From 76e6aeb87b7f6cef234a8468099d68b5f25876e5 Mon Sep 17 00:00:00 2001
From: Eric Culp <eculperic@gmail.com>
Date: Sat, 9 Feb 2013 22:53:31 -0500
Subject: [PATCH 1/6] Use the PKCS5 padding method used by the app

---
 snaphax.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/snaphax.php b/snaphax.php
index e3f8933..ce3fa56 100644
--- a/snaphax.php
+++ b/snaphax.php
@@ -192,13 +192,22 @@ function isValidBlobHeader($header) {
 			else
 				return false;
 		}
+		
+		function pkcs5pad($data) {
+			// Block size is 16 bytes
+			$needed_padding = 16 - strlen($data) % 16;
+			if ($needed_padding == 0) {
+				$needed_padding = 16;
+			}
+			return $data . str_repeat(chr($needed_padding), $needed_padding);
+		}
 
 		function decrypt($data) {
-			return mcrypt_decrypt('rijndael-128', $this->options['blob_enc_key'], $data, 'ecb');
+			return mcrypt_decrypt('rijndael-128', $this->options['blob_enc_key'], pkcs5pad($data), 'ecb');
 		}
 
 		function encrypt($data) {
-			return mcrypt_encrypt('rijndael-128', $this->options['blob_enc_key'], $data, 'ecb');
+			return mcrypt_encrypt('rijndael-128', $this->options['blob_enc_key'], pkcs5pad($data), 'ecb');
 		}
 
 		public function postCall($endpoint, $post_data, $param1, $param2, $json=1, $headers=false) {

From 75eca786427056f2b649594950cefe0e28c84712 Mon Sep 17 00:00:00 2001
From: Lucas Dohring <lucas@xn--80atc0ah.com>
Date: Sun, 10 Feb 2013 01:06:01 -0800
Subject: [PATCH 2/6] Allow for concurrent fetches

---
 snaphax.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/snaphax.php b/snaphax.php
index ce3fa56..80e238a 100644
--- a/snaphax.php
+++ b/snaphax.php
@@ -120,7 +120,8 @@ function upload($file_data, $type, $recipients, $time=8) {
 			$this->api->debug('upload snap data', $file_data);
 			$file_data_encrypted = $this->api->encrypt($file_data);
 			$this->api->debug('upload snap data encrypted', $file_data_encrypted);
-			file_put_contents('/tmp/blah.jpg', $file_data_encrypted);
+			$tempname = tempnam('/tmp/', 'jpg');
+			file_put_contents($tempname, $file_data_encrypted);
 			$result = $this->api->postCall(
 				'/ph/upload',
 				array(
@@ -128,7 +129,7 @@ function upload($file_data, $type, $recipients, $time=8) {
 					'timestamp' => $ts,
 					'type' => $type,
 					// 'data' => urlencode($file_data_encrypted).'; filename="file"',
-					'data' => '@/tmp/blah.jpg;filename=file',
+					'data' => "@$tempname;filename=data",
 					'media_id' => $media_id
 				),
 				$this->auth_token, 
@@ -136,6 +137,7 @@ function upload($file_data, $type, $recipients, $time=8) {
 				0,
 				array("Content-type: multipart/form-data")
 			);
+			unlink($tempname);
 			$this->api->debug('upload result', $result);
 
 			foreach ($recipients as $recipient) {

From 8a986e454d5dbf2bff1ef45c82b2b0bbc4f6cd30 Mon Sep 17 00:00:00 2001
From: Lucas Dohring <lucas@xn--80atc0ah.com>
Date: Sun, 10 Feb 2013 01:57:07 -0800
Subject: [PATCH 3/6] Friend support

---
 snaphax.php | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/snaphax.php b/snaphax.php
index 80e238a..e783cdc 100644
--- a/snaphax.php
+++ b/snaphax.php
@@ -76,6 +76,35 @@ function login() {
 			}
 			return $out;
 		}
+		function friend($action, $friend, $display=NULL) {
+			// Action can be "add", "delete", or "display"
+			// "add" adds the friend
+			// "delete" removes the friend
+			// "display" changes the display name of the friend to the value specifed by $display
+			
+			if (!$this->auth_token) {
+				throw new Exception('no auth token');
+			}
+			$ts = $this->api->time();
+			$url = "/ph/friend";
+			$request = array(
+				'timestamp' => $ts,
+				'action' => $action,
+				'username' => $this->options['username'],
+				'friend' => $friend
+			);
+			if($action == 'display') {
+				if(is_null($display)) {
+					throw new Exception('Please specify the displayname');
+				}
+				$request['display'] = $display;
+			}
+			
+			$result = $this->api->postCall($url, $request, $this->auth_token, $ts);
+			$this->api->debug('modified user', $result);
+
+			return $result;
+                }
 		function fetch($id) {
 			if (!$this->auth_token) {
 				throw new Exception('no auth token');

From fcbba57bb5212835b8d9802733446ba1eac8afd6 Mon Sep 17 00:00:00 2001
From: Lucas Dohring <lucas@xn--80atc0ah.com>
Date: Sun, 14 Apr 2013 19:31:38 -0700
Subject: [PATCH 4/6] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3f2eede..bcec4c7 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ How to use
 
 Pretty simple:
 
-```
+```php
 	require_once('snaphax/snaphax.php');
 
 	$opts = array();
@@ -64,7 +64,7 @@ in the HTTP calls).
 This involved me paging through Fiddler, trying to generate SHA-256 hashes
 seemingly at random, tearing my heart out, and weeping openly.
 
-Their system is a bit unusual: it AES-256 hashes two input values separately,
+Their system is a bit unusual: it SHA-256 hashes two input values separately,
 using a secret key contained in the binary, and then uses a fixed pattern
 string to pull bytes from one or the other. The final composition of the two is
 used in HTTP requests. Why not just append the values pre-hash? The security

From eb2ec89bc724f52d93d4ad438a3facbb5ebfb9a6 Mon Sep 17 00:00:00 2001
From: Matthew Andersen <matthew@barelystable.com>
Date: Mon, 17 Jun 2013 15:29:16 -0700
Subject: [PATCH 5/6] * Fixed scoping issue with function call to `pkcs5pad`.

* Fix for for when the user logged in with an email address, photos would not be returned because fetch() wasn't using the real username.
---
 snaphax.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/snaphax.php b/snaphax.php
index e783cdc..608e2cb 100644
--- a/snaphax.php
+++ b/snaphax.php
@@ -74,6 +74,9 @@ function login() {
 					!empty($out['auth_token'])) {
 				$this->auth_token = $out['auth_token'];
 			}
+			if ( is_array($out) && !empty($out['username']) ) {
+				$this->options['username'] = $out['username'];
+			}
 			return $out;
 		}
 		function friend($action, $friend, $display=NULL) {
@@ -234,11 +237,11 @@ function pkcs5pad($data) {
 		}
 
 		function decrypt($data) {
-			return mcrypt_decrypt('rijndael-128', $this->options['blob_enc_key'], pkcs5pad($data), 'ecb');
+			return mcrypt_decrypt('rijndael-128', $this->options['blob_enc_key'], SnaphaxApi::pkcs5pad($data), 'ecb');
 		}
 
 		function encrypt($data) {
-			return mcrypt_encrypt('rijndael-128', $this->options['blob_enc_key'], pkcs5pad($data), 'ecb');
+			return mcrypt_encrypt('rijndael-128', $this->options['blob_enc_key'], SnaphaxApi::pkcs5pad($data), 'ecb');
 		}
 
 		public function postCall($endpoint, $post_data, $param1, $param2, $json=1, $headers=false) {

From 010d1f88a7602228fc1055fdfbf707087a053443 Mon Sep 17 00:00:00 2001
From: Lucas Dohring <lucas@xn--80atc0ah.com>
Date: Thu, 25 Jul 2013 11:50:01 -0700
Subject: [PATCH 6/6] Update README.md

---
 README.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/README.md b/README.md
index bcec4c7..a99cfc3 100644
--- a/README.md
+++ b/README.md
@@ -88,10 +88,6 @@ The TODO list is almost endless at this point:
 - DOCS!!!
 - Figure out the /device call - what's this do? also device_id in /login resp
 - Syncing (to mark snaps as seen)
-- Image/video uploading
-- Friend list maintenance
-- Port to Javascript (probably via Node + NPM since their API doesn't seem to
-	support JSONP)
 - Add support for PHP composer
 - Test framework