aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-09-03 23:50:18 -0700
committerzotlabs <mike@macgirvin.com>2017-09-03 23:50:18 -0700
commitfc62f07a089daf698953e6e4197668fbf8aebef9 (patch)
tree3e6a0b53dc61008b336497eb16a693b8670b6004 /include/zot.php
parent3d0a7f4fc5eacbafa08f49118dc7e54927b4fbed (diff)
downloadvolse-hubzilla-fc62f07a089daf698953e6e4197668fbf8aebef9.tar.gz
volse-hubzilla-fc62f07a089daf698953e6e4197668fbf8aebef9.tar.bz2
volse-hubzilla-fc62f07a089daf698953e6e4197668fbf8aebef9.zip
validate the security context
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/zot.php b/include/zot.php
index 343bc8ad8..56bd7d212 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -4621,6 +4621,7 @@ function zot_reply_auth_check($data,$encrypted_packet) {
// First verify their signature. We will have obtained a zot-info packet from them as part of the sender
// verification.
+ // needs a nonce!!!!
if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
$ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;