]> git.mxchange.org Git - friendica.git/blob - mod/dfrn_poll.php
"print_r" in logging replaced / obsolete stuff removed
[friendica.git] / mod / dfrn_poll.php
1 <?php
2 /**
3  * @copyright Copyright (C) 2020, Friendica
4  *
5  * @license GNU AGPL version 3 or any later version
6  *
7  * This program is free software: you can redistribute it and/or modify
8  * it under the terms of the GNU Affero General Public License as
9  * published by the Free Software Foundation, either version 3 of the
10  * License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU Affero General Public License for more details.
16  *
17  * You should have received a copy of the GNU Affero General Public License
18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
19  *
20  */
21
22 use Friendica\App;
23 use Friendica\Core\Logger;
24 use Friendica\Core\System;
25 use Friendica\Core\Session;
26 use Friendica\Database\DBA;
27 use Friendica\DI;
28 use Friendica\Protocol\DFRN;
29 use Friendica\Protocol\OStatus;
30 use Friendica\Util\Network;
31 use Friendica\Util\Strings;
32 use Friendica\Util\XML;
33
34 function dfrn_poll_init(App $a)
35 {
36         DI::auth()->withSession($a);
37
38         $dfrn_id         =  $_GET['dfrn_id']         ?? '';
39         $type            = ($_GET['type']            ?? '') ?: 'data';
40         $last_update     =  $_GET['last_update']     ?? '';
41         $destination_url =  $_GET['destination_url'] ?? '';
42         $challenge       =  $_GET['challenge']       ?? '';
43         $sec             =  $_GET['sec']             ?? '';
44         $dfrn_version    = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
45         $quiet                   = !empty($_GET['quiet']);
46
47         // Possibly it is an OStatus compatible server that requests a user feed
48         $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? '';
49         if (($a->argc > 1) && ($dfrn_id == '') && !strstr($user_agent, 'Friendica')) {
50                 $nickname = $a->argv[1];
51                 header("Content-type: application/atom+xml");
52                 echo OStatus::feed($nickname, $last_update, 10);
53                 exit();
54         }
55
56         $direction = -1;
57
58         if (strpos($dfrn_id, ':') == 1) {
59                 $direction = intval(substr($dfrn_id, 0, 1));
60                 $dfrn_id = substr($dfrn_id, 2);
61         }
62
63         $hidewall = false;
64
65         if (($dfrn_id === '') && empty($_POST['dfrn_id'])) {
66                 if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) {
67                         throw new \Friendica\Network\HTTPException\ForbiddenException();
68                 }
69
70                 $user = '';
71                 if ($a->argc > 1) {
72                         $r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
73                                 DBA::escape($a->argv[1])
74                         );
75                         if (!$r) {
76                                 throw new \Friendica\Network\HTTPException\NotFoundException();
77                         }
78
79                         $hidewall = ($r[0]['hidewall'] && !local_user());
80
81                         $user = $r[0]['nickname'];
82                 }
83
84                 Logger::log('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
85                 header("Content-type: application/atom+xml");
86                 echo DFRN::feed('', $user, $last_update, 0, $hidewall);
87                 exit();
88         }
89
90         if (($type === 'profile') && (!strlen($sec))) {
91                 $sql_extra = '';
92                 switch ($direction) {
93                         case -1:
94                                 $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
95                                 $my_id = $dfrn_id;
96                                 break;
97                         case 0:
98                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
99                                 $my_id = '1:' . $dfrn_id;
100                                 break;
101                         case 1:
102                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
103                                 $my_id = '0:' . $dfrn_id;
104                                 break;
105                         default:
106                                 DI::baseUrl()->redirect();
107                                 break; // NOTREACHED
108                 }
109
110                 $r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
111                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
112                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
113                         AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
114                         DBA::escape($a->argv[1])
115                 );
116
117                 if (DBA::isResult($r)) {
118                         $s = Network::fetchUrl($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
119
120                         Logger::log("dfrn_poll: old profile returns " . $s, Logger::DATA);
121
122                         if (strlen($s)) {
123                                 $xml = XML::parseString($s);
124
125                                 if ((int)$xml->status === 1) {
126                                         $_SESSION['authenticated'] = 1;
127                                         $_SESSION['visitor_id'] = $r[0]['id'];
128                                         $_SESSION['visitor_home'] = $r[0]['url'];
129                                         $_SESSION['visitor_handle'] = $r[0]['addr'];
130                                         $_SESSION['visitor_visiting'] = $r[0]['uid'];
131                                         $_SESSION['my_url'] = $r[0]['url'];
132
133                                         Session::setVisitorsContacts();
134
135                                         if (!$quiet) {
136                                                 info(DI::l10n()->t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
137                                         }
138
139                                         // Visitors get 1 day session.
140                                         $session_id = session_id();
141                                         $expire = time() + 86400;
142                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
143                                                 DBA::escape($expire),
144                                                 DBA::escape($session_id)
145                                         );
146                                 }
147                         }
148
149                         $profile = (count($r) > 0 && isset($r[0]['nickname']) ? $r[0]['nickname'] : '');
150                         if (!empty($destination_url)) {
151                                 System::externalRedirect($destination_url);
152                         } else {
153                                 DI::baseUrl()->redirect('profile/' . $profile);
154                         }
155                 }
156                 DI::baseUrl()->redirect();
157         }
158
159         if ($type === 'profile-check' && $dfrn_version < 2.2) {
160                 if ((strlen($challenge)) && (strlen($sec))) {
161                         DBA::delete('profile_check', ["`expire` < ?", time()]);
162                         $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
163                                 DBA::escape($sec)
164                         );
165                         if (!DBA::isResult($r)) {
166                                 System::xmlExit(3, 'No ticket');
167                                 // NOTREACHED
168                         }
169
170                         $orig_id = $r[0]['dfrn_id'];
171                         if (strpos($orig_id, ':')) {
172                                 $orig_id = substr($orig_id, 2);
173                         }
174
175                         $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
176                                 intval($r[0]['cid'])
177                         );
178                         if (!DBA::isResult($c)) {
179                                 System::xmlExit(3, 'No profile');
180                         }
181
182                         $contact = $c[0];
183
184                         $sent_dfrn_id = hex2bin($dfrn_id);
185                         $challenge = hex2bin($challenge);
186
187                         $final_dfrn_id = '';
188
189                         if (($contact['duplex']) && strlen($contact['prvkey'])) {
190                                 openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
191                                 openssl_private_decrypt($challenge, $decoded_challenge, $contact['prvkey']);
192                         } else {
193                                 openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
194                                 openssl_public_decrypt($challenge, $decoded_challenge, $contact['pubkey']);
195                         }
196
197                         $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
198
199                         if (strpos($final_dfrn_id, ':') == 1) {
200                                 $final_dfrn_id = substr($final_dfrn_id, 2);
201                         }
202
203                         if ($final_dfrn_id != $orig_id) {
204                                 Logger::log('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, Logger::DEBUG);
205                                 // did not decode properly - cannot trust this site
206                                 System::xmlExit(3, 'Bad decryption');
207                         }
208
209                         header("Content-type: text/xml");
210                         echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
211                         exit();
212                         // NOTREACHED
213                 } else {
214                         // old protocol
215                         switch ($direction) {
216                                 case 1:
217                                         $dfrn_id = '0:' . $dfrn_id;
218                                         break;
219                                 case 0:
220                                         $dfrn_id = '1:' . $dfrn_id;
221                                         break;
222                                 default:
223                                         break;
224                         }
225
226                         DBA::delete('profile_check', ["`expire` < ?", time()]);
227                         $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
228                                 DBA::escape($dfrn_id));
229                         if (DBA::isResult($r)) {
230                                 System::xmlExit(1);
231                                 return; // NOTREACHED
232                         }
233                         System::xmlExit(0);
234                         return; // NOTREACHED
235                 }
236         }
237 }
238
239 function dfrn_poll_post(App $a)
240 {
241         $dfrn_id      =  $_POST['dfrn_id']   ?? '';
242         $challenge    =  $_POST['challenge'] ?? '';
243         $url          =  $_POST['url']       ?? '';
244         $sec          =  $_POST['sec']       ?? '';
245         $ptype        =  $_POST['type']      ?? '';
246         $perm         = ($_POST['perm']      ?? '') ?: 'r';
247         $dfrn_version = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
248
249         if ($ptype === 'profile-check') {
250                 if (strlen($challenge) && strlen($sec)) {
251                         Logger::log('dfrn_poll: POST: profile-check');
252
253                         DBA::delete('profile_check', ["`expire` < ?", time()]);
254                         $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
255                                 DBA::escape($sec)
256                         );
257                         if (!DBA::isResult($r)) {
258                                 System::xmlExit(3, 'No ticket');
259                                 // NOTREACHED
260                         }
261
262                         $orig_id = $r[0]['dfrn_id'];
263                         if (strpos($orig_id, ':')) {
264                                 $orig_id = substr($orig_id, 2);
265                         }
266
267                         $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
268                                 intval($r[0]['cid'])
269                         );
270                         if (!DBA::isResult($c)) {
271                                 System::xmlExit(3, 'No profile');
272                         }
273
274                         $contact = $c[0];
275
276                         $sent_dfrn_id = hex2bin($dfrn_id);
277                         $challenge = hex2bin($challenge);
278
279                         $final_dfrn_id = '';
280
281                         if ($contact['duplex'] && strlen($contact['prvkey'])) {
282                                 openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
283                                 openssl_private_decrypt($challenge, $decoded_challenge, $contact['prvkey']);
284                         } else {
285                                 openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
286                                 openssl_public_decrypt($challenge, $decoded_challenge, $contact['pubkey']);
287                         }
288
289                         $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
290
291                         if (strpos($final_dfrn_id, ':') == 1) {
292                                 $final_dfrn_id = substr($final_dfrn_id, 2);
293                         }
294
295                         if ($final_dfrn_id != $orig_id) {
296                                 Logger::log('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, Logger::DEBUG);
297                                 // did not decode properly - cannot trust this site
298                                 System::xmlExit(3, 'Bad decryption');
299                         }
300
301                         header("Content-type: text/xml");
302                         echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
303                         exit();
304                         // NOTREACHED
305                 }
306         }
307
308         $direction = -1;
309         if (strpos($dfrn_id, ':') == 1) {
310                 $direction = intval(substr($dfrn_id, 0, 1));
311                 $dfrn_id = substr($dfrn_id, 2);
312         }
313
314         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
315                 DBA::escape($dfrn_id),
316                 DBA::escape($challenge)
317         );
318
319         if (!DBA::isResult($r)) {
320                 exit();
321         }
322
323         $type = $r[0]['type'];
324         $last_update = $r[0]['last_update'];
325
326         DBA::delete('challenge', ['dfrn-id' => $dfrn_id, 'challenge' => $challenge]);
327
328         $sql_extra = '';
329         switch ($direction) {
330                 case -1:
331                         $sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
332                         break;
333                 case 0:
334                         $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
335                         break;
336                 case 1:
337                         $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
338                         break;
339                 default:
340                         DI::baseUrl()->redirect();
341                         break; // NOTREACHED
342         }
343
344         $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
345         if (!DBA::isResult($r)) {
346                 exit();
347         }
348
349         $contact = $r[0];
350         $owner_uid = $r[0]['uid'];
351         $contact_id = $r[0]['id'];
352
353         if ($type === 'reputation' && strlen($url)) {
354                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
355                         DBA::escape($url),
356                         intval($owner_uid)
357                 );
358                 $reputation = 0;
359                 $text = '';
360
361                 if (DBA::isResult($r)) {
362                         $reputation = $r[0]['rating'];
363                         $text = $r[0]['reason'];
364
365                         if ($r[0]['id'] == $contact_id) { // inquiring about own reputation not allowed
366                                 $reputation = 0;
367                                 $text = '';
368                         }
369                 }
370
371                 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
372                 <reputation>
373                         <url>$url</url>
374                         <rating>$reputation</rating>
375                         <description>$text</description>
376                 </reputation>
377                 ";
378                 exit();
379                 // NOTREACHED
380         } else {
381                 // Update the writable flag if it changed
382                 Logger::debug('post request feed', ['post' => $_POST]);
383                 if ($dfrn_version >= 2.21) {
384                         if ($perm === 'rw') {
385                                 $writable = 1;
386                         } else {
387                                 $writable = 0;
388                         }
389
390                         if ($writable != $contact['writable']) {
391                                 q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d",
392                                         intval($writable),
393                                         intval($contact_id)
394                                 );
395                         }
396                 }
397
398                 header("Content-type: application/atom+xml");
399                 $o = DFRN::feed($dfrn_id, $a->argv[1], $last_update, $direction);
400                 echo $o;
401                 exit();
402         }
403 }
404
405 function dfrn_poll_content(App $a)
406 {
407         $dfrn_id         =  $_GET['dfrn_id']         ?? '';
408         $type            = ($_GET['type']            ?? '') ?: 'data';
409         $last_update     =  $_GET['last_update']     ?? '';
410         $destination_url =  $_GET['destination_url'] ?? '';
411         $sec             =  $_GET['sec']             ?? '';
412         $dfrn_version    = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
413         $quiet           = !empty($_GET['quiet']);
414
415         $direction = -1;
416         if (strpos($dfrn_id, ':') == 1) {
417                 $direction = intval(substr($dfrn_id, 0, 1));
418                 $dfrn_id = substr($dfrn_id, 2);
419         }
420
421         if ($dfrn_id != '') {
422                 // initial communication from external contact
423                 $hash = Strings::getRandomHex();
424
425                 $status = 0;
426
427                 DBA::delete('challenge', ["`expire` < ?", time()]);
428
429                 if ($type !== 'profile') {
430                         q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
431                                 VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
432                                 DBA::escape($hash),
433                                 DBA::escape($dfrn_id),
434                                 intval(time() + 60 ),
435                                 DBA::escape($type),
436                                 DBA::escape($last_update)
437                         );
438                 }
439
440                 $sql_extra = '';
441                 switch ($direction) {
442                         case -1:
443                                 if ($type === 'profile') {
444                                         $sql_extra = sprintf(" AND (`dfrn-id` = '%s' OR `issued-id` = '%s') ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
445                                 } else {
446                                         $sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
447                                 }
448
449                                 $my_id = $dfrn_id;
450                                 break;
451                         case 0:
452                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
453                                 $my_id = '1:' . $dfrn_id;
454                                 break;
455                         case 1:
456                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
457                                 $my_id = '0:' . $dfrn_id;
458                                 break;
459                         default:
460                                 DI::baseUrl()->redirect();
461                                 break; // NOTREACHED
462                 }
463
464                 $nickname = $a->argv[1];
465
466                 $r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
467                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
468                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
469                         AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
470                         DBA::escape($nickname)
471                 );
472                 if (DBA::isResult($r)) {
473                         $challenge = '';
474                         $encrypted_id = '';
475                         $id_str = $my_id . '.' . mt_rand(1000, 9999);
476
477                         if (($r[0]['duplex'] && strlen($r[0]['pubkey'])) || !strlen($r[0]['prvkey'])) {
478                                 openssl_public_encrypt($hash, $challenge, $r[0]['pubkey']);
479                                 openssl_public_encrypt($id_str, $encrypted_id, $r[0]['pubkey']);
480                         } else {
481                                 openssl_private_encrypt($hash, $challenge, $r[0]['prvkey']);
482                                 openssl_private_encrypt($id_str, $encrypted_id, $r[0]['prvkey']);
483                         }
484
485                         $challenge = bin2hex($challenge);
486                         $encrypted_id = bin2hex($encrypted_id);
487                 } else {
488                         $status = 1;
489                         $challenge = '';
490                         $encrypted_id = '';
491                 }
492
493                 if (($type === 'profile') && (strlen($sec))) {
494                         // heluecht: I don't know why we don't fail immediately when the user or contact hadn't been found.
495                         // Since it doesn't make sense to continue from this point on, we now fail here. This should be safe.
496                         if (!DBA::isResult($r)) {
497                                 throw new \Friendica\Network\HTTPException\NotFoundException();
498                         }
499
500                         // URL reply
501                         if ($dfrn_version < 2.2) {
502                                 $s = Network::fetchUrl($r[0]['poll']
503                                         . '?dfrn_id=' . $encrypted_id
504                                         . '&type=profile-check'
505                                         . '&dfrn_version=' . DFRN_PROTOCOL_VERSION
506                                         . '&challenge=' . $challenge
507                                         . '&sec=' . $sec
508                                 );
509                         } else {
510                                 $s = Network::post($r[0]['poll'], [
511                                         'dfrn_id' => $encrypted_id,
512                                         'type' => 'profile-check',
513                                         'dfrn_version' => DFRN_PROTOCOL_VERSION,
514                                         'challenge' => $challenge,
515                                         'sec' => $sec
516                                 ])->getBody();
517                         }
518
519                         Logger::log("dfrn_poll: sec profile: " . $s, Logger::DATA);
520
521                         if (strlen($s) && strstr($s, '<?xml')) {
522                                 $xml = XML::parseString($s);
523
524                                 Logger::debug(' profile: parsed', ['xml' => $xml]);
525
526                                 Logger::log('dfrn_poll: secure profile: challenge: ' . $xml->challenge . ' expecting ' . $hash);
527                                 Logger::log('dfrn_poll: secure profile: sec: ' . $xml->sec . ' expecting ' . $sec);
528
529                                 if (((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
530                                         $_SESSION['authenticated'] = 1;
531                                         $_SESSION['visitor_id'] = $r[0]['id'];
532                                         $_SESSION['visitor_home'] = $r[0]['url'];
533                                         $_SESSION['visitor_visiting'] = $r[0]['uid'];
534                                         $_SESSION['my_url'] = $r[0]['url'];
535
536                                         Session::setVisitorsContacts();
537
538                                         if (!$quiet) {
539                                                 info(DI::l10n()->t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
540                                         }
541
542                                         // Visitors get 1 day session.
543                                         $session_id = session_id();
544                                         $expire = time() + 86400;
545                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
546                                                 DBA::escape($expire),
547                                                 DBA::escape($session_id)
548                                         );
549                                 }
550                         }
551
552                         $profile = ((DBA::isResult($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
553
554                         switch ($destination_url) {
555                                 case 'profile':
556                                         DI::baseUrl()->redirect('profile/' . $profile . '/profile');
557                                         break;
558                                 case 'photos':
559                                         DI::baseUrl()->redirect('photos/' . $profile);
560                                         break;
561                                 case 'status':
562                                 case '':
563                                         DI::baseUrl()->redirect('profile/' . $profile);
564                                         break;
565                                 default:
566                                         $appendix = (strstr($destination_url, '?') ? '&redir=1' : '?redir=1');
567                                         DI::baseUrl()->redirect($destination_url . $appendix);
568                                         break;
569                         }
570                         // NOTREACHED
571                 } else {
572                         // XML reply
573                         header("Content-type: text/xml");
574                         echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
575                                 . '<dfrn_poll>' . "\r\n"
576                                 . "\t" . '<status>' . $status . '</status>' . "\r\n"
577                                 . "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
578                                 . "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
579                                 . "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
580                                 . '</dfrn_poll>' . "\r\n";
581                         exit();
582                         // NOTREACHED
583                 }
584         }
585 }