Fix for remote authentication when visiting contact's pages
This commit is contained in:
parent
5e79ad277a
commit
8fbe0d46e9
4 changed files with 47 additions and 59 deletions
|
@ -163,6 +163,8 @@ function delegate_content(App $a)
|
|||
|
||||
if (!is_null($parent_user)) {
|
||||
$parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')];
|
||||
} else {
|
||||
$parent_password = '';
|
||||
}
|
||||
|
||||
$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('delegate.tpl'), [
|
||||
|
|
|
@ -272,33 +272,17 @@ function display_content(App $a, $update = false, $update_uid = 0)
|
|||
|
||||
$groups = [];
|
||||
|
||||
$contact = null;
|
||||
$is_remote_contact = false;
|
||||
|
||||
$contact_id = 0;
|
||||
|
||||
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $a->profile['uid']) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
$parent = Item::selectFirst(['uid'], ['uri' => $item_parent_uri, 'wall' => true]);
|
||||
if (DBA::isResult($parent)) {
|
||||
$a->profile['profile_uid'] = $parent['uid'];
|
||||
}
|
||||
|
||||
if ($contact_id) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
$remote_contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $a->profile['uid']]);
|
||||
if (DBA::isResult($remote_contact)) {
|
||||
$contact = $remote_contact;
|
||||
$is_remote_contact = true;
|
||||
}
|
||||
}
|
||||
$is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
|
||||
|
||||
if (!$is_remote_contact) {
|
||||
if (local_user()) {
|
||||
$contact_id = $_SESSION['cid'];
|
||||
$contact = $a->contact;
|
||||
if ($is_remote_contact) {
|
||||
$cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
|
||||
if (!empty($cdata['user'])) {
|
||||
$groups = Group::getIdsByContactId($cdata['user']);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -150,42 +150,17 @@ function profile_content(App $a, $update = 0)
|
|||
Nav::setSelected('home');
|
||||
}
|
||||
|
||||
$contact = null;
|
||||
$remote_contact = false;
|
||||
|
||||
$contact_id = 0;
|
||||
|
||||
if (!empty($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $a->profile['profile_uid']) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($contact_id) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($a->profile['profile_uid'])
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$contact = $r[0];
|
||||
$remote_contact = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$remote_contact) {
|
||||
if (local_user()) {
|
||||
$contact_id = $_SESSION['cid'];
|
||||
$contact = $a->contact;
|
||||
}
|
||||
}
|
||||
|
||||
$remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
|
||||
$is_owner = local_user() == $a->profile['profile_uid'];
|
||||
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user();
|
||||
|
||||
if ($remote_contact) {
|
||||
$cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
|
||||
if (!empty($cdata['user'])) {
|
||||
$groups = Group::getIdsByContactId($cdata['user']);
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) {
|
||||
notice(L10n::t('Access to this profile has been restricted.') . EOL);
|
||||
return;
|
||||
|
|
|
@ -98,6 +98,29 @@ class Contact extends BaseObject
|
|||
* @}
|
||||
*/
|
||||
|
||||
/**
|
||||
* @brief Tests if the given contact is a follower
|
||||
*
|
||||
* @param int $cid Either public contact id or user's contact id
|
||||
* @param int $uid User ID
|
||||
*
|
||||
* @return boolean is the contact id a follower?
|
||||
*/
|
||||
public static function isFollower($cid, $uid)
|
||||
{
|
||||
if (self::isBlockedByUser($cid, $uid)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$cdata = self::getPublicAndUserContacID($cid, $uid);
|
||||
if (empty($cdata['user'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$condition = ['id' => $cdata['user'], 'rel' => [self::FOLLOWER, self::FRIEND]];
|
||||
return DBA::exists('contact', $condition);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Get the basepath for a given contact link
|
||||
* @todo Add functionality to store this value in the contact table
|
||||
|
@ -125,7 +148,7 @@ class Contact extends BaseObject
|
|||
*
|
||||
* @return array with public and user's contact id
|
||||
*/
|
||||
private static function getPublicAndUserContacID($cid, $uid)
|
||||
public static function getPublicAndUserContacID($cid, $uid)
|
||||
{
|
||||
if (empty($uid) || empty($cid)) {
|
||||
return [];
|
||||
|
@ -2054,6 +2077,10 @@ class Contact extends BaseObject
|
|||
*/
|
||||
public static function magicLink($contact_url, $url = '')
|
||||
{
|
||||
if (!local_user()) {
|
||||
return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url;
|
||||
}
|
||||
|
||||
$cid = self::getIdForURL($contact_url, 0, true);
|
||||
if (empty($cid)) {
|
||||
return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url;
|
||||
|
@ -2087,7 +2114,7 @@ class Contact extends BaseObject
|
|||
*/
|
||||
public static function magicLinkbyContact($contact, $url = '')
|
||||
{
|
||||
if ($contact['network'] != Protocol::DFRN) {
|
||||
if (!local_user() || ($contact['network'] != Protocol::DFRN)) {
|
||||
return $url ?: $contact['url']; // Equivalent to ($url != '') ? $url : $contact['url'];
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue