aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-09-20 18:44:40 -0700
committerfriendica <info@friendica.com>2012-09-20 18:44:40 -0700
commit146e11064e8708489e76f8519b22011568f51d32 (patch)
tree5d0592c790e05bbef03de3251a53044061c4ff18 /mod
parent945b0ec07d2e8de01ae58103e19132f1d2d37a27 (diff)
downloadvolse-hubzilla-146e11064e8708489e76f8519b22011568f51d32.tar.gz
volse-hubzilla-146e11064e8708489e76f8519b22011568f51d32.tar.bz2
volse-hubzilla-146e11064e8708489e76f8519b22011568f51d32.zip
more work on magic auth
Diffstat (limited to 'mod')
-rw-r--r--mod/magic.php77
1 files changed, 77 insertions, 0 deletions
diff --git a/mod/magic.php b/mod/magic.php
new file mode 100644
index 000000000..9473af6ea
--- /dev/null
+++ b/mod/magic.php
@@ -0,0 +1,77 @@
+<?php
+
+function magic_init(&$a) {
+
+ $url = ((x($_REQUEST,'url')) ? $_REQUEST['url'] : '');
+
+
+ if(local_user() && $argc() > 1 && intval(argv(1))) {
+
+ $cid = $argv(1);
+
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($cid),
+ intval(local_user())
+ );
+
+ if(! ($r && count($r)))
+ goaway(z_root());
+
+
+ $sec = random_string();
+
+ // Here's how it works in zot... still a fair bit of code to write
+ // Originator (us) posts our id/sig/location/location_sig with a random tracking code.
+ // The other site will call us back asynchronously and do the verification dance.
+ // Once that has happened, we will be issued an encrypted token
+ // We'll redirect to the site with the decrypted token (which is good for one use).
+
+
+
+
+ q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)
+ VALUES( %d, %s, '%s', '%s', %d )",
+ intval(local_user()),
+ intval($cid),
+ dbesc($dfrn_id),
+ dbesc($sec),
+ intval(time() + 45)
+ );
+
+
+
+ $postvars = array();
+
+ $postvars['tracking'] = $sec;
+
+
+ $ret = $z_post_url($hubloc['hubloc_connect'],$postvars);
+ if($ret['success']) {
+ $j = json_decode($ret['body']);
+ if($j->result && $j->token) {
+ $token = openssl_private_decrypt($j->token,$channel['prvkey']);
+
+
+
+
+
+ logger('mod_magic: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG);
+ $dest = (($url) ? '&destination_url=' . $url : '');
+ goaway ($hubloc['hubloc_connect'] . "?f=" . $dest . "&token=" . $token);
+ }
+
+ }
+ }
+
+ if(local_user())
+ $handle = $a->user['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3);
+ if(remote_user())
+ $handle = $_SESSION['handle'];
+
+ if($url) {
+ $url = str_replace('{zid}','&zid=' . $handle,$url);
+ goaway($url);
+ }
+
+ goaway(z_root());
+}