From dc8a46477b245dc89c3de69ddc61e83a2b8bd22a Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 1 Oct 2012 19:04:21 -0700 Subject: use hash for channel id --- include/identity.php | 27 +++++++++++++++++++++++---- include/security.php | 21 +++++++++++++++++++++ mod/manage.php | 18 ++++++------------ mod/zchannel.php | 4 ++++ 4 files changed, 54 insertions(+), 16 deletions(-) diff --git a/include/identity.php b/include/identity.php index 41d83b66d..1c552a21a 100644 --- a/include/identity.php +++ b/include/identity.php @@ -82,14 +82,18 @@ function create_identity($arr) { $ret['channel'] = $r[0]; set_default_login_identity($arr['account_id'],$ret['channel']['channel_id'],false); - + + $sig = base64url_encode(rsa_sign($ret['channel']['channel_global_id'],$ret['channel']['channel_prvkey'])); + $hash = base64url_encode(hash('whirlpool',$ret['channel']['channel_global_id'] . $sig,true)); + // Create a verified hub location pointing to this site. - $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_flags, + $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_flags, hubloc_url, hubloc_url_sig, hubloc_callback, hubloc_sitekey ) - values ( '%s', '%s', %d, '%s', '%s', '%s', '%s' )", + values ( '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s' )", dbesc($ret['channel']['channel_global_id']), - dbesc(base64url_encode(rsa_sign($ret['channel']['channel_global_id'],$ret['channel']['channel_prvkey']))), + dbesc($sig), + dbesc($hash), intval(($primary) ? HUBLOC_FLAGS_PRIMARY : 0), dbesc(z_root()), dbesc(base64url_encode(rsa_sign(z_root(),$ret['channel']['channel_prvkey']))), @@ -99,8 +103,23 @@ function create_identity($arr) { if(! $r) logger('create_identity: Unable to store hub location'); + $newuid = $ret['channel']['channel_id']; + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_photo, xchan_addr, xchan_profile, xchan_name ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s')", + dbesc($hash), + dbesc($ret['channel']['channel_global_id']), + dbesc($sig), + dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), + dbesc($ret['channel']['channel_address'] . '@' . $a->get_hostname()), + dbesc(z_root() . '/profile/' . $ret['channel']['channel_address']), + dbesc($ret['channel']['channel_name']) + ); + + // Not checking return value. + // It's ok for this to fail if it's an imported channel, and therefore the hash is a duplicate + + $r = q("INSERT INTO `profile` ( `aid`, `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`) VALUES ( %d, %d, '%s', %d, '%s', '%s', '%s') ", intval($ret['channel']['channel_account_id']), diff --git a/include/security.php b/include/security.php index e221ad59b..a85787588 100644 --- a/include/security.php +++ b/include/security.php @@ -220,6 +220,27 @@ function can_write_wall(&$a,$owner) { } +function change_channel($change_channel) { + + $r = false; + + if($change_channel) { + $r = q("select * from channel where channel_id = %d and channel_account_id = %d limit 1", + intval($change_channel), + intval(get_account_id()) + ); + if($r && count($r)) { + $_SESSION['uid'] = intval($r[0]['channel_id']); + get_app()->set_channel($r[0]); + $_SESSION['theme'] = $r[0]['channel_theme']; + date_default_timezone_set($r[0]['channel_timezone']); + } + } + + return $r; + +} + function permissions_sql($owner_id,$remote_verified = false,$groups = null) { $local_user = local_user(); diff --git a/mod/manage.php b/mod/manage.php index b9237822b..593ba4ae2 100644 --- a/mod/manage.php +++ b/mod/manage.php @@ -7,24 +7,18 @@ function manage_content(&$a) { return; } + require_once('include/security.php'); + $change_channel = ((argc() > 1) ? intval(argv(1)) : 0); + if($change_channel) { - $r = q("select * from channel where channel_id = %d and channel_account_id = %d limit 1", - intval($change_channel), - intval(get_account_id()) - ); - if($r && count($r)) { - $_SESSION['uid'] = intval($r[0]['channel_id']); - get_app()->set_channel($r[0]); - $_SESSION['theme'] = $r[0]['channel_theme']; - date_default_timezone_set($r[0]['channel_timezone']); - } - if($r[0]['channel_startpage']) + $r = change_channel($change_channel); + + if($r && $r[0]['channel_startpage']) goaway(z_root() . '/' . $r[0]['channel_startpage']); goaway(z_root()); } - $channels = null; if(local_user()) { diff --git a/mod/zchannel.php b/mod/zchannel.php index f401d91c6..eca22b0a9 100644 --- a/mod/zchannel.php +++ b/mod/zchannel.php @@ -73,6 +73,10 @@ function zchannel_post(&$a) { return; } + $newuid = $result['channel']['channel_id']; + + change_channel($result['channel']['channel_id']); + if(! strlen($next_page = get_config('system','workflow_channel_next'))) $next_page = 'settings'; -- cgit v1.2.3