From fa5366bb95f3f9e241510f29054dbd4ceb0deb73 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 17:18:09 -0800 Subject: don't magic-auth against a deleted channel --- mod/post.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/mod/post.php b/mod/post.php index 56ab3e1e0..b425bc59d 100644 --- a/mod/post.php +++ b/mod/post.php @@ -111,18 +111,23 @@ function post_init(&$a) { $c = q("select * from channel where channel_address = '%s' limit 1", dbesc($webbie) ); + } + if(! $c) { + + // They are authenticating ultimately to the site and not to a particular channel. + // Any channel will do, providing it's currently active. We just need to have an + // identity to attach to the packet we send back. So find one. + + $c = q("select * from channel where not ( channel_pageflags & %d ) limit 1", + intval(PAGE_REMOVED) + ); + if(! $c) { - // They are authenticating ultimately to the site and not to a particular channel. - // Any channel will do. We just need to have an identity to attach to the - // packet we send back. - $c = q("select * from channel where true limit 1"); - if(! $c) - logger('mod_zot: auth: unable to find channel ' . $webbie); - // They'll get a notice when they hit the page, we don't need two of them. - // In fact we only need the name to map the destination, auth can proceed - // without it. + // nobody here + logger('mod_zot: auth: unable to find channel ' . $webbie); + goaway($desturl); } } -- cgit v1.2.3