aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Daemon/Cron.php9
-rw-r--r--Zotlabs/Module/Acl.php29
-rw-r--r--Zotlabs/Module/Home.php13
-rw-r--r--Zotlabs/Module/Lockview.php35
-rw-r--r--Zotlabs/Module/Settings.php103
-rw-r--r--Zotlabs/Storage/File.php4
-rw-r--r--Zotlabs/Web/WebServer.php9
7 files changed, 197 insertions, 5 deletions
diff --git a/Zotlabs/Daemon/Cron.php b/Zotlabs/Daemon/Cron.php
index d5b41274b..5af8174bf 100644
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -62,6 +62,15 @@ class Cron {
}
+ // delete expired access tokens
+
+ q("delete from atoken where atoken_expires != '%s' && atoken_expires < %s",
+ dbesc(NULL_DATE),
+ dbutcnow()
+ );
+
+
+
// Ensure that every channel pings a directory server once a month. This way we can discover
// channels and sites that quietly vanished and prevent the directory from accumulating stale
// or dead entries.
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index f33e257f4..15609c3c8 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -130,13 +130,40 @@ class Acl extends \Zotlabs\Web\Controller {
if(local_channel()) {
if($extra_channels_sql != '')
$extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 ";
+
+ $r2 = null;
+
+ $r1 = q("select * from atoken where atoken_uid = %d",
+ intval(local_channel())
+ );
+ if($r1) {
+ require_once('include/security.php');
+ $r2 = array();
+ foreach($r1 as $rr) {
+ $x = atoken_xchan($rr);
+ $r2[] = [
+ 'id' => 'a' . $rr['atoken_id'] ,
+ 'hash' => $x['xchan_hash'],
+ 'name' => $x['xchan_name'],
+ 'micro' => $x['xchan_photo_m'],
+ 'url' => z_root(),
+ 'nick' => $x['xchan_addr'],
+ 'abook_their_perms' => 0,
+ 'abook_flags' => 0,
+ 'abook_self' => 0
+ ];
+ }
+ }
+
$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self
FROM abook left join xchan on abook_xchan = xchan_hash
WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
intval(local_channel())
);
-
+ if($r2)
+ $r = array_merge($r2,$r);
+
}
else { // Visitors
$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
diff --git a/Zotlabs/Module/Home.php b/Zotlabs/Module/Home.php
index f3ba96fdd..79449c3b2 100644
--- a/Zotlabs/Module/Home.php
+++ b/Zotlabs/Module/Home.php
@@ -28,6 +28,19 @@ class Home extends \Zotlabs\Web\Controller {
goaway($dest);
}
+
+ if(remote_channel() && (! $splash) && $_SESSION['atoken']) {
+ $r = q("select * from atoken where atoken_id = %d",
+ intval($_SESSION['atoken'])
+ );
+ if($r) {
+ $x = channelx_by_n($r[0]['atoken_uid']);
+ if($x) {
+ goaway(z_root() . '/channel/' . $x['channel_address']);
+ }
+ }
+ }
+
if(get_account_id() && ! $splash) {
goaway(z_root() . '/new_channel');
diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php
index 4776e1c56..d86a3c1d8 100644
--- a/Zotlabs/Module/Lockview.php
+++ b/Zotlabs/Module/Lockview.php
@@ -1,17 +1,31 @@
<?php
namespace Zotlabs\Module;
-
+require_once('include/security.php');
class Lockview extends \Zotlabs\Web\Controller {
function get() {
+
+ $atokens = array();
+
+ if(local_channel()) {
+ $at = q("select * from atoken where atoken_uid = %d",
+ intval(local_channel())
+ );
+ if($at) {
+ foreach($at as $t) {
+ $atokens[] = atoken_xchan($t);
+ }
+ }
+ }
$type = ((argc() > 1) ? argv(1) : 0);
if (is_numeric($type)) {
$item_id = intval($type);
$type='item';
- } else {
+ }
+ else {
$item_id = ((argc() > 2) ? intval(argv(2)) : 0);
}
@@ -98,6 +112,13 @@ class Lockview extends \Zotlabs\Web\Controller {
if($r)
foreach($r as $rr)
$l[] = '<li>' . $rr['xchan_name'] . '</li>';
+ if($atokens) {
+ foreach($atokens as $at) {
+ if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) {
+ $l[] = '<li>' . $at['xchan_name'] . '</li>';
+ }
+ }
+ }
}
if(count($deny_groups)) {
$r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
@@ -110,6 +131,16 @@ class Lockview extends \Zotlabs\Web\Controller {
if($r)
foreach($r as $rr)
$l[] = '<li><strike>' . $rr['xchan_name'] . '</strike></li>';
+
+ if($atokens) {
+ foreach($atokens as $at) {
+ if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) {
+ $l[] = '<li><strike>' . $at['xchan_name'] . '</strike></li>';
+ }
+ }
+ }
+
+
}
echo $o . implode($l);
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index af246a4dc..b1258e049 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -28,7 +28,7 @@ class Settings extends \Zotlabs\Web\Controller {
}
- function post() {
+ function post() {
if(! local_channel())
return;
@@ -117,6 +117,60 @@ class Settings extends \Zotlabs\Web\Controller {
build_sync_packet();
return;
}
+
+
+ if((argc() > 1) && (argv(1) == 'tokens')) {
+ check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
+ $token_errs = 0;
+ if(array_key_exists('token',$_POST)) {
+ $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
+ $name = trim(escape_tags($_POST['name']));
+ $token = trim($_POST['token']);
+ if((! $name) || (! $token))
+ $token_errs ++;
+ if(trim($_POST['expires']))
+ $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
+ else
+ $expires = NULL_DATE;
+ $max_atokens = service_class_fetch(local_channel(),'access_tokens');
+ if($max_atokens) {
+ $r = q("select count(atoken_id) as total where atoken_uid = %d",
+ intval(local_channel())
+ );
+ if($r && intval($r[0]['total']) >= $max_tokens) {
+ notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL);
+ return;
+ }
+ }
+ }
+ if($token_errs) {
+ notice( t('Name and Password are required.') . EOL);
+ return;
+ }
+ if($atoken_id) {
+ $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s'
+ where atoken_id = %d and atoken_uid = %d",
+ dbesc($name),
+ dbesc($token),
+ dbesc($expires),
+ intval($atoken_id),
+ intval($channel['channel_id'])
+ );
+ }
+ else {
+ $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
+ values ( %d, %d, '%s', '%s', '%s' ) ",
+ intval($channel['channel_account_id']),
+ intval($channel['channel_id']),
+ dbesc($name),
+ dbesc($token),
+ dbesc($expires)
+ );
+ }
+
+ info( t('Token saved.') . EOL);
+ return;
+ }
@@ -706,6 +760,53 @@ class Settings extends \Zotlabs\Web\Controller {
));
return $o;
}
+
+ if((argc() > 1) && (argv(1) === 'tokens')) {
+ $atoken = null;
+ if(argc() > 2) {
+ $id = argv(2);
+
+ $atoken = q("select * from atoken where atoken_id = %d and atoken_uid = %d",
+ intval($id),
+ intval(local_channel())
+ );
+
+ if($atoken)
+ $atoken = $atoken[0];
+
+ if($atoken && argc() > 3 && argv(3) === 'drop') {
+ $r = q("delete from atoken where atoken_id = %d",
+ intval($id)
+ );
+ }
+ }
+ $t = q("select * from atoken where atoken_uid = %d",
+ intval(local_channel())
+ );
+
+ $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access the private content.');
+
+ $desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:');
+
+ $tpl = get_markup_template("settings_tokens.tpl");
+ $o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_tokens"),
+ '$title' => t('Guest Access Tokens'),
+ '$desc' => $desc,
+ '$desc2' => $desc2,
+ '$tokens' => $t,
+ '$atoken' => $atoken,
+ '$url1' => z_root() . '/channel/' . $channel['channel_address'],
+ '$url2' => z_root() . '/photos/' . $channel['channel_address'],
+ '$name' => array('name', t('Login Name') . ' <span class="required">*</span>', (($atoken) ? $atoken['atoken_name'] : ''),''),
+ '$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : autoname(8)), ''),
+ '$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] != NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''),
+ '$submit' => t('Submit')
+ ));
+ return $o;
+ }
+
+
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php
index ecd15cc55..5a70a99f1 100644
--- a/Zotlabs/Storage/File.php
+++ b/Zotlabs/Storage/File.php
@@ -337,6 +337,10 @@ class File extends DAV\Node implements DAV\IFile {
}
}
+ if(get_pconfig($this->auth->owner_id,'system','os_delete_prohibit') && \App::$module == 'dav') {
+ throw new DAV\Exception\Forbidden('Permission denied.');
+ }
+
attach_delete($this->auth->owner_id, $this->data['hash']);
$ch = channelx_by_n($this->auth->owner_id);
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index 88ab4995b..d4f3cb9ea 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -59,7 +59,14 @@ class WebServer {
\App::$query_string = strip_zids(\App::$query_string);
if(! local_channel()) {
$_SESSION['my_address'] = $_GET['zid'];
- zid_init($a);
+ zid_init();
+ }
+ }
+
+ if((x($_GET,'zat')) && (! \App::$install)) {
+ \App::$query_string = strip_zats(\App::$query_string);
+ if(! local_channel()) {
+ zat_init();
}
}