diff options
| -rw-r--r-- | boot.php | 2 | ||||
| -rw-r--r-- | install/database.sql | 15 | ||||
| -rw-r--r-- | install/update.php | 20 | ||||
| -rw-r--r-- | mod/magic.php | 22 |
4 files changed, 55 insertions, 4 deletions
@@ -17,7 +17,7 @@ define ( 'FRIENDICA_PLATFORM', 'Friendica Red'); define ( 'FRIENDICA_VERSION', trim(file_get_contents('version.inc')) . 'R'); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1001 ); +define ( 'DB_UPDATE_VERSION', 1002 ); define ( 'EOL', "<br />\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); diff --git a/install/database.sql b/install/database.sql index 182d02432..574aaa38e 100644 --- a/install/database.sql +++ b/install/database.sql @@ -894,6 +894,21 @@ CREATE TABLE IF NOT EXISTS `tokens` ( KEY `uid` (`uid`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; +CREATE TABLE IF NOT EXISTS `verify` ( + `id` int(10) unsigned NOT NULL, + `channel` int(10) unsigned NOT NULL DEFAULT '0', + `type` char(32) NOT NULL DEFAULT '', + `token` char(255) NOT NULL DEFAULT '', + `meta` char(255) NOT NULL DEFAULT '', + `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', + PRIMARY KEY (`id`), + KEY `channel` (`channel`), + KEY `type` (`type`), + KEY `token` (`token`), + KEY `meta` (`meta`), + KEY `created` (`created`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8; + CREATE TABLE IF NOT EXISTS `xchan` ( `xchan_hash` char(255) NOT NULL, `xchan_guid` char(255) NOT NULL DEFAULT '', diff --git a/install/update.php b/install/update.php index edd4701a1..f767c2f22 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ <?php -define( 'UPDATE_VERSION' , 1001 ); +define( 'UPDATE_VERSION' , 1002 ); /** * @@ -43,3 +43,21 @@ function update_r1000() { } +function update_r1001() { + $r = q("CREATE TABLE if not exists `verify` ( + `id` INT(10) UNSIGNED NOT NULL , + `channel` INT(10) UNSIGNED NOT NULL DEFAULT '0', + `type` CHAR( 32 ) NOT NULL DEFAULT '', + `token` CHAR( 255 ) NOT NULL DEFAULT '', + `meta` CHAR( 255 ) NOT NULL DEFAULT '', + `created` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00', + PRIMARY KEY ( `id` ) + ) ENGINE = MYISAM "); + + $r2 = q("alter table `verify` add index (`channel`), add index (`type`), add index (`token`), + add index (`meta`), add index (`created`)"); + + if($r && $r2) + return UPDATE_SUCCESS; + return UPDATE_FAILED; +} diff --git a/mod/magic.php b/mod/magic.php index c457c97ea..b48e2b8c9 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -49,9 +49,21 @@ function magic_init(&$a) { // Just redirect. goaway($desturl); } + + $token = random_string(); + $recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])); $channel = $a->get_channel(); $hash = random_string(); + + $r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')", + dbesc('auth'), + intval($channel['channel_id']), + dbesc($token), + dbesc($hubloc['hubloc_hash']), + dbesc(datetime_convert()) + ); + $packet = zot_build_packet($channel,'auth',$recip,$x[0]['hubloc_sitekey'],$hash); $result = zot_zot($x[0]['hubloc_callback'],$packet); if($result['success']) { @@ -60,8 +72,14 @@ function magic_init(&$a) { $y = aes_unencapsulate($j,$channel['prvkey']); $j = json_decode($y,true); } - if($y['token']) - goaway($x[0]['callback'] . '?f=&token=' . $token . '&dest=' . $dest); + if($j['token'] && $j['ticket'] && $j['token'] === $token) { + $r = q("delete from verify where token = '%s' and type = '%s' and channel = %d limit 1", + dbesc($token), + dbesc('auth'), + intval($channel['channel_id']) + ); + goaway($x[0]['callback'] . '?f=&ticket=' . $ticket . '&dest=' . $dest); + } } goaway($dest); } |