X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=index.php;h=f65867feb6c9cf876e7b1930949b54130552c9da;hb=c2d4b557aeb4b6eb9eee2a6b65b18ab7bf6efe39;hp=aeda999825bb3569b34186c08dc59fac678e43d4;hpb=352e136132726b10bbcda8604134b8641402af03;p=friendica.git

diff --git a/index.php b/index.php
index aeda999825..f65867feb6 100644
--- a/index.php
+++ b/index.php
@@ -121,25 +121,35 @@ if ((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
 	L10n::loadTranslationTable($lang);
 }
 
-if ((x($_GET, 'zrl')) && $a->mode == App::MODE_NORMAL) {
-	// Only continue when the given profile link seems valid
-	// Valid profile links contain a path with "/profile/" and no query parameters
-	if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "")
-		&& strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")
-	) {
-		$_SESSION['my_url'] = $_GET['zrl'];
-		$a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is', '', $a->query_string);
-		Profile::zrlInit($a);
-	} else {
-		// Someone came with an invalid parameter, maybe as a DDoS attempt
-		// We simply stop processing here
-		logger("Invalid ZRL parameter ".$_GET['zrl'], LOGGER_DEBUG);
-		header('HTTP/1.1 403 Forbidden');
-		echo "<h1>403 Forbidden</h1>";
-		killme();
+if ((x($_GET,'zrl')) && $a->mode == App::MODE_NORMAL) {
+	$a->query_string = Profile::stripZrls($a->query_string);
+	if (!local_user()) {
+		// Only continue when the given profile link seems valid
+		// Valid profile links contain a path with "/profile/" and no query parameters
+		if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") &&
+			strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
+			if ($_SESSION["visitor_home"] != $_GET["zrl"]) {
+				$_SESSION['my_url'] = $_GET['zrl'];
+				$_SESSION['authenticated'] = 0;
+			}
+			Profile::zrlInit($a);
+		} else {
+			// Someone came with an invalid parameter, maybe as a DDoS attempt
+			// We simply stop processing here
+			logger("Invalid ZRL parameter " . $_GET['zrl'], LOGGER_DEBUG);
+			header('HTTP/1.1 403 Forbidden');
+			echo "<h1>403 Forbidden</h1>";
+			killme();
+		}
 	}
 }
 
+if ((x($_GET,'owt')) && $a->mode == App::MODE_NORMAL) {
+	$token = $_GET['owt'];
+	$a->query_string = Profile::stripQueryParam($a->query_string, 'owt');
+	Profile::openWebAuthInit($token);
+}
+
 /**
  * For Mozilla auth manager - still needs sorting, and this might conflict with LRDD header.
  * Apache/PHP lumps the Link: headers into one - and other services might not be able to parse it