From d3120264cb99b8c87ecce01795bbc96265028b47 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 17 Feb 2014 18:23:01 -0800 Subject: more snakebite stuff --- mod/rmagic.php | 52 +++++++++++++++++++++++++++++++++------------------- 1 file changed, 33 insertions(+), 19 deletions(-) (limited to 'mod/rmagic.php') diff --git a/mod/rmagic.php b/mod/rmagic.php index b8c1c6553..093ccd328 100644 --- a/mod/rmagic.php +++ b/mod/rmagic.php @@ -22,31 +22,45 @@ function rmagic_init(&$a) { function rmagic_post(&$a) { - $address = $_REQUEST['address']; - if(strpos($address,'@') === false) { - notice('Invalid address.'); - return; - } + $address = trim($_REQUEST['address']); + $other = intval($_REQUEST['other']); - $r = null; - if($address) { - $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", - dbesc($address) - ); - } - if($r) { - $url = $r[0]['hubloc_url']; + if($other) { + $arr = array('address' => $address); + call_hooks('reverse_magic_auth', $arr); + + + // if they're still here... + notice( t('Authentication failed.') . EOL); + return; } else { - $url = 'https://' . substr($address,strpos($address,'@')+1); - } - if($url) { - $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string); - goaway($url . '/magic' . '?f=&dest=' . $dest); - } + // Presumed Red identity. Perform reverse magic auth + if(strpos($address,'@') === false) { + notice('Invalid address.'); + return; + } + $r = null; + if($address) { + $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", + dbesc($address) + ); + } + if($r) { + $url = $r[0]['hubloc_url']; + } + else { + $url = 'https://' . substr($address,strpos($address,'@')+1); + } + + if($url) { + $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string); + goaway($url . '/magic' . '?f=&dest=' . $dest); + } + } } -- cgit v1.2.3