Merge branch 'dev' into perms
This commit is contained in:
redmatrix
@@ -36,22 +36,33 @@ function account_verify_password($email, $pass) {
|
||||
// you have to verify the email and then go through the account approval workflow before
|
||||
// letting them login.
|
||||
|
||||
if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED))
|
||||
return null;
|
||||
// @bug there is no record here
|
||||
//if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED))
|
||||
// return null;
|
||||
|
||||
$r = q("select * from account where account_email = '%s'",
|
||||
dbesc($email)
|
||||
);
|
||||
if(! ($r && count($r)))
|
||||
return null;
|
||||
if($r) {
|
||||
|
||||
foreach($r as $record) {
|
||||
if(($record['account_flags'] == ACCOUNT_OK)
|
||||
&& (hash('whirlpool', $record['account_salt'] . $pass) === $record['account_password'])) {
|
||||
logger('password verified for ' . $email);
|
||||
return $record;
|
||||
foreach($r as $record) {
|
||||
if(($record['account_flags'] == ACCOUNT_OK)
|
||||
&& (hash('whirlpool', $record['account_salt'] . $pass) === $record['account_password'])) {
|
||||
logger('password verified for ' . $email);
|
||||
return $record;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1",
|
||||
dbesc($email),
|
||||
dbesc($pass)
|
||||
);
|
||||
if($x) {
|
||||
atoken_login($x[0]);
|
||||
return $x[0];
|
||||
}
|
||||
|
||||
$error = 'password failed for ' . $email;
|
||||
logger($error);
|
||||
|
||||
@@ -123,10 +134,18 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
||||
authenticate_success($x[0], true, true);
|
||||
}
|
||||
}
|
||||
|
||||
$r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1",
|
||||
dbesc($_SESSION['visitor_id'])
|
||||
);
|
||||
if(array_key_exists('atoken',$_SESSION)) {
|
||||
$y = q("select * from atoken where atoken_id = %d limit 1",
|
||||
intval($_SESSION['atoken'])
|
||||
);
|
||||
if($y)
|
||||
$r = array(atoken_xchan($y[0]));
|
||||
}
|
||||
else {
|
||||
$r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1",
|
||||
dbesc($_SESSION['visitor_id'])
|
||||
);
|
||||
}
|
||||
if($r) {
|
||||
App::set_observer($r[0]);
|
||||
}
|
||||
@@ -199,20 +218,27 @@ else {
|
||||
|
||||
call_hooks('authenticate', $addon_auth);
|
||||
|
||||
$atoken = false;
|
||||
|
||||
if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) {
|
||||
$record = $addon_auth['user_record'];
|
||||
}
|
||||
else {
|
||||
$record = App::$account = account_verify_password($_POST['username'], $_POST['password']);
|
||||
$x = account_verify_password($_POST['username'], $_POST['password']);
|
||||
if(array_key_exists('atoken',$x))
|
||||
$atoken = true;
|
||||
if(! $atoken) {
|
||||
$record = App::$account = $x;
|
||||
|
||||
if(App::$account) {
|
||||
$_SESSION['account_id'] = App::$account['account_id'];
|
||||
}
|
||||
else {
|
||||
notice( t('Failed authentication') . EOL);
|
||||
}
|
||||
if(App::$account) {
|
||||
$_SESSION['account_id'] = App::$account['account_id'];
|
||||
}
|
||||
else {
|
||||
notice( t('Failed authentication') . EOL);
|
||||
}
|
||||
|
||||
logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL);
|
||||
logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL);
|
||||
}
|
||||
}
|
||||
|
||||
if((! $record) || (! count($record))) {
|
||||
@@ -252,7 +278,8 @@ else {
|
||||
// if we haven't failed up this point, log them in.
|
||||
|
||||
$_SESSION['last_login_date'] = datetime_convert();
|
||||
authenticate_success($record, true, true);
|
||||
if(! $atoken)
|
||||
authenticate_success($record, true, true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -270,6 +297,7 @@ else {
|
||||
* @return int|bool
|
||||
* Return channel_id from pconfig or false.
|
||||
*/
|
||||
|
||||
function match_openid($authid) {
|
||||
// Query the uid/channel_id from pconfig for a given value.
|
||||
$r = q("SELECT uid FROM pconfig WHERE cat = 'system' AND k = 'openid' AND v = '%s' LIMIT 1",
|
||||
|
||||
@@ -1310,13 +1310,12 @@ function get_my_address() {
|
||||
* If somebody arrives at our site using a zid, add their xchan to our DB if we don't have it already.
|
||||
* And if they aren't already authenticated here, attempt reverse magic auth.
|
||||
*
|
||||
* @param App &$a
|
||||
*
|
||||
* @hooks 'zid_init'
|
||||
* string 'zid' - their zid
|
||||
* string 'url' - the destination url
|
||||
*/
|
||||
function zid_init(&$a) {
|
||||
function zid_init() {
|
||||
$tmp_str = get_my_address();
|
||||
if(validate_email($tmp_str)) {
|
||||
Zotlabs\Daemon\Master::Summon(array('Gprobe',bin2hex($tmp_str)));
|
||||
@@ -1342,6 +1341,28 @@ function zid_init(&$a) {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*
|
||||
* If somebody arrives at our site using a zat, authenticate them
|
||||
*
|
||||
*/
|
||||
|
||||
function zat_init() {
|
||||
if(local_channel() || remote_channel())
|
||||
return;
|
||||
|
||||
$r = q("select * from atoken where atoken_token = '%s' limit 1",
|
||||
dbesc($_REQUEST['zat'])
|
||||
);
|
||||
if($r) {
|
||||
atoken_login($r[0]);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @brief Adds a zid parameter to a url.
|
||||
*
|
||||
|
||||
64
include/perm_upgrade.php
Normal file
64
include/perm_upgrade.php
Normal file
@@ -0,0 +1,64 @@
|
||||
<?php
|
||||
|
||||
function perm_limits_upgrade($channel) {
|
||||
set_pconfig($channel['channel_id'],'perm_limits','view_stream',$channel['channel_r_stream']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','view_profile',$channel['channel_r_profile']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','view_contacts',$channel['channel_r_abook']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','view_storage',$channel['channel_r_storage']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','view_pages',$channel['channel_r_pages']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','send_stream',$channel['channel_w_stream']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','post_wall',$channel['channel_w_wall']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','post_comments',$channel['channel_w_comment']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','post_mail',$channel['channel_w_mail']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','post_like',$channel['channel_w_like']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','tag_deliver',$channel['channel_w_tagwall']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','chat',$channel['channel_w_chat']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','write_storage',$channel['channel_w_storage']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','write_pages',$channel['channel_w_pages']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','republish',$channel['channel_a_republish']);
|
||||
set_pconfig($channel['channel_id'],'perm_limits','delegate',$channel['channel_a_delegate']);
|
||||
}
|
||||
|
||||
|
||||
function perm_abook_upgrade($abook) {
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_stream',intval(($abook['abook_their_perms'] & PERMS_R_STREAM)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_profile',intval(($abook['abook_their_perms'] & PERMS_R_PROFILE)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_contacts',intval(($abook['abook_their_perms'] & PERMS_R_ABOOK)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_storage',intval(($abook['abook_their_perms'] & PERMS_R_STORAGE)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_pages',intval(($abook['abook_their_perms'] & PERMS_R_PAGES)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','send_stream',intval(($abook['abook_their_perms'] & PERMS_W_STREAM)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_wall',intval(($abook['abook_their_perms'] & PERMS_W_WALL)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_comments',intval(($abook['abook_their_perms'] & PERMS_W_COMMENT)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_mail',intval(($abook['abook_their_perms'] & PERMS_W_MAIL)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_like',intval(($abook['abook_their_perms'] & PERMS_W_LIKE)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','tag_deliver',intval(($abook['abook_their_perms'] & PERMS_W_TAGWALL)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','chat',intval(($abook['abook_their_perms'] & PERMS_W_CHAT)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_storage',intval(($abook['abook_their_perms'] & PERMS_W_STORAGE)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_pages',intval(($abook['abook_their_perms'] & PERMS_W_PAGES)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','republish',intval(($abook['abook_their_perms'] & PERMS_A_REPUBLISH)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','delegate',intval(($abook['abook_their_perms'] & PERMS_A_DELEGATE)? 1 : 0));
|
||||
|
||||
|
||||
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_stream',intval(($abook['abook_my_perms'] & PERMS_R_STREAM)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_profile',intval(($abook['abook_my_perms'] & PERMS_R_PROFILE)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_contacts',intval(($abook['abook_my_perms'] & PERMS_R_ABOOK)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_storage',intval(($abook['abook_my_perms'] & PERMS_R_STORAGE)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_pages',intval(($abook['abook_my_perms'] & PERMS_R_PAGES)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','send_stream',intval(($abook['abook_my_perms'] & PERMS_W_STREAM)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_wall',intval(($abook['abook_my_perms'] & PERMS_W_WALL)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_comments',intval(($abook['abook_my_perms'] & PERMS_W_COMMENT)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_mail',intval(($abook['abook_my_perms'] & PERMS_W_MAIL)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_like',intval(($abook['abook_my_perms'] & PERMS_W_LIKE)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','tag_deliver',intval(($abook['abook_my_perms'] & PERMS_W_TAGWALL)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','chat',intval(($abook['abook_my_perms'] & PERMS_W_CHAT)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_storage',intval(($abook['abook_my_perms'] & PERMS_W_STORAGE)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_pages',intval(($abook['abook_my_perms'] & PERMS_W_PAGES)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','republish',intval(($abook['abook_my_perms'] & PERMS_A_REPUBLISH)? 1 : 0));
|
||||
set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','delegate',intval(($abook['abook_my_perms'] & PERMS_A_DELEGATE)? 1 : 0));
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -82,6 +82,44 @@ function authenticate_success($user_record, $login_initial = false, $interactive
|
||||
/* else just return */
|
||||
}
|
||||
|
||||
function atoken_login($atoken) {
|
||||
if(! $atoken)
|
||||
return false;
|
||||
|
||||
$xchan = atoken_xchan($atoken);
|
||||
|
||||
$_SESSION['authenticated'] = 1;
|
||||
$_SESSION['visitor_id'] = $xchan['xchan_hash'];
|
||||
$_SESSION['atoken'] = $atoken['atoken_id'];
|
||||
|
||||
\App::set_observer($xchan);
|
||||
|
||||
return [ 'atoken' => true ];
|
||||
}
|
||||
|
||||
|
||||
function atoken_xchan($atoken) {
|
||||
|
||||
$c = channelx_by_n($atoken['atoken_uid']);
|
||||
if($c) {
|
||||
return [
|
||||
'xchan_hash' => substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'],
|
||||
'xchan_name' => $atoken['atoken_name'],
|
||||
'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(),
|
||||
'xchan_network' => 'unknown',
|
||||
'xchan_hidden' => 1,
|
||||
'xchan_photo_mimetype' => 'image/jpeg',
|
||||
'xchan_photo_l' => get_default_profile_photo(300),
|
||||
'xchan_photo_m' => get_default_profile_photo(80),
|
||||
'xchan_photo_s' => get_default_profile_photo(48)
|
||||
|
||||
];
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @brief Change to another channel with current logged-in account.
|
||||
*
|
||||
|
||||
@@ -774,6 +774,10 @@ function strip_zids($s) {
|
||||
return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s);
|
||||
}
|
||||
|
||||
function strip_zats($s) {
|
||||
return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s);
|
||||
}
|
||||
|
||||
|
||||
// quick and dirty quoted_printable encoding
|
||||
|
||||
|
||||
@@ -609,6 +609,15 @@ function widget_settings_menu($arr) {
|
||||
'selected' => ((argv(1) === 'oauth') ? 'active' : ''),
|
||||
);
|
||||
|
||||
if(! UNO) {
|
||||
$tabs[] = array(
|
||||
'label' => t('Guest Access Tokens'),
|
||||
'url' => z_root() . '/settings/tokens',
|
||||
'selected' => ((argv(1) === 'tokens') ? 'active' : ''),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
if($role === false || $role === 'custom') {
|
||||
$tabs[] = array(
|
||||
'label' => t('Connection Default Permissions'),
|
||||
|
||||
Reference in New Issue
Block a user