Merge branch 'chriscase-master'

[friendica.git] / mod / redir.php

diff --git a/mod/redir.php b/mod/redir.php
index f95c52c96e50a09e9cd9f70184b28b21ba569ac6..ac21aa17eb91c6c8e3ca1f006491837a4b59e893 100644 (file)
--- a/mod/redir.php
+++ b/mod/redir.php
@@ -4,10 +4,13 @@ function redir_init(&$a) {
 
        if((! local_user()) || (! ($a->argc == 2)) || (! intval($a->argv[1])))
                goaway($a->get_baseurl());
-       $r = q("SELECT `network`, `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
-               intval($a->argv[1]),
+       $cid = $a->argv[1];
+
+       $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+               intval($cid),
                intval(local_user())
        );
+
        if((! count($r)) || ($r[0]['network'] !== 'dfrn'))
                goaway($a->get_baseurl());
 
@@ -21,12 +24,21 @@ function redir_init(&$a) {
                $orig_id = $r[0]['dfrn-id'];
                $dfrn_id = '0:' . $orig_id;
        }
-       q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`)
-               VALUES( %d, '%s', %d )",
-               intval($_SESSION['uid']),
+
+       $sec = random_string();
+
+       q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)
+               VALUES( %d, %s, '%s', '%s', %d )",
+               intval(local_user()),
+               intval($cid),
                dbesc($dfrn_id),
-               intval(time() + 45));
+               dbesc($sec),
+               intval(time() + 45)
+       );
+
+       logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); 
+
        goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id 
-               . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=1');
+               . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec);
        
 }