aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/dfrn_notify.php29
1 files changed, 24 insertions, 5 deletions
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 54fa9b97d..830a2d255 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -6,10 +6,11 @@ require_once('include/items.php');
function dfrn_notify_post(&$a) {
- $dfrn_id = notags(trim($_POST['dfrn_id']));
- $dfrn_version = (float) $_POST['dfrn_version'];
- $challenge = notags(trim($_POST['challenge']));
- $data = $_POST['data'];
+ $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : '');
+ $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
+ $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
+ $data = ((x($_POST,'data')) ? $_POST['data'] : '');
+ $key = ((x($_POST,'key')) ? $_POST['key'] : '');
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
@@ -50,7 +51,8 @@ function dfrn_notify_post(&$a) {
}
- $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact`
+ $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`,
+ `contact`.`pubkey` AS `cpubkey`, `contact`.`prvkey` AS `cprvkey`, `user`.* FROM `contact`
LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
@@ -76,6 +78,23 @@ function dfrn_notify_post(&$a) {
//NOTREACHED
}
+ if(strlen($key)) {
+ $rawkey = hex2bin(trim($key));
+ logger('rino: md5 raw key: ' . md5($rawkey));
+ $final_key = '';
+
+ if((($importer['duplex']) && strlen($importer['cpubkey'])) || (! strlen($importer['cprvkey']))) {
+ openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']);
+ }
+ else {
+ openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']);
+ }
+
+ logger('rino: received key : ' . $final_key);
+ $data = aes_decrypt(hex2bin($data),$final_key);
+ logger('rino: decrypted data: ' . $data, LOGGER_DATA);
+ }
+
// Consume notification feed. This may differ from consuming a public feed in several ways
// - might contain email
// - might contain remote followup to our message