diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/dfrn_notify.php | 29 | ||||
| -rw-r--r-- | mod/dfrn_poll.php | 43 | ||||
| -rw-r--r-- | mod/redir.php | 9 |
3 files changed, 52 insertions, 29 deletions
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 3e98377e8..7cab98eb8 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -23,7 +23,10 @@ function dfrn_notify_post(&$a) { // find the local user who owns this relationship. - $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `issued-id` = '%s' LIMIT 1", + $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` + LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` + WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s' )) LIMIT 1", + dbesc($dfrn_id), dbesc($dfrn_id) ); @@ -341,20 +344,28 @@ function dfrn_notify_content(&$a) { intval(time() + 60 ) ); - $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1", - dbesc($_GET['dfrn_id'])); - if((! count($r)) || (! strlen($r[0]['prvkey']))) + $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s')) + AND `blocked` = 0 AND `pending` = 0 LIMIT 1", + dbesc($_GET['dfrn_id']), + dbesc($_GET['dfrn_id']) + ); + if(! count($r)) $status = 1; $challenge = ''; - - openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); - $challenge = bin2hex($challenge); - $encrypted_id = ''; $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); - openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + if($r[0]['duplex']) { + openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); + openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); + } + else { + openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); + openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + } + + $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index c627c2b41..84cb58da0 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -25,8 +25,11 @@ function dfrn_poll_init(&$a) { $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE `dfrn-id` = '%s' LIMIT 1", - dbesc($dfrn_id)); + WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex `= 1 )) LIMIT 1", + dbesc($dfrn_id), + dbesc($dfrn_id) + ); + if(count($r)) { $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check'); if(strlen($s)) { @@ -87,9 +90,11 @@ function dfrn_poll_post(&$a) { ); - $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) LIMIT 1", + dbesc($dfrn_id), dbesc($dfrn_id) ); + if(! count($r)) killme(); @@ -165,23 +170,32 @@ function dfrn_poll_content(&$a) { dbesc($last_update) ); - $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1", - dbesc($_GET['dfrn_id'])); - if((count($r)) && (strlen($r[0]['prvkey']))) { + $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) + AND `blocked` = 0 AND `pending` = 0 LIMIT 1", + dbesc($_GET['dfrn_id']), + dbesc($_GET['dfrn_id']) + ); + if(count($r)) { $challenge = ''; - - openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); - $challenge = bin2hex($challenge); - $encrypted_id = ''; $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); - openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + + if($r[0]['duplex']) { + openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); + openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); + } + else { + openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); + openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + } + + $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); } else { - $status = 1; // key not found + $status = 1; } echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' @@ -189,11 +203,6 @@ function dfrn_poll_content(&$a) { session_write_close(); exit; } - - - - - } diff --git a/mod/redir.php b/mod/redir.php index ea1aec6e9..88b291146 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -4,17 +4,20 @@ function redir_init(&$a) { if((! local_user()) || (! ($a->argc == 2)) || (! intval($a->argv[1]))) goaway($a->get_baseurl()); - $r = q("SELECT `issued-id`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("SELECT `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval($_SESSION['uid'])); if(! count($r)) goaway($a->get_baseurl()); + + $dfrn_id = (($r[0]['duplex']) ? $r[0]['dfrn-id'] : $r[0]['issued-id']); + q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`) VALUES( %d, '%s', %d )", intval($_SESSION['uid']), - dbesc($r[0]['issued-id']), + dbesc($dfrn_id), intval(time() + 45)); - goaway ($r[0]['poll'] . '?dfrn_id=' . $r[0]['issued-id'] . '&type=profile'); + goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile'); |