<?php
+use Friendica\App;
+
require_once('include/salmon.php');
require_once('include/ostatus.php');
require_once('include/crypto.php');
function salmon_return($val) {
- if ($val >= 400)
+ if($val >= 400)
$err = 'Error';
- if ($val >= 200 && $val < 300)
+ if($val >= 200 && $val < 300)
$err = 'OK';
logger('mod-salmon returns ' . $val);
// figure out where in the DOM tree our data is hiding
- if ($dom->provenance->data)
+ if($dom->provenance->data)
$base = $dom->provenance;
- elseif ($dom->env->data)
+ elseif($dom->env->data)
$base = $dom->env;
- elseif ($dom->data)
+ elseif($dom->data)
$base = $dom;
- if (! $base) {
+ if(! $base) {
logger('mod-salmon: unable to locate salmon data in xml ');
http_status_exit(400);
}
$signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
- $compliant_format = str_replace('=','',$signed_data);
+ $compliant_format = str_replace('=', '', $signed_data);
// decode the data
$author = ostatus::salmon_author($data,$importer);
$author_link = $author["author-link"];
- if (! $author_link) {
+ if(! $author_link) {
logger('mod-salmon: Could not retrieve author URI.');
http_status_exit(400);
}
$key = get_salmon_key($author_link,$keyhash);
- if (! $key) {
+ if(! $key) {
logger('mod-salmon: Could not retrieve author key.');
http_status_exit(400);
}
// We should have everything we need now. Let's see if it verifies.
- $verify = rsa_verify($compliant_format,$signature,$pubkey);
+ // Try GNU Social format
+ $verify = rsa_verify($signed_data, $signature, $pubkey);
+ $mode = 1;
if (! $verify) {
- logger('mod-salmon: message did not verify using protocol. Trying padding hack.');
- $verify = rsa_verify($signed_data,$signature,$pubkey);
+ logger('mod-salmon: message did not verify using protocol. Trying compliant format.');
+ $verify = rsa_verify($compliant_format, $signature, $pubkey);
+ $mode = 2;
}
if (! $verify) {
- logger('mod-salmon: message did not verify using padding. Trying old statusnet hack.');
- $verify = rsa_verify($stnet_signed_data,$signature,$pubkey);
+ logger('mod-salmon: message did not verify using padding. Trying old statusnet format.');
+ $verify = rsa_verify($stnet_signed_data, $signature, $pubkey);
+ $mode = 3;
}
if (! $verify) {
http_status_exit(400);
}
- logger('mod-salmon: Message verified.');
+ logger('mod-salmon: Message verified with mode '.$mode);
/*
);
if (! dbm::is_result($r)) {
logger('mod-salmon: Author unknown to us.');
- if (get_pconfig($importer['uid'],'system','ostatus_autofriend')) {
+ if(get_pconfig($importer['uid'],'system','ostatus_autofriend')) {
$result = new_contact($importer['uid'],$author_link);
- if ($result['success']) {
+ if($result['success']) {
$r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND ( `url` = '%s' OR `alias` = '%s')
AND `uid` = %d LIMIT 1",
dbesc(NETWORK_OSTATUS),
// Have we ignored the person?
// If so we can not accept this post.
- //if ((dbm::is_result($r)) && (($r[0]['readonly']) || ($r[0]['rel'] == CONTACT_IS_FOLLOWER) || ($r[0]['blocked']))) {
+ //if((dbm::is_result($r)) && (($r[0]['readonly']) || ($r[0]['rel'] == CONTACT_IS_FOLLOWER) || ($r[0]['blocked']))) {
if (dbm::is_result($r) && $r[0]['blocked']) {
logger('mod-salmon: Ignoring this author.');
http_status_exit(202);