diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/contacts.php | 22 | ||||
-rw-r--r-- | mod/dfrn_confirm.php | 8 | ||||
-rw-r--r-- | mod/dfrn_request.php | 287 | ||||
-rw-r--r-- | mod/item.php | 3 | ||||
-rw-r--r-- | mod/profile.php | 41 | ||||
-rw-r--r-- | mod/register.php | 16 | ||||
-rw-r--r-- | mod/settings.php | 12 |
7 files changed, 251 insertions, 138 deletions
diff --git a/mod/contacts.php b/mod/contacts.php index 5435df7b2..fb4e6cf6b 100644 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -93,13 +93,13 @@ function contacts_content(&$a) { switch($sort_type) { case DIRECTION_BOTH : - $sql_extra = " AND `dfrn-id` != '' AND `ret-id` != '' "; + $sql_extra = " AND `dfrn-id` != '' AND `issued-id` != '' "; break; case DIRECTION_IN : - $sql_extra = " AND `dfrn-id` != '' AND `ret-id` = '' "; + $sql_extra = " AND `dfrn-id` = '' AND `issued-id` != '' "; break; case DIRECTION_OUT : - $sql_extra = " AND `dfrn-id` = '' AND `ret-id` != '' "; + $sql_extra = " AND `dfrn-id` != '' AND `issued-id` = '' "; break; case DIRECTION_ANY : default: @@ -118,22 +118,22 @@ function contacts_content(&$a) { if($rr['self']) continue; $direction = ''; - if(strlen($rr['dfrn-id'])) { - if(strlen($rr['ret-id'])) { + if(strlen($rr['issued-id'])) { + if(strlen($rr['dfrn-id'])) { $direction = DIRECTION_BOTH; $dir_icon = 'images/lrarrow.gif'; $alt_text = 'Mutual Friendship'; } else { - $direction = DIRECTION_OUT; - $dir_icon = 'images/rarrow.gif'; - $alt_text = 'You are a fan of'; + $direction = DIRECTION_IN; + $dir_icon = 'images/larrow.gif'; + $alt_text = 'is a fan of yours'; } } else { - $direction = DIRECTION_IN; - $dir_icon = 'images/larrow.gif'; - $alt_text = 'is a fan of yours'; + $direction = DIRECTION_OUT; + $dir_icon = 'images/rarrow.gif'; + $alt_text = 'you are a fan of'; } $o .= replace_macros($tpl, array( diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index c830f1cf2..e02fbf3d0 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -166,7 +166,7 @@ function dfrn_confirm_post(&$a) { $res = mail($r[0]['email'],"Introduction accepted at {$a->config['sitename']}", $email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}"); if(!$res) { - $_SESSION['sysmsg'] .= "Email notification failed." . EOL; + notice( "Email notification failed." . EOL ); } xml_status(0); // Success @@ -182,12 +182,12 @@ function dfrn_confirm_post(&$a) { } else { - // We are processing a local confirmation initiated on this system by our user to an external introduction. + // We are processing a local confirmation initiated on this system by our user to an external introduction. $uid = $_SESSION['uid']; if(! $uid) { - $_SESSION['sysmsg'] = 'Unauthorised.'; + notice("Permission denied." . EOL ); return; } @@ -223,7 +223,7 @@ function dfrn_confirm_post(&$a) { $pubkey = openssl_pkey_get_details($res); $public_key = $pubkey["key"]; - $r = q("UPDATE `contact` SET `pubkey` = '%s', `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("UPDATE `contact` SET `issued-pubkey` = '%s', `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($public_key), dbesc($private_key), intval($contact_id), diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index ef3c7274b..7675ee766 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -29,76 +29,113 @@ function dfrn_request_post(&$a) { goaway($a->get_baseurl()); } + // callback to local site after remote request and local confirm if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1) - && (x($_SESSION,'authenticated')) && (x($_SESSION,'uid')) - && ($_SESSION['uid'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) { + && local_user() && ($_SESSION['uid'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) { + + // We are the requestor, and we've been sent back to our own site + // to confirm the request. We've done so and clicked submit, + // which brings us here. + $dfrn_url = notags(trim($_POST['dfrn_url'])); $aes_allow = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0); $confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : ""); - $failed = false; - - require_once('Scrape.php'); + $contact_record = null; + if(x($dfrn_url)) { - $parms = scrape_dfrn($dfrn_url); - - if(! count($parms)) { - $_SESSION['sysmsg'] .= 'URL is not valid or does not contain profile information.' . EOL ; - $failed = true; + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `dfrn-url` = '%s' LIMIT 1", + intval($_SESSION['uid']), + dbesc($dfrn_url) + ); + + if(count($r)) { + if(strlen($r[0]['dfrn-id'])) { + notice("This introduction has already been accepted." . EOL ); + return; + } + else + $contact_record = $r[0]; + } + + if(is_array($contact_record)) { + $r = q("UPDATE `contact` SET `ret-aes` = %d WHERE `id` = %d LIMIT 1", + intval($aes_allow), + intval($contact_record['id']) + ); } else { - if(! x($parms,'fn')) - $_SESSION['sysmsg'] .= 'Warning: DFRN profile has no identifiable owner name.' . EOL ; - if(! x($parms,'photo')) - $_SESSION['sysmsg'] .= 'Warning: DFRN profile has no profile photo.' . EOL ; - $invalid = validate_dfrn($parms); - if($invalid) { - echo $invalid . ' required DFRN parameter' - . (($invalid == 1) ? " was " : "s were " ) - . "not found at the given URL" . '<br />'; - $failed = true; + require_once('Scrape.php'); + + + $parms = scrape_dfrn($dfrn_url); + + if(! count($parms)) { + notice( 'URL is not valid or does not contain profile information.' . EOL ); + return; + } + else { + if(! x($parms,'fn')) + notice( 'Warning: DFRN profile has no identifiable owner name.' . EOL ); + if(! x($parms,'photo')) + notice( 'Warning: DFRN profile has no profile photo.' . EOL ); + $invalid = validate_dfrn($parms); + if($invalid) { + notice( $invalid . ' required DFRN parameter' + . (($invalid == 1) ? " was " : "s were " ) + . "not found at the given URL" . EOL ); + return; + } } - } - } - if(! $failed) { - $dfrn_request = $parms['dfrn-request']; - ///////////////////////// - dbesc_array($parms); - //////////////////////// - $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`, - `request`, `confirm`, `notify`, `poll`, `aes_allow`) - VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)", - intval($_SESSION['uid']), - datetime_convert(), - dbesc($dfrn_url), - $parms['fn'], - $parms['photo'], - $parms['key'], - $parms['dfrn-request'], - $parms['dfrn-confirm'], - $parms['dfrn-notify'], - $parms['dfrn-poll'], - intval($aes_allow) - ); - if($r === false) - $_SESSION['sysmsg'] .= "Failed to create contact." . EOL; - else - $_SESSION['sysmsg'] .= "Introduction complete."; + + $dfrn_request = $parms['dfrn-request']; + + dbesc_array($parms); + + + $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`, + `request`, `confirm`, `notify`, `poll`, `aes_allow`) + VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)", + intval($_SESSION['uid']), + datetime_convert(), + dbesc($dfrn_url), + $parms['fn'], + $parms['photo'], + $parms['key'], + $parms['dfrn-request'], + $parms['dfrn-confirm'], + $parms['dfrn-notify'], + $parms['dfrn-poll'], + intval($aes_allow) + ); + } + + if($r) { + notice( "Introduction complete." . EOL); + } // Allow the blocked remote notification to complete + if(is_array($contact_record)) + $dfrn_request = $contact_record['request']; + if(strlen($dfrn_request) && strlen($confirm_key)) $s = fetch_url($dfrn_request . '?confirm_key=' . $confirm_key); - + // ignore reply goaway($dfrn_url); + // NOTREACHED + } + // invalid DFRN-url + notice( "Unrecoverable protocol error." . EOL ); + goaway($a->get_baseurl()); } @@ -116,105 +153,128 @@ function dfrn_request_post(&$a) { $uid = $a->profile['uid']; + $contact_record = null; $failed = false; + $parms = null; - require_once('Scrape.php'); if( x($_POST,'dfrn_url')) { $url = trim($_POST['dfrn_url']); - if(x($url)) { + if(! strlen($url)) { + notice( "Invalid URL" . EOL ); + return; + } + + + $ret = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' LIMIT 1", + intval($uid), + dbesc($url) + ); + + if(count($ret)) { + if(strlen($ret[0]['issued-id'])) { + notice( 'You have already introduced yourself here.' . EOL ); + return; + } + else { + $contact_record = $ret[0]; + $parms = array('dfrn-request' => $ret[0]['request']); + } + } + $issued_id = random_string(); + + if(is_array($contact_record)) { + // There is a contact record but no issued-id, so this + // is a reciprocal introduction from a known contact + $r = q("UPDATE `contact` SET `issued-id` = '%s', `ret-blocked` = 1 WHERE `id` = %d LIMIT 1", + dbesc($issued_id), + intval($contact_record['id']) + ); + } + else { + + require_once('Scrape.php'); + $parms = scrape_dfrn($url); if(! count($parms)) { - $_SESSION['sysmsg'] .= 'URL is not valid or does not contain profile information.' . EOL ; - $failed = true; + notice( 'URL is not valid or does not contain profile information.' . EOL ); + killme(); } else { if(! x($parms,'fn')) - $_SESSION['sysmsg'] .= 'Warning: DFRN profile has no identifiable owner name.' . EOL ; + notice( 'Warning: DFRN profile has no identifiable owner name.' . EOL ); if(! x($parms,'photo')) - $_SESSION['sysmsg'] .= 'Warning: DFRN profile has no profile photo.' . EOL ; + notice( 'Warning: DFRN profile has no profile photo.' . EOL ); $invalid = validate_dfrn($parms); if($invalid) { - echo $invalid . ' required DFRN parameter' + notice( $invalid . ' required DFRN parameter' . (($invalid == 1) ? " was " : "s were " ) - . "not found at the given URL" . '<br />'; + . "not found at the given URL" . EOL) ; - $failed = true; + return; } } - } - - $ret = q("SELECT `url` FROM `contact` WHERE `url` = '%s'", dbesc($url)); - if($ret !== false && count($ret)) { - $_SESSION['sysmsg'] .= 'You have already introduced yourself here.' . EOL; - $failed = true; - } - - if(! $failed) { $parms['url'] = $url; - $parms['issued-id'] = random_string(); + $parms['issued-id'] = $issued_id; - ///////////////////////// - dbesc_array($parms); - //////////////////////// - $ret = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `name`, `issued-id`, `photo`, `site-pubkey`, - `request`, `confirm`, `notify`, `poll`, `visible` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )", - intval($uid), - datetime_convert(), - $parms['url'], - $parms['fn'], - $parms['issued-id'], - $parms['photo'], - $parms['key'], - $parms['dfrn-request'], - $parms['dfrn-confirm'], - $parms['dfrn-notify'], - $parms['dfrn-poll'], - ((x($_POST,'visible')) ? 1 : 0 ) + dbesc_array($parms); + $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `name`, `issued-id`, `photo`, `site-pubkey`, + `request`, `confirm`, `notify`, `poll` ) + VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + intval($uid), + datetime_convert(), + $parms['url'], + $parms['fn'], + $parms['issued-id'], + $parms['photo'], + $parms['key'], + $parms['dfrn-request'], + $parms['dfrn-confirm'], + $parms['dfrn-notify'], + $parms['dfrn-poll'] ); + + // find the contact record we just created + if($r) { + $r = q("SELECT `id` FROM `contact` + WHERE `uid` = '%s' AND `url` = '%s' AND `issued-id` = '%s' LIMIT 1", + intval($uid), + $parms['url'], + $parms['issued-id'] + ); + if(count($r)) + $contact_record = $r[0]; + } } - if($ret === false) { - $_SESSION['sysmsg'] .= 'Failed to create contact record.' . EOL; + if($r === false) { + notice( 'Failed to update contact record.' . EOL ); return; } - $ret = q("SELECT `id` FROM `contact` - WHERE `uid` = '%s' AND `url` = '%s' AND `issued-id` = '%s' - LIMIT 1", - intval($uid), - $parms['url'], - $parms['issued-id'] - ); - - if(($ret !== NULL) && (count($ret))) - $contact_id = $ret[0]['id']; - $hash = random_string() . (string) time(); // Generate a confirm_key - if($contact_id) { + if(is_array($contact_record)) { $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`) - VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )", - intval($uid), - intval($contact_id), - ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0), - dbesc(trim($_POST['dfrn-request-message'])), - dbesc($hash), - dbesc(datetime_convert()) + VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )", + intval($uid), + intval($contact_record['id']), + ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0), + dbesc(trim($_POST['dfrn-request-message'])), + dbesc($hash), + dbesc(datetime_convert()) ); } - // TODO: send an email notification if our user wants one if(! $failed) - $_SESSION['sysmsg'] .= "Your introduction has been sent." . EOL; + notice( "Your introduction has been sent." . EOL ); // "Homecoming" - send the requestor back to their site to record the introduction. @@ -222,9 +282,10 @@ function dfrn_request_post(&$a) { $aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0); goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" . '&confirm_key=' . $hash . (($aes_allow) ? "&aes_allow=1" : "")); + // NOTREACHED } - + return; }} if(! function_exists('dfrn_request_content')) { @@ -242,8 +303,8 @@ function dfrn_request_content(&$a) { if(x($_GET,'dfrn_url')) { - if(! x($_SESSION,'authenticated')) { - $_SESSION['sysmsg'] .= "Please login to confirm introduction." . EOL; + if(! local_user()) { + notice( "Please login to confirm introduction." . EOL ); return login(); } @@ -251,7 +312,7 @@ function dfrn_request_content(&$a) { // but not as the person who needs to deal with this request. if (($_SESSION['uid'] != $a->argv[1]) && ($a->user['nickname'] != $a->argv[1])) { - $_SESSION['sysmsg'] .= "Incorrect identity currently logged in. Please login to <strong>this</strong> profile." . EOL; + notice( "Incorrect identity currently logged in. Please login to <strong>this</strong> profile." . EOL); return login(); } @@ -271,12 +332,12 @@ function dfrn_request_content(&$a) { } else { - // safe to send our user their introduction + // we are the requestee and it is now safe to send our user their introduction if((x($_GET,'confirm_key')) && strlen($_GET['confirm_key'])) { $r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1", dbesc($_GET['confirm_key']) ); - return; + killme(); } diff --git a/mod/item.php b/mod/item.php index d413b747f..dbf9d25a8 100644 --- a/mod/item.php +++ b/mod/item.php @@ -23,7 +23,7 @@ function item_post(&$a) { intval($_SESSION['uid'])); if(count($r)) $contact_id = $r[0]['id']; - + } if($_POST['type'] == 'jot') { do { @@ -35,6 +35,7 @@ function item_post(&$a) { $dups = true; } while($dups == true); + $r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`created`,`edited`,`hash`,`body`) VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s' )", intval($profile_uid), diff --git a/mod/profile.php b/mod/profile.php index b37d6487c..957d67be3 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -64,15 +64,22 @@ function profile_init(&$a) { $a->page['htmlhead'] .= "<link rel=\"dfrn-{$dfrn}\" href=\"".$a->get_baseurl()."/dfrn_{$dfrn}/{$which}\" />\r\n"; } -function item_display($item,$template) { +function item_display(&$a, $item,$template,$comment) { + + + $profile_url = $item['url']; + + if(local_user() && ($item['contact-uid'] == $_SESSION['uid']) && (strlen($item['dfrn-id'])) && (! $item['self'] )) + $profile_url = $a->get_baseurl() . '/redir/' . $item['cid'] ; $o .= replace_macros($template,array( '$id' => $item['item_id'], - '$profile_url' => $item['url'], + '$profile_url' => $profile_url, '$name' => $item['name'], '$thumb' => $item['thumb'], '$body' => bbcode($item['body']), - '$ago' => relative_date($item['created']) + '$ago' => relative_date($item['created']), + '$comment' => $comment )); @@ -89,6 +96,17 @@ function profile_content(&$a) { // $tpl = file_get_contents('view/profile_tabs.tpl'); + if(remote_user()) + $contact_id = $_SESSION['visitor_id']; + if(local_user()) { + $r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", + $_SESSION['uid'] + ); + if(count($r)) + $contact_id = $r[0]['id']; + } + + if(can_write_wall($a,$a->profile['profile_uid'])) { $tpl = file_get_contents('view/jot-header.tpl'); @@ -111,7 +129,8 @@ function profile_content(&$a) { // Add comments. - $r = q("SELECT `item`.*, `contact`.`name`, `contact`.`photo`, `contact`.`thumb`, `contact`.`id` AS `cid` + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `contact`.`id` AS `cid`, + `contact`.`uid` AS `contact-uid` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `contact`.`blocked` = 0 @@ -121,11 +140,23 @@ function profile_content(&$a) { intval($a->profile['uid']) ); + $template = file_get_contents('view/comment_item.tpl'); + + + + $tpl = file_get_contents('view/wall_item.tpl'); if(count($r)) { foreach($r as $rr) { - $o .= item_display($rr,$tpl); + $comment = replace_macros($template,array( + '$id' => $rr['item_id'], + '$profile_uid' => $a->profile['profile_uid'] + )); + + + + $o .= item_display($a,$rr,$tpl,$comment); } } } diff --git a/mod/register.php b/mod/register.php index 4e2c0bfb9..5e1487028 100644 --- a/mod/register.php +++ b/mod/register.php @@ -114,7 +114,8 @@ function register_post(&$a) { dbesc($username), dbesc($a->get_baseurl() . '/images/default-profile.jpg'), dbesc($a->get_baseurl() . '/images/default-profile-sm.jpg') - ); + + ); if($r === false) { $_SESSION['sysmsg'] .= "An error occurred creating your default profile. Please try again." . EOL ; // Start fresh next time. @@ -122,13 +123,20 @@ function register_post(&$a) { intval($newuid)); return; } - $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `photo`, `thumb`, `blocked` ) - VALUES ( %d, '%s', 1, '%s', '%s', '%s', 0 ) ", + $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `photo`, `thumb`, `blocked`, `url`, + `request`, `notify`, `poll`, `confirm` ) + VALUES ( %d, '%s', 1, '%s', '%s', '%s', 0, '%s', '%s', '%s', '%s', '%s' ) ", intval($newuid), datetime_convert(), dbesc($username), dbesc($a->get_baseurl() . '/images/default-profile.jpg'), - dbesc($a->get_baseurl() . '/images/default-profile-sm.jpg') + dbesc($a->get_baseurl() . '/images/default-profile-sm.jpg'), + dbesc($a->get_baseurl() . '/profile/' . intval($newuid)), + dbesc($a->get_baseurl() . '/dfrn_request/' . intval($newuid)), + dbesc($a->get_baseurl() . '/dfrn_notify/' . intval($newuid)), + dbesc($a->get_baseurl() . '/dfrn_poll/' . intval($newuid)), + dbesc($a->get_baseurl() . '/dfrn_confirm/' . intval($newuid)) + ); diff --git a/mod/settings.php b/mod/settings.php index de1133faf..861be7946 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -119,6 +119,18 @@ function settings_post(&$a) { // FIXME - set to un-verified, blocked and redirect to logout } + if($nick_changed) { + $r = q ("UPDATE `profile` SET `url` = '%s', `request` = '%s', `notify` = '%s', `poll` = '%s', `confirm` = '%s' + WHERE `uid` = %d AND `self` = 1 LIMIT 1", + dbesc( $a->get_baseurl() . '/profile/' . $nick ), + dbesc( $a->get_baseurl() . '/dfrn_request/' . $nick ), + dbesc( $a->get_baseurl() . '/dfrn_notify/' . $nick ), + dbesc( $a->get_baseurl() . '/dfrn_poll/' . $nick ), + dbesc( $a->get_baseurl() . '/dfrn_confirm/' . $nick ), + intval($_SESSION['uid']) + ); + } + // Refresh the content display with new data |