aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/dfrn_confirm.php813
-rw-r--r--mod/dfrn_notify.php281
-rw-r--r--mod/dfrn_poll.php562
-rw-r--r--mod/dfrn_request.php837
4 files changed, 0 insertions, 2493 deletions
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
deleted file mode 100644
index c91b05a48..000000000
--- a/mod/dfrn_confirm.php
+++ /dev/null
@@ -1,813 +0,0 @@
-<?php
-
-/*
- * Module: dfrn_confirm
- * Purpose: Friendship acceptance for DFRN contacts
- *
- * There are two possible entry points and three scenarios.
- *
- * 1. A form was submitted by our user approving a friendship that originated elsewhere.
- * This may also be called from dfrn_request to automatically approve a friendship.
- *
- * 2. We may be the target or other side of the conversation to scenario 1, and will
- * interact with that process on our own user's behalf.
- *
- */
-
-function dfrn_confirm_post(&$a,$handsfree = null) {
-
- if(is_array($handsfree)) {
-
- /**
- * We were called directly from dfrn_request due to automatic friend acceptance.
- * Any $_POST parameters we may require are supplied in the $handsfree array.
- *
- */
-
- $node = $handsfree['node'];
- $a->interactive = false; // notice() becomes a no-op since nobody is there to see it
-
- }
- else {
- if($a->argc > 1)
- $node = $a->argv[1];
- }
-
- /**
- *
- * Main entry point. Scenario 1. Our user received a friend request notification (perhaps
- * from another site) and clicked 'Approve'.
- * $POST['source_url'] is not set. If it is, it indicates Scenario 2.
- *
- * We may also have been called directly from dfrn_request ($handsfree != null) due to
- * this being a page type which supports automatic friend acceptance. That is also Scenario 1
- * since we are operating on behalf of our registered user to approve a friendship.
- *
- */
-
- if(! x($_POST,'source_url')) {
-
- $uid = ((is_array($handsfree)) ? $handsfree['uid'] : local_user());
-
- if(! $uid) {
- notice( t('Permission denied.') . EOL );
- return;
- }
-
- $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
- intval($uid)
- );
-
- if(! $user) {
- notice( t('Profile not found.') . EOL );
- return;
- }
-
-
- // These data elements may come from either the friend request notification form or $handsfree array.
-
- if(is_array($handsfree)) {
- logger('dfrn_confirm: Confirm in handsfree mode');
- $dfrn_id = $handsfree['dfrn_id'];
- $intro_id = $handsfree['intro_id'];
- $duplex = $handsfree['duplex'];
- $hidden = ((array_key_exists('hidden',$handsfree)) ? intval($handsfree['hidden']) : 0 );
- $activity = ((array_key_exists('activity',$handsfree)) ? intval($handsfree['activity']) : 0 );
- }
- else {
- $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
- $intro_id = ((x($_POST,'intro_id')) ? intval($_POST['intro_id']) : 0 );
- $duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
- $cid = ((x($_POST,'contact_id')) ? intval($_POST['contact_id']) : 0 );
- $hidden = ((x($_POST,'hidden')) ? intval($_POST['hidden']) : 0 );
- $activity = ((x($_POST,'activity')) ? intval($_POST['activity']) : 0 );
- }
-
- /**
- *
- * Ensure that dfrn_id has precedence when we go to find the contact record.
- * We only want to search based on contact id if there is no dfrn_id,
- * e.g. for OStatus network followers.
- *
- */
-
- if(strlen($dfrn_id))
- $cid = 0;
-
- logger('dfrn_confirm: Confirming request for dfrn_id (issued) ' . $dfrn_id);
- if($cid)
- logger('dfrn_confirm: Confirming follower with contact_id: ' . $cid);
-
-
- /**
- *
- * The other person will have been issued an ID when they first requested friendship.
- * Locate their record. At this time, their record will have both pending and blocked set to 1.
- * There won't be any dfrn_id if this is a network follower, so use the contact_id instead.
- *
- */
-
- $r = q("SELECT * FROM `contact` WHERE ( ( `issued_id` != '' AND `issued_id` = '%s' ) OR ( `id` = %d AND `id` != 0 ) ) AND `uid` = %d AND `duplex` = 0 LIMIT 1",
- dbesc($dfrn_id),
- intval($cid),
- intval($uid)
- );
-
- if(! count($r)) {
- logger('dfrn_confirm: Contact not found in DB.');
- notice( t('Contact not found.') . EOL );
- notice( t('This may occasionally happen if contact was requested by both persons and it has already been approved.') . EOL );
- return;
- }
-
- $contact = $r[0];
-
- $contact_id = $contact['id'];
- $relation = $contact['rel'];
- $site_pubkey = $contact['site_pubkey'];
- $dfrn_confirm = $contact['confirm'];
- $aes_allow = $contact['aes_allow'];
-
- $network = ((strlen($contact['issued_id'])) ? NETWORK_DFRN : NETWORK_OSTATUS);
-
- if($contact['network'])
- $network = $contact['network'];
-
- if($network === NETWORK_DFRN) {
-
- /**
- *
- * Generate a key pair for all further communications with this person.
- * We have a keypair for every contact, and a site key for unknown people.
- * This provides a means to carry on relationships with other people if
- * any single key is compromised. It is a robust key. We're much more
- * worried about key leakage than anybody cracking it.
- *
- */
- require_once('include/crypto.php');
-
- $res = new_keypair(4096);
-
- $private_key = $res['prvkey'];
- $public_key = $res['pubkey'];
-
- // Save the private key. Send them the public key.
-
- $r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
- dbesc($private_key),
- intval($contact_id),
- intval($uid)
- );
-
- $params = array();
-
- /**
- *
- * Per the DFRN protocol, we will verify both ends by encrypting the dfrn_id with our
- * site private key (person on the other end can decrypt it with our site public key).
- * Then encrypt our profile URL with the other person's site public key. They can decrypt
- * it with their site private key. If the decryption on the other end fails for either
- * item, it indicates tampering or key failure on at least one site and we will not be
- * able to provide a secure communication pathway.
- *
- * If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
- * or later) then we encrypt the personal public key we send them using AES-256-CBC and a
- * random key which is encrypted with their site public key.
- *
- */
-
- $src_aes_key = random_string();
-
- $result = '';
- openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
-
- $params['dfrn_id'] = bin2hex($result);
- $params['public_key'] = $public_key;
-
-
- $my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
-
- openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
- $params['source_url'] = bin2hex($params['source_url']);
-
- if($aes_allow && function_exists('openssl_encrypt')) {
- openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
- $params['aes_key'] = bin2hex($params['aes_key']);
- $params['public_key'] = bin2hex(openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key));
- }
-
- $params['dfrn_version'] = DFRN_PROTOCOL_VERSION ;
- if($duplex == 1)
- $params['duplex'] = 1;
-
- if($user[0]['page-flags'] == PAGE_COMMUNITY)
- $params['page'] = 1;
- if($user[0]['page-flags'] == PAGE_PRVGROUP)
- $params['page'] = 2;
-
- logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA);
-
- /**
- *
- * POST all this stuff to the other site.
- * Temporarily raise the network timeout to 120 seconds because the default 60
- * doesn't always give the other side quite enough time to decrypt everything.
- *
- */
-
- $a->config['system']['curl_timeout'] = 120;
-
- $res = post_url($dfrn_confirm,$params);
-
- logger('dfrn_confirm: Confirm: received data: ' . $res, LOGGER_DATA);
-
- // Now figure out what they responded. Try to be robust if the remote site is
- // having difficulty and throwing up errors of some kind.
-
- $leading_junk = substr($res,0,strpos($res,'<?xml'));
-
- $res = substr($res,strpos($res,'<?xml'));
- if(! strlen($res)) {
-
- // No XML at all, this exchange is messed up really bad.
- // We shouldn't proceed, because the xml parser might choke,
- // and $status is going to be zero, which indicates success.
- // We can hardly call this a success.
-
- notice( t('Response from remote site was not understood.') . EOL);
- return;
- }
-
- if(strlen($leading_junk) && get_config('system','debugging')) {
-
- // This might be more common. Mixed error text and some XML.
- // If we're configured for debugging, show the text. Proceed in either case.
-
- notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
- }
-
- $xml = parse_xml_string($res);
- $status = (int) $xml->status;
- $message = unxmlify($xml->message); // human readable text of what may have gone wrong.
- switch($status) {
- case 0:
- info( t("Confirmation completed successfully.") . EOL);
- if(strlen($message))
- notice( t('Remote site reported: ') . $message . EOL);
- break;
- case 1:
- // birthday paradox - generate new dfrn_id and fall through.
- $new_dfrn_id = random_string();
- $r = q("UPDATE contact SET `issued_id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
- dbesc($new_dfrn_id),
- intval($contact_id),
- intval($uid)
- );
-
- case 2:
- notice( t("Temporary failure. Please wait and try again.") . EOL);
- if(strlen($message))
- notice( t('Remote site reported: ') . $message . EOL);
- break;
-
-
- case 3:
- notice( t("Introduction failed or was revoked.") . EOL);
- if(strlen($message))
- notice( t('Remote site reported: ') . $message . EOL);
- break;
- }
-
- if(($status == 0) && ($intro_id)) {
-
- // Success. Delete the notification.
-
- $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($intro_id),
- intval($uid)
- );
-
- }
-
- if($status != 0)
- return;
- }
-
-
- /*
- *
- * We have now established a relationship with the other site.
- * Let's make our own personal copy of their profile photo so we don't have
- * to always load it from their site.
- *
- * We will also update the contact record with the nature and scope of the relationship.
- *
- */
-
- require_once('include/Photo.php');
-
- $photos = import_profile_photo($contact['photo'],$uid,$contact_id);
-
- logger('dfrn_confirm: confirm - imported photos');
-
- if($network === NETWORK_DFRN) {
-
- $new_relation = CONTACT_IS_FOLLOWER;
- if(($relation == CONTACT_IS_SHARING) || ($duplex))
- $new_relation = CONTACT_IS_FRIEND;
-
- if(($relation == CONTACT_IS_SHARING) && ($duplex))
- $duplex = 0;
-
- $r = q("UPDATE `contact` SET
- `photo` = '%s',
- `thumb` = '%s',
- `micro` = '%s',
- `rel` = %d,
- `name_date` = '%s',
- `uri_date` = '%s',
- `avatar_date` = '%s',
- `blocked` = 0,
- `pending` = 0,
- `duplex` = %d,
- `hidden` = %d,
- `network` = 'dfrn' WHERE `id` = %d LIMIT 1
- ",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- intval($new_relation),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- intval($duplex),
- intval($hidden),
- intval($contact_id)
- );
- }
- else {
-
- // $network !== NETWORK_DFRN
-
- $network = (($contact['network']) ? $contact['network'] : NETWORK_OSTATUS);
- $notify = (($contact['notify']) ? $contact['notify'] : '');
- $poll = (($contact['poll']) ? $contact['poll'] : '');
-
- if((! $contact['notify']) || (! $contact['poll'])) {
- $arr = lrdd($contact['url']);
- if(count($arr)) {
- foreach($arr as $link) {
- if($link['@attributes']['rel'] === 'salmon')
- $notify = $link['@attributes']['href'];
- if($link['@attributes']['rel'] === NAMESPACE_FEED)
- $poll = $link['@attributes']['href'];
- }
- }
- }
-
- $new_relation = $contact['rel'];
- $writable = $contact['writable'];
-
- $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($intro_id),
- intval($uid)
- );
-
-
- $r = q("UPDATE `contact` SET `photo` = '%s',
- `thumb` = '%s',
- `micro` = '%s',
- `name_date` = '%s',
- `uri_date` = '%s',
- `avatar_date` = '%s',
- `notify` = '%s',
- `poll` = '%s',
- `blocked` = 0,
- `pending` = 0,
- `network` = '%s',
- `writable` = %d,
- `hidden` = %d,
- `rel` = %d
- WHERE `id` = %d LIMIT 1
- ",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc($notify),
- dbesc($poll),
- dbesc($network),
- intval($writable),
- intval($hidden),
- intval($new_relation),
- intval($contact_id)
- );
- }
-
- if($r === false)
- notice( t('Unable to set contact photo.') . EOL);
-
- // reload contact info
-
- $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($contact_id)
- );
- if(count($r))
- $contact = $r[0];
- else
- $contact = null;
-
-
- if((isset($new_relation) && $new_relation == CONTACT_IS_FRIEND)) {
-
- // Send a new friend post if we are allowed to...
-
- $r = q("SELECT `hide_friends` FROM `profile` WHERE `uid` = %d AND `is_default` = 1 LIMIT 1",
- intval($uid)
- );
-
- if((count($r)) && ($r[0]['hide_friends'] == 0) && ($activity) && (! $hidden)) {
-
- require_once('include/items.php');
-
- $self = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
- intval($uid)
- );
-
- if(count($self)) {
-
- $arr = array();
- $arr['uri'] = $arr['parent_uri'] = item_message_id();
- $arr['uid'] = $uid;
- $arr['contact-id'] = $self[0]['id'];
- $arr['wall'] = 1;
- $arr['type'] = 'wall';
- $arr['gravity'] = 0;
- $arr['origin'] = 1;
- $arr['author-name'] = $arr['owner-name'] = $self[0]['name'];
- $arr['author-link'] = $arr['owner-link'] = $self[0]['url'];
- $arr['author-avatar'] = $arr['owner-avatar'] = $self[0]['thumb'];
-
- $A = '[url=' . $self[0]['url'] . ']' . $self[0]['name'] . '[/url]';
- $APhoto = '[url=' . $self[0]['url'] . ']' . '[img]' . $self[0]['thumb'] . '[/img][/url]';
-
- $B = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]';
- $BPhoto = '[url=' . $contact['url'] . ']' . '[img]' . $contact['thumb'] . '[/img][/url]';
-
- $arr['verb'] = ACTIVITY_FRIEND;
- $arr['obj_type'] = ACTIVITY_OBJ_PERSON;
- $arr['body'] = sprintf( t('%1$s is now friends with %2$s'), $A, $B)."\n\n\n".$BPhoto;
-
- $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $contact['name'] . '</title>'
- . '<id>' . $contact['url'] . '/' . $contact['name'] . '</id>';
- $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $contact['url'] . '" />' . "\n");
- $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $contact['thumb'] . '" />' . "\n");
- $arr['object'] .= '</link></object>' . "\n";
-
-
- $arr['allow_cid'] = $user[0]['allow_cid'];
- $arr['allow_gid'] = $user[0]['allow_gid'];
- $arr['deny_cid'] = $user[0]['deny_cid'];
- $arr['deny_gid'] = $user[0]['deny_gid'];
-
- $i = item_store($arr);
- if($i)
- proc_run('php',"include/notifier.php","activity","$i");
- }
- }
- }
-
-
- $g = q("select def_gid from user where uid = %d limit 1",
- intval($uid)
- );
- if($contact && $g && intval($g[0]['def_gid'])) {
- require_once('include/group.php');
- group_add_member($uid,'',$contact['id'],$g[0]['def_gid']);
- }
-
- // Let's send our user to the contact editor in case they want to
- // do anything special with this new friend.
-
- if($handsfree === null)
- goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
- else
- return;
- //NOTREACHED
- }
-
- /**
- *
- *
- * End of Scenario 1. [Local confirmation of remote friend request].
- *
- * Begin Scenario 2. This is the remote response to the above scenario.
- * This will take place on the site that originally initiated the friend request.
- * In the section above where the confirming party makes a POST and
- * retrieves xml status information, they are communicating with the following code.
- *
- */
-
- if(x($_POST,'source_url')) {
-
- // We are processing an external confirmation to an introduction created by our user.
-
- $public_key = ((x($_POST,'public_key')) ? $_POST['public_key'] : '');
- $dfrn_id = ((x($_POST,'dfrn_id')) ? hex2bin($_POST['dfrn_id']) : '');
- $source_url = ((x($_POST,'source_url')) ? hex2bin($_POST['source_url']) : '');
- $aes_key = ((x($_POST,'aes_key')) ? $_POST['aes_key'] : '');
- $duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
- $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 );
- $version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
-
- $forum = (($page == 1) ? 1 : 0);
- $prv = (($page == 2) ? 1 : 0);
-
- logger('dfrn_confirm: requestee contacted: ' . $node);
-
- logger('dfrn_confirm: request: POST=' . print_r($_POST,true), LOGGER_DATA);
-
- // If $aes_key is set, both of these items require unpacking from the hex transport encoding.
-
- if(x($aes_key)) {
- $aes_key = hex2bin($aes_key);
- $public_key = hex2bin($public_key);
- }
-
- // Find our user's account
-
- $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
- dbesc($node));
-
- if(! count($r)) {
- $message = sprintf(t('No user record found for \'%s\' '), $node);
- xml_status(3,$message); // failure
- // NOTREACHED
- }
-
- $my_prvkey = $r[0]['prvkey'];
- $local_uid = $r[0]['uid'];
-
-
- if(! strstr($my_prvkey,'PRIVATE KEY')) {
- $message = t('Our site encryption key is apparently messed up.');
- xml_status(3,$message);
- }
-
- // verify everything
-
- $decrypted_source_url = "";
- openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
-
-
- if(! strlen($decrypted_source_url)) {
- $message = t('Empty site URL was provided or URL could not be decrypted by us.');
- xml_status(3,$message);
- // NOTREACHED
- }
-
- $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($decrypted_source_url),
- intval($local_uid)
- );
- if(! count($ret)) {
- if(strstr($decrypted_source_url,'http:'))
- $newurl = str_replace('http:','https:',$decrypted_source_url);
- else
- $newurl = str_replace('https:','http:',$decrypted_source_url);
-
- $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($newurl),
- intval($local_uid)
- );
- if(! count($ret)) {
- // this is either a bogus confirmation (?) or we deleted the original introduction.
- $message = t('Contact record was not found for you on our site.');
- xml_status(3,$message);
- return; // NOTREACHED
- }
- }
-
- $relation = $ret[0]['rel'];
-
- // Decrypt all this stuff we just received
-
- $foreign_pubkey = $ret[0]['site_pubkey'];
- $dfrn_record = $ret[0]['id'];
-
- if(! $foreign_pubkey) {
- $message = sprintf( t('Site public key not available in contact record for URL %s.'), $newurl);
- xml_status(3,$message);
- }
-
- $decrypted_dfrn_id = "";
- openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
-
- if(strlen($aes_key)) {
- $decrypted_aes_key = "";
- openssl_private_decrypt($aes_key,$decrypted_aes_key,$my_prvkey);
- $dfrn_pubkey = openssl_decrypt($public_key,'AES-256-CBC',$decrypted_aes_key);
- }
- else {
- $dfrn_pubkey = $public_key;
- }
-
- $r = q("SELECT * FROM `contact` WHERE `dfrn_id` = '%s' LIMIT 1",
- dbesc($decrypted_dfrn_id)
- );
- if(count($r)) {
- $message = t('The ID provided by your system is a duplicate on our system. It should work if you try again.');
- xml_status(1,$message); // Birthday paradox - duplicate dfrn_id
- // NOTREACHED
- }
-
- $r = q("UPDATE `contact` SET `dfrn_id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
- dbesc($decrypted_dfrn_id),
- dbesc($dfrn_pubkey),
- intval($dfrn_record)
- );
- if(! count($r)) {
- $message = t('Unable to set your contact credentials on our system.');
- xml_status(3,$message);
- }
-
- // It's possible that the other person also requested friendship.
- // If it is a duplex relationship, ditch the issued_id if one exists.
-
- if($duplex) {
- $r = q("UPDATE `contact` SET `issued_id` = '' WHERE `id` = %d LIMIT 1",
- intval($dfrn_record)
- );
- }
-
- // We're good but now we have to scrape the profile photo and send notifications.
-
-
-
- $r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($dfrn_record));
-
- if(count($r))
- $photo = $r[0]['photo'];
- else
- $photo = $a->get_baseurl() . '/images/person-175.jpg';
-
- require_once("Photo.php");
-
- $photos = import_profile_photo($photo,$local_uid,$dfrn_record);
-
- logger('dfrn_confirm: request - photos imported');
-
- $new_relation = CONTACT_IS_SHARING;
- if(($relation == CONTACT_IS_FOLLOWER) || ($duplex))
- $new_relation = CONTACT_IS_FRIEND;
-
- if(($relation == CONTACT_IS_FOLLOWER) && ($duplex))
- $duplex = 0;
-
- $r = q("UPDATE `contact` SET
- `photo` = '%s',
- `thumb` = '%s',
- `micro` = '%s',
- `rel` = %d,
- `name_date` = '%s',
- `uri_date` = '%s',
- `avatar_date` = '%s',
- `blocked` = 0,
- `pending` = 0,
- `duplex` = %d,
- `forum` = %d,
- `prv` = %d,
- `network` = '%s' WHERE `id` = %d LIMIT 1
- ",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- intval($new_relation),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- intval($duplex),
- intval($forum),
- intval($prv),
- dbesc(NETWORK_DFRN),
- intval($dfrn_record)
- );
- if($r === false) { // indicates schema is messed up or total db failure
- $message = t('Unable to update your contact profile details on our system');
- xml_status(3,$message);
- }
-
- // Otherwise everything seems to have worked and we are almost done. Yay!
- // Send an email notification
-
- logger('dfrn_confirm: request: info updated');
-
- $r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`id` = %d LIMIT 1",
- intval($dfrn_record)
- );
-
- if(count($r))
- $combined = $r[0];
-
- if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {
-
- push_lang($r[0]['language']);
- $tpl = (($new_relation == CONTACT_IS_FRIEND)
- ? get_intltext_template('friend_complete_eml.tpl')
- : get_intltext_template('intro_complete_eml.tpl'));
-
- $email_tpl = replace_macros($tpl, array(
- '$sitename' => $a->config['sitename'],
- '$siteurl' => $a->get_baseurl(),
- '$username' => $r[0]['username'],
- '$email' => $r[0]['email'],
- '$fn' => $r[0]['name'],
- '$dfrn_url' => $r[0]['url'],
- '$uid' => $newuid )
- );
-
- $res = mail($r[0]['email'], sprintf( t("Connection accepted at %s") , $a->config['sitename']),
- $email_tpl,
- 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
- . 'Content-type: text/plain; charset=UTF-8' . "\n"
- . 'Content-transfer-encoding: 8bit' );
-
- if(!$res) {
- // pointless throwing an error here and confusing the person at the other end of the wire.
- }
- pop_lang();
- }
-
- // Send a new friend post if we are allowed to...
-
- if($page && intval(get_pconfig($local_uid,'system','post_joingroup'))) {
- $r = q("SELECT `hide_friends` FROM `profile` WHERE `uid` = %d AND `is_default` = 1 LIMIT 1",
- intval($local_uid)
- );
-
- if((count($r)) && ($r[0]['hide_friends'] == 0)) {
-
- require_once('include/items.php');
-
- $self = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
- intval($local_uid)
- );
-
- if(count($self)) {
-
- $arr = array();
- $arr['uri'] = $arr['parent_uri'] = item_message_id();
- $arr['uid'] = $local_uid;
- $arr['contact-id'] = $self[0]['id'];
- $arr['wall'] = 1;
- $arr['type'] = 'wall';
- $arr['gravity'] = 0;
- $arr['origin'] = 1;
- $arr['author-name'] = $arr['owner-name'] = $self[0]['name'];
- $arr['author-link'] = $arr['owner-link'] = $self[0]['url'];
- $arr['author-avatar'] = $arr['owner-avatar'] = $self[0]['thumb'];
-
- $A = '[url=' . $self[0]['url'] . ']' . $self[0]['name'] . '[/url]';
- $APhoto = '[url=' . $self[0]['url'] . ']' . '[img]' . $self[0]['thumb'] . '[/img][/url]';
-
- $B = '[url=' . $combined['url'] . ']' . $combined['name'] . '[/url]';
- $BPhoto = '[url=' . $combined['url'] . ']' . '[img]' . $combined['thumb'] . '[/img][/url]';
-
- $arr['verb'] = ACTIVITY_JOIN;
- $arr['obj_type'] = ACTIVITY_OBJ_GROUP;
- $arr['body'] = sprintf( t('%1$s has joined %2$s'), $A, $B)."\n\n\n" .$BPhoto;
- $arr['object'] = '<object><type>' . ACTIVITY_OBJ_GROUP . '</type><title>' . $combined['name'] . '</title>'
- . '<id>' . $combined['url'] . '/' . $combined['name'] . '</id>';
- $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $combined['url'] . '" />' . "\n");
- $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $combined['thumb'] . '" />' . "\n");
- $arr['object'] .= '</link></object>' . "\n";
-
-
- $arr['allow_cid'] = $user[0]['allow_cid'];
- $arr['allow_gid'] = $user[0]['allow_gid'];
- $arr['deny_cid'] = $user[0]['deny_cid'];
- $arr['deny_gid'] = $user[0]['deny_gid'];
-
- $i = item_store($arr);
- if($i)
- proc_run('php',"include/notifier.php","activity","$i");
-
- }
- }
- }
- xml_status(0); // Success
- return; // NOTREACHED
-
- ////////////////////// End of this scenario ///////////////////////////////////////////////
- }
-
- // somebody arrived here by mistake or they are fishing. Send them to the homepage.
-
- goaway(z_root());
- // NOTREACHED
-
-}
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
deleted file mode 100644
index 94eb3a297..000000000
--- a/mod/dfrn_notify.php
+++ /dev/null
@@ -1,281 +0,0 @@
-<?php
-
-require_once('library/simplepie/simplepie.inc');
-require_once('include/items.php');
-require_once('include/event.php');
-
-
-function dfrn_notify_post(&$a) {
-
- $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : '');
- $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
- $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
- $data = ((x($_POST,'data')) ? $_POST['data'] : '');
- $key = ((x($_POST,'key')) ? $_POST['key'] : '');
- $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
- $perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
- $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
- $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0);
-
- $forum = (($page == 1) ? 1 : 0);
- $prv = (($page == 2) ? 1 : 0);
-
- $writable = (-1);
- if($dfrn_version >= 2.21) {
- $writable = (($perm === 'rw') ? 1 : 0);
- }
-
- $direction = (-1);
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
- $r = q("SELECT * FROM `challenge` WHERE `dfrn_id` = '%s' AND `challenge` = '%s' LIMIT 1",
- dbesc($dfrn_id),
- dbesc($challenge)
- );
- if(! count($r)) {
- logger('dfrn_notify: could not match challenge to dfrn_id ' . $dfrn_id . ' challenge=' . $challenge);
- xml_status(3);
- }
-
- $r = q("DELETE FROM `challenge` WHERE `dfrn_id` = '%s' AND `challenge` = '%s' LIMIT 1",
- dbesc($dfrn_id),
- dbesc($challenge)
- );
-
- // find the local user who owns this relationship.
-
- $sql_extra = '';
- switch($direction) {
- case (-1):
- $sql_extra = sprintf(" AND ( `issued_id` = '%s' OR `dfrn_id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- break;
- default:
- xml_status(3);
- break; // NOTREACHED
- }
-
- // be careful - $importer will contain both the contact information for the contact
- // sending us the post, and also the user information for the person receiving it.
- // since they are mixed together, it is easy to get them confused.
-
- $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`,
- `contact`.`pubkey` AS `cpubkey`,
- `contact`.`prvkey` AS `cprvkey`,
- `contact`.`thumb` AS `thumb`,
- `contact`.`url` as `url`,
- `contact`.`name` as `senderName`,
- `user`.*
- FROM `contact`
- LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`nickname` = '%s' AND `user`.`account_expired` = 0 $sql_extra LIMIT 1",
- dbesc($a->argv[1])
- );
-
- if(! count($r)) {
- logger('dfrn_notify: contact not found for dfrn_id ' . $dfrn_id);
- xml_status(3);
- //NOTREACHED
- }
-
- // $importer in this case contains the contact record for the remote contact joined with the user record of our user.
-
- $importer = $r[0];
-
- if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $forum) || ($importer['prv'] != $prv)) {
- q("UPDATE `contact` SET `writable` = %d, forum = %d, prv = %d WHERE `id` = %d LIMIT 1",
- intval(($writable == (-1)) ? $importer['writable'] : $writable),
- intval($forum),
- intval($prv),
- intval($importer['id'])
- );
- if($writable != (-1))
- $importer['writable'] = $writable;
- $importer['forum'] = $page;
- }
-
-
- // if contact's ssl policy changed, update our links
-
- fix_contact_ssl_policy($importer,$ssl_policy);
-
- logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
- logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
-
- if($dissolve == 1) {
-
- /**
- * Relationship is dissolved permanently
- */
-
- require_once('include/Contact.php');
- contact_remove($importer['id']);
- logger('relationship dissolved : ' . $importer['name'] . ' dissolved ' . $importer['username']);
- xml_status(0);
-
- }
-
-
- // If we are setup as a soapbox we aren't accepting input from this person
-
- if($importer['page-flags'] == PAGE_SOAPBOX)
- xml_status(0);
-
-
- if(strlen($key)) {
- $rawkey = hex2bin(trim($key));
- logger('rino: md5 raw key: ' . md5($rawkey));
- $final_key = '';
-
- if($dfrn_version >= 2.1) {
- if((($importer['duplex']) && strlen($importer['cprvkey'])) || (! strlen($importer['cpubkey']))) {
- openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']);
- }
- else {
- openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']);
- }
- }
- else {
- if((($importer['duplex']) && strlen($importer['cpubkey'])) || (! strlen($importer['cprvkey']))) {
- openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']);
- }
- else {
- openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']);
- }
- }
-
- logger('rino: received key : ' . $final_key);
- $data = aes_decrypt(hex2bin($data),$final_key);
- logger('rino: decrypted data: ' . $data, LOGGER_DATA);
- }
-
-
- $ret = local_delivery($importer,$data);
- xml_status($ret);
-
- // NOTREACHED
-}
-
-
-function dfrn_notify_content(&$a) {
-
- if(x($_GET,'dfrn_id')) {
-
- // initial communication from external contact, $direction is their direction.
- // If this is a duplex communication, ours will be the opposite.
-
- $dfrn_id = notags(trim($_GET['dfrn_id']));
- $dfrn_version = (float) $_GET['dfrn_version'];
-
- logger('dfrn_notify: new notification dfrn_id=' . $dfrn_id);
-
- $direction = (-1);
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
- $hash = random_string();
-
- $status = 0;
-
- $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
-
- $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn_id`, `expire` )
- VALUES( '%s', '%s', %d ) ",
- dbesc($hash),
- dbesc($dfrn_id),
- intval(time() + 90 )
- );
-
- logger('dfrn_notify: challenge=' . $hash, LOGGER_DEBUG );
-
- $sql_extra = '';
- switch($direction) {
- case (-1):
- $sql_extra = sprintf(" AND ( `issued_id` = '%s' OR `dfrn_id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
- $my_id = $dfrn_id;
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '1:' . $dfrn_id;
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '0:' . $dfrn_id;
- break;
- default:
- $status = 1;
- break; // NOTREACHED
- }
-
- $r = q("SELECT `contact`.*, `user`.`nickname`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s'
- AND `user`.`account_expired` = 0 $sql_extra LIMIT 1",
- dbesc($a->argv[1])
- );
-
- if(! count($r))
- $status = 1;
-
- $challenge = '';
- $encrypted_id = '';
- $id_str = $my_id . '.' . mt_rand(1000,9999);
-
- $prv_key = trim($r[0]['prvkey']);
- $pub_key = trim($r[0]['pubkey']);
- $dplx = intval($r[0]['duplex']);
-
- if((($dplx) && (strlen($prv_key))) || ((strlen($prv_key)) && (!(strlen($pub_key))))) {
- openssl_private_encrypt($hash,$challenge,$prv_key);
- openssl_private_encrypt($id_str,$encrypted_id,$prv_key);
- }
- elseif(strlen($pub_key)) {
- openssl_public_encrypt($hash,$challenge,$pub_key);
- openssl_public_encrypt($id_str,$encrypted_id,$pub_key);
- }
- else
- $status = 1;
-
- $challenge = bin2hex($challenge);
- $encrypted_id = bin2hex($encrypted_id);
-
- $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
-
- $rino_enable = get_config('system','rino_encrypt');
-
- if(! $rino_enable)
- $rino = 0;
-
- if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
- $perm = 'rw';
- }
- else {
- $perm = 'r';
- }
-
- header("Content-type: text/xml");
-
- echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
- . '<dfrn_notify>' . "\r\n"
- . "\t" . '<status>' . $status . '</status>' . "\r\n"
- . "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
- . "\t" . '<rino>' . $rino . '</rino>' . "\r\n"
- . "\t" . '<perm>' . $perm . '</perm>' . "\r\n"
- . "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
- . "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
- . '</dfrn_notify>' . "\r\n" ;
-
- killme();
- }
-
-}
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
deleted file mode 100644
index 89b72859a..000000000
--- a/mod/dfrn_poll.php
+++ /dev/null
@@ -1,562 +0,0 @@
-<?php
-
-
-
-require_once('include/items.php');
-require_once('include/auth.php');
-
-
-function dfrn_poll_init(&$a) {
-
-
- $dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
- $type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
- $last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
- $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
- $challenge = ((x($_GET,'challenge')) ? $_GET['challenge'] : '');
- $sec = ((x($_GET,'sec')) ? $_GET['sec'] : '');
- $dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
- $perm = ((x($_GET,'perm')) ? $_GET['perm'] : 'r');
-
- $direction = (-1);
-
-
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
- if(($dfrn_id === '') && (! x($_POST,'dfrn_id'))) {
- if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
- killme();
- }
-
- $user = '';
- if($a->argc > 1) {
- $r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
- dbesc($a->argv[1])
- );
- if((! count($r)) || (count($r) && $r[0]['hidewall']))
- killme();
- $user = $r[0]['nickname'];
- }
-
- logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
- header("Content-type: application/atom+xml");
- echo get_feed_for($a, '', $user,$last_update);
- killme();
- }
-
- if(($type === 'profile') && (! strlen($sec))) {
-
- $sql_extra = '';
- switch($direction) {
- case (-1):
- $sql_extra = sprintf(" AND ( `dfrn_id` = '%s' OR `issued_id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
- $my_id = $dfrn_id;
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '1:' . $dfrn_id;
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '0:' . $dfrn_id;
- break;
- default:
- goaway(z_root());
- break; // NOTREACHED
- }
-
- $r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
- FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
- dbesc($a->argv[1])
- );
-
- if(count($r)) {
-
- $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
-
- logger("dfrn_poll: old profile returns " . $s, LOGGER_DATA);
-
- if(strlen($s)) {
-
- $xml = parse_xml_string($s);
-
- if((int) $xml->status == 1) {
- $_SESSION['authenticated'] = 1;
- if(! x($_SESSION,'remote'))
- $_SESSION['remote'] = array();
-
- $_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']);
-
- $_SESSION['visitor_id'] = $r[0]['id'];
- $_SESSION['visitor_home'] = $r[0]['url'];
- $_SESSION['visitor_handle'] = $r[0]['addr'];
- $_SESSION['visitor_visiting'] = $r[0]['uid'];
- info( sprintf(t('%s welcomes %s'), $r[0]['username'] , $r[0]['name']) . EOL);
- // Visitors get 1 day session.
- $session_id = session_id();
- $expire = time() + 86400;
- q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
- dbesc($expire),
- dbesc($session_id)
- );
- }
- }
- $profile = $r[0]['nickname'];
- goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
- }
- goaway(z_root());
-
- }
-
- if($type === 'profile-check' && $dfrn_version < 2.2 ) {
-
- if((strlen($challenge)) && (strlen($sec))) {
-
- q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
- $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
- dbesc($sec)
- );
- if(! count($r)) {
- xml_status(3, 'No ticket');
- // NOTREACHED
- }
- $orig_id = $r[0]['dfrn_id'];
- if(strpos($orig_id, ':'))
- $orig_id = substr($orig_id,2);
-
- $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($r[0]['cid'])
- );
- if(! count($c)) {
- xml_status(3, 'No profile');
- }
- $contact = $c[0];
-
- $sent_dfrn_id = hex2bin($dfrn_id);
- $challenge = hex2bin($challenge);
-
- $final_dfrn_id = '';
-
- if(($contact['duplex']) && strlen($contact['prvkey'])) {
- openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
- openssl_private_decrypt($challenge,$decoded_challenge,$contact['prvkey']);
- }
- else {
- openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
- openssl_public_decrypt($challenge,$decoded_challenge,$contact['pubkey']);
- }
-
- $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
-
- if(strpos($final_dfrn_id,':') == 1)
- $final_dfrn_id = substr($final_dfrn_id,2);
-
- if($final_dfrn_id != $orig_id) {
- logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
- // did not decode properly - cannot trust this site
- xml_status(3, 'Bad decryption');
- }
-
- header("Content-type: text/xml");
- echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
- killme();
- // NOTREACHED
- }
- else {
- // old protocol
-
- switch($direction) {
- case 1:
- $dfrn_id = '0:' . $dfrn_id;
- break;
- case 0:
- $dfrn_id = '1:' . $dfrn_id;
- break;
- default:
- break;
- }
-
-
- q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
- $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
- dbesc($dfrn_id));
- if(count($r)) {
- xml_status(1);
- return; // NOTREACHED
- }
- xml_status(0);
- return; // NOTREACHED
- }
- }
-
-}
-
-
-
-function dfrn_poll_post(&$a) {
-
- $dfrn_id = ((x($_POST,'dfrn_id')) ? $_POST['dfrn_id'] : '');
- $challenge = ((x($_POST,'challenge')) ? $_POST['challenge'] : '');
- $url = ((x($_POST,'url')) ? $_POST['url'] : '');
- $sec = ((x($_POST,'sec')) ? $_POST['sec'] : '');
- $ptype = ((x($_POST,'type')) ? $_POST['type'] : '');
- $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
- $perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r');
-
- if($ptype === 'profile-check') {
-
- if((strlen($challenge)) && (strlen($sec))) {
-
- logger('dfrn_poll: POST: profile-check');
-
- q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
- $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
- dbesc($sec)
- );
- if(! count($r)) {
- xml_status(3, 'No ticket');
- // NOTREACHED
- }
- $orig_id = $r[0]['dfrn_id'];
- if(strpos($orig_id, ':'))
- $orig_id = substr($orig_id,2);
-
- $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($r[0]['cid'])
- );
- if(! count($c)) {
- xml_status(3, 'No profile');
- }
- $contact = $c[0];
-
- $sent_dfrn_id = hex2bin($dfrn_id);
- $challenge = hex2bin($challenge);
-
- $final_dfrn_id = '';
-
- if(($contact['duplex']) && strlen($contact['prvkey'])) {
- openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
- openssl_private_decrypt($challenge,$decoded_challenge,$contact['prvkey']);
- }
- else {
- openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
- openssl_public_decrypt($challenge,$decoded_challenge,$contact['pubkey']);
- }
-
- $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
-
- if(strpos($final_dfrn_id,':') == 1)
- $final_dfrn_id = substr($final_dfrn_id,2);
-
- if($final_dfrn_id != $orig_id) {
- logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
- // did not decode properly - cannot trust this site
- xml_status(3, 'Bad decryption');
- }
-
- header("Content-type: text/xml");
- echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
- killme();
- // NOTREACHED
- }
-
- }
-
- $direction = (-1);
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
-
- $r = q("SELECT * FROM `challenge` WHERE `dfrn_id` = '%s' AND `challenge` = '%s' LIMIT 1",
- dbesc($dfrn_id),
- dbesc($challenge)
- );
-
- if(! count($r))
- killme();
-
- $type = $r[0]['type'];
- $last_update = $r[0]['last_update'];
-
- $r = q("DELETE FROM `challenge` WHERE `dfrn_id` = '%s' AND `challenge` = '%s' LIMIT 1",
- dbesc($dfrn_id),
- dbesc($challenge)
- );
-
-
- $sql_extra = '';
- switch($direction) {
- case (-1):
- $sql_extra = sprintf(" AND `issued_id` = '%s' ", dbesc($dfrn_id));
- $my_id = $dfrn_id;
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '1:' . $dfrn_id;
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '0:' . $dfrn_id;
- break;
- default:
- goaway(z_root());
- break; // NOTREACHED
- }
-
-
- $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
-
-
- if(! count($r))
- killme();
-
- $contact = $r[0];
- $owner_uid = $r[0]['uid'];
- $contact_id = $r[0]['id'];
-
-
- if($type === 'reputation' && strlen($url)) {
- $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($url),
- intval($owner_uid)
- );
- $reputation = 0;
- $text = '';
-
- if(count($r)) {
- $reputation = $r[0]['rating'];
- $text = $r[0]['reason'];
-
- if($r[0]['id'] == $contact_id) { // inquiring about own reputation not allowed
- $reputation = 0;
- $text = '';
- }
- }
-
- echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
- <reputation>
- <url>$url</url>
- <rating>$reputation</rating>
- <description>$text</description>
- </reputation>
- ";
- killme();
- // NOTREACHED
- }
- else {
-
- // Update the writable flag if it changed
- logger('dfrn_poll: post request feed: ' . print_r($_POST,true),LOGGER_DATA);
- if($dfrn_version >= 2.21) {
- if($perm === 'rw')
- $writable = 1;
- else
- $writable = 0;
-
- if($writable != $contact['writable']) {
- q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1",
- intval($writable),
- intval($contact_id)
- );
- }
- }
-
- header("Content-type: application/atom+xml");
- $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction);
- echo $o;
- killme();
-
- }
-}
-
-function dfrn_poll_content(&$a) {
-
- $dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
- $type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
- $last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
- $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
- $sec = ((x($_GET,'sec')) ? $_GET['sec'] : '');
- $dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
- $perm = ((x($_GET,'perm')) ? $_GET['perm'] : 'r');
-
- $direction = (-1);
- if(strpos($dfrn_id,':') == 1) {
- $direction = intval(substr($dfrn_id,0,1));
- $dfrn_id = substr($dfrn_id,2);
- }
-
-
- if($dfrn_id != '') {
- // initial communication from external contact
- $hash = random_string();
-
- $status = 0;
-
- $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
-
- if($type !== 'profile') {
- $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn_id`, `expire` , `type`, `last_update` )
- VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
- dbesc($hash),
- dbesc($dfrn_id),
- intval(time() + 60 ),
- dbesc($type),
- dbesc($last_update)
- );
- }
- $sql_extra = '';
- switch($direction) {
- case (-1):
- if($type === 'profile')
- $sql_extra = sprintf(" AND ( `dfrn_id` = '%s' OR `issued_id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
- else
- $sql_extra = sprintf(" AND `issued_id` = '%s' ", dbesc($dfrn_id));
- $my_id = $dfrn_id;
- break;
- case 0:
- $sql_extra = sprintf(" AND `issued_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '1:' . $dfrn_id;
- break;
- case 1:
- $sql_extra = sprintf(" AND `dfrn_id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
- $my_id = '0:' . $dfrn_id;
- break;
- default:
- goaway(z_root());
- break; // NOTREACHED
- }
-
- $nickname = $a->argv[1];
-
- $r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
- FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
- dbesc($nickname)
- );
-
- if(count($r)) {
-
- $challenge = '';
- $encrypted_id = '';
- $id_str = $my_id . '.' . mt_rand(1000,9999);
-
- if(($r[0]['duplex'] && strlen($r[0]['pubkey'])) || (! strlen($r[0]['prvkey']))) {
- openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
- openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
- }
- else {
- openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
- openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
- }
-
- $challenge = bin2hex($challenge);
- $encrypted_id = bin2hex($encrypted_id);
- }
- else {
- $status = 1;
- $challenge = '';
- $encrypted_id = '';
- }
-
- if(($type === 'profile') && (strlen($sec))) {
-
- // URL reply
-
- if($dfrn_version < 2.2) {
- $s = fetch_url($r[0]['poll']
- . '?dfrn_id=' . $encrypted_id
- . '&type=profile-check'
- . '&dfrn_version=' . DFRN_PROTOCOL_VERSION
- . '&challenge=' . $challenge
- . '&sec=' . $sec
- );
- }
- else {
- $s = post_url($r[0]['poll'], array(
- 'dfrn_id' => $encrypted_id,
- 'type' => 'profile-check',
- 'dfrn_version' => DFRN_PROTOCOL_VERSION,
- 'challenge' => $challenge,
- 'sec' => $sec
- ));
- }
-
- $profile = ((count($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
-
- switch($destination_url) {
- case 'profile':
- $dest = $a->get_baseurl() . '/profile/' . $profile . '?tab=profile';
- break;
- case 'photos':
- $dest = $a->get_baseurl() . '/photos/' . $profile;
- break;
- case 'status':
- case '':
- $dest = $a->get_baseurl() . '/profile/' . $profile;
- break;
- default:
- $dest = $destination_url;
- break;
- }
-
- logger("dfrn_poll: sec profile: " . $s, LOGGER_DATA);
-
- if(strlen($s) && strstr($s,'<?xml')) {
-
- $xml = parse_xml_string($s);
-
- logger('dfrn_poll: profile: parsed xml: ' . print_r($xml,true), LOGGER_DATA);
-
- logger('dfrn_poll: secure profile: challenge: ' . $xml->challenge . ' expecting ' . $hash);
- logger('dfrn_poll: secure profile: sec: ' . $xml->sec . ' expecting ' . $sec);
-
-
- if(((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
- $_SESSION['authenticated'] = 1;
- if(! x($_SESSION,'remote'))
- $_SESSION['remote'] = array();
- $_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']);
- $_SESSION['visitor_id'] = $r[0]['id'];
- $_SESSION['visitor_home'] = $r[0]['url'];
- $_SESSION['visitor_visiting'] = $r[0]['uid'];
- info( sprintf(t('%s welcomes %s'), $r[0]['username'] , $r[0]['name']) . EOL);
- // Visitors get 1 day session.
- $session_id = session_id();
- $expire = time() + 86400;
- q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
- dbesc($expire),
- dbesc($session_id)
- );
- }
-
- goaway($dest);
- }
- goaway($dest);
- // NOTREACHED
-
- }
- else {
- // XML reply
- header("Content-type: text/xml");
- echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
- . '<dfrn_poll>' . "\r\n"
- . "\t" . '<status>' . $status . '</status>' . "\r\n"
- . "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
- . "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
- . "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
- . '</dfrn_poll>' . "\r\n" ;
- killme();
- // NOTREACHED
- }
- }
-}
-
-
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
deleted file mode 100644
index 95b2ec3a4..000000000
--- a/mod/dfrn_request.php
+++ /dev/null
@@ -1,837 +0,0 @@
-<?php
-
-/**
- *
- * Module: dfrn_request
- *
- * Purpose: Handles communication associated with the issuance of
- * friend requests.
- *
- */
-
-if(! function_exists('dfrn_request_init')) {
-function dfrn_request_init(&$a) {
-
- if($a->argc > 1)
- $which = $a->argv[1];
-
- profile_load($a,$which);
- return;
-}}
-
-
-/**
- * Function: dfrn_request_post
- *
- * Purpose:
- * Handles multiple scenarios.
- *
- * Scenario 1:
- * Clicking 'submit' on a friend request page.
- *
- * Scenario 2:
- * Following Scenario 1, we are brought back to our home site
- * in order to link our friend request with our own server cell.
- * After logging in, we click 'submit' to approve the linkage.
- *
- */
-
-if(! function_exists('dfrn_request_post')) {
-function dfrn_request_post(&$a) {
-
- if(($a->argc != 2) || (! count($a->profile)))
- return;
-
-
- if(x($_POST, 'cancel')) {
- goaway(z_root());
- }
-
-
- /**
- *
- * Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell
- * to confirm the request, and then we've clicked submit (perhaps after logging in).
- * That brings us here:
- *
- */
-
- if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)) {
-
- /**
- * Ensure this is a valid request
- */
-
- if(local_user() && ($a->user['nickname'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) {
-
-
- $dfrn_url = notags(trim($_POST['dfrn_url']));
- $aes_allow = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
- $confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : "");
- $hidden = ((x($_POST,'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
- $contact_record = null;
-
- if(x($dfrn_url)) {
-
- /**
- * Lookup the contact based on their URL (which is the only unique thing we have at the moment)
- */
-
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1",
- intval(local_user()),
- dbesc($dfrn_url),
- dbesc(normalise_link($dfrn_url))
- );
-
- if(count($r)) {
- if(strlen($r[0]['dfrn_id'])) {
-
- /**
- * We don't need to be here. It has already happened.
- */
-
- notice( t("This introduction has already been accepted.") . EOL );
- return;
- }
- else
- $contact_record = $r[0];
- }
-
- if(is_array($contact_record)) {
- $r = q("UPDATE `contact` SET hidden = %d WHERE `id` = %d LIMIT 1",
- intval($hidden),
- intval($contact_record['id'])
- );
- }
- else {
-
- /**
- * Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
- */
-
- require_once('Scrape.php');
-
- $parms = scrape_dfrn($dfrn_url);
-
- if(! count($parms)) {
- notice( t('Profile location is not valid or does not contain profile information.') . EOL );
- return;
- }
- else {
- if(! x($parms,'fn'))
- notice( t('Warning: profile location has no identifiable owner name.') . EOL );
- if(! x($parms,'photo'))
- notice( t('Warning: profile location has no profile photo.') . EOL );
- $invalid = validate_dfrn($parms);
- if($invalid) {
- notice( sprintf( tt("%d required parameter was not found at the given location",
- "%d required parameters were not found at the given location",
- $invalid), $invalid) . EOL );
- return;
- }
- }
-
- $dfrn_request = $parms['dfrn-request'];
-
- /********* Escape the entire array ********/
-
- dbesc_array($parms);
-
- /******************************************/
-
- /**
- * Create a contact record on our site for the other person
- */
-
- $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `name`, `nick`, `photo`, `site_pubkey`,
- `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`, `hidden`)
- VALUES ( %d, '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d)",
- intval(local_user()),
- datetime_convert(),
- dbesc($dfrn_url),
- dbesc(normalise_link($dfrn_url)),
- $parms['fn'],
- $parms['nick'],
- $parms['photo'],
- $parms['key'],
- $parms['dfrn-request'],
- $parms['dfrn-confirm'],
- $parms['dfrn-notify'],
- $parms['dfrn-poll'],
- $parms['dfrn-poco'],
- dbesc(NETWORK_DFRN),
- intval($aes_allow),
- intval($hidden)
- );
- }
-
- if($r) {
- info( t("Introduction complete.") . EOL);
- }
-
- $r = q("select id from contact where uid = %d and url = '%s' and `site_pubkey` = '%s' limit 1",
- intval(local_user()),
- dbesc($dfrn_url),
- $parms['key'] // this was already escaped
- );
- if(count($r)) {
- $g = q("select def_gid from user where uid = %d limit 1",
- intval(local_user())
- );
- if($g && intval($g[0]['def_gid'])) {
- require_once('include/group.php');
- group_add_member(local_user(),'',$r[0]['id'],$g[0]['def_gid']);
- }
- }
-
- /**
- * Allow the blocked remote notification to complete
- */
-
- if(is_array($contact_record))
- $dfrn_request = $contact_record['request'];
-
- if(strlen($dfrn_request) && strlen($confirm_key))
- $s = fetch_url($dfrn_request . '?confirm_key=' . $confirm_key);
-
- // (ignore reply, nothing we can do it failed)
-
- goaway(zid($dfrn_url));
- return; // NOTREACHED
-
- }
-
- }
-
- // invalid/bogus request
-
- notice( t('Unrecoverable protocol error.') . EOL );
- goaway(z_root());
- return; // NOTREACHED
- }
-
- /**
- * Otherwise:
- *
- * Scenario 1:
- * We are the requestee. A person from a remote cell has made an introduction
- * on our profile web page and clicked submit. We will use their DFRN-URL to
- * figure out how to contact their cell.
- *
- * Scrape the originating DFRN-URL for everything we need. Create a contact record
- * and an introduction to show our user next time he/she logs in.
- * Finally redirect back to the requestor so that their site can record the request.
- * If our user (the requestee) later confirms this request, a record of it will need
- * to exist on the requestor's cell in order for the confirmation process to complete..
- *
- * It's possible that neither the requestor or the requestee are logged in at the moment,
- * and the requestor does not yet have any credentials to the requestee profile.
- *
- * Who is the requestee? We've already loaded their profile which means their nickname should be
- * in $a->argv[1] and we should have their complete info in $a->profile.
- *
- */
-
- if(! (is_array($a->profile) && count($a->profile))) {
- notice( t('Profile unavailable.') . EOL);
- return;
- }
-
- $nickname = $a->profile['nickname'];
- $notify_flags = $a->profile['notify-flags'];
- $uid = $a->profile['uid'];
- $maxreq = intval($a->profile['maxreq']);
- $contact_record = null;
- $failed = false;
- $parms = null;
-
-
- if( x($_POST,'dfrn_url')) {
-
- /**
- * Block friend request spam
- */
-
- if($maxreq) {
- $r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
- dbesc(datetime_convert('UTC','UTC','now - 24 hours')),
- intval($uid)
- );
- if(count($r) > $maxreq) {
- notice( sprintf( t('%s has received too many connection requests today.'), $a->profile['name']) . EOL);
- notice( t('Spam protection measures have been invoked.') . EOL);
- notice( t('Friends are advised to please try again in 24 hours.') . EOL);
- return;
- }
- }
-
- /**
- *
- * Cleanup old introductions that remain blocked.
- * Also remove the contact record, but only if there is no existing relationship
- * Do not remove email contacts as these may be awaiting email verification
- */
-
- $r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
- FROM `intro` LEFT JOIN `contact` on `intro`.`contact-id` = `contact`.`id`
- WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0
- AND `contact`.`network` != '%s'
- AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 30 MINUTE ",
- dbesc(NETWORK_MAIL2)
- );
- if(count($r)) {
- foreach($r as $rr) {
- if(! $rr['rel']) {
- q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($rr['cid'])
- );
- }
- q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
- intval($rr['iid'])
- );
- }
- }
-
- /**
- *
- * Cleanup any old email intros - which will have a greater lifetime
- */
-
- $r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
- FROM `intro` LEFT JOIN `contact` on `intro`.`contact-id` = `contact`.`id`
- WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0
- AND `contact`.`network` = '%s'
- AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 3 DAY ",
- dbesc(NETWORK_MAIL2)
- );
- if(count($r)) {
- foreach($r as $rr) {
- if(! $rr['rel']) {
- q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
- intval($rr['cid'])
- );
- }
- q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
- intval($rr['iid'])
- );
- }
- }
-
- $email_follow = (x($_POST,'email_follow') ? intval($_POST['email_follow']) : 0);
- $real_name = (x($_POST,'realname') ? notags(trim($_POST['realname'])) : '');
-
- $url = trim($_POST['dfrn_url']);
- if(! strlen($url)) {
- notice( t("Invalid locator") . EOL );
- return;
- }
-
- $hcard = '';
-
- if($email_follow) {
-
- if(! validate_email($url)) {
- notice( t('Invalid email address.') . EOL);
- return;
- }
-
- $addr = $url;
- $name = ($realname) ? $realname : $addr;
- $nick = substr($addr,0,strpos($addr,'@'));
- $url = 'http://' . substr($addr,strpos($addr,'@') + 1);
- $nurl = normalise_url($host);
- $poll = 'email ' . random_string();
- $notify = 'smtp ' . random_string();
- $blocked = 1;
- $pending = 1;
- $network = NETWORK_MAIL2;
- $rel = CONTACT_IS_FOLLOWER;
-
- $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
- if(get_config('system','dfrn_only'))
- $mail_disabled = 1;
-
- if(! $mail_disabled) {
- $failed = false;
- $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
- intval($uid)
- );
- if(! count($r)) {
- notice( t('This account has not been configured for email. Request failed.') . EOL);
- return;
- }
- }
-
- $r = q("insert into contact ( uid, created, addr, name, nick, url, nurl, poll, notify, blocked, pending, network, rel )
- values( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d ) ",
- intval($uid),
- dbesc(datetime_convert()),
- dbesc($addr),
- dbesc($name),
- dbesc($nick),
- dbesc($url),
- dbesc($nurl),
- dbesc($poll),
- dbesc($notify),
- intval($blocked),
- intval($pending),
- dbesc($network),
- intval($rel)
- );
-
- $r = q("select id from contact where poll = '%s' and uid = %d limit 1",
- dbesc($poll),
- intval($uid)
- );
- if(count($r)) {
- $contact_id = $r[0]['id'];
-
- $g = q("select def_gid from user where uid = %d limit 1",
- intval($uid)
- );
- if($g && intval($g[0]['def_gid'])) {
- require_once('include/group.php');
- group_add_member($uid,'',$contact_id,$g[0]['def_gid']);
- }
-
- $photo = avatar_img($addr);
-
- $r = q("UPDATE `contact` SET
- `photo` = '%s',
- `thumb` = '%s',
- `micro` = '%s',
- `name_date` = '%s',
- `uri_date` = '%s',
- `avatar_date` = '%s',
- `hidden` = 0,
- WHERE `id` = %d LIMIT 1
- ",
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- intval($contact_id)
- );
- }
-
- // contact is created. Now create an introduction
-
- $hash = random_string();
-
- $r = q("insert into intro ( uid, `contact-id`, knowyou, note, hash, datetime, blocked )
- values( %d , %d, %d, '%s', '%s', '%s', %d ) ",
- intval($uid),
- intval($contact_id),
- ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
- dbesc(notags(trim($_POST['dfrn-request-message']))),
- dbesc($hash),
- dbesc(datetime_convert()),
- 1
- );
-
- // Next send an email verify form to the requestor.
-
- }
-
- else {
-
- // Canonicalise email-style profile locator
-
- $url = webfinger_dfrn($url,$hcard);
-
- if(substr($url,0,5) === 'stat:') {
- $network = NETWORK_OSTATUS;
- $url = substr($url,5);
- }
- else {
- $network = NETWORK_DFRN;
- }
- }
-
- logger('dfrn_request: url: ' . $url);
-
- if(! strlen($url)) {
- notice( t("Unable to resolve your name at the provided location.") . EOL);
- return;
- }
-
-
- if($network === NETWORK_DFRN) {
- $ret = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1",
- intval($uid),
- dbesc($url)
- );
-
- if(count($ret)) {
- if(strlen($ret[0]['issued_id'])) {
- notice( t('You have already introduced yourself here.') . EOL );
- return;
- }
- elseif($ret[0]['rel'] == CONTACT_IS_FRIEND) {
- notice( sprintf( t('Apparently you are already friends with %s.'), $a->profile['name']) . EOL);
- return;
- }
- else {
- $contact_record = $ret[0];
- $parms = array('dfrn-request' => $ret[0]['request']);
- }
- }
-
- $issued_id = random_string();
-
- if(is_array($contact_record)) {
- // There is a contact record but no issued_id, so this
- // is a reciprocal introduction from a known contact
- $r = q("UPDATE `contact` SET `issued_id` = '%s' WHERE `id` = %d LIMIT 1",
- dbesc($issued_id),
- intval($contact_record['id'])
- );
- }
- else {
- if(! validate_url($url)) {
- notice( t('Invalid profile URL.') . EOL);
- goaway($a->get_baseurl() . '/' . $a->cmd);
- return; // NOTREACHED
- }
-
- if(! allowed_url($url)) {
- notice( t('Disallowed profile URL.') . EOL);
- goaway($a->get_baseurl() . '/' . $a->cmd);
- return; // NOTREACHED
- }
-
-
- require_once('Scrape.php');
-
- $parms = scrape_dfrn(($hcard) ? $hcard : $url);
-
- if(! count($parms)) {
- notice( t('Profile location is not valid or does not contain profile information.') . EOL );
- goaway($a->get_baseurl() . '/' . $a->cmd);
- }
- else {
- if(! x($parms,'fn'))
- notice( t('Warning: profile location has no identifiable owner name.') . EOL );
- if(! x($parms,'photo'))
- notice( t('Warning: profile location has no profile photo.') . EOL );
- $invalid = validate_dfrn($parms);
- if($invalid) {
- notice( sprintf( tt("%d required parameter was not found at the given location",
- "%d required parameters were not found at the given location",
- $invalid), $invalid) . EOL );
-
- return;
- }
- }
-
-
- $parms['url'] = $url;
- $parms['issued_id'] = $issued_id;
-
-
- dbesc_array($parms);
- $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`,`name`, `nick`, `issued_id`, `photo`, `site_pubkey`,
- `request`, `confirm`, `notify`, `poll`, `poco`, `network` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
- intval($uid),
- dbesc(datetime_convert()),
- $parms['url'],
- dbesc(normalise_link($parms['url'])),
- $parms['fn'],
- $parms['nick'],
- $parms['issued_id'],
- $parms['photo'],
- $parms['key'],
- $parms['dfrn-request'],
- $parms['dfrn-confirm'],
- $parms['dfrn-notify'],
- $parms['dfrn-poll'],
- $parms['dfrn-poco'],
- dbesc(NETWORK_DFRN)
- );
-
- // find the contact record we just created
- if($r) {
- $r = q("SELECT `id` FROM `contact`
- WHERE `uid` = %d AND `url` = '%s' AND `issued_id` = '%s' LIMIT 1",
- intval($uid),
- $parms['url'],
- $parms['issued_id']
- );
- if(count($r))
- $contact_record = $r[0];
- }
-
- }
- if($r === false) {
- notice( t('Failed to update contact record.') . EOL );
- return;
- }
-
- $hash = random_string() . (string) time(); // Generate a confirm_key
-
- if(is_array($contact_record)) {
- $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
- VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )",
- intval($uid),
- intval($contact_record['id']),
- ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
- dbesc(notags(trim($_POST['dfrn-request-message']))),
- dbesc($hash),
- dbesc(datetime_convert())
- );
- }
-
- // This notice will only be seen by the requestor if the requestor and requestee are on the same server.
-
- if(! $failed)
- info( t('Your introduction has been sent.') . EOL );
-
- // "Homecoming" - send the requestor back to their site to record the introduction.
-
- $dfrn_url = bin2hex($a->get_baseurl() . '/profile/' . $nickname);
- $aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
-
- goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url"
- . '&dfrn_version=' . DFRN_PROTOCOL_VERSION
- . '&confirm_key=' . $hash
- . (($aes_allow) ? "&aes_allow=1" : "")
- );
- // NOTREACHED
- // END $network === NETWORK_DFRN
- }
- elseif($network === NETWORK_OSTATUS) {
-
- /**
- *
- * OStatus network
- * Check contact existence
- * Try and scrape together enough information to create a contact record,
- * with us as CONTACT_IS_FOLLOWER
- * Substitute our user's feed URL into $url template
- * Send the subscriber home to subscribe
- *
- */
-
- $url = str_replace('{uri}', $a->get_baseurl() . '/dfrn_poll/' . $nickname, $url);
- goaway($url);
- // NOTREACHED
- // END $network === NETWORK_OSTATUS
- }
-
- } return;
-}}
-
-
-
-
-if(! function_exists('dfrn_request_content')) {
-function dfrn_request_content(&$a) {
-
- if(($a->argc != 2) || (! count($a->profile)))
- return "";
-
-
- // "Homecoming". Make sure we're logged in to this site as the correct user. Then offer a confirm button
- // to send us to the post section to record the introduction.
-
- if(x($_GET,'dfrn_url')) {
-
- if(! local_user()) {
- info( t("Please login to confirm introduction.") . EOL );
-
- /* setup the return URL to come back to this page if they use openid */
-
- $stripped = str_replace('q=','',$a->query_string);
- $_SESSION['return_url'] = trim($stripped,'/');
-
- return login();
- }
-
- // Edge case, but can easily happen in the wild. This person is authenticated,
- // but not as the person who needs to deal with this request.
-
- if ($a->user['nickname'] != $a->argv[1]) {
- notice( t("Incorrect identity currently logged in. Please login to <strong>this</strong> profile.") . EOL);
- return login();
- }
-
- $dfrn_url = notags(trim(hex2bin($_GET['dfrn_url'])));
- $aes_allow = (((x($_GET,'aes_allow')) && ($_GET['aes_allow'] == 1)) ? 1 : 0);
- $confirm_key = (x($_GET,'confirm_key') ? $_GET['confirm_key'] : "");
- $tpl = get_markup_template("dfrn_req_confirm.tpl");
- $o = replace_macros($tpl,array(
- '$dfrn_url' => $dfrn_url,
- '$aes_allow' => (($aes_allow) ? '<input type="hidden" name="aes_allow" value="1" />' : "" ),
- '$hidethem' => t('Hide this contact'),
- '$hidechecked' => '',
- '$confirm_key' => $confirm_key,
- '$welcome' => sprintf( t('Welcome home %s.'), $a->user['username']),
- '$please' => sprintf( t('Please confirm your introduction/connection request to %s.'), $dfrn_url),
- '$submit' => t('Confirm'),
- '$uid' => $_SESSION['uid'],
- '$nickname' => $a->user['nickname'],
- 'dfrn_rawurl' => $_GET['dfrn_url']
- ));
- return $o;
-
- }
- elseif((x($_GET,'confirm_key')) && strlen($_GET['confirm_key'])) {
-
- // we are the requestee and it is now safe to send our user their introduction,
- // We could just unblock it, but first we have to jump through a few hoops to
- // send an email, or even to find out if we need to send an email.
-
- $intro = q("SELECT * FROM `intro` WHERE `hash` = '%s' LIMIT 1",
- dbesc($_GET['confirm_key'])
- );
-
- if(count($intro)) {
-
- $r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE `contact`.`id` = %d LIMIT 1",
- intval($intro[0]['contact-id'])
- );
-
- $auto_confirm = false;
-
- if(count($r)) {
- if(($r[0]['page-flags'] != PAGE_NORMAL) && ($r[0]['page-flags'] != PAGE_PRVGROUP))
- $auto_confirm = true;
-
- if(! $auto_confirm) {
- require_once('include/enotify.php');
- notification(array(
- 'type' => NOTIFY_INTRO,
- 'notify_flags' => $r[0]['notify-flags'],
- 'language' => $r[0]['language'],
- 'to_name' => $r[0]['username'],
- 'to_email' => $r[0]['email'],
- 'uid' => $r[0]['uid'],
- 'link' => $a->get_baseurl() . '/notifications/intros',
- 'source_name' => ((strlen(stripslashes($r[0]['name']))) ? stripslashes($r[0]['name']) : t('[Name Withheld]')),
- 'source_link' => $r[0]['url'],
- 'source_photo' => $r[0]['photo'],
- 'verb' => ACTIVITY_REQ_FRIEND,
- 'otype' => 'intro'
- ));
- }
-
- if($auto_confirm) {
- require_once('mod/dfrn_confirm.php');
- $handsfree = array(
- 'uid' => $r[0]['uid'],
- 'node' => $r[0]['nickname'],
- 'dfrn_id' => $r[0]['issued_id'],
- 'intro_id' => $intro[0]['id'],
- 'duplex' => (($r[0]['page-flags'] == PAGE_FREELOVE) ? 1 : 0),
- 'activity' => intval(get_pconfig($r[0]['uid'],'system','post_newfriend'))
- );
- dfrn_confirm_post($a,$handsfree);
- }
-
- }
-
- if(! $auto_confirm) {
-
- // If we are auto_confirming, this record will have already been nuked
- // in dfrn_confirm_post()
-
- $r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
- dbesc($_GET['confirm_key'])
- );
- }
- }
-
- killme();
- return; // NOTREACHED
- }
- else {
-
- /**
- * Normal web request. Display our user's introduction form.
- */
-
- if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
- notice( t('Public access denied.') . EOL);
- return;
- }
-
-
- /**
- * Try to auto-fill the profile address
- */
-
- if(local_user()) {
- if(strlen($a->path)) {
- $myaddr = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
- }
- else {
- $myaddr = $a->user['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 );
- }
- }
- elseif(x($_GET,'addr')) {
- $myaddr = hex2bin($_GET['addr']);
- }
- else {
- /* $_GET variables are already urldecoded */
- $myaddr = ((x($_GET,'address')) ? $_GET['address'] : '');
- }
-
- // last, try a zid
- if(! strlen($myaddr))
- $myaddr = get_my_url();
-
-
- $target_addr = $a->profile['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 );
-
-
- /**
- *
- * The auto_request form only has the profile address
- * because nobody is going to read the comments and
- * it doesn't matter if they know you or not.
- *
- */
-
- if($a->profile['page-flags'] == PAGE_NORMAL)
- $tpl = get_markup_template('dfrn_request.tpl');
- else
- $tpl = get_markup_template('auto_request.tpl');
-
- $page_desc .= t("Please enter your 'Identity Address' from one of the following supported communications networks:");
-
-
- $emailnet = '';
-
- $invite_desc = t('If you are not yet a member of the free social web, <a href="http://dir.friendica.com/siteinfo">follow this link to find a public Friendica site and join us today</a>.');
-
- $o .= replace_macros($tpl,array(
- '$header' => t('Friend/Connection Request'),
- '$desc' => t('Examples: jojo@zothub.com, bob@example.com'),
- '$pls_answer' => t('Please answer the following:'),
- '$does_know' => sprintf( t('Does %s know you?'),$a->profile['name']),
- '$yes' => t('Yes'),
- '$no' => t('No'),
- '$add_note' => t('Add a personal note:'),
- '$page_desc' => $page_desc,
- '$friendica' => t('Friendica'),
- '$statusnet' => t('StatusNet/Federated Social Web'),
- '$diaspora' => t('Diaspora'),
- '$diasnote' => sprintf (t(' - please do not use this form. Instead, enter %s into your Diaspora search bar.'),$target_addr),
- '$your_address' => t('Your webbie (web-id):'),
- '$invite_desc' => $invite_desc,
- '$emailnet' => $emailnet,
- '$submit' => t('Submit Request'),
- '$cancel' => t('Cancel'),
- '$nickname' => $a->argv[1],
- '$name' => $a->profile['name'],
- '$myaddr' => $myaddr
- ));
- return $o;
- }
-
- return; // Somebody is fishing.
-}}