diff options
Diffstat (limited to 'mod/dfrn_poll.php')
-rw-r--r-- | mod/dfrn_poll.php | 80 |
1 files changed, 49 insertions, 31 deletions
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index ae3dc892d..6b4c50ad2 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -1,6 +1,8 @@ <?php require_once('include/items.php'); +require_once('include/auth.php'); + function dfrn_poll_init(&$a) { @@ -63,37 +65,6 @@ function dfrn_poll_init(&$a) { } - if($dfrn_id != '*') { - // initial communication from external contact - $hash = random_string(); - - $status = 0; - - $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time())); - - $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` ) - VALUES( '%s', '%s', '%s', '%s', '%s' ) ", - dbesc($hash), - dbesc(notags(trim($_GET['dfrn_id']))), - intval(time() + 60 ), - dbesc($type), - dbesc($last_update) - ); - - $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1", - dbesc($_GET['dfrn_id'])); - if((! count($r)) || (! strlen($r[0]['prvkey']))) - $status = 1; - - $challenge = ''; - - openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); - $challenge = bin2hex($challenge); - echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>' - . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ; - session_write_close(); - exit; - } } @@ -103,6 +74,7 @@ function dfrn_poll_post(&$a) { $dfrn_id = notags(trim($_POST['dfrn_id'])); $challenge = notags(trim($_POST['challenge'])); $url = $_POST['url']; + $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", dbesc($dfrn_id), dbesc($challenge) @@ -166,6 +138,52 @@ function dfrn_poll_post(&$a) { } } +function dfrn_poll_content(&$a) { + + if(x($_GET,'dfrn_id')) + $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id']; + if(x($_GET,'type')) + $type = $a->config['dfrn_poll_type'] = $_GET['type']; + if(x($_GET,'last_update')) + $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update']; + + + if($dfrn_id != '*') { + // initial communication from external contact + $hash = random_string(); + + $status = 0; + + $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time())); + + $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` ) + VALUES( '%s', '%s', '%s', '%s', '%s' ) ", + dbesc($hash), + dbesc(notags(trim($_GET['dfrn_id']))), + intval(time() + 60 ), + dbesc($type), + dbesc($last_update) + ); + $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1", + dbesc($_GET['dfrn_id'])); + if((! count($r)) || (! strlen($r[0]['prvkey']))) + $status = 1; + + $challenge = ''; + + openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); + $challenge = bin2hex($challenge); + echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>' + . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ; + session_write_close(); + exit; + } + + + + + +} |