aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/dfrn_confirm.php60
-rw-r--r--mod/dfrn_request.php39
-rw-r--r--mod/lostpass.php3
-rw-r--r--mod/register.php8
-rw-r--r--mod/settings.php2
-rw-r--r--mod/xrd.php2
6 files changed, 87 insertions, 27 deletions
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 3df36182e..82e1b7624 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -1,32 +1,60 @@
<?php
-// There are two possible entry points. Both are called via POST.
+// There are two possible entry points.
-function dfrn_confirm_post(&$a) {
+function dfrn_confirm_post(&$a,$handsfree = null) {
- if($a->argc > 1)
- $node = $a->argv[1];
+ if(is_array($handsfree)) {
+
+ // called directly from dfrn_request due to automatic friend acceptance
+ // any $_POST parameters we might need are supplied in the $handsfree array
+
+ $node = $handsfree['node'];
+ $a->interactive = false; // notice() becomes a no-op since nobody is there to see it
+
+ }
+ else {
+ if($a->argc > 1)
+ $node = $a->argv[1];
+ }
// Main entry point. Our user received a friend request notification (perhaps
// from another site) and clicked 'Accept'. $POST['source_url'] is not set.
- // They will perform the following:
+ // OR we have been called directly from dfrn_request ($handsfree != null) due to
+ // this being a page type which supports automatic friend acceptance.
if(! x($_POST,'source_url')) {
-
- $uid = get_uid();
+
+ $uid = ((is_array($handsfree)) ? $handsfree['uid'] : get_uid());
if(! $uid) {
notice( t('Permission denied.') . EOL );
return;
}
- // These come from the friend request notification form.
-
- $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
- $intro_id = intval($_POST['intro_id']);
- $duplex = intval($_POST['duplex']);
+ $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+ intval($uid)
+ );
+
+ if(! $user) {
+ notice( t('Profile not found.') . EOL );
+ return;
+ }
+ // These come from the friend request notification form or $handsfree reply.
+
+ if(is_array($handsfree)) {
+ $dfrn_id = $handsfree['dfrn_id'];
+ $intro_id = $handsfree['intro_id'];
+ $duplex = $handsfre['duplex'];
+ }
+ else {
+ $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
+ $intro_id = intval($_POST['intro_id']);
+ $duplex = intval($_POST['duplex']);
+ }
+
// The other person will have been issued an ID when they first requested friendship.
// Locate their record. At this time, their record will have both pending and blocked set to 1.
@@ -75,7 +103,6 @@ function dfrn_confirm_post(&$a) {
intval($uid)
);
-
$params = array();
// Per the protocol document, we will verify both ends by encrypting the dfrn_id with our
@@ -92,13 +119,13 @@ function dfrn_confirm_post(&$a) {
$src_aes_key = random_string();
$result = '';
- openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']);
+ openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
$params['dfrn_id'] = bin2hex($result);
$params['public_key'] = $public_key;
- $my_url = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
+ $my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
$params['source_url'] = bin2hex($params['source_url']);
@@ -266,7 +293,8 @@ function dfrn_confirm_post(&$a) {
// Let's send our user to the contact editor in case they want to
// do anything special with this new friend.
- goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
+ if($handsfree === null)
+ goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
return; //NOTREACHED
}
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 3c16e2560..6821e1fd6 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -208,11 +208,16 @@ function dfrn_request_post(&$a) {
notice( t('You have already introduced yourself here.') . EOL );
return;
}
+ elseif($ret[0]['rel'] == REL_BUD) {
+ notice( t('Apparently you are already friends with .') . $a->profile['name'] . EOL);
+ return;
+ }
else {
$contact_record = $ret[0];
$parms = array('dfrn-request' => $ret[0]['request']);
}
}
+
$issued_id = random_string();
if(is_array($contact_record)) {
@@ -314,8 +319,7 @@ function dfrn_request_post(&$a) {
);
}
-
- // This notice will only be seen by the requestor if the requestor and requestee are on the same server.
+ // This notice will only be seen by the requestor if the requestor and requestee are on the same server.
if(! $failed)
notice( t('Your introduction has been sent.') . EOL );
@@ -417,9 +421,13 @@ function dfrn_request_content(&$a) {
WHERE `contact`.`id` = %d LIMIT 1",
intval($intro[0]['contact-id'])
);
- if(count($r)) {
- if($r[0]['notify-flags'] & NOTIFY_INTRO) {
+ $auto_confirm = false;
+
+ if(count($r)) {
+ if($r[0]['page-flags'] != PAGE_NORMAL)
+ $auto_confirm = true;
+ if(($r[0]['notify-flags'] & NOTIFY_INTRO) && (! $auto_confirm)) {
$email_tpl = load_view_file('view/request_notify_eml.tpl');
$email = replace_macros($email_tpl, array(
'$requestor' => ((strlen(stripslashes($r[0]['name']))) ? stripslashes($r[0]['name']) : t('[Name Withheld]')),
@@ -434,12 +442,29 @@ function dfrn_request_content(&$a) {
'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
// This is a redundant notification - no point throwing errors if it fails.
}
+ if($auto_confirm) {
+ require_once('mod/dfrn_confirm.php');
+ $handsfree = array(
+ 'uid' => $r[0]['uid'],
+ 'node' => $r[0]['nickname'],
+ 'dfrn_id' => $r[0]['issued-id'],
+ 'intro_id' => $intro[0]['id'],
+ 'duplex' => (($r[0]['page-flags'] == PAGE_FREELOVE) ? 1 : 0)
+ );
+ dfrn_confirm_post($a,$handsfree);
+ }
+
}
- $r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
- dbesc($_GET['confirm_key'])
- );
+ if(! $auto_confirm) {
+ // If we are auto_confirming, this record will have already been nuked
+ // in dfrn_confirm_post()
+
+ $r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
+ dbesc($_GET['confirm_key'])
+ );
+ }
}
killme();
return; // NOTREACHED
diff --git a/mod/lostpass.php b/mod/lostpass.php
index 20d35133a..0b5dc1376 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -7,7 +7,8 @@ function lostpass_post(&$a) {
if(! $email)
goaway($a->get_baseurl());
- $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
+ $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
+ dbesc($email),
dbesc($email)
);
if(! count($r))
diff --git a/mod/register.php b/mod/register.php
index 890bc69b7..6f0469db8 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -250,7 +250,13 @@ function register_post(&$a) {
if(! function_exists('register_content')) {
function register_content(&$a) {
- if($a->config['register_policy'] == REGISTER_CLOSED) {
+ // logged in users can register others (people/pages/groups)
+ // even with closed registrations, unless specifically prohibited by site policy.
+ // 'block_extended_register' blocks all registrations, period.
+
+ $block = get_config('system','block_extended_register');
+
+ if((($a->config['register_policy'] == REGISTER_CLOSED) && (! getuid())) || ($block)) {
notice("Permission denied." . EOL);
return;
}
diff --git a/mod/settings.php b/mod/settings.php
index b76d9ffb9..5caf08b04 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -198,7 +198,7 @@ function settings_content(&$a) {
? true : false);
if($invisible)
- notice( t('Profile is not published.') . EOL );
+ notice( t('Profile is <strong>not published</strong>.') . EOL );
$nickname_block = load_view_file("view/settings_nick_set.tpl");
diff --git a/mod/xrd.php b/mod/xrd.php
index fd87803e9..47516e8dd 100644
--- a/mod/xrd.php
+++ b/mod/xrd.php
@@ -28,7 +28,7 @@ function xrd_content(&$a) {
'$accturi' => $uri,
'$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'],
'$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'],
- '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'],
+ '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg',
'$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'],
'$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention',
'$modexp' => 'data:application/magic-public-key,' . $salmon_key