aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-01-21 19:16:21 -0800
committerfriendica <info@friendica.com>2013-01-21 19:16:21 -0800
commit5949607d17bceb51d61c73b5c0dbc0fcc063bd04 (patch)
treec3c59d435e146bd46a27d4503fc9b33878664b3f /include
parent6421c09cff6bebd9c7f191d36239a8c4efe74bdf (diff)
downloadvolse-hubzilla-5949607d17bceb51d61c73b5c0dbc0fcc063bd04.tar.gz
volse-hubzilla-5949607d17bceb51d61c73b5c0dbc0fcc063bd04.tar.bz2
volse-hubzilla-5949607d17bceb51d61c73b5c0dbc0fcc063bd04.zip
magic auth - it's mostly done or at least all the code bits are written and it looks in theory to be pretty secure and it doesn't white screen. Getting it to actually work(?), well we won't know how hard that will be until we get it on a couple of systems and try it. Magic auth on one box is a no-op because you're already authenticated.
Diffstat (limited to 'include')
-rw-r--r--include/auth.php21
-rw-r--r--include/zot.php11
2 files changed, 16 insertions, 16 deletions
diff --git a/include/auth.php b/include/auth.php
index c12432449..75a450dc8 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -64,14 +64,19 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
goaway(z_root());
}
-// if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
-// $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
-// intval($_SESSION['visitor_id'])
-// );
-// if(count($r)) {
-// $a->contact = $r[0];
-// }
-// }
+ if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
+ $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+ dbesc($_SESSION['visitor_id'])
+ );
+ if($r) {
+ get_app()->set_observer($r[0]);
+ }
+ else {
+ unset($_SESSION['visitor_id']);
+ unset($_SESSION['authenticated']);
+ }
+ $a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+ }
if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
diff --git a/include/zot.php b/include/zot.php
index fc1241ff2..38bac5e93 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -101,18 +101,13 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_
'version' => ZOT_REVISION
);
- // These fields are present when using magic auth
-
- if(array_key_exists('token',$channel)) {
- $data['sender']['token'] = $channel['token'];
- $data['sender']['token_sig'] = $channel['token_sig'];
- }
-
if($recipients)
$data['recipients'] = $recipients;
- if($secret)
+ if($secret) {
$data['secret'] = $secret;
+ $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey']));
+ }
logger('zot_build_packet: ' . print_r($data,true));