diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/Scrape.php | 119 | ||||
| -rw-r--r-- | include/api.php | 237 | ||||
| -rw-r--r-- | include/crypto.php | 61 | ||||
| -rw-r--r-- | include/diaspora.php | 315 | ||||
| -rw-r--r-- | include/items.php | 9 | ||||
| -rw-r--r-- | include/message.php | 96 | ||||
| -rw-r--r-- | include/network.php | 24 | ||||
| -rw-r--r-- | include/notifier.php | 28 | ||||
| -rw-r--r-- | include/security.php | 2 | ||||
| -rw-r--r-- | include/text.php | 42 | ||||
| -rw-r--r-- | include/zotfns.php | 2 |
11 files changed, 747 insertions, 188 deletions
diff --git a/include/Scrape.php b/include/Scrape.php index bfe795e19..cc46af644 100644 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -44,8 +44,9 @@ function scrape_dfrn($url) { $x = $item->getAttribute('rel'); if(($x === 'alternate') && ($item->getAttribute('type') === 'application/atom+xml')) $ret['feed_atom'] = $item->getAttribute('href'); - if(substr($x,0,5) == "dfrn-") + if(substr($x,0,5) == "dfrn-") { $ret[$x] = $item->getAttribute('href'); + } if($x === 'lrdd') { $decoded = urldecode($item->getAttribute('href')); if(preg_match('/acct:([^@]*)@/',$decoded,$matches)) @@ -55,17 +56,28 @@ function scrape_dfrn($url) { // Pull out hCard profile elements + $largest_photo = 0; + $items = $dom->getElementsByTagName('*'); foreach($items as $item) { if(attribute_contains($item->getAttribute('class'), 'vcard')) { $level2 = $item->getElementsByTagName('*'); foreach($level2 as $x) { - if(attribute_contains($x->getAttribute('class'),'fn')) + if(attribute_contains($x->getAttribute('class'),'fn')) { $ret['fn'] = $x->textContent; - if(attribute_contains($x->getAttribute('class'),'photo')) - $ret['photo'] = $x->getAttribute('src'); - if(attribute_contains($x->getAttribute('class'),'key')) + } + if((attribute_contains($x->getAttribute('class'),'photo')) + || (attribute_contains($x->getAttribute('class'),'avatar'))) { + $size = intval($x->getAttribute('width')); + // dfrn prefers 175, so if we find this, we set largest_size so it can't be topped. + if(($size > $largest_photo) || ($size == 175) || (! $largest_photo)) { + $ret['photo'] = $x->getAttribute('src'); + $largest_photo = (($size == 175) ? 9999 : $size); + } + } + if(attribute_contains($x->getAttribute('class'),'key')) { $ret['key'] = $x->textContent; + } } } } @@ -190,8 +202,9 @@ function scrape_vcard($url) { } } if((attribute_contains($x->getAttribute('class'),'nickname')) - || (attribute_contains($x->getAttribute('class'),'uid'))) + || (attribute_contains($x->getAttribute('class'),'uid'))) { $ret['nick'] = $x->textContent; + } } } } @@ -289,7 +302,29 @@ function scrape_feed($url) { }} -function probe_url($url) { +/** + * + * Probe a network address to discover what kind of protocols we need to communicate with it. + * + * Warning: this function is a bit touchy and there are some subtle dependencies within the logic flow. + * Edit with care. + * + */ + +/** + * + * PROBE_DIASPORA has a bias towards returning Diaspora information + * while PROBE_NORMAL has a bias towards dfrn/zot - in the case where + * an address (such as a Friendika address) supports more than one type + * of network. + * + */ + + +define ( 'PROBE_NORMAL', 0); +define ( 'PROBE_DIASPORA', 1); + +function probe_url($url, $mode = PROBE_NORMAL) { require_once('include/email.php'); $result = array(); @@ -366,7 +401,7 @@ function probe_url($url) { } } } - else { + elseif($mode == PROBE_NORMAL) { // Check email @@ -411,38 +446,46 @@ function probe_url($url) { } } - if(strlen($zot)) { - $s = fetch_url($zot); - if($s) { - $j = json_decode($s); - if($j) { - $network = NETWORK_ZOT; - $vcard = array( - 'fn' => $j->fullname, - 'nick' => $j->nickname, - 'photo' => $j->photo - ); - $profile = $j->url; - $notify = $j->post; - $pubkey = $j->pubkey; - $poll = 'N/A'; + if($mode == PROBE_NORMAL) { + if(strlen($zot)) { + $s = fetch_url($zot); + if($s) { + $j = json_decode($s); + if($j) { + $network = NETWORK_ZOT; + $vcard = array( + 'fn' => $j->fullname, + 'nick' => $j->nickname, + 'photo' => $j->photo + ); + $profile = $j->url; + $notify = $j->post; + $pubkey = $j->pubkey; + $poll = 'N/A'; + } } } - } - if(strlen($dfrn)) { - $ret = scrape_dfrn($dfrn); - if(is_array($ret) && x($ret,'dfrn-request')) { - $network = NETWORK_DFRN; - $request = $ret['dfrn-request']; - $confirm = $ret['dfrn-confirm']; - $notify = $ret['dfrn-notify']; - $poll = $ret['dfrn-poll']; + if(strlen($dfrn)) { + $ret = scrape_dfrn($dfrn); + if(is_array($ret) && x($ret,'dfrn-request')) { + $network = NETWORK_DFRN; + $request = $ret['dfrn-request']; + $confirm = $ret['dfrn-confirm']; + $notify = $ret['dfrn-notify']; + $poll = $ret['dfrn-poll']; + + $vcard = array(); + $vcard['fn'] = $ret['fn']; + $vcard['nick'] = $ret['nick']; + $vcard['photo'] = $ret['photo']; + } } } if($diaspora && $diaspora_base && $diaspora_guid) { - $notify = $diaspora_base . 'receive/post/' . $diaspora_guid; + if($mode == PROBE_DIASPORA || ! $notify) + $notify = $diaspora_base . 'receive/users/' . $diaspora_guid; if(strpos($url,'@')) $addr = str_replace('acct:', '', $url); } @@ -454,7 +497,7 @@ function probe_url($url) { $network = NETWORK_OSTATUS; $priority = 0; - if($hcard) { + if($hcard && ! $vcard) { $vcard = scrape_vcard($hcard); // Google doesn't use absolute url in profile photos @@ -498,10 +541,11 @@ function probe_url($url) { logger('probe_url: scrape_feed returns: ' . print_r($feedret,true), LOGGER_DATA); if(count($feedret) && ($feedret['feed_atom'] || $feedret['feed_rss'])) { $poll = ((x($feedret,'feed_atom')) ? unamp($feedret['feed_atom']) : unamp($feedret['feed_rss'])); - $vcard = array(); + if(! x($vcard)) + $vcard = array(); } - if(x($feedret,'photo')) + if(x($feedret,'photo') && (! x($vcard,'photo'))) $vcard['photo'] = $feedret['photo']; require_once('library/simplepie/simplepie.inc'); $feed = new SimplePie(); @@ -518,9 +562,11 @@ function probe_url($url) { if($feed->error()) logger('probe_url: scrape_feed: Error parsing XML: ' . $feed->error()); + if(! x($vcard,'photo')) $vcard['photo'] = $feed->get_image_url(); $author = $feed->get_author(); + if($author) { $vcard['fn'] = unxmlify(trim($author->get_name())); if(! $vcard['fn']) @@ -568,6 +614,7 @@ function probe_url($url) { } } } + if((! $vcard['photo']) && strlen($email)) $vcard['photo'] = gravatar_img($email); if($poll === $profile) diff --git a/include/api.php b/include/api.php index 7a44cf023..aa42313b2 100644 --- a/include/api.php +++ b/include/api.php @@ -196,6 +196,7 @@ $user = null; $extra_query = ""; + if(!is_null($contact_id)){ $user=$contact_id; $extra_query = "AND `contact`.`id` = %d "; @@ -332,7 +333,7 @@ 'notifications' => false, 'following' => '', #XXX: fix me 'verified' => true, #XXX: fix me - #'status' => null + 'status' => array() ); return $ret; @@ -352,11 +353,15 @@ return api_get_user($a,$a->contacts[$normalised]['id']); } // We don't know this person directly. + + list($nick, $name) = array_map("trim",explode("(",$item['author-name'])); + $name=str_replace(")","",$name); + $ret = array( 'uid' => 0, 'id' => 0, - 'name' => $item['author-name'], - 'screen_name' => $item['author_name'], + 'name' => $name, + 'screen_name' => $nick, 'location' => '', //$uinfo[0]['default-location'], 'profile_image_url' => $item['author-avatar'], 'url' => $item['author-link'], @@ -385,7 +390,7 @@ 'notifications' => false, 'verified' => true, #XXX: fix me 'followers' => '', #XXX: fix me - #'status' => null + 'status' => array() ); return $ret; @@ -607,10 +612,17 @@ */ function api_statuses_home_timeline(&$a, $type){ if (local_user()===false) return false; - + $user_info = api_get_user($a); // get last newtork messages -// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + + // params + $count = (x($_REQUEST,'count')?$_REQUEST['count']:20); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if ($page<0) $page=0; + $since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); + + $start = $page*$count; $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, @@ -622,9 +634,11 @@ AND `contact`.`id` = `item`.`contact-id` AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra + AND `item`.`id`>%d ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), - 0,20 + intval($since_id), + intval($start), intval($count) ); $ret = api_format_items($r,$user_info); @@ -649,7 +663,15 @@ $user_info = api_get_user($a); // get last newtork messages -// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + + // params + $count = (x($_REQUEST,'count')?$_REQUEST['count']:20); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if ($page<0) $page=0; + $since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); + + $start = $page*$count; + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, @@ -662,9 +684,11 @@ AND `contact`.`id` = `item`.`contact-id` AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra + AND `item`.`id`>%d ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), - 0,20 + intval($since_id), + intval($start), intval($count) ); $ret = api_format_items($r,$user_info); @@ -688,7 +712,13 @@ $user_info = api_get_user($a); // get last newtork messages -// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + + // params + $count = (x($_GET,'count')?$_GET['count']:20); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if ($page<0) $page=0; + + $start = $page*$count; $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, @@ -703,7 +733,7 @@ $sql_extra ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), - 0,20 + intval($start), intval($count) ); $ret = api_format_items($r,$user_info); @@ -735,8 +765,8 @@ $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item)); $status = array( 'created_at'=> api_date($item['created']), - 'published' => datetime_convert('UTC','UTC',$item['created'],ATOM_TIME), - 'updated' => datetime_convert('UTC','UTC',$item['edited'],ATOM_TIME), + 'published' => api_date($item['created']), + 'updated' => api_date($item['edited']), 'id' => intval($item['id']), 'message_id' => $item['uri'], 'text' => strip_tags(bbcode($item['body'])), @@ -780,6 +810,58 @@ } api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true); + /** + * https://dev.twitter.com/docs/api/1/get/statuses/friends + * This function is deprecated by Twitter + * returns: json, xml + **/ + function api_statuses_f(&$a, $type, $qtype) { + if (local_user()===false) return false; + $user_info = api_get_user($a); + + if (x($_GET,'cursor') && $_GET['cursor']=='undefined'){ + /* this is to stop Hotot to load friends multiple times + * I'm not sure if I'm missing return something or + * is a bug in hotot. Workaround, meantime + */ + + $ret=Array(); + $data = array('$users' => $ret); + return api_apply_template("friends", $type, $data); + } + + if($qtype == 'friends') + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + if($qtype == 'followers') + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + + $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", + intval(local_user()) + ); + + $ret = array(); + foreach($r as $cid){ + $ret[] = api_get_user($a, $cid['id']); + } + + + $data = array('$users' => $ret); + return api_apply_template("friends", $type, $data); + + } + function api_statuses_friends(&$a, $type){ + return api_statuses_f($a,$type,"friends"); + } + function api_statuses_followers(&$a, $type){ + return api_statuses_f($a,$type,"followers"); + } + api_register_func('api/statuses/friends','api_statuses_friends',true); + api_register_func('api/statuses/followers','api_statuses_followers',true); + + + + + function api_statusnet_config(&$a,$type) { $name = $a->config['sitename']; @@ -808,7 +890,6 @@ } api_register_func('api/statusnet/config','api_statusnet_config',false); - function api_statusnet_version(&$a,$type) { // liar @@ -869,3 +950,131 @@ api_register_func('api/friends/ids','api_friends_ids',true); api_register_func('api/followers/ids','api_followers_ids',true); + + function api_direct_messages_new(&$a, $type) { + if (local_user()===false) return false; + + if (!x($_POST, "text") || !x($_POST,"screen_name")) return; + + $sender = api_get_user($a); + + $r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'", + intval(local_user()), + dbesc($_POST['screen_name'])); + + $recipient = api_get_user($a, $r[0]['id']); + + + require_once("include/message.php"); + $sub = ( (strlen($_POST['text'])>10)?substr($_POST['text'],0,10)."...":$_POST['text']); + $id = send_message($recipient['id'], $_POST['text'], $sub); + + + if ($id>-1) { + $r = q("SELECT * FROM `mail` WHERE id=%d", intval($id)); + $item = $r[0]; + $ret=Array( + 'id' => $item['id'], + 'created_at'=> api_date($item['created']), + 'sender_id'=> $sender['id'] , + 'sender_screen_name'=> $sender['screen_name'], + 'sender'=> $sender, + 'recipient_id'=> $recipient['id'], + 'recipient_screen_name'=> $recipient['screen_name'], + 'recipient'=> $recipient, + + 'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) , + + ); + + } else { + $ret = array("error"=>$id); + } + + $data = Array('$messages'=>$ret); + + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("direct_messages", $type, $data); + + } + api_register_func('api/direct_messages/new','api_direct_messages_new',true); + + function api_direct_messages_box(&$a, $type, $box) { + if (local_user()===false) return false; + + $user_info = api_get_user($a); + + // params + $count = (x($_GET,'count')?$_GET['count']:20); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if ($page<0) $page=0; + + $start = $page*$count; + + + if ($box=="sentbox") { + $sql_extra = "`from-url`='%s'"; + } else { + $sql_extra = "`from-url`!='%s'"; + } + + $r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d", + intval(local_user()), + dbesc( $a->get_baseurl() . '/profile/' . $a->user['nickname'] ), + intval($start), intval($count) + ); + + $ret = Array(); + foreach($r as $item){ + switch ($box){ + case "inbox": + $recipient = $user_info; + $sender = api_get_user($a,$item['contact-id']); + break; + case "sentbox": + $recipient = api_get_user($a,$item['contact-id']); + $sender = $user_info; + break; + } + + $ret[]=Array( + 'id' => $item['id'], + 'created_at'=> api_date($item['created']), + 'sender_id'=> $sender['id'] , + 'sender_screen_name'=> $sender['screen_name'], + 'sender'=> $sender, + 'recipient_id'=> $recipient['id'], + 'recipient_screen_name'=> $recipient['screen_name'], + 'recipient'=> $recipient, + + 'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) , + + ); + + } + + + $data = array('$messages' => $ret); + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("direct_messages", $type, $data); + + } + + function api_direct_messages_sentbox(&$a, $type){ + return api_direct_messages_box($a, $type, "sentbox"); + } + function api_direct_messages_inbox(&$a, $type){ + return api_direct_messages_box($a, $type, "inbox"); + } + api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true); + api_register_func('api/direct_messages','api_direct_messages_inbox',true); diff --git a/include/crypto.php b/include/crypto.php index 1ab9e7b25..a20606db5 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -3,19 +3,20 @@ require_once('library/ASNValue.class.php'); require_once('library/asn1.php'); +// supported algorithms are 'sha256', 'sha1' -function rsa_sign($data,$key) { +function rsa_sign($data,$key,$alg = 'sha256') { $sig = ''; - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { - openssl_sign($data,$sig,$key,'sha256'); + if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { + openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } else { if(strlen($key) < 1024 || extension_loaded('gmp')) { require_once('library/phpsec/Crypt/RSA.php'); $rsa = new CRYPT_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); + $rsa->setHash($alg); $rsa->loadKey($key); $sig = $rsa->sign($data); } @@ -27,17 +28,17 @@ function rsa_sign($data,$key) { return $sig; } -function rsa_verify($data,$sig,$key) { +function rsa_verify($data,$sig,$key,$alg = 'sha256') { - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { - $verify = openssl_verify($data,$sig,$key,'sha256'); + if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { + $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } else { if(strlen($key) <= 300 || extension_loaded('gmp')) { require_once('library/phpsec/Crypt/RSA.php'); $rsa = new CRYPT_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); + $rsa->setHash($alg); $rsa->loadKey($key); $verify = $rsa->verify($data,$sig); } @@ -74,7 +75,7 @@ function DerToRsa($Der) //Encode: $Der = base64_encode($Der); //Split lines: - $lines = str_split($Der, 65); + $lines = str_split($Der, 64); $body = implode("\n", $lines); //Get title: $title = 'RSA PUBLIC KEY'; @@ -182,3 +183,45 @@ function salmon_key($pubkey) { pemtome($pubkey,$m,$e); return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ; } + + + +if(! function_exists('aes_decrypt')) { +function aes_decrypt($val,$ky) +{ + $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + for($a=0;$a<strlen($ky);$a++) + $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a])); + $mode = MCRYPT_MODE_ECB; + $enc = MCRYPT_RIJNDAEL_128; + $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) ); + return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null)); +}} + + +if(! function_exists('aes_encrypt')) { +function aes_encrypt($val,$ky) +{ + $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + for($a=0;$a<strlen($ky);$a++) + $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a])); + $mode=MCRYPT_MODE_ECB; + $enc=MCRYPT_RIJNDAEL_128; + $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16))); + return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM)); +}} + + +function pkcs5_pad ($text, $blocksize) +{ + $pad = $blocksize - (strlen($text) % $blocksize); + return $text . str_repeat(chr($pad), $pad); +} + +function pkcs5_unpad($text) +{ + $pad = ord($text{strlen($text)-1}); + if ($pad > strlen($text)) return false; + if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; + return substr($text, 0, -1 * $pad); +} diff --git a/include/diaspora.php b/include/diaspora.php index e089e3f04..f3adc608e 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -4,25 +4,11 @@ require_once('include/crypto.php'); require_once('include/items.php'); function get_diaspora_key($uri) { - $key = ''; - logger('Fetching diaspora key for: ' . $uri); - $arr = lrdd($uri); - - if(is_array($arr)) { - foreach($arr as $a) { - if($a['@attributes']['rel'] === 'diaspora-public-key') { - $key = base64_decode($a['@attributes']['href']); - } - } - } - else { - return ''; - } - - if($key) - return rsatopem($key); + $r = find_diaspora_person_by_handle($uri); + if($r) + return $r['pubkey']; return ''; } @@ -40,14 +26,16 @@ function diaspora_base_message($type,$data) { function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $a = get_app(); + logger('diaspora_msg_build: ' . $msg, LOGGER_DATA); + $inner_aes_key = random_string(32); $b_inner_aes_key = base64_encode($inner_aes_key); - $inner_iv = random_string(32); + $inner_iv = random_string(16); $b_inner_iv = base64_encode($inner_iv); $outer_aes_key = random_string(32); $b_outer_aes_key = base64_encode($outer_aes_key); - $outer_iv = random_string(32); + $outer_iv = random_string(16); $b_outer_iv = base64_encode($outer_iv); $handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); @@ -89,13 +77,20 @@ EOT; $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv); $outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key)); + $encrypted_outer_key_bundle = ''; openssl_public_encrypt($outer_json,$encrypted_outer_key_bundle,$pubkey); - + + logger('outer_bundle_encrypt: ' . openssl_error_string()); $b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle); + + logger('outer_bundle: ' . $b64_encrypted_outer_key_bundle . ' key: ' . $pubkey); + $encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle), 'ciphertext' => base64_encode($ciphertext))); - $encrypted_header = '<encrypted_header>' . base64_encode($encrypted_header_json_object) . '</encrypted_header>'; + $cipher_json = base64_encode($encrypted_header_json_object); + + $encrypted_header = '<encrypted_header>' . $cipher_json . '</encrypted_header>'; $magic_env = <<< EOT <?xml version='1.0' encoding='UTF-8'?> @@ -110,6 +105,7 @@ $magic_env = <<< EOT </entry> EOT; + logger('diaspora_msg_build: magic_env: ' . $magic_env, LOGGER_DATA); return $magic_env; } @@ -152,6 +148,7 @@ function diaspora_decode($importer,$xml) { $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); + $decrypted = pkcs5_unpad($decrypted); /** @@ -202,7 +199,7 @@ function diaspora_decode($importer,$xml) { // Add back the 60 char linefeeds - // Diaspora devs: This completely violates the entire principle of salmon magic signatures, + // This completely violates the entire principle of salmon magic signatures, // which was to have a message signing format that was completely ambivalent to linefeeds // and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby // use different linelengths for base64 output. @@ -218,7 +215,7 @@ function diaspora_decode($importer,$xml) { $encoding = $base->encoding; $alg = $base->alg; - // Diaspora devs: I can't even begin to tell you how sucky this is. Read the freaking spec. + // I can't even begin to tell you how sucky this is. Please read the spec. $signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; @@ -241,12 +238,10 @@ function diaspora_decode($importer,$xml) { } // Once we have the author URI, go to the web and try to find their public key - // *** or look it up locally *** + // (first this will look it up locally if it is in the fcontact cache) + // This will also convert diaspora public key from pkcs#1 to pkcs#8 logger('mod-diaspora: Fetching key for ' . $author_link ); - - // Get diaspora public key (pkcs#1) and convert to pkcs#8 - $key = get_diaspora_key($author_link); if(! $key) { @@ -278,21 +273,33 @@ function diaspora_get_contact_by_handle($uid,$handle) { return false; } -function find_person_by_handle($handle) { - // we don't care about the uid, we just want to save an expensive webfinger probe - $r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1", - dbesc(NETWORK_DIASPORA), - dbesc($handle) - ); - if(count($r)) +function find_diaspora_person_by_handle($handle) { + $r = q("select * from fcontact where network = '%s' and addr = '%s' limit 1", + dbesc(NETWORK_DIASPORA), + dbesc($handle) + ); + if(count($r)) { + // update record occasionally so it doesn't get stale + $d = strtotime($r[0]['updated'] . ' +00:00'); + if($d < strtotime('now - 14 days')) { + q("delete from fcontact where id = %d limit 1", + intval($r[0]['id']) + ); + } + else return $r[0]; - $r = probe_url($handle); - // need to cached this, perhaps in fcontact - if(count($r)) - return ($r); - return false; + } + require_once('include/Scrape.php'); + $r = probe_url($handle, PROBE_DIASPORA); + if((count($r)) && ($r['network'] === NETWORK_DIASPORA)) { + add_fcontact($r); + return ($r); + } + return false; } + + function diaspora_request($importer,$xml) { $sender_handle = unxmlify($xml->sender_handle); @@ -310,7 +317,7 @@ function diaspora_request($importer,$xml) { // That makes us friends. if($contact['rel'] == CONTACT_IS_FOLLOWER) { - q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", + q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(CONTACT_IS_FRIEND), intval($contact['id']), intval($importer['uid']) @@ -320,8 +327,8 @@ function diaspora_request($importer,$xml) { return; } - require_once('include/Scrape.php'); - $ret = probe_url($sender_handle); + $ret = find_diaspora_person_by_handle($sender_handle); + if((! count($ret)) || ($ret['network'] != NETWORK_DIASPORA)) { logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle); @@ -352,11 +359,12 @@ function diaspora_request($importer,$xml) { $hash = random_string() . (string) time(); // Generate a confirm_key if($contact_record) { - $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`,`blocked`) - VALUES ( %d, %d, 1, %d, '%s', '%s', '%s', 0 )", + $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime` ) + VALUES ( %d, %d, %d, %d, '%s', '%s', '%s' )", intval($importer['uid']), intval($contact_record['id']), 0, + 0, dbesc( t('Sharing notification from Diaspora network')), dbesc($hash), dbesc(datetime_convert()) @@ -483,7 +491,7 @@ function diaspora_comment($importer,$xml,$msg) { dbesc($parent_guid) ); if(! count($r)) { - logger('diaspora_comment: parent item not found: ' . $guid); + logger('diaspora_comment: parent item not found: parent: ' . $parent_guid . ' item: ' . $guid); return; } $parent_item = $r[0]; @@ -492,12 +500,12 @@ function diaspora_comment($importer,$xml,$msg) { $author_signature = base64_decode($author_signature); - if(stricmp($diaspora_handle,$msg['author']) == 0) { + if(strcasecmp($diaspora_handle,$msg['author']) == 0) { $person = $contact; $key = $msg['key']; } else { - $person = find_person_by_handle($diaspora_handle); + $person = find_diaspora_person_by_handle($diaspora_handle); if(is_array($person) && x($person,'pubkey')) $key = $person['pubkey']; @@ -507,11 +515,12 @@ function diaspora_comment($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key)) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { logger('diaspora_comment: verification failed.'); return; } + if($parent_author_signature) { $owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $msg['author']; @@ -519,7 +528,7 @@ function diaspora_comment($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { logger('diaspora_comment: owner verification failed.'); return; } @@ -578,14 +587,25 @@ function diaspora_comment($importer,$xml,$msg) { $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); $datarray['body'] = $body; - item_store($datarray); + $message_id = item_store($datarray); + if(! $parent_author_signature) { + q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + intval($message_id), + dbesc($author_signed_data), + dbesc(base64_encode($author_signature)), + dbesc($diaspora_handle) + ); + } + + // notify others return; } function diaspora_like($importer,$xml,$msg) { + $a = get_app(); $guid = notags(unxmlify($xml->guid)); $parent_guid = notags(unxmlify($xml->parent_guid)); $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); @@ -621,7 +641,7 @@ function diaspora_like($importer,$xml,$msg) { $parent_item = $r[0]; - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '$s' LIMIT 1", + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", intval($importer['uid']), dbesc($guid) ); @@ -645,25 +665,25 @@ function diaspora_like($importer,$xml,$msg) { return; } - $author_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $diaspora_handle; + $author_signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; $author_signature = base64_decode($author_signature); - if(stricmp($diaspora_handle,$msg['author']) == 0) { + if(strcasecmp($diaspora_handle,$msg['author']) == 0) { $person = $contact; $key = $msg['key']; } else { - $person = find_person_by_handle($diaspora_handle); + $person = find_diaspora_person_by_handle($diaspora_handle); if(is_array($person) && x($person,'pubkey')) $key = $person['pubkey']; else { - logger('diaspora_comment: unable to find author details'); + logger('diaspora_like: unable to find author details'); return; } } - if(! rsa_verify($author_signed_data,$author_signature,$key)) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { logger('diaspora_like: verification failed.'); return; } @@ -675,7 +695,7 @@ function diaspora_like($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { logger('diaspora_like: owner verification failed.'); return; } @@ -708,6 +728,7 @@ EOT; $arr['uri'] = $uri; $arr['uid'] = $importer['uid']; + $arr['guid'] = $guid; $arr['contact-id'] = $contact['id']; $arr['type'] = 'activity'; $arr['wall'] = $parent_item['wall']; @@ -715,13 +736,13 @@ EOT; $arr['parent'] = $parent_item['id']; $arr['parent-uri'] = $parent_item['uri']; - $datarray['owner-name'] = $contact['name']; - $datarray['owner-link'] = $contact['url']; - $datarray['owner-avatar'] = $contact['thumb']; + $arr['owner-name'] = $contact['name']; + $arr['owner-link'] = $contact['url']; + $arr['owner-avatar'] = $contact['thumb']; - $datarray['author-name'] = $person['name']; - $datarray['author-link'] = $person['url']; - $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); + $arr['author-name'] = $person['name']; + $arr['author-link'] = $person['url']; + $arr['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; $alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]'; @@ -736,12 +757,20 @@ EOT; $arr['unseen'] = 1; $arr['last-child'] = 0; - $post_id = item_store($arr); + $message_id = item_store($arr); + if(! $parent_author_signature) { + q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + intval($message_id), + dbesc($author_signed_data), + dbesc(base64_encode($author_signature)), + dbesc($diaspora_handle) + ); + } // FIXME send notification - + return; } function diaspora_retraction($importer,$xml) { @@ -770,21 +799,22 @@ function diaspora_share($me,$contact) { $tpl = get_markup_template('diaspora_share.tpl'); $msg = replace_macros($tpl, array( - '$sender' => myaddr, + '$sender' => $myaddr, '$recipient' => $theiraddr )); - $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey'])); + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']))); - post_url($contact['notify'],$slap); + post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); + logger('diaspora_send_share: returns: ' . $return_code); return $return_code; } function diaspora_send_status($item,$owner,$contact) { $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $theiraddr = $contact['addr']; require_once('include/bbcode.php'); @@ -805,11 +835,154 @@ function diaspora_send_status($item,$owner,$contact) { logger('diaspora_send_status: base message: ' . $msg, LOGGER_DATA); - $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])); + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); - post_url($contact['notify'],$slap); + post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); logger('diaspora_send_status: returns: ' . $return_code); return $return_code; } + +function diaspora_send_followup($item,$owner,$contact) { + + $a = get_app(); + $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $theiraddr = $contact['addr']; + + $p = q("select guid from item where parent = %d limit 1", + $item['parent'] + ); + if(count($p)) + $parent_guid = $p[0]['guid']; + else + return; + + if($item['verb'] === ACTIVITY_LIKE) { + $tpl = get_markup_template('diaspora_like.tpl'); + $like = true; + $target_type = 'Post'; + $positive = (($item['deleted']) ? 'false' : 'true'); + } + else { + $tpl = get_markup_template('diaspora_comment.tpl'); + $like = false; + } + + $text = bbcode($item['body']); + + // sign it + + if($like) + $signed_text = $item['guid'] . ';' . $target_type . ';' . $positive . ';' . $myaddr; + else + $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; + + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha'); + + $msg = replace_macros($tpl,array( + '$guid' => xmlify($item['guid']), + '$parent_guid' => xmlify($parent_guid), + '$target_type' =>xmlify($target_type), + '$authorsig' => xmlify($authorsig), + '$body' => xmlify($text), + '$positive' => xmlify($positive), + '$handle' => xmlify($myaddr) + )); + + logger('diaspora_followup: base message: ' . $msg, LOGGER_DATA); + + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); + + post_url($contact['notify'] . '/',$slap); + $return_code = $a->get_curl_code(); + logger('diaspora_send_followup: returns: ' . $return_code); + return $return_code; + +} + + +function diaspora_send_relay($item,$owner,$contact) { + + + $a = get_app(); + $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $theiraddr = $contact['addr']; + + + $p = q("select guid from item where parent = %d limit 1", + $item['parent'] + ); + if(count($p)) + $parent_guid = $p[0]['guid']; + else + return; + + // fetch the original signature + $r = q("select * from sign where iid = %d limit 1", + intval($item['id']) + ); + if(! count($r)) + return; + $orig_sign = $r[0]; + + if($item['verb'] === ACTIVITY_LIKE) { + $tpl = get_markup_template('diaspora_like_relay.tpl'); + $like = true; + $target_type = 'Post'; + $positive = (($item['deleted']) ? 'false' : 'true'); + } + else { + $tpl = get_markup_template('diaspora_comment_relay.tpl'); + $like = false; + } + + $text = bbcode($item['body']); + + // sign it + + if($like) + $parent_signed_text = $orig_sign['signed_text']; + else + $parent_signed_text = $orig_sign['signed_text']; + + $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha')); + + $msg = replace_macros($tpl,array( + '$guid' => xmlify($item['guid']), + '$parent_guid' => xmlify($parent_guid), + '$target_type' =>xmlify($target_type), + '$authorsig' => xmlify($orig_sign['signature']), + '$parentsig' => xmlify($parentauthorsig), + '$text' => xmlify($text), + '$positive' => xmlify($positive), + '$diaspora_handle' => xmlify($myaddr) + )); + + // fetch the original signature + $r = q("select * from sign where iid = %d limit 1", + intval($item['id']) + ); + if(! count($r)) + return; + + logger('diaspora_relay_comment: base message: ' . $msg, LOGGER_DATA); + + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); + + post_url($contact['notify'] . '/',$slap); + $return_code = $a->get_curl_code(); + logger('diaspora_send_relay: returns: ' . $return_code); + return $return_code; + +} + + + +function diaspora_send_retraction($item,$owner,$contact) { + + + + + +}
\ No newline at end of file diff --git a/include/items.php b/include/items.php index ec519ad9b..746e3b294 100644 --- a/include/items.php +++ b/include/items.php @@ -1,8 +1,9 @@ <?php -require_once('bbcode.php'); -require_once('oembed.php'); +require_once('include/bbcode.php'); +require_once('include/oembed.php'); require_once('include/salmon.php'); +require_once('include/crypto.php'); function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) { @@ -694,6 +695,7 @@ function item_store($arr,$force_parent = false) { $arr['tag'] = ((x($arr,'tag')) ? notags(trim($arr['tag'])) : ''); $arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : ''); $arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : ''); + $arr['guid'] = ((x($arr,'guid')) ? notags(trim($arr['guid'])) : get_guid()); if($arr['parent-uri'] === $arr['uri']) { $parent_id = 0; @@ -757,7 +759,6 @@ function item_store($arr,$force_parent = false) { } } - $arr['guid'] = get_guid(); call_hooks('post_remote',$arr); @@ -1635,7 +1636,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { $o .= '<published>' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '</published>' . "\r\n"; $o .= '<updated>' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '</updated>' . "\r\n"; $o .= '<dfrn:env>' . base64url_encode($body, true) . '</dfrn:env>' . "\r\n"; - $o .= '<content type="' . $type . '" >' . xmlify(($type === 'html') ? bbcode($body) : $body) . '</content>' . "\r\n"; + $o .= '<content type="' . $type . '" >' . xmlify((($type === 'html') ? bbcode($body) : $body)) . '</content>' . "\r\n"; $o .= '<link rel="alternate" type="text/html" href="' . xmlify($a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id']) . '" />' . "\r\n"; if($comment) $o .= '<dfrn:comment-allow>' . intval($item['last-child']) . '</dfrn:comment-allow>' . "\r\n"; diff --git a/include/message.php b/include/message.php new file mode 100644 index 000000000..cca913b4e --- /dev/null +++ b/include/message.php @@ -0,0 +1,96 @@ +<?php + // send a private message + + + + +function send_message($recipient=0, $body='', $subject='', $replyto=''){ + $a = get_app(); + + if(! $recipient) return -1; + + if(! strlen($subject)) + $subject = t('[no subject]'); + + $me = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", + intval(local_user()) + ); + $contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($recipient), + intval(local_user()) + ); + + if(! (count($me) && (count($contact)))) { + return -2; + } + + $hash = random_string(); + $uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . local_user() . ':' . $hash ; + + if(! strlen($replyto)) + $replyto = $uri; + + $r = q("INSERT INTO `mail` ( `uid`, `from-name`, `from-photo`, `from-url`, + `contact-id`, `title`, `body`, `seen`, `replied`, `uri`, `parent-uri`, `created`) + VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s', '%s', '%s' )", + intval(local_user()), + dbesc($me[0]['name']), + dbesc($me[0]['thumb']), + dbesc($me[0]['url']), + intval($recipient), + dbesc($subject), + dbesc($body), + 1, + 0, + dbesc($uri), + dbesc($replyto), + datetime_convert() + ); + $r = q("SELECT * FROM `mail` WHERE `uri` = '%s' and `uid` = %d LIMIT 1", + dbesc($uri), + intval(local_user()) + ); + if(count($r)) + $post_id = $r[0]['id']; + + /** + * + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. + * + */ + + $match = null; + + if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) { + $images = $match[1]; + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE `photo` SET `allow_cid` = '%s' + WHERE `resource-id` = '%s' AND `album` = '%s' AND `uid` = %d ", + dbesc('<' . $recipient . '>'), + dbesc($image_uri), + dbesc( t('Wall Photos')), + intval(local_user()) + ); + } + } + } + + if($post_id) { + proc_run('php',"include/notifier.php","mail","$post_id"); + return intval($post_id); + } else { + return -3; + } + +} diff --git a/include/network.php b/include/network.php index bbf1d6a63..d4f0d8aa7 100644 --- a/include/network.php +++ b/include/network.php @@ -536,7 +536,7 @@ function fetch_xrd_links($url) { $aliases = array($alias); else $aliases = $alias; - if(count($aliases)) { + if($aliases && count($aliases)) { foreach($aliases as $alias) { $links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias); } @@ -693,3 +693,25 @@ function parse_xml_string($s,$strict = true) { } return $x; }} + +function add_fcontact($arr) { + + $r = q("insert into fcontact ( `url`,`name`,`photo`,`request`,`nick`,`addr`, + `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey`,`updated` ) + values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", + dbesc($arr['url']), + dbesc($arr['name']), + dbesc($arr['photo']), + dbesc($arr['request']), + dbesc($arr['nick']), + dbesc($arr['addr']), + dbesc($arr['notify']), + dbesc($arr['poll']), + dbesc($arr['confirm']), + dbesc($arr['network']), + dbesc($arr['alias']), + dbesc($arr['pubkey']), + dbesc(datetime_convert()) + ); + return $r; +} diff --git a/include/notifier.php b/include/notifier.php index 15fb38534..cf8871fb9 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -502,22 +502,27 @@ function notifier_run($argv, $argc){ } break; case NETWORK_DIASPORA: - if(get_config('system','dfrn_only') || (! get_config('diaspora_enabled')) || (! $normal_mode)) + require_once('include/diaspora.php'); + if(get_config('system','dfrn_only') || (! get_config('system','diaspora_enabled')) || (! $normal_mode)) break; - - if($target_item['deleted']) { - // diaspora delete, (check for like) - + + if($target_item['verb'] === ACTIVITY_DISLIKE) { + // unsupported + break; + } + elseif($target_item['deleted'] && (! $parent_item['verb'] === ACTIVITY_LIKE)) { + // diaspora delete, + diaspora_send_retraction($target_item,$owner,$contact); break; } elseif($followup) { - // send to owner to relay - + // send comments, likes and retractions of likes to owner to relay + diaspora_send_followup($target_item,$owner,$contact); break; } elseif($target_item['parent'] != $target_item['id']) { - // we are the relay - + // we are the relay - send comments, likes and unlikes to our conversants + diaspora_send_relay($target_item,$owner,$contact); break; } elseif($top_level) { @@ -571,7 +576,7 @@ function notifier_run($argv, $argc){ /** * - * If you have less than 150 dfrn friends and it's a public message, + * If you have less than 999 dfrn friends and it's a public message, * we'll just go ahead and push them out securely with dfrn/rino. * If you've got more than that, you'll have to rely on PuSH delivery. * @@ -587,8 +592,9 @@ function notifier_run($argv, $argc){ */ $r = q("SELECT `id`, `name` FROM `contact` - WHERE `network` = NETWORK_DFRN AND `uid` = %d AND `blocked` = 0 AND `pending` = 0 + WHERE `network` = '%s' AND `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `rel` != %d ", + dbesc(NETWORK_DFRN), intval($owner['uid']), intval(CONTACT_IS_SHARING) ); diff --git a/include/security.php b/include/security.php index 6fbdd697f..684a88a51 100644 --- a/include/security.php +++ b/include/security.php @@ -28,7 +28,7 @@ function can_write_wall(&$a,$owner) { AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", intval($owner), intval(remote_user()), - intval(CONTACT_IS_FOLLOWER), + intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), intval(PAGE_COMMUNITY) ); diff --git a/include/text.php b/include/text.php index 803bf0e51..66447069e 100644 --- a/include/text.php +++ b/include/text.php @@ -147,7 +147,7 @@ if(! function_exists('xmlify')) { function xmlify($str) { $buffer = ''; - for($x = 0; $x < strlen($str); $x ++) { + for($x = 0; $x < mb_strlen($str); $x ++) { $char = $str[$x]; switch( $char ) { @@ -620,32 +620,6 @@ function valid_email($x){ }} -if(! function_exists('aes_decrypt')) { -function aes_decrypt($val,$ky) -{ - $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; - for($a=0;$a<strlen($ky);$a++) - $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a])); - $mode = MCRYPT_MODE_ECB; - $enc = MCRYPT_RIJNDAEL_128; - $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) ); - return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null)); -}} - - -if(! function_exists('aes_encrypt')) { -function aes_encrypt($val,$ky) -{ - $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; - for($a=0;$a<strlen($ky);$a++) - $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a])); - $mode=MCRYPT_MODE_ECB; - $enc=MCRYPT_RIJNDAEL_128; - $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16))); - return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM)); -}} - - /** * * Function: linkify @@ -903,20 +877,6 @@ function generate_user_guid() { } -function pkcs5_pad ($text, $blocksize) -{ - $pad = $blocksize - (strlen($text) % $blocksize); - return $text . str_repeat(chr($pad), $pad); -} - -function pkcs5_unpad($text) -{ - $pad = ord($text{strlen($text)-1}); - if ($pad > strlen($text)) return false; - if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; - return substr($text, 0, -1 * $pad); -} - function base64url_encode($s, $strip_padding = false) { diff --git a/include/zotfns.php b/include/zotfns.php index b695b6fcb..b23fce82a 100644 --- a/include/zotfns.php +++ b/include/zotfns.php @@ -2,6 +2,8 @@ require_once('include/salmon.php'); +require_once('include/crypto.php'); + function zot_get($url,$args) { $argstr = ''; |