From 40a06771ff2a22f3801dfe174ca318cf4f67c1b1 Mon Sep 17 00:00:00 2001
From: Mike Macgirvin <mike@macgirvin.com>
Date: Thu, 5 Aug 2010 02:57:03 -0700
Subject: [PATCH] reciprocal verification on notify, poll

---
 include/notifier.php | 14 ++++++++++++--
 include/poller.php   | 12 +++++++++++-
 mod/dfrn_notify.php  |  9 ++++++++-
 mod/dfrn_poll.php    | 10 +++++++++-
 mod/regmod.php       |  2 +-
 5 files changed, 41 insertions(+), 6 deletions(-)

diff --git a/include/notifier.php b/include/notifier.php
index a2d313b5f..7d9b09da3 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -267,12 +267,22 @@ echo $xml;
 
 		$res = simplexml_load_string($xml);
 
-		if((intval($res->status) != 0) || (! strlen($res->challenge)) || ($res->dfrn_id != $rr['dfrn-id']))
+		if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id)))
 			continue;
 
 		$postvars = array();
+		$sent_dfrn_id = hex2bin($res->dfrn_id);
+
+		$final_dfrn_id = '';
+		openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['pubkey']);
+		$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
+		if($final_dfrn_id != $rr['dfrn-id']) {
+			// did not decode properly - cannot trust this site 
+			continue;
+		}
 
 		$postvars['dfrn_id'] = $rr['dfrn-id'];
+
 		$challenge = hex2bin($res->challenge);
 
 		openssl_public_decrypt($challenge,$postvars['challenge'],$rr['pubkey']);
@@ -295,7 +305,7 @@ echo $xml;
 		// Currently there is no retry attempt for failed mail delivery.
 		// We need to handle this in the UI, report the non-deliverables and try again
  
-		if(($cmd == 'mail) && (intval($res->status) == 0)) {
+		if(($cmd == 'mail') && (intval($res->status) == 0)) {
 
 			$r = q("UPDATE `mail` SET `delivered` = 1 WHERE `id` = %d LIMIT 1",
 				intval($item_id)
diff --git a/include/poller.php b/include/poller.php
index e0b4d79b2..be073b93b 100644
--- a/include/poller.php
+++ b/include/poller.php
@@ -84,11 +84,21 @@ echo "XML: " . $xml;
 
 		$res = simplexml_load_string($xml);
 
-		if((intval($res->status) != 0) || (! strlen($res->challenge)) || ($res->dfrn_id != $contact['dfrn-id']))
+		if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id)))
 			continue;
 
 		$postvars = array();
 
+		$sent_dfrn_id = hex2bin($res->dfrn_id);
+
+		$final_dfrn_id = '';
+		openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
+		$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
+		if($final_dfrn_id != $contact['dfrn-id']) {
+			// did not decode properly - cannot trust this site 
+			continue;
+		}
+
 		$postvars['dfrn_id'] = $contact['dfrn-id'];
 		$challenge = hex2bin($res->challenge);
 
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 38756f724..5655977e5 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -253,7 +253,14 @@ function dfrn_notify_content(&$a) {
 
 		openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
 		$challenge = bin2hex($challenge);
-		echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>'
+
+		$encrypted_id = '';
+		$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
+
+		openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
+		$encrypted_id = bin2hex($encrypted_id);
+
+		echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>'
 			. '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ;
 		session_write_close();
 		exit;
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index dadcd3148..8d93700d6 100644
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -174,7 +174,15 @@ function dfrn_poll_content(&$a) {
 
 		openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
 		$challenge = bin2hex($challenge);
-		echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>'
+
+		$encrypted_id = '';
+		$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
+
+		openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
+		$encrypted_id = bin2hex($encrypted_id);
+
+
+		echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>'
 			. '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
 		session_write_close();
 		exit;		
diff --git a/mod/regmod.php b/mod/regmod.php
index f2c3cb807..f03c2a3fe 100644
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -6,7 +6,7 @@ function regmod_content(&$a) {
 
 	if(! local_user()) {
 		notice( t('Please login.') . EOL);
-		$o = login(($a->config['register_policy'] == REGISTER_CLOSED) ? 0 : 1);
+		$o .= '<br /><br />' . login(($a->config['register_policy'] == REGISTER_CLOSED) ? 0 : 1);
 		return $o;
 	}