diff options
| -rw-r--r-- | include/permissions.php | 13 | ||||
| -rw-r--r-- | mod/rmagic.php | 52 |
2 files changed, 40 insertions, 25 deletions
diff --git a/include/permissions.php b/include/permissions.php index 420591c54..0cbb5b984 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -89,7 +89,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { if($observer_xchan) { if(! $abook_checked) { - $x = q("select abook_my_perms, abook_flags from abook + $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", intval($uid), dbesc($observer_xchan), @@ -137,9 +137,9 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { continue; } - // If we're still here, we have an observer, which means they're in the network. + // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) { + if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot')) { $ret[$perm_name] = true; continue; } @@ -240,7 +240,8 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return false; if($observer_xchan) { - $x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", + $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash + where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", intval($uid), dbesc($observer_xchan), intval(ABOOK_FLAG_SELF) @@ -272,9 +273,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return false; } - // If we're still here, we have an observer, which means they're in the network. + // If we're still here, we have an observer, check the network. - if($r[0][$channel_perm] & PERMS_NETWORK) + if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot')) return true; diff --git a/mod/rmagic.php b/mod/rmagic.php index b8c1c6553..093ccd328 100644 --- a/mod/rmagic.php +++ b/mod/rmagic.php @@ -22,31 +22,45 @@ function rmagic_init(&$a) { function rmagic_post(&$a) { - $address = $_REQUEST['address']; - if(strpos($address,'@') === false) { - notice('Invalid address.'); - return; - } + $address = trim($_REQUEST['address']); + $other = intval($_REQUEST['other']); - $r = null; - if($address) { - $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", - dbesc($address) - ); - } - if($r) { - $url = $r[0]['hubloc_url']; + if($other) { + $arr = array('address' => $address); + call_hooks('reverse_magic_auth', $arr); + + + // if they're still here... + notice( t('Authentication failed.') . EOL); + return; } else { - $url = 'https://' . substr($address,strpos($address,'@')+1); - } - if($url) { - $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string); - goaway($url . '/magic' . '?f=&dest=' . $dest); - } + // Presumed Red identity. Perform reverse magic auth + if(strpos($address,'@') === false) { + notice('Invalid address.'); + return; + } + $r = null; + if($address) { + $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", + dbesc($address) + ); + } + if($r) { + $url = $r[0]['hubloc_url']; + } + else { + $url = 'https://' . substr($address,strpos($address,'@')+1); + } + + if($url) { + $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string); + goaway($url . '/magic' . '?f=&dest=' . $dest); + } + } } |