From 24d119b8c4e94ed130577e4e4a8d17ea13c406ac Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 18 Feb 2014 20:59:25 -0800 Subject: introduce a new privacy level "PERMS_AUTHED" to indicate somebody that is able to successfully authenticate (but is not necessarily in this network). --- boot.php | 1 + include/auth.php | 2 +- include/permissions.php | 8 ++++++ mod/openid.php | 68 +++++++++++++++++++++++++++++++++++++++++++------ mod/settings.php | 3 ++- view/js/mod_settings.js | 24 ++++++++--------- 6 files changed, 84 insertions(+), 22 deletions(-) diff --git a/boot.php b/boot.php index b875014bd..1d8ec2143 100755 --- a/boot.php +++ b/boot.php @@ -279,6 +279,7 @@ define ( 'PERMS_NETWORK' , 0x0002 ); define ( 'PERMS_SITE' , 0x0004 ); define ( 'PERMS_CONTACTS' , 0x0008 ); define ( 'PERMS_SPECIFIC' , 0x0080 ); +define ( 'PERMS_AUTHED' , 0x0100 ); // Address book flags diff --git a/include/auth.php b/include/auth.php index 425715014..a3b028c73 100644 --- a/include/auth.php +++ b/include/auth.php @@ -93,7 +93,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p } } - $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1", + $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1", dbesc($_SESSION['visitor_id']) ); if($r) { diff --git a/include/permissions.php b/include/permissions.php index 0cbb5b984..eb1a7966f 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -88,6 +88,11 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { // These take priority over all other settings. if($observer_xchan) { + if($r[0][$channel_perm] & PERMS_AUTHED) { + $ret[$perm_name] = true; + continue; + } + if(! $abook_checked) { $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", @@ -240,6 +245,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return false; if($observer_xchan) { + if($r[0][$channel_perm] & PERMS_AUTHED) + return true; + $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", intval($uid), diff --git a/mod/openid.php b/mod/openid.php index e1c71f9ee..1ab8749ee 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -76,10 +76,11 @@ function openid_content(&$a) { // no xchan... // create one. - // We should probably probe the openid url. + // We should probably probe the openid url and figure out if they have any kind of social presence we might be able to + // scrape some identifying info from. $name = $authid; - $url = $_REQUEST['openid_identity']; + $url = trim($_REQUEST['openid_identity'],'/'); if(strpos($url,'http') === false) $url = 'https://' . $url; $pphoto = get_default_profile_photo(); @@ -115,19 +116,70 @@ function openid_content(&$a) { require_once('library/urlify/URLify.php'); $x = strtolower(URLify::transliterate($nick)); - if(! $addr) + if($nick & $host) $addr = $nick . '@' . $host; $network = 'unknown'; if($photosq) $pphoto = $photosq; - elseif($photo) - $pphoto = $photo; + elseif($photo_other) + $pphoto = $photo_other; + + $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype, + xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, + xchan_name_date, xchan_flags) + values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d) ", + dbesc($url), + dbesc(''), + dbesc(''), + dbesc(''), + dbesc('image/jpeg'), + dbesc($pphoto), + dbesc($addr), + dbesc($url), + dbesc(''), + dbesc(''), + dbesc(''), + dbesc($name), + dbesc($network), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval(XCHAN_FLAGS_HIDDEN) + ); + if($x) { + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($url) + ); + if($r) { + + $photos = import_profile_photo($pphoto,$url); + if($photos) { + $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', + xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", + dbesc(datetime_convert()), + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc($photos[3]), + dbesc($url) + ); + } - // add the xchan record and xconfig for the openid + set_xconfig($url,'system','openid',$authid); + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $r[0]['xchan_hash']; + $_SESSION['my_address'] = $r[0]['xchan_addr']; + $arr = array('xchan' => $r[0], 'session' => $_SESSION); + call_hooks('magic_auth_openid_success',$arr); + $a->set_observer($r[0]); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name'])); + logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); + if($_SESSION['return_url']) + goaway($_SESSION['return_url']); + goaway(z_root()); + } + } - // NOTREACHED - // actually it is reached until the other bits get written } } notice( t('Login failed.') . EOL); diff --git a/mod/settings.php b/mod/settings.php index 97965d0fd..5b0a8e8f2 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -798,6 +798,7 @@ function settings_content(&$a) { array( t('Anybody in your address book'), PERMS_CONTACTS), array( t('Anybody on this website'), PERMS_SITE), array( t('Anybody in this network'), PERMS_NETWORK), + array( t('Anybody authenticated'), PERMS_AUTHED), array( t('Anybody on the internet'), PERMS_PUBLIC) ); @@ -979,7 +980,7 @@ function settings_content(&$a) { '$h_descadvn' => t('Change the behaviour of this account for special situations'), '$pagetype' => $pagetype, '$expert' => feature_enabled(local_user(),'expert'), - '$hint' => t('Please enable expert mode (in Settings > Additional features) to adjust!'), + '$hint' => t('Please enable expert mode (in Settings > Additional features) to adjust!'), )); diff --git a/view/js/mod_settings.js b/view/js/mod_settings.js index 16101db57..8cd062f43 100644 --- a/view/js/mod_settings.js +++ b/view/js/mod_settings.js @@ -72,12 +72,12 @@ function channel_privacy_macro(n) { $('#id_profile_in_directory').val(0); } if(n == 2) { - $('#id_view_stream option').eq(5).attr('selected','selected'); - $('#id_view_profile option').eq(5).attr('selected','selected'); - $('#id_view_photos option').eq(5).attr('selected','selected'); - $('#id_view_contacts option').eq(5).attr('selected','selected'); - $('#id_view_storage option').eq(5).attr('selected','selected'); - $('#id_view_pages option').eq(5).attr('selected','selected'); + $('#id_view_stream option').eq(6).attr('selected','selected'); + $('#id_view_profile option').eq(6).attr('selected','selected'); + $('#id_view_photos option').eq(6).attr('selected','selected'); + $('#id_view_contacts option').eq(6).attr('selected','selected'); + $('#id_view_storage option').eq(6).attr('selected','selected'); + $('#id_view_pages option').eq(6).attr('selected','selected'); $('#id_send_stream option').eq(2).attr('selected','selected'); $('#id_post_wall option').eq(1).attr('selected','selected'); $('#id_post_comments option').eq(2).attr('selected','selected'); @@ -95,12 +95,12 @@ function channel_privacy_macro(n) { $('#id_profile_in_directory').val(1); } if(n == 3) { - $('#id_view_stream option').eq(5).attr('selected','selected'); - $('#id_view_profile option').eq(5).attr('selected','selected'); - $('#id_view_photos option').eq(5).attr('selected','selected'); - $('#id_view_contacts option').eq(5).attr('selected','selected'); - $('#id_view_storage option').eq(5).attr('selected','selected'); - $('#id_view_pages option').eq(5).attr('selected','selected'); + $('#id_view_stream option').eq(6).attr('selected','selected'); + $('#id_view_profile option').eq(6).attr('selected','selected'); + $('#id_view_photos option').eq(6).attr('selected','selected'); + $('#id_view_contacts option').eq(6).attr('selected','selected'); + $('#id_view_storage option').eq(6).attr('selected','selected'); + $('#id_view_pages option').eq(6).attr('selected','selected'); $('#id_send_stream option').eq(4).attr('selected','selected'); $('#id_post_wall option').eq(4).attr('selected','selected'); $('#id_post_comments option').eq(4).attr('selected','selected'); -- cgit v1.2.3