From fa5366bb95f3f9e241510f29054dbd4ceb0deb73 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 1 Dec 2013 17:18:09 -0800
Subject: don't magic-auth against a deleted channel

---
 mod/post.php | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'mod')

diff --git a/mod/post.php b/mod/post.php
index 56ab3e1e0..b425bc59d 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -111,18 +111,23 @@ function post_init(&$a) {
 			$c = q("select * from channel where channel_address = '%s' limit 1",
 				dbesc($webbie)
 			);
+		}
+		if(! $c) {
+
+			// They are authenticating ultimately to the site and not to a particular channel.
+			// Any channel will do, providing it's currently active. We just need to have an 
+			// identity to attach to the packet we send back. So find one. 
+
+			$c = q("select * from channel where not ( channel_pageflags & %d ) limit 1",
+				intval(PAGE_REMOVED)
+			);
+
 			if(! $c) {
-				// They are authenticating ultimately to the site and not to a particular channel.
-				// Any channel will do. We just need to have an identity to attach to the
-				// packet we send back.
 
-				$c = q("select * from channel where true limit 1");
-				if(! $c)
-					logger('mod_zot: auth: unable to find channel ' . $webbie);
-				// They'll get a notice when they hit the page, we don't need two of them. 
-				// In fact we only need the name to map the destination, auth can proceed
-				// without it.
+				// nobody here
 
+				logger('mod_zot: auth: unable to find channel ' . $webbie);
+				goaway($desturl);
 			}
 		}
 
-- 
cgit v1.2.3