diff options
author | Friendika <info@friendika.com> | 2011-08-28 19:22:27 -0700 |
---|---|---|
committer | Friendika <info@friendika.com> | 2011-08-28 19:22:27 -0700 |
commit | f29f228463d35f574d6d285be0cf337b7d39c541 (patch) | |
tree | aa7e977a25536397506c6c30f8e4d67eb85320d6 /mod/item.php | |
parent | 030dcbd467d5faf01e6f62b9cd9b1be6f8974dcc (diff) | |
download | volse-hubzilla-f29f228463d35f574d6d285be0cf337b7d39c541.tar.gz volse-hubzilla-f29f228463d35f574d6d285be0cf337b7d39c541.tar.bz2 volse-hubzilla-f29f228463d35f574d6d285be0cf337b7d39c541.zip |
bring Diaspora message signing back to the source author - whether they like it or not.
Diffstat (limited to 'mod/item.php')
-rw-r--r-- | mod/item.php | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/mod/item.php b/mod/item.php index ef0b232d5..dd42014eb 100644 --- a/mod/item.php +++ b/mod/item.php @@ -15,6 +15,8 @@ * */ +require_once('include/crypto.php'); + function item_post(&$a) { if((! local_user()) && (! remote_user())) @@ -674,6 +676,27 @@ function item_post(&$a) { pop_lang(); } + + // We won't be able to sign Diaspora comments for authenticated visitors - we don't have their private key + + if($self) { + require_once('include/bb2diaspora.php'); + $signed_body = html_entity_decode(bb2diaspora($datarray['body'])); + $myaddr = $a->user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + if($datarray['verb'] === ACTIVITY_LIKE) + $signed_text = $datarray['guid'] . ';' . 'Post' . ';' . $parent_item['guid'] . ';' . 'true' . ';' . $myaddr; + else + $signed_text = $datarray['guid'] . ';' . $parent_item['guid'] . ';' . $signed_body . ';' . $myaddr; + + $authorsig = base64_encode(rsa_sign($signed_text,$a->user['prvkey'],'sha')); + + q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + intval($post_id), + dbesc($signed_text), + dbesc(base64_encode($authorsig)), + dbesc($myaddr) + ); + } } else { $parent = $post_id; @@ -799,6 +822,12 @@ function item_post(&$a) { } } + + + + + + logger('post_complete'); // figure out how to return, depending on from whence we came |