From 5949607d17bceb51d61c73b5c0dbc0fcc063bd04 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 21 Jan 2013 19:16:21 -0800
Subject: magic auth - it's mostly done or at least all the code bits are
 written and it looks in theory to be pretty secure and it doesn't white
 screen. Getting it to actually work(?), well we won't know how hard that will
 be until we get it on a couple of systems and try it. Magic auth on one box
 is a no-op because you're already authenticated.

---
 include/auth.php | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

(limited to 'include/auth.php')

diff --git a/include/auth.php b/include/auth.php
index c12432449..75a450dc8 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -64,14 +64,19 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 		goaway(z_root());
 	}
 
-//	if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
-//		$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
-//			intval($_SESSION['visitor_id'])
-//		);
-//		if(count($r)) {
-//			$a->contact = $r[0];
-//		}
-//	}
+	if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
+		$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+			dbesc($_SESSION['visitor_id'])
+		);
+		if($r) {
+			get_app()->set_observer($r[0]);
+		}
+		else {
+			unset($_SESSION['visitor_id']);
+			unset($_SESSION['authenticated']);
+		}
+		$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+	}
 
 	if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
 
-- 
cgit v1.2.3