diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/chat.php | 2 | ||||
-rw-r--r-- | mod/cloud.php | 38 | ||||
-rw-r--r-- | mod/dreport.php | 43 | ||||
-rw-r--r-- | mod/item.php | 1 | ||||
-rw-r--r-- | mod/locs.php | 15 | ||||
-rw-r--r-- | mod/post.php | 250 |
6 files changed, 204 insertions, 145 deletions
diff --git a/mod/chat.php b/mod/chat.php index 9ad58bc32..ef9089b6f 100644 --- a/mod/chat.php +++ b/mod/chat.php @@ -67,7 +67,7 @@ function chat_post(&$a) { intval(local_channel()) ); - create_sync_packet(0, array('chatroom' => $x)); + build_sync_packet(0, array('chatroom' => $x)); if($x) goaway(z_root() . '/chat/' . $channel['channel_address'] . '/' . $x[0]['cr_id']); diff --git a/mod/cloud.php b/mod/cloud.php index 7f6dc0962..efb33f935 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -73,6 +73,8 @@ function cloud_init(&$a) { $server->addPlugin($lockPlugin); +/* This next bit should no longer be needed... */ + // The next section of code allows us to bypass prompting for http-auth if a // FILE is being accessed anonymously and permissions allow this. This way // one can create hotlinks to public media files in their cloud and anonymous @@ -83,24 +85,24 @@ function cloud_init(&$a) { // In order to avoid prompting for passwords for viewing a DIRECTORY, add // the URL query parameter 'davguest=1'. - $isapublic_file = false; - $davguest = ((x($_SESSION, 'davguest')) ? true : false); - - if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { - try { - $x = RedFileData('/' . $a->cmd, $auth); - if($x instanceof RedDAV\RedFile) - $isapublic_file = true; - } - catch (Exception $e) { - $isapublic_file = false; - } - } - - if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { - logger('mod_cloud: auth exception'); - http_status_exit(401, 'Permission denied.'); - } +// $isapublic_file = false; +// $davguest = ((x($_SESSION, 'davguest')) ? true : false); + +// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { +// try { +// $x = RedFileData('/' . $a->cmd, $auth); +// if($x instanceof RedDAV\RedFile) +// $isapublic_file = true; +// } +// catch (Exception $e) { +// $isapublic_file = false; +// } +// } + +// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { +// logger('mod_cloud: auth exception'); +// http_status_exit(401, 'Permission denied.'); +// } require_once('include/RedDAV/RedBrowser.php'); // provide a directory view for the cloud in Hubzilla diff --git a/mod/dreport.php b/mod/dreport.php new file mode 100644 index 000000000..a20e17372 --- /dev/null +++ b/mod/dreport.php @@ -0,0 +1,43 @@ +<?php + +function dreport_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied') . EOL); + return; + } + + $channel = $a->get_channel(); + + $mid = ((argc() > 1) ? argv(1) : ''); + + if(! $mid) { + notice( t('Invalid message') . EOL); + return; + } + + $r = q("select * from dreport where dreport_xchan = '%s' and dreport_mid = '%s'", + dbesc($channel['channel_hash']), + dbesc($mid) + ); + + if(! $r) { + notice( t('no results') . EOL); + return; + } + + + $o .= '<h2>' . sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...' . '</h2>'; + $o .= '<table>'; + + foreach($r as $rr) { + $name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' '))); + $o .= '<tr><td>' . $name . '</td><td>' . escape_tags($rr['dreport_result']) . '</td><td>' . escape_tags($rr['dreport_time']) . '</td></tr>'; + } + $o .= '</table>'; + + return $o; + + + +}
\ No newline at end of file diff --git a/mod/item.php b/mod/item.php index d0cf59091..93f24bd1a 100644 --- a/mod/item.php +++ b/mod/item.php @@ -641,6 +641,7 @@ function item_post(&$a) { $item_unseen = ((local_channel() != $profile_uid) ? 1 : 0); $item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0); $item_origin = (($origin) ? 1 : 0); + $item_consensus = (($consensus) ? 1 : 0); // determine if this is a wall post diff --git a/mod/locs.php b/mod/locs.php index 3f8bd9029..3c6a5da67 100644 --- a/mod/locs.php +++ b/mod/locs.php @@ -50,8 +50,17 @@ function locs_post(&$a) { return; } if(intval($r[0]['hubloc_primary'])) { - notice( t('Primary location cannot be removed.') . EOL); - return; + $x = q("select hubloc_id from hubloc where hubloc_primary = 1 and hubloc_hash = '%s'", + dbesc($channel['channel_hash']) + ); + if(! $x) { + notice( t('Location lookup failed.')); + return; + } + if(count($x) == 1) { + notice( t('Please select another location to become primary before removing the primary location.') . EOL); + return; + } } $r = q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d and hubloc_hash = '%s'", @@ -91,8 +100,6 @@ function locs_content(&$a) { $r[$x]['deleted'] = (intval($r[$x]['hubloc_deleted']) ? true : false); } - - $o = replace_macros(get_markup_template('locmanage.tpl'), array( '$header' => t('Manage Channel Locations'), '$loc' => t('Location (address)'), diff --git a/mod/post.php b/mod/post.php index dfda7db9d..00e599b49 100644 --- a/mod/post.php +++ b/mod/post.php @@ -117,7 +117,7 @@ function post_init(&$a) { } // Try and find a hubloc for the person attempting to auth - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc", dbesc($address) ); @@ -128,7 +128,7 @@ function post_init(&$a) { $j = json_decode($ret['body'], true); if ($j) import_xchan($j); - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc", dbesc($address) ); } @@ -144,152 +144,159 @@ function post_init(&$a) { goaway($desturl); } - logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] ); - // check credentials and access + foreach($x as $xx) { + logger('mod_zot: auth request received from ' . $xx['hubloc_addr'] ); - // If they are already authenticated and haven't changed credentials, - // we can save an expensive network round trip and improve performance. + // check credentials and access - $remote = remote_channel(); - $result = null; - $remote_service_class = ''; - $remote_level = 0; - $remote_hub = $x[0]['hubloc_url']; - $DNT = 0; + // If they are already authenticated and haven't changed credentials, + // we can save an expensive network round trip and improve performance. - // Also check that they are coming from the same site as they authenticated with originally. + $remote = remote_channel(); + $result = null; + $remote_service_class = ''; + $remote_level = 0; + $remote_hub = $xx['hubloc_url']; + $DNT = 0; - $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); - if($delegate && $delegate !== $_SESSION['delegate_channel']) - $already_authed = false; + // Also check that they are coming from the same site as they authenticated with originally. - $j = array(); + $already_authed = ((($remote) && ($xx['hubloc_hash'] == $remote) && ($xx['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + if($delegate && $delegate !== $_SESSION['delegate_channel']) + $already_authed = false; - if (! $already_authed) { + $j = array(); - // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key - // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender - // which can be verified - - $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); - if ($test) { - $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL; - $ret['message'] .= 'packet contents: ' . $p . EOL; - } - - $result = zot_zot($x[0]['hubloc_callback'],$p); + if (! $already_authed) { - if (! $result['success']) { - logger('mod_zot: auth_check callback failed.'); + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key + // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender + // which can be verified + + $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $xx['hubloc_guid'],'guid_sig' => $xx['hubloc_guid_sig'])), $xx['hubloc_sitekey'], $sec); if ($test) { - $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; - json_return_and_die($ret); - } - - goaway($desturl); - } - $j = json_decode($result['body'], true); - if (! $j) { - logger('mod_zot: auth_check json data malformed.'); - if($test) { - $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; - json_return_and_die($ret); + $ret['message'] .= 'auth check packet created using sitekey ' . $xx['hubloc_sitekey'] . EOL; + $ret['message'] .= 'packet contents: ' . $p . EOL; } - } - } - if ($test) { - $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; - } + $result = zot_zot($xx['hubloc_callback'],$p); - if ($already_authed || $j['success']) { - if ($j['success']) { - // legit response, but we do need to check that this wasn't answered by a man-in-middle - if (! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { - logger('mod_zot: auth: final confirmation failed.'); + if (! $result['success']) { + logger('mod_zot: auth_check callback failed.'); if ($test) { - $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true); - json_return_and_die($ret); + $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; + continue; + } + continue; + } + $j = json_decode($result['body'], true); + if (! $j) { + logger('mod_zot: auth_check json data malformed.'); + if($test) { + $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; + continue; } - - goaway($desturl); } - if (array_key_exists('service_class',$j)) - $remote_service_class = $j['service_class']; - if (array_key_exists('level',$j)) - $remote_level = $j['level']; - if (array_key_exists('DNT',$j)) - $DNT = $j['DNT']; } - // everything is good... maybe - if(local_channel()) { - // tell them to logout if they're logged in locally as anything but the target remote account - // in which case just shut up because they don't need to be doing this at all. + if ($test) { + $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; + } - if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) { - logger('mod_zot: auth: already authenticated locally as somebody else.'); - notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); - if ($test) { - $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; - json_return_and_die($ret); + if ($already_authed || $j['success']) { + if ($j['success']) { + // legit response, but we do need to check that this wasn't answered by a man-in-middle + if (! rsa_verify($sec . $xx['xchan_hash'],base64url_decode($j['confirm']),$xx['xchan_pubkey'])) { + logger('mod_zot: auth: final confirmation failed.'); + if ($test) { + $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($xx,true); + continue; + } + + continue; } + if (array_key_exists('service_class',$j)) + $remote_service_class = $j['service_class']; + if (array_key_exists('level',$j)) + $remote_level = $j['level']; + if (array_key_exists('DNT',$j)) + $DNT = $j['DNT']; + } + // everything is good... maybe + if(local_channel()) { + + // tell them to logout if they're logged in locally as anything but the target remote account + // in which case just shut up because they don't need to be doing this at all. + + if ($a->channel['channel_hash'] != $xx['xchan_hash']) { + logger('mod_zot: auth: already authenticated locally as somebody else.'); + notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); + if ($test) { + $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; + continue; + } + } + continue; } - goaway($desturl); - } - // log them in + // log them in - if ($test) { - $ret['success'] = true; - $ret['message'] .= 'Authentication Success!' . EOL; - json_return_and_die($ret); - } + if ($test) { + $ret['success'] = true; + $ret['message'] .= 'Authentication Success!' . EOL; + json_return_and_die($ret); + } - $delegation_success = false; - if ($delegate) { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", - dbesc($delegate) - ); - if ($r && intval($r[0]['channel_id'])) { - $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate'); - if ($allowed) { - $_SESSION['delegate_channel'] = $r[0]['channel_id']; - $_SESSION['delegate'] = $x[0]['xchan_hash']; - $_SESSION['account_id'] = intval($r[0]['channel_account_id']); - require_once('include/security.php'); - change_channel($r[0]['channel_id']); - $delegation_success = true; + $delegation_success = false; + if ($delegate) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($delegate) + ); + if ($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$xx['xchan_hash'],'delegate'); + if ($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $xx['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + require_once('include/security.php'); + change_channel($r[0]['channel_id']); + $delegation_success = true; + } } } - } - $_SESSION['authenticated'] = 1; - if (! $delegation_success) { - $_SESSION['visitor_id'] = $x[0]['xchan_hash']; - $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $address; - $_SESSION['remote_service_class'] = $remote_service_class; - $_SESSION['remote_level'] = $remote_level; - $_SESSION['remote_hub'] = $remote_hub; - $_SESSION['DNT'] = $DNT; + $_SESSION['authenticated'] = 1; + if (! $delegation_success) { + $_SESSION['visitor_id'] = $xx['xchan_hash']; + $_SESSION['my_url'] = $xx['xchan_url']; + $_SESSION['my_address'] = $address; + $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_level'] = $remote_level; + $_SESSION['remote_hub'] = $remote_hub; + $_SESSION['DNT'] = $DNT; + } + + $arr = array('xchan' => $xx, 'url' => $desturl, 'session' => $_SESSION); + call_hooks('magic_auth_success',$arr); + $a->set_observer($xx); + require_once('include/security.php'); + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$xx['xchan_name'])); + logger('mod_zot: auth success from ' . $xx['xchan_addr']); + } + else { + if ($test) { + $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + continue; + } + logger('mod_zot: magic-auth failure - not authenticated: ' . $xx['xchan_addr']); } - $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); - call_hooks('magic_auth_success',$arr); - $a->set_observer($x[0]); - require_once('include/security.php'); - $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); - info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); - logger('mod_zot: auth success from ' . $x[0]['xchan_addr']); - } - else { - if($test) { - $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; - json_return_and_die($ret); + if ($test) { + $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + continue; } - logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); } /** @@ -299,14 +306,13 @@ function post_init(&$a) { * But z_root() probably isn't where you really want to go. */ + if(strstr($desturl,z_root() . '/rmagic')) + goaway(z_root()); + if ($test) { - $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; json_return_and_die($ret); } - if(strstr($desturl,z_root() . '/rmagic')) - goaway(z_root()); - goaway($desturl); } } |