diff options
| author | Haakon Meland Eriksen <haakon.eriksen@far.no> | 2015-12-14 18:55:43 +0100 |
|---|---|---|
| committer | Haakon Meland Eriksen <haakon.eriksen@far.no> | 2015-12-14 18:55:43 +0100 |
| commit | 3b1ab5e79cbbf2a8f65cb4dc388e2257a3e857af (patch) | |
| tree | 84b87fb47a27035afd2a354d11c36e8259f4c18e /include | |
| parent | 565126a888d70dce853a2351b698bbc0695f0ba9 (diff) | |
| parent | dcf7946673fd57325fc848df8f8cea7a84cc35b6 (diff) | |
| download | volse-hubzilla-3b1ab5e79cbbf2a8f65cb4dc388e2257a3e857af.tar.gz volse-hubzilla-3b1ab5e79cbbf2a8f65cb4dc388e2257a3e857af.tar.bz2 volse-hubzilla-3b1ab5e79cbbf2a8f65cb4dc388e2257a3e857af.zip | |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'include')
| -rw-r--r-- | include/account.php | 4 | ||||
| -rw-r--r-- | include/api.php | 63 | ||||
| -rw-r--r-- | include/api_auth.php | 84 | ||||
| -rw-r--r-- | include/attach.php | 2 | ||||
| -rw-r--r-- | include/conversation.php | 2 | ||||
| -rw-r--r-- | include/follow.php | 25 | ||||
| -rw-r--r-- | include/identity.php | 6 | ||||
| -rwxr-xr-x | include/items.php | 3 | ||||
| -rw-r--r-- | include/network.php | 13 | ||||
| -rw-r--r-- | include/notifier.php | 2 | ||||
| -rw-r--r-- | include/oauth.php | 161 | ||||
| -rw-r--r-- | include/photos.php | 2 | ||||
| -rw-r--r-- | include/security.php | 18 | ||||
| -rw-r--r-- | include/zot.php | 1 |
14 files changed, 213 insertions, 173 deletions
diff --git a/include/account.php b/include/account.php index b3a520fd4..e448bdcc6 100644 --- a/include/account.php +++ b/include/account.php @@ -67,7 +67,7 @@ function check_account_invite($invite_code) { $result['message'] .= t('An invitation is required.') . EOL; } $r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_code)); - if(! results($r)) { + if(! $r) { $result['message'] .= t('Invitation could not be verified.') . EOL; } } @@ -718,4 +718,4 @@ function upgrade_message($bbcode = false) { function upgrade_bool_message($bbcode = false) { $x = upgrade_link($bbcode); return t('This action is not available under your subscription plan.') . (($x) ? ' ' . $x : '') ; -}
\ No newline at end of file +} diff --git a/include/api.php b/include/api.php index e60583a01..f37e0669f 100644 --- a/include/api.php +++ b/include/api.php @@ -1,10 +1,10 @@ <?php /** @file */ -require_once("bbcode.php"); -require_once("datetime.php"); -require_once("conversation.php"); -require_once("oauth.php"); -require_once("html2plain.php"); +require_once("include/bbcode.php"); +require_once("include/datetime.php"); +require_once("include/conversation.php"); +require_once("include/oauth.php"); +require_once("include/html2plain.php"); require_once('include/security.php'); require_once('include/photos.php'); require_once('include/items.php'); @@ -112,8 +112,11 @@ require_once('include/api_auth.php'); break; case "json": header ("Content-Type: application/json"); - foreach($r as $rr) + foreach($r as $rr) { + if(! $rr) + $rr = array(); $json = json_encode($rr); + } if ($_GET['callback']) $json = $_GET['callback']."(".$json.")"; return $json; @@ -852,13 +855,24 @@ require_once('include/api_auth.php'); $_REQUEST['type'] = 'wall'; if(x($_FILES,'media')) { - $_FILES['userfile'] = $_FILES['media']; - // upload the image if we have one - $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo - require_once('mod/wall_attach.php'); - $media = wall_attach_post($a); - if(strlen($media)>0) - $_REQUEST['body'] .= "\n\n".$media; + $num_uploads = count($_FILES['media']['name']); + for($x = 0; $x < $num_uploads; $x ++) { + $_FILES['userfile'] = array(); + $_FILES['userfile']['name'] = $_FILES['media']['name'][$x]; + $_FILES['userfile']['type'] = $_FILES['media']['type'][$x]; + $_FILES['userfile']['tmp_name'] = $_FILES['media']['tmp_name'][$x]; + $_FILES['userfile']['error'] = $_FILES['media']['error'][$x]; + $_FILES['userfile']['size'] = $_FILES['media']['size'][$x]; + + // upload each image if we have any + $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo + require_once('mod/wall_attach.php'); + $a->data['api_info'] = $user_info; + $media = wall_attach_post($a); + + if(strlen($media)>0) + $_REQUEST['body'] .= "\n\n" . $media; + } } } @@ -870,6 +884,7 @@ require_once('include/api_auth.php'); // this should output the last post (the one we just posted). return api_status_show($a,$type); } + api_register_func('api/statuses/update_with_media','api_statuses_update', true); api_register_func('api/statuses/update','api_statuses_update', true); @@ -1078,6 +1093,8 @@ require_once('include/api_auth.php'); 'contributors' => '' ); $status_info['user'] = $user_info; + if(array_key_exists('status',$status_info['user'])) + unset($status_info['user']['status']); } return api_apply_template("status", $type, array('$status' => $status_info)); @@ -1319,6 +1336,8 @@ require_once('include/api_auth.php'); // params $id = intval(argv(3)); + if(! $id) + $id = $_REQUEST['id']; logger('API: api_statuses_show: '.$id); @@ -1335,10 +1354,12 @@ require_once('include/api_auth.php'); $r = q("select * from item where true $item_normal $sql_extra", intval($id) ); + xchan_query($r,true); $ret = api_format_items($r,$user_info); + if ($conversation) { $data = array('$statuses' => $ret); return api_apply_template("timeline", $type, $data); @@ -2298,28 +2319,28 @@ require_once('include/api_auth.php'); api_register_func('api/direct_messages','api_direct_messages_inbox',true); - function api_oauth_request_token(&$a, $type){ try{ - $oauth = new FKOAuth1(); - $req = OAuthRequest::from_request(); -logger('Req: ' . var_export($req,true)); + $oauth = new ZotOAuth1(); + $req = OAuth1Request::from_request(); + logger('Req: ' . var_export($req,true),LOGGER_DATA); $r = $oauth->fetch_request_token($req); }catch(Exception $e){ logger('oauth_exception: ' . print_r($e->getMessage(),true)); - echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); + echo "error=". OAuth1Util::urlencode_rfc3986($e->getMessage()); killme(); } echo $r; killme(); } + function api_oauth_access_token(&$a, $type){ try{ - $oauth = new FKOAuth1(); - $req = OAuthRequest::from_request(); + $oauth = new ZotOAuth1(); + $req = OAuth1Request::from_request(); $r = $oauth->fetch_access_token($req); }catch(Exception $e){ - echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme(); + echo "error=". OAuth1Util::urlencode_rfc3986($e->getMessage()); killme(); } echo $r; killme(); diff --git a/include/api_auth.php b/include/api_auth.php index ee9db3f55..26a9df8d4 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -1,17 +1,19 @@ <?php /** @file */ -require_once("oauth.php"); - - /** - * Simple HTTP Login + * API Login via basic-auth or OAuth */ function api_login(&$a){ + + $record = null; + + require_once('include/oauth.php'); + // login with oauth try { - $oauth = new FKOAuth1(); - $req = OAuthRequest::from_request(); + $oauth = new ZotOAuth1(); + $req = OAuth1Request::from_request(); list($consumer,$token) = $oauth->verify_request($req); @@ -23,16 +25,14 @@ function api_login(&$a){ call_hooks('logged_in', $a->user); return; } - echo __file__.__line__.__function__."<pre>"; -// var_dump($consumer, $token); - die(); + killme(); } catch(Exception $e) { - logger(__file__.__line__.__function__."\n".$e); + logger($e->getMessage()); } - - // workaround for HTTP-auth in CGI mode + // workarounds for HTTP-auth in CGI mode + if(x($_SERVER,'REDIRECT_REMOTE_USER')) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; if(strlen($userpass)) { @@ -51,45 +51,49 @@ function api_login(&$a){ } } + require_once('include/auth.php'); + require_once('include/security.php'); - if (!isset($_SERVER['PHP_AUTH_USER'])) { - logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Red"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); - } - // process normal login request - require_once('include/auth.php'); - $channel_login = 0; - $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); - if(! $record) { - $r = q("select * from channel where channel_address = '%s' limit 1", + + if(isset($_SERVER['PHP_AUTH_USER'])) { + $channel_login = 0; + $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); + if(! $record) { + $r = q("select * from channel left join account on account.account_id = channel.channel_account_id + where channel.channel_address = '%s' limit 1", dbesc($_SERVER['PHP_AUTH_USER']) ); if ($r) { - $x = q("select * from account where account_id = %d limit 1", - intval($r[0]['channel_account_id']) - ); - if ($x) { - $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']); + $record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']); if($record) $channel_login = $r[0]['channel_id']; } } - if(! $record) { - logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Red"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); - } } - require_once('include/security.php'); - authenticate_success($record); + if($record) { + authenticate_success($record); - if($channel_login) - change_channel($channel_login); + if($channel_login) + change_channel($channel_login); + + $_SESSION['allow_api'] = true; + return true; + } + else { + $_SERVER['PHP_AUTH_PW'] = '*****'; + logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); + log_failed_login('API login failure'); + retry_basic_auth(); + } - $_SESSION['allow_api'] = true; } + + +function retry_basic_auth() { + header('WWW-Authenticate: Basic realm="Hubzilla"'); + header('HTTP/1.0 401 Unauthorized'); + echo('This api requires login'); + killme(); +}
\ No newline at end of file diff --git a/include/attach.php b/include/attach.php index 36b971712..20e8b7444 100644 --- a/include/attach.php +++ b/include/attach.php @@ -430,7 +430,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $observer = $x[0]; } - logger('arr: ' . print_r($arr,true)); + logger('arr: ' . print_r($arr,true), LOGGER_DATA); if(! perm_is_allowed($channel_id,$observer_hash, 'write_storage')) { $ret['message'] = t('Permission denied.'); diff --git a/include/conversation.php b/include/conversation.php index 3b534dc69..747bb5d0a 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1227,7 +1227,7 @@ function status_editor($a, $x, $popup = false) { '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$shortpermset' => t('permissions'), - '$ptyp' => (($notes_cid) ? 'note' : 'wall'), + '$ptyp' => '', '$content' => ((x($x,'body')) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8') : ''), '$attachment' => ((x($x, 'attachment')) ? $x['attachment'] : ''), '$post_id' => '', diff --git a/include/follow.php b/include/follow.php index 40ad2c299..97be82da7 100644 --- a/include/follow.php +++ b/include/follow.php @@ -161,6 +161,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) } } if($r) { + $xchan = $r[0]; $xchan_hash = $r[0]['xchan_hash']; $their_perms = 0; } @@ -172,7 +173,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) return $result; } - $x = array('channel_id' => $uid, 'follow_address' => $url, 'xchan' => $r[0], 'allowed' => 1); + $x = array('channel_id' => $uid, 'follow_address' => $url, 'xchan' => $r[0], 'allowed' => 1, 'singleton' => 0); call_hooks('follow_allow',$x); @@ -180,7 +181,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $result['message'] = t('Protocol disabled.'); return $result; } - + $singleton = intval($x['singleton']); if((local_channel()) && $uid == local_channel()) { $aid = get_account_id(); @@ -221,13 +222,22 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) return $result; } - $r = q("select abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + $r = q("select abook_xchan, abook_instance from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), intval($uid) ); if($r) { - $x = q("update abook set abook_their_perms = %d where abook_id = %d", + $abook_instance = $r[0]['abook_instance']; + + if(($singleton) && strpos($abook_instance,z_root()) === false) { + if($abook_instance) + $abook_instance .= ','; + $abook_instance .= z_root(); + } + + $x = q("update abook set abook_their_perms = %d, abook_instance = '%s' where abook_id = %d", intval($their_perms), + dbesc($abook_instance), intval($r[0]['abook_id']) ); } @@ -237,8 +247,8 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) if($closeness === false) $closeness = 80; - $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_their_perms, abook_my_perms, abook_created, abook_updated ) - values( %d, %d, %d, '%s', %d, %d, %d, '%s', '%s' ) ", + $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_instance ) + values( %d, %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s' ) ", intval($aid), intval($uid), intval($closeness), @@ -247,7 +257,8 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) intval(($is_http) ? $their_perms|PERMS_R_STREAM|PERMS_A_REPUBLISH : $their_perms), intval($my_perms), dbesc(datetime_convert()), - dbesc(datetime_convert()) + dbesc(datetime_convert()), + dbesc(($singleton) ? z_root() : '') ); } diff --git a/include/identity.php b/include/identity.php index 95ade3b28..98ba26bd8 100644 --- a/include/identity.php +++ b/include/identity.php @@ -896,12 +896,6 @@ function profile_load(&$a, $nickname, $profile = '') { $_SESSION['theme'] = $p[0]['channel_theme']; -// $a->set_template_engine(); // reset the template engine to the default in case the user's theme doesn't specify one - -// $theme_info_file = "view/theme/".current_theme()."/php/theme.php"; -// if (file_exists($theme_info_file)){ -// require_once($theme_info_file); -// } } /** diff --git a/include/items.php b/include/items.php index ef1867c14..8c2e7deb2 100755 --- a/include/items.php +++ b/include/items.php @@ -2349,7 +2349,7 @@ function item_store($arr, $allow_exec = false) { return $ret; } - if($arr['obj_type'] == ACTIVITY_OBJ_NOTE) + if(($arr['obj_type'] == ACTIVITY_OBJ_NOTE) && (! $arr['object'])) $arr['obj_type'] = ACTIVITY_OBJ_COMMENT; // is the new message multi-level threaded? @@ -2870,6 +2870,7 @@ function send_status_notifications($post_id,$item) { if($x) { foreach($x as $xx) { if($xx['author_xchan'] === $r[0]['channel_hash']) { + $notify = true; // check for an unfollow thread activity - we should probably decode the obj and check the id diff --git a/include/network.php b/include/network.php index 5895d302b..68452c3d1 100644 --- a/include/network.php +++ b/include/network.php @@ -1883,3 +1883,16 @@ function check_channelallowed($hash) { return $retvalue; } +function deliverable_singleton($xchan) { + $r = q("select abook_instance from abook where abook_xchan = '%s' limit 1", + dbesc($xchan['xchan_hash']) + ); + if($r) { + if(! $r[0]['abook_instance']) + return true; + if(strpos($r[0]['abook_instance'],z_root()) !== false) + return true; + } + return false; +} + diff --git a/include/notifier.php b/include/notifier.php index b7830285a..66b6160e4 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -57,6 +57,8 @@ require_once('include/html2plain.php'); * purge_all channel_id * expire channel_id * relay item_id (item was relayed to owner, we will deliver it as owner) + * single_activity item_id (deliver to a singleton network from the appropriate clone) + * single_mail mail_id (deliver to a singleton network from the appropriate clone) * location channel_id * request channel_id xchan_hash message_id * rating xlink_id diff --git a/include/oauth.php b/include/oauth.php index 80336f906..f3d144158 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -1,4 +1,5 @@ <?php /** @file */ + /** * OAuth server * Based on oauth2-php <http://code.google.com/p/oauth2-php/> @@ -9,16 +10,17 @@ define('REQUEST_TOKEN_DURATION', 300); define('ACCESS_TOKEN_DURATION', 31536000); require_once("library/OAuth1.php"); -require_once("library/oauth2-php/lib/OAuth2.inc"); -class FKOAuthDataStore extends OAuthDataStore { - function gen_token(){ +//require_once("library/oauth2-php/lib/OAuth2.inc"); + +class ZotOAuth1DataStore extends OAuth1DataStore { + + function gen_token(){ return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid()))); - } + } - function lookup_consumer($consumer_key) { - logger(__function__.":".$consumer_key); -// echo "<pre>"; var_dump($consumer_key); killme(); + function lookup_consumer($consumer_key) { + logger('consumer_key: ' . $consumer_key, LOGGER_DEBUG); $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'", dbesc($consumer_key) @@ -26,13 +28,14 @@ class FKOAuthDataStore extends OAuthDataStore { if($r) { get_app()->set_oauth_key($consumer_key); - return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']); + return new OAuth1Consumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']); } return null; - } + } - function lookup_token($consumer, $token_type, $token) { - logger(__function__.":".$consumer.", ". $token_type.", ".$token); + function lookup_token($consumer, $token_type, $token) { + + logger(__function__.":".$consumer.", ". $token_type.", ".$token, LOGGER_DEBUG); $r = q("SELECT id, secret, scope, expires, uid FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'", dbesc($consumer->key), @@ -41,17 +44,16 @@ class FKOAuthDataStore extends OAuthDataStore { ); if (count($r)){ - $ot=new OAuthToken($r[0]['id'],$r[0]['secret']); + $ot=new OAuth1Token($r[0]['id'],$r[0]['secret']); $ot->scope=$r[0]['scope']; $ot->expires = $r[0]['expires']; $ot->uid = $r[0]['uid']; return $ot; } return null; - } + } - function lookup_nonce($consumer, $token, $nonce, $timestamp) { -// echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme(); + function lookup_nonce($consumer, $token, $nonce, $timestamp) { $r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d", dbesc($consumer->key), @@ -60,12 +62,14 @@ class FKOAuthDataStore extends OAuthDataStore { ); if (count($r)) - return new OAuthToken($r[0]['id'],$r[0]['secret']); + return new OAuth1Token($r[0]['id'],$r[0]['secret']); return null; - } + } + + function new_request_token($consumer, $callback = null) { + + logger(__function__.":".$consumer.", ". $callback, LOGGER_DEBUG); - function new_request_token($consumer, $callback = null) { - logger(__function__.":".$consumer.", ". $callback); $key = $this->gen_token(); $sec = $this->gen_token(); @@ -82,29 +86,31 @@ class FKOAuthDataStore extends OAuthDataStore { 'request', time()+intval(REQUEST_TOKEN_DURATION)); - if (!$r) return null; - return new OAuthToken($key,$sec); - } + if(! $r) + return null; + return new OAuth1Token($key,$sec); + } - function new_access_token($token, $consumer, $verifier = null) { - logger(__function__.":".$token.", ". $consumer.", ". $verifier); - - // return a new access token attached to this consumer - // for the user associated with this token if the request token - // is authorized - // should also invalidate the request token - - $ret=Null; + function new_access_token($token, $consumer, $verifier = null) { + + logger(__function__.":".$token.", ". $consumer.", ". $verifier, LOGGER_DEBUG); - // get user for this verifier - $uverifier = get_config("oauth", $verifier); - logger(__function__.":".$verifier.",".$uverifier); - if (is_null($verifier) || ($uverifier!==false)){ + // return a new access token attached to this consumer + // for the user associated with this token if the request token + // is authorized + // should also invalidate the request token + + $ret=Null; + + // get user for this verifier + $uverifier = get_config("oauth", $verifier); + logger(__function__.":".$verifier.",".$uverifier, LOGGER_DEBUG); + if (is_null($verifier) || ($uverifier!==false)) { - $key = $this->gen_token(); - $sec = $this->gen_token(); + $key = $this->gen_token(); + $sec = $this->gen_token(); - $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', %d, %d)", + $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', %d, %d)", dbesc($key), dbesc($sec), dbesc($consumer->key), @@ -112,81 +118,70 @@ class FKOAuthDataStore extends OAuthDataStore { time()+intval(ACCESS_TOKEN_DURATION), intval($uverifier)); - if ($r) - $ret = new OAuthToken($key,$sec); - } + if ($r) + $ret = new OAuth1Token($key,$sec); + } - q("DELETE FROM tokens WHERE id='%s'", $token->key); + q("DELETE FROM tokens WHERE id='%s'", $token->key); - if (!is_null($ret) && $uverifier!==false){ - del_config("oauth", $verifier); - /* $apps = get_pconfig($uverifier, "oauth", "apps"); - if ($apps===false) $apps=array(); - $apps[] = $consumer->key; - set_pconfig($uverifier, "oauth", "apps", $apps);*/ + if (!is_null($ret) && $uverifier!==false) { + del_config("oauth", $verifier); + + // $apps = get_pconfig($uverifier, "oauth", "apps"); + // if ($apps===false) $apps=array(); + // $apps[] = $consumer->key; + // set_pconfig($uverifier, "oauth", "apps", $apps); + } + return $ret; } - - return $ret; - - } } -class FKOAuth1 extends OAuthServer { +class ZotOAuth1 extends OAuth1Server { function __construct() { - parent::__construct(new FKOAuthDataStore()); - $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT()); - $this->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1()); + parent::__construct(new ZotOAuth1DataStore()); + $this->add_signature_method(new OAuth1SignatureMethod_PLAINTEXT()); + $this->add_signature_method(new OAuth1SignatureMethod_HMAC_SHA1()); } function loginUser($uid){ - logger("RedOAuth1::loginUser $uid"); - $a = get_app(); + + logger("ZotOAuth1::loginUser $uid"); + $r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1", intval($uid) ); if(count($r)){ $record = $r[0]; } else { - logger('FKOAuth1::loginUser failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); + logger('ZotOAuth1::loginUser failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); + header('HTTP/1.0 401 Unauthorized'); + echo('This api requires login'); + killme(); } $_SESSION['uid'] = $record['channel_id']; - $_SESSION['theme'] = $record['channel_theme']; - $_SESSION['account_id'] = $record['channel_account_id']; - $_SESSION['mobile_theme'] = get_pconfig($record['channel_id'], 'system', 'mobile_theme'); - $_SESSION['authenticated'] = 1; - $_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $record['channel_address']; $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; - $_SESSION['allow_api'] = true; + $x = q("select * from account where account_id = %d limit 1", intval($record['channel_account_id']) ); - if($x) - $a->account = $x[0]; - - change_channel($record['channel_id']); - - $a->channel = $record; - - if(strlen($a->channel['channel_timezone'])) { - date_default_timezone_set($a->channel['channel_timezone']); + if($x) { + require_once('include/security.php'); + authenticate_success($x[0],true,false,true,true); + $_SESSION['allow_api'] = true; } - -// q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1", -// dbesc(datetime_convert()), -// intval($_SESSION['uid']) -// ); -// -// call_hooks('logged_in', $a->user); } } + /* + * + + not yet used + class FKOAuth2 extends OAuth2 { private function db_secret($client_secret){ diff --git a/include/photos.php b/include/photos.php index c7360a956..15aa8ee17 100644 --- a/include/photos.php +++ b/include/photos.php @@ -377,7 +377,7 @@ function photo_upload($channel, $observer, $args) { $arr['item_thread_top'] = 1; $arr['item_private'] = intval($acl->is_private()); $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; - $arr['body'] = (($object) ? $args['body'] : $body . "\r\n" . $args['body']); + $arr['body'] = (($object) ? $args['body'] : $body . "\r\n" . $args['body']); // this one is tricky because the item and the photo have the same permissions, those of the photo. diff --git a/include/security.php b/include/security.php index 9a25d9e0e..d4ebe0024 100644 --- a/include/security.php +++ b/include/security.php @@ -93,6 +93,7 @@ function change_channel($change_channel) { $ret = false; if($change_channel) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and channel_removed = 0 limit 1", intval($change_channel), intval(get_account_id()) @@ -136,14 +137,14 @@ function change_channel($change_channel) { } /** - * @brief Creates an addiontal SQL where statement to check permissions. + * @brief Creates an additional SQL where statement to check permissions. * * @param int $owner_id - * @param bool $remote_verified default false, not used at all - * @param string $groups this param is not used at all + * @param bool $remote_observer - if unset use current observer * * @return string additional SQL where statement */ + function permissions_sql($owner_id, $remote_observer = null) { $local_channel = local_channel(); @@ -208,8 +209,7 @@ function permissions_sql($owner_id, $remote_observer = null) { * @brief Creates an addiontal SQL where statement to check permissions for an item. * * @param int $owner_id - * @param bool $remote_verified default false, not used at all - * @param string $groups this param is not used at all + * @param bool $remote_observer, use current observer if unset * * @return string additional SQL where statement */ @@ -400,11 +400,9 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f } -// Returns an array of group id's this contact is a member of. -// This array will only contain group id's related to the uid of this -// DFRN contact. They are *not* neccessarily unique across the entire site. +// Returns an array of group hash id's on this entire site (across all channels) that this connection is a member of. +// var $contact_id = xchan_hash of connection -if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); $r = q("SELECT hash FROM `groups` left join group_member on groups.id = group_member.gid WHERE xchan = '%s' ", @@ -415,7 +413,7 @@ function init_groups_visitor($contact_id) { $groups[] = $rr['hash']; } return $groups; -}} +} diff --git a/include/zot.php b/include/zot.php index 276afb03e..390407e4e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3798,6 +3798,7 @@ function zotinfo($arr) { $ret['site'] = array(); $ret['site']['url'] = z_root(); $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey'])); + $ret['site']['zot_auth'] = z_root() . '/magic'; $dirmode = get_config('system','directory_mode'); if(($dirmode === false) || ($dirmode == DIRECTORY_MODE_NORMAL)) |