From ee1d52749733c1de7e88ede6c63f155215e1ae1c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 16:15:47 -0700 Subject: comment on the setup page about the possible need for intermediate certs. --- Zotlabs/Module/New_channel.php | 4 ++-- Zotlabs/Module/Setup.php | 10 ++++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index 30d7c83c6..1dcf84fb0 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -62,7 +62,7 @@ class New_channel extends \Zotlabs\Web\Controller { } - function post() { + function post() { $arr = $_POST; @@ -96,7 +96,7 @@ class New_channel extends \Zotlabs\Web\Controller { } - function get() { + function get() { $acc = \App::get_account(); diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index c4878e217..c5d0ccc21 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -596,7 +596,7 @@ class Setup extends \Zotlabs\Web\Controller { if(! is_writable('store')) { $status = false; - $help = t('Red uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL; + $help = t('This software uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL; $help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL; } @@ -639,6 +639,9 @@ class Setup extends \Zotlabs\Web\Controller { $help .= t('If your certificate is not recognized, members of other sites (who may themselves have valid certificates) will get a warning message on their own site complaining about security issues.') . EOL; $help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL; $help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL; + + $help .= t('If you are confident that the certificate is valid and signed by a trusted authority, check to see if you have failed to install an intermediate cert. These are not normally required by browsers, but are required for server-to-server communications.') . EOL; + $this->check_add($checks, t('SSL certificate validation'), false, true, $help); } @@ -695,6 +698,7 @@ class Setup extends \Zotlabs\Web\Controller { // install the standard theme set_config('system', 'allowed_themes', 'redbasic'); + // Set a lenient list of ciphers if using openssl. Other ssl engines // (e.g. NSS used in RedHat) require different syntax, so hopefully // the default curl cipher list will work for most sites. If not, @@ -704,7 +708,9 @@ class Setup extends \Zotlabs\Web\Controller { // z_fetch_url() is also used to import shared links and other content // so in theory most any cipher could show up and we should do our best // to make the content available rather than tell folks that there's a - // weird SSL error which they can't do anything about. + // weird SSL error which they can't do anything about. This does not affect + // the SSL server, but is only a client negotiation to find something workable. + // Hence it will not make your system susceptible to POODL or other nasties. $x = curl_version(); if(stristr($x['ssl_version'],'openssl')) -- cgit v1.2.3 From 3704ff57cb65dce6ddd17136580e3bf82e7d97f2 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 16:50:06 -0700 Subject: replace [+] and [-] with chevron icons --- Zotlabs/Lib/ThreadItem.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index f724ac95d..6625b7b52 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -418,7 +418,7 @@ class ThreadItem { if(($nb_children > $visible_comments) || ($thread_level > 1)) { $result['children'][0]['comment_firstcollapsed'] = true; $result['children'][0]['num_comments'] = $comment_count_txt; - $result['children'][0]['hide_text'] = t('[+] show all'); + $result['children'][0]['hide_text'] = sprintf( t('%s show all'), ''); if($thread_level > 1) { $result['children'][$nb_children - 1]['comment_lastcollapsed'] = true; } -- cgit v1.2.3 From b155e93ab134759f3d31a509d197916a5af84adb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 19:04:00 -0700 Subject: add letsencrypt x3 intermediate cert and new cert file, improve UX of new registrations --- Zotlabs/Module/Register.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 7cd1ee501..6afa4a94c 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -259,7 +259,8 @@ class Register extends \Zotlabs\Web\Controller { '$email' => $email, '$pass1' => $password, '$pass2' => $password2, - '$submit' => ((UNO || $auto_create || $registration_is) ? t('Register') : t('Proceed to create your first channel')) + '$submit' => t('Register'), + '$verify_note' => t('This site may require email verification after submitting this form. If you are returned to a login page, please check your email for instructions.') )); return $o; -- cgit v1.2.3 From 30a5fe30617ef19d7cb896783442d43277ce5a8e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 19:53:35 -0700 Subject: provide a daemon for implementing zot magic-auth over curl. --- Zotlabs/Daemon/CurlAuth.php | 52 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 Zotlabs/Daemon/CurlAuth.php (limited to 'Zotlabs') diff --git a/Zotlabs/Daemon/CurlAuth.php b/Zotlabs/Daemon/CurlAuth.php new file mode 100644 index 000000000..d0296a729 --- /dev/null +++ b/Zotlabs/Daemon/CurlAuth.php @@ -0,0 +1,52 @@ + 0 && $line[0] != '#' && substr_count($line, "\t") == 6) { + $tokens = explode("\t", $line); + $tokens = array_map('trim', $tokens); + if($tokens[4] > time()) { + $output .= $line . "\n"; + } + } + else + $output .= $line; + } + } + } + + file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tFALSE\t0\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0)); + + killme(); + } +} \ No newline at end of file -- cgit v1.2.3 From 7d7f43c2056fd50ff26aed5df553bf4936ead196 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 27 Jun 2016 22:25:37 -0700 Subject: still working through some issues with curl magic-auth fixed profile photo upload --- Zotlabs/Daemon/CurlAuth.php | 7 +++++-- Zotlabs/Lib/SuperCurl.php | 15 +++++++++++++++ Zotlabs/Module/Cover_photo.php | 2 +- Zotlabs/Module/Profile_photo.php | 5 ++--- 4 files changed, 23 insertions(+), 6 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Daemon/CurlAuth.php b/Zotlabs/Daemon/CurlAuth.php index d0296a729..be12bc779 100644 --- a/Zotlabs/Daemon/CurlAuth.php +++ b/Zotlabs/Daemon/CurlAuth.php @@ -15,7 +15,7 @@ class CurlAuth { if($argc != 2) killme(); - session_start(); + \App::$session->start(); $_SESSION['authenticated'] = 1; $_SESSION['uid'] = $argv[1]; @@ -23,6 +23,7 @@ class CurlAuth { $x = session_id(); $f = 'store/[data]/cookie_' . $argv[1]; + $c = 'store/[data]/cookien_' . $argv[1]; $e = file_exists($f); @@ -44,8 +45,10 @@ class CurlAuth { } } } + $t = time() + (24 * 3600); + file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tTRUE\t$t\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0)); - file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tFALSE\t0\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0)); + file_put_contents($c,$x); killme(); } diff --git a/Zotlabs/Lib/SuperCurl.php b/Zotlabs/Lib/SuperCurl.php index 40ca1addb..fd47c399c 100644 --- a/Zotlabs/Lib/SuperCurl.php +++ b/Zotlabs/Lib/SuperCurl.php @@ -26,6 +26,7 @@ class SuperCurl { private $request_method = 'GET'; private $upload = false; + private $cookies = false; private function set_data($s) { @@ -62,6 +63,11 @@ class SuperCurl { case 'http_auth': $this->auth = $v; break; + case 'magicauth': + $this->magicauth = $v; + \Zotlabs\Daemon\Master::Summon([ 'CurlAuth', $v ]); + sleep(2); + break; case 'custom': $this->request_method = $v; break; @@ -90,8 +96,17 @@ class SuperCurl { function exec() { $opts = $this->curlopts; + $url = $this->url; if($this->auth) $opts['http_auth'] = $this->auth; + if($this->magicauth) { + $opts['cookiejar'] = 'store/[data]/cookie_' . $this->magicauth; + $opts['cookiefile'] = 'store/[data]/cookie_' . $this->magicauth; + $opts['cookie'] = 'PHPSESSID=' . trim(file_get_contents('store/[data]/cookien_' . $this->magicauth)); + $c = channelx_by_n($this->magicauth); + if($c) + $url = zid($this->url,$c['channel_address'] . '@' . \App::get_hostname()); + } if($this->custom) $opts['custom'] = $this->custom; if($this->headers) diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index 9887b8203..886958b37 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -50,7 +50,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo'); - if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { + if((array_key_exists('cropfinal',$_POST)) && ($_POST['cropfinal'] == 1)) { // phase 2 - we have finished cropping diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 62c5e99ae..9359b80f8 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -53,7 +53,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); - if((array_key_exists('postfinal',$_POST)) && (intval($_POST['cropfinal']) == 1)) { + if((array_key_exists('cropfinal',$_POST)) && (intval($_POST['cropfinal']) == 1)) { // phase 2 - we have finished cropping @@ -90,12 +90,11 @@ class Profile_photo extends \Zotlabs\Web\Controller { $srcY = $_POST['ystart']; $srcW = $_POST['xfinal'] - $srcX; $srcH = $_POST['yfinal'] - $srcY; - + $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND imgscale = %d LIMIT 1", dbesc($image_id), dbesc(local_channel()), intval($scale)); - if($r) { $base_image = $r[0]; -- cgit v1.2.3