aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/zot.php34
-rw-r--r--mod/authtest.php45
-rw-r--r--mod/magic.php48
-rw-r--r--mod/network.php8
-rw-r--r--mod/post.php75
-rw-r--r--mod/profile_photo.php2
-rw-r--r--version.inc2
-rw-r--r--view/theme/redbasic/css/style.css2
-rwxr-xr-xview/tpl/saved_searches_aside.tpl2
9 files changed, 198 insertions, 20 deletions
diff --git a/include/zot.php b/include/zot.php
index 37373e7ad..77d82f110 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -670,19 +670,41 @@ function import_xchan($arr,$ud_flags = 1) {
require_once('include/photo/photo_driver.php');
- $photos = import_profile_photo($arr['photo'],$xchan_hash);
- $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
+ // see if this is a channel clone that's hosted locally - which we treat different from other xchans/connections
+
+ $local = q("select channel_account_id, channel_id from channel where channel_hash = '%s' limit 1",
+ dbesc($xchan_hash)
+ );
+ if($local) {
+ $ph = z_fetch_url($arr['photo'],true);
+ if($ph['success']) {
+ import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'],$local[0]['channel_id']);
+ // reset the names in case they got messed up when we had a bug in this function
+ $photos = array(
+ z_root() . '/photo/profile/l/' . $local[0]['channel_id'],
+ z_root() . '/photo/profile/m/' . $local[0]['channel_id'],
+ z_root() . '/photo/profile/s/' . $local[0]['channel_id'],
+ $arr['photo_mimetype']
+ );
+ }
+ }
+ else {
+ $photos = import_profile_photo($arr['photo'],$xchan_hash);
+ }
+ if($photos) {
+ $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
where xchan_hash = '%s' limit 1",
- dbesc($arr['photo_updated']),
+ dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),
dbesc($photos[3]),
dbesc($xchan_hash)
- );
+ );
- $what .= 'photo ';
- $changed = true;
+ $what .= 'photo ';
+ $changed = true;
+ }
}
// what we are missing for true hub independence is for any changes in the primary hub to
diff --git a/mod/authtest.php b/mod/authtest.php
new file mode 100644
index 000000000..2c8d7b4b4
--- /dev/null
+++ b/mod/authtest.php
@@ -0,0 +1,45 @@
+<?php
+
+require_once('include/zot.php');
+require_once('mod/magic.php');
+
+function authtest_content(&$a) {
+
+
+
+ $o .= '<h3>Magic-Auth Diagnostic</h3>';
+
+ if(! local_user()) {
+ notice( t('Permission denied.') . EOL);
+ return $o;
+ }
+
+ $o .= '<form action="authtest" method="get">';
+ $o .= 'Target URL: <input type="text" style="width: 250px;" name="dest" value="' . $_GET['dest'] .'" />';
+ $o .= '<input type="submit" name="submit" value="Submit" /></form>';
+
+ $o .= '<br /><br />';
+
+ if(x($_GET,'dest')) {
+ $_REQUEST['test'] = 1;
+ $x = magic_init($a);
+ $o .= 'Local Setup returns: ' . print_r($x,true);
+
+
+
+ if($x['url']) {
+ $z = z_fetch_url($x['url'] . '&test=1');
+ if($z['success']) {
+ $j = json_decode($z['body'],true);
+ if(! $j)
+ $o .= 'json_decode failure from remote site. ' . print_r($z['body'],true);
+ $o .= 'Remote site responded: ' . print_r($j,true);
+ }
+ else {
+ $o .= 'fetch url failure.' . print_r($z,true);
+ }
+ }
+ }
+
+ return str_replace("\n",'<br />',$o);
+}
diff --git a/mod/magic.php b/mod/magic.php
index a268f1ecb..03d09e70d 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -4,6 +4,7 @@
function magic_init(&$a) {
+ $ret = array('success' => false, 'url' => '', 'message' => '');
logger('mod_magic: invoked', LOGGER_DEBUG);
logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
@@ -11,12 +12,18 @@ function magic_init(&$a) {
$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
$hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : '');
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
- $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
+ $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
+ $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
$parsed = parse_url($dest);
- if(! $parsed)
+ if(! $parsed) {
+ if($test) {
+ $ret['message'] .= 'could not parse ' . $dest . EOL;
+ return($ret);
+ }
goaway($dest);
+ }
$basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '');
@@ -49,6 +56,10 @@ function magic_init(&$a) {
goaway($dest);
else {
logger('mod_magic: no channels found for requested hub.' . print_r($_REQUEST,true));
+ if($test) {
+ $ret['message'] .= 'This site has no previous connections with ' . $basepath . EOL;
+ return $ret;
+ }
notice( t('Hub not found.') . EOL);
return;
}
@@ -66,12 +77,22 @@ function magic_init(&$a) {
call_hooks('magic_auth',$arr);
$dest = $arr['destination'];
- if(! $arr['proceed'])
+ if(! $arr['proceed']) {
+ if($test) {
+ $ret['message'] .= 'cancelled by plugin.' . EOL;
+ return $ret;
+ }
goaway($dest);
+ }
if((get_observer_hash()) && ($x[0]['hubloc_url'] === z_root())) {
// We are already authenticated on this site and a registered observer.
// Just redirect.
+ if($test) {
+ $ret['success'] = true;
+ $ret['message'] .= 'Local site - you are already authenticated.' . EOL;
+ return $ret;
+ }
goaway($dest);
}
@@ -92,12 +113,25 @@ function magic_init(&$a) {
dbesc(datetime_convert())
);
- $target_url = $x[0]['hubloc_callback'];
+ $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname())
+ . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION;
+
logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG);
- goaway($target_url
- . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname())
- . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION);
+ if($test) {
+ $ret['success'] = true;
+ $ret['url'] = $target_url;
+ $ret['message'] = 'token ' . $token . ' created for channel ' . $channel['channel_id'] . ' for url ' . $x[0]['hubloc_url'] . EOL;
+ return $ret;
+ }
+
+ goaway($target_url);
+
+ }
+
+ if($test) {
+ $ret['message'] = 'Not authenticated or invalid arguments to mod_magic' . EOL;
+ return $ret;
}
goaway($dest);
diff --git a/mod/network.php b/mod/network.php
index 6c0b84873..8375dada2 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -99,7 +99,7 @@ function network_init(&$a) {
}
- $a->page['aside'] .= group_side('network','network',true,$group_id);
+ $a->page['aside'] .= group_side('network','network',true,$_GET['gid']);
$a->page['aside'] .= posted_date_widget($a->get_baseurl() . '/network',local_user(),false);
$a->page['aside'] .= saved_searches($search);
@@ -477,6 +477,12 @@ function network_content(&$a, $update = 0, $load = false) {
$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) ";
+ $x = group_rec_byhash(local_user(), $group_hash);
+
+ if($x)
+ $o = '<h2>' . t('Collection: ') . $x['name'] . '</h2>' . $o;
+
+
}
elseif($cid) {
diff --git a/mod/post.php b/mod/post.php
index e589378dc..73345c4e9 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -83,12 +83,15 @@ function post_init(&$a) {
*/
if(array_key_exists('auth',$_REQUEST)) {
+
+ $ret = array('success' => false, 'message' => '');
+
logger('mod_zot: auth request received.');
$address = $_REQUEST['auth'];
$desturl = $_REQUEST['dest'];
$sec = $_REQUEST['sec'];
$version = $_REQUEST['version'];
-
+ $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
// They are authenticating ultimately to the site and not to a particular channel.
// Any channel will do, providing it's currently active. We just need to have an
@@ -100,8 +103,12 @@ function post_init(&$a) {
if(! $c) {
// nobody here
-
logger('mod_zot: auth: unable to find a response channel');
+ if($test) {
+ $ret['message'] .= 'no local channels found.' . EOL;
+ json_return_and_die($ret);
+ }
+
goaway($desturl);
}
@@ -124,6 +131,12 @@ function post_init(&$a) {
}
if(! $x) {
logger('mod_zot: auth: unable to finger ' . $address);
+
+ if($test) {
+ $ret['message'] .= 'no hubloc found for ' . $address . ' and probing failed.' . EOL;
+ json_return_and_die($ret);
+ }
+
goaway($desturl);
}
@@ -143,6 +156,8 @@ function post_init(&$a) {
$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
+ $j = array();
+
if(! $already_authed) {
// Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key
@@ -150,19 +165,47 @@ function post_init(&$a) {
// which can be verified
$p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec);
+ if($test) {
+ $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL;
+ $ret['message'] .= 'packet contents: ' . $p . EOL;
+ }
+
$result = zot_zot($x[0]['hubloc_callback'],$p);
+
+
if(! $result['success']) {
logger('mod_zot: auth_check callback failed.');
+ if($test) {
+ $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
+ json_return_and_die($ret);
+ }
+
goaway($desturl);
}
$j = json_decode($result['body'],true);
+ if(! $j) {
+ logger('mod_zot: auth_check json data malformed.');
+ if($test) {
+ $ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
+ json_return_and_die($ret);
+ }
+ }
}
+ if($test) {
+ $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
+ }
+
if($already_authed || $j['success']) {
if($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
+ if($test) {
+ $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true);
+ json_return_and_die($ret);
+ }
+
goaway($desturl);
}
if(array_key_exists('service_class',$j))
@@ -177,11 +220,23 @@ function post_init(&$a) {
if($a->channel['channel_hash'] != $x[0]['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
+ if($test) {
+ $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
+ json_return_and_die($ret);
+ }
+
}
goaway($desturl);
}
// log them in
+ if($test) {
+ $ret['success'] = true;
+ $ret['message'] .= 'Success' . EOL;
+ json_return_and_die($ret);
+ }
+
+
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
$_SESSION['my_address'] = $address;
@@ -197,6 +252,11 @@ function post_init(&$a) {
logger('mod_zot: auth success from ' . $x[0]['xchan_addr']);
} else {
+ if($test) {
+ $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
+ json_return_and_dir($ret);
+ }
+
logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']);
q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ",
intval(HUBLOC_RECEIVE_ERROR),
@@ -208,6 +268,11 @@ function post_init(&$a) {
// This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again.
// But z_root() probably isn't where you really want to go.
+ if($test) {
+ $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
+ json_return_and_dir($ret);
+ }
+
if(strstr($desturl,z_root() . '/rmagic'))
goaway(z_root());
@@ -608,6 +673,7 @@ function post_post(&$a) {
if(! $encrypted_packet) {
logger('mod_zot: auth_check packet was not encrypted.');
+ $ret['message'] .= 'no packet encryption' . EOL;
json_return_and_die($ret);
}
@@ -628,11 +694,14 @@ function post_post(&$a) {
if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
+ $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;
json_return_and_die($ret);
}
// There should be exactly one recipient, the original auth requestor
+ $ret['message'] .= 'recipients ' . print_r($recipients,true) . EOL;
+
if($data['recipients']) {
$arr = $data['recipients'][0];
@@ -642,6 +711,7 @@ function post_post(&$a) {
);
if(! $c) {
logger('mod_zot: auth_check: recipient channel not found.');
+ $ret['message'] .= 'recipient not found.' . EOL;
json_return_and_die($ret);
}
@@ -657,6 +727,7 @@ function post_post(&$a) {
);
if(! $z) {
logger('mod_zot: auth_check: verification key not found.');
+ $ret['message'] .= 'verification key not found' . EOL;
json_return_and_die($ret);
}
$r = q("delete from verify where id = %d limit 1",
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index f8eda43cf..7893cc302 100644
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -42,7 +42,7 @@ function profile_photo_post(&$a) {
intval($_REQUEST['profile']),
intval(local_user())
);
- if(count($r) && (! intval($r[0]['is_default'])))
+ if(($r) && (! intval($r[0]['is_default'])))
$is_default_profile = 0;
}
diff --git a/version.inc b/version.inc
index 8e4f4a4dc..b1d3ec938 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-12-04.517
+2013-12-05.518
diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index 36e147502..0ddbe1b86 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -331,7 +331,7 @@ footer {
margin-bottom: 10px;
}
-.group-selected, .nets-selected, .fileas-selected, .categories-selected, .active {
+.group-selected, .nets-selected, .fileas-selected, .categories-selected, .search-selected, .active {
color: #444444 !important;
}
diff --git a/view/tpl/saved_searches_aside.tpl b/view/tpl/saved_searches_aside.tpl
index ea336f969..615eca39d 100755
--- a/view/tpl/saved_searches_aside.tpl
+++ b/view/tpl/saved_searches_aside.tpl
@@ -6,7 +6,7 @@
{{foreach $saved as $search}}
<li id="search-term-{{$search.id}}" class="saved-search-li clear">
<a title="{{$search.delete}}" onclick="return confirmDelete();" id="drop-saved-search-term-{{$search.id}}" href="network/?f=&amp;remove=1&amp;search={{$search.encodedterm}}"><i id="dropicon-saved-search-term-{{$search.id}}" class="icon-remove drop-icons iconspacer savedsearchdrop" ></i></a>
- <a id="saved-search-term-{{$search.id}}" class="savedsearchterm" href="network/?f=&amp;search={{$search.encodedterm}}">{{$search.displayterm}}</a>
+ <a id="saved-search-term-{{$search.id}}" class="savedsearchterm{{if $search.selected}} search-selected{{/if}}" href="network/?f=&amp;search={{$search.encodedterm}}">{{$search.displayterm}}</a>
</li>
{{/foreach}}
</ul>