diff options
| author | Mario <mario@mariovavti.com> | 2021-12-17 19:48:09 +0100 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2021-12-17 19:48:09 +0100 |
| commit | bfd3da43ac9226e53188a03ff1414a18422e91b4 (patch) | |
| tree | b183e7c1c76aa8d39310fd702985bff7945e7053 /include/security.php | |
| parent | 32a9eaf3b6a68626580078a3302f8dd8e85eb165 (diff) | |
| download | volse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.tar.gz volse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.tar.bz2 volse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.zip | |
access token refactor
Diffstat (limited to 'include/security.php')
| -rw-r--r-- | include/security.php | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/include/security.php b/include/security.php index b6c0f1511..f02fb8023 100644 --- a/include/security.php +++ b/include/security.php @@ -89,8 +89,20 @@ function authenticate_success($user_record, $channel = null, $login_initial = fa } function atoken_login($atoken) { - if (!$atoken) + if (! $atoken) { return false; + } + + if (App::$cmd === 'channel' && argv(1)) { + $channel = channelx_by_nick(argv(1)); + if (perm_is_allowed($channel['channel_id'],$atoken['xchan_hash'],'delegate')) { + $_SESSION['delegate_channel'] = $channel['channel_id']; + $_SESSION['delegate'] = $atoken['xchan_hash']; + $_SESSION['account_id'] = intval($channel['channel_account_id']); + change_channel($channel['channel_id']); + return; + } + } $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $atoken['xchan_hash']; @@ -113,11 +125,11 @@ function atoken_xchan($atoken) { if ($c) { return [ 'atoken_id' => $atoken['atoken_id'], - 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'], + 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'], 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(), 'xchan_network' => 'unknown', - 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'], + 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'], 'xchan_hidden' => 1, 'xchan_photo_mimetype' => 'image/png', 'xchan_photo_l' => z_root() . '/' . get_default_profile_photo(300), @@ -143,11 +155,17 @@ function atoken_delete($atoken_id) { if (!$c) return; - $atoken_xchan = substr($c[0]['channel_hash'], 0, 16) . '.' . $r[0]['atoken_name']; + $atoken_xchan = substr($c[0]['channel_hash'], 0, 16) . '.' . $r[0]['atoken_guid']; q("delete from atoken where atoken_id = %d", intval($atoken_id) ); + + q("delete from abook where abook_channel = %d and abook_xchan = '%s'", + intval($c[0]['channel_id']), + dbesc($atoken_xchan) + ); + q("delete from abconfig where chan = %d and xchan = '%s'", intval($c[0]['channel_id']), dbesc($atoken_xchan) @@ -198,7 +216,7 @@ function atoken_abook($uid, $xchan_hash) { if (!$r) return false; - $x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'", + $x = q("select * from atoken where atoken_uid = %d and atoken_guid = '%s'", intval($uid), dbesc(substr($xchan_hash, 17)) ); |