aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfabrixxm <fabrix.xm@gmail.com>2011-08-22 13:56:08 +0200
committerfabrixxm <fabrix.xm@gmail.com>2011-08-22 13:56:08 +0200
commitd8bd4fbb3e38bf0ff9c7b61dba58e20c0d097d75 (patch)
treedbdc1dbffe5c56dcff18669e957f679b5ae37bb3 /include
parentafdc639f17f0f5e12f291b512ccc12b3df6b2acf (diff)
parent564ade0685470158ac487d9a9f18a21079c729bb (diff)
downloadvolse-hubzilla-d8bd4fbb3e38bf0ff9c7b61dba58e20c0d097d75.tar.gz
volse-hubzilla-d8bd4fbb3e38bf0ff9c7b61dba58e20c0d097d75.tar.bz2
volse-hubzilla-d8bd4fbb3e38bf0ff9c7b61dba58e20c0d097d75.zip
Merge branch 'master' into newui
Diffstat (limited to 'include')
-rw-r--r--include/Scrape.php119
-rw-r--r--include/api.php237
-rw-r--r--include/crypto.php61
-rw-r--r--include/diaspora.php315
-rw-r--r--include/items.php9
-rw-r--r--include/message.php96
-rw-r--r--include/network.php24
-rw-r--r--include/notifier.php28
-rw-r--r--include/security.php2
-rw-r--r--include/text.php42
-rw-r--r--include/zotfns.php2
11 files changed, 747 insertions, 188 deletions
diff --git a/include/Scrape.php b/include/Scrape.php
index bfe795e19..cc46af644 100644
--- a/include/Scrape.php
+++ b/include/Scrape.php
@@ -44,8 +44,9 @@ function scrape_dfrn($url) {
$x = $item->getAttribute('rel');
if(($x === 'alternate') && ($item->getAttribute('type') === 'application/atom+xml'))
$ret['feed_atom'] = $item->getAttribute('href');
- if(substr($x,0,5) == "dfrn-")
+ if(substr($x,0,5) == "dfrn-") {
$ret[$x] = $item->getAttribute('href');
+ }
if($x === 'lrdd') {
$decoded = urldecode($item->getAttribute('href'));
if(preg_match('/acct:([^@]*)@/',$decoded,$matches))
@@ -55,17 +56,28 @@ function scrape_dfrn($url) {
// Pull out hCard profile elements
+ $largest_photo = 0;
+
$items = $dom->getElementsByTagName('*');
foreach($items as $item) {
if(attribute_contains($item->getAttribute('class'), 'vcard')) {
$level2 = $item->getElementsByTagName('*');
foreach($level2 as $x) {
- if(attribute_contains($x->getAttribute('class'),'fn'))
+ if(attribute_contains($x->getAttribute('class'),'fn')) {
$ret['fn'] = $x->textContent;
- if(attribute_contains($x->getAttribute('class'),'photo'))
- $ret['photo'] = $x->getAttribute('src');
- if(attribute_contains($x->getAttribute('class'),'key'))
+ }
+ if((attribute_contains($x->getAttribute('class'),'photo'))
+ || (attribute_contains($x->getAttribute('class'),'avatar'))) {
+ $size = intval($x->getAttribute('width'));
+ // dfrn prefers 175, so if we find this, we set largest_size so it can't be topped.
+ if(($size > $largest_photo) || ($size == 175) || (! $largest_photo)) {
+ $ret['photo'] = $x->getAttribute('src');
+ $largest_photo = (($size == 175) ? 9999 : $size);
+ }
+ }
+ if(attribute_contains($x->getAttribute('class'),'key')) {
$ret['key'] = $x->textContent;
+ }
}
}
}
@@ -190,8 +202,9 @@ function scrape_vcard($url) {
}
}
if((attribute_contains($x->getAttribute('class'),'nickname'))
- || (attribute_contains($x->getAttribute('class'),'uid')))
+ || (attribute_contains($x->getAttribute('class'),'uid'))) {
$ret['nick'] = $x->textContent;
+ }
}
}
}
@@ -289,7 +302,29 @@ function scrape_feed($url) {
}}
-function probe_url($url) {
+/**
+ *
+ * Probe a network address to discover what kind of protocols we need to communicate with it.
+ *
+ * Warning: this function is a bit touchy and there are some subtle dependencies within the logic flow.
+ * Edit with care.
+ *
+ */
+
+/**
+ *
+ * PROBE_DIASPORA has a bias towards returning Diaspora information
+ * while PROBE_NORMAL has a bias towards dfrn/zot - in the case where
+ * an address (such as a Friendika address) supports more than one type
+ * of network.
+ *
+ */
+
+
+define ( 'PROBE_NORMAL', 0);
+define ( 'PROBE_DIASPORA', 1);
+
+function probe_url($url, $mode = PROBE_NORMAL) {
require_once('include/email.php');
$result = array();
@@ -366,7 +401,7 @@ function probe_url($url) {
}
}
}
- else {
+ elseif($mode == PROBE_NORMAL) {
// Check email
@@ -411,38 +446,46 @@ function probe_url($url) {
}
}
- if(strlen($zot)) {
- $s = fetch_url($zot);
- if($s) {
- $j = json_decode($s);
- if($j) {
- $network = NETWORK_ZOT;
- $vcard = array(
- 'fn' => $j->fullname,
- 'nick' => $j->nickname,
- 'photo' => $j->photo
- );
- $profile = $j->url;
- $notify = $j->post;
- $pubkey = $j->pubkey;
- $poll = 'N/A';
+ if($mode == PROBE_NORMAL) {
+ if(strlen($zot)) {
+ $s = fetch_url($zot);
+ if($s) {
+ $j = json_decode($s);
+ if($j) {
+ $network = NETWORK_ZOT;
+ $vcard = array(
+ 'fn' => $j->fullname,
+ 'nick' => $j->nickname,
+ 'photo' => $j->photo
+ );
+ $profile = $j->url;
+ $notify = $j->post;
+ $pubkey = $j->pubkey;
+ $poll = 'N/A';
+ }
}
}
- }
- if(strlen($dfrn)) {
- $ret = scrape_dfrn($dfrn);
- if(is_array($ret) && x($ret,'dfrn-request')) {
- $network = NETWORK_DFRN;
- $request = $ret['dfrn-request'];
- $confirm = $ret['dfrn-confirm'];
- $notify = $ret['dfrn-notify'];
- $poll = $ret['dfrn-poll'];
+ if(strlen($dfrn)) {
+ $ret = scrape_dfrn($dfrn);
+ if(is_array($ret) && x($ret,'dfrn-request')) {
+ $network = NETWORK_DFRN;
+ $request = $ret['dfrn-request'];
+ $confirm = $ret['dfrn-confirm'];
+ $notify = $ret['dfrn-notify'];
+ $poll = $ret['dfrn-poll'];
+
+ $vcard = array();
+ $vcard['fn'] = $ret['fn'];
+ $vcard['nick'] = $ret['nick'];
+ $vcard['photo'] = $ret['photo'];
+ }
}
}
if($diaspora && $diaspora_base && $diaspora_guid) {
- $notify = $diaspora_base . 'receive/post/' . $diaspora_guid;
+ if($mode == PROBE_DIASPORA || ! $notify)
+ $notify = $diaspora_base . 'receive/users/' . $diaspora_guid;
if(strpos($url,'@'))
$addr = str_replace('acct:', '', $url);
}
@@ -454,7 +497,7 @@ function probe_url($url) {
$network = NETWORK_OSTATUS;
$priority = 0;
- if($hcard) {
+ if($hcard && ! $vcard) {
$vcard = scrape_vcard($hcard);
// Google doesn't use absolute url in profile photos
@@ -498,10 +541,11 @@ function probe_url($url) {
logger('probe_url: scrape_feed returns: ' . print_r($feedret,true), LOGGER_DATA);
if(count($feedret) && ($feedret['feed_atom'] || $feedret['feed_rss'])) {
$poll = ((x($feedret,'feed_atom')) ? unamp($feedret['feed_atom']) : unamp($feedret['feed_rss']));
- $vcard = array();
+ if(! x($vcard))
+ $vcard = array();
}
- if(x($feedret,'photo'))
+ if(x($feedret,'photo') && (! x($vcard,'photo')))
$vcard['photo'] = $feedret['photo'];
require_once('library/simplepie/simplepie.inc');
$feed = new SimplePie();
@@ -518,9 +562,11 @@ function probe_url($url) {
if($feed->error())
logger('probe_url: scrape_feed: Error parsing XML: ' . $feed->error());
+
if(! x($vcard,'photo'))
$vcard['photo'] = $feed->get_image_url();
$author = $feed->get_author();
+
if($author) {
$vcard['fn'] = unxmlify(trim($author->get_name()));
if(! $vcard['fn'])
@@ -568,6 +614,7 @@ function probe_url($url) {
}
}
}
+
if((! $vcard['photo']) && strlen($email))
$vcard['photo'] = gravatar_img($email);
if($poll === $profile)
diff --git a/include/api.php b/include/api.php
index 7a44cf023..aa42313b2 100644
--- a/include/api.php
+++ b/include/api.php
@@ -196,6 +196,7 @@
$user = null;
$extra_query = "";
+
if(!is_null($contact_id)){
$user=$contact_id;
$extra_query = "AND `contact`.`id` = %d ";
@@ -332,7 +333,7 @@
'notifications' => false,
'following' => '', #XXX: fix me
'verified' => true, #XXX: fix me
- #'status' => null
+ 'status' => array()
);
return $ret;
@@ -352,11 +353,15 @@
return api_get_user($a,$a->contacts[$normalised]['id']);
}
// We don't know this person directly.
+
+ list($nick, $name) = array_map("trim",explode("(",$item['author-name']));
+ $name=str_replace(")","",$name);
+
$ret = array(
'uid' => 0,
'id' => 0,
- 'name' => $item['author-name'],
- 'screen_name' => $item['author_name'],
+ 'name' => $name,
+ 'screen_name' => $nick,
'location' => '', //$uinfo[0]['default-location'],
'profile_image_url' => $item['author-avatar'],
'url' => $item['author-link'],
@@ -385,7 +390,7 @@
'notifications' => false,
'verified' => true, #XXX: fix me
'followers' => '', #XXX: fix me
- #'status' => null
+ 'status' => array()
);
return $ret;
@@ -607,10 +612,17 @@
*/
function api_statuses_home_timeline(&$a, $type){
if (local_user()===false) return false;
-
+
$user_info = api_get_user($a);
// get last newtork messages
-// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
+
+ // params
+ $count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
+ $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
+ if ($page<0) $page=0;
+ $since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
+
+ $start = $page*$count;
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@@ -622,9 +634,11 @@
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
+ AND `item`.`id`>%d
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
- 0,20
+ intval($since_id),
+ intval($start), intval($count)
);
$ret = api_format_items($r,$user_info);
@@ -649,7 +663,15 @@
$user_info = api_get_user($a);
// get last newtork messages
-// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
+
+ // params
+ $count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
+ $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
+ if ($page<0) $page=0;
+ $since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
+
+ $start = $page*$count;
+
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@@ -662,9 +684,11 @@
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
+ AND `item`.`id`>%d
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
- 0,20
+ intval($since_id),
+ intval($start), intval($count)
);
$ret = api_format_items($r,$user_info);
@@ -688,7 +712,13 @@
$user_info = api_get_user($a);
// get last newtork messages
-// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
+
+ // params
+ $count = (x($_GET,'count')?$_GET['count']:20);
+ $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
+ if ($page<0) $page=0;
+
+ $start = $page*$count;
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@@ -703,7 +733,7 @@
$sql_extra
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
- 0,20
+ intval($start), intval($count)
);
$ret = api_format_items($r,$user_info);
@@ -735,8 +765,8 @@
$status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
$status = array(
'created_at'=> api_date($item['created']),
- 'published' => datetime_convert('UTC','UTC',$item['created'],ATOM_TIME),
- 'updated' => datetime_convert('UTC','UTC',$item['edited'],ATOM_TIME),
+ 'published' => api_date($item['created']),
+ 'updated' => api_date($item['edited']),
'id' => intval($item['id']),
'message_id' => $item['uri'],
'text' => strip_tags(bbcode($item['body'])),
@@ -780,6 +810,58 @@
}
api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true);
+ /**
+ * https://dev.twitter.com/docs/api/1/get/statuses/friends
+ * This function is deprecated by Twitter
+ * returns: json, xml
+ **/
+ function api_statuses_f(&$a, $type, $qtype) {
+ if (local_user()===false) return false;
+ $user_info = api_get_user($a);
+
+ if (x($_GET,'cursor') && $_GET['cursor']=='undefined'){
+ /* this is to stop Hotot to load friends multiple times
+ * I'm not sure if I'm missing return something or
+ * is a bug in hotot. Workaround, meantime
+ */
+
+ $ret=Array();
+ $data = array('$users' => $ret);
+ return api_apply_template("friends", $type, $data);
+ }
+
+ if($qtype == 'friends')
+ $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
+ if($qtype == 'followers')
+ $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
+
+ $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
+ intval(local_user())
+ );
+
+ $ret = array();
+ foreach($r as $cid){
+ $ret[] = api_get_user($a, $cid['id']);
+ }
+
+
+ $data = array('$users' => $ret);
+ return api_apply_template("friends", $type, $data);
+
+ }
+ function api_statuses_friends(&$a, $type){
+ return api_statuses_f($a,$type,"friends");
+ }
+ function api_statuses_followers(&$a, $type){
+ return api_statuses_f($a,$type,"followers");
+ }
+ api_register_func('api/statuses/friends','api_statuses_friends',true);
+ api_register_func('api/statuses/followers','api_statuses_followers',true);
+
+
+
+
+
function api_statusnet_config(&$a,$type) {
$name = $a->config['sitename'];
@@ -808,7 +890,6 @@
}
api_register_func('api/statusnet/config','api_statusnet_config',false);
-
function api_statusnet_version(&$a,$type) {
// liar
@@ -869,3 +950,131 @@
api_register_func('api/friends/ids','api_friends_ids',true);
api_register_func('api/followers/ids','api_followers_ids',true);
+
+ function api_direct_messages_new(&$a, $type) {
+ if (local_user()===false) return false;
+
+ if (!x($_POST, "text") || !x($_POST,"screen_name")) return;
+
+ $sender = api_get_user($a);
+
+ $r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'",
+ intval(local_user()),
+ dbesc($_POST['screen_name']));
+
+ $recipient = api_get_user($a, $r[0]['id']);
+
+
+ require_once("include/message.php");
+ $sub = ( (strlen($_POST['text'])>10)?substr($_POST['text'],0,10)."...":$_POST['text']);
+ $id = send_message($recipient['id'], $_POST['text'], $sub);
+
+
+ if ($id>-1) {
+ $r = q("SELECT * FROM `mail` WHERE id=%d", intval($id));
+ $item = $r[0];
+ $ret=Array(
+ 'id' => $item['id'],
+ 'created_at'=> api_date($item['created']),
+ 'sender_id'=> $sender['id'] ,
+ 'sender_screen_name'=> $sender['screen_name'],
+ 'sender'=> $sender,
+ 'recipient_id'=> $recipient['id'],
+ 'recipient_screen_name'=> $recipient['screen_name'],
+ 'recipient'=> $recipient,
+
+ 'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) ,
+
+ );
+
+ } else {
+ $ret = array("error"=>$id);
+ }
+
+ $data = Array('$messages'=>$ret);
+
+ switch($type){
+ case "atom":
+ case "rss":
+ $data = api_rss_extra($a, $data, $user_info);
+ }
+
+ return api_apply_template("direct_messages", $type, $data);
+
+ }
+ api_register_func('api/direct_messages/new','api_direct_messages_new',true);
+
+ function api_direct_messages_box(&$a, $type, $box) {
+ if (local_user()===false) return false;
+
+ $user_info = api_get_user($a);
+
+ // params
+ $count = (x($_GET,'count')?$_GET['count']:20);
+ $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
+ if ($page<0) $page=0;
+
+ $start = $page*$count;
+
+
+ if ($box=="sentbox") {
+ $sql_extra = "`from-url`='%s'";
+ } else {
+ $sql_extra = "`from-url`!='%s'";
+ }
+
+ $r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d",
+ intval(local_user()),
+ dbesc( $a->get_baseurl() . '/profile/' . $a->user['nickname'] ),
+ intval($start), intval($count)
+ );
+
+ $ret = Array();
+ foreach($r as $item){
+ switch ($box){
+ case "inbox":
+ $recipient = $user_info;
+ $sender = api_get_user($a,$item['contact-id']);
+ break;
+ case "sentbox":
+ $recipient = api_get_user($a,$item['contact-id']);
+ $sender = $user_info;
+ break;
+ }
+
+ $ret[]=Array(
+ 'id' => $item['id'],
+ 'created_at'=> api_date($item['created']),
+ 'sender_id'=> $sender['id'] ,
+ 'sender_screen_name'=> $sender['screen_name'],
+ 'sender'=> $sender,
+ 'recipient_id'=> $recipient['id'],
+ 'recipient_screen_name'=> $recipient['screen_name'],
+ 'recipient'=> $recipient,
+
+ 'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) ,
+
+ );
+
+ }
+
+
+ $data = array('$messages' => $ret);
+ switch($type){
+ case "atom":
+ case "rss":
+ $data = api_rss_extra($a, $data, $user_info);
+ }
+
+ return api_apply_template("direct_messages", $type, $data);
+
+ }
+
+ function api_direct_messages_sentbox(&$a, $type){
+ return api_direct_messages_box($a, $type, "sentbox");
+ }
+ function api_direct_messages_inbox(&$a, $type){
+ return api_direct_messages_box($a, $type, "inbox");
+ }
+ api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true);
+ api_register_func('api/direct_messages','api_direct_messages_inbox',true);
diff --git a/include/crypto.php b/include/crypto.php
index 1ab9e7b25..a20606db5 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -3,19 +3,20 @@
require_once('library/ASNValue.class.php');
require_once('library/asn1.php');
+// supported algorithms are 'sha256', 'sha1'
-function rsa_sign($data,$key) {
+function rsa_sign($data,$key,$alg = 'sha256') {
$sig = '';
- if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
- openssl_sign($data,$sig,$key,'sha256');
+ if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') {
+ openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
}
else {
if(strlen($key) < 1024 || extension_loaded('gmp')) {
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
- $rsa->setHash('sha256');
+ $rsa->setHash($alg);
$rsa->loadKey($key);
$sig = $rsa->sign($data);
}
@@ -27,17 +28,17 @@ function rsa_sign($data,$key) {
return $sig;
}
-function rsa_verify($data,$sig,$key) {
+function rsa_verify($data,$sig,$key,$alg = 'sha256') {
- if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
- $verify = openssl_verify($data,$sig,$key,'sha256');
+ if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') {
+ $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
}
else {
if(strlen($key) <= 300 || extension_loaded('gmp')) {
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
- $rsa->setHash('sha256');
+ $rsa->setHash($alg);
$rsa->loadKey($key);
$verify = $rsa->verify($data,$sig);
}
@@ -74,7 +75,7 @@ function DerToRsa($Der)
//Encode:
$Der = base64_encode($Der);
//Split lines:
- $lines = str_split($Der, 65);
+ $lines = str_split($Der, 64);
$body = implode("\n", $lines);
//Get title:
$title = 'RSA PUBLIC KEY';
@@ -182,3 +183,45 @@ function salmon_key($pubkey) {
pemtome($pubkey,$m,$e);
return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
}
+
+
+
+if(! function_exists('aes_decrypt')) {
+function aes_decrypt($val,$ky)
+{
+ $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+ for($a=0;$a<strlen($ky);$a++)
+ $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
+ $mode = MCRYPT_MODE_ECB;
+ $enc = MCRYPT_RIJNDAEL_128;
+ $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
+ return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
+}}
+
+
+if(! function_exists('aes_encrypt')) {
+function aes_encrypt($val,$ky)
+{
+ $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+ for($a=0;$a<strlen($ky);$a++)
+ $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
+ $mode=MCRYPT_MODE_ECB;
+ $enc=MCRYPT_RIJNDAEL_128;
+ $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
+ return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
+}}
+
+
+function pkcs5_pad ($text, $blocksize)
+{
+ $pad = $blocksize - (strlen($text) % $blocksize);
+ return $text . str_repeat(chr($pad), $pad);
+}
+
+function pkcs5_unpad($text)
+{
+ $pad = ord($text{strlen($text)-1});
+ if ($pad > strlen($text)) return false;
+ if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
+ return substr($text, 0, -1 * $pad);
+}
diff --git a/include/diaspora.php b/include/diaspora.php
index e089e3f04..f3adc608e 100644
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -4,25 +4,11 @@ require_once('include/crypto.php');
require_once('include/items.php');
function get_diaspora_key($uri) {
- $key = '';
-
logger('Fetching diaspora key for: ' . $uri);
- $arr = lrdd($uri);
-
- if(is_array($arr)) {
- foreach($arr as $a) {
- if($a['@attributes']['rel'] === 'diaspora-public-key') {
- $key = base64_decode($a['@attributes']['href']);
- }
- }
- }
- else {
- return '';
- }
-
- if($key)
- return rsatopem($key);
+ $r = find_diaspora_person_by_handle($uri);
+ if($r)
+ return $r['pubkey'];
return '';
}
@@ -40,14 +26,16 @@ function diaspora_base_message($type,$data) {
function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) {
$a = get_app();
+ logger('diaspora_msg_build: ' . $msg, LOGGER_DATA);
+
$inner_aes_key = random_string(32);
$b_inner_aes_key = base64_encode($inner_aes_key);
- $inner_iv = random_string(32);
+ $inner_iv = random_string(16);
$b_inner_iv = base64_encode($inner_iv);
$outer_aes_key = random_string(32);
$b_outer_aes_key = base64_encode($outer_aes_key);
- $outer_iv = random_string(32);
+ $outer_iv = random_string(16);
$b_outer_iv = base64_encode($outer_iv);
$handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
@@ -89,13 +77,20 @@ EOT;
$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv);
$outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key));
+
$encrypted_outer_key_bundle = '';
openssl_public_encrypt($outer_json,$encrypted_outer_key_bundle,$pubkey);
-
+
+ logger('outer_bundle_encrypt: ' . openssl_error_string());
$b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle);
+
+ logger('outer_bundle: ' . $b64_encrypted_outer_key_bundle . ' key: ' . $pubkey);
+
$encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle),
'ciphertext' => base64_encode($ciphertext)));
- $encrypted_header = '<encrypted_header>' . base64_encode($encrypted_header_json_object) . '</encrypted_header>';
+ $cipher_json = base64_encode($encrypted_header_json_object);
+
+ $encrypted_header = '<encrypted_header>' . $cipher_json . '</encrypted_header>';
$magic_env = <<< EOT
<?xml version='1.0' encoding='UTF-8'?>
@@ -110,6 +105,7 @@ $magic_env = <<< EOT
</entry>
EOT;
+ logger('diaspora_msg_build: magic_env: ' . $magic_env, LOGGER_DATA);
return $magic_env;
}
@@ -152,6 +148,7 @@ function diaspora_decode($importer,$xml) {
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv);
+
$decrypted = pkcs5_unpad($decrypted);
/**
@@ -202,7 +199,7 @@ function diaspora_decode($importer,$xml) {
// Add back the 60 char linefeeds
- // Diaspora devs: This completely violates the entire principle of salmon magic signatures,
+ // This completely violates the entire principle of salmon magic signatures,
// which was to have a message signing format that was completely ambivalent to linefeeds
// and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby
// use different linelengths for base64 output.
@@ -218,7 +215,7 @@ function diaspora_decode($importer,$xml) {
$encoding = $base->encoding;
$alg = $base->alg;
- // Diaspora devs: I can't even begin to tell you how sucky this is. Read the freaking spec.
+ // I can't even begin to tell you how sucky this is. Please read the spec.
$signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
@@ -241,12 +238,10 @@ function diaspora_decode($importer,$xml) {
}
// Once we have the author URI, go to the web and try to find their public key
- // *** or look it up locally ***
+ // (first this will look it up locally if it is in the fcontact cache)
+ // This will also convert diaspora public key from pkcs#1 to pkcs#8
logger('mod-diaspora: Fetching key for ' . $author_link );
-
- // Get diaspora public key (pkcs#1) and convert to pkcs#8
-
$key = get_diaspora_key($author_link);
if(! $key) {
@@ -278,21 +273,33 @@ function diaspora_get_contact_by_handle($uid,$handle) {
return false;
}
-function find_person_by_handle($handle) {
- // we don't care about the uid, we just want to save an expensive webfinger probe
- $r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1",
- dbesc(NETWORK_DIASPORA),
- dbesc($handle)
- );
- if(count($r))
+function find_diaspora_person_by_handle($handle) {
+ $r = q("select * from fcontact where network = '%s' and addr = '%s' limit 1",
+ dbesc(NETWORK_DIASPORA),
+ dbesc($handle)
+ );
+ if(count($r)) {
+ // update record occasionally so it doesn't get stale
+ $d = strtotime($r[0]['updated'] . ' +00:00');
+ if($d < strtotime('now - 14 days')) {
+ q("delete from fcontact where id = %d limit 1",
+ intval($r[0]['id'])
+ );
+ }
+ else
return $r[0];
- $r = probe_url($handle);
- // need to cached this, perhaps in fcontact
- if(count($r))
- return ($r);
- return false;
+ }
+ require_once('include/Scrape.php');
+ $r = probe_url($handle, PROBE_DIASPORA);
+ if((count($r)) && ($r['network'] === NETWORK_DIASPORA)) {
+ add_fcontact($r);
+ return ($r);
+ }
+ return false;
}
+
+
function diaspora_request($importer,$xml) {
$sender_handle = unxmlify($xml->sender_handle);
@@ -310,7 +317,7 @@ function diaspora_request($importer,$xml) {
// That makes us friends.
if($contact['rel'] == CONTACT_IS_FOLLOWER) {
- q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval(CONTACT_IS_FRIEND),
intval($contact['id']),
intval($importer['uid'])
@@ -320,8 +327,8 @@ function diaspora_request($importer,$xml) {
return;
}
- require_once('include/Scrape.php');
- $ret = probe_url($sender_handle);
+ $ret = find_diaspora_person_by_handle($sender_handle);
+
if((! count($ret)) || ($ret['network'] != NETWORK_DIASPORA)) {
logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle);
@@ -352,11 +359,12 @@ function diaspora_request($importer,$xml) {
$hash = random_string() . (string) time(); // Generate a confirm_key
if($contact_record) {
- $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`,`blocked`)
- VALUES ( %d, %d, 1, %d, '%s', '%s', '%s', 0 )",
+ $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime` )
+ VALUES ( %d, %d, %d, %d, '%s', '%s', '%s' )",
intval($importer['uid']),
intval($contact_record['id']),
0,
+ 0,
dbesc( t('Sharing notification from Diaspora network')),
dbesc($hash),
dbesc(datetime_convert())
@@ -483,7 +491,7 @@ function diaspora_comment($importer,$xml,$msg) {
dbesc($parent_guid)
);
if(! count($r)) {
- logger('diaspora_comment: parent item not found: ' . $guid);
+ logger('diaspora_comment: parent item not found: parent: ' . $parent_guid . ' item: ' . $guid);
return;
}
$parent_item = $r[0];
@@ -492,12 +500,12 @@ function diaspora_comment($importer,$xml,$msg) {
$author_signature = base64_decode($author_signature);
- if(stricmp($diaspora_handle,$msg['author']) == 0) {
+ if(strcasecmp($diaspora_handle,$msg['author']) == 0) {
$person = $contact;
$key = $msg['key'];
}
else {
- $person = find_person_by_handle($diaspora_handle);
+ $person = find_diaspora_person_by_handle($diaspora_handle);
if(is_array($person) && x($person,'pubkey'))
$key = $person['pubkey'];
@@ -507,11 +515,12 @@ function diaspora_comment($importer,$xml,$msg) {
}
}
- if(! rsa_verify($author_signed_data,$author_signature,$key)) {
+ if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) {
logger('diaspora_comment: verification failed.');
return;
}
+
if($parent_author_signature) {
$owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $msg['author'];
@@ -519,7 +528,7 @@ function diaspora_comment($importer,$xml,$msg) {
$key = $msg['key'];
- if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
+ if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) {
logger('diaspora_comment: owner verification failed.');
return;
}
@@ -578,14 +587,25 @@ function diaspora_comment($importer,$xml,$msg) {
$datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
$datarray['body'] = $body;
- item_store($datarray);
+ $message_id = item_store($datarray);
+ if(! $parent_author_signature) {
+ q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
+ intval($message_id),
+ dbesc($author_signed_data),
+ dbesc(base64_encode($author_signature)),
+ dbesc($diaspora_handle)
+ );
+ }
+
+ // notify others
return;
}
function diaspora_like($importer,$xml,$msg) {
+ $a = get_app();
$guid = notags(unxmlify($xml->guid));
$parent_guid = notags(unxmlify($xml->parent_guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
@@ -621,7 +641,7 @@ function diaspora_like($importer,$xml,$msg) {
$parent_item = $r[0];
- $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '$s' LIMIT 1",
+ $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
intval($importer['uid']),
dbesc($guid)
);
@@ -645,25 +665,25 @@ function diaspora_like($importer,$xml,$msg) {
return;
}
- $author_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $diaspora_handle;
+ $author_signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle;
$author_signature = base64_decode($author_signature);
- if(stricmp($diaspora_handle,$msg['author']) == 0) {
+ if(strcasecmp($diaspora_handle,$msg['author']) == 0) {
$person = $contact;
$key = $msg['key'];
}
else {
- $person = find_person_by_handle($diaspora_handle);
+ $person = find_diaspora_person_by_handle($diaspora_handle);
if(is_array($person) && x($person,'pubkey'))
$key = $person['pubkey'];
else {
- logger('diaspora_comment: unable to find author details');
+ logger('diaspora_like: unable to find author details');
return;
}
}
- if(! rsa_verify($author_signed_data,$author_signature,$key)) {
+ if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) {
logger('diaspora_like: verification failed.');
return;
}
@@ -675,7 +695,7 @@ function diaspora_like($importer,$xml,$msg) {
$key = $msg['key'];
- if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
+ if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) {
logger('diaspora_like: owner verification failed.');
return;
}
@@ -708,6 +728,7 @@ EOT;
$arr['uri'] = $uri;
$arr['uid'] = $importer['uid'];
+ $arr['guid'] = $guid;
$arr['contact-id'] = $contact['id'];
$arr['type'] = 'activity';
$arr['wall'] = $parent_item['wall'];
@@ -715,13 +736,13 @@ EOT;
$arr['parent'] = $parent_item['id'];
$arr['parent-uri'] = $parent_item['uri'];
- $datarray['owner-name'] = $contact['name'];
- $datarray['owner-link'] = $contact['url'];
- $datarray['owner-avatar'] = $contact['thumb'];
+ $arr['owner-name'] = $contact['name'];
+ $arr['owner-link'] = $contact['url'];
+ $arr['owner-avatar'] = $contact['thumb'];
- $datarray['author-name'] = $person['name'];
- $datarray['author-link'] = $person['url'];
- $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
+ $arr['author-name'] = $person['name'];
+ $arr['author-link'] = $person['url'];
+ $arr['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
$ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]';
$alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]';
@@ -736,12 +757,20 @@ EOT;
$arr['unseen'] = 1;
$arr['last-child'] = 0;
- $post_id = item_store($arr);
+ $message_id = item_store($arr);
+ if(! $parent_author_signature) {
+ q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
+ intval($message_id),
+ dbesc($author_signed_data),
+ dbesc(base64_encode($author_signature)),
+ dbesc($diaspora_handle)
+ );
+ }
// FIXME send notification
-
+ return;
}
function diaspora_retraction($importer,$xml) {
@@ -770,21 +799,22 @@ function diaspora_share($me,$contact) {
$tpl = get_markup_template('diaspora_share.tpl');
$msg = replace_macros($tpl, array(
- '$sender' => myaddr,
+ '$sender' => $myaddr,
'$recipient' => $theiraddr
));
- $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']));
+ $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey'])));
- post_url($contact['notify'],$slap);
+ post_url($contact['notify'] . '/',$slap);
$return_code = $a->get_curl_code();
+ logger('diaspora_send_share: returns: ' . $return_code);
return $return_code;
}
function diaspora_send_status($item,$owner,$contact) {
$a = get_app();
- $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
+ $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$theiraddr = $contact['addr'];
require_once('include/bbcode.php');
@@ -805,11 +835,154 @@ function diaspora_send_status($item,$owner,$contact) {
logger('diaspora_send_status: base message: ' . $msg, LOGGER_DATA);
- $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']));
+ $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])));
- post_url($contact['notify'],$slap);
+ post_url($contact['notify'] . '/',$slap);
$return_code = $a->get_curl_code();
logger('diaspora_send_status: returns: ' . $return_code);
return $return_code;
}
+
+function diaspora_send_followup($item,$owner,$contact) {
+
+ $a = get_app();
+ $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
+ $theiraddr = $contact['addr'];
+
+ $p = q("select guid from item where parent = %d limit 1",
+ $item['parent']
+ );
+ if(count($p))
+ $parent_guid = $p[0]['guid'];
+ else
+ return;
+
+ if($item['verb'] === ACTIVITY_LIKE) {
+ $tpl = get_markup_template('diaspora_like.tpl');
+ $like = true;
+ $target_type = 'Post';
+ $positive = (($item['deleted']) ? 'false' : 'true');
+ }
+ else {
+ $tpl = get_markup_template('diaspora_comment.tpl');
+ $like = false;
+ }
+
+ $text = bbcode($item['body']);
+
+ // sign it
+
+ if($like)
+ $signed_text = $item['guid'] . ';' . $target_type . ';' . $positive . ';' . $myaddr;
+ else
+ $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr;
+
+ $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha');
+
+ $msg = replace_macros($tpl,array(
+ '$guid' => xmlify($item['guid']),
+ '$parent_guid' => xmlify($parent_guid),
+ '$target_type' =>xmlify($target_type),
+ '$authorsig' => xmlify($authorsig),
+ '$body' => xmlify($text),
+ '$positive' => xmlify($positive),
+ '$handle' => xmlify($myaddr)
+ ));
+
+ logger('diaspora_followup: base message: ' . $msg, LOGGER_DATA);
+
+ $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])));
+
+ post_url($contact['notify'] . '/',$slap);
+ $return_code = $a->get_curl_code();
+ logger('diaspora_send_followup: returns: ' . $return_code);
+ return $return_code;
+
+}
+
+
+function diaspora_send_relay($item,$owner,$contact) {
+
+
+ $a = get_app();
+ $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
+ $theiraddr = $contact['addr'];
+
+
+ $p = q("select guid from item where parent = %d limit 1",
+ $item['parent']
+ );
+ if(count($p))
+ $parent_guid = $p[0]['guid'];
+ else
+ return;
+
+ // fetch the original signature
+ $r = q("select * from sign where iid = %d limit 1",
+ intval($item['id'])
+ );
+ if(! count($r))
+ return;
+ $orig_sign = $r[0];
+
+ if($item['verb'] === ACTIVITY_LIKE) {
+ $tpl = get_markup_template('diaspora_like_relay.tpl');
+ $like = true;
+ $target_type = 'Post';
+ $positive = (($item['deleted']) ? 'false' : 'true');
+ }
+ else {
+ $tpl = get_markup_template('diaspora_comment_relay.tpl');
+ $like = false;
+ }
+
+ $text = bbcode($item['body']);
+
+ // sign it
+
+ if($like)
+ $parent_signed_text = $orig_sign['signed_text'];
+ else
+ $parent_signed_text = $orig_sign['signed_text'];
+
+ $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha'));
+
+ $msg = replace_macros($tpl,array(
+ '$guid' => xmlify($item['guid']),
+ '$parent_guid' => xmlify($parent_guid),
+ '$target_type' =>xmlify($target_type),
+ '$authorsig' => xmlify($orig_sign['signature']),
+ '$parentsig' => xmlify($parentauthorsig),
+ '$text' => xmlify($text),
+ '$positive' => xmlify($positive),
+ '$diaspora_handle' => xmlify($myaddr)
+ ));
+
+ // fetch the original signature
+ $r = q("select * from sign where iid = %d limit 1",
+ intval($item['id'])
+ );
+ if(! count($r))
+ return;
+
+ logger('diaspora_relay_comment: base message: ' . $msg, LOGGER_DATA);
+
+ $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])));
+
+ post_url($contact['notify'] . '/',$slap);
+ $return_code = $a->get_curl_code();
+ logger('diaspora_send_relay: returns: ' . $return_code);
+ return $return_code;
+
+}
+
+
+
+function diaspora_send_retraction($item,$owner,$contact) {
+
+
+
+
+
+} \ No newline at end of file
diff --git a/include/items.php b/include/items.php
index ec519ad9b..746e3b294 100644
--- a/include/items.php
+++ b/include/items.php
@@ -1,8 +1,9 @@
<?php
-require_once('bbcode.php');
-require_once('oembed.php');
+require_once('include/bbcode.php');
+require_once('include/oembed.php');
require_once('include/salmon.php');
+require_once('include/crypto.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
@@ -694,6 +695,7 @@ function item_store($arr,$force_parent = false) {
$arr['tag'] = ((x($arr,'tag')) ? notags(trim($arr['tag'])) : '');
$arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : '');
$arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : '');
+ $arr['guid'] = ((x($arr,'guid')) ? notags(trim($arr['guid'])) : get_guid());
if($arr['parent-uri'] === $arr['uri']) {
$parent_id = 0;
@@ -757,7 +759,6 @@ function item_store($arr,$force_parent = false) {
}
}
- $arr['guid'] = get_guid();
call_hooks('post_remote',$arr);
@@ -1635,7 +1636,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) {
$o .= '<published>' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '</published>' . "\r\n";
$o .= '<updated>' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '</updated>' . "\r\n";
$o .= '<dfrn:env>' . base64url_encode($body, true) . '</dfrn:env>' . "\r\n";
- $o .= '<content type="' . $type . '" >' . xmlify(($type === 'html') ? bbcode($body) : $body) . '</content>' . "\r\n";
+ $o .= '<content type="' . $type . '" >' . xmlify((($type === 'html') ? bbcode($body) : $body)) . '</content>' . "\r\n";
$o .= '<link rel="alternate" type="text/html" href="' . xmlify($a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id']) . '" />' . "\r\n";
if($comment)
$o .= '<dfrn:comment-allow>' . intval($item['last-child']) . '</dfrn:comment-allow>' . "\r\n";
diff --git a/include/message.php b/include/message.php
new file mode 100644
index 000000000..cca913b4e
--- /dev/null
+++ b/include/message.php
@@ -0,0 +1,96 @@
+<?php
+ // send a private message
+
+
+
+
+function send_message($recipient=0, $body='', $subject='', $replyto=''){
+ $a = get_app();
+
+ if(! $recipient) return -1;
+
+ if(! strlen($subject))
+ $subject = t('[no subject]');
+
+ $me = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
+ intval(local_user())
+ );
+ $contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($recipient),
+ intval(local_user())
+ );
+
+ if(! (count($me) && (count($contact)))) {
+ return -2;
+ }
+
+ $hash = random_string();
+ $uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . local_user() . ':' . $hash ;
+
+ if(! strlen($replyto))
+ $replyto = $uri;
+
+ $r = q("INSERT INTO `mail` ( `uid`, `from-name`, `from-photo`, `from-url`,
+ `contact-id`, `title`, `body`, `seen`, `replied`, `uri`, `parent-uri`, `created`)
+ VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s', '%s', '%s' )",
+ intval(local_user()),
+ dbesc($me[0]['name']),
+ dbesc($me[0]['thumb']),
+ dbesc($me[0]['url']),
+ intval($recipient),
+ dbesc($subject),
+ dbesc($body),
+ 1,
+ 0,
+ dbesc($uri),
+ dbesc($replyto),
+ datetime_convert()
+ );
+ $r = q("SELECT * FROM `mail` WHERE `uri` = '%s' and `uid` = %d LIMIT 1",
+ dbesc($uri),
+ intval(local_user())
+ );
+ if(count($r))
+ $post_id = $r[0]['id'];
+
+ /**
+ *
+ * When a photo was uploaded into the message using the (profile wall) ajax
+ * uploader, The permissions are initially set to disallow anybody but the
+ * owner from seeing it. This is because the permissions may not yet have been
+ * set for the post. If it's private, the photo permissions should be set
+ * appropriately. But we didn't know the final permissions on the post until
+ * now. So now we'll look for links of uploaded messages that are in the
+ * post and set them to the same permissions as the post itself.
+ *
+ */
+
+ $match = null;
+
+ if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) {
+ $images = $match[1];
+ if(count($images)) {
+ foreach($images as $image) {
+ if(! stristr($image,$a->get_baseurl() . '/photo/'))
+ continue;
+ $image_uri = substr($image,strrpos($image,'/') + 1);
+ $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
+ $r = q("UPDATE `photo` SET `allow_cid` = '%s'
+ WHERE `resource-id` = '%s' AND `album` = '%s' AND `uid` = %d ",
+ dbesc('<' . $recipient . '>'),
+ dbesc($image_uri),
+ dbesc( t('Wall Photos')),
+ intval(local_user())
+ );
+ }
+ }
+ }
+
+ if($post_id) {
+ proc_run('php',"include/notifier.php","mail","$post_id");
+ return intval($post_id);
+ } else {
+ return -3;
+ }
+
+}
diff --git a/include/network.php b/include/network.php
index bbf1d6a63..d4f0d8aa7 100644
--- a/include/network.php
+++ b/include/network.php
@@ -536,7 +536,7 @@ function fetch_xrd_links($url) {
$aliases = array($alias);
else
$aliases = $alias;
- if(count($aliases)) {
+ if($aliases && count($aliases)) {
foreach($aliases as $alias) {
$links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias);
}
@@ -693,3 +693,25 @@ function parse_xml_string($s,$strict = true) {
}
return $x;
}}
+
+function add_fcontact($arr) {
+
+ $r = q("insert into fcontact ( `url`,`name`,`photo`,`request`,`nick`,`addr`,
+ `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey`,`updated` )
+ values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",
+ dbesc($arr['url']),
+ dbesc($arr['name']),
+ dbesc($arr['photo']),
+ dbesc($arr['request']),
+ dbesc($arr['nick']),
+ dbesc($arr['addr']),
+ dbesc($arr['notify']),
+ dbesc($arr['poll']),
+ dbesc($arr['confirm']),
+ dbesc($arr['network']),
+ dbesc($arr['alias']),
+ dbesc($arr['pubkey']),
+ dbesc(datetime_convert())
+ );
+ return $r;
+}
diff --git a/include/notifier.php b/include/notifier.php
index 15fb38534..cf8871fb9 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -502,22 +502,27 @@ function notifier_run($argv, $argc){
}
break;
case NETWORK_DIASPORA:
- if(get_config('system','dfrn_only') || (! get_config('diaspora_enabled')) || (! $normal_mode))
+ require_once('include/diaspora.php');
+ if(get_config('system','dfrn_only') || (! get_config('system','diaspora_enabled')) || (! $normal_mode))
break;
-
- if($target_item['deleted']) {
- // diaspora delete, (check for like)
-
+
+ if($target_item['verb'] === ACTIVITY_DISLIKE) {
+ // unsupported
+ break;
+ }
+ elseif($target_item['deleted'] && (! $parent_item['verb'] === ACTIVITY_LIKE)) {
+ // diaspora delete,
+ diaspora_send_retraction($target_item,$owner,$contact);
break;
}
elseif($followup) {
- // send to owner to relay
-
+ // send comments, likes and retractions of likes to owner to relay
+ diaspora_send_followup($target_item,$owner,$contact);
break;
}
elseif($target_item['parent'] != $target_item['id']) {
- // we are the relay
-
+ // we are the relay - send comments, likes and unlikes to our conversants
+ diaspora_send_relay($target_item,$owner,$contact);
break;
}
elseif($top_level) {
@@ -571,7 +576,7 @@ function notifier_run($argv, $argc){
/**
*
- * If you have less than 150 dfrn friends and it's a public message,
+ * If you have less than 999 dfrn friends and it's a public message,
* we'll just go ahead and push them out securely with dfrn/rino.
* If you've got more than that, you'll have to rely on PuSH delivery.
*
@@ -587,8 +592,9 @@ function notifier_run($argv, $argc){
*/
$r = q("SELECT `id`, `name` FROM `contact`
- WHERE `network` = NETWORK_DFRN AND `uid` = %d AND `blocked` = 0 AND `pending` = 0
+ WHERE `network` = '%s' AND `uid` = %d AND `blocked` = 0 AND `pending` = 0
AND `rel` != %d ",
+ dbesc(NETWORK_DFRN),
intval($owner['uid']),
intval(CONTACT_IS_SHARING)
);
diff --git a/include/security.php b/include/security.php
index 6fbdd697f..684a88a51 100644
--- a/include/security.php
+++ b/include/security.php
@@ -28,7 +28,7 @@ function can_write_wall(&$a,$owner) {
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
intval($owner),
intval(remote_user()),
- intval(CONTACT_IS_FOLLOWER),
+ intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND),
intval(PAGE_COMMUNITY)
);
diff --git a/include/text.php b/include/text.php
index 803bf0e51..66447069e 100644
--- a/include/text.php
+++ b/include/text.php
@@ -147,7 +147,7 @@ if(! function_exists('xmlify')) {
function xmlify($str) {
$buffer = '';
- for($x = 0; $x < strlen($str); $x ++) {
+ for($x = 0; $x < mb_strlen($str); $x ++) {
$char = $str[$x];
switch( $char ) {
@@ -620,32 +620,6 @@ function valid_email($x){
}}
-if(! function_exists('aes_decrypt')) {
-function aes_decrypt($val,$ky)
-{
- $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
- for($a=0;$a<strlen($ky);$a++)
- $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
- $mode = MCRYPT_MODE_ECB;
- $enc = MCRYPT_RIJNDAEL_128;
- $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
- return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
-}}
-
-
-if(! function_exists('aes_encrypt')) {
-function aes_encrypt($val,$ky)
-{
- $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
- for($a=0;$a<strlen($ky);$a++)
- $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
- $mode=MCRYPT_MODE_ECB;
- $enc=MCRYPT_RIJNDAEL_128;
- $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
- return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
-}}
-
-
/**
*
* Function: linkify
@@ -903,20 +877,6 @@ function generate_user_guid() {
}
-function pkcs5_pad ($text, $blocksize)
-{
- $pad = $blocksize - (strlen($text) % $blocksize);
- return $text . str_repeat(chr($pad), $pad);
-}
-
-function pkcs5_unpad($text)
-{
- $pad = ord($text{strlen($text)-1});
- if ($pad > strlen($text)) return false;
- if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
- return substr($text, 0, -1 * $pad);
-}
-
function base64url_encode($s, $strip_padding = false) {
diff --git a/include/zotfns.php b/include/zotfns.php
index b695b6fcb..b23fce82a 100644
--- a/include/zotfns.php
+++ b/include/zotfns.php
@@ -2,6 +2,8 @@
require_once('include/salmon.php');
+require_once('include/crypto.php');
+
function zot_get($url,$args) {
$argstr = '';