diff options
-rw-r--r-- | include/account.php | 9 | ||||
-rw-r--r-- | include/auth.php | 8 | ||||
-rw-r--r-- | mod/item.php | 10 | ||||
-rw-r--r-- | mod/openid.php | 51 |
4 files changed, 57 insertions, 21 deletions
diff --git a/include/account.php b/include/account.php index 242e6512f..1206223d9 100644 --- a/include/account.php +++ b/include/account.php @@ -440,7 +440,8 @@ function downgrade_accounts() { dbesc('0000-00-00 00:00:00'), intval($rr['account_id']) ); - call_hooks('account_downgrade', array('account' => $rr)); + $ret = array('account' => $rr); + call_hooks('account_downgrade', $ret ); logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' downgraded.'); } else { @@ -448,8 +449,10 @@ function downgrade_accounts() { intval(ACCOUNT_EXPIRED), intval($rr['account_id']) ); - call_hooks('account_downgrade', array('account' => $rr)); + $ret = array('account' => $rr); + call_hooks('account_downgrade', $ret); logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' expired.'); } } -}
\ No newline at end of file +} + diff --git a/include/auth.php b/include/auth.php index a4e859e0c..425715014 100644 --- a/include/auth.php +++ b/include/auth.php @@ -233,10 +233,10 @@ else { function match_openid($authid) { - $r = q("select * from pconfig where cat = 'system' and k = 'openid' "); + $r = q("select * from pconfig where cat = 'system' and k = 'openid' and v = '%s' limit 1", + dbesc($authid) + ); if($r) - foreach($r as $rr) - if($rr['v'] === $authid) - return $rr['uid']; + return $r[0]['uid']; return false; } diff --git a/mod/item.php b/mod/item.php index fa7720791..dc005bb20 100644 --- a/mod/item.php +++ b/mod/item.php @@ -453,6 +453,16 @@ function item_post(&$a) { * the post and we should keep it private. If it's encrypted we have no way of knowing * so we'll set the permissions regardless and realise that the media may not be * referenced in the post. + * + * What is preventing us from being able to upload photos into comments is dealing with + * the photo and attachment permissions, since we don't always know who was in the + * distribution for the top level post. + * + * We might be able to provide this functionality with a lot of fiddling: + * - if the top level post is public (make the photo public) + * - if the top level post was written by us or a wall post that belongs to us (match the top level post) + * - if the top level post has privacy mentions, add those to the permissions. + * - otherwise disallow the photo *or* make the photo public. This is the part that gets messy. */ if(! $preview) { diff --git a/mod/openid.php b/mod/openid.php index 6f97c6fb9..e1c71f9ee 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -52,8 +52,9 @@ function openid_content(&$a) { } // Successful OpenID login - but we can't match it to an existing account. + // See if they've got an xchan - $r = q("select * from xchan where xchan_hash = '%s' limit 1", + $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid) ); @@ -73,7 +74,22 @@ function openid_content(&$a) { goaway(z_root()); } + // no xchan... + // create one. + // We should probably probe the openid url. + + $name = $authid; + $url = $_REQUEST['openid_identity']; + if(strpos($url,'http') === false) + $url = 'https://' . $url; + $pphoto = get_default_profile_photo(); + $parsed = @parse_url($url); + if($parsed) { + $host = $parsed['host']; + } + $attr = $openid->getAttributes(); + if(is_array($attr) && count($attr)) { foreach($attr as $k => $v) { if($k === 'namePerson/friendly') @@ -81,30 +97,37 @@ function openid_content(&$a) { if($k === 'namePerson/first') $first = notags(trim($v)); if($k === 'namePerson') - $args .= '&username=' . notags(trim($v)); + $name = notags(trim($v)); if($k === 'contact/email') - $args .= '&email=' . notags(trim($v)); + $addr = notags(trim($v)); if($k === 'media/image/aspect11') - $photosq = bin2hex(trim($v)); + $photosq = trim($v); if($k === 'media/image/default') - $photo = bin2hex(trim($v)); + $photo_other = trim($v); } } - if($nick) - $args .= '&nickname=' . $nick; - elseif($first) - $args .= '&nickname=' . $first; + if(! $nick) { + if($first) + $nick = $first; + else + $nick = $name; + } + require_once('library/urlify/URLify.php'); + $x = strtolower(URLify::transliterate($nick)); + if(! $addr) + $addr = $nick . '@' . $host; + $network = 'unknown'; + if($photosq) - $args .= '&photo=' . $photosq; + $pphoto = $photosq; elseif($photo) - $args .= '&photo=' . $photo; - - $args .= '&openid_url=' . notags(trim($authid)); + $pphoto = $photo; - goaway($a->get_baseurl() . '/register' . $args); + // add the xchan record and xconfig for the openid // NOTREACHED + // actually it is reached until the other bits get written } } notice( t('Login failed.') . EOL); |