diff options
Diffstat (limited to 'mod/post.php')
-rw-r--r-- | mod/post.php | 52 |
1 files changed, 40 insertions, 12 deletions
diff --git a/mod/post.php b/mod/post.php index 6e35632da..2fcc74963 100644 --- a/mod/post.php +++ b/mod/post.php @@ -30,6 +30,7 @@ function post_init(&$a) { ** dest => the desired destination URL (urlencoded) ** sec => a random string which is also stored on $mysite for use during the verification phase. ** version => the zot revision + ** delegate => optional urlencoded webbie of a local channel to invoke delegation rights for * * When this packet is received, an "auth-check" zot message is sent to $mysite. * (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post) @@ -88,10 +89,12 @@ function post_init(&$a) { $ret = array('success' => false, 'message' => ''); logger('mod_zot: auth request received.'); - $address = $_REQUEST['auth']; - $desturl = $_REQUEST['dest']; - $sec = $_REQUEST['sec']; - $version = $_REQUEST['version']; + $address = $_REQUEST['auth']; + $desturl = $_REQUEST['dest']; + $sec = $_REQUEST['sec']; + $version = $_REQUEST['version']; + $delegate = $_REQUEST['delegate']; + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); // They are authenticating ultimately to the site and not to a particular channel. @@ -158,6 +161,8 @@ function post_init(&$a) { // Also check that they are coming from the same site as they authenticated with originally. $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + if($delegate && $delegate !== $_SESSION['delegate_channel']) + $already_authed = false; $j = array(); @@ -235,6 +240,8 @@ function post_init(&$a) { } goaway($desturl); } + + // log them in if($test) { @@ -243,16 +250,37 @@ function post_init(&$a) { json_return_and_die($ret); } + $delegation_success = false; + if($delegate) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($delegate) + ); + if($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate'); + if($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $x[0]['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + change_channel($r[0]['channel_id']); + $delegation_success = true; + } + } + } + + + $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $x[0]['xchan_hash']; - $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $address; - $_SESSION['remote_service_class'] = $remote_service_class; - $_SESSION['remote_level'] = $remote_level; - $_SESSION['remote_hub'] = $remote_hub; - $_SESSION['DNT'] = $DNT; - + if(! $delegation_success) { + $_SESSION['visitor_id'] = $x[0]['xchan_hash']; + $_SESSION['my_url'] = $x[0]['xchan_url']; + $_SESSION['my_address'] = $address; + $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_level'] = $remote_level; + $_SESSION['remote_hub'] = $remote_hub; + $_SESSION['DNT'] = $DNT; + } + $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); call_hooks('magic_auth_success',$arr); $a->set_observer($x[0]); |