Fix for remote authentication when visiting contact's pages

diff --git a/mod/delegate.php b/mod/delegate.php
index 280498db61a5c59d1948de191deaede28730bf4a..4bfc0e31ba8b78879d5c47021f7f524ae9ea8606 100644 (file)
--- a/mod/delegate.php
+++ b/mod/delegate.php
@@ -163,6 +163,8 @@ function delegate_content(App $a)
 
        if (!is_null($parent_user)) {
                $parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')];
+       } else {
+               $parent_password = '';
        }
 
        $o = Renderer::replaceMacros(Renderer::getMarkupTemplate('delegate.tpl'), [

diff --git a/mod/display.php b/mod/display.php
index 74ad479a78368f60e7bb1027393e5f01bea07531..729ca440138c9dc42e2355f3f4ffba5ace42e07f 100644 (file)
--- a/mod/display.php
+++ b/mod/display.php
@@ -272,33 +272,17 @@ function display_content(App $a, $update = false, $update_uid = 0)
 
        $groups = [];
 
-       $contact = null;
-       $is_remote_contact = false;
-
-       $contact_id = 0;
-
-       if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
-               foreach ($_SESSION['remote'] as $v) {
-                       if ($v['uid'] == $a->profile['uid']) {
-                               $contact_id = $v['cid'];
-                               break;
-                       }
-               }
+       $parent = Item::selectFirst(['uid'], ['uri' => $item_parent_uri, 'wall' => true]);
+       if (DBA::isResult($parent)) {
+               $a->profile['profile_uid'] = $parent['uid'];
        }
 
-       if ($contact_id) {
-               $groups = Group::getIdsByContactId($contact_id);
-               $remote_contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $a->profile['uid']]);
-               if (DBA::isResult($remote_contact)) {
-                       $contact = $remote_contact;
-                       $is_remote_contact = true;
-               }
-       }
+       $is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
 
-       if (!$is_remote_contact) {
-               if (local_user()) {
-                       $contact_id = $_SESSION['cid'];
-                       $contact = $a->contact;
+       if ($is_remote_contact) {
+               $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
+               if (!empty($cdata['user'])) {
+                       $groups = Group::getIdsByContactId($cdata['user']);
                }
        }
 

diff --git a/mod/profile.php b/mod/profile.php
index abbe65ccba2b7bbd9785aa14a03f20f788057aad..2c11f43b9c442273bdf53985df44d4091ed555b3 100644 (file)
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -150,42 +150,17 @@ function profile_content(App $a, $update = 0)
                Nav::setSelected('home');
        }
 
-       $contact = null;
-       $remote_contact = false;
-
-       $contact_id = 0;
-
-       if (!empty($_SESSION['remote'])) {
-               foreach ($_SESSION['remote'] as $v) {
-                       if ($v['uid'] == $a->profile['profile_uid']) {
-                               $contact_id = $v['cid'];
-                               break;
-                       }
-               }
-       }
-
-       if ($contact_id) {
-               $groups = Group::getIdsByContactId($contact_id);
-               $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
-                       intval($contact_id),
-                       intval($a->profile['profile_uid'])
-               );
-               if (DBA::isResult($r)) {
-                       $contact = $r[0];
-                       $remote_contact = true;
-               }
-       }
+       $remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
+       $is_owner = local_user() == $a->profile['profile_uid'];
+       $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user();
 
-       if (!$remote_contact) {
-               if (local_user()) {
-                       $contact_id = $_SESSION['cid'];
-                       $contact = $a->contact;
+       if ($remote_contact) {
+               $cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
+               if (!empty($cdata['user'])) {
+                       $groups = Group::getIdsByContactId($cdata['user']);
                }
        }
 
-       $is_owner = local_user() == $a->profile['profile_uid'];
-       $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user();
-
        if (!empty($a->profile['hidewall']) && !$is_owner && !$remote_contact) {
                notice(L10n::t('Access to this profile has been restricted.') . EOL);
                return;

diff --git a/src/Model/Contact.php b/src/Model/Contact.php
index 4cc78e4d8c81c2cee3b55e1deef3e9bc60505f59..af6ad46d2fe6cc13492a4a7ed215ffed381f52b8 100644 (file)
--- a/src/Model/Contact.php
+++ b/src/Model/Contact.php
@@ -98,6 +98,29 @@ class Contact extends BaseObject
         * @}
         */
 
+       /**
+        * @brief Tests if the given contact is a follower
+        *
+        * @param int $cid Either public contact id or user's contact id
+        * @param int $uid User ID
+        *
+        * @return boolean is the contact id a follower?
+        */
+       public static function isFollower($cid, $uid)
+       {
+               if (self::isBlockedByUser($cid, $uid)) {
+                       return false;
+               }
+
+               $cdata = self::getPublicAndUserContacID($cid, $uid);
+               if (empty($cdata['user'])) {
+                       return false;
+               }
+
+               $condition = ['id' => $cdata['user'], 'rel' => [self::FOLLOWER, self::FRIEND]];
+               return DBA::exists('contact', $condition);
+       }
+
        /**
         * @brief Get the basepath for a given contact link
         * @todo Add functionality to store this value in the contact table
@@ -125,7 +148,7 @@ class Contact extends BaseObject
         *
         * @return array with public and user's contact id
         */
-       private static function getPublicAndUserContacID($cid, $uid)
+       public static function getPublicAndUserContacID($cid, $uid)
        {
                if (empty($uid) || empty($cid)) {
                        return [];
@@ -2054,6 +2077,10 @@ class Contact extends BaseObject
         */
        public static function magicLink($contact_url, $url = '')
        {
+               if (!local_user()) {
+                       return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url;
+               }
+
                $cid = self::getIdForURL($contact_url, 0, true);
                if (empty($cid)) {
                        return $url ?: $contact_url; // Equivalent to: ($url != '') ? $url : $contact_url;
@@ -2087,7 +2114,7 @@ class Contact extends BaseObject
         */
        public static function magicLinkbyContact($contact, $url = '')
        {
-               if ($contact['network'] != Protocol::DFRN) {
+               if (!local_user() || ($contact['network'] != Protocol::DFRN)) {
                        return $url ?: $contact['url']; // Equivalent to ($url != '') ? $url : $contact['url'];
                }