diff options
| -rw-r--r-- | include/zot.php | 34 | ||||
| -rw-r--r-- | mod/authtest.php | 45 | ||||
| -rw-r--r-- | mod/magic.php | 48 | ||||
| -rw-r--r-- | mod/network.php | 8 | ||||
| -rw-r--r-- | mod/post.php | 75 | ||||
| -rw-r--r-- | mod/profile_photo.php | 2 | ||||
| -rw-r--r-- | version.inc | 2 | ||||
| -rw-r--r-- | view/theme/redbasic/css/style.css | 2 | ||||
| -rwxr-xr-x | view/tpl/saved_searches_aside.tpl | 2 |
9 files changed, 198 insertions, 20 deletions
diff --git a/include/zot.php b/include/zot.php index 37373e7ad..77d82f110 100644 --- a/include/zot.php +++ b/include/zot.php @@ -670,19 +670,41 @@ function import_xchan($arr,$ud_flags = 1) { require_once('include/photo/photo_driver.php'); - $photos = import_profile_photo($arr['photo'],$xchan_hash); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' + // see if this is a channel clone that's hosted locally - which we treat different from other xchans/connections + + $local = q("select channel_account_id, channel_id from channel where channel_hash = '%s' limit 1", + dbesc($xchan_hash) + ); + if($local) { + $ph = z_fetch_url($arr['photo'],true); + if($ph['success']) { + import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'],$local[0]['channel_id']); + // reset the names in case they got messed up when we had a bug in this function + $photos = array( + z_root() . '/photo/profile/l/' . $local[0]['channel_id'], + z_root() . '/photo/profile/m/' . $local[0]['channel_id'], + z_root() . '/photo/profile/s/' . $local[0]['channel_id'], + $arr['photo_mimetype'] + ); + } + } + else { + $photos = import_profile_photo($arr['photo'],$xchan_hash); + } + if($photos) { + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", - dbesc($arr['photo_updated']), + dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($xchan_hash) - ); + ); - $what .= 'photo '; - $changed = true; + $what .= 'photo '; + $changed = true; + } } // what we are missing for true hub independence is for any changes in the primary hub to diff --git a/mod/authtest.php b/mod/authtest.php new file mode 100644 index 000000000..2c8d7b4b4 --- /dev/null +++ b/mod/authtest.php @@ -0,0 +1,45 @@ +<?php + +require_once('include/zot.php'); +require_once('mod/magic.php'); + +function authtest_content(&$a) { + + + + $o .= '<h3>Magic-Auth Diagnostic</h3>'; + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return $o; + } + + $o .= '<form action="authtest" method="get">'; + $o .= 'Target URL: <input type="text" style="width: 250px;" name="dest" value="' . $_GET['dest'] .'" />'; + $o .= '<input type="submit" name="submit" value="Submit" /></form>'; + + $o .= '<br /><br />'; + + if(x($_GET,'dest')) { + $_REQUEST['test'] = 1; + $x = magic_init($a); + $o .= 'Local Setup returns: ' . print_r($x,true); + + + + if($x['url']) { + $z = z_fetch_url($x['url'] . '&test=1'); + if($z['success']) { + $j = json_decode($z['body'],true); + if(! $j) + $o .= 'json_decode failure from remote site. ' . print_r($z['body'],true); + $o .= 'Remote site responded: ' . print_r($j,true); + } + else { + $o .= 'fetch url failure.' . print_r($z,true); + } + } + } + + return str_replace("\n",'<br />',$o); +} diff --git a/mod/magic.php b/mod/magic.php index a268f1ecb..03d09e70d 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -4,6 +4,7 @@ function magic_init(&$a) { + $ret = array('success' => false, 'url' => '', 'message' => ''); logger('mod_magic: invoked', LOGGER_DEBUG); logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA); @@ -11,12 +12,18 @@ function magic_init(&$a) { $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); $hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : ''); $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); - $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); + $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); $parsed = parse_url($dest); - if(! $parsed) + if(! $parsed) { + if($test) { + $ret['message'] .= 'could not parse ' . $dest . EOL; + return($ret); + } goaway($dest); + } $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); @@ -49,6 +56,10 @@ function magic_init(&$a) { goaway($dest); else { logger('mod_magic: no channels found for requested hub.' . print_r($_REQUEST,true)); + if($test) { + $ret['message'] .= 'This site has no previous connections with ' . $basepath . EOL; + return $ret; + } notice( t('Hub not found.') . EOL); return; } @@ -66,12 +77,22 @@ function magic_init(&$a) { call_hooks('magic_auth',$arr); $dest = $arr['destination']; - if(! $arr['proceed']) + if(! $arr['proceed']) { + if($test) { + $ret['message'] .= 'cancelled by plugin.' . EOL; + return $ret; + } goaway($dest); + } if((get_observer_hash()) && ($x[0]['hubloc_url'] === z_root())) { // We are already authenticated on this site and a registered observer. // Just redirect. + if($test) { + $ret['success'] = true; + $ret['message'] .= 'Local site - you are already authenticated.' . EOL; + return $ret; + } goaway($dest); } @@ -92,12 +113,25 @@ function magic_init(&$a) { dbesc(datetime_convert()) ); - $target_url = $x[0]['hubloc_callback']; + $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname()) + . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION; + logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); - goaway($target_url - . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname()) - . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION); + if($test) { + $ret['success'] = true; + $ret['url'] = $target_url; + $ret['message'] = 'token ' . $token . ' created for channel ' . $channel['channel_id'] . ' for url ' . $x[0]['hubloc_url'] . EOL; + return $ret; + } + + goaway($target_url); + + } + + if($test) { + $ret['message'] = 'Not authenticated or invalid arguments to mod_magic' . EOL; + return $ret; } goaway($dest); diff --git a/mod/network.php b/mod/network.php index 6c0b84873..8375dada2 100644 --- a/mod/network.php +++ b/mod/network.php @@ -99,7 +99,7 @@ function network_init(&$a) { } - $a->page['aside'] .= group_side('network','network',true,$group_id); + $a->page['aside'] .= group_side('network','network',true,$_GET['gid']); $a->page['aside'] .= posted_date_widget($a->get_baseurl() . '/network',local_user(),false); $a->page['aside'] .= saved_searches($search); @@ -477,6 +477,12 @@ function network_content(&$a, $update = 0, $load = false) { $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; + $x = group_rec_byhash(local_user(), $group_hash); + + if($x) + $o = '<h2>' . t('Collection: ') . $x['name'] . '</h2>' . $o; + + } elseif($cid) { diff --git a/mod/post.php b/mod/post.php index e589378dc..73345c4e9 100644 --- a/mod/post.php +++ b/mod/post.php @@ -83,12 +83,15 @@ function post_init(&$a) { */ if(array_key_exists('auth',$_REQUEST)) { + + $ret = array('success' => false, 'message' => ''); + logger('mod_zot: auth request received.'); $address = $_REQUEST['auth']; $desturl = $_REQUEST['dest']; $sec = $_REQUEST['sec']; $version = $_REQUEST['version']; - + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); // They are authenticating ultimately to the site and not to a particular channel. // Any channel will do, providing it's currently active. We just need to have an @@ -100,8 +103,12 @@ function post_init(&$a) { if(! $c) { // nobody here - logger('mod_zot: auth: unable to find a response channel'); + if($test) { + $ret['message'] .= 'no local channels found.' . EOL; + json_return_and_die($ret); + } + goaway($desturl); } @@ -124,6 +131,12 @@ function post_init(&$a) { } if(! $x) { logger('mod_zot: auth: unable to finger ' . $address); + + if($test) { + $ret['message'] .= 'no hubloc found for ' . $address . ' and probing failed.' . EOL; + json_return_and_die($ret); + } + goaway($desturl); } @@ -143,6 +156,8 @@ function post_init(&$a) { $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + $j = array(); + if(! $already_authed) { // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key @@ -150,19 +165,47 @@ function post_init(&$a) { // which can be verified $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); + if($test) { + $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL; + $ret['message'] .= 'packet contents: ' . $p . EOL; + } + $result = zot_zot($x[0]['hubloc_callback'],$p); + + if(! $result['success']) { logger('mod_zot: auth_check callback failed.'); + if($test) { + $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; + json_return_and_die($ret); + } + goaway($desturl); } $j = json_decode($result['body'],true); + if(! $j) { + logger('mod_zot: auth_check json data malformed.'); + if($test) { + $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; + json_return_and_die($ret); + } + } } + if($test) { + $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; + } + if($already_authed || $j['success']) { if($j['success']) { // legit response, but we do need to check that this wasn't answered by a man-in-middle if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { logger('mod_zot: auth: final confirmation failed.'); + if($test) { + $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true); + json_return_and_die($ret); + } + goaway($desturl); } if(array_key_exists('service_class',$j)) @@ -177,11 +220,23 @@ function post_init(&$a) { if($a->channel['channel_hash'] != $x[0]['xchan_hash']) { logger('mod_zot: auth: already authenticated locally as somebody else.'); notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); + if($test) { + $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; + json_return_and_die($ret); + } + } goaway($desturl); } // log them in + if($test) { + $ret['success'] = true; + $ret['message'] .= 'Success' . EOL; + json_return_and_die($ret); + } + + $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $x[0]['xchan_hash']; $_SESSION['my_address'] = $address; @@ -197,6 +252,11 @@ function post_init(&$a) { logger('mod_zot: auth success from ' . $x[0]['xchan_addr']); } else { + if($test) { + $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + json_return_and_dir($ret); + } + logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", intval(HUBLOC_RECEIVE_ERROR), @@ -208,6 +268,11 @@ function post_init(&$a) { // This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again. // But z_root() probably isn't where you really want to go. + if($test) { + $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + json_return_and_dir($ret); + } + if(strstr($desturl,z_root() . '/rmagic')) goaway(z_root()); @@ -608,6 +673,7 @@ function post_post(&$a) { if(! $encrypted_packet) { logger('mod_zot: auth_check packet was not encrypted.'); + $ret['message'] .= 'no packet encryption' . EOL; json_return_and_die($ret); } @@ -628,11 +694,14 @@ function post_post(&$a) { if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); + $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; json_return_and_die($ret); } // There should be exactly one recipient, the original auth requestor + $ret['message'] .= 'recipients ' . print_r($recipients,true) . EOL; + if($data['recipients']) { $arr = $data['recipients'][0]; @@ -642,6 +711,7 @@ function post_post(&$a) { ); if(! $c) { logger('mod_zot: auth_check: recipient channel not found.'); + $ret['message'] .= 'recipient not found.' . EOL; json_return_and_die($ret); } @@ -657,6 +727,7 @@ function post_post(&$a) { ); if(! $z) { logger('mod_zot: auth_check: verification key not found.'); + $ret['message'] .= 'verification key not found' . EOL; json_return_and_die($ret); } $r = q("delete from verify where id = %d limit 1", diff --git a/mod/profile_photo.php b/mod/profile_photo.php index f8eda43cf..7893cc302 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -42,7 +42,7 @@ function profile_photo_post(&$a) { intval($_REQUEST['profile']), intval(local_user()) ); - if(count($r) && (! intval($r[0]['is_default']))) + if(($r) && (! intval($r[0]['is_default']))) $is_default_profile = 0; } diff --git a/version.inc b/version.inc index 8e4f4a4dc..b1d3ec938 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-12-04.517 +2013-12-05.518 diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css index 36e147502..0ddbe1b86 100644 --- a/view/theme/redbasic/css/style.css +++ b/view/theme/redbasic/css/style.css @@ -331,7 +331,7 @@ footer { margin-bottom: 10px; } -.group-selected, .nets-selected, .fileas-selected, .categories-selected, .active { +.group-selected, .nets-selected, .fileas-selected, .categories-selected, .search-selected, .active { color: #444444 !important; } diff --git a/view/tpl/saved_searches_aside.tpl b/view/tpl/saved_searches_aside.tpl index ea336f969..615eca39d 100755 --- a/view/tpl/saved_searches_aside.tpl +++ b/view/tpl/saved_searches_aside.tpl @@ -6,7 +6,7 @@ {{foreach $saved as $search}} <li id="search-term-{{$search.id}}" class="saved-search-li clear"> <a title="{{$search.delete}}" onclick="return confirmDelete();" id="drop-saved-search-term-{{$search.id}}" href="network/?f=&remove=1&search={{$search.encodedterm}}"><i id="dropicon-saved-search-term-{{$search.id}}" class="icon-remove drop-icons iconspacer savedsearchdrop" ></i></a> - <a id="saved-search-term-{{$search.id}}" class="savedsearchterm" href="network/?f=&search={{$search.encodedterm}}">{{$search.displayterm}}</a> + <a id="saved-search-term-{{$search.id}}" class="savedsearchterm{{if $search.selected}} search-selected{{/if}}" href="network/?f=&search={{$search.encodedterm}}">{{$search.displayterm}}</a> </li> {{/foreach}} </ul> |