From 8fbe0d46e9ba6e1ab84d821bb5e5339f726f553e Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 8 Dec 2018 20:28:01 +0000 Subject: [PATCH] Fix for remote authentication when visiting contact's pages --- mod/delegate.php | 2 ++ mod/display.php | 32 ++++++++------------------------ mod/profile.php | 41 ++++++++--------------------------------- src/Model/Contact.php | 31 +++++++++++++++++++++++++++++-- 4 files changed, 47 insertions(+), 59 deletions(-) diff --git a/mod/delegate.php b/mod/delegate.php index 280498db61..4bfc0e31ba 100644 --- a/mod/delegate.php +++ b/mod/delegate.php @@ -163,6 +163,8 @@ function delegate_content(App $a) if (!is_null($parent_user)) { $parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')]; + } else { + $parent_password = ''; } $o = Renderer::replaceMacros(Renderer::getMarkupTemplate('delegate.tpl'), [ diff --git a/mod/display.php b/mod/display.php index 74ad479a78..729ca44013 100644 --- a/mod/display.php +++ b/mod/display.php @@ -272,33 +272,17 @@ function display_content(App $a, $update = false, $update_uid = 0) $groups = []; - $contact = null; - $is_remote_contact = false; - - $contact_id = 0; - - if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $a->profile['uid']) { - $contact_id = $v['cid']; - break; - } - } + $parent = Item::selectFirst(['uid'], ['uri' => $item_parent_uri, 'wall' => true]); + if (DBA::isResult($parent)) { + $a->profile['profile_uid'] = $parent['uid']; } - if ($contact_id) { - $groups = Group::getIdsByContactId($contact_id); - $remote_contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $a->profile['uid']]); - if (DBA::isResult($remote_contact)) { - $contact = $remote_contact; - $is_remote_contact = true; - } - } + $is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']); - if (!$is_remote_contact) { - if (local_user()) { - $contact_id = $_SESSION['cid']; - $contact = $a->contact; + if ($is_remote_contact) { + $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']); + if (!empty($cdata['user'])) { + $groups = Group::getIdsByContactId($cdata['user']); } } diff --git a/mod/profile.php b/mod/profile.php index abbe65ccba..2c11f43b9c 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -150,42 +150,17 @@ function profile_content(App $a, $update = 0) Nav::setSelected('home'); } - $contact = null; - $remote_contact = false; - - $contact_id = 0; - - if (!empty($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $a->profile['profile_uid']) { - $contact_id = $v['cid']; - break; - } - } - } - - if ($contact_id) { - $groups = Group::getIdsByContactId($contact_id); - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($a->profile['profile_uid']) - ); - if (DBA::isResult($r)) { - $contact = $r[0]; - $remote_contact = true; - } - } - - if (!$remote_contact) { - if (local_user()) { - $contact_id = $_SESSION['cid']; - $contact = $a->contact; - } - } - + $remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']); $is_owner = local_user() == $a->profile['profile_uid']; $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user(); + if ($remote_contact) { + $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']); + if (!empty($cdata['user'])) { + $groups = Group::getIdsByContactId($cdata['user']); + } + } + if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) { notice(L10n::t('Access to this profile has been restricted.') . EOL); return; diff --git a/src/Model/Contact.php b/src/Model/Contact.php index 4cc78e4d8c..af6ad46d2f 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -98,6 +98,29 @@ class Contact extends BaseObject * @} */ + /** + * @brief Tests if the given contact is a follower + * + * @param int $cid Either public contact id or user's contact id + * @param int $uid User ID + * + * @return boolean is the contact id a follower? + */ + public static function isFollower($cid, $uid) + { + if (self::isBlockedByUser($cid, $uid)) { + return false; + } + + $cdata = self::getPublicAndUserContacID($cid, $uid); + if (empty($cdata['user'])) { + return false; + } + + $condition = ['id' => $cdata['user'], 'rel' => [self::FOLLOWER, self::FRIEND]]; + return DBA::exists('contact', $condition); + } + /** * @brief Get the basepath for a given contact link * @todo Add functionality to store this value in the contact table @@ -125,7 +148,7 @@ class Contact extends BaseObject * * @return array with public and user's contact id */ - private static function getPublicAndUserContacID($cid, $uid) + public static function getPublicAndUserContacID($cid, $uid) { if (empty($uid) || empty($cid)) { return []; @@ -2054,6 +2077,10 @@ class Contact extends BaseObject */ public static function magicLink($contact_url, $url = '') { + if (!local_user()) { + return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url; + } + $cid = self::getIdForURL($contact_url, 0, true); if (empty($cid)) { return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url; @@ -2087,7 +2114,7 @@ class Contact extends BaseObject */ public static function magicLinkbyContact($contact, $url = '') { - if ($contact['network'] != Protocol::DFRN) { + if (!local_user() || ($contact['network'] != Protocol::DFRN)) { return $url ?: $contact['url']; // Equivalent to ($url != '') ? $url : $contact['url']; }