require access token to view, query, or join directories in private realms, if the realm is so configured.

3 files changed, 41 insertions, 5 deletions

diff --git a/mod/directory.php b/mod/directory.php
index 329e255cf..bc5aa41e2 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -92,6 +92,9 @@ function directory_content(&$a) {
 		$url = $directory['url'] . '/dirsearch';
 	}
 
+	$token = get_config('system','realm_token');
+
+
 	logger('mod_directory: URL = ' . $url, LOGGER_DEBUG);
 
 	$contacts = array();
@@ -106,8 +109,6 @@ function directory_content(&$a) {
 		}
 	}
 
-
-
 	if($url) {
 		// We might want to make the tagadelic count (&kw=) configurable or turn it off completely.
 
@@ -116,6 +117,9 @@ function directory_content(&$a) {
 		$kw = ((intval($numtags)) ? $numtags : 24);
 		$query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : '');
 
+		if($token)
+			$query .= '&t=' . $token;
+
 		if($search)
 			$query .= '&name=' . urlencode($search) . '&keywords=' . urlencode($search);
 		if(strpos($search,'@'))
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 5a0a7cee8..12abfafb8 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -13,7 +13,6 @@ function dirsearch_content(&$a) {
 	$ret = array('success' => false);
 
 
-
 	$dirmode = intval(get_config('system','directory_mode'));
 
 	if($dirmode == DIRECTORY_MODE_NORMAL) {
@@ -21,6 +20,15 @@ function dirsearch_content(&$a) {
 		json_return_and_die($ret);
 	}
 
+	$access_token = $_REQUEST['t'];
+
+	$token = get_config('system','realm_token');
+	if($token && $access_token != $token) {
+		$result['message'] = t('This directory server requires an access token');
+		return;
+	}
+
+
 	if(argc() > 1 && argv(1) === 'sites') {
 		$ret = list_public_sites();
 		json_return_and_die($ret);
diff --git a/mod/regdir.php b/mod/regdir.php
index f24ee3951..f12659dad 100644
--- a/mod/regdir.php
+++ b/mod/regdir.php
@@ -18,7 +18,8 @@ function regdir_init(&$a) {
 	$result = array('success' => false);
 
 	$url = $_REQUEST['url'];
-
+	$access_token = $_REQUEST['t'];
+	$valid = 0;
 
 	// we probably don't need the realm as we will find out in the probe.
 	// What we may want to die is throw an error if you're trying to register in a different realm
@@ -28,6 +29,18 @@ function regdir_init(&$a) {
 	if(! $realm)
 		$realm = DIRECTORY_REALM;
 
+	if($realm === DIRECTORY_REALM) {
+		$valid = 1;
+	}
+	else {
+		$token = get_config('system','realm_token');
+		if($token && $access_token != $token) {
+			$result['message'] = 'This realm requires an access token';
+			return;
+		}
+		$valid = 1;
+	}
+	
 	$dirmode = intval(get_config('system','directory_mode'));
 
 	if($dirmode == DIRECTORY_MODE_NORMAL) {
@@ -56,14 +69,25 @@ function regdir_init(&$a) {
 			}
 		}
 
+		q("update site set site_valid = %d where site_url = '%s' limit 1",
+			intval($valid),
+			strtolower($url)
+		);
+
 		json_return_and_die($result);
 	}
 	else {
+
+		// We can put this in the sql without the condition after 31 march 2015 assuming
+		// most directory servers will have updated by then
+		// This just makes sure it happens if I forget
+
+		$sql_extra = ((datetime_convert() > datetime_convert('UTC','UTC','2015-03-31')) ? ' and site_valid = 1 ' : '' );
 		if($dirmode == DIRECTORY_MODE_STANDALONE) {
 			$r = array(array('site_url' => z_root()));
 		}
 		else {
-			$r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s'",
+			$r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s' $sql_extra ",
 				dbesc(get_directory_realm())
 			);
 		}