diff options
author | Paolo T <tuscanhobbit@users.noreply.github.com> | 2015-03-22 16:34:40 +0100 |
---|---|---|
committer | Paolo T <tuscanhobbit@users.noreply.github.com> | 2015-03-22 16:34:40 +0100 |
commit | 82fb1ca0caaae72b77b641d22e51d5ae1b188183 (patch) | |
tree | a2ecee4e65bc80300c62b5b327965b8118117ad3 /mod/post.php | |
parent | ff5c3b009fa25e87e294cd458d3de4b677270c64 (diff) | |
parent | e345d6793d5f6910dd230f661ca5d1a837b1b504 (diff) | |
download | volse-hubzilla-82fb1ca0caaae72b77b641d22e51d5ae1b188183.tar.gz volse-hubzilla-82fb1ca0caaae72b77b641d22e51d5ae1b188183.tar.bz2 volse-hubzilla-82fb1ca0caaae72b77b641d22e51d5ae1b188183.zip |
Merge pull request #8 from friendica/master
merging red master into nuvola.red
Diffstat (limited to 'mod/post.php')
-rw-r--r-- | mod/post.php | 53 |
1 files changed, 41 insertions, 12 deletions
diff --git a/mod/post.php b/mod/post.php index 6e35632da..31b688221 100644 --- a/mod/post.php +++ b/mod/post.php @@ -30,6 +30,7 @@ function post_init(&$a) { ** dest => the desired destination URL (urlencoded) ** sec => a random string which is also stored on $mysite for use during the verification phase. ** version => the zot revision + ** delegate => optional urlencoded webbie of a local channel to invoke delegation rights for * * When this packet is received, an "auth-check" zot message is sent to $mysite. * (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post) @@ -88,10 +89,12 @@ function post_init(&$a) { $ret = array('success' => false, 'message' => ''); logger('mod_zot: auth request received.'); - $address = $_REQUEST['auth']; - $desturl = $_REQUEST['dest']; - $sec = $_REQUEST['sec']; - $version = $_REQUEST['version']; + $address = $_REQUEST['auth']; + $desturl = $_REQUEST['dest']; + $sec = $_REQUEST['sec']; + $version = $_REQUEST['version']; + $delegate = $_REQUEST['delegate']; + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); // They are authenticating ultimately to the site and not to a particular channel. @@ -158,6 +161,8 @@ function post_init(&$a) { // Also check that they are coming from the same site as they authenticated with originally. $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + if($delegate && $delegate !== $_SESSION['delegate_channel']) + $already_authed = false; $j = array(); @@ -235,6 +240,8 @@ function post_init(&$a) { } goaway($desturl); } + + // log them in if($test) { @@ -243,16 +250,38 @@ function post_init(&$a) { json_return_and_die($ret); } + $delegation_success = false; + if($delegate) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($delegate) + ); + if($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate'); + if($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $x[0]['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + require_once('include/security.php'); + change_channel($r[0]['channel_id']); + $delegation_success = true; + } + } + } + + + $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $x[0]['xchan_hash']; - $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $address; - $_SESSION['remote_service_class'] = $remote_service_class; - $_SESSION['remote_level'] = $remote_level; - $_SESSION['remote_hub'] = $remote_hub; - $_SESSION['DNT'] = $DNT; - + if(! $delegation_success) { + $_SESSION['visitor_id'] = $x[0]['xchan_hash']; + $_SESSION['my_url'] = $x[0]['xchan_url']; + $_SESSION['my_address'] = $address; + $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_level'] = $remote_level; + $_SESSION['remote_hub'] = $remote_hub; + $_SESSION['DNT'] = $DNT; + } + $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); call_hooks('magic_auth_success',$arr); $a->set_observer($x[0]); |