diff options
| author | Max Kostikov <max@kostikov.co> | 2021-02-20 13:39:54 +0000 |
|---|---|---|
| committer | Max Kostikov <max@kostikov.co> | 2021-02-20 13:39:54 +0000 |
| commit | cc5571687971ddcc097abb5e5c57689005d5b070 (patch) | |
| tree | 1b2ed0f46b307f09d109350f777438fd04742905 /Zotlabs | |
| parent | e1d622c49f95aec51e5c1bd521dcd6fe2a9a5372 (diff) | |
| parent | ddad4f604b56656086b32992ef98709be2568a37 (diff) | |
| download | volse-hubzilla-cc5571687971ddcc097abb5e5c57689005d5b070.tar.gz volse-hubzilla-cc5571687971ddcc097abb5e5c57689005d5b070.tar.bz2 volse-hubzilla-cc5571687971ddcc097abb5e5c57689005d5b070.zip | |
Merge branch 'dev' into 'dev'
Dev sync
See merge request kostikov/core!1
Diffstat (limited to 'Zotlabs')
34 files changed, 627 insertions, 349 deletions
diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php index 568745608..85394c8d0 100644 --- a/Zotlabs/Daemon/Onepoll.php +++ b/Zotlabs/Daemon/Onepoll.php @@ -24,7 +24,7 @@ class Onepoll { } $contacts = q("SELECT abook.*, xchan.*, account.* - FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan + FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan where abook_id = %d and abook_pending = 0 and abook_archived = 0 and abook_blocked = 0 and abook_ignored = 0 AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1", @@ -52,7 +52,6 @@ class Onepoll { logger("onepoll: poll: ({$contact['id']}) IMPORTER: {$importer['xchan_name']}, CONTACT: {$contact['xchan_name']}"); - // TODO: unused $last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] <= NULL_DATE)) ? datetime_convert('UTC', 'UTC', 'now - 7 days') : datetime_convert('UTC', 'UTC', $contact['abook_updated'] . ' - 2 days') @@ -120,7 +119,7 @@ class Onepoll { if (!$can_send_stream) $fetch_feed = false; - if ($fetch_feed) { + if ($fetch_feed && $contact['xchan_network'] !== 'zot') { $max = intval(get_config('system', 'max_imported_posts', 30)); @@ -136,6 +135,7 @@ class Onepoll { if ($url) { logger('fetching outbox'); + $url = $url . '?date_begin=' . urlencode($last_update); $obj = new ASCollection($url, $importer, 0, $max); $messages = $obj->get(); if ($messages) { diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index abb28fc64..d0799bb66 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -102,6 +102,17 @@ class Activity { } if ($x['success']) { + $m = parse_url($url); + if ($m) { + $site_url = unparse_url(['scheme' => $m['scheme'], 'host' => $m['host'], 'port' => $m['port'] ]); + q("UPDATE site SET site_update = '%s', site_dead = 0 WHERE site_url = '%s' AND site_update < %s - INTERVAL %s", + dbesc(datetime_convert()), + dbesc($site_url), + db_utcnow(), + db_quoteinterval('1 DAY') + ); + } + $y = json_decode($x['body'], true); logger('returned: ' . json_encode($y, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES), LOGGER_DEBUG); return json_decode($x['body'], true); @@ -275,17 +286,27 @@ class Activity { $numpages = $total / App::$pager['itemspage']; $lastpage = (($numpages > intval($numpages)) ? intval($numpages) + 1 : $numpages); + $url_parts = parse_url($id); - $stripped = preg_replace('/([&|\?]page=[0-9]*)/', '', $id); - $stripped = rtrim($stripped, '/'); + $ret['partOf'] = z_root() . '/' . $url_parts['path']; - $ret['partOf'] = z_root() . '/' . $stripped; + $extra_query_args = ''; + $query_args = null; + if(isset($url_parts['query'])) { + parse_str($url_parts['query'], $query_args); + } + + if(is_array($query_args)) { + unset($query_args['page']); + foreach($query_args as $k => $v) + $extra_query_args .= '&' . urlencode($k) . '=' . urlencode($v); + } if (App::$pager['page'] < $lastpage) { - $ret['next'] = z_root() . '/' . $stripped . '?page=' . (intval(App::$pager['page']) + 1); + $ret['next'] = z_root() . '/' . $url_parts['path'] . '?page=' . (intval(App::$pager['page']) + 1) . $extra_query_args; } if (App::$pager['page'] > 1) { - $ret['prev'] = z_root() . '/' . $stripped . '?page=' . (intval(App::$pager['page']) - 1); + $ret['prev'] = z_root() . '/' . $url_parts['path'] . '?page=' . (intval(App::$pager['page']) - 1) . $extra_query_args; } } else { @@ -1340,7 +1361,7 @@ class Activity { $abook_instance .= ','; $abook_instance .= z_root(); - q("update abook set abook_instance = '%s', abook_not_here = 0 + q("update abook set abook_instance = '%s', abook_not_here = 0 where abook_id = %d and abook_channel = %d", dbesc($abook_instance), intval($contact['abook_id']), @@ -1620,7 +1641,7 @@ class Activity { $m = parse_url($url); if ($m) { $hostname = $m['host']; - $baseurl = $m['scheme'] . '://' . $m['host'] . (($m['port']) ? ':' . $m['port'] : ''); + $site_url = $m['scheme'] . '://' . $m['host'] . (($m['port']) ? ':' . $m['port'] : ''); } if (!$r) { @@ -1630,7 +1651,7 @@ class Activity { 'hubloc_hash' => $url, 'hubloc_addr' => '', 'hubloc_network' => 'activitypub', - 'hubloc_url' => $baseurl, + 'hubloc_url' => $site_url, 'hubloc_host' => $hostname, 'hubloc_callback' => $inbox, 'hubloc_updated' => datetime_convert(), @@ -1640,6 +1661,13 @@ class Activity { ); } + q("UPDATE site SET site_update = '%s', site_dead = 0 WHERE site_url = '%s' AND site_update < %s - INTERVAL %s", + dbesc(datetime_convert()), + dbesc($site_url), + db_utcnow(), + db_quoteinterval('1 DAY') + ); + if (!$icon) $icon = z_root() . '/' . get_default_profile_photo(300); @@ -2094,6 +2122,7 @@ class Activity { $obj_actor = ((isset($act->obj['actor'])) ? $act->obj['actor'] : $act->get_actor('attributedTo', $act->obj)); // ensure we store the original actor + self::actor_store($obj_actor['id'], $obj_actor); $mention = self::get_actor_bbmention($obj_actor['id']); @@ -2817,9 +2846,6 @@ class Activity { logger('not a valid activity'); break; } - if (is_array($a->actor) && array_key_exists('id', $a->actor)) { - Activity::actor_store($a->actor['id'], $a->actor); - } $item = Activity::decode_note($a); diff --git a/Zotlabs/Lib/Crypto.php b/Zotlabs/Lib/Crypto.php new file mode 100644 index 000000000..f1794ae64 --- /dev/null +++ b/Zotlabs/Lib/Crypto.php @@ -0,0 +1,206 @@ +<?php + +namespace Zotlabs\Lib; + +use Exception; + +class Crypto { + + public static $openssl_algorithms = [ + + // zot6 nickname, opensslname, keylength, ivlength + + ['aes256ctr', 'aes-256-ctr', 32, 16], + ['camellia256cfb', 'camellia-256-cfb', 32, 16], + ['cast5cfb', 'cast5-cfb', 16, 8], + ['aes256cbc', 'aes-256-cbc', 32, 16] // remove after legacy zot has been sunset + + ]; + + public static function methods() { + $ret = []; + + foreach (self::$openssl_algorithms as $ossl) { + $ret[] = $ossl[0] . '.oaep'; + } + + call_hooks('crypto_methods', $ret); + return $ret; + } + + public static function signing_methods() { + + $ret = ['sha256']; + call_hooks('signing_methods', $ret); + return $ret; + + } + + public static function new_keypair($bits) { + + $openssl_options = [ + 'digest_alg' => 'sha1', + 'private_key_bits' => $bits, + 'encrypt_key' => false + ]; + + $conf = get_config('system', 'openssl_conf_file'); + + if ($conf) { + $openssl_options['config'] = $conf; + } + + $result = openssl_pkey_new($openssl_options); + + if (empty($result)) { + return false; + } + + // Get private key + + $response = ['prvkey' => '', 'pubkey' => '']; + + openssl_pkey_export($result, $response['prvkey']); + + // Get public key + $pkey = openssl_pkey_get_details($result); + $response['pubkey'] = $pkey["key"]; + + return $response; + + } + + public static function sign($data, $key, $alg = 'sha256') { + + if (!$key) { + return false; + } + + $sig = ''; + openssl_sign($data, $sig, $key, $alg); + return $sig; + } + + public static function verify($data, $sig, $key, $alg = 'sha256') { + + if (!$key) { + return false; + } + + try { + $verify = openssl_verify($data, $sig, $key, $alg); + } catch (Exception $e) { + $verify = (-1); + } + + if ($verify === (-1)) { + while ($msg = openssl_error_string()) { + logger('openssl_verify: ' . $msg, LOGGER_NORMAL, LOG_ERR); + } + btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); + } + + return (($verify > 0) ? true : false); + } + + public static function encapsulate($data, $pubkey, $alg) { + + if (!($alg && $pubkey)) { + return $data; + } + + $alg_base = $alg; + $padding = OPENSSL_PKCS1_PADDING; + + $exts = explode('.', $alg); + if (count($exts) > 1) { + switch ($exts[1]) { + case 'oaep': + $padding = OPENSSL_PKCS1_OAEP_PADDING; + break; + default: + break; + } + $alg_base = $exts[0]; + } + + $method = null; + + foreach (self::$openssl_algorithms as $ossl) { + if ($ossl[0] === $alg_base) { + $method = $ossl; + break; + } + } + + if ($method) { + $result = ['encrypted' => true]; + + $key = openssl_random_pseudo_bytes(256); + $iv = openssl_random_pseudo_bytes(256); + + $key1 = substr($key, 0, $method[2]); + $iv1 = substr($iv, 0, $method[3]); + + $result['data'] = base64url_encode(openssl_encrypt($data, $method[1], $key1, OPENSSL_RAW_DATA, $iv1), true); + + openssl_public_encrypt($key, $k, $pubkey, $padding); + openssl_public_encrypt($iv, $i, $pubkey, $padding); + + $result['alg'] = $alg; + $result['key'] = base64url_encode($k, true); + $result['iv'] = base64url_encode($i, true); + return $result; + + } + else { + $x = ['data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data]; + call_hooks('crypto_encapsulate', $x); + return $x['result']; + } + } + + public static function unencapsulate($data, $prvkey) { + + if (!(is_array($data) && array_key_exists('encrypted', $data) && array_key_exists('alg', $data) && $data['alg'])) { + logger('not encrypted'); + + return $data; + } + + $alg_base = $data['alg']; + $padding = OPENSSL_PKCS1_PADDING; + + $exts = explode('.', $data['alg']); + if (count($exts) > 1) { + switch ($exts[1]) { + case 'oaep': + $padding = OPENSSL_PKCS1_OAEP_PADDING; + break; + default: + break; + } + $alg_base = $exts[0]; + } + + $method = null; + + foreach (self::$openssl_algorithms as $ossl) { + if ($ossl[0] === $alg_base) { + $method = $ossl; + break; + } + } + + if ($method) { + openssl_private_decrypt(base64url_decode($data['key']), $k, $prvkey, $padding); + openssl_private_decrypt(base64url_decode($data['iv']), $i, $prvkey, $padding); + return openssl_decrypt(base64url_decode($data['data']), $method[1], substr($k, 0, $method[2]), OPENSSL_RAW_DATA, substr($i, 0, $method[3])); + } + else { + $x = ['data' => $data, 'prvkey' => $prvkey, 'alg' => $data['alg'], 'result' => $data]; + call_hooks('crypto_unencapsulate', $x); + return $x['result']; + } + } +} diff --git a/Zotlabs/Lib/JSalmon.php b/Zotlabs/Lib/JSalmon.php index 7f63cf914..f9fe99706 100644 --- a/Zotlabs/Lib/JSalmon.php +++ b/Zotlabs/Lib/JSalmon.php @@ -18,7 +18,7 @@ class JSalmon { $precomputed = '.' . base64url_encode($data_type,true) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng'; - $signature = base64url_encode(rsa_sign($data . $precomputed, $key), true); + $signature = base64url_encode(Crypto::sign($data . $precomputed, $key), true); return ([ 'signed' => true, @@ -54,7 +54,7 @@ class JSalmon { $key = HTTPSig::get_key(EMPTY_STR,'zot6',base64url_decode($x['sigs']['key_id'])); logger('key: ' . print_r($key,true)); if($key['portable_id'] && $key['public_key']) { - if(rsa_verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) { + if(Crypto::verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) { logger('verified'); $ret = [ 'success' => true, 'signer' => $key['portable_id'], 'hubloc' => $key['hubloc'] ]; } diff --git a/Zotlabs/Lib/Keyutils.php b/Zotlabs/Lib/Keyutils.php index d4b660c04..616ecfcf6 100644 --- a/Zotlabs/Lib/Keyutils.php +++ b/Zotlabs/Lib/Keyutils.php @@ -64,8 +64,8 @@ class Keyutils { $rsa->loadKey($key); $rsa->setPublicKey(); - $e = $rsa->modulus->toBytes(); - $m = $rsa->exponent->toBytes(); + $m = $rsa->modulus->toBytes(); + $e = $rsa->exponent->toBytes(); } diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php index 2eba66ccf..1c2095f10 100644 --- a/Zotlabs/Lib/LDSignatures.php +++ b/Zotlabs/Lib/LDSignatures.php @@ -12,7 +12,7 @@ class LDSignatures { $ohash = self::hash(self::signable_options($data['signature'])); $dhash = self::hash(self::signable_data($data)); - $x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); + $x = Crypto::verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); logger('LD-verify: ' . intval($x)); return $x; @@ -35,11 +35,11 @@ class LDSignatures { $ohash = self::hash(self::signable_options($options)); $dhash = self::hash(self::signable_data($data)); - $options['signatureValue'] = base64_encode(rsa_sign($ohash . $dhash,$channel['channel_prvkey'])); + $options['signatureValue'] = base64_encode(Crypto::sign($ohash . $dhash,$channel['channel_prvkey'])); $signed = array_merge([ - '@context' => [ - ACTIVITYSTREAMS_JSONLD_REV, + '@context' => [ + ACTIVITYSTREAMS_JSONLD_REV, 'https://w3id.org/security/v1' ], ],$options); @@ -88,7 +88,7 @@ class LDSignatures { return ''; jsonld_set_document_loader('jsonld_document_loader'); - + try { $d = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]); } @@ -117,7 +117,7 @@ class LDSignatures { $precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='; - $signature = base64url_encode(rsa_sign($data . $precomputed,$channel['channel_prvkey'])); + $signature = base64url_encode(Crypto::sign($data . $precomputed,$channel['channel_prvkey'])); return ([ 'id' => $arr['id'], diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 0ead8402e..45d536638 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -130,7 +130,7 @@ class Libzot { if ($remote_key) { $algorithm = self::best_algorithm($methods); if ($algorithm) { - $data = crypto_encapsulate(json_encode($data), $remote_key, $algorithm); + $data = Crypto::encapsulate(json_encode($data), $remote_key, $algorithm); } } @@ -143,7 +143,7 @@ class Libzot { * * @param string $methods * Comma separated list of encryption methods - * @return string first match from our site method preferences crypto_methods() array + * @return string first match from our site method preferences Crypto::methods() array * of a method which is common to both sites; or 'aes256cbc' if no matches are found. */ static function best_algorithm($methods) { @@ -167,7 +167,7 @@ class Libzot { if ($methods) { $x = explode(',', $methods); if ($x) { - $y = crypto_methods(); + $y = Crypto::methods(); if ($y) { foreach ($y as $yv) { $yv = trim($yv); @@ -983,7 +983,7 @@ class Libzot { logger('Headers: ' . print_r($arr['header'], true), LOGGER_DATA, LOG_DEBUG); } - $x = crypto_unencapsulate($x, get_config('system', 'prvkey')); + $x = Crypto::unencapsulate($x, get_config('system', 'prvkey')); if (!is_array($x)) { $x = json_decode($x, true); @@ -3020,7 +3020,7 @@ class Libzot { $ret['site']['directory_url'] = z_root() . '/dirsearch'; - $ret['site']['encryption'] = crypto_methods(); + $ret['site']['encryption'] = Crypto::methods(); $ret['site']['zot'] = System::get_zot_revision(); // hide detailed site information if you're off the grid @@ -3140,6 +3140,11 @@ class Libzot { ); } + // this site obviously isn't dead because they are trying to communicate with us. + q("update site set site_dead = 0 where site_dead = 1 and site_url = '%s' ", + dbesc($hub['hubloc_url']) + ); + return $hub['hubloc_url']; } diff --git a/Zotlabs/Lib/Zotfinger.php b/Zotlabs/Lib/Zotfinger.php index faaf28f35..840d91403 100644 --- a/Zotlabs/Lib/Zotfinger.php +++ b/Zotlabs/Lib/Zotfinger.php @@ -18,8 +18,8 @@ class Zotfinger { if($channel && $m) { - $headers = [ - 'Accept' => 'application/x-zot+json', + $headers = [ + 'Accept' => 'application/x-zot+json', 'Content-Type' => 'application/x-zot+json', 'X-Zot-Token' => random_string(), 'Digest' => HTTPSig::generate_digest_header($data), @@ -29,9 +29,9 @@ class Zotfinger { $h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false); } else { - $h = [ 'Accept: application/x-zot+json' ]; + $h = [ 'Accept: application/x-zot+json' ]; } - + $result = []; $redirects = 0; @@ -43,11 +43,11 @@ class Zotfinger { if ($verify) { $result['signature'] = HTTPSig::verify($x, EMPTY_STR, 'zot6'); } - + $result['data'] = json_decode($x['body'],true); if($result['data'] && is_array($result['data']) && array_key_exists('encrypted',$result['data']) && $result['data']['encrypted']) { - $result['data'] = json_decode(crypto_unencapsulate($result['data'],get_config('system','prvkey')),true); + $result['data'] = json_decode(Crypto::unencapsulate($result['data'],get_config('system','prvkey')),true); } logger('decrypted: ' . print_r($result,true)); diff --git a/Zotlabs/Module/Article_edit.php b/Zotlabs/Module/Article_edit.php index 635b3ce2a..efa02e1c1 100644 --- a/Zotlabs/Module/Article_edit.php +++ b/Zotlabs/Module/Article_edit.php @@ -63,9 +63,9 @@ class Article_edit extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -113,6 +113,7 @@ class Article_edit extends \Zotlabs\Web\Controller { 'post_id' => $post_id, 'visitor' => true, 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'summary' => htmlspecialchars($itm[0]['summary'],ENT_COMPAT,'UTF-8'), 'placeholdertitle' => t('Title (optional)'), 'pagetitle' => $card_title, 'profile_uid' => (intval($channel['channel_id'])), diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index 3f726ebb9..9152f0e0e 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -15,7 +15,7 @@ require_once('include/opengraph.php'); class Articles extends Controller { function init() { - + if(argc() > 1) $which = argv(1); @@ -28,13 +28,13 @@ class Articles extends Controller { return; } } - + profile_load($which); - + } - + function get($update = 0, $load = false) { - + if(observer_prohibited(true)) { return login(); } @@ -56,7 +56,7 @@ class Articles extends Controller { nav_set_selected('Articles'); - head_add_link([ + head_add_link([ 'rel' => 'alternate', 'type' => 'application/json+oembed', 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string), @@ -65,7 +65,7 @@ class Articles extends Controller { $category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : ''); - + if($category) { $sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY)); } @@ -74,24 +74,24 @@ class Articles extends Controller { $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); $which = argv(1); - + $selected_card = ((argc() > 2) ? argv(2) : ''); $_SESSION['return_url'] = App::$query_string; - + $uid = local_channel(); $owner = App::$profile_uid; $observer = App::get_observer(); - + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + if(! perm_is_allowed($owner,$ob_hash,'view_pages')) { notice( t('Permission denied.') . EOL); return; } - + $is_owner = ($uid && $uid == $owner); - + $channel = channelx_by_n($owner); if($channel) { @@ -105,7 +105,7 @@ class Articles extends Controller { else { $channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ]; } - + if(perm_is_allowed($owner,$ob_hash,'write_pages')) { @@ -114,16 +114,15 @@ class Articles extends Controller { 'webpage' => ITEM_TYPE_ARTICLE, 'is_owner' => true, 'content_label' => t('Add Article'), - 'button' => t('Create'), + 'button' => t('Save'), 'nickname' => $channel['channel_address'], - 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl, false, + 'acl' => (($is_owner) ? populate_acl($channel_acl, false, PermissionDescription::fromGlobalPermission('view_pages')) : ''), 'permissions' => $channel_acl, 'showacl' => (($is_owner) ? true : false), 'visitor' => true, - 'body' => '[summary][/summary]', 'hide_location' => false, 'hide_voting' => false, 'profile_uid' => intval($owner), @@ -147,12 +146,12 @@ class Articles extends Controller { else { $editor = ''; } - + $itemspage = get_pconfig(local_channel(),'system','itemspage'); App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start'])); - + $sql_extra = item_permissions_sql($owner); $sql_item = ''; @@ -176,8 +175,8 @@ class Articles extends Controller { $sql_extra2 .= " and item.item_thread_top != 0 "; } - $r = q("select * from item - where item.uid = %d and item_type = %d + $r = q("select * from item + where item.uid = %d and item_type = %d $sql_extra $sql_extra2 $sql_item order by item.created desc $pager_sql", intval($owner), intval(ITEM_TYPE_ARTICLE) @@ -214,7 +213,7 @@ class Articles extends Controller { opengraph_add_meta((! empty($items) ? $r[0] : []), $channel); $mode = 'articles'; - + if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card)) $page_mode = 'pager_list'; else diff --git a/Zotlabs/Module/Card_edit.php b/Zotlabs/Module/Card_edit.php index e01e70fdb..c57a0f043 100644 --- a/Zotlabs/Module/Card_edit.php +++ b/Zotlabs/Module/Card_edit.php @@ -63,9 +63,9 @@ class Card_edit extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -114,6 +114,7 @@ class Card_edit extends \Zotlabs\Web\Controller { 'post_id' => $post_id, 'visitor' => true, 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'summary' => htmlspecialchars($itm[0]['summary'],ENT_COMPAT,'UTF-8'), 'placeholdertitle' => t('Title (optional)'), 'pagetitle' => $card_title, 'profile_uid' => (intval($channel['channel_id'])), diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index c44f7942b..8f47208ce 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -110,7 +110,7 @@ class Cards extends Controller { 'webpage' => ITEM_TYPE_CARD, 'is_owner' => true, 'content_label' => t('Add Card'), - 'button' => t('Create'), + 'button' => t('Save'), 'nickname' => $channel['channel_address'], 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 915e0ea60..a513523a7 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -6,6 +6,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Activity; use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\PermissionDescription; use Zotlabs\Web\Controller; @@ -70,7 +71,7 @@ class Channel extends Controller { ); if ($s) { - $data = json_encode(crypto_encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto']))); + $data = json_encode(Crypto::encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto']))); } } else { diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 582563451..44211c8b9 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -9,6 +9,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\Libsync; use Zotlabs\Daemon\Master; @@ -178,7 +179,7 @@ class Connedit extends Controller { if(! $is_self) { $signed = $orig_record[0]['abook_xchan'] . '.' . $rating . '.' . $rating_text; - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); $rated = ((intval($rating) || strlen($rating_text)) ? true : false); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 04aeb6d5c..2aa4f6548 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -269,17 +269,20 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; $r = q("SELECT item.id as item_id from item - WHERE mid = '%s' + WHERE ( (mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) - $sql_extra ) + OR uid = %d ) ) ) OR + (mid = '%s' $sql_extra ) ) $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid) + intval($sysid), + dbesc($target_item['parent_mid']) ); + + } } diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index 49b2892e8..c6cfc6dc4 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -58,9 +58,9 @@ class Editpost extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -95,6 +95,7 @@ class Editpost extends \Zotlabs\Web\Controller { 'defloc' => $channel['channel_location'], 'visitor' => true, 'title' => htmlspecialchars_decode($itm[0]['title'],ENT_COMPAT), + 'summary' => htmlspecialchars_decode($itm[0]['summary'],ENT_COMPAT), 'category' => $category, 'showacl' => false, 'profile_uid' => $owner_uid, diff --git a/Zotlabs/Module/Fhublocs.php b/Zotlabs/Module/Fhublocs.php index dcd399a1f..42dac5b12 100644 --- a/Zotlabs/Module/Fhublocs.php +++ b/Zotlabs/Module/Fhublocs.php @@ -15,12 +15,12 @@ class Fhublocs extends \Zotlabs\Web\Controller { if(! is_site_admin()) return; - + $o = ''; - + $r = q("select * from channel where channel_removed = 0"); $sitekey = get_config('system','pubkey'); - + if($r) { foreach($r as $rr) { @@ -38,14 +38,14 @@ class Fhublocs extends \Zotlabs\Web\Controller { if($found) { $o .= 'Hubloc exists for ' . $rr['channel_name'] . EOL; continue; - } + } } $y = q("select xchan_addr from xchan where xchan_hash = '%s' limit 1", dbesc($rr['channel_hash']) ); if($y) $primary_address = $y[0]['xchan_addr']; - + $hub_address = channel_reddress($rr); $primary = (($hub_address === $primary_address) ? 1 : 0); @@ -56,9 +56,9 @@ class Fhublocs extends \Zotlabs\Web\Controller { dbesc($rr['channel_hash']), dbesc(z_root()) ); - + // Create a verified hub location pointing to this site. - + /* $h = hubloc_store_lowlevel( [ @@ -69,7 +69,7 @@ class Fhublocs extends \Zotlabs\Web\Controller { 'hubloc_network' => 'zot', 'hubloc_primary' => $primary, 'hubloc_url' => z_root(), - 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$rr['channel_prvkey'])), + 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$rr['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => $sitekey @@ -99,11 +99,11 @@ class Fhublocs extends \Zotlabs\Web\Controller { $o . 'local hubloc created for ' . $rr['channel_name'] . EOL; else $o .= 'DB update failed for ' . $rr['channel_name'] . EOL; - + } - + return $o; - + } } } diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 20cc23ac0..28d7eabb5 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -1,6 +1,7 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Crypto; use Zotlabs\Web\HTTPSig; use Zotlabs\Lib\Libzot; @@ -106,7 +107,7 @@ class Getfile extends \Zotlabs\Web\Controller { killme(); } - if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { + if(! Crypto::verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { logger('verify failed.'); killme(); } diff --git a/Zotlabs/Module/Home.php b/Zotlabs/Module/Home.php index 7f2d6424d..2bfab986f 100644 --- a/Zotlabs/Module/Home.php +++ b/Zotlabs/Module/Home.php @@ -1,100 +1,114 @@ <?php + namespace Zotlabs\Module; +use App; +use Zotlabs\Lib\Libzot; +use Zotlabs\Web\Controller; +use Zotlabs\Web\HTTPSig; + require_once('include/items.php'); require_once('include/conversation.php'); - -class Home extends \Zotlabs\Web\Controller { +class Home extends Controller { function init() { - $ret = array(); - - call_hooks('home_init',$ret); + $ret = []; + + call_hooks('home_init', $ret); + + if (Libzot::is_zot_request()) { + $key = get_config('system', 'prvkey'); + $ret = json_encode(Libzot::site_info()); + + $headers = ['Content-Type' => 'application/x-zot+json', 'Digest' => HTTPSig::generate_digest_header($ret)]; + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $h = HTTPSig::create_sig($headers, $key, z_root()); + HTTPSig::set_headers($h); + + echo $ret; + killme(); + } $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); - - $channel = \App::get_channel(); - if(local_channel() && $channel && $channel['xchan_url'] && ! $splash) { + + $channel = App::get_channel(); + if (local_channel() && $channel && $channel['xchan_url'] && !$splash) { $dest = (($ret['startpage']) ? $ret['startpage'] : ''); - if(! $dest) - $dest = get_config('system','startpage'); - if(! $dest) + if (!$dest) + $dest = get_config('system', 'startpage'); + if (!$dest) $dest = z_root() . '/network'; - + goaway($dest); } - if(remote_channel() && (! $splash) && $_SESSION['atoken']) { + if (remote_channel() && (!$splash) && $_SESSION['atoken']) { $r = q("select * from atoken where atoken_id = %d", intval($_SESSION['atoken']) ); - if($r) { + if ($r) { $x = channelx_by_n($r[0]['atoken_uid']); - if($x) { + if ($x) { goaway(z_root() . '/channel/' . $x['channel_address']); } } - } + } - - if(get_account_id() && ! $splash) { + if (get_account_id() && !$splash) { goaway(z_root() . '/new_channel'); } - + } - - + function get($update = 0, $load = false) { - + $o = ''; - - - if(x($_SESSION,'theme')) + + if (x($_SESSION, 'theme')) unset($_SESSION['theme']); - if(x($_SESSION,'mobile_theme')) + if (x($_SESSION, 'mobile_theme')) unset($_SESSION['mobile_theme']); - + $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); - - call_hooks('home_content',$o); - if($o) + + call_hooks('home_content', $o); + if ($o) return $o; - - $frontpage = get_config('system','frontpage'); - if($frontpage) { - if(strpos($frontpage,'include:') !== false) { - $file = trim(str_replace('include:' , '', $frontpage)); - if(file_exists($file)) { - \App::$page['template'] = 'full'; - \App::$page['title'] = t('$Projectname'); - $o .= file_get_contents($file); + + $frontpage = get_config('system', 'frontpage'); + if ($frontpage) { + if (strpos($frontpage, 'include:') !== false) { + $file = trim(str_replace('include:', '', $frontpage)); + if (file_exists($file)) { + App::$page['template'] = 'full'; + App::$page['title'] = t('$Projectname'); + $o .= file_get_contents($file); return $o; } } - if(strpos($frontpage,'http') !== 0) + if (strpos($frontpage, 'http') !== 0) $frontpage = z_root() . '/' . $frontpage; - if(intval(get_config('system','mirror_frontpage'))) { + if (intval(get_config('system', 'mirror_frontpage'))) { $o = '<html><head><title>' . t('$Projectname') . '</title></head><body style="margin: 0; padding: 0; border: none;" ><iframe src="' . $frontpage . '" width="100%" height="100%" style="margin: 0; padding: 0; border: none;" ></iframe></body></html>'; echo $o; killme(); } goaway($frontpage); } - - - $sitename = get_config('system','sitename'); - if($sitename) - $o .= '<h1 class="home-welcome">' . sprintf( t('Welcome to %s') ,$sitename) . '</h1>'; - - $loginbox = get_config('system','login_on_homepage'); - if(intval($loginbox) || $loginbox === false) + + $sitename = get_config('system', 'sitename'); + if ($sitename) + $o .= '<h1 class="home-welcome">' . sprintf(t('Welcome to %s'), $sitename) . '</h1>'; + + $loginbox = get_config('system', 'login_on_homepage'); + if (intval($loginbox) || $loginbox === false) $o .= login(true); - + return $o; - + } - + } diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index f8fc366e0..8ef24b232 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -8,6 +8,7 @@ require_once('include/import.php'); require_once('include/perm_upgrade.php'); require_once('library/urlify/URLify.php'); +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; @@ -227,7 +228,7 @@ class Import extends \Zotlabs\Web\Controller { 'hubloc_network' => 'zot', 'hubloc_primary' => (($seize) ? 1 : 0), 'hubloc_url' => z_root(), - 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => get_config('system','pubkey'), @@ -256,7 +257,7 @@ class Import extends \Zotlabs\Web\Controller { 'hubloc_network' => 'zot6', 'hubloc_primary' => (($seize) ? 1 : 0), 'hubloc_url' => z_root(), - 'hubloc_url_sig' => 'sha256.' . base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'hubloc_url_sig' => 'sha256.' . base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/zot', 'hubloc_sitekey' => get_config('system','pubkey'), diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index b30adeb53..bc35ac452 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -821,18 +821,7 @@ class Item extends Controller { // and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) // we may need virtual or template classes to implement the possible alternatives - if(strpos($body,'[/summary]') !== false) { - $match = ''; - $cnt = preg_match("/\[summary\](.*?)\[\/summary\]/ism",$body,$match); - if($cnt) { - $summary .= $match[1]; - } - $body_content = preg_replace("/\[summary\](.*?)\[\/summary\]/ism", '',$body); - $body = trim($body_content); - } - $summary = cleanup_bbcode($summary); - $body = cleanup_bbcode($body); // Look for tags and linkify them @@ -887,15 +876,10 @@ class Item extends Controller { if(! $preview) { fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($summary,'[/crypt]')) ? $_POST['media_str'] : $summary),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - - fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - } - $attachments = ''; $match = false; @@ -933,10 +917,9 @@ class Item extends Controller { } } + // BBCODE end alert } - // BBCODE end alert - if(strlen($categories)) { $cats = explode(',',$categories); diff --git a/Zotlabs/Module/Pconfig.php b/Zotlabs/Module/Pconfig.php index b2b5d4386..8a71ab974 100644 --- a/Zotlabs/Module/Pconfig.php +++ b/Zotlabs/Module/Pconfig.php @@ -8,16 +8,16 @@ use Zotlabs\Lib\Libsync; class Pconfig extends \Zotlabs\Web\Controller { function post() { - + if(! local_channel()) return; - - + + if($_SESSION['delegate']) return; - + check_form_security_token_redirectOnErr('/pconfig', 'pconfig'); - + $cat = trim(escape_tags($_POST['cat'])); $k = trim(escape_tags($_POST['k'])); $v = trim($_POST['v']); @@ -27,16 +27,16 @@ class Pconfig extends \Zotlabs\Web\Controller { if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('|O:8:"stdClass":[0-9]+:{.*}$|s',$v)) { return; } - + if(in_array(argv(2),$this->disallowed_pconfig())) { notice( t('This setting requires special processing and editing has been blocked.') . EOL); return; } - + if(strpos($k,'password') !== false) { - $v = z_obscure($v); + $v = obscurify($v); } - + set_pconfig(local_channel(),$cat,$k,$v); Libsync::build_sync_packet(); @@ -46,24 +46,24 @@ class Pconfig extends \Zotlabs\Web\Controller { goaway(z_root() . '/pconfig/' . $cat . '/' . $k); } - - + + function get() { - + if(! local_channel()) { return login(); } - + $content = '<h3>' . t('Configuration Editor') . '</h3>'; $content .= '<div class="descriptive-paragraph">' . t('Warning: Changing some settings could render your channel inoperable. Please leave this page unless you are comfortable with and knowledgeable about how to correctly use this feature.') . '</div>' . EOL . EOL; - - - + + + if(argc() == 3) { $content .= '<a href="pconfig">pconfig[' . local_channel() . ']</a>' . EOL; $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '">pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . ']</a>' . EOL . EOL; $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '/' . escape_tags(argv(2)) . '" >pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . escape_tags(argv(2)) . ']</a> = ' . get_pconfig(local_channel(),escape_tags(argv(1)),escape_tags(argv(2))) . EOL; - + if(in_array(argv(2),$this->disallowed_pconfig())) { notice( t('This setting requires special processing and editing has been blocked.') . EOL); return $content; @@ -71,8 +71,8 @@ class Pconfig extends \Zotlabs\Web\Controller { else $content .= $this->pconfig_form(escape_tags(argv(1)),escape_tags(argv(2))); } - - + + if(argc() == 2) { $content .= '<a href="pconfig">pconfig[' . local_channel() . ']</a>' . EOL; load_pconfig(local_channel(),escape_tags(argv(1))); @@ -80,9 +80,9 @@ class Pconfig extends \Zotlabs\Web\Controller { $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '/' . $k . '" >pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . $k . ']</a> = ' . escape_tags($x) . EOL; } } - + if(argc() == 1) { - + $r = q("select * from pconfig where uid = " . local_channel()); if($r) { foreach($r as $rr) { @@ -91,33 +91,33 @@ class Pconfig extends \Zotlabs\Web\Controller { } } return $content; - + } - - + + function pconfig_form($cat,$k) { - + $o = '<form action="pconfig" method="post" >'; $o .= '<input type="hidden" name="form_security_token" value="' . get_form_security_token('pconfig') . '" />'; - + $v = get_pconfig(local_channel(),$cat,$k); - if(strpos($k,'password') !== false) - $v = z_unobscure($v); - + if(strpos($k,'password') !== false) + $v = unobscurify($v); + $o .= '<input type="hidden" name="cat" value="' . $cat . '" />'; $o .= '<input type="hidden" name="k" value="' . $k . '" />'; - + if(strpos($v,"\n")) $o .= '<textarea name="v" >' . escape_tags($v) . '</textarea>'; else $o .= '<input type="text" name="v" value="' . escape_tags($v) . '" />'; - - $o .= EOL . EOL; + + $o .= EOL . EOL; $o .= '<input type="submit" name="submit" value="' . t('Submit') . '" />'; $o .= '</form>'; - + return $o; - + } @@ -127,5 +127,5 @@ class Pconfig extends \Zotlabs\Web\Controller { 'permissions_role' ); } - + } diff --git a/Zotlabs/Module/Prate.php b/Zotlabs/Module/Prate.php index 2a8539ed0..8b71657b8 100644 --- a/Zotlabs/Module/Prate.php +++ b/Zotlabs/Module/Prate.php @@ -2,21 +2,23 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Crypto; + class Prate extends \Zotlabs\Web\Controller { function init() { if($_SERVER['REQUEST_METHOD'] === 'post') return; - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = argv(1); if(! $target) return; - + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc($target) @@ -25,34 +27,34 @@ class Prate extends \Zotlabs\Web\Controller { json_return_and_die(array('rating' => $r[0]['xlink_rating'],'rating_text' => $r[0]['xlink_rating_text'])); killme(); } - + function post() { - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = trim($_REQUEST['target']); if(! $target) return; - + if($target === $channel['channel_hash']) return; - + $rating = intval($_POST['rating']); if($rating < (-10)) $rating = (-10); if($rating > 10) $rating = 10; - + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - + $signed = $target . '.' . $rating . '.' . $rating_text; - - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); - - + + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); + + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($target) @@ -87,19 +89,19 @@ class Prate extends \Zotlabs\Web\Controller { if($record) { \Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record)); } - + json_return_and_die(array('result' => true));; } - - - - - - - - - - - - + + + + + + + + + + + + } diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index d338b08ea..3bc4dac72 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -3,6 +3,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Crypto; require_once('include/zot.php'); @@ -24,18 +25,18 @@ class Probe extends \Zotlabs\Web\Controller { nav_set_selected('Remote Diagnostics'); $o .= '<h3>Remote Diagnostics</h3>'; - + $o .= '<form action="probe" method="get">'; $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" />'; - $o .= '<input type="submit" name="submit" value="Submit" /></form>'; - + $o .= '<input type="submit" name="submit" value="Submit" /></form>'; + $o .= '<br /><br />'; - + if(x($_GET,'addr')) { $channel = App::get_channel(); $addr = trim($_GET['addr']); $do_import = ((intval($_GET['import']) && is_site_admin()) ? true : false); - + $j = \Zotlabs\Zot\Finger::run($addr,$channel,false); $o .= '<pre>'; @@ -43,17 +44,17 @@ class Probe extends \Zotlabs\Web\Controller { $o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n"; $j = \Zotlabs\Zot\Finger::run($addr,$channel,true); if(! $j['success']) { - return $o; + return $o; } } if($do_import && $j) $x = import_xchan($j); if($j && $j['permissions'] && $j['permissions']['iv']) - $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); + $j['permissions'] = json_decode(Crypto::unencapsulate($j['permissions'],$channel['channel_prvkey']),true); $o .= str_replace("\n",'<br />',print_r($j,true)); $o .= '</pre>'; } return $o; } - + } diff --git a/Zotlabs/Module/Rate.php b/Zotlabs/Module/Rate.php index c03aaa54f..d29c370fc 100644 --- a/Zotlabs/Module/Rate.php +++ b/Zotlabs/Module/Rate.php @@ -3,21 +3,23 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Crypto; + class Rate extends \Zotlabs\Web\Controller { function init() { - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = $_REQUEST['target']; if(! $target) return; - + \App::$data['target'] = $target; - + if($target) { $r = q("SELECT * FROM xchan where xchan_hash like '%s' LIMIT 1", dbesc($target) @@ -36,43 +38,43 @@ class Rate extends \Zotlabs\Web\Controller { } } } - - + + return; - + } - - + + function post() { - + if(! local_channel()) return; - + if(! \App::$data['target']) return; - + if(! $_REQUEST['execute']) return; - + $channel = \App::get_channel(); - + $rating = intval($_POST['rating']); if($rating < (-10)) $rating = (-10); if($rating > 10) $rating = 10; - + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - + $signed = \App::$data['target'] . '.' . $rating . '.' . $rating_text; - - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); - + + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc(\App::$data['target']) ); - + if($z) { $record = $z[0]['xlink_id']; $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' @@ -100,39 +102,39 @@ class Rate extends \Zotlabs\Web\Controller { if($z) $record = $z[0]['xlink_id']; } - + if($record) { \Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record)); } - + } - + function get() { - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + // if(! \App::$data['target']) { // notice( t('No recipients.') . EOL); // return; // } - + $rating_enabled = get_config('system','rating_enabled'); if(! $rating_enabled) { notice('Ratings are disabled on this site.'); return; } - + $channel = \App::get_channel(); - + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc(\App::$data['target']) ); if($r) { - \App::$data['xlink'] = $r[0]; + \App::$data['xlink'] = $r[0]; $rating_val = $r[0]['xlink_rating']; $rating_text = $r[0]['xlink_rating_text']; } @@ -140,7 +142,7 @@ class Rate extends \Zotlabs\Web\Controller { $rating_val = 0; $rating_text = ''; } - + if($rating_enabled) { $rating = replace_macros(get_markup_template('rating_slider.tpl'),array( '$min' => -10, @@ -150,7 +152,7 @@ class Rate extends \Zotlabs\Web\Controller { else { $rating = false; } - + $o = replace_macros(get_markup_template('rating_form.tpl'),array( '$header' => t('Rating'), '$website' => t('Website:'), @@ -165,8 +167,8 @@ class Rate extends \Zotlabs\Web\Controller { '$slide' => $slide, '$submit' => t('Submit') )); - + return $o; - + } } diff --git a/Zotlabs/Render/SmartyInterface.php b/Zotlabs/Render/SmartyInterface.php index a40effecf..d80ea3f3a 100644 --- a/Zotlabs/Render/SmartyInterface.php +++ b/Zotlabs/Render/SmartyInterface.php @@ -35,7 +35,7 @@ class SmartyInterface extends Smarty { $this->right_delimiter = App::get_template_rdelim('smarty3'); // Don't report errors so verbosely - $this->error_reporting = E_ALL & (~E_NOTICE); + $this->error_reporting = E_ALL & ~E_WARNING & ~E_NOTICE; } function parsed($template = '') { diff --git a/Zotlabs/Update/_1242.php b/Zotlabs/Update/_1242.php new file mode 100644 index 000000000..c2c9a66d0 --- /dev/null +++ b/Zotlabs/Update/_1242.php @@ -0,0 +1,21 @@ +<?php + +namespace Zotlabs\Update; + +class _1242 { + + function run() { + $p = dbq("SELECT * FROM pconfig WHERE k LIKE '%password%'"); + foreach ($p as $pp) { + if ($pp['v'][0] === '{') { + $a = json_decode($pp['v'], true); + if (isset($a['encrypted'])) { + $v = crypto_unencapsulate($a, get_config('system', 'prvkey')); + set_pconfig($pp['uid'], $pp['cat'], $pp['k'], obscurify($v)); + } + } + } + return UPDATE_SUCCESS; + } + +}
\ No newline at end of file diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 8dd999e59..2535c9016 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -3,6 +3,7 @@ namespace Zotlabs\Web; use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Keyutils; use Zotlabs\Lib\Webfinger; use Zotlabs\Lib\Libzot; @@ -157,7 +158,7 @@ class HTTPSig { return $result; } - $x = rsa_verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm); + $x = Crypto::verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm); logger('verified: ' . $x, LOGGER_DEBUG); @@ -171,7 +172,7 @@ class HTTPSig { $fetched_key = self::get_key($key,$keytype,$result['signer'],true); if ($fetched_key && $fetched_key['public_key']) { - $y = rsa_verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm); + $y = Crypto::verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm); logger('verified: (cache reload) ' . $x, LOGGER_DEBUG); } @@ -417,7 +418,7 @@ class HTTPSig { $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; if($encryption) { - $x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']); + $x = Crypto::encapsulate($headerval,$encryption['key'],$encryption['algorithm']); if(is_array($x)) { $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; } @@ -491,7 +492,7 @@ class HTTPSig { $headers = rtrim($headers,"\n"); } - $sig = base64_encode(rsa_sign($headers,$prvkey,$alg)); + $sig = base64_encode(Crypto::sign($headers,$prvkey,$alg)); $ret['headers'] = $fields; $ret['signature'] = $sig; @@ -567,7 +568,7 @@ class HTTPSig { $data = $matches[1]; if($iv && $key && $alg && $data) { - return crypto_unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey); + return Crypto::unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey); } return ''; diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 96bf131b8..a6a841ccb 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -2,6 +2,7 @@ namespace Zotlabs\Web; +use App; use Zotlabs\Extend\Route; use Exception; @@ -43,7 +44,7 @@ class Router { */ function __construct() { - $module = \App::$module; + $module = App::$module; $modname = "Zotlabs\\Module\\" . ucfirst($module); if(strlen($module)) { @@ -60,7 +61,7 @@ class Router { include_once($route[0]); if(class_exists($modname)) { $this->controller = new $modname; - \App::$module_loaded = true; + App::$module_loaded = true; } } } @@ -68,15 +69,15 @@ class Router { // legacy plugins - this can be removed when they have all been converted - if(! (\App::$module_loaded)) { - if(is_array(\App::$plugins) && in_array($module,\App::$plugins) && file_exists("addon/{$module}/{$module}.php")) { + if(! (App::$module_loaded)) { + if(is_array(App::$plugins) && in_array($module, App::$plugins) && file_exists("addon/{$module}/{$module}.php")) { include_once("addon/{$module}/{$module}.php"); if(class_exists($modname)) { $this->controller = new $modname; - \App::$module_loaded = true; + App::$module_loaded = true; } elseif(function_exists($module . '_module')) { - \App::$module_loaded = true; + App::$module_loaded = true; } } } @@ -86,40 +87,40 @@ class Router { * Otherwise, look for the standard program module */ - if(! (\App::$module_loaded)) { + if(! (App::$module_loaded)) { try { $filename = 'Zotlabs/SiteModule/'. ucfirst($module). '.php'; if(file_exists($filename)) { // This won't be picked up by the autoloader, so load it explicitly require_once($filename); $this->controller = new $modname; - \App::$module_loaded = true; + App::$module_loaded = true; } else { $filename = 'Zotlabs/Module/'. ucfirst($module). '.php'; if(file_exists($filename)) { $this->controller = new $modname; - \App::$module_loaded = true; + App::$module_loaded = true; } } - if(! \App::$module_loaded) - throw new \Exception('Module not found'); + if(! App::$module_loaded) + throw new Exception('Module not found'); } - catch(\Exception $e) { + catch(Exception $e) { if(file_exists("mod/site/{$module}.php")) { include_once("mod/site/{$module}.php"); - \App::$module_loaded = true; + App::$module_loaded = true; } elseif(file_exists("mod/{$module}.php")) { include_once("mod/{$module}.php"); - \App::$module_loaded = true; + App::$module_loaded = true; } } } $x = [ 'module' => $module, - 'installed' => \App::$module_loaded, + 'installed' => App::$module_loaded, 'controller' => $this->controller ]; /** @@ -136,7 +137,7 @@ class Router { */ call_hooks('module_loaded', $x); if($x['installed']) { - \App::$module_loaded = true; + App::$module_loaded = true; $this->controller = $x['controller']; } @@ -144,7 +145,7 @@ class Router { * The URL provided does not resolve to a valid module. */ - if(! (\App::$module_loaded)) { + if(! (App::$module_loaded)) { // undo the setting of a letsencrypt acme-challenge rewrite rule // which blocks access to our .well-known routes. @@ -160,7 +161,7 @@ class Router { $x = [ 'module' => $module, - 'installed' => \App::$module_loaded, + 'installed' => App::$module_loaded, 'controller' => $this->controller ]; call_hooks('page_not_found',$x); @@ -181,14 +182,14 @@ class Router { header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found'); $tpl = get_markup_template('404.tpl'); - \App::$page['content'] = replace_macros($tpl, array( + App::$page['content'] = replace_macros($tpl, array( '$message' => t('Page not found.') )); // pretend this is a module so it will initialise the theme - \App::$module = '404'; - \App::$module_loaded = true; - \App::$error = true; + App::$module = '404'; + App::$module_loaded = true; + App::$error = true; } } } @@ -203,9 +204,9 @@ class Router { * Call module functions */ - if(\App::$module_loaded) { + if(App::$module_loaded) { - \App::$page['page_title'] = \App::$module; + App::$page['page_title'] = App::$module; $placeholder = ''; /* @@ -216,13 +217,13 @@ class Router { */ $arr = array('init' => true, 'replace' => false); - call_hooks(\App::$module . '_mod_init', $arr); + call_hooks(App::$module . '_mod_init', $arr); if(! $arr['replace']) { if($this->controller && method_exists($this->controller,'init')) { $this->controller->init(); } - elseif(function_exists(\App::$module . '_init')) { - $func = \App::$module . '_init'; + elseif(function_exists(App::$module . '_init')) { + $func = App::$module . '_init'; $func($a); } } @@ -258,41 +259,41 @@ class Router { $func = str_replace('-', '_', $current_theme[0]) . '_init'; $func($a); } - elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) { - require_once('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php'); - if(function_exists(str_replace('-', '_', \App::$theme_info['extends']) . '_init')) { - $func = str_replace('-', '_', \App::$theme_info['extends']) . '_init'; + elseif (x(App::$theme_info, 'extends') && file_exists('view/theme/' . App::$theme_info['extends'] . '/php/theme.php')) { + require_once('view/theme/' . App::$theme_info['extends'] . '/php/theme.php'); + if(function_exists(str_replace('-', '_', App::$theme_info['extends']) . '_init')) { + $func = str_replace('-', '_', App::$theme_info['extends']) . '_init'; $func($a); } } - if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error) && (! x($_POST, 'auth-params'))) { - call_hooks(\App::$module . '_mod_post', $_POST); + if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! App::$error) && (! x($_POST, 'auth-params'))) { + call_hooks(App::$module . '_mod_post', $_POST); if($this->controller && method_exists($this->controller,'post')) { $this->controller->post(); } - elseif(function_exists(\App::$module . '_post')) { - $func = \App::$module . '_post'; + elseif(function_exists(App::$module . '_post')) { + $func = App::$module . '_post'; $func($a); } } - if(! \App::$error) { - $arr = array('content' => \App::$page['content'], 'replace' => false); - call_hooks(\App::$module . '_mod_content', $arr); + if(! App::$error) { + $arr = array('content' => App::$page['content'], 'replace' => false); + call_hooks(App::$module . '_mod_content', $arr); if(! $arr['replace']) { if($this->controller && method_exists($this->controller,'get')) { $arr = array('content' => $this->controller->get()); } - elseif(function_exists(\App::$module . '_content')) { - $func = \App::$module . '_content'; + elseif(function_exists(App::$module . '_content')) { + $func = App::$module . '_content'; $arr = array('content' => $func($a)); } } - call_hooks(\App::$module . '_mod_aftercontent', $arr); - \App::$page['content'] = (($arr['replace']) ? $arr['content'] : \App::$page['content'] . $arr['content']); + call_hooks(App::$module . '_mod_aftercontent', $arr); + App::$page['content'] = ((isset($arr['replace'])) ? $arr['content'] : App::$page['content'] . $arr['content']); } } } diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index ac792dd69..de0d5a883 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -112,7 +112,7 @@ class WebServer { // now that we've been through the module content, see if the page reported // a permission problem and if so, a 403 response would seem to be in order. - if(is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { + if(isset($_SESSION['sysmsg']) && is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.')); } @@ -137,9 +137,9 @@ class WebServer { private function create_channel_links() { - /* Initialise the Link: response header if this is a channel page. + /* Initialise the Link: response header if this is a channel page. * This cannot be done inside the channel module because some protocol - * addons over-ride the module functions and these links are common + * addons over-ride the module functions and these links are common * to all protocol drivers; thus doing it here avoids duplication. */ @@ -156,7 +156,7 @@ class WebServer { 'url' => z_root() . '/.well-known/webfinger?f=&resource=acct%3A' . argv(1) . '%40' . \App::get_hostname() ], ]; - $x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ]; + $x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ]; call_hooks('channel_links', $x ); \App::$channel_links = $x['channel_links']; header('Link: ' . \App::get_channel_links()); diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php index 8d198f506..6ce2174f7 100644 --- a/Zotlabs/Zot/Auth.php +++ b/Zotlabs/Zot/Auth.php @@ -2,6 +2,8 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; + class Auth { protected $test; @@ -68,7 +70,7 @@ class Auth { if(strstr($this->desturl,z_root() . '/rmagic')) goaway(z_root()); - $this->Finalise(); + $this->Finalise(); } @@ -76,7 +78,7 @@ class Auth { // Try and find a hubloc for the person attempting to auth. // Since we're matching by address, we have to return all entries - // some of which may be from re-installed hubs; and we'll need to + // some of which may be from re-installed hubs; and we'll need to // try each sequentially to see if one can pass the test $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash @@ -130,9 +132,9 @@ class Auth { // Also check that they are coming from the same site as they authenticated with originally. - $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel()) + $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel()) && ($hubloc['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); - + if($this->delegate && $this->delegate !== $_SESSION['delegate_channel']) $already_authed = false; @@ -158,17 +160,17 @@ class Auth { return false; } - // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the // site private key - // The actual channel sending the packet ($c[0]) is not important, but this provides a + // The actual channel sending the packet ($c[0]) is not important, but this provides a // generic zot packet with a sender which can be verified $x = q("select site_crypto from site where site_url = '%s' limit 1", dbesc($hubloc['hubloc_url']) ); - $p = zot_build_packet($channel,$type = 'auth_check', - array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), + $p = zot_build_packet($channel,$type = 'auth_check', + array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), $hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec); $this->Debug('auth check packet created using sitekey ' . $hubloc['hubloc_sitekey']); @@ -192,12 +194,12 @@ class Auth { $this->Debug('auth check request returned ' . print_r($j, true)); - if(! $j['success']) + if(! $j['success']) return false; // legit response, but we do need to check that this wasn't answered by a man-in-middle - if (! rsa_verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) { + if (! Crypto::verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) { logger('final confirmation failed.'); if($this->test) $this->Debug('final confirmation failed. ' . $sec . print_r($j,true) . print_r($hubloc,true)); @@ -290,7 +292,7 @@ class Auth { * Magic Auth * ========== * - * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), + * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), * a redirection is made via $mysite/magic to the zot endpoint of the remote site ($remotesite) with special GET parameters. * * The endpoint is typically https://$remotesite/post - or whatever was specified as the callback url in prior communications @@ -299,7 +301,7 @@ class Auth { * Five GET parameters are supplied: * * auth => the urlencoded webbie (channel@host.domain) of the channel requesting access * * dest => the desired destination URL (urlencoded) - * * sec => a random string which is also stored on $mysite for use during the verification phase. + * * sec => a random string which is also stored on $mysite for use during the verification phase. * * version => the zot revision * * delegate => optional urlencoded webbie of a local channel to invoke delegation rights for * @@ -336,8 +338,8 @@ class Auth { * } * \endcode * - * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see - * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the + * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see + * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the * destination channel's private key and base64url encoded. If everything checks out, a json packet is returned: * * \code{.json} @@ -351,10 +353,10 @@ class Auth { * \endcode * * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the - * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. - * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful - * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. - * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is + * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. + * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful + * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. + * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is * a string whose contents are not defined by protocol. Example: "basic" or "gold". * * @param[in,out] \App &$a diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index 778b701cd..cadde5415 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -2,6 +2,7 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; use Zotlabs\Web\HTTPSig; /** @@ -109,7 +110,7 @@ class Finger { $result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]); } } - } + } else { $rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token; @@ -135,7 +136,7 @@ class Finger { if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); if($signed_token) { - $valid = rsa_verify('token.' . self::$token, base64url_decode($signed_token), $x['key']); + $valid = Crypto::verify('token.' . self::$token, base64url_decode($signed_token), $x['key']); if(! $valid) { logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR); diff --git a/Zotlabs/Zot/Receiver.php b/Zotlabs/Zot/Receiver.php index c521c9d64..f0378b650 100644 --- a/Zotlabs/Zot/Receiver.php +++ b/Zotlabs/Zot/Receiver.php @@ -2,6 +2,8 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; + class Receiver { protected $data; @@ -30,7 +32,8 @@ class Receiver { $this->encrypted = ((array_key_exists('iv',$data)) ? true : false); if($this->encrypted) { - $this->data = @json_decode(@crypto_unencapsulate($data,$prvkey),true); + $data['encrypted'] = true; + $this->data = @json_decode(@Crypto::unencapsulate($data,$prvkey),true); } if(! $this->data) $this->data = $data; @@ -72,7 +75,7 @@ class Receiver { $this->validated = true; } - + function Dispatch() { /* Handle tasks which don't require sender validation */ @@ -144,8 +147,8 @@ class Receiver { * $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded. * * Once decrypted, one will find the normal json_encoded zot message packet. - * - * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup + * + * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup * * Standard packet: (used by notify, purge, refresh, force_refresh, and auth_check) * \code{.json} @@ -167,7 +170,7 @@ class Receiver { * \endcode * * Signature fields are all signed with the sender channel private key and base64url encoded. - * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private + * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates * a public message or visible to all potential listeners on this site. * @@ -186,7 +189,7 @@ class Receiver { * * In the pickup packet, the sig fields correspond to the respective data * element signed with this site's system private key and then base64url encoded. - * The "secret" is the same as the original secret from the notify packet. + * The "secret" is the same as the original secret from the notify packet. * * If verification is successful, a json structure is returned containing a * success indicator and an array of type 'pickup'. @@ -283,18 +286,18 @@ class Receiver { * } * \endcode * - * The ping packet can be used to verify that a site has not been re-installed, and to + * The ping packet can be used to verify that a site has not been re-installed, and to * initiate corrective action if it has. The url_sig is signed with the site private key * and base64url encoded - and this should verify with the enclosed sitekey. Failure to * verify indicates the site is corrupt or otherwise unable to communicate using zot. * This return packet is not otherwise verified, so should be compared with other * results obtained from this site which were verified prior to taking action. For instance - * if you have one verified result with this signature and key, and other records for this + * if you have one verified result with this signature and key, and other records for this * url which have different signatures and keys, it indicates that the site was re-installed * and corrective action may commence (remove or mark invalid any entries with different * signatures). * If you have no records which match this url_sig and key - no corrective action should - * be taken as this packet may have been returned by an imposter. + * be taken as this packet may have been returned by an imposter. * * @param[in,out] App &$a */ diff --git a/Zotlabs/Zot6/Receiver.php b/Zotlabs/Zot6/Receiver.php index a9a7ab0df..6440c5da5 100644 --- a/Zotlabs/Zot6/Receiver.php +++ b/Zotlabs/Zot6/Receiver.php @@ -3,6 +3,7 @@ namespace Zotlabs\Zot6; use Zotlabs\Lib\Config; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; use Zotlabs\Web\HTTPSig; @@ -70,7 +71,7 @@ class Receiver { $this->encrypted = ((array_key_exists('encrypted',$this->data) && intval($this->data['encrypted'])) ? true : false); if ($this->encrypted && $this->prvkey) { - $uncrypted = crypto_unencapsulate($this->data,$this->prvkey); + $uncrypted = Crypto::unencapsulate($this->data,$this->prvkey); if ($uncrypted) { $this->data = json_decode($uncrypted,true); } @@ -88,7 +89,7 @@ class Receiver { if ($this->error) { // make timing attacks on the decryption engine a bit more difficult usleep(mt_rand(10000,100000)); - return($this->response); + return($this->response); } if ($this->data) { @@ -126,7 +127,7 @@ class Receiver { $x = Libzot::register_hub($this->sigdata['signer']); if($x['success']) { $hub = Libzot::valid_hub($this->sender,$this->site_id); - } + } if(! $hub) { $this->response['message'] = 'sender unknown'; return false; @@ -168,8 +169,8 @@ class Receiver { } } return $result; - } - + } + function Dispatch() { switch ($this->messagetype) { @@ -207,13 +208,13 @@ class Receiver { $this->EncryptResponse(); } - return($this->response); + return($this->response); } function EncryptResponse() { $algorithm = Libzot::best_algorithm($this->hub['site_crypto']); if ($algorithm) { - $this->response = crypto_encapsulate(json_encode($this->response),$this->hub['hubloc_sitekey'], $algorithm); + $this->response = Crypto::encapsulate(json_encode($this->response),$this->hub['hubloc_sitekey'], $algorithm); } } |