive
function atoken_login($atoken) {
if(! $atoken)
return false;
-
- $xchan = atoken_xchan($atoken);
-
$_SESSION['authenticated'] = 1;
- $_SESSION['visitor_id'] = $xchan['xchan_hash'];
+ $_SESSION['visitor_id'] = $atoken['xchan_hash'];
$_SESSION['atoken'] = $atoken['atoken_id'];
- \App::set_observer($xchan);
-
- return [ 'atoken' => true ];
+ \App::set_observer($atoken);
+ return true;
}
@@ -102,7 +102,8 @@ function atoken_xchan($atoken) {
$c = channelx_by_n($atoken['atoken_uid']);
if($c) {
- return [
+ return [
+ 'atoken_id' => $atoken['atoken_id'],
'xchan_hash' => substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'],
'xchan_name' => $atoken['atoken_name'],
'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(),
@@ -115,7 +116,7 @@ function atoken_xchan($atoken) {
];
}
-
+ return null;
}
@@ -127,6 +128,7 @@ function atoken_xchan($atoken) {
*
* @return bool|array false or channel record of the new channel
*/
+
function change_channel($change_channel) {
$ret = false;
@@ -476,14 +478,19 @@ function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) {
$random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : '');
if(local_channel())
$ret[] = local_channel();
- $r = q("select channel_id from channel where channel_r_stream > 0 and ( channel_r_stream & %d )>0 and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
- intval($perms),
- intval(PAGE_ADULT|PAGE_CENSORED)
+ $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
+ intval($perms)
);
- if($r) {
- foreach($r as $rr)
- if(! in_array($rr['channel_id'], $ret))
- $ret[] = $rr['channel_id'];
+ if($x) {
+ $ids = ids_to_querystr($x,'uid');
+ $r = q("select channel_id from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 $random_sql $limit_sql ",
+ intval(PAGE_ADULT|PAGE_CENSORED)
+ );
+ if($r) {
+ foreach($r as $rr)
+ if(! in_array($rr['channel_id'], $ret))
+ $ret[] = $rr['channel_id'];
+ }
}
$str = '';
@@ -509,16 +516,21 @@ function stream_perms_xchans($perms = NULL ) {
if(local_channel())
$ret[] = get_observer_hash();
- $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0 and channel_system = 0 and channel_removed = 0 ",
- intval($perms),
- intval(PAGE_ADULT|PAGE_CENSORED)
+ $x = q("select uid from pconfig where cat = 'perm_limits' and k = 'view_stream' and ( v & %d ) > 0 ",
+ intval($perms)
);
- if($r) {
- foreach($r as $rr)
- if(! in_array($rr['channel_hash'], $ret))
- $ret[] = $rr['channel_hash'];
- }
+ if($x) {
+ $ids = ids_to_querystr($x,'uid');
+ $r = q("select channel_hash from channel where channel_id in ( $ids ) and ( channel_pageflags & %d ) = 0 and channel_system = 0 and channel_removed = 0 ",
+ intval(PAGE_ADULT|PAGE_CENSORED)
+ );
+ if($r) {
+ foreach($r as $rr)
+ if(! in_array($rr['channel_hash'], $ret))
+ $ret[] = $rr['channel_hash'];
+ }
+ }
$str = '';
if($ret) {
foreach($ret as $rr) {