refactor magic-auth

4 files changed, 10 insertions, 108 deletions

diff --git a/mod/connections.php b/mod/connections.php
index 39bef0209..6b3ed113c 100644
--- a/mod/connections.php
+++ b/mod/connections.php
@@ -669,7 +669,6 @@ function connections_content(&$a) {
 				$contacts[] = array(
 					'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']),
 					'edit_hover' => t('Edit contact'),
-					'photo_menu' => contact_photo_menu($rr),
 					'id' => $rr['abook_id'],
 					'alt_text' => $alt_text,
 					'dir_icon' => $dir_icon,
diff --git a/mod/magic.php b/mod/magic.php
index 6c8ad24ed..e3b14db62 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -91,8 +91,8 @@ function magic_init(&$a) {
 		if($rev)
 			goaway($dest);
 		else {
-			logger('mod_magic: channel not found.' . print_r($_REQUEST,true));
-			notice( t('Channel not found.') . EOL);
+			logger('mod_magic: no channels found for requested hub.' . print_r($_REQUEST,true));
+			notice( t('Hub not found.') . EOL);
 			return;
 		}
 	}
@@ -113,24 +113,9 @@ function magic_init(&$a) {
 		goaway($dest);
 
 	if($x[0]['hubloc_url'] === z_root()) {
-		$webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr']));
-		switch($dest) {
-			case 'channel':
-				$desturl = z_root() . '/channel/' . $webbie;
-				break;
-			case 'photos':
-				$desturl = z_root() . '/photos/' . $webbie;
-				break;
-			case 'profile':
-				$desturl = z_root() . '/profile/' . $webbie;
-				break;
-			default:
-				$desturl = $dest;
-				break;
-		}
 		// We are already authenticated on this site and a registered observer.
 		// Just redirect.
-		goaway($desturl);
+		goaway($dest);
 	}
 
 	if(local_user()) {
@@ -142,20 +127,15 @@ function magic_init(&$a) {
 		$channel['token'] = $token;
 		$channel['token_sig'] = $token_sig;
 
-
-		$recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig']));
-
-		$hash = random_string();
-
 		$r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')",
 			dbesc('auth'),
 			intval($channel['channel_id']),
 			dbesc($token),
-			dbesc($x[0]['hubloc_hash']),
+			dbesc($x[0]['hubloc_url']),
 			dbesc(datetime_convert())
 		);
 
-		$target_url = $x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@')) ;
+		$target_url = $x[0]['hubloc_callback'];
 		logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); 
 
 		goaway($target_url
diff --git a/mod/nogroup.php b/mod/nogroup.php
deleted file mode 100644
index 31ccaadbf..000000000
--- a/mod/nogroup.php
+++ /dev/null
@@ -1,65 +0,0 @@
-<?php
-
-require_once('include/Contact.php');
-require_once('include/socgraph.php');
-require_once('include/contact_selectors.php');
-
-function nogroup_init(&$a) {
-
-	if(! local_user())
-		return;
-
-	require_once('include/group.php');
-	require_once('include/contact_widgets.php');
-
-	if(! x($a->page,'aside'))
-		$a->page['aside'] = '';
-
-	$a->page['aside'] .= group_side('contacts','group',false,0,$contact_id);
-}
-
-
-function nogroup_content(&$a) {
-
-	if(! local_user()) {
-		notice( t('Permission denied.') . EOL);
-		return '';
-	}
-
-	require_once('include/Contact.php');
-	$r = contacts_not_grouped(local_user());
-	if(count($r)) {
-		$a->set_pager_total($r[0]['total']);
-	}
-	$r = contacts_not_grouped(local_user(),$a->pager['start'],$a->pager['itemspage']);
-	if(count($r)) {
-		foreach($r as $rr) {
-
-
-			$contacts[] = array(
-				'img_hover' => sprintf( t('Visit %s\'s profile [%s]'),$rr['name'],$rr['url']),
-				'edit_hover' => t('Edit contact'),
-				'photo_menu' => contact_photo_menu($rr),
-				'id' => $rr['id'],
-				'alt_text' => $alt_text,
-				'dir_icon' => $dir_icon,
-				'thumb' => $rr['thumb'], 
-				'name' => $rr['name'],
-				'username' => $rr['name'],
-				'sparkle' => $sparkle,
-				'itemurl' => $rr['url'],
-				'link' => $url,
-				'network' => network_to_name($rr['network']),
-			);
-		}
-	}
-	$tpl = get_markup_template("nogroup-template.tpl");
-	$o .= replace_macros($tpl,array(
-		'$header' => t('Contacts who are not members of a group'),
-		'$contacts' => $contacts,
-		'$paginate' => paginate($a),
-	)); 
-	
-	return $o;
-
-}
diff --git a/mod/post.php b/mod/post.php
index 2422afa8c..95821307b 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -89,24 +89,11 @@ function post_init(&$a) {
 	if(array_key_exists('auth',$_REQUEST)) {
 		logger('mod_zot: auth request received.');
 		$address = $_REQUEST['auth'];
-		$dest    = $_REQUEST['dest'];
+		$desturl = $_REQUEST['dest'];
 		$sec     = $_REQUEST['sec'];
 		$version = $_REQUEST['version'];
 
-		switch($dest) {
-			case 'channel':
-				$desturl = z_root() . '/channel/' . $webbie;
-				break;
-			case 'photos':
-				$desturl = z_root() . '/photos/' . $webbie;
-				break;
-			case 'profile':
-				$desturl = z_root() . '/profile/' . $webbie;
-				break;
-			default:
-				$desturl = $dest;
-				break;
-		}
+
 		if($webbie) {
 			$c = q("select * from channel where channel_address = '%s' limit 1",
 				dbesc($webbie)
@@ -707,6 +694,7 @@ function post_post(&$a) {
 		$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
 			dbesc($sender_hash)
 		);
+
 		// We created a unique hash in mod/magic.php when we invoked remote auth, and stored it in
 		// the verify table. It is now coming back to us as 'secret' and is signed by the other site.
 		// First verify their signature.
@@ -731,13 +719,13 @@ function post_post(&$a) {
 
 			$confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey']));
 
-			// This additionally checks for forged senders since we already stored the expected result in meta
+			// This additionally checks for forged sites since we already stored the expected result in meta
 			// and we've already verified that this is them via zot_gethub() and that their key signed our token
 
 			$z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' and meta = '%s' limit 1",
 				intval($c[0]['channel_id']),
 				dbesc($data['secret']),
-				dbesc($sender_hash)
+				dbesc($data['sender']['url'])
 			);
 			if(! $z) {
 				logger('mod_zot: auth_check: verification key not found.');