From 125ebfeb0cca25a34a54fc57908d2afa93b96f44 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Feb 2015 16:54:55 -0800 Subject: add signatures --- mod/prate.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'mod/prate.php') diff --git a/mod/prate.php b/mod/prate.php index 28703d414..9c46d205a 100644 --- a/mod/prate.php +++ b/mod/prate.php @@ -2,12 +2,13 @@ function prate_post(&$a) { + if(! local_channel()) return; $channel = $a->get_channel(); - $target = $_REQUEST['target']; + $target = trim($_REQUEST['target']); if(! $target) return; @@ -20,7 +21,12 @@ function prate_post(&$a) { if($rating > 10) $rating = 10; - $rating_text = escape_tags($_REQUEST['rating_text']); + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); + + $signed = $target . '.' . $rating . '.' . $rating_text; + + $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_xlink = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), @@ -28,20 +34,22 @@ function prate_post(&$a) { ); if($z) { $record = $z[0]['xlink_id']; - $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_updated = '%s' + $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d", intval($rating), dbesc($rating_text), + dbesc($sig), dbesc(datetime_convert()), intval($record) ); } else { - $w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', 1 ) ", + $w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", dbesc($channel['channel_hash']), dbesc($target), intval($rating), dbesc($rating_text), + dbesc($sig), dbesc(datetime_convert()) ); $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", -- cgit v1.2.3 From fa710106e5f97744e43a61a7e9ef5a1b993261ee Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Feb 2015 17:58:51 -0800 Subject: sign the ratings, fix the bugs --- mod/prate.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/prate.php') diff --git a/mod/prate.php b/mod/prate.php index 9c46d205a..00de8b6fc 100644 --- a/mod/prate.php +++ b/mod/prate.php @@ -28,7 +28,7 @@ function prate_post(&$a) { $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); - $z = q("select * from xlink where xlink_xchan = '%s' and xlink_xlink = '%s' and xlink_static = 1 limit 1", + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($target) ); -- cgit v1.2.3 From 1807db6cb0cc297aff32750b371a4e2e6539ad31 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Feb 2015 20:13:07 -0800 Subject: send rating information to directories --- mod/prate.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/prate.php') diff --git a/mod/prate.php b/mod/prate.php index 00de8b6fc..30de97927 100644 --- a/mod/prate.php +++ b/mod/prate.php @@ -60,7 +60,7 @@ function prate_post(&$a) { $record = $z[0]['xlink_id']; } if($record) { - proc_run('php','include/notifier.php','rating',$record); + proc_run('php','include/ratenotif.php','rating',$record); } $x = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1", -- cgit v1.2.3 From 5cb2f55dbbe715219dd18c60345e341ed478a753 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 3 Feb 2015 16:52:09 -0800 Subject: rating form work --- mod/prate.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'mod/prate.php') diff --git a/mod/prate.php b/mod/prate.php index 30de97927..25d279a5b 100644 --- a/mod/prate.php +++ b/mod/prate.php @@ -3,6 +3,11 @@ function prate_post(&$a) { +logger('request: ' . print_r($_REQUEST,true)); +return; + + + if(! local_channel()) return; -- cgit v1.2.3 From 17ffe122b309610208d769f0e2b41f53fcf9d254 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 3 Feb 2015 18:10:55 -0800 Subject: ratings - mopping up, most everything but directory sync implemented --- mod/prate.php | 27 --------------------------- 1 file changed, 27 deletions(-) (limited to 'mod/prate.php') diff --git a/mod/prate.php b/mod/prate.php index 25d279a5b..62f188891 100644 --- a/mod/prate.php +++ b/mod/prate.php @@ -3,11 +3,6 @@ function prate_post(&$a) { -logger('request: ' . print_r($_REQUEST,true)); -return; - - - if(! local_channel()) return; @@ -68,28 +63,6 @@ return; proc_run('php','include/ratenotif.php','rating',$record); } - $x = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1", - dbesc($target), - intval($local_channel()) - ); - if($x) { - $w = q("update abook set abook_rating = %d, abook_rating_text = '%s' where abook_xchan = '%s' and abook_channel = %d", - intval($rating), - dbesc($rating_text), - dbesc($target), - intval(local_channel()) - ); - $x = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", - dbesc($target), - intval($local_channel()) - ); - if($x) { - unset($x[0]['abook_id']); - unset($x[0]['abook_account']); - unset($x[0]['abook_channel']); - build_sync_packet(0, array('abook' => array($x[0]))); - } - } return; } -- cgit v1.2.3 From 4ead2cd79d3c7e5c29a11785a3ceefef6d3ba93f Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 3 Feb 2015 21:19:29 -0800 Subject: final cleanup on ratings feature --- mod/prate.php | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'mod/prate.php') diff --git a/mod/prate.php b/mod/prate.php index 62f188891..b89d16f42 100644 --- a/mod/prate.php +++ b/mod/prate.php @@ -1,5 +1,26 @@ get_channel(); + + $target = argv(1); + if(! $target) + return; + + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", + dbesc($channel['channel_hash']), + dbesc($target) + ); + if($r) + json_return_and_die(array('rating' => $r[0]['xlink_rating'],'rating_text' => $r[0]['xlink_rating_text'])); + killme(); +} function prate_post(&$a) { @@ -63,7 +84,7 @@ function prate_post(&$a) { proc_run('php','include/ratenotif.php','rating',$record); } - return; + json_return_and_die(array('result' => true));; } @@ -75,3 +96,4 @@ function prate_post(&$a) { + -- cgit v1.2.3