aboutsummaryrefslogtreecommitdiffstats
path: root/mod/post.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/post.php')
-rw-r--r--mod/post.php52
1 files changed, 40 insertions, 12 deletions
diff --git a/mod/post.php b/mod/post.php
index 6e35632da..2fcc74963 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -30,6 +30,7 @@ function post_init(&$a) {
** dest => the desired destination URL (urlencoded)
** sec => a random string which is also stored on $mysite for use during the verification phase.
** version => the zot revision
+ ** delegate => optional urlencoded webbie of a local channel to invoke delegation rights for
*
* When this packet is received, an "auth-check" zot message is sent to $mysite.
* (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post)
@@ -88,10 +89,12 @@ function post_init(&$a) {
$ret = array('success' => false, 'message' => '');
logger('mod_zot: auth request received.');
- $address = $_REQUEST['auth'];
- $desturl = $_REQUEST['dest'];
- $sec = $_REQUEST['sec'];
- $version = $_REQUEST['version'];
+ $address = $_REQUEST['auth'];
+ $desturl = $_REQUEST['dest'];
+ $sec = $_REQUEST['sec'];
+ $version = $_REQUEST['version'];
+ $delegate = $_REQUEST['delegate'];
+
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
// They are authenticating ultimately to the site and not to a particular channel.
@@ -158,6 +161,8 @@ function post_init(&$a) {
// Also check that they are coming from the same site as they authenticated with originally.
$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
+ if($delegate && $delegate !== $_SESSION['delegate_channel'])
+ $already_authed = false;
$j = array();
@@ -235,6 +240,8 @@ function post_init(&$a) {
}
goaway($desturl);
}
+
+
// log them in
if($test) {
@@ -243,16 +250,37 @@ function post_init(&$a) {
json_return_and_die($ret);
}
+ $delegation_success = false;
+ if($delegate) {
+ $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
+ dbesc($delegate)
+ );
+ if($r && intval($r[0]['channel_id'])) {
+ $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate');
+ if($allowed) {
+ $_SESSION['delegate_channel'] = $r[0]['channel_id'];
+ $_SESSION['delegate'] = $x[0]['xchan_hash'];
+ $_SESSION['account_id'] = intval($r[0]['channel_account_id']);
+ change_channel($r[0]['channel_id']);
+ $delegation_success = true;
+ }
+ }
+ }
+
+
+
$_SESSION['authenticated'] = 1;
- $_SESSION['visitor_id'] = $x[0]['xchan_hash'];
- $_SESSION['my_url'] = $x[0]['xchan_url'];
- $_SESSION['my_address'] = $address;
- $_SESSION['remote_service_class'] = $remote_service_class;
- $_SESSION['remote_level'] = $remote_level;
- $_SESSION['remote_hub'] = $remote_hub;
- $_SESSION['DNT'] = $DNT;
-
+ if(! $delegation_success) {
+ $_SESSION['visitor_id'] = $x[0]['xchan_hash'];
+ $_SESSION['my_url'] = $x[0]['xchan_url'];
+ $_SESSION['my_address'] = $address;
+ $_SESSION['remote_service_class'] = $remote_service_class;
+ $_SESSION['remote_level'] = $remote_level;
+ $_SESSION['remote_hub'] = $remote_hub;
+ $_SESSION['DNT'] = $DNT;
+ }
+
$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success',$arr);
$a->set_observer($x[0]);