aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authormrjive <mrjive@mrjive.it>2015-09-22 13:11:54 +0200
committermrjive <mrjive@mrjive.it>2015-09-22 13:11:54 +0200
commit5ec3d3e36d8bb7918b844b4ebbeb878c4b45e30d (patch)
treeece0274497ae0f3bc427cfa6e8f10752dd9934dc /mod
parent49d11ed9f88531bcd03f2f129230b0352014c22c (diff)
parent4b13f0e025b08263d7231845bc76034d9adc7847 (diff)
downloadvolse-hubzilla-5ec3d3e36d8bb7918b844b4ebbeb878c4b45e30d.tar.gz
volse-hubzilla-5ec3d3e36d8bb7918b844b4ebbeb878c4b45e30d.tar.bz2
volse-hubzilla-5ec3d3e36d8bb7918b844b4ebbeb878c4b45e30d.zip
Merge pull request #3 from redmatrix/master
updating from original codebase
Diffstat (limited to 'mod')
-rw-r--r--mod/cloud.php38
-rw-r--r--mod/dreport.php43
-rw-r--r--mod/item.php1
-rw-r--r--mod/locs.php15
-rw-r--r--mod/post.php250
5 files changed, 203 insertions, 144 deletions
diff --git a/mod/cloud.php b/mod/cloud.php
index 7f6dc0962..efb33f935 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -73,6 +73,8 @@ function cloud_init(&$a) {
$server->addPlugin($lockPlugin);
+/* This next bit should no longer be needed... */
+
// The next section of code allows us to bypass prompting for http-auth if a
// FILE is being accessed anonymously and permissions allow this. This way
// one can create hotlinks to public media files in their cloud and anonymous
@@ -83,24 +85,24 @@ function cloud_init(&$a) {
// In order to avoid prompting for passwords for viewing a DIRECTORY, add
// the URL query parameter 'davguest=1'.
- $isapublic_file = false;
- $davguest = ((x($_SESSION, 'davguest')) ? true : false);
-
- if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
- try {
- $x = RedFileData('/' . $a->cmd, $auth);
- if($x instanceof RedDAV\RedFile)
- $isapublic_file = true;
- }
- catch (Exception $e) {
- $isapublic_file = false;
- }
- }
-
- if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
- logger('mod_cloud: auth exception');
- http_status_exit(401, 'Permission denied.');
- }
+// $isapublic_file = false;
+// $davguest = ((x($_SESSION, 'davguest')) ? true : false);
+
+// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
+// try {
+// $x = RedFileData('/' . $a->cmd, $auth);
+// if($x instanceof RedDAV\RedFile)
+// $isapublic_file = true;
+// }
+// catch (Exception $e) {
+// $isapublic_file = false;
+// }
+// }
+
+// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
+// logger('mod_cloud: auth exception');
+// http_status_exit(401, 'Permission denied.');
+// }
require_once('include/RedDAV/RedBrowser.php');
// provide a directory view for the cloud in Hubzilla
diff --git a/mod/dreport.php b/mod/dreport.php
new file mode 100644
index 000000000..a20e17372
--- /dev/null
+++ b/mod/dreport.php
@@ -0,0 +1,43 @@
+<?php
+
+function dreport_content(&$a) {
+
+ if(! local_channel()) {
+ notice( t('Permission denied') . EOL);
+ return;
+ }
+
+ $channel = $a->get_channel();
+
+ $mid = ((argc() > 1) ? argv(1) : '');
+
+ if(! $mid) {
+ notice( t('Invalid message') . EOL);
+ return;
+ }
+
+ $r = q("select * from dreport where dreport_xchan = '%s' and dreport_mid = '%s'",
+ dbesc($channel['channel_hash']),
+ dbesc($mid)
+ );
+
+ if(! $r) {
+ notice( t('no results') . EOL);
+ return;
+ }
+
+
+ $o .= '<h2>' . sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...' . '</h2>';
+ $o .= '<table>';
+
+ foreach($r as $rr) {
+ $name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' ')));
+ $o .= '<tr><td>' . $name . '</td><td>' . escape_tags($rr['dreport_result']) . '</td><td>' . escape_tags($rr['dreport_time']) . '</td></tr>';
+ }
+ $o .= '</table>';
+
+ return $o;
+
+
+
+} \ No newline at end of file
diff --git a/mod/item.php b/mod/item.php
index d0cf59091..93f24bd1a 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -641,6 +641,7 @@ function item_post(&$a) {
$item_unseen = ((local_channel() != $profile_uid) ? 1 : 0);
$item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0);
$item_origin = (($origin) ? 1 : 0);
+ $item_consensus = (($consensus) ? 1 : 0);
// determine if this is a wall post
diff --git a/mod/locs.php b/mod/locs.php
index 3f8bd9029..3c6a5da67 100644
--- a/mod/locs.php
+++ b/mod/locs.php
@@ -50,8 +50,17 @@ function locs_post(&$a) {
return;
}
if(intval($r[0]['hubloc_primary'])) {
- notice( t('Primary location cannot be removed.') . EOL);
- return;
+ $x = q("select hubloc_id from hubloc where hubloc_primary = 1 and hubloc_hash = '%s'",
+ dbesc($channel['channel_hash'])
+ );
+ if(! $x) {
+ notice( t('Location lookup failed.'));
+ return;
+ }
+ if(count($x) == 1) {
+ notice( t('Please select another location to become primary before removing the primary location.') . EOL);
+ return;
+ }
}
$r = q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d and hubloc_hash = '%s'",
@@ -91,8 +100,6 @@ function locs_content(&$a) {
$r[$x]['deleted'] = (intval($r[$x]['hubloc_deleted']) ? true : false);
}
-
-
$o = replace_macros(get_markup_template('locmanage.tpl'), array(
'$header' => t('Manage Channel Locations'),
'$loc' => t('Location (address)'),
diff --git a/mod/post.php b/mod/post.php
index dfda7db9d..00e599b49 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -117,7 +117,7 @@ function post_init(&$a) {
}
// Try and find a hubloc for the person attempting to auth
- $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1",
+ $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc",
dbesc($address)
);
@@ -128,7 +128,7 @@ function post_init(&$a) {
$j = json_decode($ret['body'], true);
if ($j)
import_xchan($j);
- $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1",
+ $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc",
dbesc($address)
);
}
@@ -144,152 +144,159 @@ function post_init(&$a) {
goaway($desturl);
}
- logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] );
- // check credentials and access
+ foreach($x as $xx) {
+ logger('mod_zot: auth request received from ' . $xx['hubloc_addr'] );
- // If they are already authenticated and haven't changed credentials,
- // we can save an expensive network round trip and improve performance.
+ // check credentials and access
- $remote = remote_channel();
- $result = null;
- $remote_service_class = '';
- $remote_level = 0;
- $remote_hub = $x[0]['hubloc_url'];
- $DNT = 0;
+ // If they are already authenticated and haven't changed credentials,
+ // we can save an expensive network round trip and improve performance.
- // Also check that they are coming from the same site as they authenticated with originally.
+ $remote = remote_channel();
+ $result = null;
+ $remote_service_class = '';
+ $remote_level = 0;
+ $remote_hub = $xx['hubloc_url'];
+ $DNT = 0;
- $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
- if($delegate && $delegate !== $_SESSION['delegate_channel'])
- $already_authed = false;
+ // Also check that they are coming from the same site as they authenticated with originally.
- $j = array();
+ $already_authed = ((($remote) && ($xx['hubloc_hash'] == $remote) && ($xx['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
+ if($delegate && $delegate !== $_SESSION['delegate_channel'])
+ $already_authed = false;
- if (! $already_authed) {
+ $j = array();
- // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key
- // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender
- // which can be verified
-
- $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec);
- if ($test) {
- $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL;
- $ret['message'] .= 'packet contents: ' . $p . EOL;
- }
-
- $result = zot_zot($x[0]['hubloc_callback'],$p);
+ if (! $already_authed) {
- if (! $result['success']) {
- logger('mod_zot: auth_check callback failed.');
+ // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key
+ // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender
+ // which can be verified
+
+ $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $xx['hubloc_guid'],'guid_sig' => $xx['hubloc_guid_sig'])), $xx['hubloc_sitekey'], $sec);
if ($test) {
- $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
- json_return_and_die($ret);
- }
-
- goaway($desturl);
- }
- $j = json_decode($result['body'], true);
- if (! $j) {
- logger('mod_zot: auth_check json data malformed.');
- if($test) {
- $ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
- json_return_and_die($ret);
+ $ret['message'] .= 'auth check packet created using sitekey ' . $xx['hubloc_sitekey'] . EOL;
+ $ret['message'] .= 'packet contents: ' . $p . EOL;
}
- }
- }
- if ($test) {
- $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
- }
+ $result = zot_zot($xx['hubloc_callback'],$p);
- if ($already_authed || $j['success']) {
- if ($j['success']) {
- // legit response, but we do need to check that this wasn't answered by a man-in-middle
- if (! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) {
- logger('mod_zot: auth: final confirmation failed.');
+ if (! $result['success']) {
+ logger('mod_zot: auth_check callback failed.');
if ($test) {
- $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true);
- json_return_and_die($ret);
+ $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
+ continue;
+ }
+ continue;
+ }
+ $j = json_decode($result['body'], true);
+ if (! $j) {
+ logger('mod_zot: auth_check json data malformed.');
+ if($test) {
+ $ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
+ continue;
}
-
- goaway($desturl);
}
- if (array_key_exists('service_class',$j))
- $remote_service_class = $j['service_class'];
- if (array_key_exists('level',$j))
- $remote_level = $j['level'];
- if (array_key_exists('DNT',$j))
- $DNT = $j['DNT'];
}
- // everything is good... maybe
- if(local_channel()) {
- // tell them to logout if they're logged in locally as anything but the target remote account
- // in which case just shut up because they don't need to be doing this at all.
+ if ($test) {
+ $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
+ }
- if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) {
- logger('mod_zot: auth: already authenticated locally as somebody else.');
- notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
- if ($test) {
- $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
- json_return_and_die($ret);
+ if ($already_authed || $j['success']) {
+ if ($j['success']) {
+ // legit response, but we do need to check that this wasn't answered by a man-in-middle
+ if (! rsa_verify($sec . $xx['xchan_hash'],base64url_decode($j['confirm']),$xx['xchan_pubkey'])) {
+ logger('mod_zot: auth: final confirmation failed.');
+ if ($test) {
+ $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($xx,true);
+ continue;
+ }
+
+ continue;
}
+ if (array_key_exists('service_class',$j))
+ $remote_service_class = $j['service_class'];
+ if (array_key_exists('level',$j))
+ $remote_level = $j['level'];
+ if (array_key_exists('DNT',$j))
+ $DNT = $j['DNT'];
+ }
+ // everything is good... maybe
+ if(local_channel()) {
+
+ // tell them to logout if they're logged in locally as anything but the target remote account
+ // in which case just shut up because they don't need to be doing this at all.
+
+ if ($a->channel['channel_hash'] != $xx['xchan_hash']) {
+ logger('mod_zot: auth: already authenticated locally as somebody else.');
+ notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
+ if ($test) {
+ $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
+ continue;
+ }
+ }
+ continue;
}
- goaway($desturl);
- }
- // log them in
+ // log them in
- if ($test) {
- $ret['success'] = true;
- $ret['message'] .= 'Authentication Success!' . EOL;
- json_return_and_die($ret);
- }
+ if ($test) {
+ $ret['success'] = true;
+ $ret['message'] .= 'Authentication Success!' . EOL;
+ json_return_and_die($ret);
+ }
- $delegation_success = false;
- if ($delegate) {
- $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
- dbesc($delegate)
- );
- if ($r && intval($r[0]['channel_id'])) {
- $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate');
- if ($allowed) {
- $_SESSION['delegate_channel'] = $r[0]['channel_id'];
- $_SESSION['delegate'] = $x[0]['xchan_hash'];
- $_SESSION['account_id'] = intval($r[0]['channel_account_id']);
- require_once('include/security.php');
- change_channel($r[0]['channel_id']);
- $delegation_success = true;
+ $delegation_success = false;
+ if ($delegate) {
+ $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
+ dbesc($delegate)
+ );
+ if ($r && intval($r[0]['channel_id'])) {
+ $allowed = perm_is_allowed($r[0]['channel_id'],$xx['xchan_hash'],'delegate');
+ if ($allowed) {
+ $_SESSION['delegate_channel'] = $r[0]['channel_id'];
+ $_SESSION['delegate'] = $xx['xchan_hash'];
+ $_SESSION['account_id'] = intval($r[0]['channel_account_id']);
+ require_once('include/security.php');
+ change_channel($r[0]['channel_id']);
+ $delegation_success = true;
+ }
}
}
- }
- $_SESSION['authenticated'] = 1;
- if (! $delegation_success) {
- $_SESSION['visitor_id'] = $x[0]['xchan_hash'];
- $_SESSION['my_url'] = $x[0]['xchan_url'];
- $_SESSION['my_address'] = $address;
- $_SESSION['remote_service_class'] = $remote_service_class;
- $_SESSION['remote_level'] = $remote_level;
- $_SESSION['remote_hub'] = $remote_hub;
- $_SESSION['DNT'] = $DNT;
+ $_SESSION['authenticated'] = 1;
+ if (! $delegation_success) {
+ $_SESSION['visitor_id'] = $xx['xchan_hash'];
+ $_SESSION['my_url'] = $xx['xchan_url'];
+ $_SESSION['my_address'] = $address;
+ $_SESSION['remote_service_class'] = $remote_service_class;
+ $_SESSION['remote_level'] = $remote_level;
+ $_SESSION['remote_hub'] = $remote_hub;
+ $_SESSION['DNT'] = $DNT;
+ }
+
+ $arr = array('xchan' => $xx, 'url' => $desturl, 'session' => $_SESSION);
+ call_hooks('magic_auth_success',$arr);
+ $a->set_observer($xx);
+ require_once('include/security.php');
+ $a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+ info(sprintf( t('Welcome %s. Remote authentication successful.'),$xx['xchan_name']));
+ logger('mod_zot: auth success from ' . $xx['xchan_addr']);
+ }
+ else {
+ if ($test) {
+ $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
+ continue;
+ }
+ logger('mod_zot: magic-auth failure - not authenticated: ' . $xx['xchan_addr']);
}
- $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
- call_hooks('magic_auth_success',$arr);
- $a->set_observer($x[0]);
- require_once('include/security.php');
- $a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
- info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
- logger('mod_zot: auth success from ' . $x[0]['xchan_addr']);
- }
- else {
- if($test) {
- $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
- json_return_and_die($ret);
+ if ($test) {
+ $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
+ continue;
}
- logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']);
}
/**
@@ -299,14 +306,13 @@ function post_init(&$a) {
* But z_root() probably isn't where you really want to go.
*/
+ if(strstr($desturl,z_root() . '/rmagic'))
+ goaway(z_root());
+
if ($test) {
- $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
json_return_and_die($ret);
}
- if(strstr($desturl,z_root() . '/rmagic'))
- goaway(z_root());
-
goaway($desturl);
}
}