magic-auth re-factor

1 files changed, 17 insertions, 61 deletions

diff --git a/mod/magic.php b/mod/magic.php
index e3b14db62..29d16eec5 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -13,64 +13,20 @@ function magic_init(&$a) {
 	$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
 	$rev  = ((x($_REQUEST,'rev'))  ? intval($_REQUEST['rev']) : 0);
 
-	if($hash) {
-		$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
-			where hubloc_hash = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1",
-			dbesc($hash),
-			intval(HUBLOC_FLAGS_PRIMARY)
-		);
-	}
-	elseif($addr) {
-		$x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash 
-			where xchan_addr = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1",
-			dbesc($addr),
-			intval(HUBLOC_FLAGS_PRIMARY)
-		);
-	}
-	else {
-
-		// See if we know anybody at the dest site that will unlock the door for us
-		// This is the equivalent of buzzing every apartment in an apartment block
-		// to get inside the front gate. The thing about magic auth is that we're 
-		// authenticating to the other site. Permissions provided by various 
-		// channels will still affect what we can do once authenticated.
-
-		$b = explode('/',$dest);
-
-		if(count($b) >= 2) {
-			$u = $b[0] . '//' . $b[2];
-
-			if(local_user()) {
-				// first look for a connection or anybody who knows us
-				$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash 
-					left join abook on abook_xchan = hubloc_hash
-					where abook_channel = %d and hubloc_url = '%s' order by hubloc_id desc limit 5",
-					intval(local_user()),
-					dbesc($u)
-				);
-			}
-			if(! $x) {
-				// no luck - ok anybody will do
-				$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
-					where hubloc_url = '%s' order by hubloc_id desc limit 5",
-					dbesc($u)
-				);
-			}
-
-			if($x) {
-				// They must have a valid hubloc_addr
-				while(! strpos($x[0]['hubloc_addr'],'@')) {
-					array_shift($x);
-				}
-			}
 
+	$parsed = parse_url($dest);
+	if(! $parsed)
+		goaway($dest);
 
-		}
-	}
+	$basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); 
 
+	$x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1"
+		dbesc($basepath)
+	);
+	
 	if(! $x) {
 
-		// Finger them if they've never been seen here before
+		// Somebody new? Finger them if they've never been seen here before
 
 		if($addr) {
 			$ret = zot_finger($addr,null);
@@ -78,10 +34,11 @@ function magic_init(&$a) {
 				$j = json_decode($ret['body'],true);
 				if($j)
 					import_xchan($j);
-				$x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash 
-					where xchan_addr = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1",
-					dbesc($addr),
-					intval(HUBLOC_FLAGS_PRIMARY)
+
+				// Now try again
+
+				$x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1"
+					dbesc($basepath)
 				);
 			}
 		}
@@ -112,7 +69,7 @@ function magic_init(&$a) {
 	if(! $arr['proceed'])
 		goaway($dest);
 
-	if($x[0]['hubloc_url'] === z_root()) {
+	if((get_observer_hash()) && ($x[0]['hubloc_url'] === z_root())) {
 		// We are already authenticated on this site and a registered observer.
 		// Just redirect.
 		goaway($dest);
@@ -143,7 +100,6 @@ function magic_init(&$a) {
 			. '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION);
 	}
 
-	if(strpos($dest,'/'))
-		goaway($dest);
-	goaway(z_root());
+	goaway($dest);
+
 }