diff options
Diffstat (limited to 'Zotlabs/Zot/Auth.php')
-rw-r--r-- | Zotlabs/Zot/Auth.php | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php index 07879fbd9..fed253923 100644 --- a/Zotlabs/Zot/Auth.php +++ b/Zotlabs/Zot/Auth.php @@ -102,12 +102,8 @@ class Auth { function Verify($channel,$hubloc) { - logger('auth request received from ' . $hubloc['hubloc_addr'] ); - - // check credentials and access - // If they are already authenticated and haven't changed credentials, - // we can save an expensive network round trip and improve performance. + logger('auth request received from ' . $hubloc['hubloc_addr'] ); $this->remote = remote_channel(); $this->remote_service_class = ''; @@ -115,6 +111,11 @@ class Auth { $this->remote_hub = $hubloc['hubloc_url']; $this->dnt = 0; + // check credentials and access + + // If they are already authenticated and haven't changed credentials, + // we can save an expensive network round trip and improve performance. + // Also check that they are coming from the same site as they authenticated with originally. $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel()) |