aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-10-01 19:04:21 -0700
committerfriendica <info@friendica.com>2012-10-01 19:04:21 -0700
commitdc8a46477b245dc89c3de69ddc61e83a2b8bd22a (patch)
tree5b44415ab9c6c7ac036c719e5a1c10d8e0f6d7ea /include
parent846a9813b23911ae2a87d87fb6fd9f188ed84dc0 (diff)
downloadvolse-hubzilla-dc8a46477b245dc89c3de69ddc61e83a2b8bd22a.tar.gz
volse-hubzilla-dc8a46477b245dc89c3de69ddc61e83a2b8bd22a.tar.bz2
volse-hubzilla-dc8a46477b245dc89c3de69ddc61e83a2b8bd22a.zip
use hash for channel id
Diffstat (limited to 'include')
-rw-r--r--include/identity.php27
-rw-r--r--include/security.php21
2 files changed, 44 insertions, 4 deletions
diff --git a/include/identity.php b/include/identity.php
index 41d83b66d..1c552a21a 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -82,14 +82,18 @@ function create_identity($arr) {
$ret['channel'] = $r[0];
set_default_login_identity($arr['account_id'],$ret['channel']['channel_id'],false);
-
+
+ $sig = base64url_encode(rsa_sign($ret['channel']['channel_global_id'],$ret['channel']['channel_prvkey']));
+ $hash = base64url_encode(hash('whirlpool',$ret['channel']['channel_global_id'] . $sig,true));
+
// Create a verified hub location pointing to this site.
- $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_flags,
+ $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_flags,
hubloc_url, hubloc_url_sig, hubloc_callback, hubloc_sitekey )
- values ( '%s', '%s', %d, '%s', '%s', '%s', '%s' )",
+ values ( '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s' )",
dbesc($ret['channel']['channel_global_id']),
- dbesc(base64url_encode(rsa_sign($ret['channel']['channel_global_id'],$ret['channel']['channel_prvkey']))),
+ dbesc($sig),
+ dbesc($hash),
intval(($primary) ? HUBLOC_FLAGS_PRIMARY : 0),
dbesc(z_root()),
dbesc(base64url_encode(rsa_sign(z_root(),$ret['channel']['channel_prvkey']))),
@@ -99,8 +103,23 @@ function create_identity($arr) {
if(! $r)
logger('create_identity: Unable to store hub location');
+
$newuid = $ret['channel']['channel_id'];
+ $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_photo, xchan_addr, xchan_profile, xchan_name ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s')",
+ dbesc($hash),
+ dbesc($ret['channel']['channel_global_id']),
+ dbesc($sig),
+ dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
+ dbesc($ret['channel']['channel_address'] . '@' . $a->get_hostname()),
+ dbesc(z_root() . '/profile/' . $ret['channel']['channel_address']),
+ dbesc($ret['channel']['channel_name'])
+ );
+
+ // Not checking return value.
+ // It's ok for this to fail if it's an imported channel, and therefore the hash is a duplicate
+
+
$r = q("INSERT INTO `profile` ( `aid`, `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`)
VALUES ( %d, %d, '%s', %d, '%s', '%s', '%s') ",
intval($ret['channel']['channel_account_id']),
diff --git a/include/security.php b/include/security.php
index e221ad59b..a85787588 100644
--- a/include/security.php
+++ b/include/security.php
@@ -220,6 +220,27 @@ function can_write_wall(&$a,$owner) {
}
+function change_channel($change_channel) {
+
+ $r = false;
+
+ if($change_channel) {
+ $r = q("select * from channel where channel_id = %d and channel_account_id = %d limit 1",
+ intval($change_channel),
+ intval(get_account_id())
+ );
+ if($r && count($r)) {
+ $_SESSION['uid'] = intval($r[0]['channel_id']);
+ get_app()->set_channel($r[0]);
+ $_SESSION['theme'] = $r[0]['channel_theme'];
+ date_default_timezone_set($r[0]['channel_timezone']);
+ }
+ }
+
+ return $r;
+
+}
+
function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
$local_user = local_user();