blob: c078afe38b9c58715afed854fcc457bb30ec6b9f (
plain) (
tree)
|
|
<?php
function dfrn_notify_post(&$a) {
$dfrn_id = notags(trim($_POST['dfrn_id']));
$challenge = notags(trim($_POST['challenge']));
$data = $_POST['data'];
$r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
dbesc($dfrn_id),
dbesc($challenge)
);
if(! count($r))
xml_status(3);
$r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
dbesc($dfrn_id),
dbesc($challenge)
);
}
function dfrn_notify_content(&$a) {
if(x($_GET,'dfrn_id')) {
// initial communication from external contact
$hash = random_string();
$status = 0;
$r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
$r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` )
VALUES( '%s', '%s', '%s') ",
dbesc($hash),
dbesc(notags(trim($_GET['dfrn_id']))),
intval(time() + 60 )
);
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1",
dbesc($_GET['dfrn_id']));
if((! count($r)) || (! strlen($r[0]['prvkey'])))
$status = 1;
$challenge = '';
openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
echo '<?xml version=1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>'
. '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ;
session_write_close();
exit;
}
}
|