From 1a9d30108e1b89cfec0b069ebe15546c3fb8d4f5 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Wed, 18 Mar 2009 15:05:59 +0000
Subject: [PATCH] Always check signatures.

---
 common.php | 2 +-
 verify.php | 6 +-----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/common.php b/common.php
index 9b90084..4886ebf 100644
--- a/common.php
+++ b/common.php
@@ -140,7 +140,7 @@ function getAuthData($conn, $devId) {
 
 // $clientId: The decimal client identity
 function getClientData($conn, $clientId) {
-	$stmt = 'SELECT id, secret, chk_sig, chk_owner, chk_time'.
+	$stmt = 'SELECT id, secret, chk_time'.
 	  ' FROM clients WHERE active AND id='.mysql_quote($clientId);
 	$r = query($conn, $stmt);
 	if (mysql_num_rows($r) > 0) {
diff --git a/verify.php b/verify.php
index 0f4afaa..c89cce8 100644
--- a/verify.php
+++ b/verify.php
@@ -46,11 +46,7 @@ debug($cd);
 //
 $apiKey = base64_decode($cd['secret']);
 
-if ($cd['chk_sig'] && $h == '') {
-	debug('Signature missing');
-	sendResp(S_MISSING_PARAMETER);
-	exit;
-} else if ($cd['chk_sig'] || $h != '') {
+if ($h != '') {
 	// Create the signature using the API key
 	$a = array ();
 	$a['id'] = $client;