don't magic-auth against a deleted channel

2013-12-01 17:18:09 -08:00 · 2013-12-01 17:18:09 -08:00 · fa5366bb95
commit fa5366bb95
parent 77186fa7cd
1 changed files with 14 additions and 9 deletions
--- a/mod/post.php
+++ b/mod/post.php
@ -111,18 +111,23 @@ function post_init(&$a) {
 			$c = q("select * from channel where channel_address = '%s' limit 1",
 				dbesc($webbie)
 			);
+		}
 		if(! $c) {
+
 			// They are authenticating ultimately to the site and not to a particular channel.
-				// Any channel will do. We just need to have an identity to attach to the
-				// packet we send back.
+			// Any channel will do, providing it's currently active. We just need to have an 
+			// identity to attach to the packet we send back. So find one. 
+
+			$c = q("select * from channel where not ( channel_pageflags & %d ) limit 1",
+				intval(PAGE_REMOVED)
+			);
+
+			if(! $c) {
+
+				// nobody here

-				$c = q("select * from channel where true limit 1");
-				if(! $c)
 				logger('mod_zot: auth: unable to find channel ' . $webbie);
-				// They'll get a notice when they hit the page, we don't need two of them. 
-				// In fact we only need the name to map the destination, auth can proceed
-				// without it.
-
+				goaway($desturl);
 			}
 		}