aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/text.php8
-rw-r--r--include/xchan.php130
2 files changed, 94 insertions, 44 deletions
diff --git a/include/text.php b/include/text.php
index 1d884593f..15cc0ca8a 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3219,8 +3219,16 @@ function create_table_from_array($table, $arr, $binary_fields = []) {
if(! ($arr && $table))
return false;
+ $columns = db_columns($table);
+
$clean = [];
foreach($arr as $k => $v) {
+
+ if(! in_array($k,$columns)) {
+ continue;
+ }
+
+
$matches = false;
if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) {
return false;
diff --git a/include/xchan.php b/include/xchan.php
index aad56063f..eb5f1b4a3 100644
--- a/include/xchan.php
+++ b/include/xchan.php
@@ -1,5 +1,7 @@
<?php
+use Zotlabs\Zot6\HTTPSig;
+
function xchan_store_lowlevel($arr) {
@@ -39,6 +41,13 @@ function xchan_store_lowlevel($arr) {
function xchan_store($arr) {
+ $update_photo = false;
+ $update_name = false;
+
+ if(! ($arr['guid'] || $arr['hash'])) {
+ $arr = json_decode(file_get_contents('php://input'),true);
+ }
+
logger('xchan_store: ' . print_r($arr,true));
if(! $arr['hash'])
@@ -49,57 +58,90 @@ function xchan_store($arr) {
$r = q("select * from xchan where xchan_hash = '%s' limit 1",
dbesc($arr['hash'])
);
- if($r)
- return true;
-
- if(! $arr['network'])
- $arr['network'] = 'unknown';
- if(! $arr['name'])
- $arr['name'] = 'unknown';
- if(! $arr['url'])
- $arr['url'] = z_root();
- if(! $arr['photo'])
- $arr['photo'] = z_root() . '/' . get_default_profile_photo();
-
-
- if($arr['network'] === 'zot') {
- if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {
- logger('Unable to verify signature for ' . $arr['hash']);
- return false;
+ if(! $r) {
+
+ $update_photo = true;
+
+ if(! $arr['network'])
+ $arr['network'] = 'unknown';
+ if(! $arr['name'])
+ $arr['name'] = 'unknown';
+ if(! $arr['url'])
+ $arr['url'] = z_root();
+ if(! $arr['photo'])
+ $arr['photo'] = z_root() . '/' . get_default_profile_photo();
+
+ if($arr['network'] === 'zot6') {
+ if((! $arr['key']) || (! Libzot::verify($arr['id'],$arr['id_sig'],$arr['key']))) {
+ logger('Unable to verify signature for ' . $arr['hash']);
+ return false;
+ }
}
- }
- $x = [];
- foreach($arr as $k => $v) {
- if($k === 'key') {
- $x['xchan_pubkey'] = $v;
- continue;
- }
- if($k === 'photo') {
- continue;
+ if($arr['network'] === 'zot') {
+ if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {
+ logger('Unable to verify signature for ' . $arr['hash']);
+ return false;
+ }
}
-
- $x['xchan_' . $k] = $v;
- }
- $x['xchan_name_date'] = datetime_convert();
+ $columns = db_columns('xchan');
+
+ $x = [];
+ foreach($arr as $k => $v) {
+ if($k === 'key') {
+ $x['xchan_pubkey'] = HTTPSig::convertKey(escape_tags($v));;
+ continue;
+ }
+ if($k === 'photo') {
+ continue;
+ }
+
+ if(in_array($columns,'xchan_' . $k))
+ $x['xchan_' . $k] = escape_tags($v);
+ }
- $r = xchan_store_lowlevel($x);
+ $x['xchan_name_date'] = datetime_convert();
+ $x['xchan_photo_date'] = datetime_convert();
+ $x['xchan_system'] = false;
- if(! $r)
- return $r;
-
- $photos = import_xchan_photo($arr['photo'],$arr['hash']);
- $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
- dbesc(datetime_convert()),
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- dbesc($photos[3]),
- dbesc($arr['hash'])
- );
- return $r;
+ $result = xchan_store_lowlevel($x);
+
+ if(! $result)
+ return $result;
+ }
+ else {
+ if($r[0]['network'] === 'zot6') {
+ return true;
+ }
+ if($r[0]['xchan_photo_date'] < datetime_convert('UTC','UTC',$arr['photo_date'])) {
+ $update_photo = true;
+ }
+ if($r[0]['xchan_name_date'] < datetime_convert('UTC','UTC',$arr['name_date'])) {
+ $update_name = true;
+ }
+ }
+
+ if($update_photo && $arr['photo']) {
+ $photos = import_xchan_photo($arr['photo'],$arr['hash']);
+ $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
+ dbesc(datetime_convert()),
+ dbesc($photos[0]),
+ dbesc($photos[1]),
+ dbesc($photos[2]),
+ dbesc($photos[3]),
+ dbesc($arr['hash'])
+ );
+ }
+ if($update_name && $arr['name']) {
+ $x = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'",
+ dbesc(escape_tags($arr['name'])),
+ dbesc(datetime_convert()),
+ dbesc($arr['hash'])
+ );
+ }
+ return true;
}