diff options
Diffstat (limited to 'include/message.php')
| -rw-r--r-- | include/message.php | 126 |
1 files changed, 78 insertions, 48 deletions
diff --git a/include/message.php b/include/message.php index 00cf30512..fc0d5f2b3 100644 --- a/include/message.php +++ b/include/message.php @@ -1,7 +1,8 @@ -<?php +<?php /** @file */ /* Private Message backend API */ +require_once('include/crypto.php'); // send a private message @@ -43,37 +44,60 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $dups = false; $hash = random_string(); - $uri = $hash . '@' . get_app()->get_hostname(); + $mid = $hash . '@' . get_app()->get_hostname(); - $r = q("SELECT id FROM mail WHERE uri = '%s' LIMIT 1", - dbesc($uri)); + $r = q("SELECT id FROM mail WHERE mid = '%s' LIMIT 1", + dbesc($mid)); if(count($r)) $dups = true; } while($dups == true); if(! strlen($replyto)) { - $replyto = $uri; + $replyto = $mid; } + /** + * + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. + * + */ + + $match = null; + $images = null; + if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) + $images = $match[1]; + + $key = get_config('system','pubkey'); + if($subject) + $subject = json_encode(aes_encapsulate($subject,$key)); + if($body) + $body = json_encode(aes_encapsulate($body,$key)); - $r = q("INSERT INTO mail ( account_id, channel_id, from_xchan, to_xchan, title, body, uri, parent_uri, created ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) + VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), + intval(MAIL_OBSCURED), intval($channel['channel_id']), dbesc($channel['channel_hash']), dbesc($recipient), dbesc($subject), dbesc($body), - dbesc($uri), + dbesc($mid), dbesc($replyto), dbesc(datetime_convert()) ); // verify the save - $r = q("SELECT * FROM mail WHERE uri = '%s' and channel_id = %d LIMIT 1", - dbesc($uri), + $r = q("SELECT * FROM mail WHERE mid = '%s' and channel_id = %d LIMIT 1", + dbesc($mid), intval($channel['channel_id']) ); if($r) @@ -83,35 +107,18 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' return $ret; } - /** - * - * When a photo was uploaded into the message using the (profile wall) ajax - * uploader, The permissions are initially set to disallow anybody but the - * owner from seeing it. This is because the permissions may not yet have been - * set for the post. If it's private, the photo permissions should be set - * appropriately. But we didn't know the final permissions on the post until - * now. So now we'll look for links of uploaded messages that are in the - * post and set them to the same permissions as the post itself. - * - */ - - $match = null; - - if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) { - $images = $match[1]; - if(count($images)) { - foreach($images as $image) { - if(! stristr($image,$a->get_baseurl() . '/photo/')) - continue; - $image_uri = substr($image,strrpos($image,'/') + 1); - $image_uri = substr($image_uri,0, strpos($image_uri,'-')); - $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", - dbesc('<' . $recipient . '>'), - dbesc($image_uri), - intval($channel['channel_id']), - dbesc('<' . $channel['channel_hash'] . '>') - ); - } + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", + dbesc('<' . $recipient . '>'), + dbesc($image_uri), + intval($channel['channel_id']), + dbesc('<' . $channel['channel_hash'] . '>') + ); } } @@ -169,6 +176,15 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $r[$k]['from'] = find_xchan_in_array($rr['from_xchan'],$c); $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); + if($r[$k]['mail_flags'] & MAIL_OBSCURED) { + logger('unencrypting'); + $key = get_config('system','prvkey'); + + if($r[$k]['title']) + $r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key); + if($r[$k]['body']) + $r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key); + } } return $r; @@ -201,6 +217,13 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee foreach($messages as $k => $message) { $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); + if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { + $key = get_config('system','prvkey'); + if($messages[$k]['title']) + $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + if($messages[$k]['body']) + $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + } } if($updateseen) { @@ -221,13 +244,13 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation if($drop_conversation) { // find the parent_id - $p = q("SELECT parent_uri FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", + $p = q("SELECT parent_mid FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", intval($messageitem_id), intval($channel_id) ); if($p) { - $r = q("DELETE FROM mail WHERE parent_uri = '%s' AND channel_id = %d ", - dbesc($p[0]['parent_uri']), + $r = q("DELETE FROM mail WHERE parent_mid = '%s' AND channel_id = %d ", + dbesc($p[0]['parent_mid']), intval($channel_id) ); if($r) @@ -248,9 +271,9 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation function private_messages_fetch_conversation($channel_id, $messageitem_id, $updateseen = false) { - // find the parent_uri of the message being requested + // find the parent_mid of the message being requested - $r = q("SELECT parent_uri from mail WHERE channel_id = %d and id = %d limit 1", + $r = q("SELECT parent_mid from mail WHERE channel_id = %d and id = %d limit 1", intval($channel_id), intval($messageitem_id) ); @@ -258,8 +281,8 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if(! $r) return array(); - $messages = q("select * from mail where parent_uri = '%s' and channel_id = %d order by created asc", - dbesc($r[0]['parent_uri']), + $messages = q("select * from mail where parent_mid = '%s' and channel_id = %d order by created asc", + dbesc($r[0]['parent_mid']), intval($channel_id) ); @@ -282,14 +305,21 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda foreach($messages as $k => $message) { $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); + if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { + $key = get_config('system','prvkey'); + if($messages[$k]['title']) + $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + if($messages[$k]['body']) + $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + } } if($updateseen) { - $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_uri = '%s' AND channel_id = %d", + $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_mid = '%s' AND channel_id = %d", intval(MAIL_SEEN), intval(MAIL_SEEN), - dbesc($r[0]['parent_uri']), + dbesc($r[0]['parent_mid']), intval($channel_id) ); } |