Browse Source

New function to store the "remote" session value / making the changes work

pull/7678/head
Michael 2 years ago
parent
commit
704cdf1b5a
5 changed files with 33 additions and 41 deletions
  1. +22
    -11
      src/Core/Session.php
  2. +1
    -11
      src/Model/Profile.php
  3. +6
    -6
      src/Module/Profile.php
  4. +3
    -5
      src/Protocol/DFRN.php
  5. +1
    -8
      src/Util/Security.php

+ 22
- 11
src/Core/Session.php View File

@ -119,19 +119,10 @@ class Session
'page_flags' => $user_record['page-flags'],
'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'],
'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3),
'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'),
'remote' => [],
'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')
]);
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
while ($contact = DBA::fetch($remote_contacts)) {
if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) {
continue;
}
$_SESSION['remote'][$contact['uid']] = $contact['id'];
}
DBA::close($remote_contacts);
self::setVisitorsContacts();
$member_since = strtotime($user_record['register_date']);
self::set('new_member', time() < ($member_since + ( 60 * 60 * 24 * 14)));
@ -244,4 +235,24 @@ class Session
return array_search($cid, $_SESSION['remote']);
}
/**
* Set the session variable that contains the contact IDs for the visitor's contact URL
*
* @param string $url Contact URL
*/
public static function setVisitorsContacts()
{
$_SESSION['remote'] = [];
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
while ($contact = DBA::fetch($remote_contacts)) {
if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) {
continue;
}
$_SESSION['remote'][$contact['uid']] = $contact['id'];
}
DBA::close($remote_contacts);
}
}

+ 1
- 11
src/Model/Profile.php View File

@ -1116,17 +1116,7 @@ class Profile
$_SESSION['visitor_home'] = $visitor['url'];
$_SESSION['my_url'] = $visitor['url'];
/// @todo replace this and the query for this variable with some cleaner functionality
$_SESSION['remote'] = [];
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => $visitor['nurl'], 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
while ($contact = DBA::fetch($remote_contacts)) {
if (($contact['uid'] == 0) || Contact::isBlockedByUser($visitor['id'], $contact['uid'])) {
continue;
}
$_SESSION['remote'][$contact['uid']] = $contact['id'];
}
Session::setVisitorsContacts();
$a->contact = $visitor;


+ 6
- 6
src/Module/Profile.php View File

@ -86,8 +86,8 @@ class Profile extends BaseModule
$a->page['htmlhead'] .= "\n";
$blocked = !local_user() && !remote_user() && Config::get('system', 'block_public');
$userblock = !local_user() && !remote_user() && $a->profile['hidewall'];
$blocked = !local_user() && !remote_user($a->profile['profile_uid']) && Config::get('system', 'block_public');
$userblock = !local_user() && !remote_user($a->profile['profile_uid']) && $a->profile['hidewall'];
if (!empty($a->profile['page-flags']) && $a->profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
$a->page['htmlhead'] .= '<meta name="friendica.community" content="true" />' . "\n";
@ -153,7 +153,7 @@ class Profile extends BaseModule
$hashtags = defaults($_GET, 'tag', '');
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
if (Config::get('system', 'block_public') && !local_user() && !remote_user($a->profile['profile_uid'])) {
return Login::form();
}
@ -169,12 +169,12 @@ class Profile extends BaseModule
Nav::setSelected('home');
}
$remote_contact = ContactModel::isFollower(remote_user(), $a->profile['profile_uid']);
$remote_contact = remote_user($a->profile['profile_uid']);
$is_owner = local_user() == $a->profile['profile_uid'];
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user();
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact;
if ($remote_contact) {
$cdata = ContactModel::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
$cdata = ContactModel::getPublicAndUserContacID($remote_contact, $a->profile['profile_uid']);
if (!empty($cdata['user'])) {
$groups = Group::getIdsByContactId($cdata['user']);
$remote_cid = $cdata['user'];


+ 3
- 5
src/Protocol/DFRN.php View File

@ -2863,7 +2863,7 @@ class DFRN
// because browser may have multiple connections open and load an image on a connection
// whose session wasn't updated when a previous redirect authenticated
// Leaving commented in case looping reappears
//return;
// return;
}
if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) {
@ -2906,10 +2906,8 @@ class DFRN
// and the sense in the $remote[]["cid"] in the session are opposite.
// In the session variable the user currently fetching is the contact
// while $contact_nick is the nick of tho user who owns the stuff being fetched.
foreach (Session::get('remote', []) as $visitor) {
if ($visitor['uid'] == $contact_uid && $visitor['cid'] == $r[0]['id']) {
return;
}
if (Session::getVisitorContactIDForUserID($contact_uid) == $r[0]['id']) {
return;
}
$r = q("SELECT * FROM contact WHERE nick = '%s'


+ 1
- 8
src/Util/Security.php View File

@ -110,14 +110,7 @@ class Security extends BaseObject
*/
if (!$remote_verified) {
$cid = 0;
foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
if ($visitor['uid'] == $owner_id) {
$cid = $visitor['cid'];
break;
}
}
$cid = \Friendica\Core\Session::getVisitorContactIDForUserID($owner_id);
if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) {
$remote_verified = true;


Loading…
Cancel
Save