aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorzottel <github@zottel.net>2014-02-19 08:30:14 +0100
committerzottel <github@zottel.net>2014-02-19 08:30:14 +0100
commit79d3dae7fa80df6ea6914807bcde4d8b8c390361 (patch)
tree96327bd990038c66f0e644c505522cb424a1bbd0 /mod
parent2bca2199112625593eb412584e17e874e71ca913 (diff)
parent24d119b8c4e94ed130577e4e4a8d17ea13c406ac (diff)
downloadvolse-hubzilla-79d3dae7fa80df6ea6914807bcde4d8b8c390361.tar.gz
volse-hubzilla-79d3dae7fa80df6ea6914807bcde4d8b8c390361.tar.bz2
volse-hubzilla-79d3dae7fa80df6ea6914807bcde4d8b8c390361.zip
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'mod')
-rw-r--r--mod/bookmarks.php4
-rw-r--r--mod/item.php10
-rw-r--r--mod/openid.php188
-rw-r--r--mod/rmagic.php58
-rw-r--r--mod/settings.php3
-rw-r--r--mod/siteinfo.php6
6 files changed, 245 insertions, 24 deletions
diff --git a/mod/bookmarks.php b/mod/bookmarks.php
index 67208937d..c5be68b8e 100644
--- a/mod/bookmarks.php
+++ b/mod/bookmarks.php
@@ -57,7 +57,7 @@ function bookmarks_content(&$a) {
if($x) {
foreach($x as $xx) {
$y = menu_fetch($xx['menu_name'],local_user(),get_observer_hash());
- $o .= menu_render($y);
+ $o .= menu_render($y,true);
}
}
@@ -69,7 +69,7 @@ function bookmarks_content(&$a) {
if($x) {
foreach($x as $xx) {
$y = menu_fetch($xx['menu_name'],local_user(),get_observer_hash());
- $o .= menu_render($y);
+ $o .= menu_render($y,true);
}
}
diff --git a/mod/item.php b/mod/item.php
index fa7720791..dc005bb20 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -453,6 +453,16 @@ function item_post(&$a) {
* the post and we should keep it private. If it's encrypted we have no way of knowing
* so we'll set the permissions regardless and realise that the media may not be
* referenced in the post.
+ *
+ * What is preventing us from being able to upload photos into comments is dealing with
+ * the photo and attachment permissions, since we don't always know who was in the
+ * distribution for the top level post.
+ *
+ * We might be able to provide this functionality with a lot of fiddling:
+ * - if the top level post is public (make the photo public)
+ * - if the top level post was written by us or a wall post that belongs to us (match the top level post)
+ * - if the top level post has privacy mentions, add those to the permissions.
+ * - otherwise disallow the photo *or* make the photo public. This is the part that gets messy.
*/
if(! $preview) {
diff --git a/mod/openid.php b/mod/openid.php
new file mode 100644
index 000000000..1ab8749ee
--- /dev/null
+++ b/mod/openid.php
@@ -0,0 +1,188 @@
+<?php
+
+
+require_once('library/openid/openid.php');
+require_once('include/auth.php');
+
+function openid_content(&$a) {
+
+ $noid = get_config('system','disable_openid');
+ if($noid)
+ goaway(z_root());
+
+ logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
+
+ if(x($_REQUEST,'openid_mode')) {
+
+ $openid = new LightOpenID(z_root());
+
+ if($openid->validate()) {
+
+ logger('openid: validate');
+
+ $authid = normalise_openid($_REQUEST['openid_identity']);
+
+ if(! strlen($authid)) {
+ logger( t('OpenID protocol error. No ID returned.') . EOL);
+ goaway(z_root());
+ }
+
+ $x = match_openid($authid);
+ if($x) {
+
+ $r = q("select * from channel where channel_id = %d limit 1",
+ intval($x)
+ );
+ if($r) {
+ $y = q("select * from account where account_id = %d limit 1",
+ intval($r[0]['channel_account_id'])
+ );
+ if($y) {
+ foreach($y as $record) {
+ if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) {
+ logger('mod_openid: openid success for ' . $x[0]['channel_name']);
+ $_SESSION['uid'] = $r[0]['channel_id'];
+ $_SESSION['authenticated'] = true;
+ authenticate_success($record,true,true,true,true);
+ goaway(z_root());
+ }
+ }
+ }
+ }
+ }
+
+ // Successful OpenID login - but we can't match it to an existing account.
+ // See if they've got an xchan
+
+ $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1",
+ dbesc($authid)
+ );
+
+ if($r) {
+ $_SESSION['authenticated'] = 1;
+ $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
+ $_SESSION['my_address'] = $r[0]['xchan_addr'];
+ $arr = array('xchan' => $r[0], 'session' => $_SESSION);
+ call_hooks('magic_auth_openid_success',$arr);
+ $a->set_observer($r[0]);
+ require_once('include/security.php');
+ $a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+ info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name']));
+ logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
+ if($_SESSION['return_url'])
+ goaway($_SESSION['return_url']);
+ goaway(z_root());
+ }
+
+ // no xchan...
+ // create one.
+ // We should probably probe the openid url and figure out if they have any kind of social presence we might be able to
+ // scrape some identifying info from.
+
+ $name = $authid;
+ $url = trim($_REQUEST['openid_identity'],'/');
+ if(strpos($url,'http') === false)
+ $url = 'https://' . $url;
+ $pphoto = get_default_profile_photo();
+ $parsed = @parse_url($url);
+ if($parsed) {
+ $host = $parsed['host'];
+ }
+
+ $attr = $openid->getAttributes();
+
+ if(is_array($attr) && count($attr)) {
+ foreach($attr as $k => $v) {
+ if($k === 'namePerson/friendly')
+ $nick = notags(trim($v));
+ if($k === 'namePerson/first')
+ $first = notags(trim($v));
+ if($k === 'namePerson')
+ $name = notags(trim($v));
+ if($k === 'contact/email')
+ $addr = notags(trim($v));
+ if($k === 'media/image/aspect11')
+ $photosq = trim($v);
+ if($k === 'media/image/default')
+ $photo_other = trim($v);
+ }
+ }
+ if(! $nick) {
+ if($first)
+ $nick = $first;
+ else
+ $nick = $name;
+ }
+
+ require_once('library/urlify/URLify.php');
+ $x = strtolower(URLify::transliterate($nick));
+ if($nick & $host)
+ $addr = $nick . '@' . $host;
+ $network = 'unknown';
+
+ if($photosq)
+ $pphoto = $photosq;
+ elseif($photo_other)
+ $pphoto = $photo_other;
+
+ $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,
+ xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date,
+ xchan_name_date, xchan_flags)
+ values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d) ",
+ dbesc($url),
+ dbesc(''),
+ dbesc(''),
+ dbesc(''),
+ dbesc('image/jpeg'),
+ dbesc($pphoto),
+ dbesc($addr),
+ dbesc($url),
+ dbesc(''),
+ dbesc(''),
+ dbesc(''),
+ dbesc($name),
+ dbesc($network),
+ dbesc(datetime_convert()),
+ dbesc(datetime_convert()),
+ intval(XCHAN_FLAGS_HIDDEN)
+ );
+ if($x) {
+ $r = q("select * from xchan where xchan_hash = '%s' limit 1",
+ dbesc($url)
+ );
+ if($r) {
+
+ $photos = import_profile_photo($pphoto,$url);
+ if($photos) {
+ $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s',
+ xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1",
+ dbesc(datetime_convert()),
+ dbesc($photos[0]),
+ dbesc($photos[1]),
+ dbesc($photos[2]),
+ dbesc($photos[3]),
+ dbesc($url)
+ );
+ }
+
+ set_xconfig($url,'system','openid',$authid);
+ $_SESSION['authenticated'] = 1;
+ $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
+ $_SESSION['my_address'] = $r[0]['xchan_addr'];
+ $arr = array('xchan' => $r[0], 'session' => $_SESSION);
+ call_hooks('magic_auth_openid_success',$arr);
+ $a->set_observer($r[0]);
+ info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name']));
+ logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
+ if($_SESSION['return_url'])
+ goaway($_SESSION['return_url']);
+ goaway(z_root());
+ }
+ }
+
+ }
+ }
+ notice( t('Login failed.') . EOL);
+ goaway(z_root());
+ // NOTREACHED
+}
diff --git a/mod/rmagic.php b/mod/rmagic.php
index b8c1c6553..946277327 100644
--- a/mod/rmagic.php
+++ b/mod/rmagic.php
@@ -22,31 +22,53 @@ function rmagic_init(&$a) {
function rmagic_post(&$a) {
- $address = $_REQUEST['address'];
+ $address = trim($_REQUEST['address']);
+
if(strpos($address,'@') === false) {
- notice('Invalid address.');
- return;
- }
+ $arr = array('address' => $address);
+ call_hooks('reverse_magic_auth', $arr);
- $r = null;
- if($address) {
- $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
- dbesc($address)
- );
- }
- if($r) {
- $url = $r[0]['hubloc_url'];
+ try {
+ require_once('library/openid/openid.php');
+ $openid = new LightOpenID(z_root());
+ $openid->identity = $address;
+ $openid->returnUrl = z_root() . '/openid';
+ goaway($openid->authUrl());
+ } catch (Exception $e) {
+ notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
+ }
+
+ // if they're still here...
+ notice( t('Authentication failed.') . EOL);
+ return;
}
else {
- $url = 'https://' . substr($address,strpos($address,'@')+1);
- }
- if($url) {
- $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
- goaway($url . '/magic' . '?f=&dest=' . $dest);
- }
+ // Presumed Red identity. Perform reverse magic auth
+
+ if(strpos($address,'@') === false) {
+ notice('Invalid address.');
+ return;
+ }
+ $r = null;
+ if($address) {
+ $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
+ dbesc($address)
+ );
+ }
+ if($r) {
+ $url = $r[0]['hubloc_url'];
+ }
+ else {
+ $url = 'https://' . substr($address,strpos($address,'@')+1);
+ }
+ if($url) {
+ $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
+ goaway($url . '/magic' . '?f=&dest=' . $dest);
+ }
+ }
}
diff --git a/mod/settings.php b/mod/settings.php
index 97965d0fd..5b0a8e8f2 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -798,6 +798,7 @@ function settings_content(&$a) {
array( t('Anybody in your address book'), PERMS_CONTACTS),
array( t('Anybody on this website'), PERMS_SITE),
array( t('Anybody in this network'), PERMS_NETWORK),
+ array( t('Anybody authenticated'), PERMS_AUTHED),
array( t('Anybody on the internet'), PERMS_PUBLIC)
);
@@ -979,7 +980,7 @@ function settings_content(&$a) {
'$h_descadvn' => t('Change the behaviour of this account for special situations'),
'$pagetype' => $pagetype,
'$expert' => feature_enabled(local_user(),'expert'),
- '$hint' => t('Please enable expert mode (in Settings > Additional features) to adjust!'),
+ '$hint' => t('Please enable expert mode (in <a href="settings/features">Settings > Additional features</a>) to adjust!'),
));
diff --git a/mod/siteinfo.php b/mod/siteinfo.php
index 6b962c488..7fdb892d2 100644
--- a/mod/siteinfo.php
+++ b/mod/siteinfo.php
@@ -91,7 +91,7 @@ function siteinfo_content(&$a) {
$admininfo = bbcode(get_config('system','admininfo'));
$project_donate = t('Project Donations');
- $donate_text = t('<p>The Red Matrix is provided for you by volunteers working in their spare time. Your support will help us to build a better web. Select the following option for a one-time donation of your choosing</p>');
+ $donate_text = t('<p>The Red Matrix is provided for you by volunteers working in their spare time. Your support will help us to build a better, freer, and privacy respecting web. Select the following option for a one-time donation of your choosing</p>');
$alternatively = t('<p>or</p>');
$recurring = t('Recurring Donation Options');
@@ -99,12 +99,12 @@ function siteinfo_content(&$a) {
<h3>{$project_donate}</h3>
$donate_text
<form action="https://www.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_donations" /><input type="hidden" name="business" value="mike@macgirvin.com" /><input type="hidden" name="lc" value="US" /><input type="hidden" name="item_name" value="Distributed Social Network Support Donation" /><input type="hidden" name="no_note" value="0" /><input type="hidden" name="currency_code" value="USD" /><input type="hidden" name="bn" value="PP-DonationsBF:btn_donate_LG.gif:NonHostedGuest" /><input style="border: none;" type="image" name="submit" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" alt="Donations gladly accepted to support our work" /></form><br />
-$alternatively
+<strong>$alternatively</strong>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_s-xclick" /><input type="hidden" name="hosted_button_id" value="FHV36KE28CYM8" /><br />
<table><tbody><tr><td><input type="hidden" name="on0" value="$recurring" />$recurring</td>
</tr><tr><td>
<select name="os0"><option value="Option 1">Option 1 : $3.00USD - monthly</option><option value="Option 2">Option 2 : $5.00USD - monthly</option><option value="Option 3">Option 3 : $10.00USD - monthly</option><option value="Option 4">Option 4 : $20.00USD - monthly</option></select></td>
-</tr></tbody></table><p><input type="hidden" name="currency_code" value="USD" /><input type="image" border="0" name="submit" src="https://www.paypalobjects.com/en_US/i/btn/btn_subscribeCC_LG.gif" alt="PayPal - The safer, easier way to pay online!" /><img src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" alt="" width="1" height="1" border="0" /></p></form>
+</tr></tbody></table><p><input type="hidden" name="currency_code" value="USD" /><input type="image" style="border: none;" border="0" name="submit" src="https://www.paypalobjects.com/en_US/i/btn/btn_subscribeCC_LG.gif" alt="PayPal - The safer, easier way to pay online!" /><img src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" alt="" width="1" height="1" border="0" /></p></form>
<p></p>
EOT;