From 51024d382172c5e2e62bacc6d9103a1caa40e4a5 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 9 Mar 2019 12:58:03 -0800
Subject: authenticated fetch fixes

---
 include/zid.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

(limited to 'include/zid.php')

diff --git a/include/zid.php b/include/zid.php
index a37ebe1f6..0b12689ef 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -352,3 +352,51 @@ function owt_init($token) {
 
 	logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']);
 }
+
+
+function observer_auth($ob_hash) {
+
+	if($ob_hash === false) {
+		return;
+	}
+
+	$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
+		where hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' order by hubloc_id desc",
+		dbesc($ob_hash),
+		dbesc($ob_hash),
+		dbesc($ob_hash)
+	);
+
+	if(! $r) {
+		// finger them if they can't be found.
+		$wf = discover_by_webbie($ob_hash);
+		if($wf) {
+			$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
+				where hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' order by hubloc_id desc",
+				dbesc($ob_hash),
+				dbesc($ob_hash),
+				dbesc($ob_hash)
+			);
+		}
+	}
+	if(! $r) {
+		logger('unable to finger ' . $ob_hash);
+		return;
+	}
+
+	$hubloc = $r[0];
+
+	$_SESSION['authenticated'] = 1;
+
+	// normal visitor (remote_channel) login session credentials
+	$_SESSION['visitor_id'] = $hubloc['xchan_hash'];
+	$_SESSION['my_url'] = $hubloc['xchan_url'];
+	$_SESSION['my_address'] = $hubloc['hubloc_addr'];
+	$_SESSION['remote_hub'] = $hubloc['hubloc_url'];
+	$_SESSION['DNT'] = 1;
+
+	\App::set_observer($hubloc);
+	require_once('include/security.php');
+	\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
+
+}
-- 
cgit v1.2.3