1
1
Fork 0

Fix for remote authentication when visiting contact's pages

This commit is contained in:
Michael 2018-12-08 20:28:01 +00:00
parent 5e79ad277a
commit 8fbe0d46e9
4 changed files with 47 additions and 59 deletions

View file

@ -163,6 +163,8 @@ function delegate_content(App $a)
if (!is_null($parent_user)) {
$parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')];
} else {
$parent_password = '';
}
$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('delegate.tpl'), [

View file

@ -272,33 +272,17 @@ function display_content(App $a, $update = false, $update_uid = 0)
$groups = [];
$contact = null;
$is_remote_contact = false;
$contact_id = 0;
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['uid']) {
$contact_id = $v['cid'];
break;
}
}
$parent = Item::selectFirst(['uid'], ['uri' => $item_parent_uri, 'wall' => true]);
if (DBA::isResult($parent)) {
$a->profile['profile_uid'] = $parent['uid'];
}
if ($contact_id) {
$groups = Group::getIdsByContactId($contact_id);
$remote_contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $a->profile['uid']]);
if (DBA::isResult($remote_contact)) {
$contact = $remote_contact;
$is_remote_contact = true;
}
}
$is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
if (!$is_remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
if ($is_remote_contact) {
$cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
if (!empty($cdata['user'])) {
$groups = Group::getIdsByContactId($cdata['user']);
}
}

View file

@ -150,42 +150,17 @@ function profile_content(App $a, $update = 0)
Nav::setSelected('home');
}
$contact = null;
$remote_contact = false;
$contact_id = 0;
if (!empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['profile_uid']) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$groups = Group::getIdsByContactId($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($a->profile['profile_uid'])
);
if (DBA::isResult($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
$is_owner = local_user() == $a->profile['profile_uid'];
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user();
if ($remote_contact) {
$cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
if (!empty($cdata['user'])) {
$groups = Group::getIdsByContactId($cdata['user']);
}
}
if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) {
notice(L10n::t('Access to this profile has been restricted.') . EOL);
return;

View file

@ -98,6 +98,29 @@ class Contact extends BaseObject
* @}
*/
/**
* @brief Tests if the given contact is a follower
*
* @param int $cid Either public contact id or user's contact id
* @param int $uid User ID
*
* @return boolean is the contact id a follower?
*/
public static function isFollower($cid, $uid)
{
if (self::isBlockedByUser($cid, $uid)) {
return false;
}
$cdata = self::getPublicAndUserContacID($cid, $uid);
if (empty($cdata['user'])) {
return false;
}
$condition = ['id' => $cdata['user'], 'rel' => [self::FOLLOWER, self::FRIEND]];
return DBA::exists('contact', $condition);
}
/**
* @brief Get the basepath for a given contact link
* @todo Add functionality to store this value in the contact table
@ -125,7 +148,7 @@ class Contact extends BaseObject
*
* @return array with public and user's contact id
*/
private static function getPublicAndUserContacID($cid, $uid)
public static function getPublicAndUserContacID($cid, $uid)
{
if (empty($uid) || empty($cid)) {
return [];
@ -2054,6 +2077,10 @@ class Contact extends BaseObject
*/
public static function magicLink($contact_url, $url = '')
{
if (!local_user()) {
return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url;
}
$cid = self::getIdForURL($contact_url, 0, true);
if (empty($cid)) {
return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url;
@ -2087,7 +2114,7 @@ class Contact extends BaseObject
*/
public static function magicLinkbyContact($contact, $url = '')
{
if ($contact['network'] != Protocol::DFRN) {
if (!local_user() || ($contact['network'] != Protocol::DFRN)) {
return $url ?: $contact['url']; // Equivalent to ($url != '') ? $url : $contact['url'];
}