From 4db38ec64a44de425d6966cb2b50d487d70b5366 Mon Sep 17 00:00:00 2001
From: Max Kostikov <max@kostikov.co>
Date: Tue, 21 Jul 2020 23:59:26 +0200
Subject: Add minimum form displaying time before login

---
 include/security.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/security.php b/include/security.php
index 38cb72263..c9df00f1e 100644
--- a/include/security.php
+++ b/include/security.php
@@ -594,9 +594,11 @@ function check_form_security_token($typename = '', $formname = 'form_security_to
 	$hash = $_REQUEST[$formname];
 
 	$max_livetime = 10800; // 3 hours
+	$min_livetime = 3; // 3 sec
 
 	$x = explode('.', $hash);
-	if (time() > (IntVal($x[0]) + $max_livetime)) return false;
+	if (time() > (IntVal($x[0]) + $max_livetime) || time() < (IntVal($x[0]) + $min_livetime))
+	    return false;
 
 	$sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $x[0] . $typename);
 
-- 
cgit v1.2.3


From 13ff9a897da05fbd4d82f9bfa758e6f821b833b3 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 22 Jul 2020 16:20:36 -0700
Subject: foreach warning

---
 include/network.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/network.php b/include/network.php
index aada36fba..d9d534cd7 100644
--- a/include/network.php
+++ b/include/network.php
@@ -1101,7 +1101,7 @@ function discover_by_webbie($webbie, $protocol = '') {
 	$network  = null;
 
 	$x = webfinger_rfc7033($webbie, true);
-	if($x && array_key_exists('links',$x) && $x['links']) {
+	if($x && array_key_exists('links',$x) && is_array($x['links'])) {
 
 		foreach($x['links'] as $link) {
 			if(array_key_exists('rel',$link)) {
-- 
cgit v1.2.3


From 7ae86d29d2474c5e85965c06a4c6a6b7e416b333 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 22 Jul 2020 16:23:38 -0700
Subject: add api_verify to api_zot

---
 include/api_zot.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/api_zot.php b/include/api_zot.php
index 287720484..8f621d998 100644
--- a/include/api_zot.php
+++ b/include/api_zot.php
@@ -1,7 +1,9 @@
 <?php
 
 	function zot_api_init() {
-        api_register_func('api/red/version','api_zot_version',false);
+		api_register_func('api/z/1.0/verify','api_verify', true);
+
+		api_register_func('api/red/version','api_zot_version',false);
         api_register_func('api/z/1.0/version','api_zot_version',false);
 		api_register_func('api/export/basic','api_export_basic', true);
 		api_register_func('api/red/channel/export/basic','api_export_basic', true);
@@ -47,6 +49,17 @@
 		return;
 	}
 
+	function api_verify($type) {
+		if (api_user() === false) {
+			logger('no channel');
+			return false;
+		}
+		$channel = channelx_by_n(api_user());
+		// logger('channel: ' . print_r($channel,true));
+
+		json_return_and_die($channel);
+	}
+
 
 	function api_zot_version($type) {
 
-- 
cgit v1.2.3