aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--boot.php7
-rw-r--r--done12
-rwxr-xr-xinclude/items.php43
-rw-r--r--include/permissions.php3
-rw-r--r--include/zot.php72
-rw-r--r--install/database.sql59
-rw-r--r--install/update.php57
-rw-r--r--mod/allfriends.php5
-rw-r--r--mod/contacts.php597
-rw-r--r--mod/dfrn_confirm.php813
-rw-r--r--mod/dfrn_notify.php281
-rw-r--r--mod/dfrn_poll.php562
-rw-r--r--mod/dfrn_request.php837
-rw-r--r--mod/display.php94
-rw-r--r--mod/editpost.php30
-rw-r--r--mod/login.php8
-rw-r--r--mod/settings.php2
-rw-r--r--mod/wallmessage.php149
-rw-r--r--version.inc2
-rw-r--r--view/js/mod_connections.js1
-rw-r--r--view/theme/fancyred/php/config.php2
-rw-r--r--view/theme/redbasic/php/config.php2
-rw-r--r--view/tpl/edpost_head.tpl1
23 files changed, 293 insertions, 3346 deletions
diff --git a/boot.php b/boot.php
index 2bff1b799..d85309634 100644
--- a/boot.php
+++ b/boot.php
@@ -15,9 +15,8 @@ require_once('include/features.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica Red');
define ( 'FRIENDICA_VERSION', trim(file_get_contents('version.inc')) . 'R');
-define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'ZOT_REVISION', 1 );
-define ( 'DB_UPDATE_VERSION', 1005 );
+define ( 'DB_UPDATE_VERSION', 1008 );
define ( 'EOL', "<br />\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
@@ -146,6 +145,7 @@ define ( 'UPDATE_FAILED', 1);
define ( 'PAGE_NORMAL', 0x0000 );
define ( 'PAGE_HIDDEN', 0x0001 );
define ( 'PAGE_AUTOCONNECT', 0x0002 );
+define ( 'PAGE_APPLICATION', 0x0004 );
//define ( 'PAGE_FREELOVE', 3 );
//define ( 'PAGE_BLOG', 4 );
@@ -191,6 +191,9 @@ define ( 'PERMS_W_PHOTOS', 0x0200);
define ( 'PERMS_W_CHAT', 0x0400);
define ( 'PERMS_A_DELEGATE', 0x0800);
+define ( 'PERMS_R_STORAGE', 0x1000);
+define ( 'PERMS_W_STORAGE', 0x2000);
+
// General channel permissions
diff --git a/done b/done
index 55e2c7ed3..b413ae003 100644
--- a/done
+++ b/done
@@ -88,13 +88,8 @@ mod/
common.php
community.php
contactgroup.php
-- contacts.php
crepair.php
delegate.php
-- dfrn_confirm.php
-- dfrn_notify.php
-- dfrn_poll.php
-- dfrn_request.php
directory.php
dirfind.php
display.php
@@ -122,7 +117,7 @@ mod/
magic.php
+ manage.php
match.php
- message.php
+? message.php
? mood.php
msearch.php
? network.php
@@ -148,7 +143,7 @@ mod/
qsearch.php
+ randprof.php
- redir.php
-- register.php
++ register.php
regmod.php
removeme.php
rsd_xml.php (what do we need this for? What functionality/feature does it enable)
@@ -170,7 +165,6 @@ mod/
view.php
+ viewsrc.php
? wall_attach.php (needs remote permissions refactor)
-- wallmessage.php
? wall_upload.php (needs remote permissions refactor)
webfinger.php
+ _well_known.php
@@ -178,4 +172,4 @@ mod/
+ zchannel.php
+ zfinger.php
? zperms.php
-+ register.php
+
diff --git a/include/items.php b/include/items.php
index c2688a9cd..4e656d059 100755
--- a/include/items.php
+++ b/include/items.php
@@ -644,6 +644,8 @@ function decode_tags($t) {
}
+// santise a potentially complex array
+
function activity_sanitise($arr) {
if($arr) {
$ret = array();
@@ -658,6 +660,19 @@ function activity_sanitise($arr) {
return '';
}
+// sanitise a simple linear array
+
+function array_sanitise($arr) {
+ if($arr) {
+ $ret = array();
+ foreach($arr as $x) {
+ $ret[] = htmlentities($x, ENT_COMPAT,'UTF-8');
+ }
+ return $ret;
+ }
+ return '';
+}
+
function encode_item_flags($item) {
// most of item_flags and item_restrict are local settings which don't apply when transmitted.
@@ -726,6 +741,34 @@ function get_mail_elements($x) {
}
+function get_profile_elements($x) {
+
+ $arr = array();
+
+ if(import_author_xchan($x['from']))
+ $arr['xprof_hash'] = base64url_encode(hash('whirlpool',$x['from']['guid'] . $x['from']['guid_sig'], true));
+ else
+ return array();
+
+ $arr['desc'] = (($x['title']) ? htmlentities($x['title'],ENT_COMPAT,'UTF-8') : '');
+
+ $arr['dob'] = datetime_convert('UTC','UTC',$x['birthday'],'Y-m-d');
+
+ $arr['gender'] = (($x['gender']) ? htmlentities($x['gender'], ENT_COMPAT,'UTF-8') : '');
+ $arr['marital'] = (($x['marital']) ? htmlentities($x['marital'], ENT_COMPAT,'UTF-8') : '');
+ $arr['sexual'] = (($x['sexual']) ? htmlentities($x['sexual'], ENT_COMPAT,'UTF-8') : '');
+ $arr['locale'] = (($x['locale']) ? htmlentities($x['locale'], ENT_COMPAT,'UTF-8') : '');
+ $arr['region'] = (($x['region']) ? htmlentities($x['region'], ENT_COMPAT,'UTF-8') : '');
+ $arr['postcode'] = (($x['postcode']) ? htmlentities($x['postcode'], ENT_COMPAT,'UTF-8') : '');
+ $arr['country'] = (($x['country']) ? htmlentities($x['country'], ENT_COMPAT,'UTF-8') : '');
+
+ $arr['keywords'] = (($x['keywords'] && is_array($x['keywords'])) ? array_sanitise($x['keywords']) : array());
+
+ return $arr;
+
+}
+
+
function get_atom_elements($feed,$item) {
diff --git a/include/permissions.php b/include/permissions.php
index 8e0594492..e74486a06 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -14,6 +14,7 @@ function get_perms() {
'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my "public" channel profile'), ''),
'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my "public" photo albums'), ''),
'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my "public" address book'), ''),
+ 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my "public" file storage'), ''),
// Write permissions
'send_stream' => array('channel_w_stream', intval(PERMS_W_STREAM), false, t('Can send me their channel stream and posts'), ''),
@@ -23,6 +24,8 @@ function get_perms() {
'post_photos' => array('channel_w_photos', intval(PERMS_W_PHOTOS), false, t('Can post photos to my photo albums'), ''),
'tag_deliver' => array('channel_w_tagwall', intval(PERMS_W_TAGWALL), false, t('Can forward to all my channel contacts via post tags'), t('Advanced - useful for creating group forum channels')),
'chat' => array('channel_w_chat', intval(PERMS_W_CHAT), false, t('Can chat with me (when available)'), t('Requires compatible chat plugin')),
+ 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my "public" file storage'), ''),
+
'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')),
);
return $global_perms;
diff --git a/include/zot.php b/include/zot.php
index 049cf004b..ade35f0f1 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -722,8 +722,16 @@ function zot_import($arr) {
process_mail_delivery($i['notify']['sender'],$arr,$deliveries);
}
- }
+ elseif($i['message']['type'] === 'profile') {
+ $arr = get_profile_elements($i['message']);
+
+ logger('Profile received: ' . print_r($arr,true));
+ logger('Profile recipients: ' . print_r($deliveries,true));
+
+ process_profile_delivery($i['notify']['sender'],$arr,$deliveries);
+ }
+ }
}
}
}
@@ -901,3 +909,65 @@ function process_mail_delivery($sender,$arr,$deliveries) {
}
}
}
+
+function process_profile_delivery($sender,$arr,$deliveries) {
+
+ // deliveries is irrelevant
+
+ $r = q("select * from xprof where xprof_hash = '%s' limit 1",
+ dbesc($sender['hash'])
+ );
+ if(! $r) {
+ $x = q("insert into xprof ( xprof_hash, xprof_desc, xprof_dob, xprof_gender, xprof_marital, xprof_sexual,
+ xprof_locale, xprof_region, xprof_postcode, xprof_country ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
+ dbesc($sender['hash']),
+ dbesc($arr['desc']),
+ dbesc($arr['dob']),
+ dbesc($arr['gender']),
+ dbesc($arr['marital']),
+ dbesc($arr['sexual']),
+ dbesc($arr['locale']),
+ dbesc($arr['region']),
+ dbesc($arr['postcode']),
+ dbesc($arr['country'])
+ );
+ }
+ else {
+ $x = q("update xprof set
+ xprof_desc = '%s'
+ xprof_dob = '%s',
+ xprof_gender = '%s',
+ xprof_marital = '%s',
+ xprof_sexual = '%s',
+ xprof_locale = '%s',
+ xprof_region = '%s',
+ xprof_postcode = '%s',
+ xprof_country = '%s'
+ where xprof_hash = '%s' limit 1",
+ dbesc($arr['desc']),
+ dbesc($arr['dob']),
+ dbesc($arr['gender']),
+ dbesc($arr['marital']),
+ dbesc($arr['sexual']),
+ dbesc($arr['locale']),
+ dbesc($arr['region']),
+ dbesc($arr['postcode']),
+ dbesc($arr['country']),
+ dbesc($sender['hash'])
+ );
+ }
+
+ // optimise this, get existing tags and check which still exist and which don't!!!
+
+ $x = q("delete from xtag where xtag_hash = '%s'");
+ if($arr['keywords']) {
+ foreach($arr['keywords'] as $tag) {
+ $r = q("insert into xtag ( xtag_hash, xtag_term ) values ( '%s', '%s' )",
+ dbesc($sender['hash']),
+ dbesc($tag)
+ );
+ }
+ }
+
+
+} \ No newline at end of file
diff --git a/install/database.sql b/install/database.sql
index 4030eb7ea..5581a27c6 100644
--- a/install/database.sql
+++ b/install/database.sql
@@ -159,6 +159,8 @@ CREATE TABLE IF NOT EXISTS `channel` (
`channel_w_photos` tinyint(3) unsigned NOT NULL DEFAULT '128',
`channel_w_chat` tinyint(3) unsigned NOT NULL DEFAULT '128',
`channel_a_delegate` tinyint(3) unsigned NOT NULL DEFAULT '0',
+ `channel_r_storage` int(10) unsigned NOT NULL DEFAULT '128',
+ `channel_w_storage` int(10) unsigned NOT NULL DEFAULT '128',
PRIMARY KEY (`channel_id`),
KEY `channel_account_id` (`channel_account_id`),
KEY `channel_primary` (`channel_primary`),
@@ -186,7 +188,9 @@ CREATE TABLE IF NOT EXISTS `channel` (
KEY `channel_guid` (`channel_guid`),
KEY `channel_hash` (`channel_hash`),
KEY `channel_expire_days` (`channel_expire_days`),
- KEY `channel_a_delegate` (`channel_a_delegate`)
+ KEY `channel_a_delegate` (`channel_a_delegate`),
+ KEY `channel_r_storage` (`channel_r_storage`),
+ KEY `channel_w_storage` (`channel_w_storage`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `clients` (
@@ -361,13 +365,6 @@ CREATE TABLE IF NOT EXISTS `group_member` (
KEY `xchan` (`xchan`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-CREATE TABLE IF NOT EXISTS `guid` (
- `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
- `guid` char(64) NOT NULL,
- PRIMARY KEY (`id`),
- KEY `guid` (`guid`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-
CREATE TABLE IF NOT EXISTS `hook` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`hook` char(255) NOT NULL,
@@ -564,17 +561,6 @@ CREATE TABLE IF NOT EXISTS `notify` (
KEY `otype` (`otype`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-CREATE TABLE IF NOT EXISTS `notify-threads` (
- `id` int(11) NOT NULL AUTO_INCREMENT,
- `notify-id` int(11) NOT NULL,
- `master-parent-item` int(10) unsigned NOT NULL DEFAULT '0',
- `parent-item` int(10) unsigned NOT NULL DEFAULT '0',
- `receiver-uid` int(11) NOT NULL,
- PRIMARY KEY (`id`),
- KEY `master-parent-item` (`master-parent-item`),
- KEY `receiver-uid` (`receiver-uid`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-
CREATE TABLE IF NOT EXISTS `outq` (
`outq_hash` char(255) NOT NULL,
`outq_account` int(10) unsigned NOT NULL DEFAULT '0',
@@ -768,7 +754,10 @@ CREATE TABLE IF NOT EXISTS `site` (
PRIMARY KEY (`site_url`),
KEY `site_flags` (`site_flags`),
KEY `site_update` (`site_update`),
- KEY `site_directory` (`site_directory`)
+ KEY `site_directory` (`site_directory`),
+ KEY `site_flags_2` (`site_flags`),
+ KEY `site_update_2` (`site_update`),
+ KEY `site_directory_2` (`site_directory`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `spam` (
@@ -855,3 +844,33 @@ CREATE TABLE IF NOT EXISTS `xchan` (
KEY `xchan_url` (`xchan_url`),
KEY `xchan_flags` (`xchan_flags`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+CREATE TABLE IF NOT EXISTS `xprof` (
+ `xprof_hash` char(255) NOT NULL,
+ `xprof_desc` char(255) NOT NULL DEFAULT '',
+ `xprof_dob` char(12) NOT NULL DEFAULT '',
+ `xprof_gender` char(255) NOT NULL DEFAULT '',
+ `xprof_marital` char(255) NOT NULL DEFAULT '',
+ `xprof_sexual` char(255) NOT NULL DEFAULT '',
+ `xprof_locale` char(255) NOT NULL DEFAULT '',
+ `xprof_region` char(255) NOT NULL DEFAULT '',
+ `xprof_postcode` char(32) NOT NULL DEFAULT '',
+ `xprof_country` char(255) NOT NULL DEFAULT '',
+ PRIMARY KEY (`xprof_hash`),
+ KEY `xprof_desc` (`xprof_desc`),
+ KEY `xprof_dob` (`xprof_dob`),
+ KEY `xprof_gender` (`xprof_gender`),
+ KEY `xprof_marital` (`xprof_marital`),
+ KEY `xprof_sexual` (`xprof_sexual`),
+ KEY `xprof_locale` (`xprof_locale`),
+ KEY `xprof_region` (`xprof_region`),
+ KEY `xprof_postcode` (`xprof_postcode`),
+ KEY `xprof_country` (`xprof_country`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+CREATE TABLE IF NOT EXISTS `xtag` (
+ `xtag_hash` char(255) NOT NULL,
+ `xtag_term` char(255) NOT NULL DEFAULT '',
+ PRIMARY KEY (`xtag_hash`),
+ KEY `xtag_term` (`xtag_term`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
diff --git a/install/update.php b/install/update.php
index 48cb15c03..bdd687fb3 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
<?php
-define( 'UPDATE_VERSION' , 1005 );
+define( 'UPDATE_VERSION' , 1008 );
/**
*
@@ -98,4 +98,57 @@ PRIMARY KEY ( `site_url` )
if($r && $r2)
return UPDATE_SUCCESS;
return UPDATE_FAILED;
-} \ No newline at end of file
+}
+
+
+function update_r1005() {
+ q("drop table guid");
+ q("drop table `notify-threads`");
+ return UPDATE_SUCCESS;
+}
+
+function update_r1006() {
+
+ $r = q("CREATE TABLE IF NOT EXISTS `xprof` (
+ `xprof_hash` char(255) NOT NULL,
+ `xprof_desc` char(255) NOT NULL DEFAULT '',
+ `xprof_dob` char(12) NOT NULL DEFAULT '',
+ `xprof_gender` char(255) NOT NULL DEFAULT '',
+ `xprof_marital` char(255) NOT NULL DEFAULT '',
+ `xprof_sexual` char(255) NOT NULL DEFAULT '',
+ `xprof_locale` char(255) NOT NULL DEFAULT '',
+ `xprof_region` char(255) NOT NULL DEFAULT '',
+ `xprof_postcode` char(32) NOT NULL DEFAULT '',
+ `xprof_country` char(255) NOT NULL DEFAULT '',
+ PRIMARY KEY (`xprof_hash`),
+ KEY `xprof_desc` (`xprof_desc`),
+ KEY `xprof_dob` (`xprof_dob`),
+ KEY `xprof_gender` (`xprof_gender`),
+ KEY `xprof_marital` (`xprof_marital`),
+ KEY `xprof_sexual` (`xprof_sexual`),
+ KEY `xprof_locale` (`xprof_locale`),
+ KEY `xprof_region` (`xprof_region`),
+ KEY `xprof_postcode` (`xprof_postcode`),
+ KEY `xprof_country` (`xprof_country`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8");
+
+ $r2 = q("CREATE TABLE IF NOT EXISTS `xtag` (
+ `xtag_hash` char(255) NOT NULL,
+ `xtag_term` char(255) NOT NULL DEFAULT '',
+ PRIMARY KEY (`xtag_hash`),
+ KEY `xtag_term` (`xtag_term`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8");
+
+ if($r && $r2)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+}
+
+
+function update_r1007() {
+ $r = q("ALTER TABLE `channel` ADD `channel_r_storage` INT UNSIGNED NOT NULL DEFAULT '128', ADD `channel_w_storage` INT UNSIGNED NOT NULL DEFAULT '128', add index ( channel_r_storage ), add index ( channel_w_storage )");
+
+ if($r && $r2)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+}
diff --git a/mod/allfriends.php b/mod/allfriends.php
index f675b8e29..bb4df30be 100644
--- a/mod/allfriends.php
+++ b/mod/allfriends.php
@@ -5,13 +5,14 @@ require_once('include/socgraph.php');
function allfriends_content(&$a) {
$o = '';
+
if(! local_user()) {
notice( t('Permission denied.') . EOL);
return;
}
- if($a->argc > 1)
- $cid = intval($a->argv[1]);
+ if(argc() > 1)
+ $cid = intval(argv(1));
if(! $cid)
return;
diff --git a/mod/contacts.php b/mod/contacts.php
deleted file mode 100644
index 09a4e6c97..000000000
--- a/mod/contacts.php
+++ /dev/null
@@ -1,597 +0,0 @@
-<?php
-
-require_once('include/Contact.php');
-require_once('include/socgraph.php');
-require_once('include/contact_selectors.php');
-
-function contacts_init(&$a) {
- if(! local_user())
- return;
-
- $contact_id = 0;
-
- if(($a->argc == 2) && intval($a->argv[1])) {
- $contact_id = intval($a->argv[1]);
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d and `id` = %d LIMIT 1",
- intval(local_user()),
- intval($contact_id)
- );
- if(! count($r)) {
- $contact_id = 0;
- }
- }
-
- require_once('include/group.php');
- require_once('include/contact_widgets.php');
-
- if(! x($a->page,'aside'))
- $a->page['aside'] = '';
-
- if($contact_id) {
- $a->data['contact'] = $r[0];
- $o .= '<div class="vcard">';
- $o .= '<div class="fn">' . $a->data['contact']['name'] . '</div>';
- $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->data['contact']['photo'] . '" alt="' . $a->data['contact']['name'] . '" /></div>';
- $o .= '</div>';
- $a->page['aside'] .= $o;
-
- }
- else
- $a->page['aside'] .= follow_widget();
-
- $a->page['aside'] .= group_side('contacts','group',false,0,$contact_id);
-
- $a->page['aside'] .= findpeople_widget();
-
- $base = $a->get_baseurl();
-
- $a->page['htmlhead'] .= <<< EOT
-
-<script>$(document).ready(function() {
- var a;
- a = $("#contacts-search").autocomplete({
- serviceUrl: '$base/acl',
- minChars: 2,
- width: 350,
- });
- a.setOptions({ params: { type: 'a' }});
-
-});
-
-</script>
-EOT;
-
-
-}
-
-function contacts_post(&$a) {
-
- if(! local_user())
- return;
-
- $contact_id = intval($a->argv[1]);
- if(! $contact_id)
- return;
-
- $orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval(local_user())
- );
-
- if(! count($orig_record)) {
- notice( t('Could not access contact record.') . EOL);
- goaway($a->get_baseurl(true) . '/contacts');
- return; // NOTREACHED
- }
-
- call_hooks('contact_edit_post', $_POST);
-
- $profile_id = intval($_POST['profile-assign']);
- if($profile_id) {
- $r = q("SELECT `id` FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($profile_id),
- intval(local_user())
- );
- if(! count($r)) {
- notice( t('Could not locate selected profile.') . EOL);
- return;
- }
- }
-
- $hidden = intval($_POST['hidden']);
-
- $priority = intval($_POST['poll']);
- if($priority > 5 || $priority < 0)
- $priority = 0;
-
- $closeness = intval($_POST['closeness']);
- if($closeness < 0)
- $closeness = 99;
-
- $info = fix_mce_lf(escape_tags(trim($_POST['info'])));
-
- $r = q("UPDATE `contact` SET `profile_id` = %d, `priority` = %d , `info` = '%s',
- `hidden` = %d, closeness = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($profile_id),
- intval($priority),
- dbesc($info),
- intval($hidden),
- intval($closeness),
- intval($contact_id),
- intval(local_user())
- );
- if($r)
- info( t('Contact updated.') . EOL);
- else
- notice( t('Failed to update contact record.') . EOL);
-
- $r = q("select * from contact where id = %d and uid = %d limit 1",
- intval($contact_id),
- intval(local_user())
- );
- if($r && count($r))
- $a->data['contact'] = $r[0];
-
- return;
-
-}
-
-
-
-function contacts_content(&$a) {
-
- $sort_type = 0;
- $o = '';
- nav_set_selected('contacts');
-
-
- if(! local_user()) {
- notice( t('Permission denied.') . EOL);
- return;
- }
-
- if($a->argc == 3) {
-
- $contact_id = intval($a->argv[1]);
- if(! $contact_id)
- return;
-
- $cmd = $a->argv[2];
-
- $orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1",
- intval($contact_id),
- intval(local_user())
- );
-
- if(! count($orig_record)) {
- notice( t('Could not access contact record.') . EOL);
- goaway($a->get_baseurl(true) . '/contacts');
- return; // NOTREACHED
- }
-
- if($cmd === 'update') {
-
- // pull feed and consume it, which should subscribe to the hub.
- proc_run('php',"include/poller.php","$contact_id");
- goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
- // NOTREACHED
- }
-
- if($cmd === 'block') {
- $blocked = (($orig_record[0]['blocked']) ? 0 : 1);
- $r = q("UPDATE `contact` SET `blocked` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($blocked),
- intval($contact_id),
- intval(local_user())
- );
- if($r) {
- //notice( t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL );
- info( (($blocked) ? t('Contact has been blocked') : t('Contact has been unblocked')) . EOL );
- }
- goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
- return; // NOTREACHED
- }
-
- if($cmd === 'ignore') {
- $readonly = (($orig_record[0]['readonly']) ? 0 : 1);
- $r = q("UPDATE `contact` SET `readonly` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($readonly),
- intval($contact_id),
- intval(local_user())
- );
- if($r) {
- info( (($readonly) ? t('Contact has been ignored') : t('Contact has been unignored')) . EOL );
- }
- goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
- return; // NOTREACHED
- }
-
-
- if($cmd === 'archive') {
- $archived = (($orig_record[0]['archive']) ? 0 : 1);
- $r = q("UPDATE `contact` SET `archive` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($archived),
- intval($contact_id),
- intval(local_user())
- );
- if($r) {
- //notice( t('Contact has been ') . (($archived) ? t('archived') : t('unarchived')) . EOL );
- info( (($archived) ? t('Contact has been archived') : t('Contact has been unarchived')) . EOL );
- }
- goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
- return; // NOTREACHED
- }
-
- if($cmd === 'drop') {
-
- require_once('include/Contact.php');
-
- terminate_friendship($a->user,$a->contact,$orig_record[0]);
-
- contact_remove($orig_record[0]['id']);
- info( t('Contact has been removed.') . EOL );
- if(x($_SESSION,'return_url'))
- goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']);
- else
- goaway($a->get_baseurl(true) . '/contacts');
- return; // NOTREACHED
- }
- }
-
- if((x($a->data,'contact')) && (is_array($a->data['contact']))) {
-
- $contact_id = $a->data['contact']['id'];
- $contact = $a->data['contact'];
-
- $editselect = 'exact';
- if(intval(get_pconfig(local_user(),'system','plaintext')))
- $editselect = 'none';
-
- $a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array(
- '$baseurl' => $a->get_baseurl(true),
- '$editselect' => $editselect,
- ));
-
- require_once('include/contact_selectors.php');
-
- $tpl = get_markup_template("contact_edit.tpl");
-
- switch($contact['rel']) {
- case CONTACT_IS_FRIEND:
- $dir_icon = 'images/lrarrow.gif';
- $relation_text = t('You are mutual friends with %s');
- break;
- case CONTACT_IS_FOLLOWER;
- $dir_icon = 'images/larrow.gif';
- $relation_text = t('You are sharing with %s');
- break;
-
- case CONTACT_IS_SHARING;
- $dir_icon = 'images/rarrow.gif';
- $relation_text = t('%s is sharing with you');
- break;
- default:
- break;
- }
-
- $relation_text = sprintf($relation_text,$contact['name']);
-
- if(($contact['network'] === NETWORK_DFRN) && ($contact['rel'])) {
- $url = "redir/{$contact['id']}";
- $sparkle = ' class="sparkle" ';
- }
- else {
- $url = $contact['url'];
- $sparkle = '';
- }
-
- $insecure = t('Private communications are not available for this contact.');
-
- $last_update = (($contact['last_update'] == '0000-00-00 00:00:00')
- ? t('Never')
- : datetime_convert('UTC',date_default_timezone_get(),$contact['last_update'],'D, j M Y, g:i A'));
-
- if($contact['last_update'] !== '0000-00-00 00:00:00')
- $last_update .= ' ' . (($contact['last_update'] == $contact['success_update']) ? t("\x28Update was successful\x29") : t("\x28Update was not successful\x29"));
-
- $lblsuggest = (($contact['network'] === NETWORK_DFRN) ? t('Suggest friends') : '');
-
- $poll_enabled = (($contact['network'] !== NETWORK_DIASPORA) ? true : false);
-
- $nettype = sprintf( t('Network type: %s'),network_to_name($contact['network']));
-
- $common = count_common_friends(local_user(),$contact['id']);
- $common_text = (($common) ? sprintf( tt('%d contact in common','%d contacts in common', $common),$common) : '');
-
- $polling = (($contact['network'] === NETWORK_MAIL | $contact['network'] === NETWORK_FEED) ? 'polling' : '');
-
- $x = count_all_friends(local_user(), $contact['id']);
- $all_friends = (($x) ? t('View all contacts') : '');
-
- // tabs
- $tabs = array(
- array(
- 'label' => (($contact['blocked']) ? t('Unblock') : t('Block') ),
- 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/block',
- 'sel' => '',
- 'title' => t('Toggle Blocked status'),
- ),
- array(
- 'label' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ),
- 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/ignore',
- 'sel' => '',
- 'title' => t('Toggle Ignored status'),
- ),
-
- array(
- 'label' => (($contact['archive']) ? t('Unarchive') : t('Archive') ),
- 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/archive',
- 'sel' => '',
- 'title' => t('Toggle Archive status'),
- ),
- array(
- 'label' => t('Repair'),
- 'url' => $a->get_baseurl(true) . '/crepair/' . $contact_id,
- 'sel' => '',
- 'title' => t('Advanced Contact Settings'),
- )
- );
- $tab_tpl = get_markup_template('common_tabs.tpl');
- $tab_str = replace_macros($tab_tpl, array('$tabs' => $tabs));
-
- $lost_contact = (($contact['archive'] && $contact['term_date'] != '0000-00-00 00:00:00' && $contact['term_date'] < datetime_convert('','','now')) ? t('Communications lost with this contact!') : '');
-
- $slider_tpl = get_markup_template('contact_slider.tpl');
- $o .= replace_macros($slider_tpl,array(
- '$me' => t('Me'),
- '$val' => $contact['closeness'],
- '$intimate' => t('Best Friends'),
- '$friends' => t('Friends'),
- '$coworkers' => t('Co-workers'),
- '$oldfriends' => t('Former Friends'),
- '$acquaintances' => t('Acquaintances'),
- '$world' => t('Everybody')
- ));
-
- $o .= replace_macros($tpl,array(
- '$header' => t('Contact Editor'),
- '$tab_str' => $tab_str,
- '$submit' => t('Submit'),
- '$lbl_vis1' => t('Profile Visibility'),
- '$lbl_vis2' => sprintf( t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['name']),
- '$lbl_info1' => t('Contact Information / Notes'),
- '$infedit' => t('Edit contact notes'),
- '$close' => $contact['closeness'],
- '$common_text' => $common_text,
- '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'],
- '$all_friends' => $all_friends,
- '$relation_text' => $relation_text,
- '$visit' => sprintf( t('Visit %s\'s profile [%s]'),$contact['name'],$contact['url']),
- '$blockunblock' => t('Block/Unblock contact'),
- '$ignorecont' => t('Ignore contact'),
- '$lblcrepair' => t("Repair URL settings"),
- '$lblrecent' => t('View conversations'),
- '$lblsuggest' => $lblsuggest,
- '$delete' => t('Delete contact'),
- '$nettype' => $nettype,
- '$poll_interval' => contact_poll_interval($contact['priority'],(! $poll_enabled)),
- '$poll_enabled' => $poll_enabled,
- '$lastupdtext' => t('Last update:'),
- '$lost_contact' => $lost_contact,
- '$updpub' => t('Update public posts'),
- '$last_update' => $last_update,
- '$udnow' => t('Update now'),
- '$profile_select' => contact_profile_assign($contact['profile_id'],(($contact['network'] !== NETWORK_DFRN) ? true : false)),
- '$contact_id' => $contact['id'],
- '$block_text' => (($contact['blocked']) ? t('Unblock') : t('Block') ),
- '$ignore_text' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ),
- '$insecure' => (($contact['network'] !== NETWORK_DFRN && $contact['network'] !== NETWORK_MAIL && $contact['network'] !== NETWORK_FACEBOOK && $contact['network'] !== NETWORK_DIASPORA) ? $insecure : ''),
- '$info' => $contact['info'],
- '$blocked' => (($contact['blocked']) ? t('Currently blocked') : ''),
- '$ignored' => (($contact['readonly']) ? t('Currently ignored') : ''),
- '$archived' => (($contact['archive']) ? t('Currently archived') : ''),
- '$hidden' => array('hidden', t('Hide this contact from others'), ($contact['hidden'] == 1), t('Replies/likes to your public posts <strong>may</strong> still be visible')),
- '$photo' => $contact['photo'],
- '$name' => $contact['name'],
- '$dir_icon' => $dir_icon,
- '$alt_text' => $alt_text,
- '$sparkle' => $sparkle,
- '$url' => $url
-
- ));
-
- $arr = array('contact' => $contact,'output' => $o);
-
- call_hooks('contact_edit', $arr);
-
- return $arr['output'];
-
- }
-
- $blocked = false;
- $hidden = false;
- $ignored = false;
- $all = false;
-
- $_SESSION['return_url'] = $a->query_string;
-
- if(($a->argc == 2) && ($a->argv[1] === 'all')) {
- $sql_extra = '';
- $all = true;
- }
- elseif(($a->argc == 2) && ($a->argv[1] === 'blocked')) {
- $sql_extra = " AND `blocked` = 1 ";
- $blocked = true;
- }
- elseif(($a->argc == 2) && ($a->argv[1] === 'hidden')) {
- $sql_extra = " AND `hidden` = 1 ";
- $hidden = true;
- }
- elseif(($a->argc == 2) && ($a->argv[1] === 'ignored')) {
- $sql_extra = " AND `readonly` = 1 ";
- $ignored = true;
- }
- elseif(($a->argc == 2) && ($a->argv[1] === 'archived')) {
- $sql_extra = " AND `archive` = 1 ";
- $archived = true;
- }
- else
- $sql_extra = " AND `blocked` = 0 ";
-
- $search = ((x($_GET,'search')) ? notags(trim($_GET['search'])) : '');
- $nets = ((x($_GET,'nets')) ? notags(trim($_GET['nets'])) : '');
-
- $tabs = array(
- array(
- 'label' => t('Suggestions'),
- 'url' => $a->get_baseurl(true) . '/suggest',
- 'sel' => '',
- 'title' => t('Suggest potential friends'),
- ),
- array(
- 'label' => t('All Contacts'),
- 'url' => $a->get_baseurl(true) . '/contacts/all',
- 'sel' => ($all) ? 'active' : '',
- 'title' => t('Show all contacts'),
- ),
- array(
- 'label' => t('Unblocked'),
- 'url' => $a->get_baseurl(true) . '/contacts',
- 'sel' => ((! $all) && (! $blocked) && (! $hidden) && (! $search) && (! $nets) && (! $ignored) && (! $archived)) ? 'active' : '',
- 'title' => t('Only show unblocked contacts'),
- ),
-
- array(
- 'label' => t('Blocked'),
- 'url' => $a->get_baseurl(true) . '/contacts/blocked',
- 'sel' => ($blocked) ? 'active' : '',
- 'title' => t('Only show blocked contacts'),
- ),
-
- array(
- 'label' => t('Ignored'),
- 'url' => $a->get_baseurl(true) . '/contacts/ignored',
- 'sel' => ($ignored) ? 'active' : '',
- 'title' => t('Only show ignored contacts'),
- ),
-
- array(
- 'label' => t('Archived'),
- 'url' => $a->get_baseurl(true) . '/contacts/archived',
- 'sel' => ($archived) ? 'active' : '',
- 'title' => t('Only show archived contacts'),
- ),
-
- array(
- 'label' => t('Hidden'),
- 'url' => $a->get_baseurl(true) . '/contacts/hidden',
- 'sel' => ($hidden) ? 'active' : '',
- 'title' => t('Only show hidden contacts'),
- ),
-
- );
-
- $tab_tpl = get_markup_template('common_tabs.tpl');
- $t = replace_macros($tab_tpl, array('$tabs'=>$tabs));
-
-
-
- $searching = false;
- if($search) {
- $search_hdr = $search;
- $search_txt = dbesc(protect_sprintf(preg_quote($search)));
- $searching = true;
- }
- $sql_extra .= (($searching) ? " AND `name` REGEXP '$search_txt' " : "");
-
- if($nets)
- $sql_extra .= sprintf(" AND network = '%s' ", dbesc($nets));
-
- $sql_extra2 = ((($sort_type > 0) && ($sort_type <= CONTACT_IS_FRIEND)) ? sprintf(" AND `rel` = %d ",intval($sort_type)) : '');
-
-
- $r = q("SELECT COUNT(*) AS `total` FROM `contact`
- WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ",
- intval($_SESSION['uid']));
- if(count($r)) {
- $a->set_pager_total($r[0]['total']);
- $total = $r[0]['total'];
- }
-
-
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ORDER BY `name` ASC LIMIT %d , %d ",
- intval($_SESSION['uid']),
- intval($a->pager['start']),
- intval($a->pager['itemspage'])
- );
-
- $contacts = array();
-
- if(count($r)) {
-
- foreach($r as $rr) {
-
- switch($rr['rel']) {
- case CONTACT_IS_FRIEND:
- $dir_icon = 'images/lrarrow.gif';
- $alt_text = t('Mutual Friendship');
- break;
- case CONTACT_IS_FOLLOWER;
- $dir_icon = 'images/larrow.gif';
- $alt_text = t('is a fan of yours');
- break;
- case CONTACT_IS_SHARING;
- $dir_icon = 'images/rarrow.gif';
- $alt_text = t('you are a fan of');
- break;
- default:
- break;
- }
- if(($rr['network'] === 'dfrn') && ($rr['rel'])) {
- $url = "redir/{$rr['id']}";
- $sparkle = ' class="sparkle" ';
- }
- else {
- $url = $rr['url'];
- $sparkle = '';
- }
-
-
- $contacts[] = array(
- 'img_hover' => sprintf( t('Visit %s\'s profile [%s]'),$rr['name'],$rr['url']),
- 'edit_hover' => t('Edit contact'),
- 'photo_menu' => contact_photo_menu($rr),
- 'id' => $rr['id'],
- 'alt_text' => $alt_text,
- 'dir_icon' => $dir_icon,
- 'thumb' => $rr['thumb'],
- 'name' => $rr['name'],
- 'username' => $rr['name'],
- 'sparkle' => $sparkle,
- 'itemurl' => $rr['url'],
- 'url' => $url,
- 'network' => network_to_name($rr['network']),
- );
- }
-
-
-
- }
-
- $tpl = get_markup_template("contacts-template.tpl");
- $o .= replace_macros($tpl,array(
- '$header' => t('Contacts') . (($nets) ? ' - ' . network_to_name($nets) : ''),
- '$tabs' => $t,
- '$total' => $total,
- '$search' => $search_hdr,
- '$desc' => t('Search your contacts'),
- '$finding' => (($searching) ? t('Finding: ') . "'" . $search . "'" : ""),
- '$submit' => t('Find'),
- '$cmd' => $a->cmd,
- '$contacts' => $contacts,
- '$paginate' => paginate($a),
-
- ));
-
- return $o;
-}
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
deleted file mode 100644
index c91b05a48..000000000
--- a/mod/dfrn_confirm.php
+++ /dev/null
@@ -1,813 +0,0 @@
-<?php
-
-/*
- * Module: dfrn_confirm
- * Purpose: Friendship acceptance for DFRN contacts
- *
- * There are two possible entry points and three scenarios.
- *
- * 1. A form was submitted by our user approving a friendship that originated elsewhere.
- * This may also be called from dfrn_request to automatically approve a friendship.
- *
- * 2. We may be the target or other side of the conversation to scenario 1, and will
- * interact with that process on our own user's behalf.
- *
- */
-
-function dfrn_confirm_post(&$a,$handsfree = null) {
-
- if(is_array($handsfree)) {
-
- /**
- * We were called directly from dfrn_request due to automatic friend acceptance.
- * Any $_POST parameters we may require are supplied in the $handsfree array.
- *
- */
-
- $node = $handsfree['node'];
- $a->interactive = false; // notice() becomes a no-op since nobody is there to see it
-
- }
- else {
- if($a->argc > 1)
- $node = $a->argv[1];
- }
-
- /**
- *
- * Main entry point. Scenario 1. Our user received a friend request notification (perhaps
- * from another site) and clicked 'Approve'.
- * $POST['source_url'] is not set. If it is, it indicates Scenario 2.
- *
- * We may also have been called directly from dfrn_request ($handsfree != null) due to
- * this being a page type which supports automatic friend acceptance. That is also Scenario 1
- * since we are operating on behalf of our registered user to approve a friendship.
- *
- */
-
- if(! x($_POST,'source_url')) {
-
- $uid = ((is_array($handsfree)) ? $handsfree['uid'] : local_user());
-
- if(! $uid) {
- notice( t('Permission denied.') . EOL );
- return;
- }
-
- $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
- intval($uid)
- );
-
- if(! $user) {
- notice( t('Profile not found.') . EOL );
- return;
- }
-
-
- // These data elements may come from either the friend request notification form or $handsfree array.
-
- if(is_array($handsfree)) {
- logger('dfrn_confirm: Confirm in handsfree mode');
- $dfrn_id = $handsfree['dfrn_id'];
- $intro_id = $handsfree['intro_id'];
- $duplex = $handsfree['duplex'];
- $hidden = ((array_key_exists('hidden',$handsfree)) ? intval($handsfree['hidden']) : 0 );
- $activity = ((array_key_exists('activity',$handsfree)) ? intval($handsfree['activity']) : 0 );
- }
- else {
- $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
- $intro_id = ((x($_POST,'intro_id')) ? intval($_POST['intro_id']) : 0 );
- $duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
- $cid = ((x($_POST,'contact_id')) ? intval($_POST['contact_id']) : 0 );
- $hidden = ((x($_POST,'hidden')) ? intval($_POST['hidden']) : 0 );
- $activity = ((x($_POST,'activity')) ? intval($_POST['activity']) : 0 );
- }
-
- /**
- *
- * Ensure that dfrn_id has precedence when we go to find the contact record.
- * We only want to search based on contact id if there is no dfrn_id,
- * e.g. for OStatus network followers.
- *
- */
-
- if(strlen($dfrn_id))
- $cid = 0;
-
- logger('dfrn_confirm: Confirming request for dfrn_id (issued) ' . $dfrn_id);
- if($cid)
- logger('dfrn_confirm: Confirming follower with contact_id: ' . $cid);
-
-
- /**
- *
- * The other person will have been issued an ID when they first requested friendship.
- * Locate their record. At this time, their record will have both pending and blocked set to 1.
- * There won't be any dfrn_id if this is a network follower, so use the contact_id instead.
- *
- */
-
- $r = q("SELECT * FROM `contact` WHERE ( ( `issued_id` != '' AND `issued_id` = '%s' ) OR ( `id` = %d AND `id` != 0 ) ) AND `uid` = %d AND `duplex` = 0 LIMIT 1",
- dbesc($dfrn_id),
- intval($cid),
- intval($uid)
- );
-
- if(! count($r)) {
- logger('dfrn_confirm: Contact not found in DB.');
- notice( t('Contact not found.') . EOL );
- notice( t('This may occasionally happen if contact was requested by both persons and it has already been approved.') . EOL );
- return;
- }
-
- $contact = $r[0];
-
- $contact_id = $contact['id'];
- $relation = $contact['rel'];
- $site_pubkey = $contact['site_pubkey'];
- $dfrn_confirm = $contact['confirm'];
- $aes_allow = $contact['aes_allow'];
-
- $network = ((strlen($contact['issued_id'])) ? NETWORK_DFRN : NETWORK_OSTATUS);
-
- if($contact['network'])
- $network = $contact['network'];
-
- if($network === NETWORK_DFRN) {
-
- /**
- *
- * Generate a key pair for all further communications with this person.
- * We have a keypair for every contact, and a site key for unknown people.
- * This provides a means to carry on relationships with other people if
- * any single key is compromised. It is a robust key. We're much more
- * worried about key leakage than anybody cracking it.
- *
- */
- require_once('include/crypto.php');
-
- $res = new_keypair(4096);
-
- $private_key = $res['prvkey'];
- $public_key = $res['pubkey'];
-
- // Save the private key. Send them the public key.
-
- $r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
- dbesc($private_key),
- intval($contact_id),
- intval($uid)
- );
-
- $params = array();
-
- /**
- *
- * Per the DFRN protocol, we will verify both ends by encrypting the dfrn_id with our
- * site private key (person on the other end can decrypt it with our site public key).
- * Then encrypt our profile URL with the other person's site public key. They can decrypt
- * it with their site private key. If the decryption on the other end fails for either
- * item, it indicates tampering or key failure on at least one site and we will not be
- * able to provide a secure communication pathway.
- *
- * If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
- * or later) then we encrypt the personal public key we send them using AES-256-CBC and a
- * random key which is encrypted with their site public key.
- *
- */
-
- $src_aes_key = random_string();
-
- $result = '';
- openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
-
- $params['dfrn_id'] = bin2hex($result);
- $params['public_key'] = $public_key;
-
-
- $my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
-
- openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
- $params['source_url'] = bin2hex($params['source_url']);
-
- if($aes_allow && function_exists('openssl_encrypt')) {
- openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
- $params['aes_key'] = bin2hex($params['aes_key']);
- $params['public_key'] = bin2hex(openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key));
- }
-
- $params['dfrn_version'] = DFRN_PROTOCOL_VERSION ;
- if($duplex == 1)
- $params['duplex'] = 1;
-
- if($user[0]['page-flags'] == PAGE_COMMUNITY)
- $params['page'] = 1;
- if($user[0]['page-flags'] == PAGE_PRVGROUP)
- $params['page'] = 2;
-
- logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA);
-
- /**
- *
- * POST all this stuff to the other site.
- * Temporarily raise the network timeout to 120 seconds because the default 60
- * doesn't always give the other side quite enough time to decrypt everything.
- *
- */
-
- $a->config['system']['curl_timeout'] = 120;
-
- $res = post_url($dfrn_confirm,$params);
-
- logger('dfrn_confirm: Confirm: received data: ' . $res, LOGGER_DATA);
-
- // Now figure out what they responded. Try to be robust if the remote site is
- // having difficulty and throwing up errors of some kind.
-
- $leading_junk = substr($res,0,strpos($res,'<?xml'));
-
- $res = substr($res,strpos($res,'<?xml'));
- if(! strlen($res)) {
-
- // No XML at all, this exchange is messed up really bad.
- // We shouldn't proceed, because the xml parser might choke,
- // and $status is going to be zero, which indicates success.
- // We can hardly call this a success.
-
- notice( t('Response from remote site was not understood.') . EOL);
- return;
- }
-
- if(strlen($leading_junk) && get_config('system','debugging')) {
-
- // This might be more common. Mixed error text and some XML.
- // If we're configured for debugging, show the text. Proceed in either case.
-
- notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
- }
-
- $xml = parse_xml_string($res);
- $status = (int) $xml->status;
- $message = unxmlify($xml->message); // human readable text of what may have gone wrong.
- switch($status) {
- case 0:
- info( t("Confirmation completed successfully.") . EOL);
- if(strlen($message))
- notice( t('Remote site reported: ') . $message . EOL);
- break;
- case 1:
- // birthday paradox - generate new dfrn_id and fall through.
- $new_dfrn_id = random_string();
- $r = q("UPDATE contact SET `issued_id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
- dbesc($new_dfrn_id),
- intval($contact_id),
- intval($uid)
- );
-
- case 2:
- notice( t("Temporary failure. Please wait and try again.") . EOL);
- if(strlen($message))
- notice( t('Remote site reported: ') . $message . EOL);
- break;
-
-
- case 3:
- notice( t("Introduction failed or was revoked.") . EOL);
- if(strlen($message))
- notice( t('Remote site reported: ') . $message . EOL);
- break;
- }
-
- if(($status == 0) && ($intro_id)) {
-
- // Success. Delete the notification.
-
- $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($intro_id),
- intval($uid)
- );
-
- }
-
- if($status != 0)
- return;
- }
-
-
- /*
- *
- * We have now established a relationship with the other site.
- * Let's make our own personal copy of their profile photo so we don't have
- * to always load it from their site.
- *
- * We will also update the contact record with the nature and scope of the relationship.
- *
- */
-
- require_once('include/Photo.php');
-
- $photos = import_profile_photo($contact['photo'],$uid,$contact_id);
-
- logger('dfrn_confirm: confirm - imported photos');
-
- if($network === NETWORK_DFRN) {
-
- $new_relation = CONTACT_IS_FOLLOWER;
- if(($relation == CONTACT_IS_SHARING) || ($duplex))
- $new_relation = CONTACT_IS_FRIEND;
-
- if(($relation == CONTACT_IS_SHARING) && ($duplex))
- $duplex = 0;
-
- $r = q("UPDATE `contact` SET
- `photo` = '%s',
- `thumb` = '%s',
- `micro` = '%s',
- `rel` = %d,
- `name_date` = '%s',
- `uri_date` = '%s',
- `avatar_date` = '%s',
- `blocked` = 0,
- `pending` = 0,
- `duplex` = %d,
- `hidden` = %d,
- `network` = 'dfrn' WHERE `id` = %d LIMIT 1
- ",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- intval($new_relation),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- intval($duplex),
- intval($hidden),
- intval($contact_id)
- );
- }
- else {
-
- // $network !== NETWORK_DFRN
-
- $network = (($contact['network']) ? $contact['network'] : NETWORK_OSTATUS);
- $notify = (($contact['notify']) ? $contact['notify'] : '');
- $poll = (($contact['poll']) ? $contact['poll'] : '');
-
- if((! $contact['notify']) || (! $contact['poll'])) {
- $arr = lrdd($contact['url']);
- if(count($arr)) {
- foreach($arr as $link) {
- if($link['@attributes']['rel'] === 'salmon')
- $notify = $link['@attributes']['href'];
- if($link['@attributes']['rel'] === NAMESPACE_FEED)
- $poll = $link['@attributes']['href'];
- }
- }
- }
-
- $new_relation = $contact['rel'];
- $writable = $contact['writable'];
-
- $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($intro_id),
- intval($uid)
- );
-
-
- $r = q("UPDATE `contact` SET `photo` = '%s',
- `thumb` = '%s',
- `micro` = '%s',
- `name_date` = '%s',
- `uri_date` = '%s',
- `avatar_date` = '%s',
- `notify` = '%s',
- `poll` = '%s',
- `blocked` = 0,
- `pending` = 0,
- `network` = '%s',
- `writable` = %d,
- `hidden` = %d,
- `rel` = %d
- WHERE `id` = %d LIMIT 1
- ",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc($notify),
- dbesc($poll),
- dbesc($network),
- intval($writable),
- intval($hidden),
- intval($new_relation),
- intval($contact_id)
- );
- }
-
- if($r === false)
- notice( t('Unable to set contact photo.') . EOL);
-
- // reload contact info
-
- $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($contact_id)
- );
- if(count($r))
- $contact = $r[0];
- else
- $contact = null;
-
-
- if((isset($new_relation) && $new_relation == CONTACT_IS_FRIEND)) {
-
- // Send a new friend post if we are allowed to...
-
- $r = q("SELECT `hide_friends` FROM `profile` WHERE `uid` = %d AND `is_default` = 1 LIMIT 1",
- intval($uid)
- );
-
- if((count($r)) && ($r[0]['hide_friends'] == 0) && ($activity) && (! $hidden)) {
-
- require_once('include/items.php');
-
- $self = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
- intval($uid)
- );
-
- if(count($self)) {
-
- $arr = array();
- $arr['uri'] = $arr['parent_uri'] = item_message_id();
- $arr['uid'] = $uid;
- $arr['contact-id'] = $self[0]['id'];
- $arr['wall'] = 1;
- $arr['type'] = 'wall';
- $arr['gravity'] = 0;
- $arr['origin'] = 1;
- $arr['author-name'] = $arr['owner-name'] = $self[0]['name'];
- $arr['author-link'] = $arr['owner-link'] = $self[0]['url'];
- $arr['author-avatar'] = $arr['owner-avatar'] = $self[0]['thumb'];
-
- $A = '[url=' . $self[0]['url'] . ']' . $self[0]['name'] . '[/url]';
- $APhoto = '[url=' . $self[0]['url'] . ']' . '[img]' . $self[0]['thumb'] . '[/img][/url]';
-
- $B = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]';
- $BPhoto = '[url=' . $contact['url'] . ']' . '[img]' . $contact['thumb'] . '[/img][/url]';
-
- $arr['verb'] = ACTIVITY_FRIEND;
- $arr['obj_type'] = ACTIVITY_OBJ_PERSON;
- $arr['body'] = sprintf( t('%1$s is now friends with %2$s'), $A, $B)."\n\n\n".$BPhoto;
-
- $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $contact['name'] . '</title>'
- . '<id>' . $contact['url'] . '/' . $contact['name'] . '</id>';
- $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $contact['url'] . '" />' . "\n");
- $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $contact['thumb'] . '" />' . "\n");
- $arr['object'] .= '</link></object>' . "\n";
-
-
- $arr['allow_cid'] = $user[0]['allow_cid'];
- $arr['allow_gid'] = $user[0]['allow_gid'];
- $arr['deny_cid'] = $user[0]['deny_cid'];
- $arr['deny_gid'] = $user[0]['deny_gid'];
-
- $i = item_store($arr);
- if($i)
- proc_run('php',"include/notifier.php","activity","$i");
- }
- }
- }
-
-
- $g = q("select def_gid from user where uid = %d limit 1",
- intval($uid)
- );
- if($contact && $g && intval($g[0]['def_gid'])) {
- require_once('include/group.php');
- group_add_member($uid,'',$contact['id'],$g[0]['def_gid']);
- }
-
- // Let's send our user to the contact editor in case they want to
- // do anything special with this new friend.
-
- if($handsfree === null)
- goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
- else
- return;
- //NOTREACHED
- }
-
- /**
- *
- *
- * End of Scenario 1. [Local confirmation of remote friend request].
- *
- * Begin Scenario 2. This is the remote response to the above scenario.
- * This will take place on the site that originally initiated the friend request.
- * In the section above where the confirming party makes a POST and
- * retrieves xml status information, they are communicating with the following code.
- *
- */
-
- if(x($_POST,'source_url')) {
-
- // We are processing an external confirmation to an introduction created by our user.
-
- $public_key = ((x($_POST,'public_key')) ? $_POST['public_key'] : '');
- $dfrn_id = ((x($_POST,'dfrn_id')) ? hex2bin($_POST['dfrn_id']) : '');
- $source_url = ((x($_POST,'source_url')) ? hex2bin($_POST['source_url']) : '');
- $aes_key = ((x($_POST,'aes_key')) ? $_POST['aes_key'] : '');
- $duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
- $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 );
- $version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
-
- $forum = (($page == 1) ? 1 : 0);
- $prv = (($page == 2) ? 1 : 0);
-
- logger('dfrn_confirm: requestee contacted: ' . $node);
-
- logger('dfrn_confirm: request: POST=' . print_r($_POST,true), LOGGER_DATA);
-
- // If $aes_key is set, both of these items require unpacking from the hex transport encoding.
-
- if(x($aes_key)) {
- $aes_key = hex2bin($aes_key);
- $public_key = hex2bin($public_key);
- }
-
- // Find our user's account
-
- $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
- dbesc($node));
-
- if(! count($r)) {
- $message = sprintf(t('No user record found for \'%s\' '), $node);
- xml_status(3,$message); // failure
- // NOTREACHED
- }
-
- $my_prvkey = $r[0]['prvkey'];
- $local_uid = $r[0]['uid'];
-
-
- if(! strstr($my_prvkey,'PRIVATE KEY')) {
- $message = t('Our site encryption key is apparently messed up.');
- xml_status(3,$message);
- }
-
- // verify everything
-
- $decrypted_source_url = "";
- openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
-
-
- if(! strlen($decrypted_source_url)) {
- $message = t('Empty site URL was provided or URL could not be decrypted by us.');
- xml_status(3,$message);
- // NOTREACHED
- }
-
- $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($decrypted_source_url),
- intval($local_uid)
- );
- if(! count($ret)) {
- if(strstr($decrypted_source_url,'http:'))
- $newurl = str_replace('http:','https:',$decrypted_source_url);
- else
- $newurl = str_replace('https:','http:',$decrypted_source_url);
-
- $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($newurl),
- intval($local_uid)
- );
- if(! count($ret)) {
- // this is either a bogus confirmation (?) or we deleted the original introduction.
- $message = t('Contact record was not found for you on our site.');
- xml_status(3,$message);
- return; // NOTREACHED
- }
- }
-
- $relation = $ret[0]['rel'];
-
- // Decrypt all this stuff we just received
-
- $foreign_pubkey = $ret[0]['site_pubkey'];
- $dfrn_record = $ret[0]['id'];
-
- if(! $foreign_pubkey) {
- $message = sprintf( t('Site public key not available in contact record for URL %s.'), $newurl);
- xml_status(3,$message);
- }
-
- $decrypted_dfrn_id = "";
- openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
-
- if(strlen($aes_key)) {
- $decrypted_aes_key = "";
- openssl_private_decrypt($aes_key,$decrypted_aes_key,$my_prvkey);
- $dfrn_pubkey = openssl_decrypt($public_key,'AES-256-CBC',$decrypted_aes_key);
- }
- else {
- $dfrn_pubkey = $public_key;
- }
-
- $r = q("SELECT * FROM `contact` WHERE `dfrn_id` = '%s' LIMIT 1",
- dbesc($decrypted_dfrn_id)
- );
- if(count($r)) {
- $message = t('The ID provided by your system is a duplicate on our system. It should work if you try again.');
- xml_status(1,$message); // Birthday paradox - duplicate dfrn_id
- // NOTREACHED
- }
-
- $r = q("UPDATE `contact` SET `dfrn_id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
- dbesc($decrypted_dfrn_id),
- dbesc($dfrn_pubkey),
- intval($dfrn_record)
- );
- if(! count($r)) {
- $message = t('Unable to set your contact credentials on our system.');
- xml_status(3,$message);
- }
-
- // It's possible that the other person also requested friendship.
- // If it is a duplex relationship, ditch the issued_id if one exists.
-
- if($duplex) {
- $r = q("UPDATE `contact` SET `issued_id` = '' WHERE `id` = %d LIMIT 1",
- intval($dfrn_record)
- );
- }
-
- // We're good but now we have to scrape the profile photo and send notifications.
-
-
-
- $r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($dfrn_record));
-
- if(count($r))
- $photo = $r[0]['photo'];
- else
- $photo = $a->get_baseurl() . '/images/person-175.jpg';
-
- require_once("Photo.php");
-
- $photos = import_profile_photo($photo,$local_uid,$dfrn_record);
-
- logger('dfrn_confirm: request - photos imported');
-
- $new_relation = CONTACT_IS_SHARING;
- if(($relation == CONTACT_IS_FOLLOWER) || ($duplex))
- $new_relation = CONTACT_IS_FRIEND;
-
- if(($relation == CONTACT_IS_FOLLOWER) && ($duplex))
- $duplex = 0;
-
- $r = q("UPDATE `contact` SET
- `photo` = '%s',
- `thumb` = '%s',
- `micro` = '%s',
- `rel` = %d,
- `name_date` = '%s',
- `uri_date` = '%s',
- `avatar_date` = '%s',
- `blocked` = 0,
- `pending` = 0,
- `duplex` = %d,
- `forum` = %d,
- `prv` = %d,
- `network` = '%s' WHERE `id` = %d LIMIT 1
- ",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- intval($new_relation),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- intval($duplex),
- intval($forum),
- intval($prv),
- dbesc(NETWORK_DFRN),
- intval($dfrn_record)
- );
- if($r === false) { // indicates schema is messed up or total db failure
- $message = t('Unable to update your contact profile details on our system');
- xml_status(3,$message);
- }
-
- // Otherwise everything seems to have worked and we are almost done. Yay!
- // Send an email notification
-
- logger('dfrn_confirm: request: info updated');
-
- $r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`id` = %d LIMIT 1",
- intval($dfrn_record)
- );
-
- if(count($r))
- $combined = $r[0];
-
- if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {
-
- push_lang($r[0]['language']);
- $tpl = (($new_relation == CONTACT_IS_FRIEND)
- ? get_intltext_template('friend_complete_eml.tpl')
- : get_intltext_template('intro_complete_eml.tpl'));
-
- $email_tpl = replace_macros($tpl, array(
- '$sitename' => $a->config['sitename'],
- '$siteurl' => $a->get_baseurl(),
- '$username' => $r[0]['username'],
- '$email' => $r[0]['email'],
- '$fn' => $r[0]['name'],
- '$dfrn_url' => $r[0]['url'],
- '$uid' => $newuid )
- );
-
- $res = mail($r[0]['email'], sprintf( t("Connection accepted at %s") , $a->config['sitename']),
- $email_tpl,
- 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
- . 'Content-type: text/plain; charset=UTF-8' . "\n"
- . 'Content-transfer-encoding: 8bit' );
-
- if(!$res) {
- // pointless throwing an error here and confusing the person at the other end of the wire.
- }
- pop_lang();
- }
-
- // Send a new friend post if we are allowed to...
-
- if($page && intval(get_pconfig($local_uid,'system','post_joingroup'))) {
- $r = q("SELECT `hide_friends` FROM `profile` WHERE `uid` = %d AND `is_default` = 1 LIMIT 1",
- intval($local_uid)
- );
-
- if((count($r)) && ($r[0]['hide_friends'] == 0)) {
-
- require_once('include/items.php');
-
- $self = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
- intval($local_uid)
- );
-
- if(count($self)) {
-
- $arr = array();
- $arr['uri'] = $arr['parent_uri'] = item_message_id();
- $arr['uid'] = $local_uid;
- $arr['contact-id'] = $self[0]['id'];
- $arr['wall'] = 1;
- $arr['type'] = 'wall';
- $arr['gravity'] = 0;
- $arr['origin'] = 1;
- $arr['author-name'] = $arr['owner-name'] = $self[0]['name'];
- $arr['author-link'] = $arr['owner-link'] = $self[0]['url'];
- $arr['author-avatar'] = $arr['owner-avatar'] = $self[0]['thumb'];
-
- $A = '[url=' . $self[0]['url'] . ']' . $self[0]['name'] . '[/url]';
- $APhoto = '[url=' . $self[0]['url'] . ']' . '[img]' . $self[0]['thumb'] . '[/img][/url]';
-
- $B = '[url=' . $combined['url'] . ']' . $combined['name'] . '[/url]';
- $BPhoto = '[url=' . $combined['url'] . ']' . '[img]' . $combined['thumb'] . '[/img][/url]';
-
- $arr['verb'] = ACTIVITY_JOIN;
- $arr['obj_type'] = ACTIVITY_OBJ_GROUP;
- $arr['body'] = sprintf( t('%1$s has joined %2$s'), $A, $B)."\n\n\n" .$BPhoto;
- $arr['object'] = '<object><type>' . ACTIVITY_OBJ_GROUP . '</type><title>' . $combined['name'] . '</title>'
- . '<id>' . $combined['url'] . '/' . $combined['name'] . '</id>';
- $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $combined['url'] . '" />' . "\n");
- $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $combined['thumb'] . '" />' . "\n");
- $arr['object'] .= '</link></object>' . "\n";
-
-
- $arr['allow_cid'] = $user[0]['allow_cid'];
- $arr['allow_gid'] = $user[0]['allow_gid'];
- $arr['deny_cid'] = $user[0]['deny_cid'];
- $arr['deny_gid'] = $user[0]['deny_gid'];
-
- $i = item_store($arr);
- if($i)
- proc_run('php',"include/notifier.php","activity","$i");
-
- }
- }
- }
- xml_status(0); // Success
- return; // NOTREACHED
-
- ////////////////////// End of this scenario ///////////////////////////////////////////////
- }
-
- // somebody arrived here by mistake or they are fishing. Send them to the homepage.
-
- goaway(z_root());
- // NOTREACHED
-
-}
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
deleted file mode 100644
index 94eb3a297..000000000
--- a/mod/dfrn_notify.php
+++ /dev/null
@@ -1,281 +0,0 @@
-<?php
-
-require_once('library/simplepie/simplepie.inc');
-require_once('include/items.php');
-require_once('include/event.php');
-
-
-function dfrn_notify_post(&$a) {
-
- $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : '');
- $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
- $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
- $data = ((x($_POST,'data')) ? $_POST['data'] : '');
- $key = ((x($_POST,'key')) ? $_POST['key'] : '');
- $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
- $perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
- $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
- $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0);
-
- $forum = (($page == 1) ? 1 : 0);
- $prv = (($page == 2) ? 1 : 0);
-
- $writable = (-1);
- if($dfrn_version >= 2.21) {
- $writable = (($perm === 'rw') ? 1 : 0);
- }
-
- $direction = (-1);
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
- $r = q("SELECT * FROM `challenge` WHERE `dfrn_id` = '%s' AND `challenge` = '%s' LIMIT 1",
- dbesc($dfrn_id),
- dbesc($challenge)
- );
- if(! count($r)) {
- logger('dfrn_notify: could not match challenge to dfrn_id ' . $dfrn_id . ' challenge=' . $challenge);
- xml_status(3);
- }
-
- $r = q("DELETE FROM `challenge` WHERE `dfrn_id` = '%s' AND `challenge` = '%s' LIMIT 1",
- dbesc($dfrn_id),
- dbesc($challenge)
- );
-
- // find the local user who owns this relationship.
-
- $sql_extra = '';
- switch($direction) {
- case (-1):
- $sql_extra = sprintf(" AND ( `issued_id` = '%s' OR `dfrn_id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- break;
- default:
- xml_status(3);
- break; // NOTREACHED
- }
-
- // be careful - $importer will contain both the contact information for the contact
- // sending us the post, and also the user information for the person receiving it.
- // since they are mixed together, it is easy to get them confused.
-
- $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`,
- `contact`.`pubkey` AS `cpubkey`,
- `contact`.`prvkey` AS `cprvkey`,
- `contact`.`thumb` AS `thumb`,
- `contact`.`url` as `url`,
- `contact`.`name` as `senderName`,
- `user`.*
- FROM `contact`
- LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`nickname` = '%s' AND `user`.`account_expired` = 0 $sql_extra LIMIT 1",
- dbesc($a->argv[1])
- );
-
- if(! count($r)) {
- logger('dfrn_notify: contact not found for dfrn_id ' . $dfrn_id);
- xml_status(3);
- //NOTREACHED
- }
-
- // $importer in this case contains the contact record for the remote contact joined with the user record of our user.
-
- $importer = $r[0];
-
- if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $forum) || ($importer['prv'] != $prv)) {
- q("UPDATE `contact` SET `writable` = %d, forum = %d, prv = %d WHERE `id` = %d LIMIT 1",
- intval(($writable == (-1)) ? $importer['writable'] : $writable),
- intval($forum),
- intval($prv),
- intval($importer['id'])
- );
- if($writable != (-1))
- $importer['writable'] = $writable;
- $importer['forum'] = $page;
- }
-
-
- // if contact's ssl policy changed, update our links
-
- fix_contact_ssl_policy($importer,$ssl_policy);
-
- logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
- logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
-
- if($dissolve == 1) {
-
- /**
- * Relationship is dissolved permanently
- */
-
- require_once('include/Contact.php');
- contact_remove($importer['id']);
- logger('relationship dissolved : ' . $importer['name'] . ' dissolved ' . $importer['username']);
- xml_status(0);
-
- }
-
-
- // If we are setup as a soapbox we aren't accepting input from this person
-
- if($importer['page-flags'] == PAGE_SOAPBOX)
- xml_status(0);
-
-
- if(strlen($key)) {
- $rawkey = hex2bin(trim($key));
- logger('rino: md5 raw key: ' . md5($rawkey));
- $final_key = '';
-
- if($dfrn_version >= 2.1) {
- if((($importer['duplex']) && strlen($importer['cprvkey'])) || (! strlen($importer['cpubkey']))) {
- openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']);
- }
- else {
- openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']);
- }
- }
- else {
- if((($importer['duplex']) && strlen($importer['cpubkey'])) || (! strlen($importer['cprvkey']))) {
- openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']);
- }
- else {
- openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']);
- }
- }
-
- logger('rino: received key : ' . $final_key);
- $data = aes_decrypt(hex2bin($data),$final_key);
- logger('rino: decrypted data: ' . $data, LOGGER_DATA);
- }
-
-
- $ret = local_delivery($importer,$data);
- xml_status($ret);
-
- // NOTREACHED
-}
-
-
-function dfrn_notify_content(&$a) {
-
- if(x($_GET,'dfrn_id')) {
-
- // initial communication from external contact, $direction is their direction.
- // If this is a duplex communication, ours will be the opposite.
-
- $dfrn_id = notags(trim($_GET['dfrn_id']));
- $dfrn_version = (float) $_GET['dfrn_version'];
-
- logger('dfrn_notify: new notification dfrn_id=' . $dfrn_id);
-
- $direction = (-1);
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
- $hash = random_string();
-
- $status = 0;
-
- $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
-
- $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn_id`, `expire` )
- VALUES( '%s', '%s', %d ) ",
- dbesc($hash),
- dbesc($dfrn_id),
- intval(time() + 90 )
- );
-
- logger('dfrn_notify: challenge=' . $hash, LOGGER_DEBUG );
-
- $sql_extra = '';
- switch($direction) {
- case (-1):
- $sql_extra = sprintf(" AND ( `issued_id` = '%s' OR `dfrn_id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
- $my_id = $dfrn_id;
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '1:' . $dfrn_id;
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '0:' . $dfrn_id;
- break;
- default:
- $status = 1;
- break; // NOTREACHED
- }
-
- $r = q("SELECT `contact`.*, `user`.`nickname`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s'
- AND `user`.`account_expired` = 0 $sql_extra LIMIT 1",
- dbesc($a->argv[1])
- );
-
- if(! count($r))
- $status = 1;
-
- $challenge = '';
- $encrypted_id = '';
- $id_str = $my_id . '.' . mt_rand(1000,9999);
-
- $prv_key = trim($r[0]['prvkey']);
- $pub_key = trim($r[0]['pubkey']);
- $dplx = intval($r[0]['duplex']);
-
- if((($dplx) && (strlen($prv_key))) || ((strlen($prv_key)) && (!(strlen($pub_key))))) {
- openssl_private_encrypt($hash,$challenge,$prv_key);
- openssl_private_encrypt($id_str,$encrypted_id,$prv_key);
- }
- elseif(strlen($pub_key)) {
- openssl_public_encrypt($hash,$challenge,$pub_key);
- openssl_public_encrypt($id_str,$encrypted_id,$pub_key);
- }
- else
- $status = 1;
-
- $challenge = bin2hex($challenge);
- $encrypted_id = bin2hex($encrypted_id);
-
- $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
-
- $rino_enable = get_config('system','rino_encrypt');
-
- if(! $rino_enable)
- $rino = 0;
-
- if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
- $perm = 'rw';
- }
- else {
- $perm = 'r';
- }
-
- header("Content-type: text/xml");
-
- echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
- . '<dfrn_notify>' . "\r\n"
- . "\t" . '<status>' . $status . '</status>' . "\r\n"
- . "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
- . "\t" . '<rino>' . $rino . '</rino>' . "\r\n"
- . "\t" . '<perm>' . $perm . '</perm>' . "\r\n"
- . "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
- . "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
- . '</dfrn_notify>' . "\r\n" ;
-
- killme();
- }
-
-}
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
deleted file mode 100644
index 89b72859a..000000000
--- a/mod/dfrn_poll.php
+++ /dev/null
@@ -1,562 +0,0 @@
-<?php
-
-
-
-require_once('include/items.php');
-require_once('include/auth.php');
-
-
-function dfrn_poll_init(&$a) {
-
-
- $dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
- $type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
- $last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
- $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
- $challenge = ((x($_GET,'challenge')) ? $_GET['challenge'] : '');
- $sec = ((x($_GET,'sec')) ? $_GET['sec'] : '');
- $dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
- $perm = ((x($_GET,'perm')) ? $_GET['perm'] : 'r');
-
- $direction = (-1);
-
-
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
- if(($dfrn_id === '') && (! x($_POST,'dfrn_id'))) {
- if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
- killme();
- }
-
- $user = '';
- if($a->argc > 1) {
- $r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
- dbesc($a->argv[1])
- );
- if((! count($r)) || (count($r) && $r[0]['hidewall']))
- killme();
- $user = $r[0]['nickname'];
- }
-
- logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
- header("Content-type: application/atom+xml");
- echo get_feed_for($a, '', $user,$last_update);
- killme();
- }
-
- if(($type === 'profile') && (! strlen($sec))) {
-
- $sql_extra = '';
- switch($direction) {
- case (-1):
- $sql_extra = sprintf(" AND ( `dfrn_id` = '%s' OR `issued_id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
- $my_id = $dfrn_id;
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '1:' . $dfrn_id;
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '0:' . $dfrn_id;
- break;
- default:
- goaway(z_root());
- break; // NOTREACHED
- }
-
- $r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
- FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
- dbesc($a->argv[1])
- );
-
- if(count($r)) {
-
- $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
-
- logger("dfrn_poll: old profile returns " . $s, LOGGER_DATA);
-
- if(strlen($s)) {
-
- $xml = parse_xml_string($s);
-
- if((int) $xml->status == 1) {
- $_SESSION['authenticated'] = 1;
- if(! x($_SESSION,'remote'))
- $_SESSION['remote'] = array();
-
- $_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']);
-
- $_SESSION['visitor_id'] = $r[0]['id'];
- $_SESSION['visitor_home'] = $r[0]['url'];
- $_SESSION['visitor_handle'] = $r[0]['addr'];
- $_SESSION['visitor_visiting'] = $r[0]['uid'];
- info( sprintf(t('%s welcomes %s'), $r[0]['username'] , $r[0]['name']) . EOL);
- // Visitors get 1 day session.
- $session_id = session_id();
- $expire = time() + 86400;
- q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
- dbesc($expire),
- dbesc($session_id)
- );
- }
- }
- $profile = $r[0]['nickname'];
- goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
- }
- goaway(z_root());
-
- }
-
- if($type === 'profile-check' && $dfrn_version < 2.2 ) {
-
- if((strlen($challenge)) && (strlen($sec))) {
-
- q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
- $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
- dbesc($sec)
- );
- if(! count($r)) {
- xml_status(3, 'No ticket');
- // NOTREACHED
- }
- $orig_id = $r[0]['dfrn_id'];
- if(strpos($orig_id, ':'))
- $orig_id = substr($orig_id,2);
-
- $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($r[0]['cid'])
- );
- if(! count($c)) {
- xml_status(3, 'No profile');
- }
- $contact = $c[0];
-
- $sent_dfrn_id = hex2bin($dfrn_id);
- $challenge = hex2bin($challenge);
-
- $final_dfrn_id = '';
-
- if(($contact['duplex']) && strlen($contact['prvkey'])) {
- openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
- openssl_private_decrypt($challenge,$decoded_challenge,$contact['prvkey']);
- }
- else {
- openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
- openssl_public_decrypt($challenge,$decoded_challenge,$contact['pubkey']);
- }
-
- $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
-
- if(strpos($final_dfrn_id,':') == 1)
- $final_dfrn_id = substr($final_dfrn_id,2);
-
- if($final_dfrn_id != $orig_id) {
- logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
- // did not decode properly - cannot trust this site
- xml_status(3, 'Bad decryption');
- }
-
- header("Content-type: text/xml");
- echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
- killme();
- // NOTREACHED
- }
- else {
- // old protocol
-
- switch($direction) {
- case 1:
- $dfrn_id = '0:' . $dfrn_id;
- break;
- case 0:
- $dfrn_id = '1:' . $dfrn_id;
- break;
- default:
- break;
- }
-
-
- q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
- $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
- dbesc($dfrn_id));
- if(count($r)) {
- xml_status(1);
- return; // NOTREACHED
- }
- xml_status(0);
- return; // NOTREACHED
- }
- }
-
-}
-
-
-
-function dfrn_poll_post(&$a) {
-
- $dfrn_id = ((x($_POST,'dfrn_id')) ? $_POST['dfrn_id'] : '');
- $challenge = ((x($_POST,'challenge')) ? $_POST['challenge'] : '');
- $url = ((x($_POST,'url')) ? $_POST['url'] : '');
- $sec = ((x($_POST,'sec')) ? $_POST['sec'] : '');
- $ptype = ((x($_POST,'type')) ? $_POST['type'] : '');
- $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
- $perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r');
-
- if($ptype === 'profile-check') {
-
- if((strlen($challenge)) && (strlen($sec))) {
-
- logger('dfrn_poll: POST: profile-check');
-
- q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
- $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
- dbesc($sec)
- );
- if(! count($r)) {
- xml_status(3, 'No ticket');
- // NOTREACHED
- }
- $orig_id = $r[0]['dfrn_id'];
- if(strpos($orig_id, ':'))
- $orig_id = substr($orig_id,2);
-
- $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($r[0]['cid'])
- );
- if(! count($c)) {
- xml_status(3, 'No profile');
- }
- $contact = $c[0];
-
- $sent_dfrn_id = hex2bin($dfrn_id);
- $challenge = hex2bin($challenge);
-
- $final_dfrn_id = '';
-
- if(($contact['duplex']) && strlen($contact['prvkey'])) {
- openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
- openssl_private_decrypt($challenge,$decoded_challenge,$contact['prvkey']);
- }
- else {
- openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
- openssl_public_decrypt($challenge,$decoded_challenge,$contact['pubkey']);
- }
-
- $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
-
- if(strpos($final_dfrn_id,':') == 1)
- $final_dfrn_id = substr($final_dfrn_id,2);
-
- if($final_dfrn_id != $orig_id) {
- logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
- // did not decode properly - cannot trust this site
- xml_status(3, 'Bad decryption');
- }
-
- header("Content-type: text/xml");
- echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
- killme();
- // NOTREACHED
- }
-
- }
-
- $direction = (-1);
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
-
- $r = q("SELECT * FROM `challenge` WHERE `dfrn_id` = '%s' AND `challenge` = '%s' LIMIT 1",
- dbesc($dfrn_id),
- dbesc($challenge)
- );
-
- if(! count($r))
- killme();
-
- $type = $r[0]['type'];
- $last_update = $r[0]['last_update'];
-
- $r = q("DELETE FROM `challenge` WHERE `dfrn_id` = '%s' AND `challenge` = '%s' LIMIT 1",
- dbesc($dfrn_id),
- dbesc($challenge)
- );
-
-
- $sql_extra = '';
- switch($direction) {
- case (-1):
- $sql_extra = sprintf(" AND `issued_id` = '%s' ", dbesc($dfrn_id));
- $my_id = $dfrn_id;
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '1:' . $dfrn_id;
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '0:' . $dfrn_id;
- break;
- default:
- goaway(z_root());
- break; // NOTREACHED
- }
-
-
- $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
-
-
- if(! count($r))
- killme();
-
- $contact = $r[0];
- $owner_uid = $r[0]['uid'];
- $contact_id = $r[0]['id'];
-
-
- if($type === 'reputation' && strlen($url)) {
- $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($url),
- intval($owner_uid)
- );
- $reputation = 0;
- $text = '';
-
- if(count($r)) {
- $reputation = $r[0]['rating'];
- $text = $r[0]['reason'];
-
- if($r[0]['id'] == $contact_id) { // inquiring about own reputation not allowed
- $reputation = 0;
- $text = '';
- }
- }
-
- echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
- <reputation>
- <url>$url</url>
- <rating>$reputation</rating>
- <description>$text</description>
- </reputation>
- ";
- killme();
- // NOTREACHED
- }
- else {
-
- // Update the writable flag if it changed
- logger('dfrn_poll: post request feed: ' . print_r($_POST,true),LOGGER_DATA);
- if($dfrn_version >= 2.21) {
- if($perm === 'rw')
- $writable = 1;
- else
- $writable = 0;
-
- if($writable != $contact['writable']) {
- q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1",
- intval($writable),
- intval($contact_id)
- );
- }
- }
-
- header("Content-type: application/atom+xml");
- $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction);
- echo $o;
- killme();
-
- }
-}
-
-function dfrn_poll_content(&$a) {
-
- $dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
- $type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
- $last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
- $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
- $sec = ((x($_GET,'sec')) ? $_GET['sec'] : '');
- $dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
- $perm = ((x($_GET,'perm')) ? $_GET['perm'] : 'r');
-
- $direction = (-1);
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
-
- if($dfrn_id != '') {
- // initial communication from external contact
- $hash = random_string();
-
- $status = 0;
-
- $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
-
- if($type !== 'profile') {
- $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn_id`, `expire` , `type`, `last_update` )
- VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
- dbesc($hash),
- dbesc($dfrn_id),
- intval(time() + 60 ),
- dbesc($type),
- dbesc($last_update)
- );
- }
- $sql_extra = '';
- switch($direction) {
- case (-1):
- if($type === 'profile')
- $sql_extra = sprintf(" AND ( `dfrn_id` = '%s' OR `issued_id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
- else
- $sql_extra = sprintf(" AND `issued_id` = '%s' ", dbesc($dfrn_id));
- $my_id = $dfrn_id;
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '1:' . $dfrn_id;
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '0:' . $dfrn_id;
- break;
- default:
- goaway(z_root());
- break; // NOTREACHED
- }
-
- $nickname = $a->argv[1];
-
- $r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
- FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
- dbesc($nickname)
- );
-
- if(count($r)) {
-
- $challenge = '';
- $encrypted_id = '';
- $id_str = $my_id . '.' . mt_rand(1000,9999);
-
- if(($r[0]['duplex'] && strlen($r[0]['pubkey'])) || (! strlen($r[0]['prvkey']))) {
- openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
- openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
- }
- else {
- openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
- openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
- }
-
- $challenge = bin2hex($challenge);
- $encrypted_id = bin2hex($encrypted_id);
- }
- else {
- $status = 1;
- $challenge = '';
- $encrypted_id = '';
- }
-
- if(($type === 'profile') && (strlen($sec))) {
-
- // URL reply
-
- if($dfrn_version < 2.2) {
- $s = fetch_url($r[0]['poll']
- . '?dfrn_id=' . $encrypted_id
- . '&type=profile-check'
- . '&dfrn_version=' . DFRN_PROTOCOL_VERSION
- . '&challenge=' . $challenge
- . '&sec=' . $sec
- );
- }
- else {
- $s = post_url($r[0]['poll'], array(
- 'dfrn_id' => $encrypted_id,
- 'type' => 'profile-check',
- 'dfrn_version' => DFRN_PROTOCOL_VERSION,
- 'challenge' => $challenge,
- 'sec' => $sec
- ));
- }
-
- $profile = ((count($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
-
- switch($destination_url) {
- case 'profile':
- $dest = $a->get_baseurl() . '/profile/' . $profile . '?tab=profile';
- break;
- case 'photos':
- $dest = $a->get_baseurl() . '/photos/' . $profile;
- break;
- case 'status':
- case '':
- $dest = $a->get_baseurl() . '/profile/' . $profile;
- break;
- default:
- $dest = $destination_url;
- break;
- }
-
- logger("dfrn_poll: sec profile: " . $s, LOGGER_DATA);
-
- if(strlen($s) && strstr($s,'<?xml')) {
-
- $xml = parse_xml_string($s);
-
- logger('dfrn_poll: profile: parsed xml: ' . print_r($xml,true), LOGGER_DATA);
-
- logger('dfrn_poll: secure profile: challenge: ' . $xml->challenge . ' expecting ' . $hash);
- logger('dfrn_poll: secure profile: sec: ' . $xml->sec . ' expecting ' . $sec);
-
-
- if(((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
- $_SESSION['authenticated'] = 1;
- if(! x($_SESSION,'remote'))
- $_SESSION['remote'] = array();
- $_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']);
- $_SESSION['visitor_id'] = $r[0]['id'];
- $_SESSION['visitor_home'] = $r[0]['url'];
- $_SESSION['visitor_visiting'] = $r[0]['uid'];
- info( sprintf(t('%s welcomes %s'), $r[0]['username'] , $r[0]['name']) . EOL);
- // Visitors get 1 day session.
- $session_id = session_id();
- $expire = time() + 86400;
- q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
- dbesc($expire),
- dbesc($session_id)
- );
- }
-
- goaway($dest);
- }
- goaway($dest);
- // NOTREACHED
-
- }
- else {
- // XML reply
- header("Content-type: text/xml");
- echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
- . '<dfrn_poll>' . "\r\n"
- . "\t" . '<status>' . $status . '</status>' . "\r\n"
- . "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
- . "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
- . "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
- . '</dfrn_poll>' . "\r\n" ;
- killme();
- // NOTREACHED
- }
- }
-}
-
-
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
deleted file mode 100644
index 95b2ec3a4..000000000
--- a/mod/dfrn_request.php
+++ /dev/null
@@ -1,837 +0,0 @@
-<?php
-
-/**
- *
- * Module: dfrn_request
- *
- * Purpose: Handles communication associated with the issuance of
- * friend requests.
- *
- */
-
-if(! function_exists('dfrn_request_init')) {
-function dfrn_request_init(&$a) {
-
- if($a->argc > 1)
- $which = $a->argv[1];
-
- profile_load($a,$which);
- return;
-}}
-
-
-/**
- * Function: dfrn_request_post
- *
- * Purpose:
- * Handles multiple scenarios.
- *
- * Scenario 1:
- * Clicking 'submit' on a friend request page.
- *
- * Scenario 2:
- * Following Scenario 1, we are brought back to our home site
- * in order to link our friend request with our own server cell.
- * After logging in, we click 'submit' to approve the linkage.
- *
- */
-
-if(! function_exists('dfrn_request_post')) {
-function dfrn_request_post(&$a) {
-
- if(($a->argc != 2) || (! count($a->profile)))
- return;
-
-
- if(x($_POST, 'cancel')) {
- goaway(z_root());
- }
-
-
- /**
- *
- * Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell
- * to confirm the request, and then we've clicked submit (perhaps after logging in).
- * That brings us here:
- *
- */
-
- if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)) {
-
- /**
- * Ensure this is a valid request
- */
-
- if(local_user() && ($a->user['nickname'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) {
-
-
- $dfrn_url = notags(trim($_POST['dfrn_url']));
- $aes_allow = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
- $confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : "");
- $hidden = ((x($_POST,'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
- $contact_record = null;
-
- if(x($dfrn_url)) {
-
- /**
- * Lookup the contact based on their URL (which is the only unique thing we have at the moment)
- */
-
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1",
- intval(local_user()),
- dbesc($dfrn_url),
- dbesc(normalise_link($dfrn_url))
- );
-
- if(count($r)) {
- if(strlen($r[0]['dfrn_id'])) {
-
- /**
- * We don't need to be here. It has already happened.
- */
-
- notice( t("This introduction has already been accepted.") . EOL );
- return;
- }
- else
- $contact_record = $r[0];
- }
-
- if(is_array($contact_record)) {
- $r = q("UPDATE `contact` SET hidden = %d WHERE `id` = %d LIMIT 1",
- intval($hidden),
- intval($contact_record['id'])
- );
- }
- else {
-
- /**
- * Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
- */
-
- require_once('Scrape.php');
-
- $parms = scrape_dfrn($dfrn_url);
-
- if(! count($parms)) {
- notice( t('Profile location is not valid or does not contain profile information.') . EOL );
- return;
- }
- else {
- if(! x($parms,'fn'))
- notice( t('Warning: profile location has no identifiable owner name.') . EOL );
- if(! x($parms,'photo'))
- notice( t('Warning: profile location has no profile photo.') . EOL );
- $invalid = validate_dfrn($parms);
- if($invalid) {
- notice( sprintf( tt("%d required parameter was not found at the given location",
- "%d required parameters were not found at the given location",
- $invalid), $invalid) . EOL );
- return;
- }
- }
-
- $dfrn_request = $parms['dfrn-request'];
-
- /********* Escape the entire array ********/
-
- dbesc_array($parms);
-
- /******************************************/
-
- /**
- * Create a contact record on our site for the other person
- */
-
- $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `name`, `nick`, `photo`, `site_pubkey`,
- `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`, `hidden`)
- VALUES ( %d, '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d)",
- intval(local_user()),
- datetime_convert(),
- dbesc($dfrn_url),
- dbesc(normalise_link($dfrn_url)),
- $parms['fn'],
- $parms['nick'],
- $parms['photo'],
- $parms['key'],
- $parms['dfrn-request'],
- $parms['dfrn-confirm'],
- $parms['dfrn-notify'],
- $parms['dfrn-poll'],
- $parms['dfrn-poco'],
- dbesc(NETWORK_DFRN),
- intval($aes_allow),
- intval($hidden)
- );
- }
-
- if($r) {
- info( t("Introduction complete.") . EOL);
- }
-
- $r = q("select id from contact where uid = %d and url = '%s' and `site_pubkey` = '%s' limit 1",
- intval(local_user()),
- dbesc($dfrn_url),
- $parms['key'] // this was already escaped
- );
- if(count($r)) {
- $g = q("select def_gid from user where uid = %d limit 1",
- intval(local_user())
- );
- if($g && intval($g[0]['def_gid'])) {
- require_once('include/group.php');
- group_add_member(local_user(),'',$r[0]['id'],$g[0]['def_gid']);
- }
- }
-
- /**
- * Allow the blocked remote notification to complete
- */
-
- if(is_array($contact_record))
- $dfrn_request = $contact_record['request'];
-
- if(strlen($dfrn_request) && strlen($confirm_key))
- $s = fetch_url($dfrn_request . '?confirm_key=' . $confirm_key);
-
- // (ignore reply, nothing we can do it failed)
-
- goaway(zid($dfrn_url));
- return; // NOTREACHED
-
- }
-
- }
-
- // invalid/bogus request
-
- notice( t('Unrecoverable protocol error.') . EOL );
- goaway(z_root());
- return; // NOTREACHED
- }
-
- /**
- * Otherwise:
- *
- * Scenario 1:
- * We are the requestee. A person from a remote cell has made an introduction
- * on our profile web page and clicked submit. We will use their DFRN-URL to
- * figure out how to contact their cell.
- *
- * Scrape the originating DFRN-URL for everything we need. Create a contact record
- * and an introduction to show our user next time he/she logs in.
- * Finally redirect back to the requestor so that their site can record the request.
- * If our user (the requestee) later confirms this request, a record of it will need
- * to exist on the requestor's cell in order for the confirmation process to complete..
- *
- * It's possible that neither the requestor or the requestee are logged in at the moment,
- * and the requestor does not yet have any credentials to the requestee profile.
- *
- * Who is the requestee? We've already loaded their profile which means their nickname should be
- * in $a->argv[1] and we should have their complete info in $a->profile.
- *
- */
-
- if(! (is_array($a->profile) && count($a->profile))) {
- notice( t('Profile unavailable.') . EOL);
- return;
- }
-
- $nickname = $a->profile['nickname'];
- $notify_flags = $a->profile['notify-flags'];
- $uid = $a->profile['uid'];
- $maxreq = intval($a->profile['maxreq']);
- $contact_record = null;
- $failed = false;
- $parms = null;
-
-
- if( x($_POST,'dfrn_url')) {
-
- /**
- * Block friend request spam
- */
-
- if($maxreq) {
- $r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
- dbesc(datetime_convert('UTC','UTC','now - 24 hours')),
- intval($uid)
- );
- if(count($r) > $maxreq) {
- notice( sprintf( t('%s has received too many connection requests today.'), $a->profile['name']) . EOL);
- notice( t('Spam protection measures have been invoked.') . EOL);
- notice( t('Friends are advised to please try again in 24 hours.') . EOL);
- return;
- }
- }
-
- /**
- *
- * Cleanup old introductions that remain blocked.
- * Also remove the contact record, but only if there is no existing relationship
- * Do not remove email contacts as these may be awaiting email verification
- */
-
- $r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
- FROM `intro` LEFT JOIN `contact` on `intro`.`contact-id` = `contact`.`id`
- WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0
- AND `contact`.`network` != '%s'
- AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 30 MINUTE ",
- dbesc(NETWORK_MAIL2)
- );
- if(count($r)) {
- foreach($r as $rr) {
- if(! $rr['rel']) {
- q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($rr['cid'])
- );
- }
- q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
- intval($rr['iid'])
- );
- }
- }
-
- /**
- *
- * Cleanup any old email intros - which will have a greater lifetime
- */
-
- $r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
- FROM `intro` LEFT JOIN `contact` on `intro`.`contact-id` = `contact`.`id`
- WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0
- AND `contact`.`network` = '%s'
- AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 3 DAY ",
- dbesc(NETWORK_MAIL2)
- );
- if(count($r)) {
- foreach($r as $rr) {
- if(! $rr['rel']) {
- q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($rr['cid'])
- );
- }
- q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
- intval($rr['iid'])
- );
- }
- }
-
- $email_follow = (x($_POST,'email_follow') ? intval($_POST['email_follow']) : 0);
- $real_name = (x($_POST,'realname') ? notags(trim($_POST['realname'])) : '');
-
- $url = trim($_POST['dfrn_url']);
- if(! strlen($url)) {
- notice( t("Invalid locator") . EOL );
- return;
- }
-
- $hcard = '';
-
- if($email_follow) {
-
- if(! validate_email($url)) {
- notice( t('Invalid email address.') . EOL);
- return;
- }
-
- $addr = $url;
- $name = ($realname) ? $realname : $addr;
- $nick = substr($addr,0,strpos($addr,'@'));
- $url = 'http://' . substr($addr,strpos($addr,'@') + 1);
- $nurl = normalise_url($host);
- $poll = 'email ' . random_string();
- $notify = 'smtp ' . random_string();
- $blocked = 1;
- $pending = 1;
- $network = NETWORK_MAIL2;
- $rel = CONTACT_IS_FOLLOWER;
-
- $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
- if(get_config('system','dfrn_only'))
- $mail_disabled = 1;
-
- if(! $mail_disabled) {
- $failed = false;
- $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
- intval($uid)
- );
- if(! count($r)) {
- notice( t('This account has not been configured for email. Request failed.') . EOL);
- return;
- }
- }
-
- $r = q("insert into contact ( uid, created, addr, name, nick, url, nurl, poll, notify, blocked, pending, network, rel )
- values( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d ) ",
- intval($uid),
- dbesc(datetime_convert()),
- dbesc($addr),
- dbesc($name),
- dbesc($nick),
- dbesc($url),
- dbesc($nurl),
- dbesc($poll),
- dbesc($notify),
- intval($blocked),
- intval($pending),
- dbesc($network),
- intval($rel)
- );
-
- $r = q("select id from contact where poll = '%s' and uid = %d limit 1",
- dbesc($poll),
- intval($uid)
- );
- if(count($r)) {
- $contact_id = $r[0]['id'];
-
- $g = q("select def_gid from user where uid = %d limit 1",
- intval($uid)
- );
- if($g && intval($g[0]['def_gid'])) {
- require_once('include/group.php');
- group_add_member($uid,'',$contact_id,$g[0]['def_gid']);
- }
-
- $photo = avatar_img($addr);
-
- $r = q("UPDATE `contact` SET
- `photo` = '%s',
- `thumb` = '%s',
- `micro` = '%s',
- `name_date` = '%s',
- `uri_date` = '%s',
- `avatar_date` = '%s',
- `hidden` = 0,
- WHERE `id` = %d LIMIT 1
- ",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- intval($contact_id)
- );
- }
-
- // contact is created. Now create an introduction
-
- $hash = random_string();
-
- $r = q("insert into intro ( uid, `contact-id`, knowyou, note, hash, datetime, blocked )
- values( %d , %d, %d, '%s', '%s', '%s', %d ) ",
- intval($uid),
- intval($contact_id),
- ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
- dbesc(notags(trim($_POST['dfrn-request-message']))),
- dbesc($hash),
- dbesc(datetime_convert()),
- 1
- );
-
- // Next send an email verify form to the requestor.
-
- }
-
- else {
-
- // Canonicalise email-style profile locator
-
- $url = webfinger_dfrn($url,$hcard);
-
- if(substr($url,0,5) === 'stat:') {
- $network = NETWORK_OSTATUS;
- $url = substr($url,5);
- }
- else {
- $network = NETWORK_DFRN;
- }
- }
-
- logger('dfrn_request: url: ' . $url);
-
- if(! strlen($url)) {
- notice( t("Unable to resolve your name at the provided location.") . EOL);
- return;
- }
-
-
- if($network === NETWORK_DFRN) {
- $ret = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1",
- intval($uid),
- dbesc($url)
- );
-
- if(count($ret)) {
- if(strlen($ret[0]['issued_id'])) {
- notice( t('You have already introduced yourself here.') . EOL );
- return;
- }
- elseif($ret[0]['rel'] == CONTACT_IS_FRIEND) {
- notice( sprintf( t('Apparently you are already friends with %s.'), $a->profile['name']) . EOL);
- return;
- }
- else {
- $contact_record = $ret[0];
- $parms = array('dfrn-request' => $ret[0]['request']);
- }
- }
-
- $issued_id = random_string();
-
- if(is_array($contact_record)) {
- // There is a contact record but no issued_id, so this
- // is a reciprocal introduction from a known contact
- $r = q("UPDATE `contact` SET `issued_id` = '%s' WHERE `id` = %d LIMIT 1",
- dbesc($issued_id),
- intval($contact_record['id'])
- );
- }
- else {
- if(! validate_url($url)) {
- notice( t('Invalid profile URL.') . EOL);
- goaway($a->get_baseurl() . '/' . $a->cmd);
- return; // NOTREACHED
- }
-
- if(! allowed_url($url)) {
- notice( t('Disallowed profile URL.') . EOL);
- goaway($a->get_baseurl() . '/' . $a->cmd);
- return; // NOTREACHED
- }
-
-
- require_once('Scrape.php');
-
- $parms = scrape_dfrn(($hcard) ? $hcard : $url);
-
- if(! count($parms)) {
- notice( t('Profile location is not valid or does not contain profile information.') . EOL );
- goaway($a->get_baseurl() . '/' . $a->cmd);
- }
- else {
- if(! x($parms,'fn'))
- notice( t('Warning: profile location has no identifiable owner name.') . EOL );
- if(! x($parms,'photo'))
- notice( t('Warning: profile location has no profile photo.') . EOL );
- $invalid = validate_dfrn($parms);
- if($invalid) {
- notice( sprintf( tt("%d required parameter was not found at the given location",
- "%d required parameters were not found at the given location",
- $invalid), $invalid) . EOL );
-
- return;
- }
- }
-
-
- $parms['url'] = $url;
- $parms['issued_id'] = $issued_id;
-
-
- dbesc_array($parms);
- $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`,`name`, `nick`, `issued_id`, `photo`, `site_pubkey`,
- `request`, `confirm`, `notify`, `poll`, `poco`, `network` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
- intval($uid),
- dbesc(datetime_convert()),
- $parms['url'],
- dbesc(normalise_link($parms['url'])),
- $parms['fn'],
- $parms['nick'],
- $parms['issued_id'],
- $parms['photo'],
- $parms['key'],
- $parms['dfrn-request'],
- $parms['dfrn-confirm'],
- $parms['dfrn-notify'],
- $parms['dfrn-poll'],
- $parms['dfrn-poco'],
- dbesc(NETWORK_DFRN)
- );
-
- // find the contact record we just created
- if($r) {
- $r = q("SELECT `id` FROM `contact`
- WHERE `uid` = %d AND `url` = '%s' AND `issued_id` = '%s' LIMIT 1",
- intval($uid),
- $parms['url'],
- $parms['issued_id']
- );
- if(count($r))
- $contact_record = $r[0];
- }
-
- }
- if($r === false) {
- notice( t('Failed to update contact record.') . EOL );
- return;
- }
-
- $hash = random_string() . (string) time(); // Generate a confirm_key
-
- if(is_array($contact_record)) {
- $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
- VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )",
- intval($uid),
- intval($contact_record['id']),
- ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
- dbesc(notags(trim($_POST['dfrn-request-message']))),
- dbesc($hash),
- dbesc(datetime_convert())
- );
- }
-
- // This notice will only be seen by the requestor if the requestor and requestee are on the same server.
-
- if(! $failed)
- info( t('Your introduction has been sent.') . EOL );
-
- // "Homecoming" - send the requestor back to their site to record the introduction.
-
- $dfrn_url = bin2hex($a->get_baseurl() . '/profile/' . $nickname);
- $aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
-
- goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url"
- . '&dfrn_version=' . DFRN_PROTOCOL_VERSION
- . '&confirm_key=' . $hash
- . (($aes_allow) ? "&aes_allow=1" : "")
- );
- // NOTREACHED
- // END $network === NETWORK_DFRN
- }
- elseif($network === NETWORK_OSTATUS) {
-
- /**
- *
- * OStatus network
- * Check contact existence
- * Try and scrape together enough information to create a contact record,
- * with us as CONTACT_IS_FOLLOWER
- * Substitute our user's feed URL into $url template
- * Send the subscriber home to subscribe
- *
- */
-
- $url = str_replace('{uri}', $a->get_baseurl() . '/dfrn_poll/' . $nickname, $url);
- goaway($url);
- // NOTREACHED
- // END $network === NETWORK_OSTATUS
- }
-
- } return;
-}}
-
-
-
-
-if(! function_exists('dfrn_request_content')) {
-function dfrn_request_content(&$a) {
-
- if(($a->argc != 2) || (! count($a->profile)))
- return "";
-
-
- // "Homecoming". Make sure we're logged in to this site as the correct user. Then offer a confirm button
- // to send us to the post section to record the introduction.
-
- if(x($_GET,'dfrn_url')) {
-
- if(! local_user()) {
- info( t("Please login to confirm introduction.") . EOL );
-
- /* setup the return URL to come back to this page if they use openid */
-
- $stripped = str_replace('q=','',$a->query_string);
- $_SESSION['return_url'] = trim($stripped,'/');
-
- return login();
- }
-
- // Edge case, but can easily happen in the wild. This person is authenticated,
- // but not as the person who needs to deal with this request.
-
- if ($a->user['nickname'] != $a->argv[1]) {
- notice( t("Incorrect identity currently logged in. Please login to <strong>this</strong> profile.") . EOL);
- return login();
- }
-
- $dfrn_url = notags(trim(hex2bin($_GET['dfrn_url'])));
- $aes_allow = (((x($_GET,'aes_allow')) && ($_GET['aes_allow'] == 1)) ? 1 : 0);
- $confirm_key = (x($_GET,'confirm_key') ? $_GET['confirm_key'] : "");
- $tpl = get_markup_template("dfrn_req_confirm.tpl");
- $o = replace_macros($tpl,array(
- '$dfrn_url' => $dfrn_url,
- '$aes_allow' => (($aes_allow) ? '<input type="hidden" name="aes_allow" value="1" />' : "" ),
- '$hidethem' => t('Hide this contact'),
- '$hidechecked' => '',
- '$confirm_key' => $confirm_key,
- '$welcome' => sprintf( t('Welcome home %s.'), $a->user['username']),
- '$please' => sprintf( t('Please confirm your introduction/connection request to %s.'), $dfrn_url),
- '$submit' => t('Confirm'),
- '$uid' => $_SESSION['uid'],
- '$nickname' => $a->user['nickname'],
- 'dfrn_rawurl' => $_GET['dfrn_url']
- ));
- return $o;
-
- }
- elseif((x($_GET,'confirm_key')) && strlen($_GET['confirm_key'])) {
-
- // we are the requestee and it is now safe to send our user their introduction,
- // We could just unblock it, but first we have to jump through a few hoops to
- // send an email, or even to find out if we need to send an email.
-
- $intro = q("SELECT * FROM `intro` WHERE `hash` = '%s' LIMIT 1",
- dbesc($_GET['confirm_key'])
- );
-
- if(count($intro)) {
-
- $r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`id` = %d LIMIT 1",
- intval($intro[0]['contact-id'])
- );
-
- $auto_confirm = false;
-
- if(count($r)) {
- if(($r[0]['page-flags'] != PAGE_NORMAL) && ($r[0]['page-flags'] != PAGE_PRVGROUP))
- $auto_confirm = true;
-
- if(! $auto_confirm) {
- require_once('include/enotify.php');
- notification(array(
- 'type' => NOTIFY_INTRO,
- 'notify_flags' => $r[0]['notify-flags'],
- 'language' => $r[0]['language'],
- 'to_name' => $r[0]['username'],
- 'to_email' => $r[0]['email'],
- 'uid' => $r[0]['uid'],
- 'link' => $a->get_baseurl() . '/notifications/intros',
- 'source_name' => ((strlen(stripslashes($r[0]['name']))) ? stripslashes($r[0]['name']) : t('[Name Withheld]')),
- 'source_link' => $r[0]['url'],
- 'source_photo' => $r[0]['photo'],
- 'verb' => ACTIVITY_REQ_FRIEND,
- 'otype' => 'intro'
- ));
- }
-
- if($auto_confirm) {
- require_once('mod/dfrn_confirm.php');
- $handsfree = array(
- 'uid' => $r[0]['uid'],
- 'node' => $r[0]['nickname'],
- 'dfrn_id' => $r[0]['issued_id'],
- 'intro_id' => $intro[0]['id'],
- 'duplex' => (($r[0]['page-flags'] == PAGE_FREELOVE) ? 1 : 0),
- 'activity' => intval(get_pconfig($r[0]['uid'],'system','post_newfriend'))
- );
- dfrn_confirm_post($a,$handsfree);
- }
-
- }
-
- if(! $auto_confirm) {
-
- // If we are auto_confirming, this record will have already been nuked
- // in dfrn_confirm_post()
-
- $r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
- dbesc($_GET['confirm_key'])
- );
- }
- }
-
- killme();
- return; // NOTREACHED
- }
- else {
-
- /**
- * Normal web request. Display our user's introduction form.
- */
-
- if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
- notice( t('Public access denied.') . EOL);
- return;
- }
-
-
- /**
- * Try to auto-fill the profile address
- */
-
- if(local_user()) {
- if(strlen($a->path)) {
- $myaddr = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
- }
- else {
- $myaddr = $a->user['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 );
- }
- }
- elseif(x($_GET,'addr')) {
- $myaddr = hex2bin($_GET['addr']);
- }
- else {
- /* $_GET variables are already urldecoded */
- $myaddr = ((x($_GET,'address')) ? $_GET['address'] : '');
- }
-
- // last, try a zid
- if(! strlen($myaddr))
- $myaddr = get_my_url();
-
-
- $target_addr = $a->profile['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 );
-
-
- /**
- *
- * The auto_request form only has the profile address
- * because nobody is going to read the comments and
- * it doesn't matter if they know you or not.
- *
- */
-
- if($a->profile['page-flags'] == PAGE_NORMAL)
- $tpl = get_markup_template('dfrn_request.tpl');
- else
- $tpl = get_markup_template('auto_request.tpl');
-
- $page_desc .= t("Please enter your 'Identity Address' from one of the following supported communications networks:");
-
-
- $emailnet = '';
-
- $invite_desc = t('If you are not yet a member of the free social web, <a href="http://dir.friendica.com/siteinfo">follow this link to find a public Friendica site and join us today</a>.');
-
- $o .= replace_macros($tpl,array(
- '$header' => t('Friend/Connection Request'),
- '$desc' => t('Examples: jojo@zothub.com, bob@example.com'),
- '$pls_answer' => t('Please answer the following:'),
- '$does_know' => sprintf( t('Does %s know you?'),$a->profile['name']),
- '$yes' => t('Yes'),
- '$no' => t('No'),
- '$add_note' => t('Add a personal note:'),
- '$page_desc' => $page_desc,
- '$friendica' => t('Friendica'),
- '$statusnet' => t('StatusNet/Federated Social Web'),
- '$diaspora' => t('Diaspora'),
- '$diasnote' => sprintf (t(' - please do not use this form. Instead, enter %s into your Diaspora search bar.'),$target_addr),
- '$your_address' => t('Your webbie (web-id):'),
- '$invite_desc' => $invite_desc,
- '$emailnet' => $emailnet,
- '$submit' => t('Submit Request'),
- '$cancel' => t('Cancel'),
- '$nickname' => $a->argv[1],
- '$name' => $a->profile['name'],
- '$myaddr' => $myaddr
- ));
- return $o;
- }
-
- return; // Somebody is fishing.
-}}
diff --git a/mod/display.php b/mod/display.php
index bc7e3a1c4..c6af8fdd2 100644
--- a/mod/display.php
+++ b/mod/display.php
@@ -19,10 +19,8 @@ function display_content(&$a) {
$a->page['htmlhead'] .= get_markup_template('display-head.tpl');
-
-
if(argc() > 1)
- $item_hash = argv(2);
+ $item_hash = argv(1);
if(! $item_hash) {
$a->error = 404;
@@ -32,13 +30,27 @@ function display_content(&$a) {
$observer_is_owner = false;
+ // This page can be viewed by anybody so the query could be complicated
+ // First we'll see if there is a copy of the item which is owned by us - if we're logged in locally.
+ // If that fails (or we aren't logged in locally),
+ // query an item in which the observer (if logged in remotely) has cid or gid rights
+ // and if that fails, look for a copy of the post that has no privacy restrictions.
+ // If we find the post, but we don't find a copy that we're allowed to look at, this fact needs to be reported.
+
+// FIXME - on the short term, we'll only do the first query.
+
+ $target_item = null;
+
if(local_user()) {
$r = q("select * from item where uri = '%s' and uid = %d limit 1",
dbesc($item_hash),
intval(local_user())
);
- if($r && $count($r))
+ if($r) {
+ $owner = local_user();
$observer_is_owner = true;
+ $target_item = $r[0];
+ }
}
@@ -106,47 +118,43 @@ function display_content(&$a) {
return;
}
- if ($is_owner)
- $celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
-
- $x = array(
- 'is_owner' => true,
- 'allow_location' => $a->user['allow_location'],
- 'default_location' => $a->user['default-location'],
- 'nickname' => $a->user['nickname'],
- 'lockstate' => ( (is_array($a->user)) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))) ? 'lock' : 'unlock'),
- 'acl' => populate_acl($a->user, $celeb),
- 'bang' => '',
- 'visitor' => 'block',
- 'profile_uid' => local_user()
- );
- $o .= status_editor($a,$x,true);
-
-
- $sql_extra = item_permissions_sql($a->profile['uid'],$remote_contact,$groups);
-
- $r = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item`
- WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
- and `item`.`moderated` = 0
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `item`.`parent` = ( SELECT `parent` FROM `item` WHERE ( `id` = '%s' OR `uri` = '%s' ))
- $sql_extra
- ORDER BY `parent` DESC, `gravity` ASC, `id` ASC ",
- intval($a->profile['uid']),
- dbesc($item_id),
- dbesc($item_id)
- );
-
-
- if(count($r)) {
-
- if((local_user()) && (local_user() == $a->profile['uid'])) {
- q("UPDATE `item` SET `unseen` = 0
- WHERE `parent` = %d AND `unseen` = 1",
- intval($r[0]['parent'])
- );
+// if ($is_owner)
+// $celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
+
+// $x = array(
+// 'is_owner' => true,
+// 'allow_location' => $a->user['allow_location'],
+// 'default_location' => $a->user['default-location'],
+// 'nickname' => $a->user['nickname'],
+// 'lockstate' => ( (is_array($a->user)) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))) ? 'lock' : 'unlock'),
+// 'acl' => populate_acl($a->user, $celeb),
+// 'bang' => '',
+// 'visitor' => 'block',
+// 'profile_uid' => local_user()
+// );
+// $o .= status_editor($a,$x,true);
+
+
+// FIXME
+// $sql_extra = item_permissions_sql($a->profile['uid']);
+
+ if($target_item) {
+ $r = q("SELECT * from item where parent = %d",
+ intval($target_item['parent'])
+ );
+ }
+
+
+ if($r) {
+
+ if((local_user()) && (local_user() == $owner)) {
+// q("UPDATE `item` SET `unseen` = 0
+// WHERE `parent` = %d AND `unseen` = 1",
+// intval($r[0]['parent'])
+// );
}
+ xchan_query($r);
$r = fetch_post_tags($r);
$o .= conversation($a,$r,'display', false);
diff --git a/mod/editpost.php b/mod/editpost.php
index 73faa59c5..43c71ca8a 100644
--- a/mod/editpost.php
+++ b/mod/editpost.php
@@ -11,7 +11,7 @@ function editpost_content(&$a) {
return;
}
- $post_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
+ $post_id = ((argc() > 1) ? intval(argv(1)) : 0);
if(! $post_id) {
notice( t('Item not found') . EOL);
@@ -32,12 +32,12 @@ function editpost_content(&$a) {
if(feature_enabled(local_user(),'richtext'))
$plaintext = false;
+ $o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
+ '$title' => t('Edit post')
+ ));
- $o .= '<h2>' . t('Edit post') . '</h2>';
-
- $tpl = get_markup_template('jot-header.tpl');
- $a->page['htmlhead'] .= replace_macros($tpl, array(
+ $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array(
'$baseurl' => $a->get_baseurl(),
'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
'$ispublic' => '&nbsp;', // t('Visible to <strong>everybody</strong>'),
@@ -48,20 +48,14 @@ function editpost_content(&$a) {
$tpl = get_markup_template("jot.tpl");
- if(($group) || (is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid'])))))
- $lockstate = 'lock';
- else
- $lockstate = 'unlock';
-
- $celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
-
$jotplugins = '';
$jotnets = '';
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
-
+ $channel = $a->get_channel();
+
//$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
@@ -83,7 +77,7 @@ function editpost_content(&$a) {
'$content' => undo_post_tagging($itm[0]['body']),
'$post_id' => $post_id,
'$baseurl' => $a->get_baseurl(),
- '$defloc' => $a->user['default-location'],
+ '$defloc' => $channel['channel_location'],
'$visitor' => 'none',
'$pvisit' => 'none',
'$public' => t('Public post'),
@@ -94,10 +88,10 @@ function editpost_content(&$a) {
'$placeholdercategory' => t('Categories (comma-separated list)'),
'$emtitle' => t('Example: bob@example.com, mary@example.com'),
'$lockstate' => $lockstate,
- '$acl' => '', // populate_acl((($group) ? $group_acl : $a->user), $celeb),
- '$bang' => (($group) ? '!' : ''),
- '$profile_uid' => $_SESSION['uid'],
- '$preview' => t('Preview'),
+ '$acl' => '',
+ '$bang' => '',
+ '$profile_uid' => local_user(),
+ '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''),
'$jotplugins' => $jotplugins,
'$sourceapp' => t($a->sourcename),
));
diff --git a/mod/login.php b/mod/login.php
index d09fc1868..8ad4704a3 100644
--- a/mod/login.php
+++ b/mod/login.php
@@ -1,13 +1,7 @@
<?php
function login_content(&$a) {
- if(x($_SESSION,'theme'))
- unset($_SESSION['theme']);
- if(x($_SESSION,'mobile-theme'))
- unset($_SESSION['mobile-theme']);
-
if(local_user())
goaway(z_root());
- return login(($a->config['register_policy'] == REGISTER_CLOSED) ? false : true);
-
+ return login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? false : true);
}
diff --git a/mod/settings.php b/mod/settings.php
index 060258058..2409c2eca 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -340,6 +340,8 @@ function settings_post(&$a) {
$arr['channel_w_photos'] = (($_POST['post_photos']) ? $_POST['post_photos'] : 0);
$arr['channel_w_chat'] = (($_POST['chat']) ? $_POST['chat'] : 0);
$arr['channel_a_delegate'] = (($_POST['delegate']) ? $_POST['delegate'] : 0);
+ $arr['channel_r_storage'] = (($_POST['view_storage']) ? $_POST['view_storage'] : 0);
+ $arr['channel_w_storage'] = (($_POST['write_storage']) ? $_POST['write_storage'] : 0);
$notify = 0;
diff --git a/mod/wallmessage.php b/mod/wallmessage.php
deleted file mode 100644
index 8a1194104..000000000
--- a/mod/wallmessage.php
+++ /dev/null
@@ -1,149 +0,0 @@
-<?php
-
-require_once('include/message.php');
-
-function wallmessage_post(&$a) {
-
- $replyto = get_my_url();
- if(! $replyto) {
- notice( t('Permission denied.') . EOL);
- return;
- }
-
- $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : '');
- $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
-
- $recipient = (($a->argc > 1) ? notags($a->argv[1]) : '');
- if((! $recipient) || (! $body)) {
- return;
- }
-
- $r = q("select * from user where nickname = '%s' limit 1",
- dbesc($recipient)
- );
-
- if(! count($r)) {
- logger('wallmessage: no recipient');
- return;
- }
-
- $user = $r[0];
-
- if(! intval($user['unkmail'])) {
- notice( t('Permission denied.') . EOL);
- return;
- }
-
- $r = q("select count(*) as total from mail where uid = %d and created > UTC_TIMESTAMP() - INTERVAL 1 day and unknown = 1",
- intval($user['uid'])
- );
-
- if($r[0]['total'] > $user['cntunkmail']) {
- notice( sprintf( t('Number of daily wall messages for %s exceeded. Message failed.', $user['username'])));
- return;
- }
-
- // Work around doubled linefeeds in Tinymce 3.5b2
-
- $body = str_replace("\r\n","\n",$body);
- $body = str_replace("\n\n","\n",$body);
-
-
- $ret = send_wallmessage($user, $body, $subject, $replyto);
-
- switch($ret){
- case -1:
- notice( t('No recipient selected.') . EOL );
- break;
- case -2:
- notice( t('Unable to check your home location.') . EOL );
- break;
- case -3:
- notice( t('Message could not be sent.') . EOL );
- break;
- case -4:
- notice( t('Message collection failure.') . EOL );
- break;
- default:
- info( t('Message sent.') . EOL );
- }
-
-// goaway($a->get_baseurl() . '/channel/' . $user['nickname']);
-
-}
-
-
-function wallmessage_content(&$a) {
-
- if(! get_my_url()) {
- notice( t('Permission denied.') . EOL);
- return;
- }
-
- $recipient = (($a->argc > 1) ? $a->argv[1] : '');
-
- if(! $recipient) {
- notice( t('No recipient.') . EOL);
- return;
- }
-
- $r = q("select * from user where nickname = '%s' limit 1",
- dbesc($recipient)
- );
-
- if(! count($r)) {
- notice( t('No recipient.') . EOL);
- logger('wallmessage: no recipient');
- return;
- }
-
- $user = $r[0];
-
- if(! intval($user['unkmail'])) {
- notice( t('Permission denied.') . EOL);
- return;
- }
-
- $r = q("select count(*) as total from mail where uid = %d and created > UTC_TIMESTAMP() - INTERVAL 1 day and unknown = 1",
- intval($user['uid'])
- );
-
- if($r[0]['total'] > $user['cntunkmail']) {
- notice( sprintf( t('Number of daily wall messages for %s exceeded. Message failed.', $user['username'])));
- return;
- }
-
-
-
- $tpl = get_markup_template('wallmsg-header.tpl');
-
- $a->page['htmlhead'] .= replace_macros($tpl, array(
- '$baseurl' => $a->get_baseurl(true),
- '$editselect' => '/(profile-jot-text|prvmail-text)/',
- '$nickname' => $user['nickname'],
- '$linkurl' => t('Please enter a link URL:')
- ));
-
-
-
- $tpl = get_markup_template('wallmessage.tpl');
- $o .= replace_macros($tpl,array(
- '$header' => t('Send Private Message'),
- '$subheader' => sprintf( t('If you wish for %s to respond, please check that the privacy settings on your site allow private mail from unknown senders.'), $user['username']),
- '$to' => t('To:'),
- '$subject' => t('Subject:'),
- '$recipname' => $user['username'],
- '$nickname' => $user['nickname'],
- '$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''),
- '$text' => ((x($_REQUEST,'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''),
- '$readonly' => '',
- '$yourmessage' => t('Your message:'),
- '$select' => $select,
- '$parent' => '',
- '$upload' => t('Upload photo'),
- '$insert' => t('Insert web link'),
- '$wait' => t('Please wait')
- ));
-
- return $o;
- }
diff --git a/version.inc b/version.inc
index 94a1bafa8..55ac32e24 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2012-12-19.174
+2012-12-21.176
diff --git a/view/js/mod_connections.js b/view/js/mod_connections.js
index cb4badff5..7fb38b56e 100644
--- a/view/js/mod_connections.js
+++ b/view/js/mod_connections.js
@@ -31,6 +31,7 @@ function connectFullShare() {
$('#me_id_perms_post_comments').attr('checked','checked');
$('#me_id_perms_post_mail').attr('checked','checked');
$('#me_id_perms_chat').attr('checked','checked');
+ $('#me_id_perms_view_storage').attr('checked','checked');
}
diff --git a/view/theme/fancyred/php/config.php b/view/theme/fancyred/php/config.php
index 03844c3b6..48035f507 100644
--- a/view/theme/fancyred/php/config.php
+++ b/view/theme/fancyred/php/config.php
@@ -65,7 +65,7 @@ function fancyred_form(&$a, $font_size, $line_height, $colour) {
'dark' => 'dark',
);
- $t = file_get_contents( dirname(__file__). "/theme_settings.tpl" );
+ $t = file_get_contents( dirname(__file__). "/../tpl/theme_settings.tpl" );
$o .= replace_macros($t, array(
'$submit' => t('Submit'),
'$baseurl' => $a->get_baseurl(),
diff --git a/view/theme/redbasic/php/config.php b/view/theme/redbasic/php/config.php
index dd82f8ec3..1ca9cc5ed 100644
--- a/view/theme/redbasic/php/config.php
+++ b/view/theme/redbasic/php/config.php
@@ -65,7 +65,7 @@ function redbasic_form(&$a, $font_size, $line_height, $colour) {
'dark' => 'dark',
);
- $t = file_get_contents( dirname(__file__). "/theme_settings.tpl" );
+ $t = file_get_contents( dirname(__file__). "/../tpl/theme_settings.tpl" );
$o .= replace_macros($t, array(
'$submit' => t('Submit'),
'$baseurl' => $a->get_baseurl(),
diff --git a/view/tpl/edpost_head.tpl b/view/tpl/edpost_head.tpl
new file mode 100644
index 000000000..b83e606a0
--- /dev/null
+++ b/view/tpl/edpost_head.tpl
@@ -0,0 +1 @@
+<h2>$title</h2>
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-21 07:05:48 +0000