From dd5725c2725b742473ce285dce8573da37fb8053 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sat, 22 Sep 2012 02:00:24 -0700
Subject: making magic

---
 mod/magic.php | 41 ++++++++++++++---------------------------
 version.inc   |  2 +-
 2 files changed, 15 insertions(+), 28 deletions(-)

diff --git a/mod/magic.php b/mod/magic.php
index 9473af6ea..656fb9fad 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -5,7 +5,7 @@ function magic_init(&$a) {
 	$url = ((x($_REQUEST,'url')) ? $_REQUEST['url'] : '');
 
 
-	if(local_user() && $argc() > 1 && intval(argv(1))) {
+	if(local_user() && argc() > 1 && intval(argv(1))) {
 
 		$cid = $argv(1);
 
@@ -21,11 +21,14 @@ function magic_init(&$a) {
 		$sec = random_string();
 
 		// Here's how it works in zot... still a fair bit of code to write
-		// Originator (us) posts our id/sig/location/location_sig with a random tracking code.
-		// The other site will call us back asynchronously and do the verification dance.
-		// Once that has happened, we will be issued an encrypted token
-		// We'll redirect to the site with the decrypted token (which is good for one use).  
-
+		// Create a random tracking code and store it
+		// Originator (us) redirects to remote connect url with callback URL and tracking code.
+		// Remote calls us back asynchronously to verify we sent the tracking code.
+		// Reply with a json document providing the identity details
+		// Remote verifies these match a known identity and the site matches a known location
+		// (especially including the current location)
+		// Once that has happened, the original redirect will be given an authenticated session 
+		// and redirected to the chosen page.
 
 
 
@@ -38,31 +41,15 @@ function magic_init(&$a) {
 			intval(time() + 45)
 		);
 
+		$local_callback = z_root() . '/auth';
 
+		logger('mod_magic: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); 
+		$dest = (($url) ? '&url=' . urlencode($url) : '');
+		goaway ($hubloc['hubloc_connect'] . "?f=&cb=" . urlencode($local_callback) . $dest . "&token=" . $token);
 
-		$postvars = array();
-
-		$postvars['tracking'] = $sec;
-		
-
-		$ret = $z_post_url($hubloc['hubloc_connect'],$postvars);
-		if($ret['success']) {
-			$j = json_decode($ret['body']);
-			if($j->result && $j->token) {
-				$token = openssl_private_decrypt($j->token,$channel['prvkey']);
-
-
-
-
-
-				logger('mod_magic: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); 
-				$dest = (($url) ? '&destination_url=' . $url : '');
-				goaway ($hubloc['hubloc_connect'] . "?f=" . $dest . "&token=" . $token);
-			}
-
-		}
 	}
 
+
 	if(local_user())
 		$handle = $a->user['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3);
 	if(remote_user())
diff --git a/version.inc b/version.inc
index 8f6893a76..0acbe2abe 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2012-09-20.83
+2012-09-21.84
-- 
cgit v1.2.3