aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/permissions.php13
-rw-r--r--mod/rmagic.php52
2 files changed, 40 insertions, 25 deletions
diff --git a/include/permissions.php b/include/permissions.php
index 420591c54..0cbb5b984 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -89,7 +89,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
if($observer_xchan) {
if(! $abook_checked) {
- $x = q("select abook_my_perms, abook_flags from abook
+ $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
intval($uid),
dbesc($observer_xchan),
@@ -137,9 +137,9 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
continue;
}
- // If we're still here, we have an observer, which means they're in the network.
+ // If we're still here, we have an observer, check the network.
- if($r[0][$channel_perm] & PERMS_NETWORK) {
+ if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot')) {
$ret[$perm_name] = true;
continue;
}
@@ -240,7 +240,8 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return false;
if($observer_xchan) {
- $x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
+ $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
+ where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
intval($uid),
dbesc($observer_xchan),
intval(ABOOK_FLAG_SELF)
@@ -272,9 +273,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return false;
}
- // If we're still here, we have an observer, which means they're in the network.
+ // If we're still here, we have an observer, check the network.
- if($r[0][$channel_perm] & PERMS_NETWORK)
+ if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot'))
return true;
diff --git a/mod/rmagic.php b/mod/rmagic.php
index b8c1c6553..093ccd328 100644
--- a/mod/rmagic.php
+++ b/mod/rmagic.php
@@ -22,31 +22,45 @@ function rmagic_init(&$a) {
function rmagic_post(&$a) {
- $address = $_REQUEST['address'];
- if(strpos($address,'@') === false) {
- notice('Invalid address.');
- return;
- }
+ $address = trim($_REQUEST['address']);
+ $other = intval($_REQUEST['other']);
- $r = null;
- if($address) {
- $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
- dbesc($address)
- );
- }
- if($r) {
- $url = $r[0]['hubloc_url'];
+ if($other) {
+ $arr = array('address' => $address);
+ call_hooks('reverse_magic_auth', $arr);
+
+
+ // if they're still here...
+ notice( t('Authentication failed.') . EOL);
+ return;
}
else {
- $url = 'https://' . substr($address,strpos($address,'@')+1);
- }
- if($url) {
- $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
- goaway($url . '/magic' . '?f=&dest=' . $dest);
- }
+ // Presumed Red identity. Perform reverse magic auth
+ if(strpos($address,'@') === false) {
+ notice('Invalid address.');
+ return;
+ }
+ $r = null;
+ if($address) {
+ $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
+ dbesc($address)
+ );
+ }
+ if($r) {
+ $url = $r[0]['hubloc_url'];
+ }
+ else {
+ $url = 'https://' . substr($address,strpos($address,'@')+1);
+ }
+
+ if($url) {
+ $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
+ goaway($url . '/magic' . '?f=&dest=' . $dest);
+ }
+ }
}