ssl_policy stuff

2 files changed, 70 insertions, 7 deletions

diff --git a/mod/admin.php b/mod/admin.php
index 93714bb5f..2b8d9bcd2 100755
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -151,11 +151,7 @@ function admin_page_summary(&$a) {
 
 	$r = q("SELECT COUNT(id) as `count` FROM `register`");
 	$pending = $r[0]['count'];
-	
-	
-	
-	
-	
+		
 	$t = get_markup_template("admin_summary.tpl");
 	return replace_macros($t, array(
 		'$title' => t('Administration'),
@@ -210,7 +206,7 @@ function admin_page_site_post(&$a){
 	$dfrn_only          =	((x($_POST,'dfrn_only'))	    ? True	:	False);
     $ostatus_disabled   =   !((x($_POST,'ostatus_disabled')) ? True  :   False);
 	$diaspora_enabled   =   ((x($_POST,'diaspora_enabled')) ? True   :  False);
-
+	$ssl_policy         =   ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0);
 
 	set_config('config','sitename',$sitename);
 	if ($banner==""){
@@ -222,6 +218,7 @@ function admin_page_site_post(&$a){
 	} else {
 		set_config('system','banner', $banner);
 	}
+	set_config('system','ssl_policy',$ssl_policy);
 	set_config('system','language', $language);
 	set_config('system','theme', $theme);
 	set_config('system','maximagesize', $maximagesize);
@@ -305,6 +302,12 @@ function admin_page_site(&$a) {
 		REGISTER_APPROVE => t("Requires approval"),
 		REGISTER_OPEN => t("Open")
 	); 
+
+	$ssl_choices = array(
+		SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"),
+		SSL_POLICY_FULL => t("Force all links to use SSL"),
+		SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
+	);
 	
 	$t = get_markup_template("admin_site.tpl");
 	return replace_macros($t, array(
@@ -322,7 +325,7 @@ function admin_page_site(&$a) {
 		'$banner'			=> array('banner', t("Banner/Logo"), $banner, ""),
 		'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
 		'$theme' 			=> array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
-
+		'$ssl_policy'       => array('ssl_policy', t("SSL link policy"), get_config('system','ssl_policy'), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
 		'$maximagesize'		=> array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
 
 		'$register_policy'	=> array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 0c0c27e3d..3dbdc5b32 100755
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -14,6 +14,7 @@ function dfrn_notify_post(&$a) {
 	$key          = ((x($_POST,'key'))          ? $_POST['key']                     : '');
 	$dissolve     = ((x($_POST,'dissolve'))     ? intval($_POST['dissolve'])        :  0);
 	$perm         = ((x($_POST,'perm'))         ? notags(trim($_POST['perm']))      : 'r');
+	$ssl_policy   = ((x($_POST,'ssl_policy'))   ? notags(trim($_POST['ssl_policy'])): 'none');
 
 	$writable = (-1);
 	if($dfrn_version >= 2.21) {
@@ -94,6 +95,65 @@ function dfrn_notify_post(&$a) {
 		$importer['writable'] = $writable;
 	}
 
+	// if contact's ssl policy changed, update our links
+
+	$ssl_changed = false;
+
+	if($ssl_policy == 'self' && strstr($importer['url'],'https:')) {
+		$ssl_changed = true;
+		$importer['url']     = 	str_replace('https:','http:',$importer['url']);
+		$importer['nurl']    = normalise_link($importer['url']);
+		$importer['photo']   = 	str_replace('https:','http:',$importer['photo']);
+		$importer['thumb']   = 	str_replace('https:','http:',$importer['thumb']);
+		$importer['micro']   = 	str_replace('https:','http:',$importer['micro']);
+		$importer['request'] = 	str_replace('https:','http:',$importer['request']);
+		$importer['notify']  = 	str_replace('https:','http:',$importer['notify']);
+		$importer['poll']    = 	str_replace('https:','http:',$importer['poll']);
+		$importer['confirm'] = 	str_replace('https:','http:',$importer['confirm']);
+		$importer['poco']    = 	str_replace('https:','http:',$importer['poco']);
+	}
+
+	if($ssl_policy == 'full' && strstr($importer['url'],'http:')) {
+		$ssl_changed = true;
+		$importer['url']     = 	str_replace('http:','https:',$importer['url']);
+		$importer['nurl']    = normalise_link($importer['url']);
+		$importer['photo']   = 	str_replace('http:','https:',$importer['photo']);
+		$importer['thumb']   = 	str_replace('http:','https:',$importer['thumb']);
+		$importer['micro']   = 	str_replace('http:','https:',$importer['micro']);
+		$importer['request'] = 	str_replace('http:','https:',$importer['request']);
+		$importer['notify']  = 	str_replace('http:','https:',$importer['notify']);
+		$importer['poll']    = 	str_replace('http:','https:',$importer['poll']);
+		$importer['confirm'] = 	str_replace('http:','https:',$importer['confirm']);
+		$importer['poco']    = 	str_replace('http:','https:',$importer['poco']);
+	}
+
+	if($ssl_changed) {
+		q("update contact set 
+			url = '%s', 
+			nurl = '%s',
+			photo = '%s',
+			thumb = '%s',
+			micro = '%s',
+			request = '%s',
+			notify = '%s',
+			poll = '%s',
+			confirm = '%s',
+			poco = '%s'
+			where id = %d limit 1",
+			dbesc($importer['url']),
+			dbesc($importer['nurl']),
+			dbesc($importer['photo']),
+			dbesc($importer['thumb']),
+			dbesc($importer['micro']),
+			dbesc($importer['request']),
+			dbesc($importer['notify']),
+			dbesc($importer['poll']),
+			dbesc($importer['confirm']),
+			dbesc($importer['poco']),
+			intval($importer['id'])
+		);
+	}
+			
 	logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
 	logger('dfrn_notify: data: ' . $data, LOGGER_DATA);