From 3c8f8b76aa35eed1e612cb20537b8648bef3daca Mon Sep 17 00:00:00 2001 From: Zot Date: Thu, 25 Apr 2019 11:54:37 +0200 Subject: hubloc confusion in magic auth --- Zotlabs/Module/Magic.php | 4 ++-- Zotlabs/Module/Owa.php | 26 ++++++++++++++++++++++---- 2 files changed, 24 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 71737eef8..e8e960574 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -169,8 +169,8 @@ class Magic extends \Zotlabs\Web\Controller { $token = $j['token']; } - $x = strpbrk($dest,'?&'); - $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + $strp = strpbrk($dest,'?&'); + $args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index ad57f883c..cf116a96c 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -30,12 +30,29 @@ class Owa extends \Zotlabs\Web\Controller { $keyId = $sigblock['keyId']; if($keyId) { + + // Hubzilla connections can have both zot and zot6 hublocs + // The connections will usually be zot so match those first + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ", dbesc(str_replace('acct:','',$keyId)), dbesc($keyId) ); - if(! $r) { + + // If nothing was found, try searching on any network + + if (! $r) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) + ); + } + + // If nothing was found on any network, use network discovery and create a new record + + if (! $r) { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if($found) { $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash @@ -45,7 +62,8 @@ class Owa extends \Zotlabs\Web\Controller { ); } } - if($r) { + + if ($r) { foreach($r as $hubloc) { $verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid']) { @@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller { logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); $ret['success'] = true; $token = random_string(32); - \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']); + \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']); $result = ''; openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); $ret['encrypted_token'] = base64url_encode($result); -- cgit v1.2.3 From e2dfa1d72f36ecc85059a7f2a38084a4919eb704 Mon Sep 17 00:00:00 2001 From: Zot Date: Fri, 26 Apr 2019 09:34:58 +0200 Subject: import/export zot6 hublocs+xchans --- Zotlabs/Module/Import.php | 47 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index a48c690a7..18cb5560e 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -280,8 +280,9 @@ class Import extends \Zotlabs\Web\Controller { // replace any existing xchan we may have on this site if we're seizing control - $r = q("delete from xchan where xchan_hash = '%s'", - dbesc($channel['channel_hash']) + $r = q("delete from xchan where ( xchan_hash = '%s' or xchan_hash = '%s' ) ", + dbesc($channel['channel_hash']), + dbesc($channel['channel_portable_id']) ); $r = xchan_store_lowlevel( @@ -303,6 +304,30 @@ class Import extends \Zotlabs\Web\Controller { 'xchan_name_date' => datetime_convert() ] ); + + if($channel['channel_portable_id']) { + $r = xchan_store_lowlevel( + [ + 'xchan_hash' => \Zotlabs\Lib\Libzot::make_xchan_hash($channel['channel_guid'],$channel['channel_pubkey']), + 'xchan_guid' => $channel['channel_guid'], + 'xchan_guid_sig' => 'sha256.' . $channel['channel_guid_sig'], + 'xchan_pubkey' => $channel['channel_pubkey'], + 'xchan_photo_l' => z_root() . "/photo/profile/l/" . $channel['channel_id'], + 'xchan_photo_m' => z_root() . "/photo/profile/m/" . $channel['channel_id'], + 'xchan_photo_s' => z_root() . "/photo/profile/s/" . $channel['channel_id'], + 'xchan_addr' => channel_reddress($channel), + 'xchan_url' => z_root() . '/channel/' . $channel['channel_address'], + 'xchan_connurl' => z_root() . '/poco/' . $channel['channel_address'], + 'xchan_follow' => z_root() . '/follow?f=&url=%s', + 'xchan_name' => $channel['channel_name'], + 'xchan_network' => 'zot6', + 'xchan_photo_date' => datetime_convert(), + 'xchan_name_date' => datetime_convert() + ] + ); + } + + } logger('import step 6'); @@ -312,10 +337,20 @@ class Import extends \Zotlabs\Web\Controller { if($xchans) { foreach($xchans as $xchan) { - $hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']); - if($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) { - logger('forged xchan: ' . print_r($xchan,true)); - continue; + if($xchan['xchan_network'] === 'zot') { + $hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']); + if($hash !== $xchan['xchan_hash']) { + logger('forged xchan: ' . print_r($xchan,true)); + continue; + } + } + + if($xchan['xchan_network'] === 'zot6') { + $zhash = \Zotlabs\Lib\Libzot::make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_pubkey']); + if($zhash !== $xchan['xchan_hash']) { + logger('forged xchan: ' . print_r($xchan,true)); + continue; + } } if(! array_key_exists('xchan_hidden',$xchan)) { -- cgit v1.2.3 From eb44201c5f9cc80aca3c4704cc35b9d5fb766b71 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Sat, 27 Apr 2019 21:38:54 +0200 Subject: Use goaway() base function --- Zotlabs/Module/Photo.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 30670c329..0dc6d0194 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -173,8 +173,7 @@ class Photo extends \Zotlabs\Web\Controller { // SSLify if needed if(strpos(z_root(),'https:') !== false && strpos($url,'https:') === false) $url = z_root() . '/sslify/' . $filename . '?f=&url=' . urlencode($url); - header("Location: " . $url); - killme(); + goaway($url); } } } -- cgit v1.2.3 From 405e07f0a232445e179e2df821e77007f3b6d33d Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 27 Apr 2019 23:01:05 +0200 Subject: improve channel date query --- Zotlabs/Module/Channel.php | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index d4ef94e06..144c2472a 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -46,14 +46,14 @@ class Channel extends Controller { $channel = App::get_channel(); if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; - $profile = argv(1); - } + $which = $channel['channel_address']; + $profile = argv(1); + } $channel = channelx_by_nick($which); - if(! $channel) { - http_status_exit(404, 'Not found'); - } + if(! $channel) { + http_status_exit(404, 'Not found'); + } // handle zot6 channel discovery @@ -310,10 +310,6 @@ class Channel extends Controller { $sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2)))); } - if($datequery || $datequery2) { - $sql_extra2 .= " and item.item_thread_top != 0 "; - } - if($order === 'post') $ordering = "created"; else @@ -342,7 +338,7 @@ class Channel extends Controller { AND (abook.abook_blocked = 0 or abook.abook_flags is null) AND item.item_wall = 1 AND item.item_thread_top = 1 $sql_extra $sql_extra2 - ORDER BY $ordering DESC $pager_sql ", + ORDER BY $ordering DESC, item_id $pager_sql ", intval(App::$profile['profile_uid']) ); } -- cgit v1.2.3