diff options
-rw-r--r-- | include/notifier.php | 17 | ||||
-rw-r--r-- | include/poller.php | 21 | ||||
-rw-r--r-- | mod/dfrn_notify.php | 74 | ||||
-rw-r--r-- | mod/dfrn_poll.php | 162 | ||||
-rw-r--r-- | mod/redir.php | 12 |
5 files changed, 225 insertions, 61 deletions
diff --git a/include/notifier.php b/include/notifier.php index a703dbee9..cc2846735 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -278,10 +278,19 @@ if((! strlen($rr['dfrn-id'])) && (! $rr['duplex'])) continue; - $idtosend = (($rr['dfrn-id']) ? $rr['dfrn-id'] : $rr['issued-id']); + + $idtosend = $orig_id = (($rr['dfrn-id']) ? $rr['dfrn-id'] : $rr['issued-id']); + + if($rr['duplex'] && $rr['dfrn-id']) + $idtosend = '0:' . $orig_id; + if($rr['duplex'] && $rr['issued-id']) + $idtosend = '1:' . $orig_id; $url = $rr['notify'] . '?dfrn_id=' . $idtosend; + if($debugging) + echo "URL: $url"; + $xml = fetch_url($url); if($debugging) @@ -312,7 +321,11 @@ } $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); - if($final_dfrn_id != $idtosend) { + + if(strpos($final_dfrn_id,':') == 1) + $final_dfrn_id = substr($final_dfrn_id,2); + + if($final_dfrn_id != $orig_id) { // did not decode properly - cannot trust this site continue; } diff --git a/include/poller.php b/include/poller.php index dc2710ef0..c4d697e24 100644 --- a/include/poller.php +++ b/include/poller.php @@ -79,10 +79,16 @@ ? datetime_convert('UTC','UTC','now - 30 days','Y-m-d\TH:i:s\Z') : datetime_convert('UTC','UTC',$contact['last-update'],'Y-m-d\TH:i:s\Z')); - $idtosend = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); - $url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ; + $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); + + if(intval($contact['duplex']) && $contact['dfrn-id']) + $idtosend = '0:' . $orig_id; + if(intval($contact['duplex']) && $contact['issued-id']) + $idtosend = '1:' . $orig_id; + + $url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ; $xml = fetch_url($url); if($debugging) { @@ -93,6 +99,8 @@ if(! $xml) continue; + + $res = simplexml_load_string($xml); if(intval($res->status) == 1) @@ -122,13 +130,20 @@ } $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); - if($final_dfrn_id != $idtosend) { + + if(strpos($final_dfrn_id,':') == 1) + $final_dfrn_id = substr($final_dfrn_id,2); + + if($final_dfrn_id != $orig_id) { + // did not decode properly - cannot trust this site continue; } $postvars['dfrn_id'] = $idtosend; + + $xml = post_url($contact['poll'],$postvars); if($debugging) { diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index a1a6ab716..b1a330e8c 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -9,6 +9,13 @@ function dfrn_notify_post(&$a) { $dfrn_id = notags(trim($_POST['dfrn_id'])); $challenge = notags(trim($_POST['challenge'])); $data = $_POST['data']; + + $direction = (-1); + if(strpos($dfrn_id,':') == 1) { + $direction = intval(substr($dfrn_id,0,1)); + $dfrn_id = substr($dfrn_id,2); + } + $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", dbesc($dfrn_id), dbesc($challenge) @@ -23,11 +30,26 @@ function dfrn_notify_post(&$a) { // find the local user who owns this relationship. + $sql_extra = ''; + switch($direction) { + case (-1): + $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + break; + case 0: + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + break; + case 1: + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + break; + default: + xml_status(3); + break; // NOTREACHED + } + + $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s' )) LIMIT 1", - dbesc($dfrn_id), - dbesc($dfrn_id) + WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra LIMIT 1" ); if(! count($r)) { @@ -336,7 +358,18 @@ function dfrn_notify_post(&$a) { function dfrn_notify_content(&$a) { if(x($_GET,'dfrn_id')) { - // initial communication from external contact + + // initial communication from external contact, $direction is their direction. + // If this is a duplex communication, ours will be the opposite. + + $dfrn_id = notags(trim($_GET['dfrn_id'])); + + $direction = (-1); + if(strpos($dfrn_id,':') == 1) { + $direction = intval(substr($dfrn_id,0,1)); + $dfrn_id = substr($dfrn_id,2); + } + $hash = random_string(); $status = 0; @@ -346,21 +379,40 @@ function dfrn_notify_content(&$a) { $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` ) VALUES( '%s', '%s', '%s') ", dbesc($hash), - dbesc(notags(trim($_GET['dfrn_id']))), + dbesc($dfrn_id), intval(time() + 60 ) ); - $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s')) - AND `blocked` = 0 AND `pending` = 0 LIMIT 1", - dbesc($_GET['dfrn_id']), - dbesc($_GET['dfrn_id']) - ); + + $sql_extra = ''; + switch($direction) { + case (-1): + $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + $my_id = $dfrn_id; + break; + case 0: + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '1:' . $dfrn_id; + break; + case 1: + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '0:' . $dfrn_id; + break; + default: + $status = 1; + break; // NOTREACHED + } + + + + $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1"); + if(! count($r)) $status = 1; $challenge = ''; $encrypted_id = ''; - $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); + $id_str = $my_id . '.' . mt_rand(1000,9999); if(($r[0]['duplex']) && strlen($r[0]['pubkey'])) { openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 89fc379fb..4b8a7f112 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -17,51 +17,69 @@ function dfrn_poll_init(&$a) { $dfrn_version = ((x($_GET,'dfrn_version')) ? $_GET['dfrn_version'] : '1.0'); $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : ''); + + $direction = (-1); + + + if(strpos($dfrn_id,':') == 1) { + $direction = intval(substr($dfrn_id,0,1)); + $dfrn_id = substr($dfrn_id,2); + } + if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) { - $o = get_feed_for($a,'*', $a->argv[1],$last_update); + $o = get_feed_for($a, '*', $a->argv[1],$last_update); echo $o; killme(); } if((x($type)) && ($type == 'profile')) { + $sql_extra = ''; + switch($direction) { + case (-1): + $sql_extra = sprintf(" AND `dfrn-id` = '%s' ", dbesc($dfrn_id)); + $my_id = $dfrn_id; + break; + case 0: + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '1:' . $dfrn_id; + break; + case 1: + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '0:' . $dfrn_id; + break; + default: + goaway($a->get_baseurl()); + break; // NOTREACHED + } + $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) ", - dbesc($dfrn_id), - dbesc($dfrn_id) - ); + WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra LIMIT 1"); if(count($r)) { - foreach($r as $rr) { - - // On a multi-user site, the query above *may* have returned two results. - // One of those could be the logged-in user who is now visiting "this" cell, - // as both share the dfrn_id. We will skip that entry if it unfortunately - // happens to come up first. - - if(local_user() && ($rr['uid'] == get_uid())) - continue; - - $s = fetch_url($rr['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check'); - if(strlen($s)) { - $xml = simplexml_load_string($s); - if((int) $xml->status == 1) { - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $rr['id']; - notice( t('Hi ') . $rr['name'] . EOL); - // Visitors get 1 day session. - $session_id = session_id(); - $expire = time() + 86400; - q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", - dbesc($expire), - dbesc($session_id) - ); - } + + $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check'); + + if(strlen($s)) { + + $xml = simplexml_load_string($s); + + if((int) $xml->status == 1) { + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $r[0]['id']; + notice( t('Hi ') . $r[0]['name'] . EOL); + // Visitors get 1 day session. + $session_id = session_id(); + $expire = time() + 86400; + q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", + dbesc($expire), + dbesc($session_id) + ); } - $profile = $rr['nickname']; - goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); } + $profile = $r[0]['nickname']; + goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); } goaway($a->get_baseurl()); @@ -69,6 +87,16 @@ function dfrn_poll_init(&$a) { if((x($type)) && ($type == 'profile-check')) { + switch($direction) { + case 1: + $dfrn_id = '0:' . $dfrn_id; + break; + case 0: + $dfrn_id = '1:' . $dfrn_id; + break; + default: + break; + } q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time())); $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC", dbesc($dfrn_id)); @@ -91,6 +119,12 @@ function dfrn_poll_post(&$a) { $challenge = notags(trim($_POST['challenge'])); $url = $_POST['url']; + $direction = (-1); + if(strpos($dfrn_id,':') == 1) { + $direction = intval(substr($dfrn_id,0,1)); + $dfrn_id = substr($dfrn_id,2); + } + $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", dbesc($dfrn_id), dbesc($challenge) @@ -107,10 +141,28 @@ function dfrn_poll_post(&$a) { ); - $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) LIMIT 1", - dbesc($dfrn_id), - dbesc($dfrn_id) - ); + $sql_extra = ''; + switch($direction) { + case (-1): + $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + $my_id = $dfrn_id; + break; + case 0: + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '1:' . $dfrn_id; + break; + case 1: + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '0:' . $dfrn_id; + break; + default: + goaway($a->get_baseurl()); + break; // NOTREACHED + } + + + $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1"); + if(! count($r)) killme(); @@ -169,6 +221,12 @@ function dfrn_poll_content(&$a) { if(x($_GET,'last_update')) $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update']; + $direction = (-1); + if(strpos($dfrn_id,':') == 1) { + $direction = intval(substr($dfrn_id,0,1)); + $dfrn_id = substr($dfrn_id,2); + } + if($dfrn_id != '') { // initial communication from external contact @@ -187,16 +245,36 @@ function dfrn_poll_content(&$a) { dbesc($last_update) ); - $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) - AND `blocked` = 0 AND `pending` = 0 LIMIT 1", - dbesc($_GET['dfrn_id']), - dbesc($_GET['dfrn_id']) - ); + + $sql_extra = ''; + switch($direction) { + case (-1): + $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + $my_id = $dfrn_id; + break; + case 0: + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '1:' . $dfrn_id; + break; + case 1: + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '0:' . $dfrn_id; + break; + default: + goaway($a->get_baseurl()); + break; // NOTREACHED + } + + + + + $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1"); + if(count($r)) { $challenge = ''; $encrypted_id = ''; - $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); + $id_str = $my_id . '.' . mt_rand(1000,9999); if($r[0]['duplex'] && strlen($r[0]['pubkey'])) { diff --git a/mod/redir.php b/mod/redir.php index 688e516ab..5c8849eca 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -10,10 +10,16 @@ function redir_init(&$a) { if(! count($r)) goaway($a->get_baseurl()); - $dfrn_id = $r[0]['issued-id']; - if((! $dfrn_id) && ($r[0]['duplex'])) - $dfrn_id = $r[0]['dfrn-id']; + $dfrn_id = $orig_id = $r[0]['issued-id']; + if($r[0]['duplex'] && $r[0]['issued-id']) { + $orig_id = $r[0]['issued-id']; + $dfrn_id = '1:' . $orig_id; + } + if($r[0]['duplex'] && $r[0]['dfrn-id']) { + $orig_id = $r[0]['dfrn-id']; + $dfrn_id = '0:' . $orig_id; + } q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`) VALUES( %d, '%s', %d )", intval($_SESSION['uid']), |