From 33b22338dc7e8e3f08d8b20e94a9bce488d1f308 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 24 Jan 2013 18:51:02 -0800 Subject: turn private_messages_list into backend functionality and separate it from the controller --- include/message.php | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index fd9698381..71d0c13bd 100644 --- a/include/message.php +++ b/include/message.php @@ -109,4 +109,50 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } +function private_messages_list($uid, $mailbox = '', $order = 'desc', $start = 0, $numitems = 0) { + $where = ''; + $limit = ''; + + if($numitems) + $limit = " LIMIT " . intval($start) . ", " . intval($numitems); + + if($mailbox !== '') { + $x = q("select channel_hash from channel where channel_id = %d limit 1", + intval($uid) + ); + if(! $x) + return array(); + if($mailbox === 'inbox') + $where = " and sender_xchan != '" . dbesc($x[0]['channel_hash']) . "' "; + elseif($mailbox === 'outbox') + $where = " and sender_xchan = '" . dbesc($x[0]['channel_hash']) . "' "; + } + + + $r = q("SELECT * from mail WHERE channel_id = %d $where order by created $order $limit", + intval(local_user()) + ); + if(! $r) { + return array(); + } + + $chans = array(); + foreach($r as $rr) { + $s = "'" . dbesc(trim($rr['from_xchan'])) . "'"; + if(! in_array($s,$chans)) + $chans[] = $s; + $s = "'" . dbesc(trim($rr['to_xchan'])) . "'"; + if(! in_array($s,$chans)) + $chans[] = $s; + } + + $c = q("select * from xchan where xchan_hash in (" . implode(',',$chans) . ")"); + + foreach($r as $k => $rr) { + $r[$k]['from'] = find_xchan_in_array($rr['from_xchan'],$c); + $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); + $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); + } + return $r; +} \ No newline at end of file -- cgit v1.2.3 From 851e436d04fa6dd975666369e8d746036b700d5d Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 24 Jan 2013 23:45:15 -0800 Subject: make all private message functionality api-able --- include/message.php | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 71d0c13bd..5e7b49e35 100644 --- a/include/message.php +++ b/include/message.php @@ -44,7 +44,6 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } - $r = q("INSERT INTO `mail` ( account_id, channel_id, from_xchan, to_xchan, title, body, uri, parent_uri, created ) VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), @@ -155,4 +154,99 @@ function private_messages_list($uid, $mailbox = '', $order = 'desc', $start = 0, $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); } return $r; +} + + + +function private_messages_fetch_message($channel_id, $messageitem_id, $updateseen = false) { + + $messages = q("select * from mail where id = %d and channel_id = %d order by created asc", + dbesc($messageitem_id), + intval($channel_id) + ); + + if(! $messages) + return array(); + + $chans = array(); + foreach($messages as $rr) { + $s = "'" . dbesc(trim($rr['from_xchan'])) . "'"; + if(! in_array($s,$chans)) + $chans[] = $s; + $s = "'" . dbesc(trim($rr['to_xchan'])) . "'"; + if(! in_array($s,$chans)) + $chans[] = $s; + } + + $c = q("select * from xchan where xchan_hash in (" . implode(',',$chans) . ")"); + + foreach($messages as $k => $message) { + $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); + $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); + } + + if($updateseen) { + $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and id = %d AND channel_id = %d", + intval(MAIL_SEEN), + intval(MAIL_SEEN), + dbesc($messageitem_id), + intval($channel_id) + ); + } + + return $messages; + +} + + +function private_messages_fetch_conversation($channel_id, $messageitem_id, $updateseen = false) { + + // find the parent_uri of the message being requested + + $r = q("SELECT parent_uri from mail WHERE channel_id = %d and id = %d limit 1", + intval($channel_id), + intval($messageitem_id) + ); + + if(! $r) + return array(); + + $messages = q("select * from mail where parent_uri = '%s' and channel_id = %d order by created asc", + dbesc($r[0]['parent_uri']), + intval($channel_id) + ); + + if(! $messages) + return array(); + + $chans = array(); + foreach($messages as $rr) { + $s = "'" . dbesc(trim($rr['from_xchan'])) . "'"; + if(! in_array($s,$chans)) + $chans[] = $s; + $s = "'" . dbesc(trim($rr['to_xchan'])) . "'"; + if(! in_array($s,$chans)) + $chans[] = $s; + } + + + $c = q("select * from xchan where xchan_hash in (" . implode(',',$chans) . ")"); + + foreach($messages as $k => $message) { + $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); + $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); + } + + + if($updateseen) { + $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_uri = '%s' AND channel_id = %d", + intval(MAIL_SEEN), + intval(MAIL_SEEN), + dbesc($r[0]['parent_uri']), + intval($channel_id) + ); + } + + return $messages; + } \ No newline at end of file -- cgit v1.2.3 From c657cabc9a2bc3b97ef3e10875fcb159026c314b Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 25 Jan 2013 12:28:32 -0800 Subject: Putting the final wraps on the backend private message API. This is more or less what needs to happen for every data type and get all the SQL code out of the front-end controllers. --- include/message.php | 82 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 63 insertions(+), 19 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 5e7b49e35..f3bc61465 100644 --- a/include/message.php +++ b/include/message.php @@ -1,14 +1,21 @@ false); + $a = get_app(); - if(! $recipient) return -1; + if(! $recipient) { + $ret['message'] = t('No recipient provided.'); + return $ret; + } if(! strlen($subject)) $subject = t('[no subject]'); @@ -25,6 +32,12 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $channel = get_app()->get_channel(); } + if(! $channel) { + $ret['message'] = t('Unable to determine sender.'); + return $ret; + } + + // generate a unique message_id do { $dups = false; @@ -32,7 +45,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $uri = $hash . '@' . get_app()->get_hostname(); - $r = q("SELECT `id` FROM mail WHERE `uri` = '%s' LIMIT 1", + $r = q("SELECT id FROM mail WHERE uri = '%s' LIMIT 1", dbesc($uri)); if(count($r)) $dups = true; @@ -44,10 +57,10 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } - $r = q("INSERT INTO `mail` ( account_id, channel_id, from_xchan, to_xchan, title, body, uri, parent_uri, created ) + $r = q("INSERT INTO mail ( account_id, channel_id, from_xchan, to_xchan, title, body, uri, parent_uri, created ) VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), - intval(local_user()), + intval($channel['channel_id']), dbesc($channel['channel_hash']), dbesc($recipient), dbesc($subject), @@ -57,14 +70,18 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' dbesc(datetime_convert()) ); + // verify the save - $r = q("SELECT * FROM `mail` WHERE uri = '%s' and channel_id = %d LIMIT 1", + $r = q("SELECT * FROM mail WHERE uri = '%s' and channel_id = %d LIMIT 1", dbesc($uri), - intval(local_user()) + intval($channel['channel_id']) ); if(count($r)) $post_id = $r[0]['id']; - + else { + $ret['message'] = t('Stored post could not be verified.'); + return $ret; + } /** * @@ -88,27 +105,25 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' continue; $image_uri = substr($image,strrpos($image,'/') + 1); $image_uri = substr($image_uri,0, strpos($image_uri,'-')); - $r = q("UPDATE `photo` SET `allow_cid` = '%s' - WHERE `resource_id` = '%s' AND `album` = '%s' AND `uid` = %d ", + $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", dbesc('<' . $recipient . '>'), dbesc($image_uri), - dbesc( t('Wall Photos')), - intval(local_user()) + intval($channel['channel_id']), + dbesc('<' . $channel['channel_hash'] . '>') ); } } } - if($post_id) { - proc_run('php',"include/notifier.php","mail","$post_id"); - return intval($post_id); - } else { - return -3; - } + proc_run('php','include/notifier.php','mail',$post_id); + + $ret['success'] = true; + $ret['message_item'] = intval($post_id); + return; } -function private_messages_list($uid, $mailbox = '', $order = 'desc', $start = 0, $numitems = 0) { +function private_messages_list($uid, $mailbox = '', $order = 'created desc', $start = 0, $numitems = 0) { $where = ''; $limit = ''; @@ -129,7 +144,7 @@ function private_messages_list($uid, $mailbox = '', $order = 'desc', $start = 0, } - $r = q("SELECT * from mail WHERE channel_id = %d $where order by created $order $limit", + $r = q("SELECT * from mail WHERE channel_id = %d $where order by $order $limit", intval(local_user()) ); if(! $r) { @@ -199,6 +214,35 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee } +function private_messages_drop($channel_id, $messageitem_id, $drop_conversation = false) { + + if($drop_conversation) { + // find the parent_id + $p = q("SELECT parent_uri FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", + intval($messageitem_id), + intval($channel_id) + ); + if($p) { + $r = q("DELETE FROM mail WHERE parent_uri = '%s' AND channel_id = %d ", + dbesc($p[0]['parent_uri']), + intval($channel_id) + ); + if($r) + return true; + } + } + else { + $r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", + intval($messageitem_id), + intval($channel_id) + ); + if($r) + return true; + } + return false; +} + + function private_messages_fetch_conversation($channel_id, $messageitem_id, $updateseen = false) { // find the parent_uri of the message being requested -- cgit v1.2.3 From a8575199af9c1697af49ff8a4f15eb904a1773d5 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 25 Jan 2013 13:55:42 -0800 Subject: upstream fixes, template regeneration --- include/message.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index f3bc61465..756baf15e 100644 --- a/include/message.php +++ b/include/message.php @@ -123,7 +123,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } -function private_messages_list($uid, $mailbox = '', $order = 'created desc', $start = 0, $numitems = 0) { +function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $where = ''; $limit = ''; @@ -143,8 +143,10 @@ function private_messages_list($uid, $mailbox = '', $order = 'created desc', $st $where = " and sender_xchan = '" . dbesc($x[0]['channel_hash']) . "' "; } + // For different orderings, consider applying usort on the results. We thought of doing that + // inside this function or having some preset sorts, but don't wish to limit app developers. - $r = q("SELECT * from mail WHERE channel_id = %d $where order by $order $limit", + $r = q("SELECT * from mail WHERE channel_id = %d $where order by created desc $limit", intval(local_user()) ); if(! $r) { @@ -168,6 +170,7 @@ function private_messages_list($uid, $mailbox = '', $order = 'created desc', $st $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); } + return $r; } -- cgit v1.2.3 From ff0a73bf40d0503eb5a4d48be60666b73c47d4f9 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 4 Feb 2013 15:06:23 -0800 Subject: null notice when sending private mail --- include/message.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 756baf15e..00cf30512 100644 --- a/include/message.php +++ b/include/message.php @@ -76,7 +76,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' dbesc($uri), intval($channel['channel_id']) ); - if(count($r)) + if($r) $post_id = $r[0]['id']; else { $ret['message'] = t('Stored post could not be verified.'); @@ -119,7 +119,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $ret['success'] = true; $ret['message_item'] = intval($post_id); - return; + return $ret; } -- cgit v1.2.3 From ea3940c4b0b8232e2de0771811b9f90ade9ee45f Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 25 Feb 2013 17:09:40 -0800 Subject: start formatting for Doxygen --- include/message.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 00cf30512..4fd10ad8c 100644 --- a/include/message.php +++ b/include/message.php @@ -1,4 +1,4 @@ - Date: Thu, 21 Mar 2013 18:25:41 -0700 Subject: rename 'uri' (and parent_uri) to 'mid' (and parent_mid) since these no longer remotely resemble uri's and are actually message_id's. This change is potentially destabilising because it touches a lot of code and structure. But it has to get done and there's no better time than the present. --- include/message.php | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 4fd10ad8c..8b7ed5d03 100644 --- a/include/message.php +++ b/include/message.php @@ -43,21 +43,21 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $dups = false; $hash = random_string(); - $uri = $hash . '@' . get_app()->get_hostname(); + $mid = $hash . '@' . get_app()->get_hostname(); - $r = q("SELECT id FROM mail WHERE uri = '%s' LIMIT 1", - dbesc($uri)); + $r = q("SELECT id FROM mail WHERE mid = '%s' LIMIT 1", + dbesc($mid)); if(count($r)) $dups = true; } while($dups == true); if(! strlen($replyto)) { - $replyto = $uri; + $replyto = $mid; } - $r = q("INSERT INTO mail ( account_id, channel_id, from_xchan, to_xchan, title, body, uri, parent_uri, created ) + $r = q("INSERT INTO mail ( account_id, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), intval($channel['channel_id']), @@ -65,15 +65,15 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' dbesc($recipient), dbesc($subject), dbesc($body), - dbesc($uri), + dbesc($mid), dbesc($replyto), dbesc(datetime_convert()) ); // verify the save - $r = q("SELECT * FROM mail WHERE uri = '%s' and channel_id = %d LIMIT 1", - dbesc($uri), + $r = q("SELECT * FROM mail WHERE mid = '%s' and channel_id = %d LIMIT 1", + dbesc($mid), intval($channel['channel_id']) ); if($r) @@ -221,13 +221,13 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation if($drop_conversation) { // find the parent_id - $p = q("SELECT parent_uri FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", + $p = q("SELECT parent_mid FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", intval($messageitem_id), intval($channel_id) ); if($p) { - $r = q("DELETE FROM mail WHERE parent_uri = '%s' AND channel_id = %d ", - dbesc($p[0]['parent_uri']), + $r = q("DELETE FROM mail WHERE parent_mid = '%s' AND channel_id = %d ", + dbesc($p[0]['parent_mid']), intval($channel_id) ); if($r) @@ -248,9 +248,9 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation function private_messages_fetch_conversation($channel_id, $messageitem_id, $updateseen = false) { - // find the parent_uri of the message being requested + // find the parent_mid of the message being requested - $r = q("SELECT parent_uri from mail WHERE channel_id = %d and id = %d limit 1", + $r = q("SELECT parent_mid from mail WHERE channel_id = %d and id = %d limit 1", intval($channel_id), intval($messageitem_id) ); @@ -258,8 +258,8 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if(! $r) return array(); - $messages = q("select * from mail where parent_uri = '%s' and channel_id = %d order by created asc", - dbesc($r[0]['parent_uri']), + $messages = q("select * from mail where parent_mid = '%s' and channel_id = %d order by created asc", + dbesc($r[0]['parent_mid']), intval($channel_id) ); @@ -286,10 +286,10 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if($updateseen) { - $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_uri = '%s' AND channel_id = %d", + $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_mid = '%s' AND channel_id = %d", intval(MAIL_SEEN), intval(MAIL_SEEN), - dbesc($r[0]['parent_uri']), + dbesc($r[0]['parent_mid']), intval($channel_id) ); } -- cgit v1.2.3 From b4f4b8cb13bd9d629cad03477f9219fc613f0a55 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 19 Jul 2013 02:45:44 -0700 Subject: private mail is just a little more private now. Not encrypted and the obfuscation is easily reversible, but not casually readable by browsing logfiles or mysql dumps. This isn't backward compatible - folks will have to upgrade if they can't read their mail. --- include/message.php | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 8b7ed5d03..6c44a54f3 100644 --- a/include/message.php +++ b/include/message.php @@ -57,14 +57,15 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } - $r = q("INSERT INTO mail ( account_id, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) + VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), + intval(MAIL_OBSCURED), intval($channel['channel_id']), dbesc($channel['channel_hash']), dbesc($recipient), - dbesc($subject), - dbesc($body), + dbesc(base64url_encode($subject)), + dbesc(base64url_encode($body)), dbesc($mid), dbesc($replyto), dbesc(datetime_convert()) @@ -169,6 +170,12 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $r[$k]['from'] = find_xchan_in_array($rr['from_xchan'],$c); $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); + if($r[$k]['mail_flags'] & MAIL_OBSCURED) { + $r[$k]['title'] = base64url_decode($r[$k]['title']); + $r[$k]['body'] = base64url_decode($r[$k]['body']); + } + + } return $r; @@ -201,6 +208,10 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee foreach($messages as $k => $message) { $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); + if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { + $messages[$k]['title'] = base64url_decode($messages[$k]['title']); + $messages[$k]['body'] = base64url_decode($messages[$k]['body']); + } } if($updateseen) { @@ -282,6 +293,11 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda foreach($messages as $k => $message) { $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); + if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { + $messages[$k]['title'] = base64url_decode($messages[$k]['title']); + $messages[$k]['body'] = base64url_decode($messages[$k]['body']); + } + } -- cgit v1.2.3 From c00c550c58f0125785b194c9413a98e114a7ab98 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 31 Jul 2013 02:32:41 -0700 Subject: better mail obscuring --- include/message.php | 94 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 54 insertions(+), 40 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 6c44a54f3..d6294cdba 100644 --- a/include/message.php +++ b/include/message.php @@ -2,6 +2,7 @@ /* Private Message backend API */ +require_once('include/crypto.php'); // send a private message @@ -56,6 +57,28 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $replyto = $mid; } + /** + * + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. + * + */ + + $match = null; + $images = null; + if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) + $images = $match[1]; + + $key = get_config('system','pubkey'); + if($subject) + $subject = json_encode(aes_encapsulate($subject,$key)); + if($body) + $body = json_encode(aes_encapsulate($body,$key)); $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", @@ -64,8 +87,8 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' intval($channel['channel_id']), dbesc($channel['channel_hash']), dbesc($recipient), - dbesc(base64url_encode($subject)), - dbesc(base64url_encode($body)), + dbesc($subject), + dbesc($body), dbesc($mid), dbesc($replyto), dbesc(datetime_convert()) @@ -84,35 +107,18 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' return $ret; } - /** - * - * When a photo was uploaded into the message using the (profile wall) ajax - * uploader, The permissions are initially set to disallow anybody but the - * owner from seeing it. This is because the permissions may not yet have been - * set for the post. If it's private, the photo permissions should be set - * appropriately. But we didn't know the final permissions on the post until - * now. So now we'll look for links of uploaded messages that are in the - * post and set them to the same permissions as the post itself. - * - */ - - $match = null; - - if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) { - $images = $match[1]; - if(count($images)) { - foreach($images as $image) { - if(! stristr($image,$a->get_baseurl() . '/photo/')) - continue; - $image_uri = substr($image,strrpos($image,'/') + 1); - $image_uri = substr($image_uri,0, strpos($image_uri,'-')); - $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", - dbesc('<' . $recipient . '>'), - dbesc($image_uri), - intval($channel['channel_id']), - dbesc('<' . $channel['channel_hash'] . '>') - ); - } + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", + dbesc('<' . $recipient . '>'), + dbesc($image_uri), + intval($channel['channel_id']), + dbesc('<' . $channel['channel_hash'] . '>') + ); } } @@ -171,11 +177,14 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); if($r[$k]['mail_flags'] & MAIL_OBSCURED) { - $r[$k]['title'] = base64url_decode($r[$k]['title']); - $r[$k]['body'] = base64url_decode($r[$k]['body']); - } - + logger('unencrypting'); + $key = get_config('system','prvkey'); + if($r[$k]['title']) + $r[$k]['title'] = aes_unencapsulate(json_decode($r[$k]['title'],true),$key); + if($r[$k]['body']) + $r[$k]['body'] = aes_unencapsulate(json_decode($r[$k]['body'],true),$key); + } } return $r; @@ -209,8 +218,11 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { - $messages[$k]['title'] = base64url_decode($messages[$k]['title']); - $messages[$k]['body'] = base64url_decode($messages[$k]['body']); + $key = get_config('system','prvkey'); + if($messages[$k]['title']) + $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key); + if($messages[$k]['body']) + $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key); } } @@ -294,10 +306,12 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { - $messages[$k]['title'] = base64url_decode($messages[$k]['title']); - $messages[$k]['body'] = base64url_decode($messages[$k]['body']); + $key = get_config('system','prvkey'); + if($messages[$k]['title']) + $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key); + if($messages[$k]['body']) + $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key); } - } -- cgit v1.2.3 From 24b9799dcad3dc4a224ce2ceaf52645657106a60 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 6 Aug 2013 03:54:49 -0700 Subject: convert all stored json calls to json_decode_plus() --- include/message.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index d6294cdba..fc0d5f2b3 100644 --- a/include/message.php +++ b/include/message.php @@ -181,9 +181,9 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $key = get_config('system','prvkey'); if($r[$k]['title']) - $r[$k]['title'] = aes_unencapsulate(json_decode($r[$k]['title'],true),$key); + $r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key); if($r[$k]['body']) - $r[$k]['body'] = aes_unencapsulate(json_decode($r[$k]['body'],true),$key); + $r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key); } } @@ -220,9 +220,9 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key); + $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key); + $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } @@ -308,9 +308,9 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key); + $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key); + $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } -- cgit v1.2.3 From cd5fdbcb48a2e05198bb9daaf0753e8218ea4285 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 19 Aug 2013 21:19:39 -0700 Subject: email attachments (and fix email photos) --- include/message.php | 49 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index fc0d5f2b3..e54a6cd83 100644 --- a/include/message.php +++ b/include/message.php @@ -3,6 +3,7 @@ /* Private Message backend API */ require_once('include/crypto.php'); +require_once('include/attach.php'); // send a private message @@ -74,14 +75,44 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) $images = $match[1]; + $match = false; + + if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) + $attaches = $match[1]; + + $attachments = ''; + + if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { + $attachments = array(); + foreach($match[2] as $mtch) { + $hash = substr($mtch,0,strpos($mtch,',')); + $rev = intval(substr($mtch,strpos($mtch,','))); + $r = attach_by_hash_nodata($hash,$rev); + if($r['success']) { + $attachments[] = array( + 'href' => $a->get_baseurl() . '/attach/' . $r['data']['hash'], + 'length' => $r['data']['filesize'], + 'type' => $r['data']['filetype'], + 'title' => urlencode($r['data']['filename']), + 'revision' => $r['data']['revision'] + ); + } + $body = str_replace($match[1],'',$body); + } + } + + $jattach = (($attachments) ? json_encode($attachments) : ''); + $key = get_config('system','pubkey'); if($subject) $subject = json_encode(aes_encapsulate($subject,$key)); if($body) $body = json_encode(aes_encapsulate($body,$key)); - $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) - VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + + + $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created ) + VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), intval(MAIL_OBSCURED), intval($channel['channel_id']), @@ -89,6 +120,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' dbesc($recipient), dbesc($subject), dbesc($body), + dbesc($jattach), dbesc($mid), dbesc($replyto), dbesc(datetime_convert()) @@ -122,6 +154,19 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } } + if($attaches) { + foreach($attaches as $attach) { + $hash = substr($attach,0,strpos($attach,',')); + $rev = intval(substr($attach,strpos($attach,','))); + attach_store($channel,$observer_hash,$options = 'update', array( + 'hash' => $hash, + 'revision' => $rev, + 'allow_cid' => '<' . $recipient . '>', + + )); + } + } + proc_run('php','include/notifier.php','mail',$post_id); $ret['success'] = true; -- cgit v1.2.3 From 6162de142c2765c770f43bf269f0444310551705 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 6 Nov 2013 18:28:36 -0800 Subject: allow private mail sender to set an expiration on their messages. Once expired the message is destroyed at both ends (subject to the granularity of the polling interval) and is gone. Officially it takes some form of language independent string like 2013/11/22, but English speakers can use anything that strtotime() understands, like "+30 minutes" or "next Tuesday". --- include/message.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index e54a6cd83..3bcd5e209 100644 --- a/include/message.php +++ b/include/message.php @@ -8,7 +8,7 @@ require_once('include/attach.php'); // send a private message -function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=''){ +function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='',$expires = ''){ $ret = array('success' => false); @@ -22,6 +22,10 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' if(! strlen($subject)) $subject = t('[no subject]'); +// if(! $expires) +// $expires = '0000-00-00 00:00:00'; +// else +// $expires = datetime_convert(date_default_timezone_get(),'UTC',$expires); if($uid) { $r = q("select * from channel where channel_id = %d limit 1", @@ -111,8 +115,8 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' - $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created ) - VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created, expires ) + VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), intval(MAIL_OBSCURED), intval($channel['channel_id']), @@ -123,7 +127,8 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' dbesc($jattach), dbesc($mid), dbesc($replyto), - dbesc(datetime_convert()) + dbesc(datetime_convert()), + dbesc($expires) ); // verify the save -- cgit v1.2.3 From ee629534d5245443152797bae81768680b5dda85 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 13 Nov 2013 23:10:29 -0800 Subject: E2EE on private mail (also fixed autocomplete results dropdown for recipient which was positioned below the navbar instead of next to the recipient input box) --- include/message.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 3bcd5e209..2fca9bef0 100644 --- a/include/message.php +++ b/include/message.php @@ -76,12 +76,12 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $match = null; $images = null; - if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) + if(preg_match_all("/\[img\](.*?)\[\/img\]/",((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$match)) $images = $match[1]; $match = false; - if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) + if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$match)) $attaches = $match[1]; $attachments = ''; -- cgit v1.2.3 From d7ee552c570f4fca760c3d1573f32c005cf73bb8 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 20 Nov 2013 15:20:12 -0800 Subject: Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable. --- include/message.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index 2fca9bef0..a95021583 100644 --- a/include/message.php +++ b/include/message.php @@ -109,9 +109,9 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $key = get_config('system','pubkey'); if($subject) - $subject = json_encode(aes_encapsulate($subject,$key)); + $subject = json_encode(crypto_encapsulate($subject,$key)); if($body) - $body = json_encode(aes_encapsulate($body,$key)); + $body = json_encode(crypto_encapsulate($body,$key)); @@ -231,9 +231,9 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $key = get_config('system','prvkey'); if($r[$k]['title']) - $r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key); + $r[$k]['title'] = crypto_unencapsulate(json_decode_plus($r[$k]['title']),$key); if($r[$k]['body']) - $r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key); + $r[$k]['body'] = crypto_unencapsulate(json_decode_plus($r[$k]['body']),$key); } } @@ -270,9 +270,9 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + $messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + $messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } @@ -358,9 +358,9 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + $messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + $messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } -- cgit v1.2.3 From 402d44e2f4a7db97236d1999076ef57b69cec4b9 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 27 Feb 2014 16:01:44 -0800 Subject: fix photos in private mail --- include/message.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/message.php') diff --git a/include/message.php b/include/message.php index a95021583..607166ec9 100644 --- a/include/message.php +++ b/include/message.php @@ -76,7 +76,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $match = null; $images = null; - if(preg_match_all("/\[img\](.*?)\[\/img\]/",((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$match)) + if(preg_match_all("/\[zmg\](.*?)\[\/zmg\]/",((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$match)) $images = $match[1]; $match = false; -- cgit v1.2.3