aboutsummaryrefslogtreecommitdiffstats
path: root/include/message.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/message.php')
-rw-r--r--include/message.php126
1 files changed, 78 insertions, 48 deletions
diff --git a/include/message.php b/include/message.php
index 00cf30512..fc0d5f2b3 100644
--- a/include/message.php
+++ b/include/message.php
@@ -1,7 +1,8 @@
-<?php
+<?php /** @file */
/* Private Message backend API */
+require_once('include/crypto.php');
// send a private message
@@ -43,37 +44,60 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
$dups = false;
$hash = random_string();
- $uri = $hash . '@' . get_app()->get_hostname();
+ $mid = $hash . '@' . get_app()->get_hostname();
- $r = q("SELECT id FROM mail WHERE uri = '%s' LIMIT 1",
- dbesc($uri));
+ $r = q("SELECT id FROM mail WHERE mid = '%s' LIMIT 1",
+ dbesc($mid));
if(count($r))
$dups = true;
} while($dups == true);
if(! strlen($replyto)) {
- $replyto = $uri;
+ $replyto = $mid;
}
+ /**
+ *
+ * When a photo was uploaded into the message using the (profile wall) ajax
+ * uploader, The permissions are initially set to disallow anybody but the
+ * owner from seeing it. This is because the permissions may not yet have been
+ * set for the post. If it's private, the photo permissions should be set
+ * appropriately. But we didn't know the final permissions on the post until
+ * now. So now we'll look for links of uploaded messages that are in the
+ * post and set them to the same permissions as the post itself.
+ *
+ */
+
+ $match = null;
+ $images = null;
+ if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match))
+ $images = $match[1];
+
+ $key = get_config('system','pubkey');
+ if($subject)
+ $subject = json_encode(aes_encapsulate($subject,$key));
+ if($body)
+ $body = json_encode(aes_encapsulate($body,$key));
- $r = q("INSERT INTO mail ( account_id, channel_id, from_xchan, to_xchan, title, body, uri, parent_uri, created )
- VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
+ $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created )
+ VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
intval($channel['channel_account_id']),
+ intval(MAIL_OBSCURED),
intval($channel['channel_id']),
dbesc($channel['channel_hash']),
dbesc($recipient),
dbesc($subject),
dbesc($body),
- dbesc($uri),
+ dbesc($mid),
dbesc($replyto),
dbesc(datetime_convert())
);
// verify the save
- $r = q("SELECT * FROM mail WHERE uri = '%s' and channel_id = %d LIMIT 1",
- dbesc($uri),
+ $r = q("SELECT * FROM mail WHERE mid = '%s' and channel_id = %d LIMIT 1",
+ dbesc($mid),
intval($channel['channel_id'])
);
if($r)
@@ -83,35 +107,18 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
return $ret;
}
- /**
- *
- * When a photo was uploaded into the message using the (profile wall) ajax
- * uploader, The permissions are initially set to disallow anybody but the
- * owner from seeing it. This is because the permissions may not yet have been
- * set for the post. If it's private, the photo permissions should be set
- * appropriately. But we didn't know the final permissions on the post until
- * now. So now we'll look for links of uploaded messages that are in the
- * post and set them to the same permissions as the post itself.
- *
- */
-
- $match = null;
-
- if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) {
- $images = $match[1];
- if(count($images)) {
- foreach($images as $image) {
- if(! stristr($image,$a->get_baseurl() . '/photo/'))
- continue;
- $image_uri = substr($image,strrpos($image,'/') + 1);
- $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
- $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'",
- dbesc('<' . $recipient . '>'),
- dbesc($image_uri),
- intval($channel['channel_id']),
- dbesc('<' . $channel['channel_hash'] . '>')
- );
- }
+ if(count($images)) {
+ foreach($images as $image) {
+ if(! stristr($image,$a->get_baseurl() . '/photo/'))
+ continue;
+ $image_uri = substr($image,strrpos($image,'/') + 1);
+ $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
+ $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'",
+ dbesc('<' . $recipient . '>'),
+ dbesc($image_uri),
+ intval($channel['channel_id']),
+ dbesc('<' . $channel['channel_hash'] . '>')
+ );
}
}
@@ -169,6 +176,15 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$r[$k]['from'] = find_xchan_in_array($rr['from_xchan'],$c);
$r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c);
$r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0);
+ if($r[$k]['mail_flags'] & MAIL_OBSCURED) {
+ logger('unencrypting');
+ $key = get_config('system','prvkey');
+
+ if($r[$k]['title'])
+ $r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key);
+ if($r[$k]['body'])
+ $r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key);
+ }
}
return $r;
@@ -201,6 +217,13 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
foreach($messages as $k => $message) {
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
+ if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
+ $key = get_config('system','prvkey');
+ if($messages[$k]['title'])
+ $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
+ if($messages[$k]['body'])
+ $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
+ }
}
if($updateseen) {
@@ -221,13 +244,13 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation
if($drop_conversation) {
// find the parent_id
- $p = q("SELECT parent_uri FROM mail WHERE id = %d AND channel_id = %d LIMIT 1",
+ $p = q("SELECT parent_mid FROM mail WHERE id = %d AND channel_id = %d LIMIT 1",
intval($messageitem_id),
intval($channel_id)
);
if($p) {
- $r = q("DELETE FROM mail WHERE parent_uri = '%s' AND channel_id = %d ",
- dbesc($p[0]['parent_uri']),
+ $r = q("DELETE FROM mail WHERE parent_mid = '%s' AND channel_id = %d ",
+ dbesc($p[0]['parent_mid']),
intval($channel_id)
);
if($r)
@@ -248,9 +271,9 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation
function private_messages_fetch_conversation($channel_id, $messageitem_id, $updateseen = false) {
- // find the parent_uri of the message being requested
+ // find the parent_mid of the message being requested
- $r = q("SELECT parent_uri from mail WHERE channel_id = %d and id = %d limit 1",
+ $r = q("SELECT parent_mid from mail WHERE channel_id = %d and id = %d limit 1",
intval($channel_id),
intval($messageitem_id)
);
@@ -258,8 +281,8 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
if(! $r)
return array();
- $messages = q("select * from mail where parent_uri = '%s' and channel_id = %d order by created asc",
- dbesc($r[0]['parent_uri']),
+ $messages = q("select * from mail where parent_mid = '%s' and channel_id = %d order by created asc",
+ dbesc($r[0]['parent_mid']),
intval($channel_id)
);
@@ -282,14 +305,21 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
foreach($messages as $k => $message) {
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
+ if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
+ $key = get_config('system','prvkey');
+ if($messages[$k]['title'])
+ $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key);
+ if($messages[$k]['body'])
+ $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key);
+ }
}
if($updateseen) {
- $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_uri = '%s' AND channel_id = %d",
+ $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_mid = '%s' AND channel_id = %d",
intval(MAIL_SEEN),
intval(MAIL_SEEN),
- dbesc($r[0]['parent_uri']),
+ dbesc($r[0]['parent_mid']),
intval($channel_id)
);
}