Reworked "remote" cookie handling
This commit is contained in:
parent
d5c37001cd
commit
ec66553032
13 changed files with 106 additions and 192 deletions
|
|
@ -113,13 +113,8 @@ function cal_content(App $a)
|
|||
$owner_uid = intval($a->data['user']['uid']);
|
||||
$nick = $a->data['user']['nickname'];
|
||||
|
||||
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $a->profile['profile_uid']) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!empty(remote_user($a->profile['profile_uid']))) {
|
||||
$contact_id = remote_user($a->profile['profile_uid']);
|
||||
}
|
||||
|
||||
$groups = [];
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ function dfrn_poll_init(App $a)
|
|||
$_SESSION['remote'] = [];
|
||||
}
|
||||
|
||||
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
|
||||
$_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
|
||||
|
||||
$_SESSION['visitor_id'] = $r[0]['id'];
|
||||
$_SESSION['visitor_home'] = $r[0]['url'];
|
||||
|
|
@ -521,7 +521,8 @@ function dfrn_poll_content(App $a)
|
|||
$_SESSION['remote'] = [];
|
||||
}
|
||||
|
||||
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
|
||||
$_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
|
||||
|
||||
$_SESSION['visitor_id'] = $r[0]['id'];
|
||||
$_SESSION['visitor_home'] = $r[0]['url'];
|
||||
$_SESSION['visitor_visiting'] = $r[0]['uid'];
|
||||
|
|
|
|||
14
mod/item.php
14
mod/item.php
|
|
@ -348,18 +348,8 @@ function item_post(App $a) {
|
|||
if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
|
||||
$self = true;
|
||||
$author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
|
||||
} elseif (remote_user()) {
|
||||
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $profile_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($contact_id) {
|
||||
$author = DBA::selectFirst('contact', [], ['id' => $contact_id]);
|
||||
}
|
||||
} elseif (!empty(remote_user($profile_uid))) {
|
||||
$author = DBA::selectFirst('contact', [], ['id' => remote_user($profile_uid)]);
|
||||
}
|
||||
|
||||
if (DBA::isResult($author)) {
|
||||
|
|
|
|||
|
|
@ -154,14 +154,12 @@ function photos_post(App $a)
|
|||
|
||||
if (local_user() && (local_user() == $page_owner_uid)) {
|
||||
$can_post = true;
|
||||
} elseif ($community_page && remote_user($page_owner_uid)) {
|
||||
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
|
||||
$contact_id = remote_user($page_owner_uid);
|
||||
|
||||
if ($contact_id > 0) {
|
||||
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
|
||||
$can_post = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
|
||||
$can_post = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -883,50 +881,27 @@ function photos_content(App $a)
|
|||
|
||||
if (local_user() && (local_user() == $owner_uid)) {
|
||||
$can_post = true;
|
||||
} else {
|
||||
if ($community_page && remote_user()) {
|
||||
if (is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} elseif ($community_page && !empty(remote_user($owner_uid))) {
|
||||
$contact_id = remote_user($owner_uid);
|
||||
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
|
||||
|
||||
if ($contact_id) {
|
||||
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
|
||||
|
||||
if (DBA::isResult($contact)) {
|
||||
$can_post = true;
|
||||
$remote_contact = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
if (DBA::isResult($contact)) {
|
||||
$can_post = true;
|
||||
$remote_contact = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
|
||||
$groups = [];
|
||||
|
||||
// perhaps they're visiting - but not a community page, so they wouldn't have write access
|
||||
if (remote_user() && !$visitor) {
|
||||
$contact_id = 0;
|
||||
if (is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty(remote_user($owner_uid)) && !$visitor) {
|
||||
$contact_id = remote_user($owner_uid);
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
|
||||
if ($contact_id) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
|
||||
|
||||
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
|
||||
|
||||
$remote_contact = DBA::isResult($contact);
|
||||
}
|
||||
$remote_contact = DBA::isResult($contact);
|
||||
}
|
||||
|
||||
if (!$remote_contact && local_user()) {
|
||||
|
|
|
|||
|
|
@ -66,20 +66,11 @@ function redir_init(App $a) {
|
|||
// with the local contact. Otherwise the local user would ask the local contact
|
||||
// for authentification everytime he/she is visiting a profile page of the local
|
||||
// contact.
|
||||
if ($host == $remotehost
|
||||
&& !empty($_SESSION['remote'])
|
||||
&& is_array($_SESSION['remote']))
|
||||
{
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if (!empty($v['uid']) && !empty($v['cid']) &&
|
||||
$v['uid'] == Session::get('visitor_visiting') &&
|
||||
$v['cid'] == Session::get('visitor_id')) {
|
||||
// Remote user is already authenticated.
|
||||
$target_url = defaults($url, $contact_url);
|
||||
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
|
||||
$a->redirect($target_url);
|
||||
}
|
||||
}
|
||||
if (($host == $remotehost) && (remote_user(Session::get('visitor_visiting')) == Session::get('visitor_id'))) {
|
||||
// Remote user is already authenticated.
|
||||
$target_url = defaults($url, $contact_url);
|
||||
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
|
||||
$a->redirect($target_url);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -154,44 +154,26 @@ function videos_content(App $a)
|
|||
|
||||
if ((local_user()) && (local_user() == $owner_uid)) {
|
||||
$can_post = true;
|
||||
} elseif ($community_page && remote_user()) {
|
||||
if (!empty($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} elseif ($community_page && !empty(remote_user($owner_uid))) {
|
||||
$contact_id = remote_user($owner_uid);
|
||||
|
||||
if ($contact_id > 0) {
|
||||
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($owner_uid)
|
||||
);
|
||||
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($owner_uid)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
$can_post = true;
|
||||
$remote_contact = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
if (DBA::isResult($r)) {
|
||||
$can_post = true;
|
||||
$remote_contact = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
|
||||
$groups = [];
|
||||
|
||||
// perhaps they're visiting - but not a community page, so they wouldn't have write access
|
||||
if (remote_user() && (!$visitor)) {
|
||||
$contact_id = 0;
|
||||
|
||||
if (!empty($_SESSION['remote'])) {
|
||||
foreach($_SESSION['remote'] as $v) {
|
||||
if($v['uid'] == $owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty(remote_user($owner_uid)) && !$visitor) {
|
||||
$contact_id = remote_user($owner_uid);
|
||||
|
||||
if ($contact_id > 0) {
|
||||
$groups = Group::getIdsByContactId($contact_id);
|
||||
|
|
|
|||
|
|
@ -43,35 +43,21 @@ function wall_attach_post(App $a) {
|
|||
$page_owner_cid = $r[0]['id'];
|
||||
$community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
|
||||
|
||||
if ((local_user()) && (local_user() == $page_owner_uid)) {
|
||||
if (local_user() && (local_user() == $page_owner_uid)) {
|
||||
$can_post = true;
|
||||
} else {
|
||||
if ($community_page && remote_user()) {
|
||||
$contact_id = 0;
|
||||
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
|
||||
$contact_id = remote_user($page_owner_uid);
|
||||
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
|
||||
if (is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $page_owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($contact_id > 0) {
|
||||
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
$can_post = true;
|
||||
}
|
||||
}
|
||||
if (DBA::isResult($r)) {
|
||||
$can_post = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (! $can_post) {
|
||||
if (!$can_post) {
|
||||
if ($r_json) {
|
||||
echo json_encode(['error' => L10n::t('Permission denied.')]);
|
||||
exit();
|
||||
|
|
|
|||
|
|
@ -74,34 +74,21 @@ function wall_upload_post(App $a, $desktopmode = true)
|
|||
|
||||
if ((local_user()) && (local_user() == $page_owner_uid)) {
|
||||
$can_post = true;
|
||||
} else {
|
||||
if ($community_page && remote_user()) {
|
||||
$contact_id = 0;
|
||||
if (is_array($_SESSION['remote'])) {
|
||||
foreach ($_SESSION['remote'] as $v) {
|
||||
if ($v['uid'] == $page_owner_uid) {
|
||||
$contact_id = $v['cid'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
|
||||
$contact_id = remote_user($page_owner_uid);
|
||||
|
||||
if ($contact_id) {
|
||||
$r = q("SELECT `uid` FROM `contact`
|
||||
WHERE `blocked` = 0 AND `pending` = 0
|
||||
AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$can_post = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
$r = q("SELECT `uid` FROM `contact`
|
||||
WHERE `blocked` = 0 AND `pending` = 0
|
||||
AND `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($contact_id),
|
||||
intval($page_owner_uid)
|
||||
);
|
||||
if (DBA::isResult($r)) {
|
||||
$can_post = true;
|
||||
$visitor = $contact_id;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!$can_post) {
|
||||
if ($r_json) {
|
||||
echo json_encode(['error' => L10n::t('Permission denied.')]);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue