diff --git a/include/permissions.php b/include/permissions.php
index 420591c54..0cbb5b984 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -89,7 +89,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
 
 		if($observer_xchan) {
 			if(! $abook_checked) {
-				$x = q("select abook_my_perms, abook_flags from abook 
+				$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
 					where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
 					intval($uid),
 					dbesc($observer_xchan),
@@ -137,9 +137,9 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
 			continue;
 		}
 
-		// If we're still here, we have an observer, which means they're in the network.
+		// If we're still here, we have an observer, check the network.
 
-		if($r[0][$channel_perm] & PERMS_NETWORK) {
+		if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot')) {
 			$ret[$perm_name] = true;
 			continue;
 		}
@@ -240,7 +240,8 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
 		return false;
 
 	if($observer_xchan) {
-		$x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
+		$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash 
+			where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
 			intval($uid),
 			dbesc($observer_xchan),
 			intval(ABOOK_FLAG_SELF)
@@ -272,9 +273,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
 		return false;
 	}
 
-	// If we're still here, we have an observer, which means they're in the network.
+	// If we're still here, we have an observer, check the network.
 
-	if($r[0][$channel_perm] & PERMS_NETWORK)
+	if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot'))
 		return true;
 
 
diff --git a/mod/rmagic.php b/mod/rmagic.php
index b8c1c6553..093ccd328 100644
--- a/mod/rmagic.php
+++ b/mod/rmagic.php
@@ -22,31 +22,45 @@ function rmagic_init(&$a) {
 
 function rmagic_post(&$a) {
 
-	$address = $_REQUEST['address'];
-	if(strpos($address,'@') === false) {
-		notice('Invalid address.');
+	$address = trim($_REQUEST['address']);
+	$other = intval($_REQUEST['other']);
+
+	if($other) {
+		$arr = array('address' => $address);
+		call_hooks('reverse_magic_auth', $arr);		
+
+
+		// if they're still here...
+		notice( t('Authentication failed.') . EOL);		
 		return;
 	}
-
-	$r = null;
-	if($address) {
-		$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
-			dbesc($address)
-		);		
-	}
-	if($r) {
-		$url = $r[0]['hubloc_url'];
-	}
 	else {
-		$url = 'https://' . substr($address,strpos($address,'@')+1);
-	}	
 
-	if($url) {	
-		$dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
-		goaway($url . '/magic' . '?f=&dest=' . $dest);
+		// Presumed Red identity. Perform reverse magic auth
+
+		if(strpos($address,'@') === false) {
+			notice('Invalid address.');
+			return;
+		}
+
+		$r = null;
+		if($address) {
+			$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1",
+				dbesc($address)
+			);		
+		}
+		if($r) {
+			$url = $r[0]['hubloc_url'];
+		}
+		else {
+			$url = 'https://' . substr($address,strpos($address,'@')+1);
+		}	
+
+		if($url) {	
+			$dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
+			goaway($url . '/magic' . '?f=&dest=' . $dest);
+		}
 	}
-
-
 }