Merge pull request #7678 from annando/remote-rework
Reworked the remote authentication
This commit is contained in:
commit
2333526b8a
20
boot.php
20
boot.php
|
@ -23,6 +23,7 @@ use Friendica\Core\Config;
|
|||
use Friendica\Core\PConfig;
|
||||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Term;
|
||||
|
@ -413,28 +414,13 @@ function public_contact()
|
|||
*
|
||||
* @return int|bool visitor_id or false
|
||||
*/
|
||||
function remote_user($uid = null)
|
||||
function remote_user()
|
||||
{
|
||||
// You cannot be both local and remote.
|
||||
// Unncommented by rabuzarus because remote authentication to local
|
||||
// profiles wasn't possible anymore (2018-04-12).
|
||||
// if (local_user()) {
|
||||
// return false;
|
||||
// }
|
||||
|
||||
if (empty($_SESSION['authenticated'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!is_null($uid) && !empty($_SESSION['remote'])) {
|
||||
/// @todo replace it with this:
|
||||
// if (!empty($_SESSION['remote'][$uid])) ...
|
||||
foreach ($_SESSION['remote'] as $visitor) {
|
||||
if ($visitor['uid'] == $uid) {
|
||||
return $visitor['cid'];
|
||||
}
|
||||
}
|
||||
} elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) {
|
||||
if (!empty($_SESSION['visitor_id'])) {
|
||||
return intval($_SESSION['visitor_id']);
|
||||
}
|
||||
|
||||
|
|
|
@ -365,7 +365,7 @@ function localize_item(&$item)
|
|||
'network' => $item['author-network'], 'url' => $item['author-link']];
|
||||
|
||||
// Only create a redirection to a magic link when logged in
|
||||
if (!empty($item['plink']) && (local_user() || remote_user())) {
|
||||
if (!empty($item['plink']) && Session::isAuthenticated()) {
|
||||
$item['plink'] = Contact::magicLinkByContact($author, $item['plink']);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,6 +13,7 @@ use Friendica\Core\PConfig;
|
|||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Item;
|
||||
use Friendica\Protocol\DFRN;
|
||||
|
@ -326,7 +327,7 @@ function drop_items(array $items)
|
|||
{
|
||||
$uid = 0;
|
||||
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -362,14 +363,8 @@ function drop_item($id, $return = '')
|
|||
$contact_id = 0;
|
||||
|
||||
// check if logged in user is either the author or owner of this item
|
||||
|
||||
if (!empty($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $visitor) {
|
||||
if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
|
||||
$contact_id = $visitor['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (Session::getRemoteContactID($item['uid']) == $item['contact-id']) {
|
||||
$contact_id = $item['contact-id'];
|
||||
}
|
||||
|
||||
if ((local_user() == $item['uid']) || $contact_id) {
|
||||
|
|
20
mod/cal.php
20
mod/cal.php
|
@ -14,6 +14,7 @@ use Friendica\Core\Config;
|
|||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Event;
|
||||
|
@ -26,11 +27,7 @@ use Friendica\Util\Temporal;
|
|||
|
||||
function cal_init(App $a)
|
||||
{
|
||||
if ($a->argc > 1) {
|
||||
DFRN::autoRedir($a, $a->argv[1]);
|
||||
}
|
||||
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.'));
|
||||
}
|
||||
|
||||
|
@ -113,18 +110,11 @@ function cal_content(App $a)
|
|||
$owner_uid = intval($a->data['user']['uid']);
|
||||
$nick = $a->data['user']['nickname'];
|
||||
|
||||
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $a->profile['profile_uid']) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!empty(Session::getRemoteContactID($a->profile['profile_uid']))) {
|
||||
$contact_id = Session::getRemoteContactID($a->profile['profile_uid']);
|
||||
}
|
||||
|
||||
$groups = [];
|
||||
if ($contact_id) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($a->profile['profile_uid'])
|
||||
|
@ -142,7 +132,7 @@ function cal_content(App $a)
|
|||
}
|
||||
|
||||
// get the permissions
|
||||
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
|
||||
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
|
||||
// we only want to have the events of the profile owner
|
||||
$sql_extra = " AND `event`.`cid` = 0 " . $sql_perms;
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ function community_content(App $a, $update = 0)
|
|||
{
|
||||
$o = '';
|
||||
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
notice(L10n::t('Public access denied.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -9,6 +9,7 @@ use Friendica\Core\Config;
|
|||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Module\Login;
|
||||
use Friendica\Protocol\DFRN;
|
||||
|
@ -49,7 +50,7 @@ function dfrn_poll_init(App $a)
|
|||
$hidewall = false;
|
||||
|
||||
if (($dfrn_id === '') && empty($_POST['dfrn_id'])) {
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
throw new \Friendica\Network\HTTPException\ForbiddenException();
|
||||
}
|
||||
|
||||
|
@ -110,17 +111,14 @@ function dfrn_poll_init(App $a)
|
|||
|
||||
if ((int)$xml->status === 1) {
|
||||
$_SESSION['authenticated'] = 1;
|
||||
if (empty($_SESSION['remote'])) {
|
||||
$_SESSION['remote'] = [];
|
||||
}
|
||||
|
||||
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
|
||||
|
||||
$_SESSION['visitor_id'] = $r[0]['id'];
|
||||
$_SESSION['visitor_home'] = $r[0]['url'];
|
||||
$_SESSION['visitor_handle'] = $r[0]['addr'];
|
||||
$_SESSION['visitor_visiting'] = $r[0]['uid'];
|
||||
$_SESSION['my_url'] = $r[0]['url'];
|
||||
|
||||
Session::setVisitorsContacts();
|
||||
|
||||
if (!$quiet) {
|
||||
info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
|
||||
}
|
||||
|
@ -517,15 +515,13 @@ function dfrn_poll_content(App $a)
|
|||
|
||||
if (((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
|
||||
$_SESSION['authenticated'] = 1;
|
||||
if (empty($_SESSION['remote'])) {
|
||||
$_SESSION['remote'] = [];
|
||||
}
|
||||
|
||||
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
|
||||
$_SESSION['visitor_id'] = $r[0]['id'];
|
||||
$_SESSION['visitor_home'] = $r[0]['url'];
|
||||
$_SESSION['visitor_visiting'] = $r[0]['uid'];
|
||||
$_SESSION['my_url'] = $r[0]['url'];
|
||||
|
||||
Session::setVisitorsContacts();
|
||||
|
||||
if (!$quiet) {
|
||||
info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
|
||||
}
|
||||
|
|
|
@ -19,6 +19,7 @@ use Friendica\Core\Logger;
|
|||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Group;
|
||||
|
@ -592,7 +593,7 @@ function dfrn_request_content(App $a)
|
|||
exit();
|
||||
} else {
|
||||
// Normal web request. Display our user's introduction form.
|
||||
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
if (!Config::get('system', 'local_block')) {
|
||||
notice(L10n::t('Public access denied.') . EOL);
|
||||
return;
|
||||
|
|
|
@ -14,6 +14,7 @@ use Friendica\Core\Logger;
|
|||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Group;
|
||||
|
@ -31,7 +32,7 @@ function display_init(App $a)
|
|||
Objects::rawContent();
|
||||
}
|
||||
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -52,9 +53,11 @@ function display_init(App $a)
|
|||
if (DBA::isResult($item)) {
|
||||
$nick = $a->user["nickname"];
|
||||
}
|
||||
}
|
||||
|
||||
// Is this item private but could be visible to the remove visitor?
|
||||
} elseif (remote_user()) {
|
||||
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
|
||||
if (!DBA::isResult($item) && remote_user()) {
|
||||
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]);
|
||||
if (DBA::isResult($item)) {
|
||||
if (!Contact::isFollower(remote_user(), $item['uid'])) {
|
||||
$item = null;
|
||||
|
@ -84,10 +87,6 @@ function display_init(App $a)
|
|||
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
|
||||
}
|
||||
|
||||
if ($a->argc >= 3 && $nick == 'feed-item') {
|
||||
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
|
||||
}
|
||||
|
||||
if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
|
||||
Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG);
|
||||
displayShowFeed($item["id"], false);
|
||||
|
@ -102,7 +101,7 @@ function display_init(App $a)
|
|||
if (strstr(Strings::normaliseLink($profiledata["url"]), Strings::normaliseLink(System::baseUrl()))) {
|
||||
$nickname = str_replace(Strings::normaliseLink(System::baseUrl())."/profile/", "", Strings::normaliseLink($profiledata["url"]));
|
||||
|
||||
if (($nickname != $a->user["nickname"])) {
|
||||
if ($nickname != $a->user["nickname"]) {
|
||||
$profile = DBA::fetchFirst("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile`
|
||||
INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid`
|
||||
WHERE `user`.`nickname` = ? AND `profile`.`is-default` AND `contact`.`self` LIMIT 1",
|
||||
|
@ -197,7 +196,7 @@ function display_fetchauthor($a, $item)
|
|||
|
||||
function display_content(App $a, $update = false, $update_uid = 0)
|
||||
{
|
||||
if (Config::get('system','block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system','block_public') && !Session::isAuthenticated()) {
|
||||
throw new HTTPException\ForbiddenException(L10n::t('Public access denied.'));
|
||||
}
|
||||
|
||||
|
@ -229,8 +228,10 @@ function display_content(App $a, $update = false, $update_uid = 0)
|
|||
$item_parent = $item["parent"];
|
||||
$item_parent_uri = $item['parent-uri'];
|
||||
}
|
||||
} elseif (remote_user()) {
|
||||
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
|
||||
}
|
||||
|
||||
if (($item_parent == 0) && remote_user()) {
|
||||
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]);
|
||||
if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) {
|
||||
$item_id = $item["id"];
|
||||
$item_parent = $item["parent"];
|
||||
|
@ -269,8 +270,6 @@ function display_content(App $a, $update = false, $update_uid = 0)
|
|||
['$alternate' => $alternate,
|
||||
'$conversation' => $conversation]);
|
||||
|
||||
$groups = [];
|
||||
$remote_cid = null;
|
||||
$is_remote_contact = false;
|
||||
$item_uid = local_user();
|
||||
|
||||
|
@ -279,24 +278,18 @@ function display_content(App $a, $update = false, $update_uid = 0)
|
|||
if (DBA::isResult($parent)) {
|
||||
$a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']);
|
||||
$a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']);
|
||||
$is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
|
||||
|
||||
$is_remote_contact = Session::getRemoteContactID($a->profile['profile_uid']);
|
||||
if ($is_remote_contact) {
|
||||
$cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
|
||||
if (!empty($cdata['user'])) {
|
||||
$groups = Group::getIdsByContactId($cdata['user']);
|
||||
$remote_cid = $cdata['user'];
|
||||
$item_uid = $parent['uid'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$page_contact = DBA::selectFirst('contact', [], ['self' => true, 'uid' => $a->profile['uid']]);
|
||||
if (DBA::isResult($page_contact)) {
|
||||
$a->page_contact = $page_contact;
|
||||
}
|
||||
|
||||
$is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false);
|
||||
|
||||
if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) {
|
||||
|
@ -318,7 +311,7 @@ function display_content(App $a, $update = false, $update_uid = 0)
|
|||
];
|
||||
$o .= status_editor($a, $x, 0, true);
|
||||
}
|
||||
$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $is_remote_contact, $groups, $remote_cid);
|
||||
$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
|
||||
|
||||
if (local_user() && (local_user() == $a->profile['profile_uid'])) {
|
||||
$condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true];
|
||||
|
@ -333,7 +326,7 @@ function display_content(App $a, $update = false, $update_uid = 0)
|
|||
|
||||
$condition = ["`id` = ? AND `item`.`uid` IN (0, ?) " . $sql_extra, $item_id, $item_uid];
|
||||
$fields = ['parent-uri', 'body', 'title', 'author-name', 'author-avatar', 'plink', 'author-id', 'owner-id', 'contact-id'];
|
||||
$item = Item::selectFirstForUser(local_user(), $fields, $condition);
|
||||
$item = Item::selectFirstForUser($a->profile['profile_uid'], $fields, $condition);
|
||||
|
||||
if (!DBA::isResult($item)) {
|
||||
throw new HTTPException\NotFoundException(L10n::t('The requested item doesn\'t exist or has been deleted.'));
|
||||
|
|
|
@ -6,13 +6,14 @@ use Friendica\App;
|
|||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Profile;
|
||||
use Friendica\Model\User;
|
||||
|
||||
function hcard_init(App $a)
|
||||
{
|
||||
$blocked = Config::get('system', 'block_public') && !local_user() && !remote_user();
|
||||
$blocked = Config::get('system', 'block_public') && !Session::isAuthenticated();
|
||||
|
||||
if ($a->argc > 1) {
|
||||
$which = $a->argv[1];
|
||||
|
|
19
mod/item.php
19
mod/item.php
|
@ -25,6 +25,7 @@ use Friendica\Core\L10n;
|
|||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Core\Worker;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Attach;
|
||||
|
@ -45,7 +46,7 @@ use Friendica\Worker\Delivery;
|
|||
require_once __DIR__ . '/../include/items.php';
|
||||
|
||||
function item_post(App $a) {
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -348,18 +349,8 @@ function item_post(App $a) {
|
|||
if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
|
||||
$self = true;
|
||||
$author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
|
||||
} elseif (remote_user()) {
|
||||
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $profile_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($contact_id) {
|
||||
$author = DBA::selectFirst('contact', [], ['id' => $contact_id]);
|
||||
}
|
||||
} elseif (!empty(Session::getRemoteContactID($profile_uid))) {
|
||||
$author = DBA::selectFirst('contact', [], ['id' => Session::getRemoteContactID($profile_uid)]);
|
||||
}
|
||||
|
||||
if (DBA::isResult($author)) {
|
||||
|
@ -870,7 +861,7 @@ function item_post_return($baseurl, $api_source, $return_path)
|
|||
|
||||
function item_content(App $a)
|
||||
{
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@ use Friendica\Core\L10n;
|
|||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Group;
|
||||
|
@ -35,11 +36,7 @@ use Friendica\Util\XML;
|
|||
|
||||
function photos_init(App $a) {
|
||||
|
||||
if ($a->argc > 1) {
|
||||
DFRN::autoRedir($a, $a->argv[1]);
|
||||
}
|
||||
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -73,7 +70,7 @@ function photos_init(App $a) {
|
|||
|
||||
$albums = Photo::getAlbums($a->data['user']['uid']);
|
||||
|
||||
$albums_visible = ((intval($a->data['user']['hidewall']) && !local_user() && !remote_user()) ? false : true);
|
||||
$albums_visible = ((intval($a->data['user']['hidewall']) && !Session::isAuthenticated()) ? false : true);
|
||||
|
||||
// add various encodings to the array so we can just loop through and pick them out in a template
|
||||
$ret = ['success' => false];
|
||||
|
@ -88,7 +85,7 @@ function photos_init(App $a) {
|
|||
$ret['albums'] = [];
|
||||
foreach ($albums as $k => $album) {
|
||||
//hide profile photos to others
|
||||
if (!$is_owner && !remote_user() && ($album['album'] == L10n::t('Profile Photos')))
|
||||
if (!$is_owner && !Session::getRemoteContactID($a->profile_uid) && ($album['album'] == L10n::t('Profile Photos')))
|
||||
continue;
|
||||
$entry = [
|
||||
'text' => $album['album'],
|
||||
|
@ -154,16 +151,11 @@ function photos_post(App $a)
|
|||
|
||||
if (local_user() && (local_user() == $page_owner_uid)) {
|
||||
$can_post = true;
|
||||
} elseif ($community_page && remote_user($page_owner_uid)) {
|
||||
$contact_id = remote_user($page_owner_uid);
|
||||
|
||||
if ($contact_id > 0) {
|
||||
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
|
||||
} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
|
||||
$contact_id = Session::getRemoteContactID($page_owner_uid);
|
||||
$can_post = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!$can_post) {
|
||||
notice(L10n::t('Permission denied.') . EOL);
|
||||
|
@ -837,7 +829,7 @@ function photos_content(App $a)
|
|||
// photos/name/image/xxxxx/edit
|
||||
// photos/name/image/xxxxx/drop
|
||||
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
notice(L10n::t('Public access denied.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
@ -883,18 +875,8 @@ function photos_content(App $a)
|
|||
|
||||
if (local_user() && (local_user() == $owner_uid)) {
|
||||
$can_post = true;
|
||||
} else {
|
||||
if ($community_page && remote_user()) {
|
||||
if (is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($contact_id) {
|
||||
} elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
|
||||
$contact_id = Session::getRemoteContactID($owner_uid);
|
||||
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
|
||||
|
||||
if (DBA::isResult($contact)) {
|
||||
|
@ -903,31 +885,15 @@ function photos_content(App $a)
|
|||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$groups = [];
|
||||
|
||||
// perhaps they're visiting - but not a community page, so they wouldn't have write access
|
||||
if (remote_user() && !$visitor) {
|
||||
$contact_id = 0;
|
||||
if (is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($contact_id) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
|
||||
$contact_id = Session::getRemoteContactID($owner_uid);
|
||||
|
||||
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
|
||||
|
||||
$remote_contact = DBA::isResult($contact);
|
||||
}
|
||||
}
|
||||
|
||||
if (!$remote_contact && local_user()) {
|
||||
$contact_id = $_SESSION['cid'];
|
||||
|
@ -939,7 +905,7 @@ function photos_content(App $a)
|
|||
return;
|
||||
}
|
||||
|
||||
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
|
||||
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
|
||||
|
||||
$o = "";
|
||||
|
||||
|
@ -1598,7 +1564,7 @@ function photos_content(App $a)
|
|||
$twist = false;
|
||||
foreach ($r as $rr) {
|
||||
//hide profile photos to others
|
||||
if (!$is_owner && !remote_user() && ($rr['album'] == L10n::t('Profile Photos'))) {
|
||||
if (!$is_owner && !Session::getRemoteContactID($owner_uid) && ($rr['album'] == L10n::t('Profile Photos'))) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ function redir_init(App $a) {
|
|||
|
||||
$contact_url = $contact['url'];
|
||||
|
||||
if ((!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate.
|
||||
if (!Session::isAuthenticated() // Visitors (not logged in or not remotes) can't authenticate.
|
||||
|| (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated.
|
||||
{
|
||||
$a->redirect(defaults($url, $contact_url));
|
||||
|
@ -66,34 +66,16 @@ function redir_init(App $a) {
|
|||
// with the local contact. Otherwise the local user would ask the local contact
|
||||
// for authentification everytime he/she is visiting a profile page of the local
|
||||
// contact.
|
||||
if ($host == $remotehost
|
||||
&& !empty($_SESSION['remote'])
|
||||
&& is_array($_SESSION['remote']))
|
||||
{
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if (!empty($v['uid']) && !empty($v['cid']) &&
|
||||
$v['uid'] == Session::get('visitor_visiting') &&
|
||||
$v['cid'] == Session::get('visitor_id')) {
|
||||
if (($host == $remotehost) && (Session::getRemoteContactID(Session::get('visitor_visiting')) == Session::get('visitor_id'))) {
|
||||
// Remote user is already authenticated.
|
||||
$target_url = defaults($url, $contact_url);
|
||||
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
|
||||
$a->redirect($target_url);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// When the remote page does support OWA, then we enforce the use of it
|
||||
$basepath = Contact::getBasepath($contact_url);
|
||||
if (Strings::compareLink($basepath, System::baseUrl())) {
|
||||
$use_magic = true;
|
||||
} else {
|
||||
$serverret = Network::curl($basepath . '/magic');
|
||||
$use_magic = $serverret->isSuccess();
|
||||
}
|
||||
|
||||
// Doing remote auth with dfrn.
|
||||
if (local_user() && !$use_magic && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
|
||||
if (local_user() && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
|
||||
$dfrn_id = $orig_id = (($contact['issued-id']) ? $contact['issued-id'] : $contact['dfrn-id']);
|
||||
|
||||
if ($contact['duplex'] && $contact['issued-id']) {
|
||||
|
@ -148,23 +130,6 @@ function redir_magic($a, $cid, $url)
|
|||
Logger::info('Got my url', ['visitor' => $visitor]);
|
||||
}
|
||||
|
||||
/// @todo Most likely these lines are superfluous. We will remove them in the next version
|
||||
if (empty($visitor) && remote_user()) {
|
||||
$contact = DBA::selectFirst('contact', ['url'], ['id' => remote_user()]);
|
||||
if (!empty($contact['url'])) {
|
||||
$visitor = $contact['url'];
|
||||
Logger::info('Got remote user', ['visitor' => $visitor]);
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($visitor) && local_user()) {
|
||||
$contact = DBA::selectFirst('contact', ['url'], ['id' => local_user()]);
|
||||
if (!empty($contact['url'])) {
|
||||
$visitor = $contact['url'];
|
||||
Logger::info('Got local user', ['visitor' => $visitor]);
|
||||
}
|
||||
}
|
||||
|
||||
$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid]);
|
||||
if (!DBA::isResult($contact)) {
|
||||
Logger::info('Contact not found', ['id' => $cid]);
|
||||
|
|
|
@ -11,6 +11,7 @@ use Friendica\Core\Cache;
|
|||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Item;
|
||||
|
@ -83,18 +84,18 @@ function search_init(App $a) {
|
|||
}
|
||||
|
||||
function search_content(App $a) {
|
||||
if (Config::get('system','block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system','block_public') && !Session::isAuthenticated()) {
|
||||
notice(L10n::t('Public access denied.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
||||
if (Config::get('system','local_search') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system','local_search') && !Session::isAuthenticated()) {
|
||||
$e = new \Friendica\Network\HTTPException\ForbiddenException(L10n::t("Only logged in users are permitted to perform a search."));
|
||||
$e->httpdesc = L10n::t("Public access denied.");
|
||||
throw $e;
|
||||
}
|
||||
|
||||
if (Config::get('system','permit_crawling') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system','permit_crawling') && !Session::isAuthenticated()) {
|
||||
// Default values:
|
||||
// 10 requests are "free", after the 11th only a call per minute is allowed
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ use Friendica\Util\XML;
|
|||
|
||||
function subthread_content(App $a) {
|
||||
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ use Friendica\Core\Hook;
|
|||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Core\Worker;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Item;
|
||||
|
@ -16,7 +17,7 @@ use Friendica\Worker\Delivery;
|
|||
|
||||
function tagger_content(App $a) {
|
||||
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ use Friendica\Core\Config;
|
|||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Attach;
|
||||
use Friendica\Model\Contact;
|
||||
|
@ -22,11 +23,7 @@ use Friendica\Util\Security;
|
|||
|
||||
function videos_init(App $a)
|
||||
{
|
||||
if ($a->argc > 1) {
|
||||
DFRN::autoRedir($a, $a->argv[1]);
|
||||
}
|
||||
|
||||
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -114,7 +111,7 @@ function videos_content(App $a)
|
|||
// videos/name/video/xxxxx/edit
|
||||
|
||||
|
||||
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
notice(L10n::t('Public access denied.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
@ -154,64 +151,25 @@ function videos_content(App $a)
|
|||
|
||||
if ((local_user()) && (local_user() == $owner_uid)) {
|
||||
$can_post = true;
|
||||
} elseif ($community_page && remote_user()) {
|
||||
if (!empty($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($contact_id > 0) {
|
||||
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($owner_uid)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
} elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
|
||||
$contact_id = Session::getRemoteContactID($owner_uid);
|
||||
$can_post = true;
|
||||
$remote_contact = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$groups = [];
|
||||
|
||||
// perhaps they're visiting - but not a community page, so they wouldn't have write access
|
||||
if (remote_user() && (!$visitor)) {
|
||||
$contact_id = 0;
|
||||
|
||||
if (!empty($_SESSION['remote'])) {
|
||||
foreach($_SESSION['remote'] as $v) {
|
||||
if($v['uid'] == $owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($contact_id > 0) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($owner_uid)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
|
||||
$contact_id = Session::getRemoteContactID($owner_uid);
|
||||
$remote_contact = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) {
|
||||
if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) {
|
||||
notice(L10n::t('Access to this item is restricted.') . EOL);
|
||||
return;
|
||||
}
|
||||
|
||||
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
|
||||
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
|
||||
|
||||
$o = "";
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
use Friendica\App;
|
||||
use Friendica\Core\Config;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Attach;
|
||||
use Friendica\Model\User;
|
||||
|
@ -43,22 +44,10 @@ function wall_attach_post(App $a) {
|
|||
$page_owner_cid = $r[0]['id'];
|
||||
$community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
|
||||
|
||||
if ((local_user()) && (local_user() == $page_owner_uid)) {
|
||||
if (local_user() && (local_user() == $page_owner_uid)) {
|
||||
$can_post = true;
|
||||
} else {
|
||||
if ($community_page && remote_user()) {
|
||||
$contact_id = 0;
|
||||
|
||||
if (is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $page_owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($contact_id > 0) {
|
||||
} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
|
||||
$contact_id = Session::getRemoteContactID($page_owner_uid);
|
||||
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($page_owner_uid)
|
||||
|
@ -68,10 +57,8 @@ function wall_attach_post(App $a) {
|
|||
$can_post = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (! $can_post) {
|
||||
if (!$can_post) {
|
||||
if ($r_json) {
|
||||
echo json_encode(['error' => L10n::t('Permission denied.')]);
|
||||
exit();
|
||||
|
|
|
@ -12,6 +12,7 @@ use Friendica\App;
|
|||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Core\Config;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
|
@ -74,19 +75,9 @@ function wall_upload_post(App $a, $desktopmode = true)
|
|||
|
||||
if ((local_user()) && (local_user() == $page_owner_uid)) {
|
||||
$can_post = true;
|
||||
} else {
|
||||
if ($community_page && remote_user()) {
|
||||
$contact_id = 0;
|
||||
if (is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $page_owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
|
||||
$contact_id = Session::getRemoteContactID($page_owner_uid);
|
||||
|
||||
if ($contact_id) {
|
||||
$r = q("SELECT `uid` FROM `contact`
|
||||
WHERE `blocked` = 0 AND `pending` = 0
|
||||
AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
|
@ -98,9 +89,6 @@ function wall_upload_post(App $a, $desktopmode = true)
|
|||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!$can_post) {
|
||||
if ($r_json) {
|
||||
|
|
|
@ -149,7 +149,7 @@ class Nav
|
|||
$nav['usermenu'] = [];
|
||||
$userinfo = null;
|
||||
|
||||
if (local_user() || remote_user()) {
|
||||
if (Session::isAuthenticated()) {
|
||||
$nav['logout'] = ['logout', L10n::t('Logout'), '', L10n::t('End this session')];
|
||||
} else {
|
||||
$nav['login'] = ['login', L10n::t('Login'), ($a->module == 'login' ? 'selected' : ''), L10n::t('Sign in')];
|
||||
|
@ -182,7 +182,7 @@ class Nav
|
|||
$nav['home'] = [$homelink, L10n::t('Home'), '', L10n::t('Home Page')];
|
||||
}
|
||||
|
||||
if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::OPEN && !local_user() && !remote_user()) {
|
||||
if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::OPEN && !Session::isAuthenticated()) {
|
||||
$nav['register'] = ['register', L10n::t('Register'), '', L10n::t('Create an account')];
|
||||
}
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ use Friendica\Core\PConfig;
|
|||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\FileTag;
|
||||
|
@ -339,7 +340,7 @@ class Widget
|
|||
|
||||
$zcid = 0;
|
||||
|
||||
$cid = remote_user($profile_uid);
|
||||
$cid = Session::getRemoteContactID($profile_uid);
|
||||
|
||||
if (!$cid) {
|
||||
if (Profile::getMyURL()) {
|
||||
|
|
|
@ -11,6 +11,7 @@ use Friendica\Content\Feature;
|
|||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\GContact;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Util\Network;
|
||||
|
||||
/**
|
||||
|
@ -333,7 +334,7 @@ class ACL extends BaseObject
|
|||
*/
|
||||
public static function contactAutocomplete($search, $mode, int $page = 1)
|
||||
{
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
return [];
|
||||
}
|
||||
|
||||
|
|
|
@ -119,21 +119,10 @@ class Session
|
|||
'page_flags' => $user_record['page-flags'],
|
||||
'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'],
|
||||
'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3),
|
||||
'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'),
|
||||
'remote' => []
|
||||
'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')
|
||||
]);
|
||||
|
||||
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
|
||||
while ($contact = DBA::fetch($remote_contacts)) {
|
||||
if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
/// @todo Change it to this format to save space
|
||||
// $_SESSION['remote'][$contact['uid']] = $contact['id'];
|
||||
$_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
|
||||
}
|
||||
DBA::close($remote_contacts);
|
||||
self::setVisitorsContacts();
|
||||
|
||||
$member_since = strtotime($user_record['register_date']);
|
||||
self::set('new_member', time() < ($member_since + ( 60 * 60 * 24 * 14)));
|
||||
|
@ -216,4 +205,68 @@ class Session
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns contact ID for given user ID
|
||||
*
|
||||
* @param integer $uid User ID
|
||||
* @return integer Contact ID of visitor for given user ID
|
||||
*/
|
||||
public static function getRemoteContactID($uid)
|
||||
{
|
||||
if (empty($_SESSION['remote'][$uid])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $_SESSION['remote'][$uid];
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns User ID for given contact ID of the visitor
|
||||
*
|
||||
* @param integer $cid Contact ID
|
||||
* @return integer User ID for given contact ID of the visitor
|
||||
*/
|
||||
public static function getUserIDForVisitorContactID($cid)
|
||||
{
|
||||
if (empty($_SESSION['remote'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return array_search($cid, $_SESSION['remote']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the session variable that contains the contact IDs for the visitor's contact URL
|
||||
*
|
||||
* @param string $url Contact URL
|
||||
*/
|
||||
public static function setVisitorsContacts()
|
||||
{
|
||||
$_SESSION['remote'] = [];
|
||||
|
||||
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
|
||||
while ($contact = DBA::fetch($remote_contacts)) {
|
||||
if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$_SESSION['remote'][$contact['uid']] = $contact['id'];
|
||||
}
|
||||
DBA::close($remote_contacts);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns if the current visitor is authenticated
|
||||
*
|
||||
* @return boolean "true" when visitor is either a local or remote user
|
||||
*/
|
||||
public static function isAuthenticated()
|
||||
{
|
||||
if (empty($_SESSION['authenticated'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $_SESSION['authenticated'];
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,6 +13,7 @@ use Friendica\Core\L10n;
|
|||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Core\Worker;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Network\Probe;
|
||||
|
@ -1213,7 +1214,7 @@ class Contact extends BaseObject
|
|||
}
|
||||
|
||||
if (($contact['network'] == Protocol::DFRN) && !$contact['self'] && empty($contact['pending'])) {
|
||||
$poke_link = System::baseUrl() . '/poke/?f=&c=' . $contact['id'];
|
||||
$poke_link = System::baseUrl() . '/poke/?c=' . $contact['id'];
|
||||
}
|
||||
|
||||
$contact_url = System::baseUrl() . '/contact/' . $contact['id'];
|
||||
|
@ -2679,7 +2680,7 @@ class Contact extends BaseObject
|
|||
*/
|
||||
public static function magicLink($contact_url, $url = '')
|
||||
{
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url;
|
||||
}
|
||||
|
||||
|
@ -2725,7 +2726,7 @@ class Contact extends BaseObject
|
|||
{
|
||||
$destination = $url ?: $contact['url']; // Equivalent to ($url != '') ? $url : $contact['url'];
|
||||
|
||||
if ((!local_user() && !remote_user()) || ($contact['network'] != Protocol::DFRN)) {
|
||||
if (!Session::isAuthenticated() || ($contact['network'] != Protocol::DFRN)) {
|
||||
return $destination;
|
||||
}
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@ use Friendica\Core\PConfig;
|
|||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Core\Worker;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Protocol\ActivityPub;
|
||||
|
@ -3028,7 +3029,7 @@ class Item extends BaseObject
|
|||
*/
|
||||
public static function performLike($item_id, $verb)
|
||||
{
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -3260,10 +3261,10 @@ class Item extends BaseObject
|
|||
}
|
||||
}
|
||||
|
||||
public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null, $remote_cid = null)
|
||||
public static function getPermissionsSQLByUserId($owner_id)
|
||||
{
|
||||
$local_user = local_user();
|
||||
$remote_user = remote_user();
|
||||
$remote_user = Session::getRemoteContactID($owner_id);
|
||||
|
||||
/*
|
||||
* Construct permissions
|
||||
|
@ -3283,7 +3284,7 @@ class Item extends BaseObject
|
|||
* If pre-verified, the caller is expected to have already
|
||||
* done this and passed the groups into this function.
|
||||
*/
|
||||
$set = PermissionSet::get($owner_id, $remote_cid, $groups);
|
||||
$set = PermissionSet::get($owner_id, $remote_user);
|
||||
|
||||
if (!empty($set)) {
|
||||
$sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))";
|
||||
|
@ -3427,7 +3428,7 @@ class Item extends BaseObject
|
|||
}
|
||||
|
||||
// Update the cached values if there is no "zrl=..." on the links.
|
||||
$update = (!local_user() && !remote_user() && ($item["uid"] == 0));
|
||||
$update = (!Session::isAuthenticated() && ($item["uid"] == 0));
|
||||
|
||||
// Or update it if the current viewer is the intented viewer.
|
||||
if (($item["uid"] == local_user()) && ($item["uid"] != 0)) {
|
||||
|
|
|
@ -67,21 +67,20 @@ class PermissionSet extends BaseObject
|
|||
*
|
||||
* @param integer $uid User id whom the items belong
|
||||
* @param integer $contact_id Contact id of the visitor
|
||||
* @param array $groups Possibly previously fetched group ids for that contact
|
||||
*
|
||||
* @return array of permission set ids.
|
||||
* @throws \Exception
|
||||
*/
|
||||
|
||||
static public function get($uid, $contact_id, $groups = null)
|
||||
static public function get($uid, $contact_id)
|
||||
{
|
||||
if (empty($groups) && DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
|
||||
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
}
|
||||
|
||||
if (empty($groups) || !is_array($groups)) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$group_str = '<<>>'; // should be impossible to match
|
||||
|
||||
foreach ($groups as $g) {
|
||||
|
@ -90,11 +89,9 @@ class PermissionSet extends BaseObject
|
|||
|
||||
$contact_str = '<' . $contact_id . '>';
|
||||
|
||||
$condition = ["`uid` = ? AND (`allow_cid` = '' OR`allow_cid` REGEXP ?)
|
||||
AND (`deny_cid` = '' OR NOT `deny_cid` REGEXP ?)
|
||||
AND (`allow_gid` = '' OR `allow_gid` REGEXP ?)
|
||||
AND (`deny_gid` = '' OR NOT `deny_gid` REGEXP ?)",
|
||||
$uid, $contact_str, $contact_str, $group_str, $group_str];
|
||||
$condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
|
||||
AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
|
||||
$uid, $contact_str, $group_str, $contact_str, $group_str];
|
||||
|
||||
$ret = DBA::select('permissionset', ['id'], $condition);
|
||||
$set = [];
|
||||
|
|
|
@ -131,31 +131,17 @@ class Photo extends BaseObject
|
|||
*/
|
||||
public static function getPhoto($resourceid, $scale = 0)
|
||||
{
|
||||
$r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]);
|
||||
if ($r === false) {
|
||||
$r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
|
||||
if (!DBA::isResult($r)) {
|
||||
return false;
|
||||
}
|
||||
$uid = $r["uid"];
|
||||
|
||||
// This is the first place, when retrieving just a photo, that we know who owns the photo.
|
||||
// Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not
|
||||
// make sure that the requester's session is appropriately authenticated to that user
|
||||
// otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
|
||||
if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) {
|
||||
$r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
|
||||
// this will either just return (if auth all ok) or will redirect and exit (starting over)
|
||||
DFRN::autoRedir(self::getApp(), $r["nickname"]);
|
||||
}
|
||||
$uid = $r["uid"];
|
||||
|
||||
$sql_acl = Security::getPermissionsSQLByUserId($uid);
|
||||
|
||||
$conditions = [
|
||||
"`resource-id` = ? AND `scale` <= ? " . $sql_acl,
|
||||
$resourceid, $scale
|
||||
];
|
||||
|
||||
$conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
|
||||
$params = ["order" => ["scale" => true]];
|
||||
|
||||
$photo = self::selectFirst([], $conditions, $params);
|
||||
|
||||
return $photo;
|
||||
|
|
|
@ -215,7 +215,7 @@ class Profile
|
|||
);
|
||||
}
|
||||
|
||||
$block = ((Config::get('system', 'block_public') && !local_user() && !remote_user()) ? true : false);
|
||||
$block = ((Config::get('system', 'block_public') && !Session::isAuthenticated()) ? true : false);
|
||||
|
||||
/**
|
||||
* @todo
|
||||
|
@ -248,16 +248,11 @@ class Profile
|
|||
*/
|
||||
public static function getByNickname($nickname, $uid = 0, $profile_id = 0)
|
||||
{
|
||||
if (remote_user($uid) && !empty($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $visitor) {
|
||||
if ($visitor['uid'] == $uid) {
|
||||
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]);
|
||||
if (!empty(Session::getRemoteContactID($uid))) {
|
||||
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => Session::getRemoteContactID($uid)]);
|
||||
if (DBA::isResult($contact)) {
|
||||
$profile_id = $contact['profile-id'];
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$profile = null;
|
||||
|
@ -453,7 +448,7 @@ class Profile
|
|||
$about = !empty($profile['about']) ? L10n::t('About:') : false;
|
||||
$xmpp = !empty($profile['xmpp']) ? L10n::t('XMPP:') : false;
|
||||
|
||||
if ((!empty($profile['hidewall']) || $block) && !local_user() && !remote_user()) {
|
||||
if ((!empty($profile['hidewall']) || $block) && !Session::isAuthenticated()) {
|
||||
$location = $gender = $marital = $homepage = $about = false;
|
||||
}
|
||||
|
||||
|
@ -1029,6 +1024,12 @@ class Profile
|
|||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/channel.php
|
||||
*
|
||||
* The implementation for Friendica sadly differs in some points from the one for Hubzilla:
|
||||
* - Hubzilla uses the "zid" parameter, while for Friendica it had been replaced with "zrl"
|
||||
* - There seem to be some reverse authentication (rmagic) that isn't implemented in Friendica at all
|
||||
*
|
||||
* It would be favourable to harmonize the two implementations.
|
||||
*
|
||||
* @param App $a Application instance.
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
* @throws \ImagickException
|
||||
|
@ -1042,6 +1043,8 @@ class Profile
|
|||
return;
|
||||
}
|
||||
|
||||
$addr = $_GET['addr'] ?? $my_url;
|
||||
|
||||
$arr = ['zrl' => $my_url, 'url' => $a->cmd];
|
||||
Hook::callAll('zrl_init', $arr);
|
||||
|
||||
|
@ -1072,19 +1075,19 @@ class Profile
|
|||
|
||||
Worker::add(PRIORITY_LOW, 'GProbe', $my_url);
|
||||
|
||||
// Try to avoid recursion - but send them home to do a proper magic auth.
|
||||
$query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string);
|
||||
// Remove the "addr" parameter from the destination. It is later added as separate parameter again.
|
||||
$addr_request = 'addr=' . urlencode($addr);
|
||||
$query = rtrim(str_replace($addr_request, '', $a->query_string), '?&');
|
||||
|
||||
// The other instance needs to know where to redirect.
|
||||
$dest = urlencode($a->getBaseURL() . '/' . $query);
|
||||
|
||||
// We need to extract the basebath from the profile url
|
||||
// to redirect the visitors '/magic' module.
|
||||
// Note: We should have the basepath of a contact also in the contact table.
|
||||
$urlarr = explode('/profile/', $contact['url']);
|
||||
$basepath = $urlarr[0];
|
||||
$basepath = Contact::getBasepath($contact['url']);
|
||||
|
||||
if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
|
||||
$magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest;
|
||||
if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic')) {
|
||||
$magic_path = $basepath . '/magic' . '?owa=1&dest=' . $dest . '&' . $addr_request;
|
||||
|
||||
// We have to check if the remote server does understand /magic without invoking something
|
||||
$serverret = Network::curl($basepath . '/magic');
|
||||
|
@ -1121,17 +1124,7 @@ class Profile
|
|||
$_SESSION['visitor_home'] = $visitor['url'];
|
||||
$_SESSION['my_url'] = $visitor['url'];
|
||||
|
||||
/// @todo replace this and the query for this variable with some cleaner functionality
|
||||
$_SESSION['remote'] = [];
|
||||
|
||||
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => $visitor['nurl'], 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
|
||||
while ($contact = DBA::fetch($remote_contacts)) {
|
||||
if (($contact['uid'] == 0) || Contact::isBlockedByUser($visitor['id'], $contact['uid'])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
|
||||
}
|
||||
Session::setVisitorsContacts();
|
||||
|
||||
$a->contact = $visitor;
|
||||
|
||||
|
@ -1193,7 +1186,7 @@ class Profile
|
|||
if (!strlen($s)) {
|
||||
return $s;
|
||||
}
|
||||
if ((!strpos($s, '/profile/')) && (!$force)) {
|
||||
if (!strpos($s, '/profile/') && !$force) {
|
||||
return $s;
|
||||
}
|
||||
if ($force && substr($s, -1, 1) !== '/') {
|
||||
|
|
|
@ -39,7 +39,7 @@ class Localtime extends BaseModule
|
|||
$output .= '<p>' . L10n::t('Converted localtime: %s', $app->data['mod-localtime']) . '</p>';
|
||||
}
|
||||
|
||||
$output .= '<form action ="' . $app->getBaseURL() . '/localtime?f=&time=' . $time . '" method="post" >';
|
||||
$output .= '<form action ="' . $app->getBaseURL() . '/localtime?time=' . $time . '" method="post" >';
|
||||
$output .= '<p>' . L10n::t('Please select your timezone:') . '</p>';
|
||||
$output .= Temporal::getTimezoneSelect(defaults($_REQUEST, 'timezone', Installer::DEFAULT_TZ));
|
||||
$output .= '<input type="submit" name="submit" value="' . L10n::t('Submit') . '" /></form>';
|
||||
|
|
|
@ -8,6 +8,7 @@ use Friendica\Content\Pager;
|
|||
use Friendica\Content\Widget;
|
||||
use Friendica\Core\Hook;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Profile;
|
||||
|
@ -25,8 +26,8 @@ class Directory extends BaseModule
|
|||
$app = self::getApp();
|
||||
$config = $app->getConfig();
|
||||
|
||||
if (($config->get('system', 'block_public') && !local_user() && !remote_user()) ||
|
||||
($config->get('system', 'block_local_dir') && !local_user() && !remote_user())) {
|
||||
if (($config->get('system', 'block_public') && !Session::isAuthenticated()) ||
|
||||
($config->get('system', 'block_local_dir') && !Session::isAuthenticated())) {
|
||||
throw new HTTPException\ForbiddenException(L10n::t('Public access denied.'));
|
||||
}
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ namespace Friendica\Module;
|
|||
|
||||
use Friendica\BaseModule;
|
||||
use Friendica\Model\Item;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Network\HTTPException;
|
||||
use Friendica\Util\Strings;
|
||||
|
||||
|
@ -14,7 +15,7 @@ class Like extends BaseModule
|
|||
{
|
||||
public static function rawContent()
|
||||
{
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
throw new HTTPException\ForbiddenException();
|
||||
}
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ namespace Friendica\Module;
|
|||
|
||||
use Friendica\BaseModule;
|
||||
use Friendica\Core\Authentication;
|
||||
use Friendica\Core\Cache;
|
||||
use Friendica\Core\Hook;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\System;
|
||||
|
@ -27,6 +28,7 @@ class Logout extends BaseModule
|
|||
$visitor_home = null;
|
||||
if (remote_user()) {
|
||||
$visitor_home = Profile::getMyURL();
|
||||
Cache::delete('zrlInit:' . $visitor_home);
|
||||
}
|
||||
|
||||
Hook::callAll("logging_out");
|
||||
|
|
|
@ -32,15 +32,16 @@ class Magic extends BaseModule
|
|||
$dest = defaults($_REQUEST, 'dest', '');
|
||||
$test = (!empty($_REQUEST['test']) ? intval($_REQUEST['test']) : 0);
|
||||
$owa = (!empty($_REQUEST['owa']) ? intval($_REQUEST['owa']) : 0);
|
||||
$cid = 0;
|
||||
|
||||
if (!empty($addr)) {
|
||||
$cid = Contact::getIdForURL($addr);
|
||||
} else {
|
||||
} elseif (!empty($dest)) {
|
||||
$cid = Contact::getIdForURL($dest);
|
||||
}
|
||||
|
||||
if (!$cid) {
|
||||
Logger::log('No contact record found: ' . json_encode($_REQUEST), Logger::DEBUG);
|
||||
Logger::info('No contact record found', $_REQUEST);
|
||||
// @TODO Finding a more elegant possibility to redirect to either internal or external URL
|
||||
$a->redirect($dest);
|
||||
}
|
||||
|
@ -96,9 +97,9 @@ class Magic extends BaseModule
|
|||
} else {
|
||||
$token = $j['token'];
|
||||
}
|
||||
$x = strpbrk($dest, '?&');
|
||||
$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token);
|
||||
$args = (strpbrk($dest, '?&') ? '&' : '?') . 'owt=' . $token;
|
||||
|
||||
Logger::info('Redirecting', ['path' => $dest . $args]);
|
||||
System::externalRedirect($dest . $args);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -48,8 +48,6 @@ class Profile extends BaseModule
|
|||
if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') {
|
||||
self::$which = $a->user['nickname'];
|
||||
self::$profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT);
|
||||
} else {
|
||||
DFRN::autoRedir($a, self::$which);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -86,8 +84,8 @@ class Profile extends BaseModule
|
|||
|
||||
$a->page['htmlhead'] .= "\n";
|
||||
|
||||
$blocked = !local_user() && !remote_user() && Config::get('system', 'block_public');
|
||||
$userblock = !local_user() && !remote_user() && $a->profile['hidewall'];
|
||||
$blocked = !local_user() && !Session::getRemoteContactID($a->profile['profile_uid']) && Config::get('system', 'block_public');
|
||||
$userblock = !local_user() && !Session::getRemoteContactID($a->profile['profile_uid']) && $a->profile['hidewall'];
|
||||
|
||||
if (!empty($a->profile['page-flags']) && $a->profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
|
||||
$a->page['htmlhead'] .= '<meta name="friendica.community" content="true" />' . "\n";
|
||||
|
@ -153,13 +151,10 @@ class Profile extends BaseModule
|
|||
|
||||
$hashtags = defaults($_GET, 'tag', '');
|
||||
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !local_user() && !Session::getRemoteContactID($a->profile['profile_uid'])) {
|
||||
return Login::form();
|
||||
}
|
||||
|
||||
$groups = [];
|
||||
$remote_cid = null;
|
||||
|
||||
$o = '';
|
||||
|
||||
if ($update) {
|
||||
|
@ -169,17 +164,9 @@ class Profile extends BaseModule
|
|||
Nav::setSelected('home');
|
||||
}
|
||||
|
||||
$remote_contact = ContactModel::isFollower(remote_user(), $a->profile['profile_uid']);
|
||||
$remote_contact = Session::getRemoteContactID($a->profile['profile_uid']);
|
||||
$is_owner = local_user() == $a->profile['profile_uid'];
|
||||
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user();
|
||||
|
||||
if ($remote_contact) {
|
||||
$cdata = ContactModel::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
|
||||
if (!empty($cdata['user'])) {
|
||||
$groups = Group::getIdsByContactId($cdata['user']);
|
||||
$remote_cid = $cdata['user'];
|
||||
}
|
||||
}
|
||||
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact;
|
||||
|
||||
if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) {
|
||||
notice(L10n::t('Access to this profile has been restricted.') . EOL);
|
||||
|
@ -229,7 +216,7 @@ class Profile extends BaseModule
|
|||
}
|
||||
|
||||
// Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
|
||||
$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $remote_contact, $groups, $remote_cid);
|
||||
$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
|
||||
$sql_extra2 = '';
|
||||
|
||||
$last_updated_array = Session::get('last_updated', []);
|
||||
|
|
|
@ -10,6 +10,7 @@ use Friendica\Core\Config;
|
|||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Profile;
|
||||
|
@ -19,7 +20,7 @@ class Contacts extends BaseModule
|
|||
{
|
||||
public static function content()
|
||||
{
|
||||
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
|
||||
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
throw new \Friendica\Network\HTTPException\NotFoundException(L10n::t('User not found.'));
|
||||
}
|
||||
|
||||
|
|
|
@ -14,8 +14,8 @@ use Friendica\Core\L10n;
|
|||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\PConfig;
|
||||
use Friendica\Core\Protocol;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Core\Session;
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Item;
|
||||
|
@ -71,13 +71,8 @@ class Post extends BaseObject
|
|||
$this->setTemplate('wall');
|
||||
$this->toplevel = $this->getId() == $this->getDataValue('parent');
|
||||
|
||||
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $visitor) {
|
||||
if ($visitor['cid'] == $this->getDataValue('contact-id')) {
|
||||
if (!empty(Session::getUserIDForVisitorContactID($this->getDataValue('contact-id')))) {
|
||||
$this->visiting = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->writable = $this->getDataValue('writable') || $this->getDataValue('self');
|
||||
|
@ -224,7 +219,7 @@ class Post extends BaseObject
|
|||
$author = ['uid' => 0, 'id' => $item['author-id'],
|
||||
'network' => $item['author-network'], 'url' => $item['author-link']];
|
||||
|
||||
if (local_user() || remote_user()) {
|
||||
if (Session::isAuthenticated()) {
|
||||
$profile_link = Contact::magicLinkByContact($author);
|
||||
} else {
|
||||
$profile_link = $item['author-link'];
|
||||
|
|
|
@ -2849,115 +2849,6 @@ class DFRN
|
|||
return 200;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param App $a App
|
||||
* @param string $contact_nick contact nickname
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public static function autoRedir(App $a, $contact_nick)
|
||||
{
|
||||
// prevent looping
|
||||
if (!empty($_REQUEST['redir'])) {
|
||||
Logger::log('autoRedir might be looping because redirect has been redirected', Logger::DEBUG);
|
||||
// looping prevention also appears to sometimes prevent authentication for images
|
||||
// because browser may have multiple connections open and load an image on a connection
|
||||
// whose session wasn't updated when a previous redirect authenticated
|
||||
// Leaving commented in case looping reappears
|
||||
//return;
|
||||
}
|
||||
|
||||
if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (local_user()) {
|
||||
// We need to find out if $contact_nick is a user on this hub, and if so, if I
|
||||
// am a contact of that user. However, that user may have other contacts with the
|
||||
// same nickname as me on other hubs or other networks. Exclude these by requiring
|
||||
// that the contact have a local URL. I will be the only person with my nickname at
|
||||
// this URL, so if a result is found, then I am a contact of the $contact_nick user.
|
||||
//
|
||||
// We also have to make sure that I'm a legitimate contact--I'm not blocked or pending.
|
||||
|
||||
$baseurl = System::baseUrl();
|
||||
$domain_st = strpos($baseurl, "://");
|
||||
if ($domain_st === false) {
|
||||
return;
|
||||
}
|
||||
$baseurl = substr($baseurl, $domain_st + 3);
|
||||
$nurl = Strings::normaliseLink($baseurl);
|
||||
|
||||
$r = User::getByNickname($contact_nick, ["uid"]);
|
||||
$contact_uid = $r["uid"];
|
||||
|
||||
/// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
|
||||
$r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
|
||||
AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
|
||||
DBA::escape($contact_nick),
|
||||
DBA::escape($a->user['nickname']),
|
||||
DBA::escape($baseurl),
|
||||
DBA::escape($nurl)
|
||||
);
|
||||
if ((! DBA::isResult($r))) {
|
||||
return;
|
||||
}
|
||||
// test if redirect authentication already succeeded
|
||||
// Note that "contact" in the sense used in the $contact_nick argument to this function
|
||||
// and the sense in the $remote[]["cid"] in the session are opposite.
|
||||
// In the session variable the user currently fetching is the contact
|
||||
// while $contact_nick is the nick of tho user who owns the stuff being fetched.
|
||||
foreach (Session::get('remote', []) as $visitor) {
|
||||
if ($visitor['uid'] == $contact_uid && $visitor['cid'] == $r[0]['id']) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$r = q("SELECT * FROM contact WHERE nick = '%s'
|
||||
AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1",
|
||||
DBA::escape($contact_nick),
|
||||
DBA::escape(Protocol::DFRN),
|
||||
intval(local_user()),
|
||||
DBA::escape($baseurl)
|
||||
);
|
||||
if (! DBA::isResult($r)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$cid = $r[0]['id'];
|
||||
|
||||
$dfrn_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']);
|
||||
|
||||
if ($r[0]['duplex'] && $r[0]['issued-id']) {
|
||||
$orig_id = $r[0]['issued-id'];
|
||||
$dfrn_id = '1:' . $orig_id;
|
||||
}
|
||||
if ($r[0]['duplex'] && $r[0]['dfrn-id']) {
|
||||
$orig_id = $r[0]['dfrn-id'];
|
||||
$dfrn_id = '0:' . $orig_id;
|
||||
}
|
||||
|
||||
// ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode
|
||||
// that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues
|
||||
|
||||
if (strlen($dfrn_id) < 3) {
|
||||
return;
|
||||
}
|
||||
|
||||
$sec = Strings::getRandomHex();
|
||||
|
||||
DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]);
|
||||
|
||||
$url = curPageURL();
|
||||
|
||||
Logger::log('auto_redir: ' . $r[0]['name'] . ' ' . $sec, Logger::DEBUG);
|
||||
$dest = (($url) ? '&destination_url=' . $url : '');
|
||||
System::externalRedirect($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
|
||||
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Returns the activity verb
|
||||
*
|
||||
|
|
|
@ -1608,7 +1608,7 @@ class Diaspora
|
|||
}
|
||||
|
||||
if (self::isRedmatrix($contact["url"])) {
|
||||
return $contact["url"] . "/?f=&mid=" . $guid;
|
||||
return $contact["url"] . "/?mid=" . $guid;
|
||||
}
|
||||
|
||||
if ($parent_guid != '') {
|
||||
|
|
|
@ -10,6 +10,7 @@ use Friendica\Database\DBA;
|
|||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Group;
|
||||
use Friendica\Model\User;
|
||||
use Friendica\Core\Session;
|
||||
|
||||
/**
|
||||
* Secures that User is allow to do requests
|
||||
|
@ -20,7 +21,7 @@ class Security extends BaseObject
|
|||
{
|
||||
static $verified = 0;
|
||||
|
||||
if (!local_user() && !remote_user()) {
|
||||
if (!Session::isAuthenticated()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -33,7 +34,7 @@ class Security extends BaseObject
|
|||
return true;
|
||||
}
|
||||
|
||||
if (remote_user($owner)) {
|
||||
if (!empty(Session::getRemoteContactID($owner))) {
|
||||
// use remembered decision and avoid a DB lookup for each and every display item
|
||||
// DO NOT use this function if there are going to be multiple owners
|
||||
// We have a contact-id for an authenticated remote user, this block determines if the contact
|
||||
|
@ -44,14 +45,14 @@ class Security extends BaseObject
|
|||
} elseif ($verified === 1) {
|
||||
return false;
|
||||
} else {
|
||||
$cid = remote_user($owner);
|
||||
$cid = Session::getRemoteContactID($owner);
|
||||
if (!$cid) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` INNER JOIN `user` on `user`.`uid` = `contact`.`uid`
|
||||
WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
|
||||
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
|
||||
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND (`contact`.`rel` IN (%d , %d) OR `user`.`page-flags` = %d) LIMIT 1",
|
||||
intval($owner),
|
||||
intval($cid),
|
||||
intval(Contact::SHARING),
|
||||
|
@ -71,11 +72,10 @@ class Security extends BaseObject
|
|||
return false;
|
||||
}
|
||||
|
||||
/// @TODO $groups should be array
|
||||
public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null)
|
||||
public static function getPermissionsSQLByUserId($owner_id)
|
||||
{
|
||||
$local_user = local_user();
|
||||
$remote_user = remote_user();
|
||||
$remote_contact = Session::getRemoteContactID($owner_id);
|
||||
|
||||
/*
|
||||
* Construct permissions
|
||||
|
@ -85,8 +85,7 @@ class Security extends BaseObject
|
|||
$sql = " AND allow_cid = ''
|
||||
AND allow_gid = ''
|
||||
AND deny_cid = ''
|
||||
AND deny_gid = ''
|
||||
";
|
||||
AND deny_gid = '' ";
|
||||
|
||||
/*
|
||||
* Profile owner - everything is visible
|
||||
|
@ -94,40 +93,13 @@ class Security extends BaseObject
|
|||
if ($local_user && $local_user == $owner_id) {
|
||||
$sql = '';
|
||||
/*
|
||||
* Authenticated visitor. Unless pre-verified,
|
||||
* check that the contact belongs to this $owner_id
|
||||
* and load the groups the visitor belongs to.
|
||||
* If pre-verified, the caller is expected to have already
|
||||
* done this and passed the groups into this function.
|
||||
* Authenticated visitor. Load the groups the visitor belongs to.
|
||||
*/
|
||||
} elseif ($remote_user) {
|
||||
/*
|
||||
* Authenticated visitor. Unless pre-verified,
|
||||
* check that the contact belongs to this $owner_id
|
||||
* and load the groups the visitor belongs to.
|
||||
* If pre-verified, the caller is expected to have already
|
||||
* done this and passed the groups into this function.
|
||||
*/
|
||||
|
||||
if (!$remote_verified) {
|
||||
$cid = 0;
|
||||
|
||||
foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
|
||||
if ($visitor['uid'] == $owner_id) {
|
||||
$cid = $visitor['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) {
|
||||
$remote_verified = true;
|
||||
$groups = Group::getIdsByContactId($cid);
|
||||
}
|
||||
}
|
||||
|
||||
if ($remote_verified) {
|
||||
} elseif ($remote_contact) {
|
||||
$gs = '<<>>'; // should be impossible to match
|
||||
|
||||
$groups = Group::getIdsByContactId($remote_contact);
|
||||
|
||||
if (is_array($groups)) {
|
||||
foreach ($groups as $g) {
|
||||
$gs .= '|<' . intval($g) . '>';
|
||||
|
@ -135,18 +107,14 @@ class Security extends BaseObject
|
|||
}
|
||||
|
||||
$sql = sprintf(
|
||||
" AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
|
||||
AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
|
||||
)
|
||||
",
|
||||
intval($cid),
|
||||
" AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
|
||||
AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ",
|
||||
intval($remote_contact),
|
||||
DBA::escape($gs),
|
||||
intval($cid),
|
||||
intval($remote_contact),
|
||||
DBA::escape($gs)
|
||||
);
|
||||
}
|
||||
}
|
||||
return $sql;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user