harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

a few minor changes

Browse Source
This commit is contained in:
friendica
2012-08-26 23:05:00 -07:00
parent f0e299a97a
commit 5ff6e9348b
29 changed files with 303 additions and 509 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
include/account.php
View File

@@ -102,7 +102,6 @@ function create_account($arr) {
return $result;
}
$email_result = check_account_email($email);
if($email_result['error']) {
@@ -142,7 +141,7 @@ function create_account($arr) {
return($result);
}
$r = q("select * from account where account_email = '%s' and password = '%s' limit 1",
$r = q("select * from account where account_email = '%s' and account_password = '%s' limit 1",
dbesc($email),
dbesc($password_encoded)
);
@@ -153,34 +152,26 @@ function create_account($arr) {
logger('create_account: could not retrieve newly created account');
}
$result['success'] = true;
// Set the parent record to the current record_id if no parent was provided
if(! $parent) {
$r = q("update account set account_parent = %d where account_id = %d limit 1",
intval($result['account']['account_id']),
intval($result['account']['account_id'])
);
if(! $r) {
logger('create_account: failed to set parent');
}
$result['account']['parent'] = $result['account']['account_id'];
}
$result['success'] = true;
$result['email'] = $email;
$result['password'] = $password;
return $result;
}
/**
* Verify login credentials
*
* Returns account record on success, null on failure
*
*/
function account_verify_password($email,$pass) {
$r = q("select * from account where email = '%s'",
dbesc($email)
);
if(! ($r && count($r)))
return null;
foreach($r as $record) {
if(hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password']) {
return $record;
}
}
return null;
}
function send_reg_approval_email($arr) {

81
include/auth.php
View File

@@ -20,12 +20,36 @@ function nuke_session() {
unset($_SESSION['page_flags']);
}
/**
* Verify login credentials
*
* Returns account record on success, null on failure
*
*/
function account_verify_password($email,$pass) {
$r = q("select * from account where account_email = '%s'",
dbesc($email)
);
if(! ($r && count($r)))
return null;
foreach($r as $record) {
if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
&& (hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password'])) {
return $record;
}
}
return null;
}
// login/logout
if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
@@ -59,6 +83,14 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
goaway(z_root());
}
$r = q("select * from account where account_id = %d limit 1",
intval($_SESSION['account_id'])
);
if(count($r) && (($r[0]['account_flags'] == ACCOUNT_OK) || ($r[0]['account_flags'] == ACCOUNT_UNVERIFIED)))
get_app()->account = $r[0];
else
$_SESSION['account_id'] = 0;
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
FROM `user` WHERE `uid` = %d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
intval($_SESSION['uid'])
@@ -80,43 +112,6 @@ else {
if((x($_POST,'password')) && strlen($_POST['password']))
$encrypted = hash('whirlpool',trim($_POST['password']));
else {
if((x($_POST,'openid_url')) && strlen($_POST['openid_url']) ||
(x($_POST,'username')) && strlen($_POST['username'])) {
$noid = get_config('system','no_openid');
$openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) );
// validate_url alters the calling parameter
$temp_string = $openid_url;
// if it's an email address or doesn't resolve to a URL, fail.
if(($noid) || (strpos($temp_string,'@')) || (! validate_url($temp_string))) {
$a = get_app();
notice( t('Login failed.') . EOL);
goaway(z_root());
// NOTREACHED
}
// Otherwise it's probably an openid.
try {
require_once('library/openid.php');
$openid = new LightOpenID;
$openid->identity = $openid_url;
$_SESSION['openid'] = $openid_url;
$a = get_app();
$openid->returnUrl = $a->get_baseurl(true) . '/openid';
goaway($openid->authUrl());
} catch (Exception $e) {
notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
}
// NOTREACHED
}
}
if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
@@ -144,6 +139,18 @@ else {
}
else {
get_app()->account = account_verify_password($_POST['username'],$_POST['password']);
if(get_app()->account) {
$_SESSION['account_id'] = get_app()->account['account_id'];
}
else {
notice( t('Failed authentication') . EOL);
}
logger('authenticate: ' . print_r(get_app()->account,true));
// process normal login request
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`

50
include/conversation.php
View File

@@ -344,12 +344,6 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$total_children = $nb_items;
foreach($items as $item) {
// prevent private email reply to public conversation from leaking.
if($item['network'] === NETWORK_MAIL && local_user() != $item['uid']) {
// Don't count it as a visible item
$nb_items--;
continue;
}
if($item['verb'] === ACTIVITY_LIKE || $item['verb'] === ACTIVITY_DISLIKE) {
$nb_items --;
@@ -406,15 +400,13 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$sp = false;
$profile_link = best_link_url($item,$sp);
if($profile_link === 'mailbox')
$profile_link = '';
if($sp)
$sparkle = ' sparkle';
else
$profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(($normalised != 'mailbox') && (x($a->contacts,$normalised)))
if(x($a->contacts,$normalised))
$profile_avatar = $a->contacts[$normalised]['thumb'];
else
$profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $a->get_cached_avatar_image($thumb));
@@ -762,10 +754,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
else
$nickname = $a->user['nickname'];
// prevent private email from leaking.
if($item['network'] === NETWORK_MAIL && local_user() != $item['uid'])
continue;
$profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']);
if($item['author-link'] && (! $item['author-name']))
$profile_name = $item['author-link'];
@@ -774,15 +762,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
$sp = false;
$profile_link = best_link_url($item,$sp);
if($profile_link === 'mailbox')
$profile_link = '';
if($sp)
$sparkle = ' sparkle';
else
$profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
if(x($a->contacts,$normalised))
$profile_avatar = $a->contacts[$normalised]['thumb'];
else
$profile_avatar = ((strlen($item['author-avatar'])) ? $a->get_cached_avatar_image($item['author-avatar']) : $item['thumb']);
@@ -955,10 +941,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
}
else {
// prevent private email reply to public conversation from leaking.
if($item['network'] === NETWORK_MAIL && local_user() != $item['uid'])
continue;
$comments_seen ++;
$comment_lastcollapsed = false;
$comment_firstcollapsed = false;
@@ -1146,15 +1128,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
$sp = false;
$profile_link = best_link_url($item,$sp);
if($profile_link === 'mailbox')
$profile_link = '';
if($sp)
$sparkle = ' sparkle';
else
$profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(($normalised != 'mailbox') && (x($a->contacts,$normalised)))
if(x($a->contacts,$normalised))
$profile_avatar = $a->contacts[$normalised]['thumb'];
else
$profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $a->get_cached_avatar_image($thumb));
@@ -1346,8 +1326,6 @@ function item_photo_menu($item){
$sparkle = false;
$profile_link = best_link_url($item,$sparkle,$ssl_state);
if($profile_link === 'mailbox')
$profile_link = '';
if($sparkle) {
$cid = intval(basename($profile_link));
@@ -1504,27 +1482,6 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
$jotplugins = '';
$jotnets = '';
$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
$mail_enabled = false;
$pubmail_enabled = false;
if(($x['is_owner']) && (! $mail_disabled)) {
$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1",
intval(local_user())
);
if(count($r)) {
$mail_enabled = true;
if(intval($r[0]['pubmail']))
$pubmail_enabled = true;
}
}
if($mail_enabled) {
$selected = (($pubmail_enabled) ? ' checked="checked" ' : '');
$jotnets .= '<div class="profile-jot-net"><input type="checkbox" name="pubmail_enable"' . $selected . ' value="1" /> ' . t("Post to Email") . '</div>';
}
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
@@ -1565,7 +1522,6 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
'$defloc' => $x['default_location'],
'$visitor' => $x['visitor'],
'$pvisit' => (($notes_cid) ? 'none' : $x['visitor']),
'$emailcc' => t('CC: email addresses'),
'$public' => t('Public post'),
'$jotnets' => $jotnets,
'$emtitle' => t('Example: bob@example.com, mary@example.com'),

2
include/crypto.php
View File

@@ -3,8 +3,6 @@
require_once('library/ASNValue.class.php');
require_once('library/asn1.php');
// supported algorithms are 'sha256', 'sha1'
function rsa_sign($data,$key,$alg = 'sha256') {
$sig = '';

102
include/identity.php
View File

@@ -3,11 +3,44 @@
require_once('include/zot.php');
require_once('include/crypto.php');
function identity_check_service_class($account_id) {
$ret = array('success' => false, $message => '');
$r = q("select count(entity_id) as total from entity were entity_account_id = %d ",
intval($account_id)
);
if(! ($r && count($r))) {
$ret['message'] = t('Unable to obtain identity information from database');
return $ret;
}
if(! service_class_allows($account_id,'total_identities',$r[0]['total'])) {
$result['message'] .= upgrade_message();
return $result;
}
$ret['success'] = true;
return $ret;
}
// Required: name, nickname, account_id
// optional: pageflags
function create_identity($arr) {
$ret = array('success' => false, 'message' => '');
$nick = trim($_POST['nickname']);
$name = escape_tags($_POST['name']);
$ret = array('success' => false);
if(! $arr['account_id']) {
$ret['message'] = t('No account identifier');
return $ret;
}
$nick = trim($arr['nickname']);
$name = escape_tags($arr['name']);
$pageflags = ((x($arr,'pageflags')) ? intval($arr['pageflags']) : PAGE_NORMAL);
if(check_webbie(array($nick)) !== $nick) {
$ret['message'] = t('Nickname has unsupported characters or is already being used on this site.');
@@ -24,7 +57,7 @@ function create_identity($arr) {
entity_pubkey, entity_pageflags )
values ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d ) ",
intval(local_user()),
intval($arr['account_id']),
intval($primary),
dbesc($name),
dbesc($nick),
@@ -36,44 +69,53 @@ function create_identity($arr) {
$r = q("select * from entity where entity_account_id = %d
and entity_global_id = '%s' limit 1",
intval(local_user()),
intval($arr['account_id']),
dbesc($guid)
);
if(! ($r && count($r))) {
$ret['message'] = t('Unable to retrieve created identity');
return $ret;
}
$ret['entity'] = $r[0];
set_default_login_identity($arr['account_id'],$ret['entity']['entity_id'],false);
// Create a verified hub location pointing to this site.
$r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_flags,
hubloc_url, hubloc_url_sig, hubloc_callback, hubloc_sitekey )
values ( '%s', '%s', %d, '%s', '%s', '%s', '%s' )",
dbesc($ret['entity']['entity_global_id']),
dbesc(base64url_encode(rsa_sign($ret['entity']['entity_global_id'],$ret['entity']['entity_prvkey']))),
intval(($primary) ? HUBLOC_FLAGS_PRIMARY : 0),
dbesc(z_root()),
dbesc(base64url_encode(rsa_sign(z_root(),$ret['entity']['entity_prvkey']))),
dbesc(z_root() . '/post'),
dbesc(get_config('system','pubkey'))
);
if(! $r)
logger('create_identity: Unable to store hub location');
$ret['success'] = true;
return $ret;
}
// set default identity for account_id to identity_id
// if $force is false only do this if there is no current default
class simple_identity {
private $identity_uid;
private $identity_name;
private $identity_url;
private $identity_photo;
function __construct($uid = '',$name = '',$url = '',$photo = '') {
$this->identity_uid = $uid;
$this->identity_name = $name;
$this->identity_url = $url;
$this->identity_photo = $photo;
}
function to_array() {
return array(
'zuid' => $this->identity_uid,
'name' => $this->identity_name,
'url' => $this->identity_url,
'photo' => $this->identity_photo
function set_default_login_identity($account_id,$entity_id,$force = true) {
$r = q("select account_default_entity from account where account_id = %d limit 1",
intval($account_id)
);
if(($r) && (count($r)) && ((! intval($r[0]['account_default_entity'])) || $force)) {
$r = q("update account set account_default_entity = %d where account_id = %d limit 1",
intval($entity_id),
intval($account_id)
);
}
}
}

1
include/items.php
View File

@@ -3338,7 +3338,6 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
// Only embed locally hosted photos
$replace = false;
$i = basename($image);
$i = str_replace(array('.jpg','.png'),array('',''),$i);
$x = strpos($i,'-');
if($x) {

19
include/notifier.php
View File

@@ -439,25 +439,6 @@ function notifier_run($argv, $argc){
logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA);
// If this is a public message and pubmail is set on the parent, include all your email contacts
$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
if(! $mail_disabled) {
if((! strlen($target_item['allow_cid'])) && (! strlen($target_item['allow_gid']))
&& (! strlen($target_item['deny_cid'])) && (! strlen($target_item['deny_gid']))
&& (intval($target_item['pubmail']))) {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `network` = '%s'",
intval($uid),
dbesc(NETWORK_MAIL)
);
if(count($r)) {
foreach($r as $rr)
$recipients[] = $rr['id'];
}
}
}
if($followup)
$recip_str = $parent['contact-id'];
else

2
include/text.php
View File

@@ -1152,7 +1152,7 @@ function generate_user_guid() {
function base64url_encode($s, $strip_padding = false) {
function base64url_encode($s, $strip_padding = true) {
$s = strtr(base64_encode($s),'+/','-_');

10
include/user.php
View File

@@ -219,8 +219,8 @@ function create_user($arr) {
t('default'),
1,
dbesc($username),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
intval($publish),
intval($netpublish)
@@ -239,9 +239,9 @@ function create_user($arr) {
datetime_convert(),
dbesc($username),
dbesc($nickname),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"),
dbesc($a->get_baseurl() . "/profile/$nickname"),
dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")),
dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),

37
include/zot.php
View File

@@ -2,15 +2,15 @@
/**
*
* @function zot_new_uid($entity_id)
* @entity_id = integer id of controlling entity
* @function zot_new_uid($entity_nick)
* @entity_id = unique nickname of controlling entity
* @returns string
*
*/
function zot_new_uid($entity_id) {
$rawstr = z_root() . '/' . $entity_id . '.' . mt_rand();
return(base64url_encode(hash('whirlpool',$rawstr,true),true) . '.' . mt_rand());
function zot_new_uid($entity_nick) {
$rawstr = z_root() . '/' . $entity_nick . '.' . mt_rand();
return(base64url_encode(hash('whirlpool',$rawstr,true),true));
}
@@ -63,7 +63,9 @@ function zot_notify($entity,$url) {
$x = z_post_url($url, array(
'type' => 'notify',
'guid' => $entity['entity_global_id'],
'hub' => z_root(),
'guid_sig' => base64url_encode($guid,$entity['prvkey']),
'hub' => z_root(),
'hub_sig' => base64url_encode(z_root,$entity['prvkey']),
'callback' => '/post',
'spec' => ZOT_REVISION)
);
@@ -73,12 +75,15 @@ function zot_notify($entity,$url) {
function zot_gethub($arr) {
if((x($arr,'hub')) && (x($arr,'guid'))) {
if((x($arr,'guid')) && (x($arr,'guid_sig')) && (x($arr,'hub')) && (x($arr,'hub_sig'))) {
$r = q("select * from hubloc
where hubloc_guid = '%s' and hubloc_url = '%s'
where hubloc_guid = '%s' and hubloc_guid_sig = '%s'
and hubloc_url = '%s' and hubloc_url_sig = '%s'
limit 1",
dbesc($arr['guid']),
dbesc($arr['hub'])
dbesc($arr['guid_sig']),
dbesc($arr['hub']),
dbesc($arr['hub_sig'])
);
if($r && count($r))
return $r[0];
@@ -95,13 +100,19 @@ function zot_register_hub($arr) {
if($record->hub && count($record->hub)) {
foreach($record->hub as $h) {
// store any hubs we don't know about
if( ! zot_gethub(array('hub' => $h->url, 'guid' => $arr['guid']))) {
$r = q("insert into hubloc (hubloc_guid, hubloc_flags, hubloc_url,
hubloc_callback, hubloc_sitekey, hubloc_key)
values ( '%s', %d, '%s', '%s', '%s', '%s' )",
if( ! zot_gethub(
array('guid' => $arr['guid'],
'guid_sig' => $arr['guid_sig'],
'hub' => $h->url,
'hub_sig' => $h->url_sig))) {
$r = q("insert into hubloc (hubloc_guid, hubloc_guid_sig, hubloc_flags, hubloc_url,
hubloc_url_sig, hubloc_callback, hubloc_sitekey, hubloc_key)
values ( '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s' )",
dbesc($arr['guid']),
dbesc($arr['guid_sig']),
intval((($h->primary) ? HUBLOC_FLAGS_PRIMARY : 0) | HUBLOC_FLAGS_UNVERIFIED ),
dbesc($h->url),
dbesc($h->url_sig),
dbesc($h->callback),
dbesc($h->sitekey),
dbesc($record->key)