From cc1e906825dd30f74d0a30190a7dd2a26d6b1642 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 4 Dec 2013 23:54:46 -0800
Subject: generate a small amount of entropy to avoid duplicate notifications
 from essentially simultaneous deliveries.

---
 mod/post.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'mod/post.php')

diff --git a/mod/post.php b/mod/post.php
index 627e13fa0..e589378dc 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -127,7 +127,7 @@ function post_init(&$a) {
 			goaway($desturl);
 		}
 
-		logger('mod_zot: auth request received from ' . $x[0]['xchan_addr'] ); 
+		logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] ); 
 
 		// check credentials and access
 
@@ -139,7 +139,9 @@ function post_init(&$a) {
 		$remote_service_class = '';
 		$remote_hub = $x[0]['hubloc_url'];
 
-		$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote)) ? true : false); 
+		// Also check that they are coming from the same site as they authenticated with originally.
+
+		$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); 
 
 		if(! $already_authed) {
 
-- 
cgit v1.2.3