diff options
-rw-r--r-- | boot.php | 18 | ||||
-rw-r--r-- | htconfig.php | 5 | ||||
-rw-r--r-- | include/items.php | 147 | ||||
-rw-r--r-- | mod/dfrn_notify.php | 127 | ||||
-rw-r--r-- | mod/dfrn_poll.php | 80 | ||||
-rw-r--r-- | mod/network.php | 2 | ||||
-rw-r--r-- | update.sql | 5 | ||||
-rw-r--r-- | view/atom_feed.tpl | 1 |
8 files changed, 213 insertions, 172 deletions
@@ -33,6 +33,7 @@ class App { private $scheme; private $hostname; private $path; + private $baseurl; private $db; function __construct() { @@ -69,12 +70,20 @@ class App { } function get_baseurl($ssl = false) { - - return (($ssl) ? 'https' : $this->scheme) . "://" . $this->hostname + if(strlen($this->baseurl)) + return $this->baseurl; + + $this->baseurl = (($ssl) ? 'https' : $this->scheme) . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' ); + return $this->baseurl; + } + + function set_baseurl($url) { + $this->baseurl = $url; } + function set_path($p) { $this->path = ltrim(trim($p),'/'); } @@ -330,6 +339,11 @@ function notice($s) { }} +if(! function_exists('get_max_import_size')) { +function get_max_import_size() { + global $a; + return ((x($a->config,'max_import_size')) ? $a->config['max_import_size'] : 0 ); +}} if(! function_exists('xmlify')) { function xmlify($str) { diff --git a/htconfig.php b/htconfig.php index cf52b396a..ef3855978 100644 --- a/htconfig.php +++ b/htconfig.php @@ -22,3 +22,8 @@ $a->config['sitename'] = "DFRN developer"; // first before you close it. $a->config['register_policy'] = REGISTER_OPEN; + + +// Maximum size of an imported message, 0 is unlimited. + +$a->config['max_import_size'] = 10000;
\ No newline at end of file diff --git a/include/items.php b/include/items.php index d0ec64fb9..e6a78f9ec 100644 --- a/include/items.php +++ b/include/items.php @@ -7,6 +7,14 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; + if(strlen($owner_id) && ! intval($owner_id)) { + $r = q("SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1", + dbesc($owner_id) + ); + if(count($r)) + $owner_id = $r[0]['uid']; + } + $r = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1", intval($owner_id) ); @@ -38,8 +46,8 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), + intval($contact['id']), + intval($contact['id']), dbesc($gs), dbesc($gs) ); @@ -58,7 +66,7 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { AND `item`.`type` != 'remote' AND `contact`.`blocked` = 0 AND `item`.`edited` > '%s' $sql_extra - ORDER BY `parent` DESC, `id` ASC LIMIT 0, 300", + ORDER BY `parent` ASC, `created` ASC LIMIT 0, 300", intval($owner_id), dbesc($check_date) ); @@ -87,7 +95,7 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { foreach($items as $item) { if($item['deleted']) { $atom .= replace_macros($tomb_template, array( - '$id' => xmlify(((strlen($item['remote-id'])) ? $item['remote-id'] : "urn:X-dfrn:$baseurl:{$owner['uid']}:{$item['hash']}")), + '$id' => xmlify(((strlen($item['remote-id'])) ? $item['remote-id'] : "urn:X-dfrn:" . $a->get_baseurl() . ":{$owner['uid']}:{$item['hash']}")), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) )); } @@ -101,7 +109,7 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { '$owner_name' => xmlify($item['owner-name']), '$owner_profile_page' => xmlify($item['owner-link']), '$owner_thumb' => xmlify($item['owner-avatar']), - '$item_id' => xmlify(((strlen($item['remote-id'])) ? $item['remote-id'] : "urn:X-dfrn:$baseurl:{$owner['uid']}:{$item['hash']}")), + '$item_id' => xmlify(((strlen($item['remote-id'])) ? $item['remote-id'] : "urn:X-dfrn:" . $a->get_baseurl() . ":{$owner['uid']}:{$item['hash']}")), '$title' => xmlify($item['name']), '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')), @@ -114,20 +122,141 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { '$name' => xmlify($item['name']), '$profile_page' => xmlify($item['url']), '$thumb' => xmlify($item['thumb']), - '$item_id' => xmlify(((strlen($item['remote-id'])) ? $item['remote-id'] : "urn:X-dfrn:$baseurl:{$owner['uid']}:{$item['hash']}")), + '$item_id' => xmlify(((strlen($item['remote-id'])) ? $item['remote-id'] : "urn:X-dfrn:" . $a->get_baseurl() . ":{$owner['uid']}:{$item['hash']}")), '$title' => xmlify($item['title']), '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')), '$content' =>xmlify($item['body']), - '$parent_id' => xmlify("urn:X-dfrn:$baseurl:{$owner['uid']}:{$items[0]['hash']}"), + + // ......this is wrong!!!! + '$parent_id' => xmlify("urn:X-dfrn:" . $a->get_baseurl() . ":{$owner['uid']}:{$items[0]['hash']}"), '$comment_allow' => (($item['last-child']) ? 1 : 0) )); } } } - $atom .= "</feed>\r\n"; return $atom; -}
\ No newline at end of file +} + + + + +function get_atom_elements($item) { + + $res = array(); + + $author = $item->get_author(); + $res['remote-name'] = unxmlify($author->get_name()); + $res['remote-link'] = unxmlify($author->get_link()); + $res['remote-avatar'] = unxmlify($author->get_avatar()); + $res['remote-id'] = unxmlify($item->get_id()); + $res['title'] = unxmlify($item->get_title()); + $res['body'] = unxmlify($item->get_content()); + + $maxlen = get_max_import_size(); + if($maxlen && (strlen($res['body']) > $maxlen)) + $res['body'] = substr($res['body'],0, $maxlen); + + $allow = $item->get_item_tags('http://purl.org/macgirvin/dfrn/1.0','comment-allow'); + if($allow && $allow[0]['data'] == 1) + $res['last-child'] = 1; + else + $res['last-child'] = 0; + + $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published'); + if($rawcreated) + $res['created'] = unxmlify($rawcreated[0]['data']); + + $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'updated'); + if($rawedited) + $res['edited'] = unxmlify($rawcreated[0]['data']); + + $rawowner = $item->get_item_tags('http://purl.org/macgirvin/dfrn/1.0', 'owner'); + if($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['name'][0]['data']) + $res['owner-name'] = unxmlify($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['name'][0]['data']); + if($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['uri'][0]['data']) + $res['owner-link'] = unxmlify($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['uri'][0]['data']); + if($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['avatar'][0]['data']) + $res['owner-avatar'] = unxmlify($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['avatar'][0]['data']); + + return $res; +} + +function post_remote($a,$arr) { + + $arr['hash'] = random_string(); + if(! x($arr,'type')) + $arr['type'] = 'remote'; + $arr['remote-name'] = notags(trim($arr['remote-name'])); + $arr['remote-link'] = notags(trim($arr['remote-link'])); + $arr['remote-avatar'] = notags(trim($arr['remote-avatar'])); + $arr['owner-name'] = notags(trim($arr['owner-name'])); + $arr['owner-link'] = notags(trim($arr['owner-link'])); + $arr['owner-avatar'] = notags(trim($arr['owner-avatar'])); + if(! strlen($arr['remote-avatar'])) + $arr['remote-avatar'] = $a->get_baseurl() . '/images/default-profile-sm.jpg'; + if(! strlen($arr['owner-avatar'])) + $arr['owner-avatar'] = $a->get_baseurl() . '/images/default-profile-sm.jpg'; + $arr['created'] = datetime_convert('UTC','UTC',$arr['created'],'Y-m-d H:i:s'); + $arr['edited'] = datetime_convert('UTC','UTC',$arr['edited'],'Y-m-d H:i:s'); + $arr['title'] = notags(trim($arr['title'])); + $arr['body'] = escape_tags(trim($arr['body'])); + $arr['last-child'] = intval($arr['last-child']); + $arr['visible'] = 1; + $arr['deleted'] = 0; + + $local_parent = false; + + if(isset($arr['parent_hash'])) { + $local_parent = true; + $parent = $arr['parent_hash']; + unset($arr['parent_hash']); + } + else { + $parent = $arr['parent_urn']; + unset($arr['parent_urn']); + } + + $parent_id = 0; + + dbesc_array($arr); +dbg(3); + $r = q("INSERT INTO `item` (`" + . implode("`, `", array_keys($arr)) + . "`) VALUES ('" + . implode("', '", array_values($arr)) + . "')" ); + + if($local_parent) { + $r = q("SELECT `id` FROM `item` WHERE `hash` = '%s' AND `uid` = %d LIMIT 1", + dbesc($parent), + intval($arr['uid']) + ); + } + else { + $r = q("SELECT `id` FROM `item` WHERE `remote-id` = '%s' AND `uid` = %d LIMIT 1", + dbesc($parent), + intval($arr['uid']) + ); + } + if(count($r)) + $parent_id = $r[0]['id']; + + + $r = q("SELECT `id` FROM `item` WHERE `remote-id` = '%s' AND `uid` = %d LIMIT 1", + $arr['remote-id'], + intval($arr['uid']) + ); + if(count($r)) + $current_post = $r[0]['id']; + + $r = q("UPDATE `item` SET `parent` = %d WHERE `id` = %d LIMIT 1", + intval($parent_id), + intval($current_post) + ); + + return $current_post; +} diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index f81eb9cfb..ed2222d6a 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -1,126 +1,9 @@ <?php require_once('simplepie/simplepie.inc'); +require_once('include/items.php'); -function get_atom_elements($item) { - - $res = array(); - - $author = $item->get_author(); - $res['remote-name'] = unxmlify($author->get_name()); - $res['remote-link'] = unxmlify($author->get_link()); - $res['remote-avatar'] = unxmlify($author->get_avatar()); - $res['remote-id'] = unxmlify($item->get_id()); - $res['title'] = unxmlify($item->get_title()); - $res['body'] = unxmlify($item->get_content()); - - if(strlen($res['body']) > 100000) - $res['body'] = substr($res['body'],0,10000) . "\r\n[Extremely large post truncated.]\r\n" ; - - $allow = $item->get_item_tags('http://purl.org/macgirvin/dfrn/1.0','comment-allow'); - if($allow && $allow[0]['data'] == 1) - $res['last-child'] = 1; - else - $res['last-child'] = 0; - - $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published'); - if($rawcreated) - $res['created'] = unxmlify($rawcreated[0]['data']); - - $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'updated'); - if($rawedited) - $res['edited'] = unxmlify($rawcreated[0]['data']); - - $rawowner = $item->get_item_tags('http://purl.org/macgirvin/dfrn/1.0', 'owner'); - if($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['name'][0]['data']) - $res['owner-name'] = unxmlify($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['name'][0]['data']); - if($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['uri'][0]['data']) - $res['owner-link'] = unxmlify($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['uri'][0]['data']); - if($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['avatar'][0]['data']) - $res['owner-avatar'] = unxmlify($rawowner[0]['child']['http://purl.org/macgirvin/dfrn/1.0']['avatar'][0]['data']); - - - return $res; - -} - -function post_remote($a,$arr) { - - $arr['hash'] = random_string(); - if(! x($arr,'type')) - $arr['type'] = 'remote'; - $arr['remote-name'] = notags(trim($arr['remote-name'])); - $arr['remote-link'] = notags(trim($arr['remote-link'])); - $arr['remote-avatar'] = notags(trim($arr['remote-avatar'])); - $arr['owner-name'] = notags(trim($arr['owner-name'])); - $arr['owner-link'] = notags(trim($arr['owner-link'])); - $arr['owner-avatar'] = notags(trim($arr['owner-avatar'])); - if(! strlen($arr['remote-avatar'])) - $arr['remote-avatar'] = $a->get_baseurl() . '/images/default-profile-sm.jpg'; - if(! strlen($arr['owner-avatar'])) - $arr['owner-avatar'] = $a->get_baseurl() . '/images/default-profile-sm.jpg'; - $arr['created'] = datetime_convert('UTC','UTC',$arr['created'],'Y-m-d H:i:s'); - $arr['edited'] = datetime_convert('UTC','UTC',$arr['edited'],'Y-m-d H:i:s'); - $arr['title'] = notags(trim($arr['title'])); - $arr['body'] = escape_tags(trim($arr['body'])); - $arr['last-child'] = intval($arr['last-child']); - $arr['visible'] = 1; - $arr['deleted'] = 0; - - $local_parent = false; - - if(isset($arr['parent_hash'])) { - $local_parent = true; - $parent = $arr['parent_hash']; - unset($arr['parent_hash']); - } - else { - $parent = $arr['parent_urn']; - unset($arr['parent_urn']); - } - - $parent_id = 0; - - dbesc_array($arr); -dbg(3); - $r = q("INSERT INTO `item` (`" - . implode("`, `", array_keys($arr)) - . "`) VALUES ('" - . implode("', '", array_values($arr)) - . "')" ); - - if($local_parent) { - $r = q("SELECT `id` FROM `item` WHERE `hash` = '%s' AND `uid` = %d LIMIT 1", - dbesc($parent), - intval($arr['uid']) - ); - } - else { - $r = q("SELECT `id` FROM `item` WHERE `remote-id` = '%s' AND `uid` = %d LIMIT 1", - dbesc($parent), - intval($arr['uid']) - ); - } - if(count($r)) - $parent_id = $r[0]['id']; - - - $r = q("SELECT `id` FROM `item` WHERE `remote-id` = '%s' AND `uid` = %d LIMIT 1", - $arr['remote-id'], - intval($arr['uid']) - ); - if(count($r)) - $current_post = $r[0]['id']; - - $r = q("UPDATE `item` SET `parent` = %d WHERE `id` = %d LIMIT 1", - intval($parent_id), - intval($current_post) - ); - - return $current_post; -} - function dfrn_notify_post(&$a) { dbg(3); $dfrn_id = notags(trim($_POST['dfrn_id'])); @@ -276,14 +159,6 @@ dbg(3); } - - - - - - - - function dfrn_notify_content(&$a) { if(x($_GET,'dfrn_id')) { diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index ae3dc892d..6b4c50ad2 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -1,6 +1,8 @@ <?php require_once('include/items.php'); +require_once('include/auth.php'); + function dfrn_poll_init(&$a) { @@ -63,37 +65,6 @@ function dfrn_poll_init(&$a) { } - if($dfrn_id != '*') { - // initial communication from external contact - $hash = random_string(); - - $status = 0; - - $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time())); - - $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` ) - VALUES( '%s', '%s', '%s', '%s', '%s' ) ", - dbesc($hash), - dbesc(notags(trim($_GET['dfrn_id']))), - intval(time() + 60 ), - dbesc($type), - dbesc($last_update) - ); - - $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1", - dbesc($_GET['dfrn_id'])); - if((! count($r)) || (! strlen($r[0]['prvkey']))) - $status = 1; - - $challenge = ''; - - openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); - $challenge = bin2hex($challenge); - echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>' - . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ; - session_write_close(); - exit; - } } @@ -103,6 +74,7 @@ function dfrn_poll_post(&$a) { $dfrn_id = notags(trim($_POST['dfrn_id'])); $challenge = notags(trim($_POST['challenge'])); $url = $_POST['url']; + $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", dbesc($dfrn_id), dbesc($challenge) @@ -166,6 +138,52 @@ function dfrn_poll_post(&$a) { } } +function dfrn_poll_content(&$a) { + + if(x($_GET,'dfrn_id')) + $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id']; + if(x($_GET,'type')) + $type = $a->config['dfrn_poll_type'] = $_GET['type']; + if(x($_GET,'last_update')) + $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update']; + + + if($dfrn_id != '*') { + // initial communication from external contact + $hash = random_string(); + + $status = 0; + + $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time())); + + $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` ) + VALUES( '%s', '%s', '%s', '%s', '%s' ) ", + dbesc($hash), + dbesc(notags(trim($_GET['dfrn_id']))), + intval(time() + 60 ), + dbesc($type), + dbesc($last_update) + ); + $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1", + dbesc($_GET['dfrn_id'])); + if((! count($r)) || (! strlen($r[0]['prvkey']))) + $status = 1; + + $challenge = ''; + + openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); + $challenge = bin2hex($challenge); + echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>' + . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ; + session_write_close(); + exit; + } + + + + + +} diff --git a/mod/network.php b/mod/network.php index 94ea065e9..aa662c79c 100644 --- a/mod/network.php +++ b/mod/network.php @@ -56,7 +56,7 @@ function network_content(&$a) { WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 AND `contact`.`blocked` = 0 $sql_extra - ORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ", + ORDER BY `parent` DESC, `created` ASC LIMIT %d ,%d ", intval($_SESSION['uid']), intval($a->pager['start']), intval($a->pager['itemspage']) diff --git a/update.sql b/update.sql index be6a6a36c..a576adb88 100644 --- a/update.sql +++ b/update.sql @@ -15,8 +15,7 @@ ADD `owner-avatar` CHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NU ALTER TABLE `user` ADD `pwdreset` CHAR( 255 ) NOT NULL AFTER `blocked` ; - ALTER TABLE `challenge` ADD `cmd` CHAR( 255 ) NOT NULL AFTER `expire` , -ADD `url` CHAR( 255 ) NOT NULL AFTER `cmd` , -ADD `last_update` CHAR( 255 ) NOT NULL AFTER `url` ; + ALTER TABLE `challenge` ADD `type` CHAR( 255 ) NOT NULL AFTER `expire` , +ADD `last_update` CHAR( 255 ) NOT NULL AFTER `type` ; ALTER TABLE `contact` ADD `last-update` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00' AFTER `ret-pubkey` ; diff --git a/view/atom_feed.tpl b/view/atom_feed.tpl index c283ad8f7..00ac6c406 100644 --- a/view/atom_feed.tpl +++ b/view/atom_feed.tpl @@ -1,3 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> <feed xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:at="http://purl.org/atompub/tombstones/1.0" |