<?php function dfrn_notify_post(&$a) { $dfrn_id = notags(trim($_POST['dfrn_id'])); $challenge = notags(trim($_POST['challenge'])); $data = $_POST['data']; $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", dbesc($dfrn_id), dbesc($challenge) ); if(! count($r)) xml_status(3); $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", dbesc($dfrn_id), dbesc($challenge) ); } function dfrn_notify_content(&$a) { if(x($_GET,'dfrn_id')) { // initial communication from external contact $hash = random_string(); $status = 0; $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time())); $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` ) VALUES( '%s', '%s', '%s') ", dbesc($hash), dbesc(notags(trim($_GET['dfrn_id']))), intval(time() + 60 ) ); $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1", dbesc($_GET['dfrn_id'])); if((! count($r)) || (! strlen($r[0]['prvkey']))) $status = 1; $challenge = ''; openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); $challenge = bin2hex($challenge); echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ; session_write_close(); exit; } }