Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 23:55:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

more snakebite stuff

Browse source
This commit is contained in:
friendica 2014-02-17 18:23:01 -08:00
parent 9b0ae023ff
commit d3120264cb
2 changed files with 41 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
include/permissions.php
View file

@ -89,7 +89,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
if($observer_xchan) {
if(! $abook_checked) {
$x = q("select abook_my_perms, abook_flags from abook
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
intval($uid),
dbesc($observer_xchan),
@ -137,9 +137,9 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
continue;
}
// If we're still here, we have an observer, which means they're in the network.
// If we're still here, we have an observer, check the network.
if($r[0][$channel_perm] & PERMS_NETWORK) {
if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot')) {
$ret[$perm_name] = true;
continue;
}
@ -240,7 +240,8 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return false;
if($observer_xchan) {
$x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
intval($uid),
dbesc($observer_xchan),
intval(ABOOK_FLAG_SELF)
@ -272,9 +273,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return false;
}
// If we're still here, we have an observer, which means they're in the network.
// If we're still here, we have an observer, check the network.
if($r[0][$channel_perm] & PERMS_NETWORK)
if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot'))
return true;

54
mod/rmagic.php
View file

@ -22,31 +22,45 @@ function rmagic_init(&$a) {
function rmagic_post(&$a) {
$address = $_REQUEST['address'];
if(strpos($address,'@') === false) {
notice('Invalid address.');
$address = trim($_REQUEST['address']);
$other = intval($_REQUEST['other']);
if($other) {
$arr = array('address' => $address);
call_hooks('reverse_magic_auth', $arr);
// if they're still here...
notice( t('Authentication failed.') . EOL);
return;
}
$r = null;
if($address) {
$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
dbesc($address)
);
}
if($r) {
$url = $r[0]['hubloc_url'];
}
else {
$url = 'https://' . substr($address,strpos($address,'@')+1);
}
if($url) {
$dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
goaway($url . '/magic' . '?f=&dest=' . $dest);
// Presumed Red identity. Perform reverse magic auth
if(strpos($address,'@') === false) {
notice('Invalid address.');
return;
}
$r = null;
if($address) {
$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
dbesc($address)
);
}
if($r) {
$url = $r[0]['hubloc_url'];
}
else {
$url = 'https://' . substr($address,strpos($address,'@')+1);
}
if($url) {
$dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
goaway($url . '/magic' . '?f=&dest=' . $dest);
}
}
}