From 43a5f928bae3d886dd355497d63ad961425cb3c4 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 5 Nov 2018 16:57:32 -0800
Subject: these changes needed to ensure cloning/syncing works in the future to
 non-zot6 enabled servers after the (coming) zot6 schema updates. This should
 probably be on a fast track to master branch

---
 include/text.php  |   8 ++++
 include/xchan.php | 130 ++++++++++++++++++++++++++++++++++++------------------
 2 files changed, 94 insertions(+), 44 deletions(-)

(limited to 'include')

diff --git a/include/text.php b/include/text.php
index 1d884593f..15cc0ca8a 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3219,8 +3219,16 @@ function create_table_from_array($table, $arr, $binary_fields = []) {
 	if(! ($arr && $table))
 		return false;
 
+	$columns = db_columns($table);
+
 	$clean = [];
 	foreach($arr as $k => $v) {
+
+		if(! in_array($k,$columns)) {
+			continue;
+		}
+
+
 		$matches = false;
 		if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) {
 			return false;
diff --git a/include/xchan.php b/include/xchan.php
index aad56063f..eb5f1b4a3 100644
--- a/include/xchan.php
+++ b/include/xchan.php
@@ -1,5 +1,7 @@
 <?php
 
+use Zotlabs\Zot6\HTTPSig;
+
 
 function xchan_store_lowlevel($arr) {
 
@@ -39,6 +41,13 @@ function xchan_store_lowlevel($arr) {
 
 function xchan_store($arr) {
 
+	$update_photo = false;
+	$update_name = false;
+
+	if(! ($arr['guid'] || $arr['hash'])) {
+		$arr = json_decode(file_get_contents('php://input'),true);
+	}
+
 	logger('xchan_store: ' . print_r($arr,true));
 
 	if(! $arr['hash'])
@@ -49,57 +58,90 @@ function xchan_store($arr) {
 	$r = q("select * from xchan where xchan_hash = '%s' limit 1",
 		dbesc($arr['hash'])
 	);
-	if($r)
-		return true;
-
-	if(! $arr['network'])
-		$arr['network'] = 'unknown';
-	if(! $arr['name'])
-		$arr['name'] = 'unknown';
-	if(! $arr['url'])
-		$arr['url'] = z_root();
-	if(! $arr['photo'])
-		$arr['photo'] = z_root() . '/' . get_default_profile_photo();
-
-
-	if($arr['network'] === 'zot') {
-		if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {
-			logger('Unable to verify signature for ' . $arr['hash']);
-			return false;
+	if(! $r) {
+
+		$update_photo = true;
+
+		if(! $arr['network'])
+			$arr['network'] = 'unknown';
+		if(! $arr['name'])
+			$arr['name'] = 'unknown';
+		if(! $arr['url'])
+			$arr['url'] = z_root();
+		if(! $arr['photo'])
+			$arr['photo'] = z_root() . '/' . get_default_profile_photo();
+
+		if($arr['network'] === 'zot6') {
+			if((! $arr['key']) || (! Libzot::verify($arr['id'],$arr['id_sig'],$arr['key']))) {
+				logger('Unable to verify signature for ' . $arr['hash']);
+				return false;
+			}
 		}
-	}
 
-	$x = [];
-	foreach($arr as $k => $v) {
-		if($k === 'key') {
-			$x['xchan_pubkey'] = $v;
-			continue;
-		}
-		if($k === 'photo') {
-			continue;
+		if($arr['network'] === 'zot') {
+			if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {	
+				logger('Unable to verify signature for ' . $arr['hash']);
+				return false;
+			}
 		}
-		
-		$x['xchan_' . $k] = $v;
-	}
 
-	$x['xchan_name_date'] = datetime_convert();
+		$columns = db_columns('xchan');
+
+		$x = [];
+		foreach($arr as $k => $v) {
+			if($k === 'key') {
+				$x['xchan_pubkey'] = HTTPSig::convertKey(escape_tags($v));;
+				continue;
+			}
+			if($k === 'photo') {
+				continue;
+			}
+		
+			if(in_array($columns,'xchan_' . $k))
+				$x['xchan_' . $k] = escape_tags($v);
+		}
 
-	$r = xchan_store_lowlevel($x);
+		$x['xchan_name_date'] = datetime_convert();
+		$x['xchan_photo_date'] = datetime_convert();
+		$x['xchan_system']     = false;
 
-	if(! $r)
-		return $r;
-
-	$photos = import_xchan_photo($arr['photo'],$arr['hash']);
-	$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
-		dbesc(datetime_convert()),
-		dbesc($photos[0]),
-		dbesc($photos[1]),
-		dbesc($photos[2]),
-		dbesc($photos[3]),
-		dbesc($arr['hash'])
-	);
-	return $r;
+		$result = xchan_store_lowlevel($x);
+	
+		if(! $result)
+			return $result;
+	}
+	else {
+		if($r[0]['network'] === 'zot6') {
+			return true;
+		}
+		if($r[0]['xchan_photo_date'] < datetime_convert('UTC','UTC',$arr['photo_date'])) {
+			$update_photo = true;
+		}
+		if($r[0]['xchan_name_date'] < datetime_convert('UTC','UTC',$arr['name_date'])) {
+			$update_name = true;
+		}
+    }
+
+	if($update_photo && $arr['photo']) {
+		$photos = import_xchan_photo($arr['photo'],$arr['hash']);
+		$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
+			dbesc(datetime_convert()),
+			dbesc($photos[0]),
+			dbesc($photos[1]),
+			dbesc($photos[2]),
+			dbesc($photos[3]),
+			dbesc($arr['hash'])
+		);
+	}
+	if($update_name && $arr['name']) {
+		$x = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'",
+			dbesc(escape_tags($arr['name'])),
+			dbesc(datetime_convert()),
+			dbesc($arr['hash'])
+		);
+	}
 
+	return true;
 }
 
 
-- 
cgit v1.2.3