use Friendica\Core\PConfig;
use Friendica\Core\Protocol;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Term;
*
* @return int|bool visitor_id or false
*/
-function remote_user($uid = null)
+function remote_user()
{
- // You cannot be both local and remote.
- // Unncommented by rabuzarus because remote authentication to local
- // profiles wasn't possible anymore (2018-04-12).
-// if (local_user()) {
-// return false;
-// }
-
if (empty($_SESSION['authenticated'])) {
return false;
}
- if (!is_null($uid) && !empty($_SESSION['remote'])) {
- /// @todo replace it with this:
- // if (!empty($_SESSION['remote'][$uid])) ...
- foreach ($_SESSION['remote'] as $visitor) {
- if ($visitor['uid'] == $uid) {
- return $visitor['cid'];
- }
- }
- } elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) {
+ if (!empty($_SESSION['visitor_id'])) {
return intval($_SESSION['visitor_id']);
}
'network' => $item['author-network'], 'url' => $item['author-link']];
// Only create a redirection to a magic link when logged in
- if (!empty($item['plink']) && (local_user() || remote_user())) {
+ if (!empty($item['plink']) && Session::isAuthenticated()) {
$item['plink'] = Contact::magicLinkByContact($author, $item['plink']);
}
}
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Item;
use Friendica\Protocol\DFRN;
{
$uid = 0;
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
return;
}
$contact_id = 0;
// check if logged in user is either the author or owner of this item
-
- if (!empty($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $visitor) {
- if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
- $contact_id = $visitor['cid'];
- break;
- }
- }
+ if (Session::getRemoteContactID($item['uid']) == $item['contact-id']) {
+ $contact_id = $item['contact-id'];
}
if ((local_user() == $item['uid']) || $contact_id) {
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Event;
function cal_init(App $a)
{
- if ($a->argc > 1) {
- DFRN::autoRedir($a, $a->argv[1]);
- }
-
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.'));
}
$owner_uid = intval($a->data['user']['uid']);
$nick = $a->data['user']['nickname'];
- if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $a->profile['profile_uid']) {
- $contact_id = $v['cid'];
- break;
- }
- }
+ if (!empty(Session::getRemoteContactID($a->profile['profile_uid']))) {
+ $contact_id = Session::getRemoteContactID($a->profile['profile_uid']);
}
- $groups = [];
if ($contact_id) {
- $groups = Group::getIdsByContactId($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($a->profile['profile_uid'])
}
// get the permissions
- $sql_perms = Item::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+ $sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
// we only want to have the events of the profile owner
$sql_extra = " AND `event`.`cid` = 0 " . $sql_perms;
{
$o = '';
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Module\Login;
use Friendica\Protocol\DFRN;
$hidewall = false;
if (($dfrn_id === '') && empty($_POST['dfrn_id'])) {
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
throw new \Friendica\Network\HTTPException\ForbiddenException();
}
$_SESSION['remote'] = [];
}
- $_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
+ $_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['remote'] = [];
}
- $_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
+ $_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
+
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Group;
exit();
} else {
// Normal web request. Display our user's introduction form.
- if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
if (!Config::get('system', 'local_block')) {
notice(L10n::t('Public access denied.') . EOL);
return;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Group;
Objects::rawContent();
}
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
return;
}
if (DBA::isResult($item)) {
$nick = $a->user["nickname"];
}
+ }
+
// Is this item private but could be visible to the remove visitor?
- } elseif (remote_user()) {
- $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
+ if (!DBA::isResult($item) && remote_user()) {
+ $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]);
if (DBA::isResult($item)) {
if (!Contact::isFollower(remote_user(), $item['uid'])) {
$item = null;
displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
}
- if ($a->argc >= 3 && $nick == 'feed-item') {
- displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
- }
-
if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG);
displayShowFeed($item["id"], false);
if (strstr(Strings::normaliseLink($profiledata["url"]), Strings::normaliseLink(System::baseUrl()))) {
$nickname = str_replace(Strings::normaliseLink(System::baseUrl())."/profile/", "", Strings::normaliseLink($profiledata["url"]));
- if (($nickname != $a->user["nickname"])) {
+ if ($nickname != $a->user["nickname"]) {
$profile = DBA::fetchFirst("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile`
INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid`
WHERE `user`.`nickname` = ? AND `profile`.`is-default` AND `contact`.`self` LIMIT 1",
function display_content(App $a, $update = false, $update_uid = 0)
{
- if (Config::get('system','block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system','block_public') && !Session::isAuthenticated()) {
throw new HTTPException\ForbiddenException(L10n::t('Public access denied.'));
}
$item_parent = $item["parent"];
$item_parent_uri = $item['parent-uri'];
}
- } elseif (remote_user()) {
- $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
+ }
+
+ if (($item_parent == 0) && remote_user()) {
+ $item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]);
if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) {
$item_id = $item["id"];
$item_parent = $item["parent"];
['$alternate' => $alternate,
'$conversation' => $conversation]);
- $groups = [];
- $remote_cid = null;
$is_remote_contact = false;
$item_uid = local_user();
if (DBA::isResult($parent)) {
$a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']);
$a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']);
- $is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
-
+ $is_remote_contact = Session::getRemoteContactID($a->profile['profile_uid']);
if ($is_remote_contact) {
- $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
- if (!empty($cdata['user'])) {
- $groups = Group::getIdsByContactId($cdata['user']);
- $remote_cid = $cdata['user'];
- $item_uid = $parent['uid'];
- }
+ $item_uid = $parent['uid'];
}
}
}
-
$page_contact = DBA::selectFirst('contact', [], ['self' => true, 'uid' => $a->profile['uid']]);
if (DBA::isResult($page_contact)) {
$a->page_contact = $page_contact;
}
+
$is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false);
if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) {
];
$o .= status_editor($a, $x, 0, true);
}
- $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $is_remote_contact, $groups, $remote_cid);
+ $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
if (local_user() && (local_user() == $a->profile['profile_uid'])) {
$condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true];
$condition = ["`id` = ? AND `item`.`uid` IN (0, ?) " . $sql_extra, $item_id, $item_uid];
$fields = ['parent-uri', 'body', 'title', 'author-name', 'author-avatar', 'plink', 'author-id', 'owner-id', 'contact-id'];
- $item = Item::selectFirstForUser(local_user(), $fields, $condition);
+ $item = Item::selectFirstForUser($a->profile['profile_uid'], $fields, $condition);
if (!DBA::isResult($item)) {
throw new HTTPException\NotFoundException(L10n::t('The requested item doesn\'t exist or has been deleted.'));
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
use Friendica\Model\User;
function hcard_init(App $a)
{
- $blocked = Config::get('system', 'block_public') && !local_user() && !remote_user();
+ $blocked = Config::get('system', 'block_public') && !Session::isAuthenticated();
if ($a->argc > 1) {
$which = $a->argv[1];
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Model\Attach;
require_once 'include/items.php';
function item_post(App $a) {
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
return 0;
}
if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
$self = true;
$author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
- } elseif (remote_user()) {
- if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $profile_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
- if ($contact_id) {
- $author = DBA::selectFirst('contact', [], ['id' => $contact_id]);
- }
+ } elseif (!empty(Session::getRemoteContactID($profile_uid))) {
+ $author = DBA::selectFirst('contact', [], ['id' => Session::getRemoteContactID($profile_uid)]);
}
if (DBA::isResult($author)) {
function item_content(App $a)
{
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
return;
}
use Friendica\Core\Logger;
use Friendica\Core\Renderer;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Group;
function photos_init(App $a) {
- if ($a->argc > 1) {
- DFRN::autoRedir($a, $a->argv[1]);
- }
-
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
return;
}
$albums = Photo::getAlbums($a->data['user']['uid']);
- $albums_visible = ((intval($a->data['user']['hidewall']) && !local_user() && !remote_user()) ? false : true);
+ $albums_visible = ((intval($a->data['user']['hidewall']) && !Session::isAuthenticated()) ? false : true);
// add various encodings to the array so we can just loop through and pick them out in a template
$ret = ['success' => false];
$ret['albums'] = [];
foreach ($albums as $k => $album) {
//hide profile photos to others
- if (!$is_owner && !remote_user() && ($album['album'] == L10n::t('Profile Photos')))
+ if (!$is_owner && !Session::getRemoteContactID($a->profile_uid) && ($album['album'] == L10n::t('Profile Photos')))
continue;
$entry = [
'text' => $album['album'],
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
- } elseif ($community_page && remote_user($page_owner_uid)) {
- $contact_id = remote_user($page_owner_uid);
-
- if ($contact_id > 0) {
- if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
- $can_post = true;
- $visitor = $contact_id;
- }
- }
+ } elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
+ $contact_id = Session::getRemoteContactID($page_owner_uid);
+ $can_post = true;
+ $visitor = $contact_id;
}
if (!$can_post) {
// photos/name/image/xxxxx/edit
// photos/name/image/xxxxx/drop
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
if (local_user() && (local_user() == $owner_uid)) {
$can_post = true;
- } else {
- if ($community_page && remote_user()) {
- if (is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
+ } elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
+ $contact_id = Session::getRemoteContactID($owner_uid);
+ $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
- if ($contact_id) {
- $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
-
- if (DBA::isResult($contact)) {
- $can_post = true;
- $remote_contact = true;
- $visitor = $contact_id;
- }
- }
+ if (DBA::isResult($contact)) {
+ $can_post = true;
+ $remote_contact = true;
+ $visitor = $contact_id;
}
}
- $groups = [];
-
// perhaps they're visiting - but not a community page, so they wouldn't have write access
- if (remote_user() && !$visitor) {
- $contact_id = 0;
- if (is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
+ if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
+ $contact_id = Session::getRemoteContactID($owner_uid);
- if ($contact_id) {
- $groups = Group::getIdsByContactId($contact_id);
+ $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
- $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
-
- $remote_contact = DBA::isResult($contact);
- }
+ $remote_contact = DBA::isResult($contact);
}
if (!$remote_contact && local_user()) {
return;
}
- $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+ $sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
$o = "";
$twist = false;
foreach ($r as $rr) {
//hide profile photos to others
- if (!$is_owner && !remote_user() && ($rr['album'] == L10n::t('Profile Photos'))) {
+ if (!$is_owner && !Session::getRemoteContactID($owner_uid) && ($rr['album'] == L10n::t('Profile Photos'))) {
continue;
}
$contact_url = $contact['url'];
- if ((!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate.
+ if (!Session::isAuthenticated() // Visitors (not logged in or not remotes) can't authenticate.
|| (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated.
{
$a->redirect(defaults($url, $contact_url));
// with the local contact. Otherwise the local user would ask the local contact
// for authentification everytime he/she is visiting a profile page of the local
// contact.
- if ($host == $remotehost
- && !empty($_SESSION['remote'])
- && is_array($_SESSION['remote']))
- {
- foreach ($_SESSION['remote'] as $v) {
- if (!empty($v['uid']) && !empty($v['cid']) &&
- $v['uid'] == Session::get('visitor_visiting') &&
- $v['cid'] == Session::get('visitor_id')) {
- // Remote user is already authenticated.
- $target_url = defaults($url, $contact_url);
- Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
- $a->redirect($target_url);
- }
- }
+ if (($host == $remotehost) && (Session::getRemoteContactID(Session::get('visitor_visiting')) == Session::get('visitor_id'))) {
+ // Remote user is already authenticated.
+ $target_url = defaults($url, $contact_url);
+ Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
+ $a->redirect($target_url);
}
}
- // When the remote page does support OWA, then we enforce the use of it
- $basepath = Contact::getBasepath($contact_url);
- if (Strings::compareLink($basepath, System::baseUrl())) {
- $use_magic = true;
- } else {
- $serverret = Network::curl($basepath . '/magic');
- $use_magic = $serverret->isSuccess();
- }
-
// Doing remote auth with dfrn.
- if (local_user() && !$use_magic && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
+ if (local_user() && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
$dfrn_id = $orig_id = (($contact['issued-id']) ? $contact['issued-id'] : $contact['dfrn-id']);
if ($contact['duplex'] && $contact['issued-id']) {
Logger::info('Got my url', ['visitor' => $visitor]);
}
- /// @todo Most likely these lines are superfluous. We will remove them in the next version
- if (empty($visitor) && remote_user()) {
- $contact = DBA::selectFirst('contact', ['url'], ['id' => remote_user()]);
- if (!empty($contact['url'])) {
- $visitor = $contact['url'];
- Logger::info('Got remote user', ['visitor' => $visitor]);
- }
- }
-
- if (empty($visitor) && local_user()) {
- $contact = DBA::selectFirst('contact', ['url'], ['id' => local_user()]);
- if (!empty($contact['url'])) {
- $visitor = $contact['url'];
- Logger::info('Got local user', ['visitor' => $visitor]);
- }
- }
-
$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid]);
if (!DBA::isResult($contact)) {
Logger::info('Contact not found', ['id' => $cid]);
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
+use Friendica\Core\Session;
use Friendica\Core\Renderer;
use Friendica\Database\DBA;
use Friendica\Model\Item;
}
function search_content(App $a) {
- if (Config::get('system','block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system','block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
- if (Config::get('system','local_search') && !local_user() && !remote_user()) {
+ if (Config::get('system','local_search') && !Session::isAuthenticated()) {
$e = new \Friendica\Network\HTTPException\ForbiddenException(L10n::t("Only logged in users are permitted to perform a search."));
$e->httpdesc = L10n::t("Public access denied.");
throw $e;
}
- if (Config::get('system','permit_crawling') && !local_user() && !remote_user()) {
+ if (Config::get('system','permit_crawling') && !Session::isAuthenticated()) {
// Default values:
// 10 requests are "free", after the 11th only a call per minute is allowed
function subthread_content(App $a) {
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
return;
}
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Model\Item;
function tagger_content(App $a) {
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
return;
}
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Attach;
use Friendica\Model\Contact;
function videos_init(App $a)
{
- if ($a->argc > 1) {
- DFRN::autoRedir($a, $a->argv[1]);
- }
-
- if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
return;
}
// videos/name/video/xxxxx/edit
- if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
notice(L10n::t('Public access denied.') . EOL);
return;
}
if ((local_user()) && (local_user() == $owner_uid)) {
$can_post = true;
- } elseif ($community_page && remote_user()) {
- if (!empty($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
-
- if ($contact_id > 0) {
- $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($owner_uid)
- );
-
- if (DBA::isResult($r)) {
- $can_post = true;
- $remote_contact = true;
- $visitor = $contact_id;
- }
- }
+ } elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
+ $contact_id = Session::getRemoteContactID($owner_uid);
+ $can_post = true;
+ $remote_contact = true;
+ $visitor = $contact_id;
}
- $groups = [];
-
// perhaps they're visiting - but not a community page, so they wouldn't have write access
- if (remote_user() && (!$visitor)) {
- $contact_id = 0;
-
- if (!empty($_SESSION['remote'])) {
- foreach($_SESSION['remote'] as $v) {
- if($v['uid'] == $owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
-
- if ($contact_id > 0) {
- $groups = Group::getIdsByContactId($contact_id);
- $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($owner_uid)
- );
-
- if (DBA::isResult($r)) {
- $remote_contact = true;
- }
- }
+ if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
+ $contact_id = Session::getRemoteContactID($owner_uid);
+ $remote_contact = true;
}
- if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) {
+ if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) {
notice(L10n::t('Access to this item is restricted.') . EOL);
return;
}
- $sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+ $sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
$o = "";
use Friendica\App;
use Friendica\Core\Config;
use Friendica\Core\L10n;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Attach;
use Friendica\Model\User;
$page_owner_cid = $r[0]['id'];
$community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
- if ((local_user()) && (local_user() == $page_owner_uid)) {
+ if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
- } else {
- if ($community_page && remote_user()) {
- $contact_id = 0;
-
- if (is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $page_owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
-
- if ($contact_id > 0) {
- $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($page_owner_uid)
- );
+ } elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
+ $contact_id = Session::getRemoteContactID($page_owner_uid);
+ $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
+ intval($contact_id),
+ intval($page_owner_uid)
+ );
- if (DBA::isResult($r)) {
- $can_post = true;
- }
- }
+ if (DBA::isResult($r)) {
+ $can_post = true;
}
}
- if (! $can_post) {
+ if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]);
exit();
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Core\Config;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
if ((local_user()) && (local_user() == $page_owner_uid)) {
$can_post = true;
- } else {
- if ($community_page && remote_user()) {
- $contact_id = 0;
- if (is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $v) {
- if ($v['uid'] == $page_owner_uid) {
- $contact_id = $v['cid'];
- break;
- }
- }
- }
-
- if ($contact_id) {
- $r = q("SELECT `uid` FROM `contact`
- WHERE `blocked` = 0 AND `pending` = 0
- AND `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($page_owner_uid)
- );
- if (DBA::isResult($r)) {
- $can_post = true;
- $visitor = $contact_id;
- }
- }
+ } elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
+ $contact_id = Session::getRemoteContactID($page_owner_uid);
+
+ $r = q("SELECT `uid` FROM `contact`
+ WHERE `blocked` = 0 AND `pending` = 0
+ AND `id` = %d AND `uid` = %d LIMIT 1",
+ intval($contact_id),
+ intval($page_owner_uid)
+ );
+ if (DBA::isResult($r)) {
+ $can_post = true;
+ $visitor = $contact_id;
}
}
-
if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]);
$nav['usermenu'] = [];
$userinfo = null;
- if (local_user() || remote_user()) {
+ if (Session::isAuthenticated()) {
$nav['logout'] = ['logout', L10n::t('Logout'), '', L10n::t('End this session')];
} else {
$nav['login'] = ['login', L10n::t('Login'), ($a->module == 'login' ? 'selected' : ''), L10n::t('Sign in')];
$nav['home'] = [$homelink, L10n::t('Home'), '', L10n::t('Home Page')];
}
- if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::OPEN && !local_user() && !remote_user()) {
+ if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::OPEN && !Session::isAuthenticated()) {
$nav['register'] = ['register', L10n::t('Register'), '', L10n::t('Create an account')];
}
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\FileTag;
$zcid = 0;
- $cid = remote_user($profile_uid);
+ $cid = Session::getRemoteContactID($profile_uid);
if (!$cid) {
if (Profile::getMyURL()) {
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\GContact;
+use Friendica\Core\Session;
use Friendica\Util\Network;
/**
*/
public static function contactAutocomplete($search, $mode, int $page = 1)
{
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
return [];
}
/**
* Retrieves a key from the session super global or the defaults if the key is missing or the value is falsy.
- *
+ *
* Handle the case where session_start() hasn't been called and the super global isn't available.
*
* @param string $name
'page_flags' => $user_record['page-flags'],
'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'],
'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3),
- 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'),
- 'remote' => []
+ 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')
]);
- $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
- while ($contact = DBA::fetch($remote_contacts)) {
- if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) {
- continue;
- }
-
- /// @todo Change it to this format to save space
- // $_SESSION['remote'][$contact['uid']] = $contact['id'];
- $_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
- }
- DBA::close($remote_contacts);
+ self::setVisitorsContacts();
$member_since = strtotime($user_record['register_date']);
self::set('new_member', time() < ($member_since + ( 60 * 60 * 24 * 14)));
}
}
}
+
+ /**
+ * Returns contact ID for given user ID
+ *
+ * @param integer $uid User ID
+ * @return integer Contact ID of visitor for given user ID
+ */
+ public static function getRemoteContactID($uid)
+ {
+ if (empty($_SESSION['remote'][$uid])) {
+ return false;
+ }
+
+ return $_SESSION['remote'][$uid];
+ }
+
+ /**
+ * Returns User ID for given contact ID of the visitor
+ *
+ * @param integer $cid Contact ID
+ * @return integer User ID for given contact ID of the visitor
+ */
+ public static function getUserIDForVisitorContactID($cid)
+ {
+ if (empty($_SESSION['remote'])) {
+ return false;
+ }
+
+ return array_search($cid, $_SESSION['remote']);
+ }
+
+ /**
+ * Set the session variable that contains the contact IDs for the visitor's contact URL
+ *
+ * @param string $url Contact URL
+ */
+ public static function setVisitorsContacts()
+ {
+ $_SESSION['remote'] = [];
+
+ $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
+ while ($contact = DBA::fetch($remote_contacts)) {
+ if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) {
+ continue;
+ }
+
+ $_SESSION['remote'][$contact['uid']] = $contact['id'];
+ }
+ DBA::close($remote_contacts);
+ }
+
+ /**
+ * Returns if the current visitor is authenticated
+ *
+ * @return boolean "true" when visitor is either a local or remote user
+ */
+ public static function isAuthenticated()
+ {
+ if (empty($_SESSION['authenticated'])) {
+ return false;
+ }
+
+ return $_SESSION['authenticated'];
+ }
}
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Network\Probe;
*/
public static function magicLink($contact_url, $url = '')
{
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url;
}
{
$destination = $url ?: $contact['url']; // Equivalent to ($url != '') ? $url : $contact['url'];
- if ((!local_user() && !remote_user()) || ($contact['network'] != Protocol::DFRN)) {
+ if (!Session::isAuthenticated() || ($contact['network'] != Protocol::DFRN)) {
return $destination;
}
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
+use Friendica\Core\Session;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Protocol\ActivityPub;
*/
public static function performLike($item_id, $verb)
{
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
return false;
}
}
}
- public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null, $remote_cid = null)
+ public static function getPermissionsSQLByUserId($owner_id)
{
$local_user = local_user();
- $remote_user = remote_user();
+ $remote_user = Session::getRemoteContactID($owner_id);
/*
* Construct permissions
* If pre-verified, the caller is expected to have already
* done this and passed the groups into this function.
*/
- $set = PermissionSet::get($owner_id, $remote_cid, $groups);
+ $set = PermissionSet::get($owner_id, $remote_user);
if (!empty($set)) {
$sql_set = " OR (`item`.`private` IN (1,2) AND `item`.`wall` AND `item`.`psid` IN (" . implode(',', $set) . "))";
}
// Update the cached values if there is no "zrl=..." on the links.
- $update = (!local_user() && !remote_user() && ($item["uid"] == 0));
+ $update = (!Session::isAuthenticated() && ($item["uid"] == 0));
// Or update it if the current viewer is the intented viewer.
if (($item["uid"] == local_user()) && ($item["uid"] != 0)) {
*
* @param integer $uid User id whom the items belong
* @param integer $contact_id Contact id of the visitor
- * @param array $groups Possibly previously fetched group ids for that contact
*
* @return array of permission set ids.
* @throws \Exception
*/
-
- static public function get($uid, $contact_id, $groups = null)
+ static public function get($uid, $contact_id)
{
- if (empty($groups) && DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
+ if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $uid, 'blocked' => false])) {
$groups = Group::getIdsByContactId($contact_id);
}
if (empty($groups) || !is_array($groups)) {
return [];
}
+
$group_str = '<<>>'; // should be impossible to match
foreach ($groups as $g) {
$contact_str = '<' . $contact_id . '>';
- $condition = ["`uid` = ? AND (`allow_cid` = '' OR`allow_cid` REGEXP ?)
- AND (`deny_cid` = '' OR NOT `deny_cid` REGEXP ?)
- AND (`allow_gid` = '' OR `allow_gid` REGEXP ?)
- AND (`deny_gid` = '' OR NOT `deny_gid` REGEXP ?)",
- $uid, $contact_str, $contact_str, $group_str, $group_str];
+ $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?)
+ AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))",
+ $uid, $contact_str, $group_str, $contact_str, $group_str];
$ret = DBA::select('permissionset', ['id'], $condition);
$set = [];
*/
public static function getPhoto($resourceid, $scale = 0)
{
- $r = self::selectFirst(["uid", "allow_cid", "allow_gid", "deny_cid", "deny_gid"], ["resource-id" => $resourceid]);
- if ($r === false) {
+ $r = self::selectFirst(["uid"], ["resource-id" => $resourceid]);
+ if (!DBA::isResult($r)) {
return false;
}
- $uid = $r["uid"];
- // This is the first place, when retrieving just a photo, that we know who owns the photo.
- // Check if the photo is public (empty allow and deny means public), if so, skip auth attempt, if not
- // make sure that the requester's session is appropriately authenticated to that user
- // otherwise permissions checks done by getPermissionsSQLByUserId() won't work correctly
- if (!empty($r["allow_cid"]) || !empty($r["allow_gid"]) || !empty($r["deny_cid"]) || !empty($r["deny_gid"])) {
- $r = DBA::selectFirst("user", ["nickname"], ["uid" => $uid], []);
- // this will either just return (if auth all ok) or will redirect and exit (starting over)
- DFRN::autoRedir(self::getApp(), $r["nickname"]);
- }
+ $uid = $r["uid"];
$sql_acl = Security::getPermissionsSQLByUserId($uid);
- $conditions = [
- "`resource-id` = ? AND `scale` <= ? " . $sql_acl,
- $resourceid, $scale
- ];
-
+ $conditions = ["`resource-id` = ? AND `scale` <= ? " . $sql_acl, $resourceid, $scale];
$params = ["order" => ["scale" => true]];
-
$photo = self::selectFirst([], $conditions, $params);
return $photo;
);
}
- $block = ((Config::get('system', 'block_public') && !local_user() && !remote_user()) ? true : false);
+ $block = ((Config::get('system', 'block_public') && !Session::isAuthenticated()) ? true : false);
/**
* @todo
*/
public static function getByNickname($nickname, $uid = 0, $profile_id = 0)
{
- if (remote_user($uid) && !empty($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $visitor) {
- if ($visitor['uid'] == $uid) {
- $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]);
- if (DBA::isResult($contact)) {
- $profile_id = $contact['profile-id'];
- }
- break;
- }
+ if (!empty(Session::getRemoteContactID($uid))) {
+ $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => Session::getRemoteContactID($uid)]);
+ if (DBA::isResult($contact)) {
+ $profile_id = $contact['profile-id'];
}
}
$about = !empty($profile['about']) ? L10n::t('About:') : false;
$xmpp = !empty($profile['xmpp']) ? L10n::t('XMPP:') : false;
- if ((!empty($profile['hidewall']) || $block) && !local_user() && !remote_user()) {
+ if ((!empty($profile['hidewall']) || $block) && !Session::isAuthenticated()) {
$location = $gender = $marital = $homepage = $about = false;
}
// We need to extract the basebath from the profile url
// to redirect the visitors '/magic' module.
- // Note: We should have the basepath of a contact also in the contact table.
- $urlarr = explode('/profile/', $contact['url']);
- $basepath = $urlarr[0];
+ $basepath = Contact::getBasepath($contact['url']);
if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
$magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest;
$_SESSION['visitor_home'] = $visitor['url'];
$_SESSION['my_url'] = $visitor['url'];
- /// @todo replace this and the query for this variable with some cleaner functionality
- $_SESSION['remote'] = [];
-
- $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => $visitor['nurl'], 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
- while ($contact = DBA::fetch($remote_contacts)) {
- if (($contact['uid'] == 0) || Contact::isBlockedByUser($visitor['id'], $contact['uid'])) {
- continue;
- }
-
- $_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
- }
+ Session::setVisitorsContacts();
$a->contact = $visitor;
use Friendica\Content\Widget;
use Friendica\Core\Hook;
use Friendica\Core\L10n;
+use Friendica\Core\Session;
use Friendica\Core\Renderer;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
$app = self::getApp();
$config = $app->getConfig();
- if (($config->get('system', 'block_public') && !local_user() && !remote_user()) ||
- ($config->get('system', 'block_local_dir') && !local_user() && !remote_user())) {
+ if (($config->get('system', 'block_public') && !Session::isAuthenticated()) ||
+ ($config->get('system', 'block_local_dir') && !Session::isAuthenticated())) {
throw new HTTPException\ForbiddenException(L10n::t('Public access denied.'));
}
use Friendica\BaseModule;
use Friendica\Model\Item;
+use Friendica\Core\Session;
use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
{
public static function rawContent()
{
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
throw new HTTPException\ForbiddenException();
}
use Friendica\BaseModule;
use Friendica\Core\Authentication;
+use Friendica\Core\Cache;
use Friendica\Core\Hook;
use Friendica\Core\L10n;
use Friendica\Core\System;
$visitor_home = null;
if (remote_user()) {
$visitor_home = Profile::getMyURL();
+ Cache::delete('zrlInit:' . $visitor_home);
}
Hook::callAll("logging_out");
if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') {
self::$which = $a->user['nickname'];
self::$profile = filter_var($a->argv[1], FILTER_SANITIZE_NUMBER_INT);
- } else {
- DFRN::autoRedir($a, self::$which);
}
}
$a->page['htmlhead'] .= "\n";
- $blocked = !local_user() && !remote_user() && Config::get('system', 'block_public');
- $userblock = !local_user() && !remote_user() && $a->profile['hidewall'];
+ $blocked = !local_user() && !Session::getRemoteContactID($a->profile['profile_uid']) && Config::get('system', 'block_public');
+ $userblock = !local_user() && !Session::getRemoteContactID($a->profile['profile_uid']) && $a->profile['hidewall'];
if (!empty($a->profile['page-flags']) && $a->profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
$a->page['htmlhead'] .= '<meta name="friendica.community" content="true" />' . "\n";
$hashtags = defaults($_GET, 'tag', '');
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !local_user() && !Session::getRemoteContactID($a->profile['profile_uid'])) {
return Login::form();
}
- $groups = [];
- $remote_cid = null;
-
$o = '';
if ($update) {
Nav::setSelected('home');
}
- $remote_contact = ContactModel::isFollower(remote_user(), $a->profile['profile_uid']);
+ $remote_contact = Session::getRemoteContactID($a->profile['profile_uid']);
$is_owner = local_user() == $a->profile['profile_uid'];
- $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user();
-
- if ($remote_contact) {
- $cdata = ContactModel::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
- if (!empty($cdata['user'])) {
- $groups = Group::getIdsByContactId($cdata['user']);
- $remote_cid = $cdata['user'];
- }
- }
+ $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact;
if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) {
notice(L10n::t('Access to this profile has been restricted.') . EOL);
}
// Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
- $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $remote_contact, $groups, $remote_cid);
+ $sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
$sql_extra2 = '';
$last_updated_array = Session::get('last_updated', []);
use Friendica\Core\L10n;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
+use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
{
public static function content()
{
- if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+ if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
throw new \Friendica\Network\HTTPException\NotFoundException(L10n::t('User not found.'));
}
use Friendica\Core\Logger;
use Friendica\Core\PConfig;
use Friendica\Core\Protocol;
-use Friendica\Core\Renderer;
use Friendica\Core\Session;
+use Friendica\Core\Renderer;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Item;
$this->setTemplate('wall');
$this->toplevel = $this->getId() == $this->getDataValue('parent');
- if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
- foreach ($_SESSION['remote'] as $visitor) {
- if ($visitor['cid'] == $this->getDataValue('contact-id')) {
- $this->visiting = true;
- break;
- }
- }
+ if (!empty(Session::getUserIDForVisitorContactID($this->getDataValue('contact-id')))) {
+ $this->visiting = true;
}
$this->writable = $this->getDataValue('writable') || $this->getDataValue('self');
$author = ['uid' => 0, 'id' => $item['author-id'],
'network' => $item['author-network'], 'url' => $item['author-link']];
- if (local_user() || remote_user()) {
+ if (Session::isAuthenticated()) {
$profile_link = Contact::magicLinkByContact($author);
} else {
$profile_link = $item['author-link'];
return 200;
}
- /**
- * @param App $a App
- * @param string $contact_nick contact nickname
- * @throws \Friendica\Network\HTTPException\InternalServerErrorException
- */
- public static function autoRedir(App $a, $contact_nick)
- {
- // prevent looping
- if (!empty($_REQUEST['redir'])) {
- Logger::log('autoRedir might be looping because redirect has been redirected', Logger::DEBUG);
- // looping prevention also appears to sometimes prevent authentication for images
- // because browser may have multiple connections open and load an image on a connection
- // whose session wasn't updated when a previous redirect authenticated
- // Leaving commented in case looping reappears
- //return;
- }
-
- if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) {
- return;
- }
-
- if (local_user()) {
- // We need to find out if $contact_nick is a user on this hub, and if so, if I
- // am a contact of that user. However, that user may have other contacts with the
- // same nickname as me on other hubs or other networks. Exclude these by requiring
- // that the contact have a local URL. I will be the only person with my nickname at
- // this URL, so if a result is found, then I am a contact of the $contact_nick user.
- //
- // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending.
-
- $baseurl = System::baseUrl();
- $domain_st = strpos($baseurl, "://");
- if ($domain_st === false) {
- return;
- }
- $baseurl = substr($baseurl, $domain_st + 3);
- $nurl = Strings::normaliseLink($baseurl);
-
- $r = User::getByNickname($contact_nick, ["uid"]);
- $contact_uid = $r["uid"];
-
- /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
- $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
- AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1",
- DBA::escape($contact_nick),
- DBA::escape($a->user['nickname']),
- DBA::escape($baseurl),
- DBA::escape($nurl)
- );
- if ((! DBA::isResult($r))) {
- return;
- }
- // test if redirect authentication already succeeded
- // Note that "contact" in the sense used in the $contact_nick argument to this function
- // and the sense in the $remote[]["cid"] in the session are opposite.
- // In the session variable the user currently fetching is the contact
- // while $contact_nick is the nick of tho user who owns the stuff being fetched.
- foreach (Session::get('remote', []) as $visitor) {
- if ($visitor['uid'] == $contact_uid && $visitor['cid'] == $r[0]['id']) {
- return;
- }
- }
-
- $r = q("SELECT * FROM contact WHERE nick = '%s'
- AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1",
- DBA::escape($contact_nick),
- DBA::escape(Protocol::DFRN),
- intval(local_user()),
- DBA::escape($baseurl)
- );
- if (! DBA::isResult($r)) {
- return;
- }
-
- $cid = $r[0]['id'];
-
- $dfrn_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']);
-
- if ($r[0]['duplex'] && $r[0]['issued-id']) {
- $orig_id = $r[0]['issued-id'];
- $dfrn_id = '1:' . $orig_id;
- }
- if ($r[0]['duplex'] && $r[0]['dfrn-id']) {
- $orig_id = $r[0]['dfrn-id'];
- $dfrn_id = '0:' . $orig_id;
- }
-
- // ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode
- // that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues
-
- if (strlen($dfrn_id) < 3) {
- return;
- }
-
- $sec = Strings::getRandomHex();
-
- DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]);
-
- $url = curPageURL();
-
- Logger::log('auto_redir: ' . $r[0]['name'] . ' ' . $sec, Logger::DEBUG);
- $dest = (($url) ? '&destination_url=' . $url : '');
- System::externalRedirect($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
- . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest);
- }
-
- return;
- }
-
/**
* @brief Returns the activity verb
*
use Friendica\Model\Contact;
use Friendica\Model\Group;
use Friendica\Model\User;
+use Friendica\Core\Session;
/**
* Secures that User is allow to do requests
{
static $verified = 0;
- if (!local_user() && !remote_user()) {
+ if (!Session::isAuthenticated()) {
return false;
}
return true;
}
- if (remote_user($owner)) {
+ if (!empty(Session::getRemoteContactID($owner))) {
// use remembered decision and avoid a DB lookup for each and every display item
// DO NOT use this function if there are going to be multiple owners
// We have a contact-id for an authenticated remote user, this block determines if the contact
} elseif ($verified === 1) {
return false;
} else {
- $cid = remote_user($owner);
+ $cid = Session::getRemoteContactID($owner);
if (!$cid) {
return false;
}
$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` INNER JOIN `user` on `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
+ AND `user`.`blockwall` = 0 AND `readonly` = 0 AND (`contact`.`rel` IN (%d , %d) OR `user`.`page-flags` = %d) LIMIT 1",
intval($owner),
intval($cid),
intval(Contact::SHARING),
return false;
}
- /// @TODO $groups should be array
- public static function getPermissionsSQLByUserId($owner_id, $remote_verified = false, $groups = null)
+ public static function getPermissionsSQLByUserId($owner_id)
{
$local_user = local_user();
- $remote_user = remote_user();
+ $remote_contact = Session::getRemoteContactID($owner_id);
/*
* Construct permissions
* default permissions - anonymous user
*/
$sql = " AND allow_cid = ''
- AND allow_gid = ''
- AND deny_cid = ''
- AND deny_gid = ''
- ";
+ AND allow_gid = ''
+ AND deny_cid = ''
+ AND deny_gid = '' ";
/*
* Profile owner - everything is visible
if ($local_user && $local_user == $owner_id) {
$sql = '';
/*
- * Authenticated visitor. Unless pre-verified,
- * check that the contact belongs to this $owner_id
- * and load the groups the visitor belongs to.
- * If pre-verified, the caller is expected to have already
- * done this and passed the groups into this function.
+ * Authenticated visitor. Load the groups the visitor belongs to.
*/
- } elseif ($remote_user) {
- /*
- * Authenticated visitor. Unless pre-verified,
- * check that the contact belongs to this $owner_id
- * and load the groups the visitor belongs to.
- * If pre-verified, the caller is expected to have already
- * done this and passed the groups into this function.
- */
-
- if (!$remote_verified) {
- $cid = 0;
-
- foreach (\Friendica\Core\Session::get('remote', []) as $visitor) {
- if ($visitor['uid'] == $owner_id) {
- $cid = $visitor['cid'];
- break;
- }
- }
+ } elseif ($remote_contact) {
+ $gs = '<<>>'; // should be impossible to match
- if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) {
- $remote_verified = true;
- $groups = Group::getIdsByContactId($cid);
- }
- }
+ $groups = Group::getIdsByContactId($remote_contact);
- if ($remote_verified) {
- $gs = '<<>>'; // should be impossible to match
-
- if (is_array($groups)) {
- foreach ($groups as $g) {
- $gs .= '|<' . intval($g) . '>';
- }
+ if (is_array($groups)) {
+ foreach ($groups as $g) {
+ $gs .= '|<' . intval($g) . '>';
}
-
- $sql = sprintf(
- " AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
- AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
- )
- ",
- intval($cid),
- DBA::escape($gs),
- intval($cid),
- DBA::escape($gs)
- );
}
+
+ $sql = sprintf(
+ " AND (NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
+ AND (allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR (allow_cid = '' AND allow_gid = ''))) ",
+ intval($remote_contact),
+ DBA::escape($gs),
+ intval($remote_contact),
+ DBA::escape($gs)
+ );
}
return $sql;
}
-
}
projects / friendica.git / commitdiff