diff options
| -rw-r--r-- | boot.php | 2 | ||||
| -rw-r--r-- | include/auth.php | 6 | ||||
| -rw-r--r-- | include/security.php | 2 | ||||
| -rw-r--r-- | mod/post.php | 3 |
4 files changed, 7 insertions, 6 deletions
@@ -1186,7 +1186,7 @@ if(! function_exists('local_user')) { if(! function_exists('remote_user')) { function remote_user() { if((x($_SESSION,'authenticated')) && (x($_SESSION,'visitor_id'))) - return intval($_SESSION['visitor_id']); + return $_SESSION['visitor_id']; return false; } } diff --git a/include/auth.php b/include/auth.php index 75a450dc8..9cdbd80d5 100644 --- a/include/auth.php +++ b/include/auth.php @@ -63,9 +63,9 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p info( t('Logged out.') . EOL); goaway(z_root()); } - +dbg(1); if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { - $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1", dbesc($_SESSION['visitor_id']) ); if($r) { @@ -77,7 +77,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p } $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); } - +dbg(0); if(x($_SESSION,'uid') || x($_SESSION,'account_id')) { // already logged in user returning diff --git a/include/security.php b/include/security.php index 25318b3e8..f28174153 100644 --- a/include/security.php +++ b/include/security.php @@ -349,7 +349,7 @@ if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); $r = q("SELECT gid FROM group_member WHERE xchan = '%s' ", - intval($contact_id) + dbesc($contact_id) ); if(count($r)) { foreach($r as $rr) diff --git a/mod/post.php b/mod/post.php index 7a96bcf7a..36b2e1482 100644 --- a/mod/post.php +++ b/mod/post.php @@ -87,8 +87,9 @@ function post_init(&$a) { $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $x[0]['xchan_hash']; $a->set_observer($x[0]); + require_once('include/security.php'); $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); - notice(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); } } |