diff options
Diffstat (limited to 'mod/dfrn_request.php')
-rw-r--r-- | mod/dfrn_request.php | 287 |
1 files changed, 174 insertions, 113 deletions
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index ef3c7274b..7675ee766 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -29,76 +29,113 @@ function dfrn_request_post(&$a) { goaway($a->get_baseurl()); } + // callback to local site after remote request and local confirm if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1) - && (x($_SESSION,'authenticated')) && (x($_SESSION,'uid')) - && ($_SESSION['uid'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) { + && local_user() && ($_SESSION['uid'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) { + + // We are the requestor, and we've been sent back to our own site + // to confirm the request. We've done so and clicked submit, + // which brings us here. + $dfrn_url = notags(trim($_POST['dfrn_url'])); $aes_allow = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0); $confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : ""); - $failed = false; - - require_once('Scrape.php'); + $contact_record = null; + if(x($dfrn_url)) { - $parms = scrape_dfrn($dfrn_url); - - if(! count($parms)) { - $_SESSION['sysmsg'] .= 'URL is not valid or does not contain profile information.' . EOL ; - $failed = true; + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `dfrn-url` = '%s' LIMIT 1", + intval($_SESSION['uid']), + dbesc($dfrn_url) + ); + + if(count($r)) { + if(strlen($r[0]['dfrn-id'])) { + notice("This introduction has already been accepted." . EOL ); + return; + } + else + $contact_record = $r[0]; + } + + if(is_array($contact_record)) { + $r = q("UPDATE `contact` SET `ret-aes` = %d WHERE `id` = %d LIMIT 1", + intval($aes_allow), + intval($contact_record['id']) + ); } else { - if(! x($parms,'fn')) - $_SESSION['sysmsg'] .= 'Warning: DFRN profile has no identifiable owner name.' . EOL ; - if(! x($parms,'photo')) - $_SESSION['sysmsg'] .= 'Warning: DFRN profile has no profile photo.' . EOL ; - $invalid = validate_dfrn($parms); - if($invalid) { - echo $invalid . ' required DFRN parameter' - . (($invalid == 1) ? " was " : "s were " ) - . "not found at the given URL" . '<br />'; - $failed = true; + require_once('Scrape.php'); + + + $parms = scrape_dfrn($dfrn_url); + + if(! count($parms)) { + notice( 'URL is not valid or does not contain profile information.' . EOL ); + return; + } + else { + if(! x($parms,'fn')) + notice( 'Warning: DFRN profile has no identifiable owner name.' . EOL ); + if(! x($parms,'photo')) + notice( 'Warning: DFRN profile has no profile photo.' . EOL ); + $invalid = validate_dfrn($parms); + if($invalid) { + notice( $invalid . ' required DFRN parameter' + . (($invalid == 1) ? " was " : "s were " ) + . "not found at the given URL" . EOL ); + return; + } } - } - } - if(! $failed) { - $dfrn_request = $parms['dfrn-request']; - ///////////////////////// - dbesc_array($parms); - //////////////////////// - $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`, - `request`, `confirm`, `notify`, `poll`, `aes_allow`) - VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)", - intval($_SESSION['uid']), - datetime_convert(), - dbesc($dfrn_url), - $parms['fn'], - $parms['photo'], - $parms['key'], - $parms['dfrn-request'], - $parms['dfrn-confirm'], - $parms['dfrn-notify'], - $parms['dfrn-poll'], - intval($aes_allow) - ); - if($r === false) - $_SESSION['sysmsg'] .= "Failed to create contact." . EOL; - else - $_SESSION['sysmsg'] .= "Introduction complete."; + + $dfrn_request = $parms['dfrn-request']; + + dbesc_array($parms); + + + $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`, + `request`, `confirm`, `notify`, `poll`, `aes_allow`) + VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)", + intval($_SESSION['uid']), + datetime_convert(), + dbesc($dfrn_url), + $parms['fn'], + $parms['photo'], + $parms['key'], + $parms['dfrn-request'], + $parms['dfrn-confirm'], + $parms['dfrn-notify'], + $parms['dfrn-poll'], + intval($aes_allow) + ); + } + + if($r) { + notice( "Introduction complete." . EOL); + } // Allow the blocked remote notification to complete + if(is_array($contact_record)) + $dfrn_request = $contact_record['request']; + if(strlen($dfrn_request) && strlen($confirm_key)) $s = fetch_url($dfrn_request . '?confirm_key=' . $confirm_key); - + // ignore reply goaway($dfrn_url); + // NOTREACHED + } + // invalid DFRN-url + notice( "Unrecoverable protocol error." . EOL ); + goaway($a->get_baseurl()); } @@ -116,105 +153,128 @@ function dfrn_request_post(&$a) { $uid = $a->profile['uid']; + $contact_record = null; $failed = false; + $parms = null; - require_once('Scrape.php'); if( x($_POST,'dfrn_url')) { $url = trim($_POST['dfrn_url']); - if(x($url)) { + if(! strlen($url)) { + notice( "Invalid URL" . EOL ); + return; + } + + + $ret = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' LIMIT 1", + intval($uid), + dbesc($url) + ); + + if(count($ret)) { + if(strlen($ret[0]['issued-id'])) { + notice( 'You have already introduced yourself here.' . EOL ); + return; + } + else { + $contact_record = $ret[0]; + $parms = array('dfrn-request' => $ret[0]['request']); + } + } + $issued_id = random_string(); + + if(is_array($contact_record)) { + // There is a contact record but no issued-id, so this + // is a reciprocal introduction from a known contact + $r = q("UPDATE `contact` SET `issued-id` = '%s', `ret-blocked` = 1 WHERE `id` = %d LIMIT 1", + dbesc($issued_id), + intval($contact_record['id']) + ); + } + else { + + require_once('Scrape.php'); + $parms = scrape_dfrn($url); if(! count($parms)) { - $_SESSION['sysmsg'] .= 'URL is not valid or does not contain profile information.' . EOL ; - $failed = true; + notice( 'URL is not valid or does not contain profile information.' . EOL ); + killme(); } else { if(! x($parms,'fn')) - $_SESSION['sysmsg'] .= 'Warning: DFRN profile has no identifiable owner name.' . EOL ; + notice( 'Warning: DFRN profile has no identifiable owner name.' . EOL ); if(! x($parms,'photo')) - $_SESSION['sysmsg'] .= 'Warning: DFRN profile has no profile photo.' . EOL ; + notice( 'Warning: DFRN profile has no profile photo.' . EOL ); $invalid = validate_dfrn($parms); if($invalid) { - echo $invalid . ' required DFRN parameter' + notice( $invalid . ' required DFRN parameter' . (($invalid == 1) ? " was " : "s were " ) - . "not found at the given URL" . '<br />'; + . "not found at the given URL" . EOL) ; - $failed = true; + return; } } - } - - $ret = q("SELECT `url` FROM `contact` WHERE `url` = '%s'", dbesc($url)); - if($ret !== false && count($ret)) { - $_SESSION['sysmsg'] .= 'You have already introduced yourself here.' . EOL; - $failed = true; - } - - if(! $failed) { $parms['url'] = $url; - $parms['issued-id'] = random_string(); + $parms['issued-id'] = $issued_id; - ///////////////////////// - dbesc_array($parms); - //////////////////////// - $ret = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `name`, `issued-id`, `photo`, `site-pubkey`, - `request`, `confirm`, `notify`, `poll`, `visible` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )", - intval($uid), - datetime_convert(), - $parms['url'], - $parms['fn'], - $parms['issued-id'], - $parms['photo'], - $parms['key'], - $parms['dfrn-request'], - $parms['dfrn-confirm'], - $parms['dfrn-notify'], - $parms['dfrn-poll'], - ((x($_POST,'visible')) ? 1 : 0 ) + dbesc_array($parms); + $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `name`, `issued-id`, `photo`, `site-pubkey`, + `request`, `confirm`, `notify`, `poll` ) + VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + intval($uid), + datetime_convert(), + $parms['url'], + $parms['fn'], + $parms['issued-id'], + $parms['photo'], + $parms['key'], + $parms['dfrn-request'], + $parms['dfrn-confirm'], + $parms['dfrn-notify'], + $parms['dfrn-poll'] ); + + // find the contact record we just created + if($r) { + $r = q("SELECT `id` FROM `contact` + WHERE `uid` = '%s' AND `url` = '%s' AND `issued-id` = '%s' LIMIT 1", + intval($uid), + $parms['url'], + $parms['issued-id'] + ); + if(count($r)) + $contact_record = $r[0]; + } } - if($ret === false) { - $_SESSION['sysmsg'] .= 'Failed to create contact record.' . EOL; + if($r === false) { + notice( 'Failed to update contact record.' . EOL ); return; } - $ret = q("SELECT `id` FROM `contact` - WHERE `uid` = '%s' AND `url` = '%s' AND `issued-id` = '%s' - LIMIT 1", - intval($uid), - $parms['url'], - $parms['issued-id'] - ); - - if(($ret !== NULL) && (count($ret))) - $contact_id = $ret[0]['id']; - $hash = random_string() . (string) time(); // Generate a confirm_key - if($contact_id) { + if(is_array($contact_record)) { $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`) - VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )", - intval($uid), - intval($contact_id), - ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0), - dbesc(trim($_POST['dfrn-request-message'])), - dbesc($hash), - dbesc(datetime_convert()) + VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )", + intval($uid), + intval($contact_record['id']), + ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0), + dbesc(trim($_POST['dfrn-request-message'])), + dbesc($hash), + dbesc(datetime_convert()) ); } - // TODO: send an email notification if our user wants one if(! $failed) - $_SESSION['sysmsg'] .= "Your introduction has been sent." . EOL; + notice( "Your introduction has been sent." . EOL ); // "Homecoming" - send the requestor back to their site to record the introduction. @@ -222,9 +282,10 @@ function dfrn_request_post(&$a) { $aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0); goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" . '&confirm_key=' . $hash . (($aes_allow) ? "&aes_allow=1" : "")); + // NOTREACHED } - + return; }} if(! function_exists('dfrn_request_content')) { @@ -242,8 +303,8 @@ function dfrn_request_content(&$a) { if(x($_GET,'dfrn_url')) { - if(! x($_SESSION,'authenticated')) { - $_SESSION['sysmsg'] .= "Please login to confirm introduction." . EOL; + if(! local_user()) { + notice( "Please login to confirm introduction." . EOL ); return login(); } @@ -251,7 +312,7 @@ function dfrn_request_content(&$a) { // but not as the person who needs to deal with this request. if (($_SESSION['uid'] != $a->argv[1]) && ($a->user['nickname'] != $a->argv[1])) { - $_SESSION['sysmsg'] .= "Incorrect identity currently logged in. Please login to <strong>this</strong> profile." . EOL; + notice( "Incorrect identity currently logged in. Please login to <strong>this</strong> profile." . EOL); return login(); } @@ -271,12 +332,12 @@ function dfrn_request_content(&$a) { } else { - // safe to send our user their introduction + // we are the requestee and it is now safe to send our user their introduction if((x($_GET,'confirm_key')) && strlen($_GET['confirm_key'])) { $r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1", dbesc($_GET['confirm_key']) ); - return; + killme(); } |