mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-19 23:55:19 +00:00
more snakebite stuff
This commit is contained in:
parent
9b0ae023ff
commit
d3120264cb
2 changed files with 41 additions and 26 deletions
|
@ -89,7 +89,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
|
|||
|
||||
if($observer_xchan) {
|
||||
if(! $abook_checked) {
|
||||
$x = q("select abook_my_perms, abook_flags from abook
|
||||
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
|
||||
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
|
||||
intval($uid),
|
||||
dbesc($observer_xchan),
|
||||
|
@ -137,9 +137,9 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
|
|||
continue;
|
||||
}
|
||||
|
||||
// If we're still here, we have an observer, which means they're in the network.
|
||||
// If we're still here, we have an observer, check the network.
|
||||
|
||||
if($r[0][$channel_perm] & PERMS_NETWORK) {
|
||||
if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot')) {
|
||||
$ret[$perm_name] = true;
|
||||
continue;
|
||||
}
|
||||
|
@ -240,7 +240,8 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
|
|||
return false;
|
||||
|
||||
if($observer_xchan) {
|
||||
$x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
|
||||
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
|
||||
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
|
||||
intval($uid),
|
||||
dbesc($observer_xchan),
|
||||
intval(ABOOK_FLAG_SELF)
|
||||
|
@ -272,9 +273,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
|
|||
return false;
|
||||
}
|
||||
|
||||
// If we're still here, we have an observer, which means they're in the network.
|
||||
// If we're still here, we have an observer, check the network.
|
||||
|
||||
if($r[0][$channel_perm] & PERMS_NETWORK)
|
||||
if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot'))
|
||||
return true;
|
||||
|
||||
|
||||
|
|
|
@ -22,31 +22,45 @@ function rmagic_init(&$a) {
|
|||
|
||||
function rmagic_post(&$a) {
|
||||
|
||||
$address = $_REQUEST['address'];
|
||||
if(strpos($address,'@') === false) {
|
||||
notice('Invalid address.');
|
||||
$address = trim($_REQUEST['address']);
|
||||
$other = intval($_REQUEST['other']);
|
||||
|
||||
if($other) {
|
||||
$arr = array('address' => $address);
|
||||
call_hooks('reverse_magic_auth', $arr);
|
||||
|
||||
|
||||
// if they're still here...
|
||||
notice( t('Authentication failed.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
||||
$r = null;
|
||||
if($address) {
|
||||
$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
|
||||
dbesc($address)
|
||||
);
|
||||
}
|
||||
if($r) {
|
||||
$url = $r[0]['hubloc_url'];
|
||||
}
|
||||
else {
|
||||
$url = 'https://' . substr($address,strpos($address,'@')+1);
|
||||
}
|
||||
|
||||
if($url) {
|
||||
$dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
|
||||
goaway($url . '/magic' . '?f=&dest=' . $dest);
|
||||
// Presumed Red identity. Perform reverse magic auth
|
||||
|
||||
if(strpos($address,'@') === false) {
|
||||
notice('Invalid address.');
|
||||
return;
|
||||
}
|
||||
|
||||
$r = null;
|
||||
if($address) {
|
||||
$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
|
||||
dbesc($address)
|
||||
);
|
||||
}
|
||||
if($r) {
|
||||
$url = $r[0]['hubloc_url'];
|
||||
}
|
||||
else {
|
||||
$url = 'https://' . substr($address,strpos($address,'@')+1);
|
||||
}
|
||||
|
||||
if($url) {
|
||||
$dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
|
||||
goaway($url . '/magic' . '?f=&dest=' . $dest);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue