dfrn remote profile protocol revision

diff --git a/boot.php b/boot.php
index e4aa52b1a7050ca7a39b70b9acbcef4249aad9c6..abbacdf4e7675fd3f9bb507344f651c9a4794032 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -3,7 +3,7 @@
 set_time_limit(0);
 
 define ( 'FRIENDIKA_VERSION',      '2.1.934' );
-define ( 'DFRN_PROTOCOL_VERSION',  '2.1'  );
+define ( 'DFRN_PROTOCOL_VERSION',  '2.2'  );
 define ( 'DB_UPDATE_VERSION',      1045   );
 
 define ( 'EOL',                    "<br />\r\n"     );

diff --git a/include/items.php b/include/items.php
index 4a740e55b2b7359cf52e4692ab3adc7599dd05e5..58fad99272a62dcb496b1cd9e7f3d0cdde01cad8 100644 (file)
--- a/include/items.php
+++ b/include/items.php
@@ -762,7 +762,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
        if(! $rino_enable)
                $rino = 0;
 
-       $url = $contact['notify'] . '?f=&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
+       $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
 
        logger('dfrn_deliver: ' . $url);
 

diff --git a/include/poller.php b/include/poller.php
index 98c55a2a9249a345b396d7d42d18301cfbe35fdb..8619697d9661d3697f1f20e5ed00d0b7e013208b 100644 (file)
--- a/include/poller.php
+++ b/include/poller.php
@@ -167,7 +167,7 @@ function poller_run($argv, $argc){
                                if(intval($contact['duplex']) && $contact['issued-id'])
                                        $idtosend = '1:' . $orig_id;            
 
-                               $url = $contact['poll'] . '?f=&dfrn_id=' . $idtosend 
+                               $url = $contact['poll'] . '?dfrn_id=' . $idtosend 
                                        . '&dfrn_version=' . DFRN_PROTOCOL_VERSION 
                                        . '&type=data&last_update=' . $last_update ;
        

diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index 686a42d082579ff9f82b00c39b064529f339cd91..fe9504deb4ad12bc8c211ebe974f9767303b5cd4 100644 (file)
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -63,7 +63,7 @@ function dfrn_poll_init(&$a) {
                
                if(count($r)) {
 
-                       $s = fetch_url($r[0]['poll'] . '?f=&dfrn_id=' . $my_id . '&type=profile-check');
+                       $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
 
                        logger("dfrn_poll: old profile returns " . $s, LOGGER_DATA);
 
@@ -92,7 +92,7 @@ function dfrn_poll_init(&$a) {
 
        }
 
-       if($type === 'profile-check') {
+       if($type === 'profile-check' && $dfrn_version < 2.2 ) {
 
                if((strlen($challenge)) && (strlen($sec))) {
 
@@ -182,8 +182,69 @@ function dfrn_poll_post(&$a) {
        $dfrn_id      = ((x($_POST,'dfrn_id'))      ? $_POST['dfrn_id']              : '');
        $challenge    = ((x($_POST,'challenge'))    ? $_POST['challenge']            : '');
        $url          = ((x($_POST,'url'))          ? $_POST['url']                  : '');
+       $sec          = ((x($_POST,'sec'))          ? $_POST['sec']                  : '');
+       $ptype        = ((x($_POST,'type'))         ? $_POST['type']                  : '');
        $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
 
+       if($ptype === 'profile-check') {
+
+               if((strlen($challenge)) && (strlen($sec))) {
+
+                       logger('dfrn_poll: POST: profile-check');
+ 
+                       q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
+                       $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
+                               dbesc($sec)
+                       );
+                       if(! count($r)) {
+                               xml_status(3, 'No ticket');
+                               // NOTREACHED
+                       }
+                       $orig_id = $r[0]['dfrn_id'];
+                       if(strpos($orig_id, ':'))
+                               $orig_id = substr($orig_id,2);
+
+                       $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
+                               intval($r[0]['cid'])
+                       );
+                       if(! count($c)) {
+                               xml_status(3, 'No profile');
+                       }
+                       $contact = $c[0];
+
+                       $sent_dfrn_id = hex2bin($dfrn_id);
+                       $challenge    = hex2bin($challenge);
+
+                       $final_dfrn_id = '';
+
+                       if(($contact['duplex']) && strlen($contact['prvkey'])) {
+                               openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
+                               openssl_private_decrypt($challenge,$decoded_challenge,$contact['prvkey']);
+                       }
+                       else {
+                               openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
+                               openssl_public_decrypt($challenge,$decoded_challenge,$contact['pubkey']);
+                       }
+
+                       $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
+
+                       if(strpos($final_dfrn_id,':') == 1)
+                               $final_dfrn_id = substr($final_dfrn_id,2);
+
+                       if($final_dfrn_id != $orig_id) {
+                               logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
+                               // did not decode properly - cannot trust this site 
+                               xml_status(3, 'Bad decryption');
+                       }
+
+                       header("Content-type: text/xml");
+                       echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
+                       killme();
+                       // NOTREACHED
+               }
+
+       }
+
        $direction    = (-1);
        if(strpos($dfrn_id,':') == 1) {
                $direction = intval(substr($dfrn_id,0,1));
@@ -365,13 +426,26 @@ function dfrn_poll_content(&$a) {
                if(($type === 'profile') && (strlen($sec))) {
                        // URL reply
 
-                       $s = fetch_url($r[0]['poll'] 
-                               . '?f=&dfrn_id=' . $encrypted_id 
-                               . '&type=profile-check'
-                               . '&dfrn_version=' . DFRN_PROTOCOL_VERSION
-                               . '&challenge=' . $challenge
-                               . '&sec=' . $sec
-                       );
+
+
+                       if($dfrn_version < 2.2) {
+                               $s = fetch_url($r[0]['poll'] 
+                                       . '?dfrn_id=' . $encrypted_id 
+                                       . '&type=profile-check'
+                                       . '&dfrn_version=' . DFRN_PROTOCOL_VERSION
+                                       . '&challenge=' . $challenge
+                                       . '&sec=' . $sec
+                               );
+                       }
+                       else {
+                               $s = post_url($r[0]['poll'], array(
+                                       'dfrn_id' => $encrypted_id,
+                                       'type' => 'profile-check',
+                                       'dfrn_version' => DFRN_PROTOCOL_VERSION,
+                                       'challenge' => $challenge,
+                                       'sec' => $sec
+                               ));
+                       }
 
                        logger("dfrn_poll: sec profile: " . $s, LOGGER_DATA);
 

diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index cc63550789e24e7f6f447cd268e5f12cd1e9a11b..3cd8473cf314120f12f421dc2d874d0983fc2cd1 100644 (file)
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -172,7 +172,7 @@ function dfrn_request_post(&$a) {
                                        $dfrn_request = $contact_record['request'];
 
                                if(strlen($dfrn_request) && strlen($confirm_key))
-                                       $s = fetch_url($dfrn_request . '?f=&confirm_key=' . $confirm_key);
+                                       $s = fetch_url($dfrn_request . '?confirm_key=' . $confirm_key);
                                
                                // (ignore reply, nothing we can do it failed)