workflow for federated/non-dfrn followers

6 files changed, 251 insertions, 177 deletions

diff --git a/mod/contacts.php b/mod/contacts.php
index 746331ea5..bd5bf8ea8 100644
--- a/mod/contacts.php
+++ b/mod/contacts.php
@@ -271,7 +271,6 @@ function contacts_content(&$a) {
 				default:
 					break;
 			}
-
 			if(($rr['network'] === 'dfrn') && ($rr['rel'])) {
 				$url = "redir/{$rr['id']}";
 				$sparkle = ' class="sparkle" ';
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index b4ca74889..cc1edea22 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -7,7 +7,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 	if(is_array($handsfree)) {
 
 		// called directly from dfrn_request due to automatic friend acceptance
-		// any $_POST parameters we might need are supplied in the $handsfree array
+		// any $_POST parameters we may require are supplied in the $handsfree array
 
 		$node = $handsfree['node'];
 		$a->interactive = false; // notice() becomes a no-op since nobody is there to see it
@@ -19,12 +19,12 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 	}
 
 		// Main entry point. Our user received a friend request notification (perhaps 
-		// from another site) and clicked 'Accept'. $POST['source_url'] is not set.
+		// from another site) and clicked 'Approve'. $POST['source_url'] is not set.
 		// OR we have been called directly from dfrn_request ($handsfree != null) due to 
 		// this being a page type which supports automatic friend acceptance.
 
 	if(! x($_POST,'source_url')) {
-		
+
 		$uid = ((is_array($handsfree)) ? $handsfree['uid'] : local_user());
 
 		if(! $uid) {
@@ -42,7 +42,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 		}	
 
 
-		// These come from the friend request notification form or $handsfree reply.
+		// These come from either the friend request notification form or $handsfree array.
 
 		if(is_array($handsfree)) {
 			$dfrn_id = $handsfree['dfrn_id'];
@@ -53,13 +53,16 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 			$dfrn_id  = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
 			$intro_id = intval($_POST['intro_id']);
 			$duplex   = intval($_POST['duplex']);
+			$cid      = intval($_POST['contact_id']);
 		}
 
 		// The other person will have been issued an ID when they first requested friendship.
 		// Locate their record. At this time, their record will have both pending and blocked set to 1. 
+		// There won't be any dfrn_id if this is a network follower, so use the contact_id instead.
 
-		$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1",
+		$r = q("SELECT * FROM `contact` WHERE ( ( `issued-id` != '' AND `issued-id` = '%s' ) OR ( `id` = %d AND `id` != 0 ) ) AND `uid` = %d LIMIT 1",
 				dbesc($dfrn_id),
+				intval($cid),
 				intval($uid)
 		);
 
@@ -68,153 +71,158 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 			return;
 		}
 
-		$contact_id   = $r[0]['id'];
-		$relation     = $r[0]['rel'];
-		$site_pubkey  = $r[0]['site-pubkey'];
-		$dfrn_confirm = $r[0]['confirm'];
-		$aes_allow    = $r[0]['aes_allow'];
+		$contact = $r[0];
 
+		$contact_id   = $contact['id'];
+		$relation     = $contact['rel'];
+		$site_pubkey  = $contact['site-pubkey'];
+		$dfrn_confirm = $contact['confirm'];
+		$aes_allow    = $contact['aes_allow'];
 
-		// Generate a key pair for all further communications with this person.
-		// We have a keypair for every contact, and a site key for unknown people.
-		// This provides a means to carry on relationships with other people if 
-		// any single key is compromised. It is a robust key. We're much more 
-		// worried about key leakage than anybody cracking it.  
 
-		$res = openssl_pkey_new(array(
-        		'digest_alg' => 'whirlpool',
-        		'private_key_bits' => 4096,
-			'encrypt_key' => false )
-		);
+		if($contact['network'] === 'dfrn') {
 
+			// Generate a key pair for all further communications with this person.
+			// We have a keypair for every contact, and a site key for unknown people.
+			// This provides a means to carry on relationships with other people if 
+			// any single key is compromised. It is a robust key. We're much more 
+			// worried about key leakage than anybody cracking it.  
 
-		$private_key = '';
+			$res = openssl_pkey_new(array(
+				'digest_alg' => 'whirlpool',
+				'private_key_bits' => 4096,
+				'encrypt_key' => false )
+			);
 
-		openssl_pkey_export($res, $private_key);
 
-		$pubkey = openssl_pkey_get_details($res);
-		$public_key = $pubkey["key"];
+			$private_key = '';
 
-		// Save the private key. Send them the public key.
+			openssl_pkey_export($res, $private_key);
 
-		$r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
-			dbesc($private_key),
-			intval($contact_id),
-			intval($uid) 
-		);
+			$pubkey = openssl_pkey_get_details($res);
+			$public_key = $pubkey["key"];
 
-		$params = array();
+			// Save the private key. Send them the public key.
 
-		// Per the protocol document, we will verify both ends by encrypting the dfrn_id with our 
-		// site private key (person on the other end can decrypt it with our site public key).
-		// Then encrypt our profile URL with the other person's site public key. They can decrypt
-		// it with their site private key. If the decryption on the other end fails for either
-		// item, it indicates tampering or key failure on at least one site and we will not be 
-		// able to provide a secure communication pathway.
+			$r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
+				dbesc($private_key),
+				intval($contact_id),
+				intval($uid) 
+			);
 
-		// If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3 
-		// or later) then we encrypt the personal public key we send them using AES-256-CBC and a 
-		// random key which is encrypted with their site public key.  
+			$params = array();
 
-		$src_aes_key = random_string();
+			// Per the protocol document, we will verify both ends by encrypting the dfrn_id with our 
+			// site private key (person on the other end can decrypt it with our site public key).
+			// Then encrypt our profile URL with the other person's site public key. They can decrypt
+			// it with their site private key. If the decryption on the other end fails for either
+			// item, it indicates tampering or key failure on at least one site and we will not be 
+			// able to provide a secure communication pathway.
 
-		$result = '';
-		openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
+			// If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3 
+			// or later) then we encrypt the personal public key we send them using AES-256-CBC and a 
+			// random key which is encrypted with their site public key.  
 
-		$params['dfrn_id'] = bin2hex($result);
-		$params['public_key'] = $public_key;
+			$src_aes_key = random_string();
 
+			$result = '';
+			openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
 
-		$my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
+			$params['dfrn_id'] = bin2hex($result);
+			$params['public_key'] = $public_key;
 
-		openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
-		$params['source_url'] = bin2hex($params['source_url']);
 
-		if($aes_allow && function_exists('openssl_encrypt')) {
-			openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
-			$params['aes_key'] = bin2hex($params['aes_key']);
-			$params['public_key'] = bin2hex(openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key));
-		}
+			$my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
 
-		$params['dfrn_version'] = DFRN_PROTOCOL_VERSION ;
-		if($duplex == 1)
-			$params['duplex'] = 1;
+			openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
+			$params['source_url'] = bin2hex($params['source_url']);
 
-		// POST all this stuff to the other site.
+			if($aes_allow && function_exists('openssl_encrypt')) {
+				openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
+				$params['aes_key'] = bin2hex($params['aes_key']);
+				$params['public_key'] = bin2hex(openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key));
+			}
 
-		$res = post_url($dfrn_confirm,$params);
+			$params['dfrn_version'] = DFRN_PROTOCOL_VERSION ;
+			if($duplex == 1)
+				$params['duplex'] = 1;
 
-		// Now figure out what they responded. Try to be robust if the remote site is 
-		// having difficulty and throwing up errors of some kind. 
+			// POST all this stuff to the other site.
 
-		$leading_junk = substr($res,0,strpos($res,'<?xml'));
+			$res = post_url($dfrn_confirm,$params);
 
-		$res = substr($res,strpos($res,'<?xml'));
-		if(! strlen($res)) {
+			// Now figure out what they responded. Try to be robust if the remote site is 
+			// having difficulty and throwing up errors of some kind. 
 
-				// No XML at all, this exchange is messed up really bad.
-				// We shouldn't proceed, because the xml parser might choke,
-				// and $status is going to be zero, which indicates success.
-				// We can hardly call this a success.  
+			$leading_junk = substr($res,0,strpos($res,'<?xml'));
 
-			notice( t('Response from remote site was not understood.') . EOL);
-			return;
-		}
+			$res = substr($res,strpos($res,'<?xml'));
+			if(! strlen($res)) {
 
-		if(strlen($leading_junk) && get_config('system','debugging')) {
+					// No XML at all, this exchange is messed up really bad.
+					// We shouldn't proceed, because the xml parser might choke,
+					// and $status is going to be zero, which indicates success.
+					// We can hardly call this a success.  
+	
+				notice( t('Response from remote site was not understood.') . EOL);
+				return;
+			}
 
-				// This might be more common. Mixed error text and some XML.
-				// If we're configured for debugging, show the text. Proceed in either case.
+			if(strlen($leading_junk) && get_config('system','debugging')) {
+	
+					// This might be more common. Mixed error text and some XML.
+					// If we're configured for debugging, show the text. Proceed in either case.
 
-			notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
-		}
+				notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
+			}
 
-		$xml = simplexml_load_string($res);
-		$status = (int) $xml->status;
-		$message = unxmlify($xml->message);   // human readable text of what may have gone wrong.
-		switch($status) {
-			case 0:
-				notice( t("Confirmation completed successfully.") . EOL);
-				if(strlen($message))
-					notice( t('Remote site reported: ') . $message . EOL);
-				break;
-			case 1:
-				// birthday paradox - generate new dfrn-id and fall through.
-				$new_dfrn_id = random_string();
-				$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
-					dbesc($new_dfrn_id),
-					intval($contact_id),
-					intval($uid) 
+			$xml = simplexml_load_string($res);
+			$status = (int) $xml->status;
+			$message = unxmlify($xml->message);   // human readable text of what may have gone wrong.
+			switch($status) {
+				case 0:
+					notice( t("Confirmation completed successfully.") . EOL);
+					if(strlen($message))
+						notice( t('Remote site reported: ') . $message . EOL);
+					break;
+				case 1:
+					// birthday paradox - generate new dfrn-id and fall through.
+					$new_dfrn_id = random_string();
+					$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
+						dbesc($new_dfrn_id),
+						intval($contact_id),
+						intval($uid) 
+					);
+
+				case 2:
+					notice( t("Temporary failure. Please wait and try again.") . EOL);
+					if(strlen($message))
+						notice( t('Remote site reported: ') . $message . EOL);
+					break;
+
+
+				case 3:
+					notice( t("Introduction failed or was revoked.") . EOL);
+					if(strlen($message))
+						notice( t('Remote site reported: ') . $message . EOL);
+					break;
+				}
+
+			if(($status == 0) && ($intro_id)) {
+	
+				// Success. Delete the notification.
+	
+				$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+					intval($intro_id),
+					intval($uid)
 				);
-
-			case 2:
-				notice( t("Temporary failure. Please wait and try again.") . EOL);
-				if(strlen($message))
-					notice( t('Remote site reported: ') . $message . EOL);
-				break;
-
-
-			case 3:
-				notice( t("Introduction failed or was revoked.") . EOL);
-				if(strlen($message))
-					notice( t('Remote site reported: ') . $message . EOL);
-				break;
+				
 			}
 
-		if(($status == 0) && ($intro_id)) {
-
-			// Success. Delete the notification.
-
-			$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
-				intval($intro_id),
-				intval($uid)
-			);
-			
+			if($status != 0) 
+				return;
 		}
 
-		if($status != 0) 
-			return;
-		
 		// We have now established a relationship with the other site.
 		// Let's make our own personal copy of their profile photo so we don't have
 		// to always load it from their site.
@@ -223,36 +231,29 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 
 		$photo_failure = false;
 
-		$r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
-			intval($contact_id));
-		if(count($r)) {
-
-			$filename = basename($r[0]['photo']);
-			$img_str = fetch_url($r[0]['photo'],true);
-			$img = new Photo($img_str);
-			if($img->is_valid()) {
+		$filename = basename($contact['photo']);
+		$img_str = fetch_url($contact['photo'],true);
+		$img = new Photo($img_str);
+		if($img->is_valid()) {
 
-				$img->scaleImageSquare(175);
+			$img->scaleImageSquare(175);
 					
-				$hash = photo_new_resource();
+			$hash = photo_new_resource();
 
-				$r = $img->store($uid, $contact_id, $hash, $filename, t('Contact Photos'), 4 );
+			$r = $img->store($uid, $contact_id, $hash, $filename, t('Contact Photos'), 4 );
 
-				if($r === false)
-					$photo_failure = true;
-
-				$img->scaleImage(80);
+			if($r === false)
+				$photo_failure = true;
 
-				$r = $img->store($uid, $contact_id, $hash, $filename, t('Contact Photos'), 5 );
+			$img->scaleImage(80);
 
-				if($r === false)
-					$photo_failure = true;
+			$r = $img->store($uid, $contact_id, $hash, $filename, t('Contact Photos'), 5 );
 
-				$photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg';
-				$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg';
-			}
-			else
+			if($r === false)
 				$photo_failure = true;
+
+			$photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg';
+			$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg';
 		}
 		else
 			$photo_failure = true;
@@ -262,40 +263,89 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 			$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
 		}
 
-		$new_relation = REL_VIP;
-		if(($relation == REL_FAN) || ($duplex))
-			$new_relation = REL_BUD;
 
-		$r = q("UPDATE `contact` SET `photo` = '%s', 
-			`thumb` = '%s', 
-			`rel` = %d, 
-			`name-date` = '%s', 
-			`uri-date` = '%s', 
-			`avatar-date` = '%s', 
-			`blocked` = 0, 
-			`pending` = 0,
-			`duplex` = %d,
-			`network` = 'dfrn' WHERE `id` = %d LIMIT 1
-		",
-			dbesc($photo),
-			dbesc($thumb),
-			intval($new_relation),
-			dbesc(datetime_convert()),
-			dbesc(datetime_convert()),
-			dbesc(datetime_convert()),
-			intval($duplex),
-			intval($contact_id)
-		);
+		if($contact['network'] === 'dfrn') {
+
+			$new_relation = REL_VIP;
+			if(($relation == REL_FAN) || ($duplex))
+				$new_relation = REL_BUD;
+
+			$r = q("UPDATE `contact` SET `photo` = '%s', 
+				`thumb` = '%s', 
+				`rel` = %d, 
+				`name-date` = '%s', 
+				`uri-date` = '%s', 
+				`avatar-date` = '%s', 
+				`blocked` = 0, 
+				`pending` = 0,
+				`duplex` = %d,
+				`network` = 'dfrn' WHERE `id` = %d LIMIT 1
+			",
+				dbesc($photo),
+				dbesc($thumb),
+				intval($new_relation),
+				dbesc(datetime_convert()),
+				dbesc(datetime_convert()),
+				dbesc(datetime_convert()),
+				intval($duplex),
+				intval($contact_id)
+			);
+		}
+		else {  
+
+			$notify = '';
+			$poll   = '';
+
+			// $contact['network'] !== 'dfrn'
+
+			$arr = lrdd($contact['url']);
+			if(count($arr)) {
+				foreach($arr as $link) {
+					if($link['@attributes']['rel'] === 'salmon')
+						$notify = $link['@attributes']['href'];
+					if($link['@attributes']['rel'] === NAMESPACE_FEED)
+						$poll = $link['@attributes']['href'];
+				}
+			}
+
+			$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+				intval($intro_id),
+				intval($uid)
+			);
+
+			$r = q("UPDATE `contact` SET `photo` = '%s', 
+				`thumb` = '%s', 
+				`name-date` = '%s', 
+				`uri-date` = '%s', 
+				`avatar-date` = '%s', 
+				`notify` = '%s',
+				`poll` = '%s',
+				`blocked` = 0, 
+				`pending` = 0
+				WHERE `id` = %d LIMIT 1
+			",
+				dbesc($photo),
+				dbesc($thumb),
+				dbesc(datetime_convert()),
+				dbesc(datetime_convert()),
+				dbesc(datetime_convert()),
+				dbesc($notify),
+				dbesc($poll),
+				intval($contact_id)
+			);			
+		}
+
 		if($r === false)
-			notice( t('Unable to set contact photo.') . EOL);
+				notice( t('Unable to set contact photo.') . EOL);
 
 
 		// Let's send our user to the contact editor in case they want to
 		// do anything special with this new friend.
- 
+
 		if($handsfree === null)
 			goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
 		return;  //NOTREACHED
+
 	}
 
 
@@ -480,7 +530,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
 			intval($duplex),
 			intval($dfrn_record)
 		);
-		if($r === false) { // indicates schema is messed up or total db failure
+		if($r === false) {    // indicates schema is messed up or total db failure
 			$message = t('Unable to update your contact profile details on our system');
 			xml_status(3,$message);
 		}
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 517c91eda..fc609ddc0 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -205,7 +205,7 @@ function dfrn_notify_post(&$a) {
 		if($is_reply) {
 			if($feed->get_item_quantity() == 1) {
 				// remote reply to our post. Import and then notify everybody else.
-				$datarray = get_atom_elements($item);
+				$datarray = get_atom_elements($feed,$item);
 				$datarray['type'] = 'remote-comment';
 				$datarray['wall'] = 1;
 				$datarray['parent-uri'] = $parent_uri;
@@ -287,7 +287,7 @@ function dfrn_notify_post(&$a) {
 					}
 					continue;
 				}
-				$datarray = get_atom_elements($item);
+				$datarray = get_atom_elements($feed,$item);
 				$datarray['parent-uri'] = $parent_uri;
 				$datarray['uid'] = $importer['importer_uid'];
 				$datarray['contact-id'] = $importer['id'];
@@ -354,7 +354,7 @@ function dfrn_notify_post(&$a) {
 			}
 
 
-			$datarray = get_atom_elements($item);
+			$datarray = get_atom_elements($feed,$item);
 			$datarray['parent-uri'] = $item_id;
 			$datarray['uid'] = $importer['importer_uid'];
 			$datarray['contact-id'] = $importer['id'];
diff --git a/mod/network.php b/mod/network.php
index 97a82a705..5958a5905 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -200,7 +200,7 @@ function network_content(&$a, $update = 0) {
 					$template = $wallwall;
 					$commentww = 'ww';	
 				}
-				if($item['type'] === 'remote' && ($item['owner-link'] != $item['author-link'])) {
+				if(($item['type'] === 'remote') && (strlen($item['owner-link'])) && ($item['owner-link'] != $item['author-link'])) {
 					// Could be anybody. 
 					$owner_url = $item['owner-link'];
 					$owner_photo = $item['owner-avatar'];
diff --git a/mod/notifications.php b/mod/notifications.php
index d09ec5ede..b4116bbe3 100644
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -71,7 +71,7 @@ function notifications_content(&$a) {
 		'$hide_text' => ((strlen($sql_extra)) ? t('Show Ignored Requests') : t('Hide Ignored Requests'))
 	)); 
 
-	$r = q("SELECT `intro`.`id` AS `intro-id`, `intro`.*, `contact`.* 
+	$r = q("SELECT `intro`.`id` AS `intro_id`, `intro`.*, `contact`.* 
 		FROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id`
 		WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ",
 			intval($_SESSION['uid']));
@@ -83,15 +83,36 @@ function notifications_content(&$a) {
 
 		foreach($r as $rr) {
 
+			$friend_selected = (($rr['network'] === 'dfrn') ? ' checked="checked" ' : ' disabled ');
+			$fan_selected = (($rr['network'] === 'stat') ? ' checked="checked" disabled ' : '');
+			$dfrn_tpl = load_view_file('view/netfriend.tpl');
+
+			$knowyou   = '';
+			$dfrn_text = '';
+						
+			if($rr['network'] === 'dfrn') {
+				$knowyou = t('Claims to be known to you: ') . (($rr['knowyou']) ? t('yes') : t('no'));
+
+				$dfrn_text = replace_macros($dfrn_tpl,array(
+					'$intro_id' => $rr['intro_id'],
+					'$friend_selected' => $friend_selected,
+					'$fan_selected' => $fan_selected,
+				));
+			}			
+
+
+
 			$o .= replace_macros($tpl,array(
-				'$intro_id' => $rr['intro-id'],
-				'$dfrn-id' => $rr['issued-id'],
+				'$notify_type' => (($rr['network'] === 'dfrn') ? t('Friend/Connect Request') : t('New Follower')),
+				'$dfrn_text' => $dfrn_text,	
+				'$dfrn_id' => $rr['issued-id'],
 				'$uid' => $_SESSION['uid'],
-				'$contact-id' => $rr['contact-id'],
+				'$intro_id' => $rr['intro_id'],
+				'$contact_id' => $rr['contact-id'],
 				'$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/default-profile.jpg"),
 				'$fullname' => $rr['name'],
-				'$knowyou' => (($rr['knowyou']) ? t('yes') : t('no')),
 				'$url' => $rr['url'],
+				'$knowyou' => $knowyou,
 				'$note' => $rr['note']
 			));
 		}
diff --git a/mod/salmon.php b/mod/salmon.php
index 30e87f243..74377f9e9 100644
--- a/mod/salmon.php
+++ b/mod/salmon.php
@@ -195,14 +195,16 @@ function salmon_post(&$a) {
 	*
 	*/
 
-	$r = q("SELECT * FROM `contact` WHERE `network` = 'stat' AND `lrdd` = '%s' AND `uid` = %d LIMIT 1",
+	$r = q("SELECT * FROM `contact` WHERE `network` = 'stat' AND ( `url` = '%s' OR `lrdd` = '%s') AND `uid` = %d 
+		AND `readonly` = 0 LIMIT 1",
+		dbesc($author_link),
 		dbesc($author_link),
 		intval($importer['uid'])
 	);
 	if(! count($r)) {
 		if($debugging)
 			file_put_contents('salmon.out',"\n" . 'Author unknown to us.' . "\n", FILE_APPEND);
-		salmon_return(500);
+
 	}	
 
 	require_once('include/items.php');
@@ -212,7 +214,9 @@ function salmon_post(&$a) {
 
 	$hub = '';
 
-	consume_feed($feedxml,$importer,$r[0],$hub);
+	// consume_feed will only accept a follow activity from this person if there is no contact record.
+
+	consume_feed($feedxml,$importer,((count($r)) ? $r[0] : null),$hub);
 
 	salmon_return(200);
 }