diff options
| -rw-r--r-- | include/notifier.php | 30 | ||||
| -rw-r--r-- | include/poller.php | 53 | ||||
| -rw-r--r-- | mod/dfrn_notify.php | 29 | ||||
| -rw-r--r-- | mod/dfrn_poll.php | 43 | ||||
| -rw-r--r-- | mod/redir.php | 9 | ||||
| -rw-r--r-- | view/atom_feed.tpl | 14 | ||||
| -rw-r--r-- | view/atom_item.tpl | 6 |
7 files changed, 110 insertions, 74 deletions
diff --git a/include/notifier.php b/include/notifier.php index fe1925c33..40fdbcc5f 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -266,12 +266,12 @@ if($rr['self']) continue; - if(! strlen($rr['dfrn-id'])) + if((! strlen($rr['dfrn-id'])) || ($rr['duplex'] && ! strlen($rr['issued-id']))) continue; + $idtosend = (($rr['duplex']) ? $rr['issued-id'] : $rr['dfrn-id']); - - $url = $rr['notify'] . '?dfrn_id=' . $rr['dfrn-id']; + $url = $rr['notify'] . '?dfrn_id=' . $idtosend; $xml = fetch_url($url); @@ -288,25 +288,31 @@ $postvars = array(); $sent_dfrn_id = hex2bin($res->dfrn_id); - + $challenge = hex2bin($res->challenge); $final_dfrn_id = ''; - openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['pubkey']); + + if($rr['duplex']) { + openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['prvkey']); + openssl_private_decrypt($challenge,$postvars['challenge'],$rr['prvkey']); + } + else { + openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['pubkey']); + openssl_public_decrypt($challenge,$postvars['challenge'],$rr['pubkey']); + } + $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); - if($final_dfrn_id != $rr['dfrn-id']) { + if(($final_dfrn_id != $rr['dfrn-id']) || (($rr['duplex']) && ($final_dfrn_id != $rr['issued-id']))) { // did not decode properly - cannot trust this site continue; } - $postvars['dfrn_id'] = $rr['dfrn-id']; - - $challenge = hex2bin($res->challenge); - - openssl_public_decrypt($challenge,$postvars['challenge'],$rr['pubkey']); + $postvars['dfrn_id'] = (($duplex) ? $rr['issued-id'] : $rr['dfrn-id']); if($cmd == 'mail') { $postvars['data'] = $atom; } - elseif(strlen($rr['dfrn-id']) && (! ($rr['blocked']) || ($rr['readonly']))) { + elseif(((strlen($rr['dfrn-id'])) || (($rr['duplex']) && (strlen($rr['issued-id'])))) + && (! ($rr['blocked']) || ($rr['readonly']))) { $postvars['data'] = $atom; } else { diff --git a/include/poller.php b/include/poller.php index f771a3af4..96c647278 100644 --- a/include/poller.php +++ b/include/poller.php @@ -1,27 +1,25 @@ <?php -require_once('boot.php'); + require_once('boot.php'); -$a = new App; - -@include('.htconfig.php'); -require_once('dba.php'); -$db = new dba($db_host, $db_user, $db_pass, $db_data); - unset($db_host, $db_user, $db_pass, $db_data); - -require_once('session.php'); -require_once('datetime.php'); -require_once('simplepie/simplepie.inc'); -require_once('include/items.php'); + $a = new App; + @include('.htconfig.php'); + require_once('dba.php'); + $db = new dba($db_host, $db_user, $db_pass, $db_data); + unset($db_host, $db_user, $db_pass, $db_data); + require_once('session.php'); + require_once('datetime.php'); + require_once('simplepie/simplepie.inc'); + require_once('include/items.php'); $a->set_baseurl(get_config('system','url')); $contacts = q("SELECT * FROM `contact` - WHERE `dfrn-id` != '' AND `self` = 0 AND `blocked` = 0 - AND `readonly` = 0 ORDER BY RAND()"); + WHERE ( `dfrn-id` != '' OR (`issued-id` != '' AND `duplex` = 1)) + AND `self` = 0 AND `blocked` = 0 AND `readonly` = 0 ORDER BY RAND()"); if(! count($contacts)) killme(); @@ -75,11 +73,15 @@ require_once('include/items.php'); ? datetime_convert('UTC','UTC','now - 30 days','Y-m-d\TH:i:s\Z') : datetime_convert('UTC','UTC',$contact['last-update'],'Y-m-d\TH:i:s\Z')); - $url = $contact['poll'] . '?dfrn_id=' . $contact['dfrn-id'] . '&type=data&last_update=' . $last_update ; + $idtosend = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']); + + $url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ; $xml = fetch_url($url); + echo "URL: " . $url; echo "XML: " . $xml; + if(! $xml) continue; @@ -91,19 +93,28 @@ echo "XML: " . $xml; $postvars = array(); $sent_dfrn_id = hex2bin($res->dfrn_id); + $challenge = hex2bin($res->challenge); $final_dfrn_id = ''; - openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); + + if($contact['duplex']) { + openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']); + openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']); + + } + else { + openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); + openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']); + } + $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); - if($final_dfrn_id != $contact['dfrn-id']) { + if(($final_dfrn_id != $contact['dfrn-id']) + || (($contact['duplex']) && ($final_dfrn_id != $contact['issued-id']))) { // did not decode properly - cannot trust this site continue; } - $postvars['dfrn_id'] = $contact['dfrn-id']; - $challenge = hex2bin($res->challenge); - - openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']); + $postvars['dfrn_id'] = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']); $xml = post_url($contact['poll'],$postvars); diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 3e98377e8..7cab98eb8 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -23,7 +23,10 @@ function dfrn_notify_post(&$a) { // find the local user who owns this relationship. - $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `issued-id` = '%s' LIMIT 1", + $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` + LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` + WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s' )) LIMIT 1", + dbesc($dfrn_id), dbesc($dfrn_id) ); @@ -341,20 +344,28 @@ function dfrn_notify_content(&$a) { intval(time() + 60 ) ); - $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1", - dbesc($_GET['dfrn_id'])); - if((! count($r)) || (! strlen($r[0]['prvkey']))) + $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s')) + AND `blocked` = 0 AND `pending` = 0 LIMIT 1", + dbesc($_GET['dfrn_id']), + dbesc($_GET['dfrn_id']) + ); + if(! count($r)) $status = 1; $challenge = ''; - - openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); - $challenge = bin2hex($challenge); - $encrypted_id = ''; $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); - openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + if($r[0]['duplex']) { + openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); + openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); + } + else { + openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); + openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + } + + $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index c627c2b41..84cb58da0 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -25,8 +25,11 @@ function dfrn_poll_init(&$a) { $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE `dfrn-id` = '%s' LIMIT 1", - dbesc($dfrn_id)); + WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex `= 1 )) LIMIT 1", + dbesc($dfrn_id), + dbesc($dfrn_id) + ); + if(count($r)) { $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check'); if(strlen($s)) { @@ -87,9 +90,11 @@ function dfrn_poll_post(&$a) { ); - $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) LIMIT 1", + dbesc($dfrn_id), dbesc($dfrn_id) ); + if(! count($r)) killme(); @@ -165,23 +170,32 @@ function dfrn_poll_content(&$a) { dbesc($last_update) ); - $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1", - dbesc($_GET['dfrn_id'])); - if((count($r)) && (strlen($r[0]['prvkey']))) { + $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) + AND `blocked` = 0 AND `pending` = 0 LIMIT 1", + dbesc($_GET['dfrn_id']), + dbesc($_GET['dfrn_id']) + ); + if(count($r)) { $challenge = ''; - - openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); - $challenge = bin2hex($challenge); - $encrypted_id = ''; $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); - openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + + if($r[0]['duplex']) { + openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); + openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); + } + else { + openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); + openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + } + + $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); } else { - $status = 1; // key not found + $status = 1; } echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' @@ -189,11 +203,6 @@ function dfrn_poll_content(&$a) { session_write_close(); exit; } - - - - - } diff --git a/mod/redir.php b/mod/redir.php index ea1aec6e9..88b291146 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -4,17 +4,20 @@ function redir_init(&$a) { if((! local_user()) || (! ($a->argc == 2)) || (! intval($a->argv[1]))) goaway($a->get_baseurl()); - $r = q("SELECT `issued-id`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("SELECT `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval($_SESSION['uid'])); if(! count($r)) goaway($a->get_baseurl()); + + $dfrn_id = (($r[0]['duplex']) ? $r[0]['dfrn-id'] : $r[0]['issued-id']); + q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`) VALUES( %d, '%s', %d )", intval($_SESSION['uid']), - dbesc($r[0]['issued-id']), + dbesc($dfrn_id), intval(time() + 45)); - goaway ($r[0]['poll'] . '?dfrn_id=' . $r[0]['issued-id'] . '&type=profile'); + goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile'); diff --git a/view/atom_feed.tpl b/view/atom_feed.tpl index b77b14646..316fcb10b 100644 --- a/view/atom_feed.tpl +++ b/view/atom_feed.tpl @@ -2,20 +2,16 @@ <feed xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:at="http://purl.org/atompub/tombstones/1.0" + xmlns:media="http://purl.org/syndication/atommedia" xmlns:dfrn="http://purl.org/macgirvin/dfrn/1.0" xmlns:as="http://activitystrea.ms/spec/1.0/" > <id>$feed_id</id> <title>$feed_title</title> - <icon>$photo</icon> - <dfrn:icon-updated>$picdate</dfrn:icon-updated> <updated>$feed_updated</updated> <author> - <name>$name</name> - <dfrn:name-updated>$namdate</dfrn:name-updated> - <uri>$profile_page</uri> - <dfrn:uri-updated>$uridate</dfrn:uri-updated> - <dfrn:avatar>$thumb</dfrn:avatar> - <dfrn:avatar-updated>$picdate</dfrn:avatar-updated> - </author> + <name dfrn:updated="$namdate" >$name</name> + <uri dfrn:updated="$uridate" >$profile_page</uri> + <link rel="photo" type="image/jpeg" dfrn:updated="$picdate" href="$thumb" /> + </author> diff --git a/view/atom_item.tpl b/view/atom_item.tpl index 1dae06db5..8104cfaa5 100644 --- a/view/atom_item.tpl +++ b/view/atom_item.tpl @@ -2,19 +2,19 @@ <author> <name>$name</name> <uri>$profile_page</uri> - <dfrn:avatar>$thumb</dfrn:avatar> + <link rel="photo" type="image/jpeg" href="$thumb" /> </author> <dfrn:owner> <dfrn:name>$owner_name</dfrn:name> <dfrn:uri>$owner_profile_page</dfrn:uri> - <dfrn:avatar>$owner_thumb</dfrn:avatar> + <link rel="photo" type="image/jpeg" href="$owner_thumb" /> </dfrn:owner> <id>$item_id</id> <title>$title</title> <published>$published</published> <updated>$updated</updated> - <content>$content</content> + <content type="$type" >$content</content> <dfrn:location>$location</dfrn:location> <dfrn:comment-allow>$comment_allow</dfrn:comment-allow> </entry> |