aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorAndrew Manning <tamanning@zoho.com>2016-07-16 21:04:04 -0400
committerAndrew Manning <tamanning@zoho.com>2016-07-16 21:04:04 -0400
commit99354ac57622002c0bbd820235d03321406f8d39 (patch)
treef8ad698a1c901f757dfc4354721846c8be82ab7e /include
parente7b853175154688d60d83ca5935650d1128973c6 (diff)
parentf396b1bf735a7dc9eb3632e49c1269de54777c6d (diff)
downloadvolse-hubzilla-99354ac57622002c0bbd820235d03321406f8d39.tar.gz
volse-hubzilla-99354ac57622002c0bbd820235d03321406f8d39.tar.bz2
volse-hubzilla-99354ac57622002c0bbd820235d03321406f8d39.zip
Merge remote-tracking branch 'upstream/dev' into website-import-remote
Diffstat (limited to 'include')
-rw-r--r--include/auth.php76
-rw-r--r--include/channel.php25
-rw-r--r--include/security.php38
-rw-r--r--include/text.php4
-rw-r--r--include/widgets.php9
5 files changed, 126 insertions, 26 deletions
diff --git a/include/auth.php b/include/auth.php
index 01fcf0094..79d04c728 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -36,22 +36,33 @@ function account_verify_password($email, $pass) {
// you have to verify the email and then go through the account approval workflow before
// letting them login.
- if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED))
- return null;
+ // @bug there is no record here
+ //if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED))
+ // return null;
$r = q("select * from account where account_email = '%s'",
dbesc($email)
);
- if(! ($r && count($r)))
- return null;
-
- foreach($r as $record) {
- if(($record['account_flags'] == ACCOUNT_OK)
- && (hash('whirlpool', $record['account_salt'] . $pass) === $record['account_password'])) {
- logger('password verified for ' . $email);
- return $record;
+ if($r) {
+
+ foreach($r as $record) {
+ if(($record['account_flags'] == ACCOUNT_OK)
+ && (hash('whirlpool', $record['account_salt'] . $pass) === $record['account_password'])) {
+ logger('password verified for ' . $email);
+ return $record;
+ }
}
}
+
+ $x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1",
+ dbesc($email),
+ dbesc($pass)
+ );
+ if($x) {
+ atoken_login($x[0]);
+ return $x[0];
+ }
+
$error = 'password failed for ' . $email;
logger($error);
@@ -123,10 +134,18 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
authenticate_success($x[0], true, true);
}
}
-
- $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1",
- dbesc($_SESSION['visitor_id'])
- );
+ if(array_key_exists('atoken',$_SESSION)) {
+ $y = q("select * from atoken where atoken_id = %d limit 1",
+ intval($_SESSION['atoken'])
+ );
+ if($y)
+ $r = array(atoken_xchan($y[0]));
+ }
+ else {
+ $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1",
+ dbesc($_SESSION['visitor_id'])
+ );
+ }
if($r) {
App::set_observer($r[0]);
}
@@ -199,20 +218,27 @@ else {
call_hooks('authenticate', $addon_auth);
+ $atoken = false;
+
if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) {
$record = $addon_auth['user_record'];
}
else {
- $record = App::$account = account_verify_password($_POST['username'], $_POST['password']);
-
- if(App::$account) {
- $_SESSION['account_id'] = App::$account['account_id'];
- }
- else {
- notice( t('Failed authentication') . EOL);
+ $x = account_verify_password($_POST['username'], $_POST['password']);
+ if(array_key_exists('atoken',$x))
+ $atoken = true;
+ if(! $atoken) {
+ $record = App::$account = $x;
+
+ if(App::$account) {
+ $_SESSION['account_id'] = App::$account['account_id'];
+ }
+ else {
+ notice( t('Failed authentication') . EOL);
+ }
+
+ logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL);
}
-
- logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL);
}
if((! $record) || (! count($record))) {
@@ -252,7 +278,8 @@ else {
// if we haven't failed up this point, log them in.
$_SESSION['last_login_date'] = datetime_convert();
- authenticate_success($record, true, true);
+ if(! $atoken)
+ authenticate_success($record, true, true);
}
}
@@ -270,6 +297,7 @@ else {
* @return int|bool
* Return channel_id from pconfig or false.
*/
+
function match_openid($authid) {
// Query the uid/channel_id from pconfig for a given value.
$r = q("SELECT uid FROM pconfig WHERE cat = 'system' AND k = 'openid' AND v = '%s' LIMIT 1",
diff --git a/include/channel.php b/include/channel.php
index 95506ed78..1a6508803 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -1310,13 +1310,12 @@ function get_my_address() {
* If somebody arrives at our site using a zid, add their xchan to our DB if we don't have it already.
* And if they aren't already authenticated here, attempt reverse magic auth.
*
- * @param App &$a
*
* @hooks 'zid_init'
* string 'zid' - their zid
* string 'url' - the destination url
*/
-function zid_init(&$a) {
+function zid_init() {
$tmp_str = get_my_address();
if(validate_email($tmp_str)) {
Zotlabs\Daemon\Master::Summon(array('Gprobe',bin2hex($tmp_str)));
@@ -1343,6 +1342,28 @@ function zid_init(&$a) {
}
/**
+ * @brief
+ *
+ * If somebody arrives at our site using a zat, authenticate them
+ *
+ */
+
+function zat_init() {
+ if(local_channel() || remote_channel())
+ return;
+
+ $r = q("select * from atoken where atoken_token = '%s' limit 1",
+ dbesc($_REQUEST['zat'])
+ );
+ if($r) {
+ atoken_login($r[0]);
+ }
+
+}
+
+
+
+/**
* @brief Adds a zid parameter to a url.
*
* @param string $s
diff --git a/include/security.php b/include/security.php
index 212690d91..e345636e7 100644
--- a/include/security.php
+++ b/include/security.php
@@ -82,6 +82,44 @@ function authenticate_success($user_record, $login_initial = false, $interactive
/* else just return */
}
+function atoken_login($atoken) {
+ if(! $atoken)
+ return false;
+
+ $xchan = atoken_xchan($atoken);
+
+ $_SESSION['authenticated'] = 1;
+ $_SESSION['visitor_id'] = $xchan['xchan_hash'];
+ $_SESSION['atoken'] = $atoken['atoken_id'];
+
+ \App::set_observer($xchan);
+
+ return [ 'atoken' => true ];
+}
+
+
+function atoken_xchan($atoken) {
+
+ $c = channelx_by_n($atoken['atoken_uid']);
+ if($c) {
+ return [
+ 'xchan_hash' => substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'],
+ 'xchan_name' => $atoken['atoken_name'],
+ 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(),
+ 'xchan_network' => 'unknown',
+ 'xchan_hidden' => 1,
+ 'xchan_photo_mimetype' => 'image/jpeg',
+ 'xchan_photo_l' => get_default_profile_photo(300),
+ 'xchan_photo_m' => get_default_profile_photo(80),
+ 'xchan_photo_s' => get_default_profile_photo(48)
+
+ ];
+ }
+
+}
+
+
+
/**
* @brief Change to another channel with current logged-in account.
*
diff --git a/include/text.php b/include/text.php
index 3b285cfca..ea29babd8 100644
--- a/include/text.php
+++ b/include/text.php
@@ -774,6 +774,10 @@ function strip_zids($s) {
return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s);
}
+function strip_zats($s) {
+ return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s);
+}
+
// quick and dirty quoted_printable encoding
diff --git a/include/widgets.php b/include/widgets.php
index 352c844ee..21b83fa9a 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -609,6 +609,15 @@ function widget_settings_menu($arr) {
'selected' => ((argv(1) === 'oauth') ? 'active' : ''),
);
+ if(! UNO) {
+ $tabs[] = array(
+ 'label' => t('Guest Access Tokens'),
+ 'url' => z_root() . '/settings/tokens',
+ 'selected' => ((argv(1) === 'tokens') ? 'active' : ''),
+ );
+ }
+
+
if($role === false || $role === 'custom') {
$tabs[] = array(
'label' => t('Connection Default Permissions'),