diff options
| author | friendica <info@friendica.com> | 2012-09-20 18:44:40 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2012-09-20 18:44:40 -0700 |
| commit | 146e11064e8708489e76f8519b22011568f51d32 (patch) | |
| tree | 5d0592c790e05bbef03de3251a53044061c4ff18 /mod/magic.php | |
| parent | 945b0ec07d2e8de01ae58103e19132f1d2d37a27 (diff) | |
| download | volse-hubzilla-146e11064e8708489e76f8519b22011568f51d32.tar.gz volse-hubzilla-146e11064e8708489e76f8519b22011568f51d32.tar.bz2 volse-hubzilla-146e11064e8708489e76f8519b22011568f51d32.zip | |
more work on magic auth
Diffstat (limited to 'mod/magic.php')
| -rw-r--r-- | mod/magic.php | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/mod/magic.php b/mod/magic.php new file mode 100644 index 000000000..9473af6ea --- /dev/null +++ b/mod/magic.php @@ -0,0 +1,77 @@ +<?php + +function magic_init(&$a) { + + $url = ((x($_REQUEST,'url')) ? $_REQUEST['url'] : ''); + + + if(local_user() && $argc() > 1 && intval(argv(1))) { + + $cid = $argv(1); + + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($cid), + intval(local_user()) + ); + + if(! ($r && count($r))) + goaway(z_root()); + + + $sec = random_string(); + + // Here's how it works in zot... still a fair bit of code to write + // Originator (us) posts our id/sig/location/location_sig with a random tracking code. + // The other site will call us back asynchronously and do the verification dance. + // Once that has happened, we will be issued an encrypted token + // We'll redirect to the site with the decrypted token (which is good for one use). + + + + + q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`) + VALUES( %d, %s, '%s', '%s', %d )", + intval(local_user()), + intval($cid), + dbesc($dfrn_id), + dbesc($sec), + intval(time() + 45) + ); + + + + $postvars = array(); + + $postvars['tracking'] = $sec; + + + $ret = $z_post_url($hubloc['hubloc_connect'],$postvars); + if($ret['success']) { + $j = json_decode($ret['body']); + if($j->result && $j->token) { + $token = openssl_private_decrypt($j->token,$channel['prvkey']); + + + + + + logger('mod_magic: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); + $dest = (($url) ? '&destination_url=' . $url : ''); + goaway ($hubloc['hubloc_connect'] . "?f=" . $dest . "&token=" . $token); + } + + } + } + + if(local_user()) + $handle = $a->user['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3); + if(remote_user()) + $handle = $_SESSION['handle']; + + if($url) { + $url = str_replace('{zid}','&zid=' . $handle,$url); + goaway($url); + } + + goaway(z_root()); +} |