aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php42
1 files changed, 18 insertions, 24 deletions
diff --git a/include/security.php b/include/security.php
index 216299099..c3b0e9763 100644
--- a/include/security.php
+++ b/include/security.php
@@ -22,7 +22,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
$a->account = $user_record;
$_SESSION['account_id'] = $user_record['account_id'];
$_SESSION['authenticated'] = 1;
-
+
if($login_initial || $update_lastlog) {
q("update account set account_lastlog = '%s' where account_id = %d",
dbesc(datetime_convert()),
@@ -150,11 +150,7 @@ function change_channel($change_channel) {
*/
function permissions_sql($owner_id, $remote_verified = false, $groups = null) {
- if(defined('STATUSNET_PRIVACY_COMPATIBILITY'))
- return '';
-
$local_channel = local_channel();
- $remote_channel = remote_channel();
/**
* Construct permissions
@@ -173,7 +169,7 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) {
*/
if(($local_channel) && ($local_channel == $owner_id)) {
- $sql = '';
+ $sql = '';
}
/**
@@ -194,7 +190,7 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) {
if(is_array($groups) && count($groups)) {
foreach($groups as $g)
$gs .= '|<' . $g . '>';
- }
+ }
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
@@ -223,11 +219,7 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) {
*/
function item_permissions_sql($owner_id, $remote_verified = false, $groups = null) {
- if(defined('STATUSNET_PRIVACY_COMPATIBILITY'))
- return '';
-
$local_channel = local_channel();
- $remote_channel = remote_channel();
/**
* Construct permissions
@@ -246,7 +238,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul
}
/**
- * Authenticated visitor. Unless pre-verified,
+ * Authenticated visitor. Unless pre-verified,
* check that the contact belongs to this $owner_id
* and load the groups the visitor belongs to.
* If pre-verified, the caller is expected to have already
@@ -330,7 +322,7 @@ function public_permissions_sql($observer_hash) {
*/
function get_form_security_token($typename = '') {
$a = get_app();
-
+
$timestamp = time();
$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename);
@@ -340,16 +332,16 @@ function get_form_security_token($typename = '') {
function check_form_security_token($typename = '', $formname = 'form_security_token') {
if (!x($_REQUEST, $formname)) return false;
$hash = $_REQUEST[$formname];
-
+
$max_livetime = 10800; // 3 hours
-
+
$a = get_app();
-
+
$x = explode('.', $hash);
if (time() > (IntVal($x[0]) + $max_livetime)) return false;
-
+
$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);
-
+
return ($sec_hash == $x[1]);
}
@@ -404,20 +396,22 @@ function init_groups_visitor($contact_id) {
// will likely be too expensive.
// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
-function stream_perms_api_uids($perms = NULL ) {
+function stream_perms_api_uids($perms = NULL, $limit = 0, $rand = 0 ) {
$perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms;
$ret = array();
+ $limit_sql = (($limit) ? " LIMIT " . intval($limit) . " " : '');
+ $random_sql = (($rand) ? " ORDER BY " . db_getfunc('RAND') . " " : '');
if(local_channel())
$ret[] = local_channel();
- $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0",
+ $r = q("select channel_id from channel where channel_r_stream > 0 and ( channel_r_stream & %d )>0 and ( channel_pageflags & %d ) = 0 $random_sql $limit_sql ",
intval($perms),
intval(PAGE_ADULT|PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED)
);
if($r) {
foreach($r as $rr)
if(! in_array($rr['channel_id'], $ret))
- $ret[] = $rr['channel_id'];
+ $ret[] = $rr['channel_id'];
}
$str = '';
@@ -425,7 +419,7 @@ function stream_perms_api_uids($perms = NULL ) {
foreach($ret as $rr) {
if($str)
$str .= ',';
- $str .= intval($rr);
+ $str .= intval($rr);
}
}
logger('stream_perms_api_uids: ' . $str, LOGGER_DEBUG);
@@ -447,7 +441,7 @@ function stream_perms_xchans($perms = NULL ) {
if($r) {
foreach($r as $rr)
if(! in_array($rr['channel_hash'], $ret))
- $ret[] = $rr['channel_hash'];
+ $ret[] = $rr['channel_hash'];
}
$str = '';
@@ -455,7 +449,7 @@ function stream_perms_xchans($perms = NULL ) {
foreach($ret as $rr) {
if($str)
$str .= ',';
- $str .= "'" . dbesc($rr) . "'";
+ $str .= "'" . dbesc($rr) . "'";
}
}
logger('stream_perms_xchans: ' . $str, LOGGER_DEBUG);