From 09467be02aa60c69dbcf712034308772309f04c8 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 16 Dec 2017 19:19:51 -0500 Subject: [PATCH 01/12] Fix formatting include/security --- include/security.php | 142 +++++++++++++++++++------------------------ 1 file changed, 61 insertions(+), 81 deletions(-) diff --git a/include/security.php b/include/security.php index 6f6ef94b69..e6437db3c3 100644 --- a/include/security.php +++ b/include/security.php @@ -13,10 +13,11 @@ use Friendica\Database\DBM; * * @return string Hashed data */ -function cookie_hash($user) { - return(hash("sha256", Config::get("system", "site_prvkey"). - $user["prvkey"]. - $user["password"])); +function cookie_hash($user) +{ + return(hash("sha256", Config::get("system", "site_prvkey") . + $user["prvkey"] . + $user["password"])); } /** @@ -25,28 +26,35 @@ function cookie_hash($user) { * @param int $time * @param array $user Record from "user" table */ -function new_cookie($time, $user = array()) { - +function new_cookie($time, $user = array()) +{ if ($time != 0) { $time = $time + time(); } if ($user) { $value = json_encode(array("uid" => $user["uid"], - "hash" => cookie_hash($user), - "ip" => $_SERVER['REMOTE_ADDR'])); - } - else { + "hash" => cookie_hash($user), + "ip" => $_SERVER['REMOTE_ADDR'])); + } else { $value = ""; } - setcookie("Friendica", $value, $time, "/", "", - (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL), true); - + setcookie("Friendica", $value, $time, "/", "", (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL), true); } -function authenticate_success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) { - +/** + * @brief Sets the provided user's authenticated session + * + * @todo Should be moved to Friendica\Core\Session once it's created + * + * @param type $user_record + * @param type $login_initial + * @param type $interactive + * @param type $login_refresh + */ +function authenticate_success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) +{ $a = get_app(); $_SESSION['uid'] = $user_record['uid']; @@ -55,7 +63,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $_SESSION['authenticated'] = 1; $_SESSION['page_flags'] = $user_record['page-flags']; $_SESSION['my_url'] = System::baseUrl() . '/profile/' . $user_record['nickname']; - $_SESSION['my_address'] = $user_record['nickname'] . '@' . substr(System::baseUrl(),strpos(System::baseUrl(),'://')+3); + $_SESSION['my_address'] = $user_record['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3); $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; $a->user = $user_record; @@ -64,10 +72,10 @@ function authenticate_success($user_record, $login_initial = false, $interactive if ($a->user['login_date'] <= NULL_DATE) { $_SESSION['return_url'] = 'profile_photo/new'; $a->module = 'profile_photo'; - info( t("Welcome ") . $a->user['username'] . EOL); - info( t('Please upload a profile photo.') . EOL); + info(t("Welcome ") . $a->user['username'] . EOL); + info(t('Please upload a profile photo.') . EOL); } else { - info( t("Welcome back ") . $a->user['username'] . EOL); + info(t("Welcome back ") . $a->user['username'] . EOL); } } @@ -84,7 +92,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $master_record = $a->user; - if ((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) { + if ((x($_SESSION, 'submanage')) && intval($_SESSION['submanage'])) { $r = dba::fetch_first("SELECT * FROM `user` WHERE `uid` = ? LIMIT 1", intval($_SESSION['submanage']) ); @@ -112,10 +120,10 @@ function authenticate_success($user_record, $login_initial = false, $interactive } if ($login_initial) { - logger('auth_identities: ' . print_r($a->identities,true), LOGGER_DEBUG); + logger('auth_identities: ' . print_r($a->identities, true), LOGGER_DEBUG); } if ($login_refresh) { - logger('auth_identities refresh: ' . print_r($a->identities,true), LOGGER_DEBUG); + logger('auth_identities refresh: ' . print_r($a->identities, true), LOGGER_DEBUG); } $r = dba::fetch_first("SELECT * FROM `contact` WHERE `uid` = ? AND `self` LIMIT 1", $_SESSION['uid']); @@ -125,7 +133,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $_SESSION['cid'] = $a->cid; } - header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); + header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] . '"'); if ($login_initial || $login_refresh) { dba::update('user', array('login_date' => datetime_convert()), array('uid' => $_SESSION['uid'])); @@ -141,7 +149,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive // The cookie will be renewed automatically. // The week ensures that sessions will expire after some inactivity. if ($_SESSION['remember']) { - logger('Injecting cookie for remembered user '. $_SESSION['remember_user']['nickname']); + logger('Injecting cookie for remembered user ' . $_SESSION['remember_user']['nickname']); new_cookie(604800, $user_record); unset($_SESSION['remember']); } @@ -156,13 +164,11 @@ function authenticate_success($user_record, $login_initial = false, $interactive } } - - -function can_write_wall(App $a, $owner) { - +function can_write_wall(App $a, $owner) +{ static $verified = 0; - if ((! (local_user())) && (! (remote_user()))) { + if (!local_user() && !remote_user()) { return false; } @@ -173,10 +179,8 @@ function can_write_wall(App $a, $owner) { } if (remote_user()) { - // use remembered decision and avoid a DB lookup for each and every display item // DO NOT use this function if there are going to be multiple owners - // We have a contact-id for an authenticated remote user, this block determines if the contact // belongs to this page owner, and has the necessary permissions to post content @@ -196,7 +200,7 @@ function can_write_wall(App $a, $owner) { } } - if (! $cid) { + if (!$cid) { return false; } @@ -213,8 +217,7 @@ function can_write_wall(App $a, $owner) { if (DBM::is_result($r)) { $verified = 2; return true; - } - else { + } else { $verified = 1; } } @@ -223,9 +226,8 @@ function can_write_wall(App $a, $owner) { return false; } - -function permissions_sql($owner_id, $remote_verified = false, $groups = null) { - +function permissions_sql($owner_id, $remote_verified = false, $groups = null) +{ $local_user = local_user(); $remote_user = remote_user(); @@ -243,8 +245,7 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) { /** * Profile owner - everything is visible */ - - if (($local_user) && ($local_user == $owner_id)) { + if ($local_user && $local_user == $owner_id) { $sql = ''; } elseif ($remote_user) { /* @@ -255,7 +256,7 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) { * done this and passed the groups into this function. */ - if (! $remote_verified) { + if (!$remote_verified) { $r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", intval($remote_user), intval($owner_id) @@ -265,8 +266,8 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) { $groups = init_groups_visitor($remote_user); } } - if ($remote_verified) { + if ($remote_verified) { $gs = '<<>>'; // should be impossible to match if (is_array($groups) && count($groups)) { @@ -274,20 +275,6 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) { $gs .= '|<' . intval($g) . '>'; } - /* - * @TODO old-lost code found? - $sql = sprintf( - " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) - AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) - AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) - AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s') - ", - intval($remote_user), - intval($remote_user), - dbesc($gs), - dbesc($gs) - ); - */ $sql = sprintf( " AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s') AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) @@ -303,13 +290,12 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) { return $sql; } - -function item_permissions_sql($owner_id, $remote_verified = false, $groups = null) { - +function item_permissions_sql($owner_id, $remote_verified = false, $groups = null) +{ $local_user = local_user(); $remote_user = remote_user(); - /** + /* * Construct permissions * * default permissions - anonymous user @@ -321,9 +307,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul AND `item`.private = 0 "; - /** - * Profile owner - everything is visible - */ + // Profile owner - everything is visible if ($local_user && ($local_user == $owner_id)) { $sql = ''; } elseif ($remote_user) { @@ -334,7 +318,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul * If pre-verified, the caller is expected to have already * done this and passed the groups into this function. */ - if (! $remote_verified) { + if (!$remote_verified) { $r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", intval($remote_user), intval($owner_id) @@ -355,16 +339,6 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul } $sql = sprintf( - /*" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) - AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) - AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) - AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s'))) - ", - intval($remote_user), - intval($remote_user), - dbesc($gs), - dbesc($gs) -*/ " AND ( `item`.private = 0 OR ( `item`.private in (1,2) AND `item`.`wall` = 1 AND ( NOT (`item`.deny_cid REGEXP '<%d>' OR `item`.deny_gid REGEXP '%s') AND ( `item`.allow_cid REGEXP '<%d>' OR `item`.allow_gid REGEXP '%s' OR ( `item`.allow_cid = '' AND `item`.allow_gid = ''))))) @@ -380,7 +354,6 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul return $sql; } - /* * Functions used to protect against Cross-Site Request Forgery * The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key. @@ -392,7 +365,8 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul * Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are, * so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types). */ -function get_form_security_token($typename = '') { +function get_form_security_token($typename = '') +{ $a = get_app(); $timestamp = time(); @@ -401,7 +375,8 @@ function get_form_security_token($typename = '') { return $timestamp . '.' . $sec_hash; } -function check_form_security_token($typename = '', $formname = 'form_security_token') { +function check_form_security_token($typename = '', $formname = 'form_security_token') +{ if (!x($_REQUEST, $formname)) { return false; } @@ -423,19 +398,24 @@ function check_form_security_token($typename = '', $formname = 'form_security_to return ($sec_hash == $x[1]); } -function check_form_security_std_err_msg() { +function check_form_security_std_err_msg() +{ return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before submitting it.') . EOL; } -function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') { + +function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') +{ if (!check_form_security_token($typename, $formname)) { $a = get_app(); logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); - notice( check_form_security_std_err_msg() ); - goaway(System::baseUrl() . $err_redirect ); + notice(check_form_security_std_err_msg()); + goaway(System::baseUrl() . $err_redirect); } } -function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') { + +function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') +{ if (!check_form_security_token($typename, $formname)) { $a = get_app(); logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); From e16852c2f5e2668c5f78ccf88f9177d2dd54bc96 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 16 Dec 2017 19:21:56 -0500 Subject: [PATCH 02/12] Replace init_groups_visitor with Group::getIdsByContactId --- include/security.php | 24 +++--------------------- mod/cal.php | 3 ++- mod/display.php | 3 ++- mod/photos.php | 3 ++- mod/profile.php | 3 ++- mod/videos.php | 3 ++- src/Model/Group.php | 2 +- src/Protocol/DFRN.php | 3 ++- 8 files changed, 16 insertions(+), 28 deletions(-) diff --git a/include/security.php b/include/security.php index e6437db3c3..1a5629f935 100644 --- a/include/security.php +++ b/include/security.php @@ -5,6 +5,7 @@ use Friendica\Core\Config; use Friendica\Core\PConfig; use Friendica\Core\System; use Friendica\Database\DBM; +use Friendica\Model\Group; /** * @brief Calculate the hash that is needed for the "Friendica" cookie @@ -263,7 +264,7 @@ function permissions_sql($owner_id, $remote_verified = false, $groups = null) ); if (DBM::is_result($r)) { $remote_verified = true; - $groups = init_groups_visitor($remote_user); + $groups = Group::getIdsByContactId($remote_user); } } @@ -325,7 +326,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul ); if (DBM::is_result($r)) { $remote_verified = true; - $groups = init_groups_visitor($remote_user); + $groups = Group::getIdsByContactId($remote_user); } } if ($remote_verified) { @@ -424,22 +425,3 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f killme(); } } - -// Returns an array of group id's this contact is a member of. -// This array will only contain group id's related to the uid of this -// DFRN contact. They are *not* neccessarily unique across the entire site. - - -if (! function_exists('init_groups_visitor')) { -function init_groups_visitor($contact_id) { - $groups = array(); - $r = q("SELECT `gid` FROM `group_member` - WHERE `contact-id` = %d ", - intval($contact_id) - ); - if (DBM::is_result($r)) { - foreach ($r as $rr) - $groups[] = $rr['gid']; - } - return $groups; -}} diff --git a/mod/cal.php b/mod/cal.php index cef9857ea9..312489ef72 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -12,6 +12,7 @@ use Friendica\Core\PConfig; use Friendica\Core\System; use Friendica\Database\DBM; use Friendica\Model\Contact; +use Friendica\Model\Group; require_once 'include/event.php'; require_once 'include/redir.php'; @@ -127,7 +128,7 @@ function cal_content(App $a) { } } if($contact_id) { - $groups = init_groups_visitor($contact_id); + $groups = Group::getIdsByContactId($contact_id); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['profile_uid']) diff --git a/mod/display.php b/mod/display.php index 12b10f36f8..67e6f435ec 100644 --- a/mod/display.php +++ b/mod/display.php @@ -5,6 +5,7 @@ use Friendica\Core\Config; use Friendica\Core\System; use Friendica\Database\DBM; use Friendica\Model\Contact; +use Friendica\Model\Group; use Friendica\Protocol\DFRN; function display_init(App $a) { @@ -270,7 +271,7 @@ function display_content(App $a, $update = false, $update_uid = 0) { } if ($contact_id) { - $groups = init_groups_visitor($contact_id); + $groups = Group::getIdsByContactId($contact_id); $r = dba::fetch_first("SELECT * FROM `contact` WHERE `id` = ? AND `uid` = ? LIMIT 1", $contact_id, $a->profile['uid'] diff --git a/mod/photos.php b/mod/photos.php index 4741815758..68b9752b5e 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -9,6 +9,7 @@ use Friendica\Core\Config; use Friendica\Core\Worker; use Friendica\Database\DBM; use Friendica\Model\Contact; +use Friendica\Model\Group; use Friendica\Model\Photo; use Friendica\Network\Probe; use Friendica\Object\Image; @@ -1059,7 +1060,7 @@ function photos_content(App $a) { } } if ($contact_id) { - $groups = init_groups_visitor($contact_id); + $groups = Group::getIdsByContactId($contact_id); $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid) diff --git a/mod/profile.php b/mod/profile.php index 59835bd4cb..fe2475c7af 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -5,6 +5,7 @@ use Friendica\Core\Config; use Friendica\Core\PConfig; use Friendica\Core\System; use Friendica\Database\DBM; +use Friendica\Model\Group; require_once('include/contact_widgets.php'); require_once('include/redir.php'); @@ -137,7 +138,7 @@ function profile_content(App $a, $update = 0) { } if ($contact_id) { - $groups = init_groups_visitor($contact_id); + $groups = Group::getIdsByContactId($contact_id); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['profile_uid']) diff --git a/mod/videos.php b/mod/videos.php index bb0e0c237f..11b7e21be7 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -6,6 +6,7 @@ use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBM; use Friendica\Model\Contact; +use Friendica\Model\Group; require_once('include/items.php'); require_once('include/acl_selectors.php'); @@ -293,7 +294,7 @@ function videos_content(App $a) { } } if($contact_id) { - $groups = init_groups_visitor($contact_id); + $groups = Group::getIdsByContactId($contact_id); $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid) diff --git a/src/Model/Group.php b/src/Model/Group.php index a23b417cc9..db9ec331e4 100644 --- a/src/Model/Group.php +++ b/src/Model/Group.php @@ -61,7 +61,7 @@ class Group extends BaseObject * @param int $cid * @return array */ - private static function getIdsByContactId($cid) + public static function getIdsByContactId($cid) { $condition = ['contact-id' => $cid]; $stmt = dba::select('group_member', ['gid'], $condition); diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index eeedd6324d..070cf598ac 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -14,6 +14,7 @@ use Friendica\Core\Worker; use Friendica\Database\DBM; use Friendica\Model\Contact; use Friendica\Model\GContact; +use Friendica\Model\Group; use Friendica\Model\Profile; use Friendica\Model\User; use Friendica\Object\Image; @@ -167,7 +168,7 @@ class DFRN $contact = $r[0]; include_once 'include/security.php'; - $groups = init_groups_visitor($contact['id']); + $groups = Group::getIdsByContactId($contact['id']); if (count($groups)) { for ($x = 0; $x < count($groups); $x ++) From 1724dd3841d61442b065758049e4568598bcd752 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 16 Dec 2017 19:23:22 -0500 Subject: [PATCH 03/12] Make validate_url more intuitive - Remove the parameter passed by reference - Add modified url in return value --- include/identity.php | 11 ++++++----- include/network.php | 16 +++++++++------- mod/dfrn_request.php | 3 ++- mod/settings.php | 5 ++--- src/Model/User.php | 6 ++---- 5 files changed, 21 insertions(+), 20 deletions(-) diff --git a/include/identity.php b/include/identity.php index 79bfe3830b..9c315efbde 100644 --- a/include/identity.php +++ b/include/identity.php @@ -932,11 +932,12 @@ function get_my_url() function zrl_init(App $a) { - $tmp_str = get_my_url(); - if (validate_url($tmp_str)) { + $my_url = get_my_url(); + $my_url = validate_url($my_url); + if ($my_url) { // Is it a DDoS attempt? // The check fetches the cached value from gprobe to reduce the load for this system - $urlparts = parse_url($tmp_str); + $urlparts = parse_url($my_url); $result = Cache::get("gprobe:" . $urlparts["host"]); if ((!is_null($result)) && (in_array($result["network"], array(NETWORK_FEED, NETWORK_PHANTOM)))) { @@ -944,8 +945,8 @@ function zrl_init(App $a) return; } - Worker::add(PRIORITY_LOW, 'GProbe', $tmp_str); - $arr = array('zrl' => $tmp_str, 'url' => $a->cmd); + Worker::add(PRIORITY_LOW, 'GProbe', $my_url); + $arr = array('zrl' => $my_url, 'url' => $a->cmd); call_hooks('zrl_init', $arr); } } diff --git a/include/network.php b/include/network.php index 16c8185e1a..be5519d5c6 100644 --- a/include/network.php +++ b/include/network.php @@ -470,26 +470,28 @@ function http_status_exit($val, $description = array()) * and check DNS to see if it's real (or check if is a valid IP address) * * @param string $url The URL to be validated - * @return boolean True if it's a valid URL, fals if something wrong with it + * @return string|boolean The actual working URL, false else */ -function validate_url(&$url) +function validate_url($url) { if (Config::get('system', 'disable_url_validation')) { - return true; + return $url; } // no naked subdomains (allow localhost for tests) - if (strpos($url, '.') === false && strpos($url, '/localhost/') === false) + if (strpos($url, '.') === false && strpos($url, '/localhost/') === false) { return false; + } - if (substr($url, 0, 4) != 'http') + if (substr($url, 0, 4) != 'http') { $url = 'http://' . $url; + } - /// @TODO Really supress function outcomes? Why not find them + debug them? + /// @TODO Really suppress function outcomes? Why not find them + debug them? $h = @parse_url($url); if ((is_array($h)) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) { - return true; + return $url; } return false; diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index ec67586561..04ed71a6b4 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -377,7 +377,8 @@ function dfrn_request_post(App $a) { ); } else { - if (! validate_url($url)) { + $url = validate_url($url); + if (! $url) { notice( t('Invalid profile URL.') . EOL); goaway(System::baseUrl() . '/' . $a->cmd); return; // NOTREACHED diff --git a/mod/settings.php b/mod/settings.php index e3d650e089..f9482289d7 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -537,10 +537,9 @@ function settings_post(App $a) { // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) { - $tmp_str = $openid; - if (strlen($tmp_str) && validate_url($tmp_str)) { + if (strlen($tmp_str) && validate_url($openid)) { logger('updating openidserver'); - require_once('library/openid.php'); + require_once 'library/openid.php'; $open_id_obj = new LightOpenID; $open_id_obj->identity = $openid; $openidserver = $open_id_obj->discover($open_id_obj->identity); diff --git a/src/Model/User.php b/src/Model/User.php index f487de7661..99222f5229 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -198,8 +198,6 @@ class User $password = $password1; } - $tmp_str = $openid_url; - if ($using_invites) { if (!$invite_id) { throw new Exception(t('An invitation is required.')); @@ -212,7 +210,7 @@ class User if (!x($username) || !x($email) || !x($nickname)) { if ($openid_url) { - if (!validate_url($tmp_str)) { + if (!validate_url($openid_url)) { throw new Exception(t('Invalid OpenID url')); } $_SESSION['register'] = 1; @@ -235,7 +233,7 @@ class User throw new Exception(t('Please enter the required information.')); } - if (!validate_url($tmp_str)) { + if (!validate_url($openid_url)) { $openid_url = ''; } From 2cfcf433a33a7781d7ae79cf325ca7f0b72edeb3 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 16 Dec 2017 20:13:10 -0500 Subject: [PATCH 04/12] Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request --- mod/api.php | 70 +++++---- mod/bookmarklet.php | 16 +- mod/dfrn_request.php | 337 ++++++++++++++++--------------------------- 3 files changed, 164 insertions(+), 259 deletions(-) diff --git a/mod/api.php b/mod/api.php index cda97c729c..fdd9790c09 100644 --- a/mod/api.php +++ b/mod/api.php @@ -6,7 +6,8 @@ use Friendica\Database\DBM; require_once('include/api.php'); -function oauth_get_client($request){ +function oauth_get_client($request) +{ $params = $request->get_parameters(); @@ -15,8 +16,7 @@ function oauth_get_client($request){ $r = q("SELECT `clients`.* FROM `clients`, `tokens` WHERE `clients`.`client_id`=`tokens`.`client_id` - AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", - dbesc($token)); + AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", dbesc($token)); if (!DBM::is_result($r)) return null; @@ -24,57 +24,57 @@ function oauth_get_client($request){ return $r[0]; } -function api_post(App $a) { - - if (! local_user()) { - notice( t('Permission denied.') . EOL); +function api_post(App $a) +{ + if (!local_user()) { + notice(t('Permission denied.') . EOL); return; } - if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_user()) { - notice( t('Permission denied.') . EOL); + if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) { + notice(t('Permission denied.') . EOL); return; } - } -function api_content(App $a) { - if ($a->cmd=='api/oauth/authorize'){ +function api_content(App $a) +{ + if ($a->cmd == 'api/oauth/authorize') { /* * api/oauth/authorize interact with the user. return a standard page */ $a->page['template'] = "minimal"; - // get consumer/client from request token try { $request = OAuthRequest::from_request(); - } catch(Exception $e) { - echo "
"; var_dump($e); killme();
+		} catch (Exception $e) {
+			echo "
";
+			var_dump($e);
+			killme();
 		}
 
-
-		if (x($_POST,'oauth_yes')){
-
+		if (x($_POST, 'oauth_yes')) {
 			$app = oauth_get_client($request);
-			if (is_null($app)) return "Invalid request. Unknown token.";
+			if (is_null($app)) {
+				return "Invalid request. Unknown token.";
+			}
 			$consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
 
-			$verifier = md5($app['secret'].local_user());
+			$verifier = md5($app['secret'] . local_user());
 			Config::set("oauth", $verifier, local_user());
 
-
-			if ($consumer->callback_url!=null) {
+			if ($consumer->callback_url != null) {
 				$params = $request->get_parameters();
-				$glue="?";
-				if (strstr($consumer->callback_url,$glue)) $glue="?";
-				goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier));
+				$glue = "?";
+				if (strstr($consumer->callback_url, $glue)) {
+					$glue = "?";
+				}
+				goaway($consumer->callback_url . $glue . "oauth_token=" . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuthUtil::urlencode_rfc3986($verifier));
 				killme();
 			}
 
-
-
 			$tpl = get_markup_template("oauth_authorize_done.tpl");
 			$o = replace_macros($tpl, array(
 				'$title' => t('Authorize application connection'),
@@ -83,12 +83,9 @@ function api_content(App $a) {
 			));
 
 			return $o;
-
-
 		}
 
-
-		if (! local_user()) {
+		if (!local_user()) {
 			/// @TODO We need login form to redirect to this page
 			notice( t('Please login to continue.') . EOL );
 			return login(false,$request->get_parameters());
@@ -96,18 +93,17 @@ function api_content(App $a) {
 		//FKOAuth1::loginUser(4);
 
 		$app = oauth_get_client($request);
-		if (is_null($app)) return "Invalid request. Unknown token.";
-
-
-
+		if (is_null($app)) {
+			return "Invalid request. Unknown token.";
+		}
 
 		$tpl = get_markup_template('oauth_authorize.tpl');
 		$o = replace_macros($tpl, array(
 			'$title' => t('Authorize application connection'),
 			'$app' => $app,
 			'$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
-			'$yes'	=> t('Yes'),
-			'$no'	=> t('No'),
+			'$yes' => t('Yes'),
+			'$no' => t('No'),
 		));
 
 		return $o;
diff --git a/mod/bookmarklet.php b/mod/bookmarklet.php
index 785a2fbea1..e781536075 100644
--- a/mod/bookmarklet.php
+++ b/mod/bookmarklet.php
@@ -6,19 +6,21 @@ use Friendica\Core\System;
 require_once('include/conversation.php');
 require_once('include/items.php');
 
-function bookmarklet_init(App $a) {
+function bookmarklet_init(App $a)
+{
 	$_GET["mode"] = "minimal";
 }
 
-function bookmarklet_content(App $a) {
+function bookmarklet_content(App $a)
+{
 	if (!local_user()) {
-		$o = '
'.t('Login').'
';
 		$o .= login(($a->config['register_policy'] == REGISTER_CLOSED) ? false : true);
+		$o = '
' . t('Login') . '
';
 		return $o;
 	}
 
 	$referer = normalise_link($_SERVER["HTTP_REFERER"]);
-	$page = normalise_link(System::baseUrl()."/bookmarklet");
+	$page = normalise_link(System::baseUrl() . "/bookmarklet");
 
 	if (!strstr($referer, $page)) {
 		$content = add_page_info($_REQUEST["url"]);
@@ -30,7 +32,7 @@ function bookmarklet_content(App $a) {
 			'nickname' => $a->user['nickname'],
 			'lockstate' => ((is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid'])))) ? 'lock' : 'unlock'),
 			'default_perms' => get_acl_permissions($a->user),
-			'acl' => populate_acl($a->user,true),
+			'acl' => populate_acl($a->user, true),
 			'bang' => '',
 			'visitor' => 'block',
 			'profile_uid' => local_user(),
@@ -38,10 +40,10 @@ function bookmarklet_content(App $a) {
 			'title' => trim($_REQUEST["title"], "*"),
 			'content' => $content
 		);
-		$o = status_editor($a,$x, 0, false);
+		$o = status_editor($a, $x, 0, false);
 		$o .= "";
 	} else {
-		$o = '
'.t('The post was created').'
';
+		$o = '
' . t('The post was created') . '
';
 		$o .= "";
 	}
 
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 04ed71a6b4..6a4b6c4043 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -1,4 +1,5 @@
 argc != 2) || (! count($a->profile))) {
+function dfrn_request_post(App $a)
+{
+	if (($a->argc != 2) || (!count($a->profile))) {
 		logger('Wrong count of argc or profiles: argc=' . $a->argc . ',profile()=' . count($a->profile));
 		return;
 	}
 
-
-	if(x($_POST, 'cancel')) {
+	if (x($_POST, 'cancel')) {
 		goaway(System::baseUrl());
 	}
 
-
 	/*
-	 *
 	 * Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell
 	 * to confirm the request, and then we've clicked submit (perhaps after logging in).
 	 * That brings us here:
-	 *
 	 */
-
-	if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)) {
-
-		/*
-		 * Ensure this is a valid request
-		 */
-
-		if(local_user() && ($a->user['nickname'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) {
-
-
-			$dfrn_url    = notags(trim($_POST['dfrn_url']));
-			$aes_allow   = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
-			$confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : "");
-			$hidden = ((x($_POST,'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
+	if ((x($_POST, 'localconfirm')) && ($_POST['localconfirm'] == 1)) {
+		// Ensure this is a valid request
+		if (local_user() && ($a->user['nickname'] == $a->argv[1]) && (x($_POST, 'dfrn_url'))) {
+			$dfrn_url = notags(trim($_POST['dfrn_url']));
+			$aes_allow = (((x($_POST, 'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
+			$confirm_key = ((x($_POST, 'confirm_key')) ? $_POST['confirm_key'] : "");
+			$hidden = ((x($_POST, 'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
 			$contact_record = null;
 			$blocked = 1;
 			$pending = 1;
 
-			if(x($dfrn_url)) {
-
-				/*
-				 * Lookup the contact based on their URL (which is the only unique thing we have at the moment)
-				 */
-
+			if (x($dfrn_url)) {
+				// Lookup the contact based on their URL (which is the only unique thing we have at the moment)
 				$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1",
 					intval(local_user()),
 					dbesc(normalise_link($dfrn_url))
 				);
 
 				if (DBM::is_result($r)) {
-					if(strlen($r[0]['dfrn-id'])) {
-
-						/*
-						 * We don't need to be here. It has already happened.
-						 */
-
-						notice( t("This introduction has already been accepted.") . EOL );
+					if (strlen($r[0]['dfrn-id'])) {
+						// We don't need to be here. It has already happened.
+						notice(t("This introduction has already been accepted.") . EOL);
 						return;
-					}
-					else
+					} else
 						$contact_record = $r[0];
 				}
 
-				if(is_array($contact_record)) {
-					$r = q("UPDATE `contact` SET `ret-aes` = %d, hidden = %d WHERE `id` = %d",
-						intval($aes_allow),
-						intval($hidden),
-						intval($contact_record['id'])
+				if (is_array($contact_record)) {
+					$r = q("UPDATE `contact` SET `ret-aes` = %d, hidden = %d WHERE `id` = %d", intval($aes_allow), intval($hidden), intval($contact_record['id'])
 					);
-				}
-				else {
-
-					/*
-					 * Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
-					 */
-
+				} else {
+					// Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
 					$parms = Probe::profile($dfrn_url);
 
-					if (! count($parms)) {
-						notice( t('Profile location is not valid or does not contain profile information.') . EOL );
+					if (!count($parms)) {
+						notice(t('Profile location is not valid or does not contain profile information.') . EOL);
 						return;
-					}
-					else {
-						if (! x($parms,'fn')) {
-							notice( t('Warning: profile location has no identifiable owner name.') . EOL );
+					} else {
+						if (!x($parms, 'fn')) {
+							notice(t('Warning: profile location has no identifiable owner name.') . EOL);
 						}
-						if (! x($parms,'photo')) {
-							notice( t('Warning: profile location has no profile photo.') . EOL );
+						if (!x($parms, 'photo')) {
+							notice(t('Warning: profile location has no profile photo.') . EOL);
 						}
 						$invalid = Probe::validDfrn($parms);
 						if ($invalid) {
-							notice( sprintf( tt("%d required parameter was not found at the given location",
-												"%d required parameters were not found at the given location",
-												$invalid), $invalid) . EOL );
+							notice(sprintf(tt("%d required parameter was not found at the given location", "%d required parameters were not found at the given location", $invalid), $invalid) . EOL);
 							return;
 						}
 					}
@@ -152,10 +121,7 @@ function dfrn_request_post(App $a) {
 					// Escape the entire array
 					DBM::esc_array($parms);
 
-					/*
-					 * Create a contact record on our site for the other person
-					 */
-
+					// Create a contact record on our site for the other person
 					$r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `addr`, `name`, `nick`, `photo`, `site-pubkey`,
 						`request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`, `hidden`, `blocked`, `pending`)
 						VALUES ( %d, '%s', '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d)",
@@ -182,7 +148,7 @@ function dfrn_request_post(App $a) {
 				}
 
 				if ($r) {
-					info( t("Introduction complete.") . EOL);
+					info(t("Introduction complete.") . EOL);
 				}
 
 				$r = q("SELECT `id`, `network` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `site-pubkey` = '%s' LIMIT 1",
@@ -197,15 +163,12 @@ function dfrn_request_post(App $a) {
 						Contact::updateAvatar($photo, local_user(), $r[0]["id"], true);
 					}
 
-					$forwardurl = System::baseUrl()."/contacts/".$r[0]['id'];
+					$forwardurl = System::baseUrl() . "/contacts/" . $r[0]['id'];
 				} else {
-					$forwardurl = System::baseUrl()."/contacts";
+					$forwardurl = System::baseUrl() . "/contacts";
 				}
 
-				/*
-				 * Allow the blocked remote notification to complete
-				 */
-
+				// Allow the blocked remote notification to complete
 				if (is_array($contact_record)) {
 					$dfrn_request = $contact_record['request'];
 				}
@@ -215,18 +178,14 @@ function dfrn_request_post(App $a) {
 				}
 
 				// (ignore reply, nothing we can do it failed)
-
 				// Old: goaway(zrl($dfrn_url));
 				goaway($forwardurl);
 				return; // NOTREACHED
-
 			}
-
 		}
 
- 		// invalid/bogus request
-
-		notice( t('Unrecoverable protocol error.') . EOL );
+		// invalid/bogus request
+		notice(t('Unrecoverable protocol error.') . EOL);
 		goaway(System::baseUrl());
 		return; // NOTREACHED
 	}
@@ -252,9 +211,8 @@ function dfrn_request_post(App $a) {
 	 * in $a->argv[1] and we should have their complete info in $a->profile.
 	 *
 	 */
-
-	if(! (is_array($a->profile) && count($a->profile))) {
-		notice( t('Profile unavailable.') . EOL);
+	if (!(is_array($a->profile) && count($a->profile))) {
+		notice(t('Profile unavailable.') . EOL);
 		return;
 	}
 
@@ -268,32 +226,24 @@ function dfrn_request_post(App $a) {
 	$blocked = 1;
 	$pending = 1;
 
-
-	if( x($_POST,'dfrn_url')) {
-
-		/*
-		 * Block friend request spam
-		 */
-
-		if($maxreq) {
+	if (x($_POST, 'dfrn_url')) {
+		// Block friend request spam
+		if ($maxreq) {
 			$r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
-				dbesc(datetime_convert('UTC','UTC','now - 24 hours')),
+				dbesc(datetime_convert('UTC', 'UTC', 'now - 24 hours')),
 				intval($uid)
 			);
 			if (DBM::is_result($r) && count($r) > $maxreq) {
-				notice( sprintf( t('%s has received too many connection requests today.'),  $a->profile['name']) . EOL);
-				notice( t('Spam protection measures have been invoked.') . EOL);
-				notice( t('Friends are advised to please try again in 24 hours.') . EOL);
+				notice(sprintf(t('%s has received too many connection requests today.'), $a->profile['name']) . EOL);
+				notice(t('Spam protection measures have been invoked.') . EOL);
+				notice(t('Friends are advised to please try again in 24 hours.') . EOL);
 				return;
 			}
 		}
 
-		/*
-		 *
-		 * Cleanup old introductions that remain blocked.
+		/* Cleanup old introductions that remain blocked.
 		 * Also remove the contact record, but only if there is no existing relationship
 		 */
-
 		$r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
 			FROM `intro` LEFT JOIN `contact` on `intro`.`contact-id` = `contact`.`id`
 			WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0
@@ -301,7 +251,7 @@ function dfrn_request_post(App $a) {
 		);
 		if (DBM::is_result($r)) {
 			foreach ($r as $rr) {
-				if(! $rr['rel']) {
+				if (!$rr['rel']) {
 					q("DELETE FROM `contact` WHERE `id` = %d AND NOT `self`",
 						intval($rr['cid'])
 					);
@@ -312,11 +262,11 @@ function dfrn_request_post(App $a) {
 			}
 		}
 
-		$real_name = (x($_POST,'realname') ? notags(trim($_POST['realname'])) : '');
+		$real_name = x($_POST, 'realname') ? notags(trim($_POST['realname'])) : '';
 
 		$url = trim($_POST['dfrn_url']);
-		if(! strlen($url)) {
-			notice( t("Invalid locator") . EOL );
+		if (!strlen($url)) {
+			notice(t("Invalid locator") . EOL);
 			return;
 		}
 
@@ -327,10 +277,9 @@ function dfrn_request_post(App $a) {
 		$network = $data["network"];
 
 		// Canonicalise email-style profile locator
-		$url = Probe::webfingerDfrn($url,$hcard);
-
-		if (substr($url,0,5) === 'stat:') {
+		$url = Probe::webfingerDfrn($url, $hcard);
 
+		if (substr($url, 0, 5) === 'stat:') {
 			// Every time we detect the remote subscription we define this as OStatus.
 			// We do this even if it is not OStatus.
 			// we only need to pass this through another section of the code.
@@ -338,29 +287,27 @@ function dfrn_request_post(App $a) {
 				$network = NETWORK_OSTATUS;
 			}
 
-			$url = substr($url,5);
+			$url = substr($url, 5);
 		} else {
 			$network = NETWORK_DFRN;
 		}
 
 		logger('dfrn_request: url: ' . $url . ',network=' . $network, LOGGER_DEBUG);
 
-		if($network === NETWORK_DFRN) {
+		if ($network === NETWORK_DFRN) {
 			$ret = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1",
 				intval($uid),
 				dbesc($url)
 			);
 
 			if (DBM::is_result($ret)) {
-				if(strlen($ret[0]['issued-id'])) {
-					notice( t('You have already introduced yourself here.') . EOL );
+				if (strlen($ret[0]['issued-id'])) {
+					notice(t('You have already introduced yourself here.') . EOL);
 					return;
-				}
-				elseif($ret[0]['rel'] == CONTACT_IS_FRIEND) {
-					notice( sprintf( t('Apparently you are already friends with %s.'), $a->profile['name']) . EOL);
+				} elseif ($ret[0]['rel'] == CONTACT_IS_FRIEND) {
+					notice(sprintf(t('Apparently you are already friends with %s.'), $a->profile['name']) . EOL);
 					return;
-				}
-				else {
+				} else {
 					$contact_record = $ret[0];
 					$parms = array('dfrn-request' => $ret[0]['request']);
 				}
@@ -368,58 +315,53 @@ function dfrn_request_post(App $a) {
 
 			$issued_id = random_string();
 
-			if(is_array($contact_record)) {
+			if (is_array($contact_record)) {
 				// There is a contact record but no issued-id, so this
 				// is a reciprocal introduction from a known contact
 				$r = q("UPDATE `contact` SET `issued-id` = '%s' WHERE `id` = %d",
 					dbesc($issued_id),
 					intval($contact_record['id'])
 				);
-			}
-			else {
+			} else {
 				$url = validate_url($url);
-				if (! $url) {
-					notice( t('Invalid profile URL.') . EOL);
+				if (!$url) {
+					notice(t('Invalid profile URL.') . EOL);
 					goaway(System::baseUrl() . '/' . $a->cmd);
 					return; // NOTREACHED
 				}
 
-				if (! allowed_url($url)) {
-					notice( t('Disallowed profile URL.') . EOL);
+				if (!allowed_url($url)) {
+					notice(t('Disallowed profile URL.') . EOL);
 					goaway(System::baseUrl() . '/' . $a->cmd);
 					return; // NOTREACHED
 				}
 
 				if (blocked_url($url)) {
-					notice( t('Blocked domain') . EOL);
+					notice(t('Blocked domain') . EOL);
 					goaway(System::baseUrl() . '/' . $a->cmd);
 					return; // NOTREACHED
 				}
 
 				$parms = Probe::profile(($hcard) ? $hcard : $url);
 
-				if (! count($parms)) {
-					notice( t('Profile location is not valid or does not contain profile information.') . EOL );
+				if (!count($parms)) {
+					notice(t('Profile location is not valid or does not contain profile information.') . EOL);
 					goaway(System::baseUrl() . '/' . $a->cmd);
-				}
-				else {
-					if (! x($parms,'fn')) {
-						notice( t('Warning: profile location has no identifiable owner name.') . EOL );
+				} else {
+					if (!x($parms, 'fn')) {
+						notice(t('Warning: profile location has no identifiable owner name.') . EOL);
 					}
-					if (! x($parms,'photo')) {
-						notice( t('Warning: profile location has no profile photo.') . EOL );
+					if (!x($parms, 'photo')) {
+						notice(t('Warning: profile location has no profile photo.') . EOL);
 					}
 					$invalid = Probe::validDfrn($parms);
 					if ($invalid) {
-						notice( sprintf( tt("%d required parameter was not found at the given location",
-											"%d required parameters were not found at the given location",
-											$invalid), $invalid) . EOL );
+						notice(sprintf(tt("%d required parameter was not found at the given location", "%d required parameters were not found at the given location", $invalid), $invalid) . EOL);
 
 						return;
 					}
 				}
 
-
 				$parms['url'] = $url;
 				$parms['issued-id'] = $issued_id;
 				$photo = $parms["photo"];
@@ -461,10 +403,9 @@ function dfrn_request_post(App $a) {
 						Contact::updateAvatar($photo, $uid, $contact_record["id"], true);
 					}
 				}
-
 			}
 			if ($r === false) {
-				notice( t('Failed to update contact record.') . EOL );
+				notice(t('Failed to update contact record.') . EOL);
 				return;
 			}
 
@@ -483,43 +424,38 @@ function dfrn_request_post(App $a) {
 			}
 
 			// This notice will only be seen by the requestor if the requestor and requestee are on the same server.
-
-			if (! $failed) {
-				info( t('Your introduction has been sent.') . EOL );
+			if (!$failed) {
+				info(t('Your introduction has been sent.') . EOL);
 			}
 
 			// "Homecoming" - send the requestor back to their site to record the introduction.
-
 			$dfrn_url = bin2hex(System::baseUrl() . '/profile/' . $nickname);
 			$aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
 
 			goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url"
 				. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
-				. '&confirm_key='  . $hash
+				. '&confirm_key=' . $hash
 				. (($aes_allow) ? "&aes_allow=1" : "")
 			);
 			// NOTREACHED
 			// END $network === NETWORK_DFRN
 		} elseif (($network != NETWORK_PHANTOM) && ($url != "")) {
 
-			/*
-			 *
-			 * Substitute our user's feed URL into $url template
+			/* Substitute our user's feed URL into $url template
 			 * Send the subscriber home to subscribe
-			 *
 			 */
-
 			// Diaspora needs the uri in the format user@domain.tld
 			// Diaspora will support the remote subscription in a future version
 			if ($network == NETWORK_DIASPORA) {
-				$uri = $nickname.'@'.$a->get_hostname();
+				$uri = $nickname . '@' . $a->get_hostname();
 
-				if ($a->get_path())
-					$uri .= '/'.$a->get_path();
+				if ($a->get_path()) {
+					$uri .= '/' . $a->get_path();
+				}
 
 				$uri = urlencode($uri);
 			} else {
-				$uri = System::baseUrl().'/profile/'.$nickname;
+				$uri = System::baseUrl() . '/profile/' . $nickname;
 			}
 
 			$url = str_replace('{uri}', $uri, $url);
@@ -527,28 +463,23 @@ function dfrn_request_post(App $a) {
 			// NOTREACHED
 			// END $network != NETWORK_PHANTOM
 		} else {
-			notice(t("Remote subscription can't be done for your network. Please subscribe directly on your system.").EOL);
+			notice(t("Remote subscription can't be done for your network. Please subscribe directly on your system.") . EOL);
 			return;
 		}
-
-	}	return;
+	} return;
 }
 
-
-function dfrn_request_content(App $a) {
-
-	if (($a->argc != 2) || (! count($a->profile))) {
+function dfrn_request_content(App $a)
+{
+	if (($a->argc != 2) || (!count($a->profile))) {
 		return "";
 	}
 
-
 	// "Homecoming". Make sure we're logged in to this site as the correct user. Then offer a confirm button
 	// to send us to the post section to record the introduction.
-
-	if (x($_GET,'dfrn_url')) {
-
-		if (! local_user()) {
-			info( t("Please login to confirm introduction.") . EOL );
+	if (x($_GET, 'dfrn_url')) {
+		if (!local_user()) {
+			info(t("Please login to confirm introduction.") . EOL);
 			/* setup the return URL to come back to this page if they use openid */
 			$_SESSION['return_url'] = $a->query_string;
 			return login();
@@ -556,15 +487,14 @@ function dfrn_request_content(App $a) {
 
 		// Edge case, but can easily happen in the wild. This person is authenticated,
 		// but not as the person who needs to deal with this request.
-
 		if ($a->user['nickname'] != $a->argv[1]) {
-			notice( t("Incorrect identity currently logged in. Please login to this profile.") . EOL);
 			return login();
+			notice(t("Incorrect identity currently logged in. Please login to this profile.") . EOL);
 		}
 
 		$dfrn_url = notags(trim(hex2bin($_GET['dfrn_url'])));
-		$aes_allow = (((x($_GET,'aes_allow')) && ($_GET['aes_allow'] == 1)) ? 1 : 0);
-		$confirm_key = (x($_GET,'confirm_key') ? $_GET['confirm_key'] : "");
+		$aes_allow = x($_GET, 'aes_allow') && $_GET['aes_allow'] == 1 ? 1 : 0;
+		$confirm_key = x($_GET, 'confirm_key') ? $_GET['confirm_key'] : "";
 
 		// Checking fastlane for validity
 		if (x($_SESSION, "fastlane") && (normalise_link($_SESSION["fastlane"]) == normalise_link($dfrn_url))) {
@@ -581,34 +511,29 @@ function dfrn_request_content(App $a) {
 		}
 
 		$tpl = get_markup_template("dfrn_req_confirm.tpl");
-		$o  = replace_macros($tpl,array(
+		$o = replace_macros($tpl, array(
 			'$dfrn_url' => $dfrn_url,
 			'$aes_allow' => (($aes_allow) ? '' : "" ),
 			'$hidethem' => t('Hide this contact'),
 			'$hidechecked' => '',
 			'$confirm_key' => $confirm_key,
-			'$welcome' => sprintf( t('Welcome home %s.'), $a->user['username']),
-			'$please' => sprintf( t('Please confirm your introduction/connection request to %s.'), $dfrn_url),
+			'$welcome' => sprintf(t('Welcome home %s.'), $a->user['username']),
+			'$please' => sprintf(t('Please confirm your introduction/connection request to %s.'), $dfrn_url),
 			'$submit' => t('Confirm'),
 			'$uid' => $_SESSION['uid'],
 			'$nickname' => $a->user['nickname'],
 			'dfrn_rawurl' => $_GET['dfrn_url']
-			));
+		));
 		return $o;
-
-	}
-	elseif((x($_GET,'confirm_key')) && strlen($_GET['confirm_key'])) {
-
+	} elseif ((x($_GET, 'confirm_key')) && strlen($_GET['confirm_key'])) {
 		// we are the requestee and it is now safe to send our user their introduction,
 		// We could just unblock it, but first we have to jump through a few hoops to
 		// send an email, or even to find out if we need to send an email.
-
 		$intro = q("SELECT * FROM `intro` WHERE `hash` = '%s' LIMIT 1",
 			dbesc($_GET['confirm_key'])
 		);
 
 		if (DBM::is_result($intro)) {
-
 			$r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
 				WHERE `contact`.`id` = %d LIMIT 1",
 				intval($intro[0]['contact-id'])
@@ -617,11 +542,11 @@ function dfrn_request_content(App $a) {
 			$auto_confirm = false;
 
 			if (DBM::is_result($r)) {
-				if(($r[0]['page-flags'] != PAGE_NORMAL) && ($r[0]['page-flags'] != PAGE_PRVGROUP))
+				if ($r[0]['page-flags'] != PAGE_NORMAL && $r[0]['page-flags'] != PAGE_PRVGROUP) {
 					$auto_confirm = true;
+				}
 
-				if(! $auto_confirm) {
-
+				if (!$auto_confirm) {
 					notification(array(
 						'type'         => NOTIFY_INTRO,
 						'notify_flags' => $r[0]['notify-flags'],
@@ -638,7 +563,7 @@ function dfrn_request_content(App $a) {
 					));
 				}
 
-				if($auto_confirm) {
+				if ($auto_confirm) {
 					require_once 'mod/dfrn_confirm.php';
 					$handsfree = array(
 						'uid'      => $r[0]['uid'],
@@ -646,14 +571,13 @@ function dfrn_request_content(App $a) {
 						'dfrn_id'  => $r[0]['issued-id'],
 						'intro_id' => $intro[0]['id'],
 						'duplex'   => (($r[0]['page-flags'] == PAGE_FREELOVE) ? 1 : 0),
-						'activity' => intval(PConfig::get($r[0]['uid'],'system','post_newfriend'))
+						'activity' => intval(PConfig::get($r[0]['uid'], 'system', 'post_newfriend'))
 					);
-					dfrn_confirm_post($a,$handsfree);
+					dfrn_confirm_post($a, $handsfree);
 				}
-
 			}
 
-			if(! $auto_confirm) {
+			if (!$auto_confirm) {
 
 				// If we are auto_confirming, this record will have already been nuked
 				// in dfrn_confirm_post()
@@ -666,53 +590,39 @@ function dfrn_request_content(App $a) {
 
 		killme();
 		return; // NOTREACHED
-	}
-	else {
-
-		/*
-		 * Normal web request. Display our user's introduction form.
-		 */
-
-		if((Config::get('system','block_public')) && (! local_user()) && (! remote_user())) {
-			if(! Config::get('system','local_block')) {
-				notice( t('Public access denied.') . EOL);
+	} else {
+		// Normal web request. Display our user's introduction form.
+		if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
+			if (!Config::get('system', 'local_block')) {
+				notice(t('Public access denied.') . EOL);
 				return;
 			}
 		}
 
-
-		/*
-		 * Try to auto-fill the profile address
-		 */
-
+		// Try to auto-fill the profile address
 		// At first look if an address was provided
 		// Otherwise take the local address
-		if (x($_GET,'addr') && ($_GET['addr'] != "")) {
+		if (x($_GET, 'addr') && ($_GET['addr'] != "")) {
 			$myaddr = hex2bin($_GET['addr']);
-		} elseif (x($_GET,'address') && ($_GET['address'] != "")) {
+		} elseif (x($_GET, 'address') && ($_GET['address'] != "")) {
 			$myaddr = $_GET['address'];
 		} elseif (local_user()) {
 			if (strlen($a->path)) {
 				$myaddr = System::baseUrl() . '/profile/' . $a->user['nickname'];
 			} else {
-				$myaddr = $a->user['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(),'://') + 3 );
+				$myaddr = $a->user['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
 			}
 		} else {
 			// last, try a zrl
 			$myaddr = get_my_url();
 		}
 
-		$target_addr = $a->profile['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(),'://') + 3 );
+		$target_addr = $a->profile['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
 
-
-		/*
-		 *
-		 * The auto_request form only has the profile address
+		/* The auto_request form only has the profile address
 		 * because nobody is going to read the comments and
 		 * it doesn't matter if they know you or not.
-		 *
 		 */
-
 		if ($a->profile['page-flags'] == PAGE_NORMAL) {
 			$tpl = get_markup_template('dfrn_request.tpl');
 		} else {
@@ -726,20 +636,17 @@ function dfrn_request_content(App $a) {
 			get_server()
 		);
 
-		$o = replace_macros($tpl,array(
+		$o = replace_macros($tpl, array(
 			'$header' => t('Friend/Connection Request'),
 			'$desc' => t('Examples: jojo@demo.friendica.com, http://demo.friendica.com/profile/jojo, testuser@gnusocial.de'),
 			'$pls_answer' => t('Please answer the following:'),
-			'$does_know_you' => array('knowyou', sprintf(t('Does %s know you?'),$a->profile['name']), false, '', array(t('No'), t('Yes'))),
-			/*'$does_know' => sprintf( t('Does %s know you?'),$a->profile['name']),
-			'$yes' => t('Yes'),
-			'$no' => t('No'), */
+			'$does_know_you' => array('knowyou', sprintf(t('Does %s know you?'), $a->profile['name']), false, '', array(t('No'), t('Yes'))),
 			'$add_note' => t('Add a personal note:'),
 			'$page_desc' => $page_desc,
 			'$friendica' => t('Friendica'),
 			'$statusnet' => t('GNU Social (Pleroma, Mastodon)'),
 			'$diaspora' => t('Diaspora (Socialhome, Hubzilla)'),
-			'$diasnote' => sprintf (t(' - please do not use this form.  Instead, enter %s into your Diaspora search bar.'),$target_addr),
+			'$diasnote' => sprintf(t(' - please do not use this form.  Instead, enter %s into your Diaspora search bar.'), $target_addr),
 			'$your_address' => t('Your Identity Address:'),
 			'$invite_desc' => $invite_desc,
 			'$submit' => t('Submit Request'),

From 190a765731827a2f52a58ff830470a176aabaf4d Mon Sep 17 00:00:00 2001
From: Hypolite Petovan 
Date: Sun, 17 Dec 2017 10:00:40 -0500
Subject: [PATCH 05/12] Fix Notice and formatting in frio

---
 view/theme/frio/php/default.php | 238 +++++++++++++++++---------------
 1 file changed, 125 insertions(+), 113 deletions(-)

diff --git a/view/theme/frio/php/default.php b/view/theme/frio/php/default.php
index ee71029929..768dd122f9 100644
--- a/view/theme/frio/php/default.php
+++ b/view/theme/frio/php/default.php
@@ -6,140 +6,152 @@
 ?>
 
 
 
-
-	<?php if(x($page,'title')) echo $page['title'] ?>
-	
-	
-	
-	
-	
-	
-	profile_uid;
-		if (is_null($uid)) {
-			$uid = get_theme_uid();
-		}
-		$schema = PConfig::get($uid, 'frio', 'schema');
-		if (($schema) && ($schema != '---')) {
-			if (file_exists('view/theme/frio/schema/'.$schema.'.php')) {
-				$schemefile = 'view/theme/frio/schema/'.$schema.'.php';
-				require_once($schemefile);
-			}
-		} else {
-			$nav_bg = PConfig::get($uid, 'frio', 'nav_bg');
-		}
-		if (!$nav_bg) {
-			$nav_bg = "#708fa0";
-		}
-		echo '';
-	?>
-
-
+	
+		<?php if (x($page, 'title')) echo $page['title'] ?>
+		
+		
+		
 ";
-}
-else
-{
-	echo"";
-}
+	$baseurl = System::baseUrl();
+	$frio = "view/theme/frio";
+	// Because we use minimal for modals the header and the included js stuff should be only loaded
+	// if the page is an standard page (so we don't have it twice for modals)
+	//
+	/// @todo Think about to move js stuff in the footer
+	if (!$minimal && x($page, 'htmlhead')) {
+		echo $page['htmlhead'];
+	}
+	// Add the theme color meta
+	// It makes mobile Chrome UI match Frio's top bar color.
+	$uid = $a->profile_uid;
+	if (is_null($uid)) {
+		$uid = get_theme_uid();
+	}
+	$schema = PConfig::get($uid, 'frio', 'schema');
+	if (($schema) && ($schema != '---')) {
+		if (file_exists('view/theme/frio/schema/' . $schema . '.php')) {
+			$schemefile = 'view/theme/frio/schema/' . $schema . '.php';
+			require_once $schemefile;
+		}
+	} else {
+		$nav_bg = PConfig::get($uid, 'frio', 'nav_bg');
+	}
+	if (!$nav_bg) {
+		$nav_bg = "#708fa0";
+	}
+	echo '
+		';
 ?>
-Skip to main content
+	
+	
+		Skip to main content
 
-		

+		

+			
 			

 		

-	

-		

-			

 
-						"; if(x($page,'aside')) echo $page['aside']; echo"
-						"; if(x($page,'right_aside')) echo $page['right_aside']; echo"
+	} else {
+		// the style for all other pages
+?>
+		

+			

+				

+';
+
+						if (x($page, 'aside')) {
+							echo $page['aside'];
+						}
+
+						if (x($page, 'right_aside')) {
+							echo $page['right_aside'];
+						}
+
+						echo '
 					
 
-					

-						
argv[0]; echo "-content-wrapper\">";
-								if(x($page,'content')) echo $page['content']; echo"
-								
 
+					

+						
';
+						if (x($page, 'content')) {
+							echo $page['content'];
+						}
+						echo '
+								
 
 						

 					

-						";
-				}
-				else
-				{
-					echo"
-					

-						"; if(x($page,'content')) echo $page['content']; echo"
+						';
+					} else {
+						echo '
+					
';
+						if (x($page, 'content')) {
+							echo $page['content'];
+						}
+						echo '
 					

-					";
-				}
+					';
+					}
 ?>
-			

-		

+				

+			

 
-		

-	

+			

+		

 
-

-
-
-

- 
-
+		
+ 
+	

From 2243a82bb46ddfbe723134811dda9d4f89e4f05f Mon Sep 17 00:00:00 2001
From: Hypolite Petovan 
Date: Sun, 17 Dec 2017 11:34:43 -0500
Subject: [PATCH 06/12] Add new Module classes

- Add BaseModule
- Add Login module
- Add Logout module
---
 src/BaseObject.php    |   2 +-
 src/Module/Login.php  | 311 ++++++++++++++++++++++++++++++++++++++++++
 src/Module/Logout.php |  29 ++++
 3 files changed, 341 insertions(+), 1 deletion(-)
 create mode 100644 src/Module/Login.php
 create mode 100644 src/Module/Logout.php

diff --git a/src/BaseObject.php b/src/BaseObject.php
index 01957164c1..5adfe096d7 100644
--- a/src/BaseObject.php
+++ b/src/BaseObject.php
@@ -20,7 +20,7 @@ class BaseObject
 	 *
 	 * Same as get_app from boot.php
 	 *
-	 * @return object
+	 * @return App
 	 */
 	public static function getApp()
 	{
diff --git a/src/Module/Login.php b/src/Module/Login.php
new file mode 100644
index 0000000000..5183898414
--- /dev/null
+++ b/src/Module/Login.php
@@ -0,0 +1,311 @@
+get_baseurl());
+		}
+
+		return self::form(self::getApp()->get_baseurl(), $a->config['register_policy'] != REGISTER_CLOSED);
+	}
+
+	public static function post()
+	{
+		session_unset();
+		// OpenId Login
+		if (
+			!x($_POST, 'password')
+			&& (
+				x($_POST, 'openid_url')
+				|| x($_POST, 'username')
+			)
+		) {
+			$noid = Config::get('system', 'no_openid');
+
+			$openid_url = trim($_POST['openid_url'] ? : $_POST['username']);
+
+			// if it's an email address or doesn't resolve to a URL, fail.
+			if ($noid || strpos($openid_url, '@') || !validate_url($openid_url)) {
+				notice(t('Login failed.') . EOL);
+				goaway(self::getApp()->get_baseurl());
+				// NOTREACHED
+			}
+
+			// Otherwise it's probably an openid.
+			try {
+				require_once 'library/openid.php';
+				$openid = new LightOpenID;
+				$openid->identity = $openid_url;
+				$_SESSION['openid'] = $openid_url;
+				$_SESSION['remember'] = $_POST['remember'];
+				$openid->returnUrl = self::getApp()->get_baseurl(true) . '/openid';
+				goaway($openid->authUrl());
+			} catch (Exception $e) {
+				notice(t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . t('The error message was:') . ' ' . $e->getMessage());
+			}
+			// NOTREACHED
+		}
+
+		if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') {
+			$record = null;
+
+			$addon_auth = array(
+				'username' => trim($_POST['username']),
+				'password' => trim($_POST['password']),
+				'authenticated' => 0,
+				'user_record' => null
+			);
+
+			/*
+			 * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
+			 * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
+			 * and later plugins should not interfere with an earlier one that succeeded.
+			 */
+			call_hooks('authenticate', $addon_auth);
+
+			if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
+				$record = $addon_auth['user_record'];
+			} else {
+				$user_id = User::authenticate(trim($_POST['username']), trim($_POST['password']));
+				if ($user_id) {
+					$record = dba::select('user', [], ['uid' => $user_id], ['limit' => 1]);
+				}
+			}
+
+			if (!$record || !count($record)) {
+				logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
+				notice(t('Login failed.') . EOL);
+				goaway(self::getApp()->get_baseurl());
+			}
+
+			if (!$_POST['remember']) {
+				new_cookie(0); // 0 means delete on browser exit
+			}
+
+			// if we haven't failed up this point, log them in.
+			$_SESSION['remember'] = $_POST['remember'];
+			$_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC');
+			authenticate_success($record, true, true);
+
+			if (x($_SESSION, 'return_url')) {
+				$return_url = $_SESSION['return_url'];
+				unset($_SESSION['return_url']);
+			} else {
+				$return_url = '';
+			}
+
+			goaway($return_url);
+		}
+	}
+
+	/**
+	 * @brief Tries to auth the user from the cookie or session
+	 *
+	 * @todo Should be moved to Friendica\Core\Session when it's created
+	 */
+	public static function sessionAuth()
+	{
+		// When the "Friendica" cookie is set, take the value to authenticate and renew the cookie.
+		if (isset($_COOKIE["Friendica"])) {
+			$data = json_decode($_COOKIE["Friendica"]);
+			if (isset($data->uid)) {
+
+				$user = dba::select('user',
+					[],
+					[
+						'uid'             => $data->uid,
+						'blocked'         => false,
+						'account_expired' => false,
+						'account_removed' => false,
+						'verified'        => true,
+					],
+					['limit' => 1]
+				);
+
+				if (DBM::is_result($user)) {
+					if ($data->hash != cookie_hash($user)) {
+						logger("Hash for user " . $data->uid . " doesn't fit.");
+						nuke_session();
+						goaway(self::getApp()->get_baseurl());
+					}
+
+					// Renew the cookie
+					// Expires after 7 days by default,
+					// can be set via system.auth_cookie_lifetime
+					$authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7);
+					new_cookie($authcookiedays * 24 * 60 * 60, $user);
+
+					// Do the authentification if not done by now
+					if (!isset($_SESSION) || !isset($_SESSION['authenticated'])) {
+						authenticate_success($user);
+
+						if (Config::get('system', 'paranoia')) {
+							$_SESSION['addr'] = $data->ip;
+						}
+					}
+				}
+			}
+		}
+
+		if (isset($_SESSION) && x($_SESSION, 'authenticated')) {
+			if (x($_SESSION, 'visitor_id') && !x($_SESSION, 'uid')) {
+				$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
+					intval($_SESSION['visitor_id'])
+				);
+				if (DBM::is_result($r)) {
+					$a->contact = $r[0];
+				}
+			}
+
+			if (x($_SESSION, 'uid')) {
+				// already logged in user returning
+				$check = Config::get('system', 'paranoia');
+				// extra paranoia - if the IP changed, log them out
+				if ($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) {
+					logger('Session address changed. Paranoid setting in effect, blocking session. ' .
+						$_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
+					nuke_session();
+					goaway(self::getApp()->get_baseurl());
+				}
+
+				$user = dba::select('user',
+					[],
+					[
+						'uid'             => $_SESSION['uid'],
+						'blocked'         => false,
+						'account_expired' => false,
+						'account_removed' => false,
+						'verified'        => true,
+					],
+					['limit' => 1]
+				);
+				if (!DBM::is_result($user)) {
+					nuke_session();
+					goaway(self::getApp()->get_baseurl());
+				}
+
+				// Make sure to refresh the last login time for the user if the user
+				// stays logged in for a long time, e.g. with "Remember Me"
+				$login_refresh = false;
+				if (!x($_SESSION['last_login_date'])) {
+					$_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC');
+				}
+				if (strcmp(datetime_convert('UTC', 'UTC', 'now - 12 hours'), $_SESSION['last_login_date']) > 0) {
+					$_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC');
+					$login_refresh = true;
+				}
+				authenticate_success($user, false, false, $login_refresh);
+			}
+		}
+	}
+
+	/**
+	 * @brief Wrapper for adding a login box.
+	 *
+	 * @param string $return_url The url relative to the base the user should be sent
+	 *							 back to after login completes
+	 * @param bool $register If $register == true provide a registration link.
+	 *						 This will most always depend on the value of $a->config['register_policy'].
+	 * @param array $hiddens  optional
+	 *
+	 * @return string Returns the complete html for inserting into the page
+	 *
+	 * @hooks 'login_hook' string $o
+	 */
+	public static function form($return_url = null, $register = false, $hiddens = [])
+	{
+		$a = self::getApp();
+		$o = '';
+		$reg = false;
+		if ($register) {
+			$reg = array(
+				'title' => t('Create a New Account'),
+				'desc' => t('Register')
+			);
+		}
+
+		$noid = Config::get('system', 'no_openid');
+
+		if (is_null($return_url)) {
+			$return_url = $a->query_string;
+		}
+
+		if (local_user()) {
+			$tpl = get_markup_template('logout.tpl');
+		} else {
+			$a->page['htmlhead'] .= replace_macros(
+				get_markup_template('login_head.tpl'),
+				[
+					'$baseurl' => $a->get_baseurl(true)
+				]
+			);
+
+			$tpl = get_markup_template('login.tpl');
+			$_SESSION['return_url'] = $return_url;
+		}
+
+		$o .= replace_macros(
+			$tpl,
+			[
+				'$dest_url'     => self::getApp()->get_baseurl(true) . '/login',
+				'$logout'       => t('Logout'),
+				'$login'        => t('Login'),
+
+				'$lname'        => array('username', t('Nickname or Email: ') , '', ''),
+				'$lpassword'    => array('password', t('Password: '), '', ''),
+				'$lremember'    => array('remember', t('Remember me'), 0,  ''),
+
+				'$openid'       => !$noid,
+				'$lopenid'      => array('openid_url', t('Or login using OpenID: '),'',''),
+
+				'$hiddens'      => $hiddens,
+
+				'$register'     => $reg,
+
+				'$lostpass'     => t('Forgot your password?'),
+				'$lostlink'     => t('Password Reset'),
+
+				'$tostitle'     => t('Website Terms of Service'),
+				'$toslink'      => t('terms of service'),
+
+				'$privacytitle' => t('Website Privacy Policy'),
+				'$privacylink'  => t('privacy policy'),
+			]
+		);
+
+		call_hooks('login_hook', $o);
+
+		return $o;
+	}
+}
\ No newline at end of file
diff --git a/src/Module/Logout.php b/src/Module/Logout.php
new file mode 100644
index 0000000000..5c3035eed9
--- /dev/null
+++ b/src/Module/Logout.php
@@ -0,0 +1,29 @@
+get_baseurl());
+	}
+}
\ No newline at end of file

From d32834581560b959553f4f70e9d467732e0f2c36 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan 
Date: Sun, 17 Dec 2017 11:35:06 -0500
Subject: [PATCH 07/12] Simplify System class

- Add extension to BaseObject to access App object
---
 src/Core/System.php | 25 ++++---------------------
 1 file changed, 4 insertions(+), 21 deletions(-)

diff --git a/src/Core/System.php b/src/Core/System.php
index 1c4d863306..4ec5b2ad35 100644
--- a/src/Core/System.php
+++ b/src/Core/System.php
@@ -4,7 +4,7 @@
  */
 namespace Friendica\Core;
 
-use Friendica\App;
+use Friendica\BaseObject;
 
 /**
  * @file include/Core/System.php
@@ -16,23 +16,8 @@ use Friendica\App;
 /**
  * @brief System methods
  */
-class System
+class System extends BaseObject
 {
-	private static $a;
-
-	/**
-	 * @brief Initializes the static class variable
-	 * @return void
-	 */
-	private static function init()
-	{
-		global $a;
-
-		if (!is_object(self::$a)) {
-			self::$a = $a;
-		}
-	}
-
 	/**
 	 * @brief Retrieves the Friendica instance base URL
 	 *
@@ -41,8 +26,7 @@ class System
 	 */
 	public static function baseUrl($ssl = false)
 	{
-		self::init();
-		return self::$a->get_baseurl($ssl);
+		return self::getApp()->get_baseurl($ssl);
 	}
 
 	/**
@@ -54,8 +38,7 @@ class System
 	 */
 	public static function removedBaseUrl($orig_url)
 	{
-		self::init();
-		return self::$a->remove_baseurl($orig_url);
+		return self::getApp()->remove_baseurl($orig_url);
 	}
 
 	/**

From 2dc598ed5b20f656a78f8ee365427c0f37ef78bb Mon Sep 17 00:00:00 2001
From: Hypolite Petovan 
Date: Sun, 17 Dec 2017 11:40:59 -0500
Subject: [PATCH 08/12] Move login() to Login module

- Move nuke_session to include/security
- Remove mod/login
---
 boot.php             | 78 +-------------------------------------------
 include/auth.php     |  9 -----
 include/security.php | 10 ++++++
 mod/admin.php        |  3 +-
 mod/api.php          |  5 +--
 mod/bookmarklet.php  |  3 +-
 mod/dfrn_request.php |  6 ++--
 mod/home.php         |  3 +-
 mod/login.php        | 20 ------------
 mod/network.php      |  4 +--
 mod/notify.php       |  3 +-
 mod/oexchange.php    |  3 +-
 mod/profile.php      |  3 +-
 mod/regmod.php       |  5 ++-
 14 files changed, 33 insertions(+), 122 deletions(-)
 delete mode 100644 mod/login.php

diff --git a/boot.php b/boot.php
index 199ca05551..d786295587 100644
--- a/boot.php
+++ b/boot.php
@@ -29,6 +29,7 @@ use Friendica\Core\Worker;
 use Friendica\Database\DBM;
 use Friendica\Model\Contact;
 use Friendica\Database\DBStructure;
+use Friendica\Module\Login;
 
 require_once 'include/network.php';
 require_once 'include/plugin.php';
@@ -835,83 +836,6 @@ function get_guid($size = 16, $prefix = "")
 	}
 }
 
-/**
- * @brief Wrapper for adding a login box.
- *
- * @param bool $register If $register == true provide a registration link.
- *						 This will most always depend on the value of $a->config['register_policy'].
- * @param bool $hiddens  optional
- *
- * @return string Returns the complete html for inserting into the page
- *
- * @hooks 'login_hook'
- *	string $o
- */
-function login($register = false, $hiddens = false)
-{
-	$a = get_app();
-	$o = "";
-	$reg = false;
-	if ($register) {
-		$reg = array(
-			'title' => t('Create a New Account'),
-			'desc' => t('Register')
-		);
-	}
-
-	$noid = Config::get('system', 'no_openid');
-
-	$dest_url = $a->query_string;
-
-	if (local_user()) {
-		$tpl = get_markup_template("logout.tpl");
-	} else {
-		$a->page['htmlhead'] .= replace_macros(
-			get_markup_template("login_head.tpl"),
-			array(
-			'$baseurl' => $a->get_baseurl(true)
-			)
-		);
-
-		$tpl = get_markup_template("login.tpl");
-		$_SESSION['return_url'] = $a->query_string;
-		$a->module = 'login';
-	}
-
-	$o .= replace_macros(
-		$tpl,
-		array(
-		'$dest_url'     => $dest_url,
-		'$logout'       => t('Logout'),
-		'$login'        => t('Login'),
-
-		'$lname'        => array('username', t('Nickname or Email: ') , '', ''),
-		'$lpassword'    => array('password', t('Password: '), '', ''),
-		'$lremember'    => array('remember', t('Remember me'), 0,  ''),
-
-		'$openid'       => !$noid,
-		'$lopenid'      => array('openid_url', t('Or login using OpenID: '),'',''),
-
-		'$hiddens'      => $hiddens,
-
-		'$register'     => $reg,
-
-		'$lostpass'     => t('Forgot your password?'),
-		'$lostlink'     => t('Password Reset'),
-
-		'$tostitle'     => t('Website Terms of Service'),
-		'$toslink'      => t('terms of service'),
-
-		'$privacytitle' => t('Website Privacy Policy'),
-		'$privacylink'  => t('privacy policy'),
-		)
-	);
-
-	call_hooks('login_hook', $o);
-
-	return $o;
-}
-
 /**
  * @brief Used to end the current process, after saving session state.
  */
diff --git a/include/auth.php b/include/auth.php
index a02c18d1db..7f1b1016e1 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -198,12 +198,3 @@ if (isset($_SESSION) && x($_SESSION, 'authenticated') && (!x($_POST, 'auth-param
 	}
 }
 
-/**
- * @brief Kills the "Friendica" cookie and all session data
- */
-function nuke_session()
-{
-	new_cookie(-3600); // make sure cookie is deleted on browser close, as a security measure
-	session_unset();
-	session_destroy();
-}
diff --git a/include/security.php b/include/security.php
index 1a5629f935..c443586c25 100644
--- a/include/security.php
+++ b/include/security.php
@@ -425,3 +425,13 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
 		killme();
 	}
 }
+
+/**
+ * @brief Kills the "Friendica" cookie and all session data
+ */
+function nuke_session()
+{
+	new_cookie(-3600); // make sure cookie is deleted on browser close, as a security measure
+	session_unset();
+	session_destroy();
+}
diff --git a/mod/admin.php b/mod/admin.php
index 9408aa31c6..142c2e0625 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -13,6 +13,7 @@ use Friendica\Database\DBM;
 use Friendica\Database\DBStructure;
 use Friendica\Model\Contact;
 use Friendica\Model\User;
+use Friendica\Module\Login;
 
 require_once 'include/enotify.php';
 require_once 'include/text.php';
@@ -153,7 +154,7 @@ function admin_post(App $a)
 function admin_content(App $a)
 {
 	if (!is_site_admin()) {
-		return login(false);
+		return Login::form();
 	}
 
 	if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
diff --git a/mod/api.php b/mod/api.php
index fdd9790c09..69d7311a0b 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -3,6 +3,7 @@
 use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Database\DBM;
+use Friendica\Module\Login;
 
 require_once('include/api.php');
 
@@ -87,8 +88,8 @@ function api_content(App $a)
 
 		if (!local_user()) {
 			/// @TODO We need login form to redirect to this page
-			notice( t('Please login to continue.') . EOL );
-			return login(false,$request->get_parameters());
+			notice(t('Please login to continue.') . EOL);
+			return Login::form($a->query_string, false, $request->get_parameters());
 		}
 		//FKOAuth1::loginUser(4);
 
diff --git a/mod/bookmarklet.php b/mod/bookmarklet.php
index e781536075..4696ed6580 100644
--- a/mod/bookmarklet.php
+++ b/mod/bookmarklet.php
@@ -2,6 +2,7 @@
 
 use Friendica\App;
 use Friendica\Core\System;
+use Friendica\Module\Login;
 
 require_once('include/conversation.php');
 require_once('include/items.php');
@@ -14,8 +15,8 @@ function bookmarklet_init(App $a)
 function bookmarklet_content(App $a)
 {
 	if (!local_user()) {
-		$o .= login(($a->config['register_policy'] == REGISTER_CLOSED) ? false : true);
 		$o = '
' . t('Login') . '
';
+		$o .= Login::form($a->query_string, $a->config['register_policy'] == REGISTER_CLOSED ? false : true);
 		return $o;
 	}
 
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 6a4b6c4043..0bbc794bd5 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -19,6 +19,7 @@ use Friendica\Database\DBM;
 use Friendica\Model\Contact;
 use Friendica\Model\Group;
 use Friendica\Model\User;
+use Friendica\Module\Login;
 use Friendica\Network\Probe;
 
 require_once 'include/enotify.php';
@@ -481,15 +482,14 @@ function dfrn_request_content(App $a)
 		if (!local_user()) {
 			info(t("Please login to confirm introduction.") . EOL);
 			/* setup the return URL to come back to this page if they use openid */
-			$_SESSION['return_url'] = $a->query_string;
-			return login();
+			return Login::form();
 		}
 
 		// Edge case, but can easily happen in the wild. This person is authenticated,
 		// but not as the person who needs to deal with this request.
 		if ($a->user['nickname'] != $a->argv[1]) {
-			return login();
 			notice(t("Incorrect identity currently logged in. Please login to this profile.") . EOL);
+			return Login::form();
 		}
 
 		$dfrn_url = notags(trim(hex2bin($_GET['dfrn_url'])));
diff --git a/mod/home.php b/mod/home.php
index 985c408b5c..5f8d6a64ff 100644
--- a/mod/home.php
+++ b/mod/home.php
@@ -3,6 +3,7 @@
 use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Core\System;
+use Friendica\Module\Login;
 
 if(! function_exists('home_init')) {
 function home_init(App $a) {
@@ -43,8 +44,8 @@ function home_content(App $a) {
 		$o .= '
'.((x($a->config,'sitename')) ? sprintf(t("Welcome to %s"), $a->config['sitename']) : "").'
';
 	}
 
+	$o .= Login::form($a->query_string, $a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1);
 
-	$o .= login(($a->config['register_policy'] == REGISTER_CLOSED) ? 0 : 1);
 
 	call_hooks("home_content",$o);
 
diff --git a/mod/login.php b/mod/login.php
deleted file mode 100644
index f30353e828..0000000000
--- a/mod/login.php
+++ /dev/null
@@ -1,20 +0,0 @@
-config['register_policy'] == REGISTER_CLOSED) ? false : true);
-}
diff --git a/mod/network.php b/mod/network.php
index 552625c2af..1933c3d1e6 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -11,6 +11,7 @@ use Friendica\Core\PConfig;
 use Friendica\Database\DBM;
 use Friendica\Model\Contact;
 use Friendica\Model\Group;
+use Friendica\Module\Login;
 
 require_once 'include/conversation.php';
 require_once 'include/contact_widgets.php';
@@ -380,8 +381,7 @@ function networkConversation($a, $items, $mode, $update) {
 
 function network_content(App $a, $update = 0) {
 	if (!local_user()) {
-		$_SESSION['return_url'] = $a->query_string;
-		return login(false);
+		return Login::form();
 	}
 
 	/// @TODO Is this really necessary? $a is already available to hooks
diff --git a/mod/notify.php b/mod/notify.php
index fae7ebb39b..913f83f9be 100644
--- a/mod/notify.php
+++ b/mod/notify.php
@@ -4,6 +4,7 @@ use Friendica\App;
 use Friendica\Core\NotificationsManager;
 use Friendica\Core\System;
 use Friendica\Database\DBM;
+use Friendica\Module\Login;
 
 function notify_init(App $a) {
 	if (! local_user()) {
@@ -45,7 +46,7 @@ function notify_init(App $a) {
 
 function notify_content(App $a) {
 	if (! local_user()) {
-		return login();
+		return Login::form();
 	}
 
 	$nm = new NotificationsManager();
diff --git a/mod/oexchange.php b/mod/oexchange.php
index 88edc9d60c..37dc76545f 100644
--- a/mod/oexchange.php
+++ b/mod/oexchange.php
@@ -2,6 +2,7 @@
 
 use Friendica\App;
 use Friendica\Core\System;
+use Friendica\Module\Login;
 
 function oexchange_init(App $a) {
 
@@ -17,7 +18,7 @@ function oexchange_init(App $a) {
 function oexchange_content(App $a) {
 
 	if (! local_user()) {
-		$o = login(false);
+		$o = Login::form();
 		return $o;
 	}
 
diff --git a/mod/profile.php b/mod/profile.php
index fe2475c7af..9d4bd57c89 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -6,6 +6,7 @@ use Friendica\Core\PConfig;
 use Friendica\Core\System;
 use Friendica\Database\DBM;
 use Friendica\Model\Group;
+use Friendica\Module\Login;
 
 require_once('include/contact_widgets.php');
 require_once('include/redir.php');
@@ -102,7 +103,7 @@ function profile_content(App $a, $update = 0) {
 	$hashtags = (x($_GET, 'tag') ? $_GET['tag'] : '');
 
 	if (Config::get('system','block_public') && (! local_user()) && (! remote_user())) {
-		return login();
+		return Login::form();
 	}
 
 	require_once("include/bbcode.php");
diff --git a/mod/regmod.php b/mod/regmod.php
index d4908b210f..8f08067e21 100644
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -6,6 +6,7 @@ use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBM;
 use Friendica\Model\User;
+use Friendica\Module\Login;
 
 require_once 'include/enotify.php';
 
@@ -94,11 +95,9 @@ function regmod_content(App $a)
 {
 	global $lang;
 
-	$_SESSION['return_url'] = $a->cmd;
-
 	if (!local_user()) {
 		info(t('Please login.') . EOL);
-		$o .= '

' . login(($a->config['register_policy'] == REGISTER_CLOSED) ? 0 : 1);
+		$o .= '

' . Login::form($a->query_string, $a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1);
 		return $o;
 	}
 

From c238154a6e654c310ce1e908fdbddafde52d4377 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan 
Date: Sun, 17 Dec 2017 11:42:46 -0500
Subject: [PATCH 09/12] Move include/auth to Login::sessionAuth

- Remove include/auth
---
 include/auth.php  | 200 ----------------------------------------------
 index.php         |   5 +-
 mod/dfrn_poll.php |   4 +-
 3 files changed, 5 insertions(+), 204 deletions(-)
 delete mode 100644 include/auth.php

diff --git a/include/auth.php b/include/auth.php
deleted file mode 100644
index 7f1b1016e1..0000000000
--- a/include/auth.php
+++ /dev/null
@@ -1,200 +0,0 @@
-uid)) {
-
-		$user = dba::select('user',
-			[],
-			[
-				'uid'             => $data->uid,
-				'blocked'         => false,
-				'account_expired' => false,
-				'account_removed' => false,
-				'verified'        => true,
-			],
-			['limit' => 1]
-		);
-
-		if (DBM::is_result($user)) {
-			if ($data->hash != cookie_hash($user)) {
-				logger("Hash for user " . $data->uid . " doesn't fit.");
-				nuke_session();
-				goaway(System::baseUrl());
-			}
-
-			// Renew the cookie
-			// Expires after 7 days by default,
-			// can be set via system.auth_cookie_lifetime
-			$authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7);
-			new_cookie($authcookiedays * 24 * 60 * 60, $user);
-
-			// Do the authentification if not done by now
-			if (!isset($_SESSION) || !isset($_SESSION['authenticated'])) {
-				authenticate_success($user);
-
-				if (Config::get('system', 'paranoia')) {
-					$_SESSION['addr'] = $data->ip;
-				}
-			}
-		}
-	}
-}
-
-
-// login/logout
-
-if (isset($_SESSION) && x($_SESSION, 'authenticated') && (!x($_POST, 'auth-params') || ($_POST['auth-params'] !== 'login'))) {
-	if ((x($_POST, 'auth-params') && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
-		// process logout request
-		call_hooks("logging_out");
-		nuke_session();
-		info(t('Logged out.') . EOL);
-		goaway(System::baseUrl());
-	}
-
-	if (x($_SESSION, 'visitor_id') && !x($_SESSION, 'uid')) {
-		$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
-			intval($_SESSION['visitor_id'])
-		);
-		if (DBM::is_result($r)) {
-			$a->contact = $r[0];
-		}
-	}
-
-	if (x($_SESSION, 'uid')) {
-		// already logged in user returning
-		$check = Config::get('system', 'paranoia');
-		// extra paranoia - if the IP changed, log them out
-		if ($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) {
-			logger('Session address changed. Paranoid setting in effect, blocking session. ' .
-				$_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
-			nuke_session();
-			goaway(System::baseUrl());
-		}
-
-		$user = dba::select('user',
-			[],
-			[
-				'uid'             => $_SESSION['uid'],
-				'blocked'         => false,
-				'account_expired' => false,
-				'account_removed' => false,
-				'verified'        => true,
-			],
-			['limit' => 1]
-		);
-		if (!DBM::is_result($user)) {
-			nuke_session();
-			goaway(System::baseUrl());
-		}
-
-		// Make sure to refresh the last login time for the user if the user
-		// stays logged in for a long time, e.g. with "Remember Me"
-		$login_refresh = false;
-		if (!x($_SESSION['last_login_date'])) {
-			$_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC');
-		}
-		if (strcmp(datetime_convert('UTC', 'UTC', 'now - 12 hours'), $_SESSION['last_login_date']) > 0) {
-			$_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC');
-			$login_refresh = true;
-		}
-		authenticate_success($user, false, false, $login_refresh);
-	}
-} else {
-	session_unset();
-	if (
-		!(x($_POST, 'password') && strlen($_POST['password']))
-		&& (
-			x($_POST, 'openid_url') && strlen($_POST['openid_url'])
-			|| x($_POST, 'username') && strlen($_POST['username'])
-		)
-	) {
-		$noid = Config::get('system', 'no_openid');
-
-		$openid_url = trim(strlen($_POST['openid_url']) ? $_POST['openid_url'] : $_POST['username']);
-
-		// validate_url alters the calling parameter
-
-		$temp_string = $openid_url;
-
-		// if it's an email address or doesn't resolve to a URL, fail.
-
-		if ($noid || strpos($temp_string, '@') || !validate_url($temp_string)) {
-			$a = get_app();
-			notice(t('Login failed.') . EOL);
-			goaway(System::baseUrl());
-			// NOTREACHED
-		}
-
-		// Otherwise it's probably an openid.
-
-		try {
-			require_once('library/openid.php');
-			$openid = new LightOpenID;
-			$openid->identity = $openid_url;
-			$_SESSION['openid'] = $openid_url;
-			$_SESSION['remember'] = $_POST['remember'];
-			$openid->returnUrl = System::baseUrl(true) . '/openid';
-			goaway($openid->authUrl());
-		} catch (Exception $e) {
-			notice(t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . t('The error message was:') . ' ' . $e->getMessage());
-		}
-		// NOTREACHED
-	}
-
-	if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') {
-		$record = null;
-
-		$addon_auth = array(
-			'username' => trim($_POST['username']),
-			'password' => trim($_POST['password']),
-			'authenticated' => 0,
-			'user_record' => null
-		);
-
-		/**
-		 *
-		 * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
-		 * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
-		 * and later plugins should not interfere with an earlier one that succeeded.
-		 *
-		 */
-		call_hooks('authenticate', $addon_auth);
-
-		if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
-			$record = $addon_auth['user_record'];
-		} else {
-			$user_id = User::authenticate(trim($_POST['username']), trim($_POST['password']));
-			if ($user_id) {
-				$record = dba::select('user', [], ['uid' => $user_id], ['limit' => 1]);
-			}
-		}
-
-		if (!$record || !count($record)) {
-			logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
-			notice(t('Login failed.') . EOL);
-			goaway(System::baseUrl());
-		}
-
-		if (!$_POST['remember']) {
-			new_cookie(0); // 0 means delete on browser exit
-		}
-
-		// if we haven't failed up this point, log them in.
-		$_SESSION['remember'] = $_POST['remember'];
-		$_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC');
-		authenticate_success($record, true, true);
-	}
-}
-
diff --git a/index.php b/index.php
index 9cbbad605a..2f58321ae8 100644
--- a/index.php
+++ b/index.php
@@ -14,6 +14,7 @@ use Friendica\Core\System;
 use Friendica\Core\Config;
 use Friendica\Core\Worker;
 use Friendica\Database\DBM;
+use Friendica\Module\Login;
 
 require_once 'boot.php';
 
@@ -148,9 +149,7 @@ if ((x($_GET, 'zrl')) && (!$install && !$maintenance)) {
 
 // header('Link: <' . System::baseUrl() . '/amcd>; rel="acct-mgmt";');
 
-if (x($_COOKIE["Friendica"]) || (x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || ($a->module === 'login')) {
-	require "include/auth.php";
-}
+Login::sessionAuth();
 
 if (! x($_SESSION, 'authenticated')) {
 	header('X-Account-Management-Status: none');
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index 1e07242875..d27c7d6214 100644
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -6,13 +6,15 @@ use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Core\System;
 use Friendica\Database\DBM;
+use Friendica\Module\Login;
 use Friendica\Protocol\DFRN;
 use Friendica\Protocol\OStatus;
 
 require_once 'include/items.php';
-require_once 'include/auth.php';
 
 function dfrn_poll_init(App $a) {
+	Login::sessionAuth();
+
 	$dfrn_id         = ((x($_GET,'dfrn_id'))         ? $_GET['dfrn_id']              : '');
 	$type            = ((x($_GET,'type'))            ? $_GET['type']                 : 'data');
 	$last_update     = ((x($_GET,'last_update'))     ? $_GET['last_update']          : '');

From e74dbb36934f24e4ed7f2b38a386919060a180bd Mon Sep 17 00:00:00 2001
From: Hypolite Petovan 
Date: Sun, 17 Dec 2017 11:43:30 -0500
Subject: [PATCH 10/12] Improve goaway legibility

---
 boot.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/boot.php b/boot.php
index d786295587..be97cab757 100644
--- a/boot.php
+++ b/boot.php
@@ -851,13 +851,15 @@ function killme()
 /**
  * @brief Redirect to another URL and terminate this process.
  */
-function goaway($s)
+function goaway($path)
 {
-	if (!strstr(normalise_link($s), "http://")) {
-		$s = System::baseUrl() . "/" . $s;
+	if (strstr(normalise_link($path), 'http://')) {
+		$url = $path;
+	} else {
+		$url = System::baseUrl() . '/' . ltrim($path, '/');
 	}
 
-	header("Location: $s");
+	header("Location: $url");
 	killme();
 }
 

From 0aea6159958ac78a42b82e45f9517cb978637ff7 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan 
Date: Tue, 2 Jan 2018 19:37:17 -0500
Subject: [PATCH 11/12] Add float casting back to dfrn_poll

- Add new line at end of new module files
---
 mod/dfrn_poll.php     | 2 +-
 src/Module/Login.php  | 2 +-
 src/Module/Logout.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index 69e86f1bc2..6c494128b1 100644
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -23,7 +23,7 @@ function dfrn_poll_init(App $a)
 	$destination_url = defaults($_GET, 'destination_url', '');
 	$challenge       = defaults($_GET, 'challenge'      , '');
 	$sec             = defaults($_GET, 'sec'            , '');
-	$dfrn_version    = defaults($_GET, 'dfrn_version'   , 2.0);
+	$dfrn_version    = (float) defaults($_GET, 'dfrn_version'   , 2.0);
 	$perm            = defaults($_GET, 'perm'           , 'r');
 	$quiet			 = x($_GET, 'quiet');
 
diff --git a/src/Module/Login.php b/src/Module/Login.php
index 5183898414..b90ba9d1d4 100644
--- a/src/Module/Login.php
+++ b/src/Module/Login.php
@@ -308,4 +308,4 @@ class Login extends BaseModule
 
 		return $o;
 	}
-}
\ No newline at end of file
+}
diff --git a/src/Module/Logout.php b/src/Module/Logout.php
index 5c3035eed9..0c8a617b22 100644
--- a/src/Module/Logout.php
+++ b/src/Module/Logout.php
@@ -26,4 +26,4 @@ class Logout extends BaseModule
 		info(t('Logged out.') . EOL);
 		goaway(self::getApp()->get_baseurl());
 	}
-}
\ No newline at end of file
+}

From 520a0685004bec274cdfc422ad2c92a7ff8254e3 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan 
Date: Thu, 4 Jan 2018 11:53:57 -0500
Subject: [PATCH 12/12] Add back missing brace

- Revert unneeded change to SQL query formatting
---
 mod/dfrn_request.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 0bbc794bd5..ca43998cbc 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -87,12 +87,16 @@ function dfrn_request_post(App $a)
 						// We don't need to be here. It has already happened.
 						notice(t("This introduction has already been accepted.") . EOL);
 						return;
-					} else
+					} else {
 						$contact_record = $r[0];
+					}
 				}
 
 				if (is_array($contact_record)) {
-					$r = q("UPDATE `contact` SET `ret-aes` = %d, hidden = %d WHERE `id` = %d", intval($aes_allow), intval($hidden), intval($contact_record['id'])
+					$r = q("UPDATE `contact` SET `ret-aes` = %d, hidden = %d WHERE `id` = %d",
+						intval($aes_allow),
+						intval($hidden),
+						intval($contact_record['id'])
 					);
 				} else {
 					// Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo