aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/account.php4
-rw-r--r--include/api.php63
-rw-r--r--include/api_auth.php84
-rw-r--r--include/attach.php2
-rw-r--r--include/conversation.php2
-rw-r--r--include/follow.php25
-rw-r--r--include/identity.php6
-rwxr-xr-xinclude/items.php3
-rw-r--r--include/network.php13
-rw-r--r--include/notifier.php2
-rw-r--r--include/oauth.php161
-rw-r--r--include/photos.php2
-rw-r--r--include/security.php18
-rw-r--r--include/zot.php1
14 files changed, 213 insertions, 173 deletions
diff --git a/include/account.php b/include/account.php
index b3a520fd4..e448bdcc6 100644
--- a/include/account.php
+++ b/include/account.php
@@ -67,7 +67,7 @@ function check_account_invite($invite_code) {
$result['message'] .= t('An invitation is required.') . EOL;
}
$r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_code));
- if(! results($r)) {
+ if(! $r) {
$result['message'] .= t('Invitation could not be verified.') . EOL;
}
}
@@ -718,4 +718,4 @@ function upgrade_message($bbcode = false) {
function upgrade_bool_message($bbcode = false) {
$x = upgrade_link($bbcode);
return t('This action is not available under your subscription plan.') . (($x) ? ' ' . $x : '') ;
-} \ No newline at end of file
+}
diff --git a/include/api.php b/include/api.php
index e60583a01..f37e0669f 100644
--- a/include/api.php
+++ b/include/api.php
@@ -1,10 +1,10 @@
<?php /** @file */
-require_once("bbcode.php");
-require_once("datetime.php");
-require_once("conversation.php");
-require_once("oauth.php");
-require_once("html2plain.php");
+require_once("include/bbcode.php");
+require_once("include/datetime.php");
+require_once("include/conversation.php");
+require_once("include/oauth.php");
+require_once("include/html2plain.php");
require_once('include/security.php');
require_once('include/photos.php');
require_once('include/items.php');
@@ -112,8 +112,11 @@ require_once('include/api_auth.php');
break;
case "json":
header ("Content-Type: application/json");
- foreach($r as $rr)
+ foreach($r as $rr) {
+ if(! $rr)
+ $rr = array();
$json = json_encode($rr);
+ }
if ($_GET['callback'])
$json = $_GET['callback']."(".$json.")";
return $json;
@@ -852,13 +855,24 @@ require_once('include/api_auth.php');
$_REQUEST['type'] = 'wall';
if(x($_FILES,'media')) {
- $_FILES['userfile'] = $_FILES['media'];
- // upload the image if we have one
- $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
- require_once('mod/wall_attach.php');
- $media = wall_attach_post($a);
- if(strlen($media)>0)
- $_REQUEST['body'] .= "\n\n".$media;
+ $num_uploads = count($_FILES['media']['name']);
+ for($x = 0; $x < $num_uploads; $x ++) {
+ $_FILES['userfile'] = array();
+ $_FILES['userfile']['name'] = $_FILES['media']['name'][$x];
+ $_FILES['userfile']['type'] = $_FILES['media']['type'][$x];
+ $_FILES['userfile']['tmp_name'] = $_FILES['media']['tmp_name'][$x];
+ $_FILES['userfile']['error'] = $_FILES['media']['error'][$x];
+ $_FILES['userfile']['size'] = $_FILES['media']['size'][$x];
+
+ // upload each image if we have any
+ $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
+ require_once('mod/wall_attach.php');
+ $a->data['api_info'] = $user_info;
+ $media = wall_attach_post($a);
+
+ if(strlen($media)>0)
+ $_REQUEST['body'] .= "\n\n" . $media;
+ }
}
}
@@ -870,6 +884,7 @@ require_once('include/api_auth.php');
// this should output the last post (the one we just posted).
return api_status_show($a,$type);
}
+ api_register_func('api/statuses/update_with_media','api_statuses_update', true);
api_register_func('api/statuses/update','api_statuses_update', true);
@@ -1078,6 +1093,8 @@ require_once('include/api_auth.php');
'contributors' => ''
);
$status_info['user'] = $user_info;
+ if(array_key_exists('status',$status_info['user']))
+ unset($status_info['user']['status']);
}
return api_apply_template("status", $type, array('$status' => $status_info));
@@ -1319,6 +1336,8 @@ require_once('include/api_auth.php');
// params
$id = intval(argv(3));
+ if(! $id)
+ $id = $_REQUEST['id'];
logger('API: api_statuses_show: '.$id);
@@ -1335,10 +1354,12 @@ require_once('include/api_auth.php');
$r = q("select * from item where true $item_normal $sql_extra",
intval($id)
);
+
xchan_query($r,true);
$ret = api_format_items($r,$user_info);
+
if ($conversation) {
$data = array('$statuses' => $ret);
return api_apply_template("timeline", $type, $data);
@@ -2298,28 +2319,28 @@ require_once('include/api_auth.php');
api_register_func('api/direct_messages','api_direct_messages_inbox',true);
-
function api_oauth_request_token(&$a, $type){
try{
- $oauth = new FKOAuth1();
- $req = OAuthRequest::from_request();
-logger('Req: ' . var_export($req,true));
+ $oauth = new ZotOAuth1();
+ $req = OAuth1Request::from_request();
+ logger('Req: ' . var_export($req,true),LOGGER_DATA);
$r = $oauth->fetch_request_token($req);
}catch(Exception $e){
logger('oauth_exception: ' . print_r($e->getMessage(),true));
- echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage());
+ echo "error=". OAuth1Util::urlencode_rfc3986($e->getMessage());
killme();
}
echo $r;
killme();
}
+
function api_oauth_access_token(&$a, $type){
try{
- $oauth = new FKOAuth1();
- $req = OAuthRequest::from_request();
+ $oauth = new ZotOAuth1();
+ $req = OAuth1Request::from_request();
$r = $oauth->fetch_access_token($req);
}catch(Exception $e){
- echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
+ echo "error=". OAuth1Util::urlencode_rfc3986($e->getMessage()); killme();
}
echo $r;
killme();
diff --git a/include/api_auth.php b/include/api_auth.php
index ee9db3f55..26a9df8d4 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -1,17 +1,19 @@
<?php /** @file */
-require_once("oauth.php");
-
-
/**
- * Simple HTTP Login
+ * API Login via basic-auth or OAuth
*/
function api_login(&$a){
+
+ $record = null;
+
+ require_once('include/oauth.php');
+
// login with oauth
try {
- $oauth = new FKOAuth1();
- $req = OAuthRequest::from_request();
+ $oauth = new ZotOAuth1();
+ $req = OAuth1Request::from_request();
list($consumer,$token) = $oauth->verify_request($req);
@@ -23,16 +25,14 @@ function api_login(&$a){
call_hooks('logged_in', $a->user);
return;
}
- echo __file__.__line__.__function__."<pre>";
-// var_dump($consumer, $token);
- die();
+ killme();
}
catch(Exception $e) {
- logger(__file__.__line__.__function__."\n".$e);
+ logger($e->getMessage());
}
-
- // workaround for HTTP-auth in CGI mode
+ // workarounds for HTTP-auth in CGI mode
+
if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
if(strlen($userpass)) {
@@ -51,45 +51,49 @@ function api_login(&$a){
}
}
+ require_once('include/auth.php');
+ require_once('include/security.php');
- if (!isset($_SERVER['PHP_AUTH_USER'])) {
- logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
-
// process normal login request
- require_once('include/auth.php');
- $channel_login = 0;
- $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
- if(! $record) {
- $r = q("select * from channel where channel_address = '%s' limit 1",
+
+ if(isset($_SERVER['PHP_AUTH_USER'])) {
+ $channel_login = 0;
+ $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+ if(! $record) {
+ $r = q("select * from channel left join account on account.account_id = channel.channel_account_id
+ where channel.channel_address = '%s' limit 1",
dbesc($_SERVER['PHP_AUTH_USER'])
);
if ($r) {
- $x = q("select * from account where account_id = %d limit 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x) {
- $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+ $record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
if($record)
$channel_login = $r[0]['channel_id'];
}
}
- if(! $record) {
- logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
}
- require_once('include/security.php');
- authenticate_success($record);
+ if($record) {
+ authenticate_success($record);
- if($channel_login)
- change_channel($channel_login);
+ if($channel_login)
+ change_channel($channel_login);
+
+ $_SESSION['allow_api'] = true;
+ return true;
+ }
+ else {
+ $_SERVER['PHP_AUTH_PW'] = '*****';
+ logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+ log_failed_login('API login failure');
+ retry_basic_auth();
+ }
- $_SESSION['allow_api'] = true;
}
+
+
+function retry_basic_auth() {
+ header('WWW-Authenticate: Basic realm="Hubzilla"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo('This api requires login');
+ killme();
+} \ No newline at end of file
diff --git a/include/attach.php b/include/attach.php
index 36b971712..20e8b7444 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -430,7 +430,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
$observer = $x[0];
}
- logger('arr: ' . print_r($arr,true));
+ logger('arr: ' . print_r($arr,true), LOGGER_DATA);
if(! perm_is_allowed($channel_id,$observer_hash, 'write_storage')) {
$ret['message'] = t('Permission denied.');
diff --git a/include/conversation.php b/include/conversation.php
index 3b534dc69..747bb5d0a 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1227,7 +1227,7 @@ function status_editor($a, $x, $popup = false) {
'$wait' => t('Please wait'),
'$permset' => t('Permission settings'),
'$shortpermset' => t('permissions'),
- '$ptyp' => (($notes_cid) ? 'note' : 'wall'),
+ '$ptyp' => '',
'$content' => ((x($x,'body')) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8') : ''),
'$attachment' => ((x($x, 'attachment')) ? $x['attachment'] : ''),
'$post_id' => '',
diff --git a/include/follow.php b/include/follow.php
index 40ad2c299..97be82da7 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -161,6 +161,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
}
}
if($r) {
+ $xchan = $r[0];
$xchan_hash = $r[0]['xchan_hash'];
$their_perms = 0;
}
@@ -172,7 +173,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
return $result;
}
- $x = array('channel_id' => $uid, 'follow_address' => $url, 'xchan' => $r[0], 'allowed' => 1);
+ $x = array('channel_id' => $uid, 'follow_address' => $url, 'xchan' => $r[0], 'allowed' => 1, 'singleton' => 0);
call_hooks('follow_allow',$x);
@@ -180,7 +181,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
$result['message'] = t('Protocol disabled.');
return $result;
}
-
+ $singleton = intval($x['singleton']);
if((local_channel()) && $uid == local_channel()) {
$aid = get_account_id();
@@ -221,13 +222,22 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
return $result;
}
- $r = q("select abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+ $r = q("select abook_xchan, abook_instance from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
dbesc($xchan_hash),
intval($uid)
);
if($r) {
- $x = q("update abook set abook_their_perms = %d where abook_id = %d",
+ $abook_instance = $r[0]['abook_instance'];
+
+ if(($singleton) && strpos($abook_instance,z_root()) === false) {
+ if($abook_instance)
+ $abook_instance .= ',';
+ $abook_instance .= z_root();
+ }
+
+ $x = q("update abook set abook_their_perms = %d, abook_instance = '%s' where abook_id = %d",
intval($their_perms),
+ dbesc($abook_instance),
intval($r[0]['abook_id'])
);
}
@@ -237,8 +247,8 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
if($closeness === false)
$closeness = 80;
- $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_their_perms, abook_my_perms, abook_created, abook_updated )
- values( %d, %d, %d, '%s', %d, %d, %d, '%s', '%s' ) ",
+ $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_instance )
+ values( %d, %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s' ) ",
intval($aid),
intval($uid),
intval($closeness),
@@ -247,7 +257,8 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
intval(($is_http) ? $their_perms|PERMS_R_STREAM|PERMS_A_REPUBLISH : $their_perms),
intval($my_perms),
dbesc(datetime_convert()),
- dbesc(datetime_convert())
+ dbesc(datetime_convert()),
+ dbesc(($singleton) ? z_root() : '')
);
}
diff --git a/include/identity.php b/include/identity.php
index 95ade3b28..98ba26bd8 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -896,12 +896,6 @@ function profile_load(&$a, $nickname, $profile = '') {
$_SESSION['theme'] = $p[0]['channel_theme'];
-// $a->set_template_engine(); // reset the template engine to the default in case the user's theme doesn't specify one
-
-// $theme_info_file = "view/theme/".current_theme()."/php/theme.php";
-// if (file_exists($theme_info_file)){
-// require_once($theme_info_file);
-// }
}
/**
diff --git a/include/items.php b/include/items.php
index ef1867c14..8c2e7deb2 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2349,7 +2349,7 @@ function item_store($arr, $allow_exec = false) {
return $ret;
}
- if($arr['obj_type'] == ACTIVITY_OBJ_NOTE)
+ if(($arr['obj_type'] == ACTIVITY_OBJ_NOTE) && (! $arr['object']))
$arr['obj_type'] = ACTIVITY_OBJ_COMMENT;
// is the new message multi-level threaded?
@@ -2870,6 +2870,7 @@ function send_status_notifications($post_id,$item) {
if($x) {
foreach($x as $xx) {
if($xx['author_xchan'] === $r[0]['channel_hash']) {
+
$notify = true;
// check for an unfollow thread activity - we should probably decode the obj and check the id
diff --git a/include/network.php b/include/network.php
index 5895d302b..68452c3d1 100644
--- a/include/network.php
+++ b/include/network.php
@@ -1883,3 +1883,16 @@ function check_channelallowed($hash) {
return $retvalue;
}
+function deliverable_singleton($xchan) {
+ $r = q("select abook_instance from abook where abook_xchan = '%s' limit 1",
+ dbesc($xchan['xchan_hash'])
+ );
+ if($r) {
+ if(! $r[0]['abook_instance'])
+ return true;
+ if(strpos($r[0]['abook_instance'],z_root()) !== false)
+ return true;
+ }
+ return false;
+}
+
diff --git a/include/notifier.php b/include/notifier.php
index b7830285a..66b6160e4 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -57,6 +57,8 @@ require_once('include/html2plain.php');
* purge_all channel_id
* expire channel_id
* relay item_id (item was relayed to owner, we will deliver it as owner)
+ * single_activity item_id (deliver to a singleton network from the appropriate clone)
+ * single_mail mail_id (deliver to a singleton network from the appropriate clone)
* location channel_id
* request channel_id xchan_hash message_id
* rating xlink_id
diff --git a/include/oauth.php b/include/oauth.php
index 80336f906..f3d144158 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -1,4 +1,5 @@
<?php /** @file */
+
/**
* OAuth server
* Based on oauth2-php <http://code.google.com/p/oauth2-php/>
@@ -9,16 +10,17 @@ define('REQUEST_TOKEN_DURATION', 300);
define('ACCESS_TOKEN_DURATION', 31536000);
require_once("library/OAuth1.php");
-require_once("library/oauth2-php/lib/OAuth2.inc");
-class FKOAuthDataStore extends OAuthDataStore {
- function gen_token(){
+//require_once("library/oauth2-php/lib/OAuth2.inc");
+
+class ZotOAuth1DataStore extends OAuth1DataStore {
+
+ function gen_token(){
return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
- }
+ }
- function lookup_consumer($consumer_key) {
- logger(__function__.":".$consumer_key);
-// echo "<pre>"; var_dump($consumer_key); killme();
+ function lookup_consumer($consumer_key) {
+ logger('consumer_key: ' . $consumer_key, LOGGER_DEBUG);
$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'",
dbesc($consumer_key)
@@ -26,13 +28,14 @@ class FKOAuthDataStore extends OAuthDataStore {
if($r) {
get_app()->set_oauth_key($consumer_key);
- return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
+ return new OAuth1Consumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
}
return null;
- }
+ }
- function lookup_token($consumer, $token_type, $token) {
- logger(__function__.":".$consumer.", ". $token_type.", ".$token);
+ function lookup_token($consumer, $token_type, $token) {
+
+ logger(__function__.":".$consumer.", ". $token_type.", ".$token, LOGGER_DEBUG);
$r = q("SELECT id, secret, scope, expires, uid FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'",
dbesc($consumer->key),
@@ -41,17 +44,16 @@ class FKOAuthDataStore extends OAuthDataStore {
);
if (count($r)){
- $ot=new OAuthToken($r[0]['id'],$r[0]['secret']);
+ $ot=new OAuth1Token($r[0]['id'],$r[0]['secret']);
$ot->scope=$r[0]['scope'];
$ot->expires = $r[0]['expires'];
$ot->uid = $r[0]['uid'];
return $ot;
}
return null;
- }
+ }
- function lookup_nonce($consumer, $token, $nonce, $timestamp) {
-// echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
+ function lookup_nonce($consumer, $token, $nonce, $timestamp) {
$r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d",
dbesc($consumer->key),
@@ -60,12 +62,14 @@ class FKOAuthDataStore extends OAuthDataStore {
);
if (count($r))
- return new OAuthToken($r[0]['id'],$r[0]['secret']);
+ return new OAuth1Token($r[0]['id'],$r[0]['secret']);
return null;
- }
+ }
+
+ function new_request_token($consumer, $callback = null) {
+
+ logger(__function__.":".$consumer.", ". $callback, LOGGER_DEBUG);
- function new_request_token($consumer, $callback = null) {
- logger(__function__.":".$consumer.", ". $callback);
$key = $this->gen_token();
$sec = $this->gen_token();
@@ -82,29 +86,31 @@ class FKOAuthDataStore extends OAuthDataStore {
'request',
time()+intval(REQUEST_TOKEN_DURATION));
- if (!$r) return null;
- return new OAuthToken($key,$sec);
- }
+ if(! $r)
+ return null;
+ return new OAuth1Token($key,$sec);
+ }
- function new_access_token($token, $consumer, $verifier = null) {
- logger(__function__.":".$token.", ". $consumer.", ". $verifier);
-
- // return a new access token attached to this consumer
- // for the user associated with this token if the request token
- // is authorized
- // should also invalidate the request token
-
- $ret=Null;
+ function new_access_token($token, $consumer, $verifier = null) {
+
+ logger(__function__.":".$token.", ". $consumer.", ". $verifier, LOGGER_DEBUG);
- // get user for this verifier
- $uverifier = get_config("oauth", $verifier);
- logger(__function__.":".$verifier.",".$uverifier);
- if (is_null($verifier) || ($uverifier!==false)){
+ // return a new access token attached to this consumer
+ // for the user associated with this token if the request token
+ // is authorized
+ // should also invalidate the request token
+
+ $ret=Null;
+
+ // get user for this verifier
+ $uverifier = get_config("oauth", $verifier);
+ logger(__function__.":".$verifier.",".$uverifier, LOGGER_DEBUG);
+ if (is_null($verifier) || ($uverifier!==false)) {
- $key = $this->gen_token();
- $sec = $this->gen_token();
+ $key = $this->gen_token();
+ $sec = $this->gen_token();
- $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', %d, %d)",
+ $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', %d, %d)",
dbesc($key),
dbesc($sec),
dbesc($consumer->key),
@@ -112,81 +118,70 @@ class FKOAuthDataStore extends OAuthDataStore {
time()+intval(ACCESS_TOKEN_DURATION),
intval($uverifier));
- if ($r)
- $ret = new OAuthToken($key,$sec);
- }
+ if ($r)
+ $ret = new OAuth1Token($key,$sec);
+ }
- q("DELETE FROM tokens WHERE id='%s'", $token->key);
+ q("DELETE FROM tokens WHERE id='%s'", $token->key);
- if (!is_null($ret) && $uverifier!==false){
- del_config("oauth", $verifier);
- /* $apps = get_pconfig($uverifier, "oauth", "apps");
- if ($apps===false) $apps=array();
- $apps[] = $consumer->key;
- set_pconfig($uverifier, "oauth", "apps", $apps);*/
+ if (!is_null($ret) && $uverifier!==false) {
+ del_config("oauth", $verifier);
+
+ // $apps = get_pconfig($uverifier, "oauth", "apps");
+ // if ($apps===false) $apps=array();
+ // $apps[] = $consumer->key;
+ // set_pconfig($uverifier, "oauth", "apps", $apps);
+ }
+ return $ret;
}
-
- return $ret;
-
- }
}
-class FKOAuth1 extends OAuthServer {
+class ZotOAuth1 extends OAuth1Server {
function __construct() {
- parent::__construct(new FKOAuthDataStore());
- $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
- $this->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1());
+ parent::__construct(new ZotOAuth1DataStore());
+ $this->add_signature_method(new OAuth1SignatureMethod_PLAINTEXT());
+ $this->add_signature_method(new OAuth1SignatureMethod_HMAC_SHA1());
}
function loginUser($uid){
- logger("RedOAuth1::loginUser $uid");
- $a = get_app();
+
+ logger("ZotOAuth1::loginUser $uid");
+
$r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1",
intval($uid)
);
if(count($r)){
$record = $r[0];
} else {
- logger('FKOAuth1::loginUser failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
+ logger('ZotOAuth1::loginUser failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+ header('HTTP/1.0 401 Unauthorized');
+ echo('This api requires login');
+ killme();
}
$_SESSION['uid'] = $record['channel_id'];
- $_SESSION['theme'] = $record['channel_theme'];
- $_SESSION['account_id'] = $record['channel_account_id'];
- $_SESSION['mobile_theme'] = get_pconfig($record['channel_id'], 'system', 'mobile_theme');
- $_SESSION['authenticated'] = 1;
- $_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $record['channel_address'];
$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
- $_SESSION['allow_api'] = true;
+
$x = q("select * from account where account_id = %d limit 1",
intval($record['channel_account_id'])
);
- if($x)
- $a->account = $x[0];
-
- change_channel($record['channel_id']);
-
- $a->channel = $record;
-
- if(strlen($a->channel['channel_timezone'])) {
- date_default_timezone_set($a->channel['channel_timezone']);
+ if($x) {
+ require_once('include/security.php');
+ authenticate_success($x[0],true,false,true,true);
+ $_SESSION['allow_api'] = true;
}
-
-// q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
-// dbesc(datetime_convert()),
-// intval($_SESSION['uid'])
-// );
-//
-// call_hooks('logged_in', $a->user);
}
}
+
/*
+ *
+
+ not yet used
+
class FKOAuth2 extends OAuth2 {
private function db_secret($client_secret){
diff --git a/include/photos.php b/include/photos.php
index c7360a956..15aa8ee17 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -377,7 +377,7 @@ function photo_upload($channel, $observer, $args) {
$arr['item_thread_top'] = 1;
$arr['item_private'] = intval($acl->is_private());
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
- $arr['body'] = (($object) ? $args['body'] : $body . "\r\n" . $args['body']);
+ $arr['body'] = (($object) ? $args['body'] : $body . "\r\n" . $args['body']);
// this one is tricky because the item and the photo have the same permissions, those of the photo.
diff --git a/include/security.php b/include/security.php
index 9a25d9e0e..d4ebe0024 100644
--- a/include/security.php
+++ b/include/security.php
@@ -93,6 +93,7 @@ function change_channel($change_channel) {
$ret = false;
if($change_channel) {
+
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and channel_removed = 0 limit 1",
intval($change_channel),
intval(get_account_id())
@@ -136,14 +137,14 @@ function change_channel($change_channel) {
}
/**
- * @brief Creates an addiontal SQL where statement to check permissions.
+ * @brief Creates an additional SQL where statement to check permissions.
*
* @param int $owner_id
- * @param bool $remote_verified default false, not used at all
- * @param string $groups this param is not used at all
+ * @param bool $remote_observer - if unset use current observer
*
* @return string additional SQL where statement
*/
+
function permissions_sql($owner_id, $remote_observer = null) {
$local_channel = local_channel();
@@ -208,8 +209,7 @@ function permissions_sql($owner_id, $remote_observer = null) {
* @brief Creates an addiontal SQL where statement to check permissions for an item.
*
* @param int $owner_id
- * @param bool $remote_verified default false, not used at all
- * @param string $groups this param is not used at all
+ * @param bool $remote_observer, use current observer if unset
*
* @return string additional SQL where statement
*/
@@ -400,11 +400,9 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
}
-// Returns an array of group id's this contact is a member of.
-// This array will only contain group id's related to the uid of this
-// DFRN contact. They are *not* neccessarily unique across the entire site.
+// Returns an array of group hash id's on this entire site (across all channels) that this connection is a member of.
+// var $contact_id = xchan_hash of connection
-if(! function_exists('init_groups_visitor')) {
function init_groups_visitor($contact_id) {
$groups = array();
$r = q("SELECT hash FROM `groups` left join group_member on groups.id = group_member.gid WHERE xchan = '%s' ",
@@ -415,7 +413,7 @@ function init_groups_visitor($contact_id) {
$groups[] = $rr['hash'];
}
return $groups;
-}}
+}
diff --git a/include/zot.php b/include/zot.php
index 276afb03e..390407e4e 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -3798,6 +3798,7 @@ function zotinfo($arr) {
$ret['site'] = array();
$ret['site']['url'] = z_root();
$ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey']));
+ $ret['site']['zot_auth'] = z_root() . '/magic';
$dirmode = get_config('system','directory_mode');
if(($dirmode === false) || ($dirmode == DIRECTORY_MODE_NORMAL))