require access token to view, query, or join directories in private realms, if the realm is so configured.

mod/regdir.php

@@ -18,7 +18,8 @@ function regdir_init(&$a) {
 	$result = array('success' => false);
 
 	$url = $_REQUEST['url'];
-
+	$access_token = $_REQUEST['t'];
+	$valid = 0;
 
 	// we probably don't need the realm as we will find out in the probe.
 	// What we may want to die is throw an error if you're trying to register in a different realm
@@ -28,6 +29,18 @@ function regdir_init(&$a) {
 	if(! $realm)
 		$realm = DIRECTORY_REALM;
 
+	if($realm === DIRECTORY_REALM) {
+		$valid = 1;
+	}
+	else {
+		$token = get_config('system','realm_token');
+		if($token && $access_token != $token) {
+			$result['message'] = 'This realm requires an access token';
+			return;
+		}
+		$valid = 1;
+	}
+	
 	$dirmode = intval(get_config('system','directory_mode'));
 
 	if($dirmode == DIRECTORY_MODE_NORMAL) {
@@ -56,14 +69,25 @@ function regdir_init(&$a) {
 			}
 		}
 
+		q("update site set site_valid = %d where site_url = '%s' limit 1",
+			intval($valid),
+			strtolower($url)
+		);
+
 		json_return_and_die($result);
 	}
 	else {
+
+		// We can put this in the sql without the condition after 31 march 2015 assuming
+		// most directory servers will have updated by then
+		// This just makes sure it happens if I forget
+
+		$sql_extra = ((datetime_convert() > datetime_convert('UTC','UTC','2015-03-31')) ? ' and site_valid = 1 ' : '' );
 		if($dirmode == DIRECTORY_MODE_STANDALONE) {
 			$r = array(array('site_url' => z_root()));
 		}
 		else {
-			$r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s'",
+			$r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s' $sql_extra ",
 				dbesc(get_directory_realm())
 			);
 		}