bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Merge pull request #7678 from annando/remote-rework

Browse source 
Reworked the remote authentication
This commit is contained in:
Hypolite Petovan 2019-09-30 09:18:43 -04:00 committed by GitHub
commit 2333526b8a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
38 changed files with 289 additions and 590 deletions
Download patch file Download diff file Expand all files Collapse all files

20
mod/cal.php
View file

@ -14,6 +14,7 @@ use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Event;
@ -26,11 +27,7 @@ use Friendica\Util\Temporal;
function cal_init(App $a)
{
if ($a->argc > 1) {
DFRN::autoRedir($a, $a->argv[1]);
}
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.'));
}
@ -113,18 +110,11 @@ function cal_content(App $a)
$owner_uid = intval($a->data['user']['uid']);
$nick = $a->data['user']['nickname'];
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['profile_uid']) {
$contact_id = $v['cid'];
break;
}
}
if (!empty(Session::getRemoteContactID($a->profile['profile_uid']))) {
$contact_id = Session::getRemoteContactID($a->profile['profile_uid']);
}
$groups = [];
if ($contact_id) {
$groups = Group::getIdsByContactId($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($a->profile['profile_uid'])
@ -142,7 +132,7 @@ function cal_content(App $a)
}
// get the permissions
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
$sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
// we only want to have the events of the profile owner
$sql_extra = " AND `event`.`cid` = 0 " . $sql_perms;

2
mod/community.php
View file

@ -29,7 +29,7 @@ function community_content(App $a, $update = 0)
{
$o = '';
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}

20
mod/dfrn_poll.php
View file

@ -9,6 +9,7 @@ use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Module\Login;
use Friendica\Protocol\DFRN;
@ -49,7 +50,7 @@ function dfrn_poll_init(App $a)
$hidewall = false;
if (($dfrn_id === '') && empty($_POST['dfrn_id'])) {
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
throw new \Friendica\Network\HTTPException\ForbiddenException();
}
@ -110,17 +111,14 @@ function dfrn_poll_init(App $a)
if ((int)$xml->status === 1) {
$_SESSION['authenticated'] = 1;
if (empty($_SESSION['remote'])) {
$_SESSION['remote'] = [];
}
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_handle'] = $r[0]['addr'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];
$_SESSION['my_url'] = $r[0]['url'];
Session::setVisitorsContacts();
if (!$quiet) {
info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
}
@ -517,15 +515,13 @@ function dfrn_poll_content(App $a)
if (((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
$_SESSION['authenticated'] = 1;
if (empty($_SESSION['remote'])) {
$_SESSION['remote'] = [];
}
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];
$_SESSION['my_url'] = $r[0]['url'];
Session::setVisitorsContacts();
if (!$quiet) {
info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
}

3
mod/dfrn_request.php
View file

@ -19,6 +19,7 @@ use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Group;
@ -592,7 +593,7 @@ function dfrn_request_content(App $a)
exit();
} else {
// Normal web request. Display our user's introduction form.
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
if (!Config::get('system', 'local_block')) {
notice(L10n::t('Public access denied.') . EOL);
return;

41
mod/display.php
View file

@ -14,6 +14,7 @@ use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Group;
@ -31,7 +32,7 @@ function display_init(App $a)
Objects::rawContent();
}
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
return;
}
@ -52,9 +53,11 @@ function display_init(App $a)
if (DBA::isResult($item)) {
$nick = $a->user["nickname"];
}
}
// Is this item private but could be visible to the remove visitor?
} elseif (remote_user()) {
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
if (!DBA::isResult($item) && remote_user()) {
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]);
if (DBA::isResult($item)) {
if (!Contact::isFollower(remote_user(), $item['uid'])) {
$item = null;
@ -84,10 +87,6 @@ function display_init(App $a)
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
}
if ($a->argc >= 3 && $nick == 'feed-item') {
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
}
if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG);
displayShowFeed($item["id"], false);
@ -102,7 +101,7 @@ function display_init(App $a)
if (strstr(Strings::normaliseLink($profiledata["url"]), Strings::normaliseLink(System::baseUrl()))) {
$nickname = str_replace(Strings::normaliseLink(System::baseUrl())."/profile/", "", Strings::normaliseLink($profiledata["url"]));
if (($nickname != $a->user["nickname"])) {
if ($nickname != $a->user["nickname"]) {
$profile = DBA::fetchFirst("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile`
INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid`
WHERE `user`.`nickname` = ? AND `profile`.`is-default` AND `contact`.`self` LIMIT 1",
@ -197,7 +196,7 @@ function display_fetchauthor($a, $item)
function display_content(App $a, $update = false, $update_uid = 0)
{
if (Config::get('system','block_public') && !local_user() && !remote_user()) {
if (Config::get('system','block_public') && !Session::isAuthenticated()) {
throw new HTTPException\ForbiddenException(L10n::t('Public access denied.'));
}
@ -229,8 +228,10 @@ function display_content(App $a, $update = false, $update_uid = 0)
$item_parent = $item["parent"];
$item_parent_uri = $item['parent-uri'];
}
} elseif (remote_user()) {
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
}
if (($item_parent == 0) && remote_user()) {
$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]);
if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) {
$item_id = $item["id"];
$item_parent = $item["parent"];
@ -269,8 +270,6 @@ function display_content(App $a, $update = false, $update_uid = 0)
['$alternate' => $alternate,
'$conversation' => $conversation]);
$groups = [];
$remote_cid = null;
$is_remote_contact = false;
$item_uid = local_user();
@ -279,24 +278,18 @@ function display_content(App $a, $update = false, $update_uid = 0)
if (DBA::isResult($parent)) {
$a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']);
$a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']);
$is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
$is_remote_contact = Session::getRemoteContactID($a->profile['profile_uid']);
if ($is_remote_contact) {
$cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
if (!empty($cdata['user'])) {
$groups = Group::getIdsByContactId($cdata['user']);
$remote_cid = $cdata['user'];
$item_uid = $parent['uid'];
}
$item_uid = $parent['uid'];
}
}
}
$page_contact = DBA::selectFirst('contact', [], ['self' => true, 'uid' => $a->profile['uid']]);
if (DBA::isResult($page_contact)) {
$a->page_contact = $page_contact;
}
$is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false);
if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) {
@ -318,7 +311,7 @@ function display_content(App $a, $update = false, $update_uid = 0)
];
$o .= status_editor($a, $x, 0, true);
}
$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $is_remote_contact, $groups, $remote_cid);
$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
if (local_user() && (local_user() == $a->profile['profile_uid'])) {
$condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true];
@ -333,7 +326,7 @@ function display_content(App $a, $update = false, $update_uid = 0)
$condition = ["`id` = ? AND `item`.`uid` IN (0, ?) " . $sql_extra, $item_id, $item_uid];
$fields = ['parent-uri', 'body', 'title', 'author-name', 'author-avatar', 'plink', 'author-id', 'owner-id', 'contact-id'];
$item = Item::selectFirstForUser(local_user(), $fields, $condition);
$item = Item::selectFirstForUser($a->profile['profile_uid'], $fields, $condition);
if (!DBA::isResult($item)) {
throw new HTTPException\NotFoundException(L10n::t('The requested item doesn\'t exist or has been deleted.'));

3
mod/hcard.php
View file

@ -6,13 +6,14 @@ use Friendica\App;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
use Friendica\Model\User;
function hcard_init(App $a)
{
$blocked = Config::get('system', 'block_public') && !local_user() && !remote_user();
$blocked = Config::get('system', 'block_public') && !Session::isAuthenticated();
if ($a->argc > 1) {
$which = $a->argv[1];

19
mod/item.php
View file

@ -25,6 +25,7 @@ use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Model\Attach;
@ -45,7 +46,7 @@ use Friendica\Worker\Delivery;
require_once __DIR__ . '/../include/items.php';
function item_post(App $a) {
if (!local_user() && !remote_user()) {
if (!Session::isAuthenticated()) {
return 0;
}
@ -348,18 +349,8 @@ function item_post(App $a) {
if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
$self = true;
$author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
} elseif (remote_user()) {
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $profile_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$author = DBA::selectFirst('contact', [], ['id' => $contact_id]);
}
} elseif (!empty(Session::getRemoteContactID($profile_uid))) {
$author = DBA::selectFirst('contact', [], ['id' => Session::getRemoteContactID($profile_uid)]);
}
if (DBA::isResult($author)) {
@ -870,7 +861,7 @@ function item_post_return($baseurl, $api_source, $return_path)
function item_content(App $a)
{
if (!local_user() && !remote_user()) {
if (!Session::isAuthenticated()) {
return;
}

78
mod/photos.php
View file

@ -15,6 +15,7 @@ use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Group;
@ -35,11 +36,7 @@ use Friendica\Util\XML;
function photos_init(App $a) {
if ($a->argc > 1) {
DFRN::autoRedir($a, $a->argv[1]);
}
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
return;
}
@ -73,7 +70,7 @@ function photos_init(App $a) {
$albums = Photo::getAlbums($a->data['user']['uid']);
$albums_visible = ((intval($a->data['user']['hidewall']) && !local_user() && !remote_user()) ? false : true);
$albums_visible = ((intval($a->data['user']['hidewall']) && !Session::isAuthenticated()) ? false : true);
// add various encodings to the array so we can just loop through and pick them out in a template
$ret = ['success' => false];
@ -88,7 +85,7 @@ function photos_init(App $a) {
$ret['albums'] = [];
foreach ($albums as $k => $album) {
//hide profile photos to others
if (!$is_owner && !remote_user() && ($album['album'] == L10n::t('Profile Photos')))
if (!$is_owner && !Session::getRemoteContactID($a->profile_uid) && ($album['album'] == L10n::t('Profile Photos')))
continue;
$entry = [
'text' => $album['album'],
@ -154,15 +151,10 @@ function photos_post(App $a)
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
} elseif ($community_page && remote_user($page_owner_uid)) {
$contact_id = remote_user($page_owner_uid);
if ($contact_id > 0) {
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
$can_post = true;
$visitor = $contact_id;
}
}
} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
$contact_id = Session::getRemoteContactID($page_owner_uid);
$can_post = true;
$visitor = $contact_id;
}
if (!$can_post) {
@ -837,7 +829,7 @@ function photos_content(App $a)
// photos/name/image/xxxxx/edit
// photos/name/image/xxxxx/drop
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
@ -883,50 +875,24 @@ function photos_content(App $a)
if (local_user() && (local_user() == $owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
} elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
$contact_id = Session::getRemoteContactID($owner_uid);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
if ($contact_id) {
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
if (DBA::isResult($contact)) {
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
}
if (DBA::isResult($contact)) {
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
}
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
$contact_id = Session::getRemoteContactID($owner_uid);
if ($contact_id) {
$groups = Group::getIdsByContactId($contact_id);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
$remote_contact = DBA::isResult($contact);
}
$remote_contact = DBA::isResult($contact);
}
if (!$remote_contact && local_user()) {
@ -939,7 +905,7 @@ function photos_content(App $a)
return;
}
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
$o = "";
@ -1598,7 +1564,7 @@ function photos_content(App $a)
$twist = false;
foreach ($r as $rr) {
//hide profile photos to others
if (!$is_owner && !remote_user() && ($rr['album'] == L10n::t('Profile Photos'))) {
if (!$is_owner && !Session::getRemoteContactID($owner_uid) && ($rr['album'] == L10n::t('Profile Photos'))) {
continue;
}

49
mod/redir.php
View file

@ -35,7 +35,7 @@ function redir_init(App $a) {
$contact_url = $contact['url'];
if ((!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate.
if (!Session::isAuthenticated() // Visitors (not logged in or not remotes) can't authenticate.
|| (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated.
{
$a->redirect(defaults($url, $contact_url));
@ -66,34 +66,16 @@ function redir_init(App $a) {
// with the local contact. Otherwise the local user would ask the local contact
// for authentification everytime he/she is visiting a profile page of the local
// contact.
if ($host == $remotehost
&& !empty($_SESSION['remote'])
&& is_array($_SESSION['remote']))
{
foreach ($_SESSION['remote'] as $v) {
if (!empty($v['uid']) && !empty($v['cid']) &&
$v['uid'] == Session::get('visitor_visiting') &&
$v['cid'] == Session::get('visitor_id')) {
// Remote user is already authenticated.
$target_url = defaults($url, $contact_url);
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
$a->redirect($target_url);
}
}
if (($host == $remotehost) && (Session::getRemoteContactID(Session::get('visitor_visiting')) == Session::get('visitor_id'))) {
// Remote user is already authenticated.
$target_url = defaults($url, $contact_url);
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
$a->redirect($target_url);
}
}
// When the remote page does support OWA, then we enforce the use of it
$basepath = Contact::getBasepath($contact_url);
if (Strings::compareLink($basepath, System::baseUrl())) {
$use_magic = true;
} else {
$serverret = Network::curl($basepath . '/magic');
$use_magic = $serverret->isSuccess();
}
// Doing remote auth with dfrn.
if (local_user() && !$use_magic && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
if (local_user() && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
$dfrn_id = $orig_id = (($contact['issued-id']) ? $contact['issued-id'] : $contact['dfrn-id']);
if ($contact['duplex'] && $contact['issued-id']) {
@ -148,23 +130,6 @@ function redir_magic($a, $cid, $url)
Logger::info('Got my url', ['visitor' => $visitor]);
}
/// @todo Most likely these lines are superfluous. We will remove them in the next version
if (empty($visitor) && remote_user()) {
$contact = DBA::selectFirst('contact', ['url'], ['id' => remote_user()]);
if (!empty($contact['url'])) {
$visitor = $contact['url'];
Logger::info('Got remote user', ['visitor' => $visitor]);
}
}
if (empty($visitor) && local_user()) {
$contact = DBA::selectFirst('contact', ['url'], ['id' => local_user()]);
if (!empty($contact['url'])) {
$visitor = $contact['url'];
Logger::info('Got local user', ['visitor' => $visitor]);
}
}
$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid]);
if (!DBA::isResult($contact)) {
Logger::info('Contact not found', ['id' => $cid]);

7
mod/search.php
View file

@ -11,6 +11,7 @@ use Friendica\Core\Cache;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\Session;
use Friendica\Core\Renderer;
use Friendica\Database\DBA;
use Friendica\Model\Item;
@ -83,18 +84,18 @@ function search_init(App $a) {
}
function search_content(App $a) {
if (Config::get('system','block_public') && !local_user() && !remote_user()) {
if (Config::get('system','block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
if (Config::get('system','local_search') && !local_user() && !remote_user()) {
if (Config::get('system','local_search') && !Session::isAuthenticated()) {
$e = new \Friendica\Network\HTTPException\ForbiddenException(L10n::t("Only logged in users are permitted to perform a search."));
$e->httpdesc = L10n::t("Public access denied.");
throw $e;
}
if (Config::get('system','permit_crawling') && !local_user() && !remote_user()) {
if (Config::get('system','permit_crawling') && !Session::isAuthenticated()) {
// Default values:
// 10 requests are "free", after the 11th only a call per minute is allowed

2
mod/subthread.php
View file

@ -15,7 +15,7 @@ use Friendica\Util\XML;
function subthread_content(App $a) {
if (!local_user() && !remote_user()) {
if (!Session::isAuthenticated()) {
return;
}

3
mod/tagger.php
View file

@ -7,6 +7,7 @@ use Friendica\Core\Hook;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Model\Item;
@ -16,7 +17,7 @@ use Friendica\Worker\Delivery;
function tagger_content(App $a) {
if (!local_user() && !remote_user()) {
if (!Session::isAuthenticated()) {
return;
}

68
mod/videos.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Attach;
use Friendica\Model\Contact;
@ -22,11 +23,7 @@ use Friendica\Util\Security;
function videos_init(App $a)
{
if ($a->argc > 1) {
DFRN::autoRedir($a, $a->argv[1]);
}
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
return;
}
@ -114,7 +111,7 @@ function videos_content(App $a)
// videos/name/video/xxxxx/edit
if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
@ -154,64 +151,25 @@ function videos_content(App $a)
if ((local_user()) && (local_user() == $owner_uid)) {
$can_post = true;
} elseif ($community_page && remote_user()) {
if (!empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id > 0) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
}
} elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
$contact_id = Session::getRemoteContactID($owner_uid);
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && (!$visitor)) {
$contact_id = 0;
if (!empty($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id > 0) {
$groups = Group::getIdsByContactId($contact_id);
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($owner_uid)
);
if (DBA::isResult($r)) {
$remote_contact = true;
}
}
if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
$contact_id = Session::getRemoteContactID($owner_uid);
$remote_contact = true;
}
if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) {
if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) {
notice(L10n::t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
$sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
$o = "";

35
mod/wall_attach.php
View file

@ -6,6 +6,7 @@
use Friendica\App;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Attach;
use Friendica\Model\User;
@ -43,35 +44,21 @@ function wall_attach_post(App $a) {
$page_owner_cid = $r[0]['id'];
$community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
if ((local_user()) && (local_user() == $page_owner_uid)) {
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$contact_id = 0;
} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
$contact_id = Session::getRemoteContactID($page_owner_uid);
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id > 0) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
}
}
if (DBA::isResult($r)) {
$can_post = true;
}
}
if (! $can_post) {
if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]);
exit();

36
mod/wall_upload.php
View file

@ -12,6 +12,7 @@ use Friendica\App;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Core\Config;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
@ -74,34 +75,21 @@ function wall_upload_post(App $a, $desktopmode = true)
if ((local_user()) && (local_user() == $page_owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
$contact_id = Session::getRemoteContactID($page_owner_uid);
if ($contact_id) {
$r = q("SELECT `uid` FROM `contact`
WHERE `blocked` = 0 AND `pending` = 0
AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
$visitor = $contact_id;
}
}
$r = q("SELECT `uid` FROM `contact`
WHERE `blocked` = 0 AND `pending` = 0
AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
$visitor = $contact_id;
}
}
if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]);