now we're into the minor nitty fixes

boot.php

@@ -1186,7 +1186,7 @@ if(! function_exists('local_user')) {
 if(! function_exists('remote_user')) {
 	function remote_user() {
 		if((x($_SESSION,'authenticated')) && (x($_SESSION,'visitor_id')))
-			return intval($_SESSION['visitor_id']);
+			return $_SESSION['visitor_id'];
 		return false;
 	}
 }

include/auth.php

@@ -63,9 +63,9 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 		info( t('Logged out.') . EOL);
 		goaway(z_root());
 	}
-
+dbg(1);
 	if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
-		$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+		$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1",
 			dbesc($_SESSION['visitor_id'])
 		);
 		if($r) {
@@ -77,7 +77,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 		}
 		$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
 	}
-
+dbg(0);
 	if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
 
 		// already logged in user returning

include/security.php

@@ -349,7 +349,7 @@ if(! function_exists('init_groups_visitor')) {
 function init_groups_visitor($contact_id) {
 	$groups = array();
 	$r = q("SELECT gid FROM group_member WHERE xchan = '%s' ",
-		intval($contact_id)
+		dbesc($contact_id)
 	);
 	if(count($r)) {
 		foreach($r as $rr)

mod/post.php

@@ -87,8 +87,9 @@ function post_init(&$a) {
 					$_SESSION['authenticated'] = 1;
 					$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
 					$a->set_observer($x[0]);
+					require_once('include/security.php');
 					$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
-					notice(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
+					info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
 				}
 			}