diff options
author | Mike Macgirvin <mike@macgirvin.com> | 2010-09-09 17:09:38 -0700 |
---|---|---|
committer | Mike Macgirvin <mike@macgirvin.com> | 2010-09-09 17:09:38 -0700 |
commit | 440a3fea3fd6f9b759da06886708d42a3f2a2553 (patch) | |
tree | a99c814ebe20713235345b8645103a568d3d1fdd /mod | |
parent | 62fdf346ff38fa44903de7556a66904f12a5e010 (diff) | |
download | volse-hubzilla-440a3fea3fd6f9b759da06886708d42a3f2a2553.tar.gz volse-hubzilla-440a3fea3fd6f9b759da06886708d42a3f2a2553.tar.bz2 volse-hubzilla-440a3fea3fd6f9b759da06886708d42a3f2a2553.zip |
redirection to wrong profile in multi-user mode
Diffstat (limited to 'mod')
-rw-r--r-- | mod/dfrn_confirm.php | 4 | ||||
-rw-r--r-- | mod/dfrn_poll.php | 40 |
2 files changed, 26 insertions, 18 deletions
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 86227d537..44a6ad147 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -370,7 +370,8 @@ function dfrn_confirm_post(&$a) { `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, - `pending` = 0, + `pending` = 0, + `duplex` = %d, `network` = 'dfrn' WHERE `id` = %d LIMIT 1 ", dbesc($photo), @@ -379,6 +380,7 @@ function dfrn_confirm_post(&$a) { dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), + intval($duplex), intval($contact_id) ); if($r === false) diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index aa60abff8..a20135f81 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -27,29 +27,35 @@ function dfrn_poll_init(&$a) { $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) LIMIT 1", + WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) ", dbesc($dfrn_id), dbesc($dfrn_id) ); - + if(count($r)) { - $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check'); - if(strlen($s)) { - $xml = simplexml_load_string($s); - if((int) $xml->status == 1) { - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $r[0]['id']; - notice( t('Hi ') . $r[0]['name'] . EOL); - // Visitors get 1 day session. - $session_id = session_id(); - $expire = time() + 86400; - q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", - dbesc($expire), - dbesc($session_id)); + foreach($r as $rr) { + if(local_user() && ($rr['uid'] == get_uid())) + continue; + + $s = fetch_url($rr['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check'); + if(strlen($s)) { + $xml = simplexml_load_string($s); + if((int) $xml->status == 1) { + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $rr['id']; + notice( t('Hi ') . $rr['name'] . EOL); + // Visitors get 1 day session. + $session_id = session_id(); + $expire = time() + 86400; + q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", + dbesc($expire), + dbesc($session_id) + ); + } } + $profile = $rr['nickname']; + goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); } - $profile = $r[0]['nickname']; - goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); } goaway($a->get_baseurl()); |