From ec66553032820d6fff718a716e5cfdb2c38cd6cd Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 25 Sep 2019 22:24:17 +0000 Subject: [PATCH] Reworked "remote" cookie handling --- boot.php | 11 +++------ include/items.php | 10 ++------ mod/cal.php | 9 ++----- mod/dfrn_poll.php | 5 ++-- mod/item.php | 14 ++--------- mod/photos.php | 57 ++++++++++++------------------------------- mod/redir.php | 19 ++++----------- mod/videos.php | 42 +++++++++---------------------- mod/wall_attach.php | 34 ++++++++------------------ mod/wall_upload.php | 35 +++++++++----------------- src/Core/Session.php | 36 ++++++++++++++++++++++++--- src/Model/Profile.php | 15 ++++-------- src/Object/Post.php | 11 +++------ 13 files changed, 106 insertions(+), 192 deletions(-) diff --git a/boot.php b/boot.php index 224eba1f45..6d09c647e9 100644 --- a/boot.php +++ b/boot.php @@ -23,6 +23,7 @@ use Friendica\Core\Config; use Friendica\Core\PConfig; use Friendica\Core\Protocol; use Friendica\Core\System; +use Friendica\Core\Session; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Term; @@ -426,14 +427,8 @@ function remote_user($uid = null) return false; } - if (!is_null($uid) && !empty($_SESSION['remote'])) { - /// @todo replace it with this: - // if (!empty($_SESSION['remote'][$uid])) ... - foreach ($_SESSION['remote'] as $visitor) { - if ($visitor['uid'] == $uid) { - return $visitor['cid']; - } - } + if (!is_null($uid)) { + return Session::getVisitorContactIDForUserID($uid); } elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) { return intval($_SESSION['visitor_id']); } diff --git a/include/items.php b/include/items.php index 25c857f115..c5d8fc023d 100644 --- a/include/items.php +++ b/include/items.php @@ -362,14 +362,8 @@ function drop_item($id, $return = '') $contact_id = 0; // check if logged in user is either the author or owner of this item - - if (!empty($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $visitor) { - if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) { - $contact_id = $visitor['cid']; - break; - } - } + if (remote_user($item['uid']) == $item['contact-id']) { + $contact_id = $item['contact-id']; } if ((local_user() == $item['uid']) || $contact_id) { diff --git a/mod/cal.php b/mod/cal.php index 05ad314b03..b77abaa828 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -113,13 +113,8 @@ function cal_content(App $a) $owner_uid = intval($a->data['user']['uid']); $nick = $a->data['user']['nickname']; - if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $a->profile['profile_uid']) { - $contact_id = $v['cid']; - break; - } - } + if (!empty(remote_user($a->profile['profile_uid']))) { + $contact_id = remote_user($a->profile['profile_uid']); } $groups = []; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index d805bcfd49..fa0cf1037e 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -114,7 +114,7 @@ function dfrn_poll_init(App $a) $_SESSION['remote'] = []; } - $_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']]; + $_SESSION['remote'][$r[0]['uid']] = $r[0]['id']; $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; @@ -521,7 +521,8 @@ function dfrn_poll_content(App $a) $_SESSION['remote'] = []; } - $_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']]; + $_SESSION['remote'][$r[0]['uid']] = $r[0]['id']; + $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_visiting'] = $r[0]['uid']; diff --git a/mod/item.php b/mod/item.php index 8bc394bcb9..5ffee86a06 100644 --- a/mod/item.php +++ b/mod/item.php @@ -348,18 +348,8 @@ function item_post(App $a) { if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) { $self = true; $author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]); - } elseif (remote_user()) { - if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $profile_uid) { - $contact_id = $v['cid']; - break; - } - } - } - if ($contact_id) { - $author = DBA::selectFirst('contact', [], ['id' => $contact_id]); - } + } elseif (!empty(remote_user($profile_uid))) { + $author = DBA::selectFirst('contact', [], ['id' => remote_user($profile_uid)]); } if (DBA::isResult($author)) { diff --git a/mod/photos.php b/mod/photos.php index 50f40b248c..06abade5e9 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -154,14 +154,12 @@ function photos_post(App $a) if (local_user() && (local_user() == $page_owner_uid)) { $can_post = true; - } elseif ($community_page && remote_user($page_owner_uid)) { + } elseif ($community_page && !empty(remote_user($page_owner_uid))) { $contact_id = remote_user($page_owner_uid); - if ($contact_id > 0) { - if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { - $can_post = true; - $visitor = $contact_id; - } + if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { + $can_post = true; + $visitor = $contact_id; } } @@ -883,50 +881,27 @@ function photos_content(App $a) if (local_user() && (local_user() == $owner_uid)) { $can_post = true; - } else { - if ($community_page && remote_user()) { - if (is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + } elseif ($community_page && !empty(remote_user($owner_uid))) { + $contact_id = remote_user($owner_uid); + $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); - if ($contact_id) { - $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); - - if (DBA::isResult($contact)) { - $can_post = true; - $remote_contact = true; - $visitor = $contact_id; - } - } + if (DBA::isResult($contact)) { + $can_post = true; + $remote_contact = true; + $visitor = $contact_id; } } $groups = []; // perhaps they're visiting - but not a community page, so they wouldn't have write access - if (remote_user() && !$visitor) { - $contact_id = 0; - if (is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + if (!empty(remote_user($owner_uid)) && !$visitor) { + $contact_id = remote_user($owner_uid); + $groups = Group::getIdsByContactId($contact_id); - if ($contact_id) { - $groups = Group::getIdsByContactId($contact_id); + $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); - $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); - - $remote_contact = DBA::isResult($contact); - } + $remote_contact = DBA::isResult($contact); } if (!$remote_contact && local_user()) { diff --git a/mod/redir.php b/mod/redir.php index 1df7060fa6..6b492473a0 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -66,20 +66,11 @@ function redir_init(App $a) { // with the local contact. Otherwise the local user would ask the local contact // for authentification everytime he/she is visiting a profile page of the local // contact. - if ($host == $remotehost - && !empty($_SESSION['remote']) - && is_array($_SESSION['remote'])) - { - foreach ($_SESSION['remote'] as $v) { - if (!empty($v['uid']) && !empty($v['cid']) && - $v['uid'] == Session::get('visitor_visiting') && - $v['cid'] == Session::get('visitor_id')) { - // Remote user is already authenticated. - $target_url = defaults($url, $contact_url); - Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG); - $a->redirect($target_url); - } - } + if (($host == $remotehost) && (remote_user(Session::get('visitor_visiting')) == Session::get('visitor_id'))) { + // Remote user is already authenticated. + $target_url = defaults($url, $contact_url); + Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG); + $a->redirect($target_url); } } diff --git a/mod/videos.php b/mod/videos.php index 9e19ecf117..62ecd0c378 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -154,44 +154,26 @@ function videos_content(App $a) if ((local_user()) && (local_user() == $owner_uid)) { $can_post = true; - } elseif ($community_page && remote_user()) { - if (!empty($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + } elseif ($community_page && !empty(remote_user($owner_uid))) { + $contact_id = remote_user($owner_uid); - if ($contact_id > 0) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($owner_uid) - ); + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($owner_uid) + ); - if (DBA::isResult($r)) { - $can_post = true; - $remote_contact = true; - $visitor = $contact_id; - } + if (DBA::isResult($r)) { + $can_post = true; + $remote_contact = true; + $visitor = $contact_id; } } $groups = []; // perhaps they're visiting - but not a community page, so they wouldn't have write access - if (remote_user() && (!$visitor)) { - $contact_id = 0; - - if (!empty($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + if (!empty(remote_user($owner_uid)) && !$visitor) { + $contact_id = remote_user($owner_uid); if ($contact_id > 0) { $groups = Group::getIdsByContactId($contact_id); diff --git a/mod/wall_attach.php b/mod/wall_attach.php index c4ee33bd18..096439fa74 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -43,35 +43,21 @@ function wall_attach_post(App $a) { $page_owner_cid = $r[0]['id']; $community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false); - if ((local_user()) && (local_user() == $page_owner_uid)) { + if (local_user() && (local_user() == $page_owner_uid)) { $can_post = true; - } else { - if ($community_page && remote_user()) { - $contact_id = 0; + } elseif ($community_page && !empty(remote_user($page_owner_uid))) { + $contact_id = remote_user($page_owner_uid); + $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($page_owner_uid) + ); - if (is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $page_owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } - - if ($contact_id > 0) { - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($page_owner_uid) - ); - - if (DBA::isResult($r)) { - $can_post = true; - } - } + if (DBA::isResult($r)) { + $can_post = true; } } - if (! $can_post) { + if (!$can_post) { if ($r_json) { echo json_encode(['error' => L10n::t('Permission denied.')]); exit(); diff --git a/mod/wall_upload.php b/mod/wall_upload.php index a245ca739c..0848c05906 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -74,34 +74,21 @@ function wall_upload_post(App $a, $desktopmode = true) if ((local_user()) && (local_user() == $page_owner_uid)) { $can_post = true; - } else { - if ($community_page && remote_user()) { - $contact_id = 0; - if (is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $v) { - if ($v['uid'] == $page_owner_uid) { - $contact_id = $v['cid']; - break; - } - } - } + } elseif ($community_page && !empty(remote_user($page_owner_uid))) { + $contact_id = remote_user($page_owner_uid); - if ($contact_id) { - $r = q("SELECT `uid` FROM `contact` - WHERE `blocked` = 0 AND `pending` = 0 - AND `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($page_owner_uid) - ); - if (DBA::isResult($r)) { - $can_post = true; - $visitor = $contact_id; - } - } + $r = q("SELECT `uid` FROM `contact` + WHERE `blocked` = 0 AND `pending` = 0 + AND `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($page_owner_uid) + ); + if (DBA::isResult($r)) { + $can_post = true; + $visitor = $contact_id; } } - if (!$can_post) { if ($r_json) { echo json_encode(['error' => L10n::t('Permission denied.')]); diff --git a/src/Core/Session.php b/src/Core/Session.php index 9927fca189..8e6e4c4577 100644 --- a/src/Core/Session.php +++ b/src/Core/Session.php @@ -120,7 +120,7 @@ class Session 'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'], 'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3), 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'), - 'remote' => [] + 'remote' => [], ]); $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); @@ -129,9 +129,7 @@ class Session continue; } - /// @todo Change it to this format to save space - // $_SESSION['remote'][$contact['uid']] = $contact['id']; - $_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']]; + $_SESSION['remote'][$contact['uid']] = $contact['id']; } DBA::close($remote_contacts); @@ -216,4 +214,34 @@ class Session } } } + + /** + * Returns contact ID for given user ID + * + * @param integer $uid User ID + * @return integer Contact ID of visitor for given user ID + */ + public static function getVisitorContactIDForUserID($uid) + { + if (empty($_SESSION['remote'][$uid])) { + return false; + } + + return $_SESSION['remote'][$uid]; + } + + /** + * Returns User ID for given contact ID of the visitor + * + * @param integer $cid Contact ID + * @return integer User ID for given contact ID of the visitor + */ + public static function getUserIDForVisitorContactID($cid) + { + if (empty($_SESSION['remote'])) { + return false; + } + + return array_search($cid, $_SESSION['remote']); + } } diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 290b6d3490..69e73fc80b 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -248,15 +248,10 @@ class Profile */ public static function getByNickname($nickname, $uid = 0, $profile_id = 0) { - if (remote_user($uid) && !empty($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $visitor) { - if ($visitor['uid'] == $uid) { - $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]); - if (DBA::isResult($contact)) { - $profile_id = $contact['profile-id']; - } - break; - } + if (!empty(remote_user($uid))) { + $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => remote_user($uid)]); + if (DBA::isResult($contact)) { + $profile_id = $contact['profile-id']; } } @@ -1130,7 +1125,7 @@ class Profile continue; } - $_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']]; + $_SESSION['remote'][$contact['uid']] = $contact['id']; } $a->contact = $visitor; diff --git a/src/Object/Post.php b/src/Object/Post.php index 36be9c4e6b..afb55a0212 100644 --- a/src/Object/Post.php +++ b/src/Object/Post.php @@ -14,8 +14,8 @@ use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\PConfig; use Friendica\Core\Protocol; -use Friendica\Core\Renderer; use Friendica\Core\Session; +use Friendica\Core\Renderer; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Item; @@ -71,13 +71,8 @@ class Post extends BaseObject $this->setTemplate('wall'); $this->toplevel = $this->getId() == $this->getDataValue('parent'); - if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { - foreach ($_SESSION['remote'] as $visitor) { - if ($visitor['cid'] == $this->getDataValue('contact-id')) { - $this->visiting = true; - break; - } - } + if (!empty(Session::getUserIDForVisitorContactID($this->getDataValue('contact-id')))) { + $this->visiting = true; } $this->writable = $this->getDataValue('writable') || $this->getDataValue('self');