From 37fc7324b702faa1fe74808b7d3e73389d136f09 Mon Sep 17 00:00:00 2001 From: Friendika Date: Wed, 17 Aug 2011 21:14:21 -0700 Subject: fix largest_photo mixup in probe_url --- include/Scrape.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/Scrape.php b/include/Scrape.php index bfe795e19..dbd98c9ec 100644 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -498,10 +498,11 @@ function probe_url($url) { logger('probe_url: scrape_feed returns: ' . print_r($feedret,true), LOGGER_DATA); if(count($feedret) && ($feedret['feed_atom'] || $feedret['feed_rss'])) { $poll = ((x($feedret,'feed_atom')) ? unamp($feedret['feed_atom']) : unamp($feedret['feed_rss'])); - $vcard = array(); + if(! x($vcard)) + $vcard = array(); } - if(x($feedret,'photo')) + if(x($feedret,'photo') && (! x($vcard,'photo'))) $vcard['photo'] = $feedret['photo']; require_once('library/simplepie/simplepie.inc'); $feed = new SimplePie(); @@ -518,9 +519,11 @@ function probe_url($url) { if($feed->error()) logger('probe_url: scrape_feed: Error parsing XML: ' . $feed->error()); + if(! x($vcard,'photo')) $vcard['photo'] = $feed->get_image_url(); $author = $feed->get_author(); + if($author) { $vcard['fn'] = unxmlify(trim($author->get_name())); if(! $vcard['fn']) @@ -568,6 +571,7 @@ function probe_url($url) { } } } + if((! $vcard['photo']) && strlen($email)) $vcard['photo'] = gravatar_img($email); if($poll === $profile) -- cgit v1.2.3 From 96342878398e394173ba1a2dd825afbcb19e7199 Mon Sep 17 00:00:00 2001 From: Friendika Date: Wed, 17 Aug 2011 23:01:44 -0700 Subject: fix several probe related issues --- include/Scrape.php | 91 ++++++++++++++++++++++++++++++++-------------------- include/diaspora.php | 7 ++++ 2 files changed, 64 insertions(+), 34 deletions(-) (limited to 'include') diff --git a/include/Scrape.php b/include/Scrape.php index dbd98c9ec..1b319481b 100644 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -44,8 +44,9 @@ function scrape_dfrn($url) { $x = $item->getAttribute('rel'); if(($x === 'alternate') && ($item->getAttribute('type') === 'application/atom+xml')) $ret['feed_atom'] = $item->getAttribute('href'); - if(substr($x,0,5) == "dfrn-") + if(substr($x,0,5) == "dfrn-") { $ret[$x] = $item->getAttribute('href'); + } if($x === 'lrdd') { $decoded = urldecode($item->getAttribute('href')); if(preg_match('/acct:([^@]*)@/',$decoded,$matches)) @@ -55,17 +56,28 @@ function scrape_dfrn($url) { // Pull out hCard profile elements + $largest_photo = 0; + $items = $dom->getElementsByTagName('*'); foreach($items as $item) { if(attribute_contains($item->getAttribute('class'), 'vcard')) { $level2 = $item->getElementsByTagName('*'); foreach($level2 as $x) { - if(attribute_contains($x->getAttribute('class'),'fn')) + if(attribute_contains($x->getAttribute('class'),'fn')) { $ret['fn'] = $x->textContent; - if(attribute_contains($x->getAttribute('class'),'photo')) - $ret['photo'] = $x->getAttribute('src'); - if(attribute_contains($x->getAttribute('class'),'key')) + } + if((attribute_contains($x->getAttribute('class'),'photo')) + || (attribute_contains($x->getAttribute('class'),'avatar'))) { + $size = intval($x->getAttribute('width')); + // dfrn prefers 175, so if we find this, we set largest_size so it can't be topped. + if(($size > $largest_photo) || ($size == 175) || (! $largest_photo)) { + $ret['photo'] = $x->getAttribute('src'); + $largest_photo = (($size == 175) ? 9999 : $size); + } + } + if(attribute_contains($x->getAttribute('class'),'key')) { $ret['key'] = $x->textContent; + } } } } @@ -190,8 +202,9 @@ function scrape_vcard($url) { } } if((attribute_contains($x->getAttribute('class'),'nickname')) - || (attribute_contains($x->getAttribute('class'),'uid'))) + || (attribute_contains($x->getAttribute('class'),'uid'))) { $ret['nick'] = $x->textContent; + } } } } @@ -288,8 +301,10 @@ function scrape_feed($url) { return $ret; }} +define ( 'PROBE_NORMAL', 0); +define ( 'PROBE_DIASPORA', 1); -function probe_url($url) { +function probe_url($url, $mode = PROBE_NORMAL) { require_once('include/email.php'); $result = array(); @@ -366,7 +381,7 @@ function probe_url($url) { } } } - else { + elseif($mode == PROBE_NORMAL) { // Check email @@ -411,38 +426,46 @@ function probe_url($url) { } } - if(strlen($zot)) { - $s = fetch_url($zot); - if($s) { - $j = json_decode($s); - if($j) { - $network = NETWORK_ZOT; - $vcard = array( - 'fn' => $j->fullname, - 'nick' => $j->nickname, - 'photo' => $j->photo - ); - $profile = $j->url; - $notify = $j->post; - $pubkey = $j->pubkey; - $poll = 'N/A'; + if($mode == PROBE_NORMAL) { + if(strlen($zot)) { + $s = fetch_url($zot); + if($s) { + $j = json_decode($s); + if($j) { + $network = NETWORK_ZOT; + $vcard = array( + 'fn' => $j->fullname, + 'nick' => $j->nickname, + 'photo' => $j->photo + ); + $profile = $j->url; + $notify = $j->post; + $pubkey = $j->pubkey; + $poll = 'N/A'; + } } } - } - if(strlen($dfrn)) { - $ret = scrape_dfrn($dfrn); - if(is_array($ret) && x($ret,'dfrn-request')) { - $network = NETWORK_DFRN; - $request = $ret['dfrn-request']; - $confirm = $ret['dfrn-confirm']; - $notify = $ret['dfrn-notify']; - $poll = $ret['dfrn-poll']; + if(strlen($dfrn)) { + $ret = scrape_dfrn($dfrn); + if(is_array($ret) && x($ret,'dfrn-request')) { + $network = NETWORK_DFRN; + $request = $ret['dfrn-request']; + $confirm = $ret['dfrn-confirm']; + $notify = $ret['dfrn-notify']; + $poll = $ret['dfrn-poll']; + + $vcard = array(); + $vcard['fn'] = $ret['fn']; + $vcard['nick'] = $ret['nick']; + $vcard['photo'] = $ret['photo']; + } } } if($diaspora && $diaspora_base && $diaspora_guid) { - $notify = $diaspora_base . 'receive/post/' . $diaspora_guid; + if($mode == PROBE_DIASPORA || ! $notify) + $notify = $diaspora_base . 'receive/post/' . $diaspora_guid; if(strpos($url,'@')) $addr = str_replace('acct:', '', $url); } @@ -454,7 +477,7 @@ function probe_url($url) { $network = NETWORK_OSTATUS; $priority = 0; - if($hcard) { + if($hcard && ! $vcard) { $vcard = scrape_vcard($hcard); // Google doesn't use absolute url in profile photos diff --git a/include/diaspora.php b/include/diaspora.php index e089e3f04..9987c2139 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -279,6 +279,13 @@ function diaspora_get_contact_by_handle($uid,$handle) { } function find_person_by_handle($handle) { + $r = q("select * from fcontact where network = '%s' and addr = '%s' limit 1", + dbesc(NETWORK_DIASPORA), + dbesc($handle) + ); + if(count($r)) + return $r[0]; + // we don't care about the uid, we just want to save an expensive webfinger probe $r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1", dbesc(NETWORK_DIASPORA), -- cgit v1.2.3 From 69b7c2f0becdda1e331eef0069e163c2dad9df0e Mon Sep 17 00:00:00 2001 From: Friendika Date: Wed, 17 Aug 2011 23:10:55 -0700 Subject: documentation --- include/Scrape.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'include') diff --git a/include/Scrape.php b/include/Scrape.php index 1b319481b..1c9fe7d45 100644 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -301,6 +301,26 @@ function scrape_feed($url) { return $ret; }} + +/** + * + * Probe a network address to discover what kind of protocols we need to communicate with it. + * + * Warning: this function is a bit touchy and there are some subtle dependencies within the logic flow. + * Edit with care. + * + */ + +/** + * + * PROBE_DIASPORA has a bias towards returning Diaspora information + * while PROBE_NORMAL has a bias towards dfrn/zot - in the case where + * an address (such as a Friendika address) supports more than one type + * of network. + * + */ + + define ( 'PROBE_NORMAL', 0); define ( 'PROBE_DIASPORA', 1); -- cgit v1.2.3 From c534dd2969484625adda9cc82ad9d92664a96789 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 04:20:30 -0700 Subject: fill and expire fcontact cache --- include/diaspora.php | 69 +++++++++++++++++++++++----------------------------- include/network.php | 21 ++++++++++++++++ 2 files changed, 51 insertions(+), 39 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 9987c2139..81e335dd4 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -4,25 +4,11 @@ require_once('include/crypto.php'); require_once('include/items.php'); function get_diaspora_key($uri) { - $key = ''; - logger('Fetching diaspora key for: ' . $uri); - $arr = lrdd($uri); - - if(is_array($arr)) { - foreach($arr as $a) { - if($a['@attributes']['rel'] === 'diaspora-public-key') { - $key = base64_decode($a['@attributes']['href']); - } - } - } - else { - return ''; - } - - if($key) - return rsatopem($key); + $r = find_diaspora_person_by_handle($uri); + if($r) + return $r['pubkey']; return ''; } @@ -218,7 +204,7 @@ function diaspora_decode($importer,$xml) { $encoding = $base->encoding; $alg = $base->alg; - // Diaspora devs: I can't even begin to tell you how sucky this is. Read the freaking spec. + // Diaspora devs: I can't even begin to tell you how sucky this is. Please read the spec. $signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; @@ -278,28 +264,33 @@ function diaspora_get_contact_by_handle($uid,$handle) { return false; } -function find_person_by_handle($handle) { - $r = q("select * from fcontact where network = '%s' and addr = '%s' limit 1", - dbesc(NETWORK_DIASPORA), - dbesc($handle) - ); - if(count($r)) - return $r[0]; - - // we don't care about the uid, we just want to save an expensive webfinger probe - $r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1", - dbesc(NETWORK_DIASPORA), - dbesc($handle) - ); - if(count($r)) +function find_diaspora_person_by_handle($handle) { + $r = q("select * from fcontact where network = '%s' and addr = '%s' limit 1", + dbesc(NETWORK_DIASPORA), + dbesc($handle) + ); + if(count($r)) { + // update record occasionally so it doesn't get stale + $d = strtotime($r[0]['updated'] . ' +00:00'); + if($d < strtotime('now - 14 days')) { + q("delete from fcontact where id = %d limit 1", + intval($r[0]['id']) + ); + } + else return $r[0]; - $r = probe_url($handle); - // need to cached this, perhaps in fcontact - if(count($r)) - return ($r); - return false; + } + require_once('include/Scrape.php'); + $r = probe_url($handle, PROBE_DIASPORA); + if((count($r)) && ($r['network'] === NETWORK_DIASPORA)) { + add_fcontact($r); + return ($r); + } + return false; } + + function diaspora_request($importer,$xml) { $sender_handle = unxmlify($xml->sender_handle); @@ -504,7 +495,7 @@ function diaspora_comment($importer,$xml,$msg) { $key = $msg['key']; } else { - $person = find_person_by_handle($diaspora_handle); + $person = find_diaspora_person_by_handle($diaspora_handle); if(is_array($person) && x($person,'pubkey')) $key = $person['pubkey']; @@ -661,7 +652,7 @@ function diaspora_like($importer,$xml,$msg) { $key = $msg['key']; } else { - $person = find_person_by_handle($diaspora_handle); + $person = find_diaspora_person_by_handle($diaspora_handle); if(is_array($person) && x($person,'pubkey')) $key = $person['pubkey']; else { diff --git a/include/network.php b/include/network.php index bbf1d6a63..ade8a40ac 100644 --- a/include/network.php +++ b/include/network.php @@ -693,3 +693,24 @@ function parse_xml_string($s,$strict = true) { } return $x; }} + +function add_fcontact($arr) { + + $r = q("insert into fcontact ( `url`,`name`,`photo`,`request`,`nick`,`addr`, + `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey` ) + values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", + dbesc($arr['url']), + dbesc($arr['name']), + dbesc($arr['photo']), + dbesc($arr['request']), + dbesc($arr['nick']), + dbesc($arr['addr']), + dbesc($arr['notify']), + dbesc($arr['poll']), + dbesc($arr['confirm']), + dbesc($arr['network']), + dbesc($arr['alias']), + dbesc($arr['pubkey']) + ); + return $r; +} -- cgit v1.2.3 From 012e039dae4b8f6207b0f0e58667819c016948a2 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 05:08:39 -0700 Subject: store signature data if applicable for relaying --- include/diaspora.php | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 81e335dd4..6fe08dcd0 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -510,6 +510,7 @@ function diaspora_comment($importer,$xml,$msg) { return; } + if($parent_author_signature) { $owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $msg['author']; @@ -576,8 +577,18 @@ function diaspora_comment($importer,$xml,$msg) { $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); $datarray['body'] = $body; - item_store($datarray); + $message_id = item_store($datarray); + + if(! $parent_author_signature) { + q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + intval($message_id), + dbesc($author_signed_data), + dbesc(base64_encode($author_signature)), + dbesc($diaspora_handle) + ); + } + // notify others return; } @@ -734,12 +745,20 @@ EOT; $arr['unseen'] = 1; $arr['last-child'] = 0; - $post_id = item_store($arr); + $message_id = item_store($arr); + if(! $parent_author_signature) { + q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + intval($message_id), + dbesc($author_signed_data), + dbesc(base64_encode($author_signature)), + dbesc($diaspora_handle) + ); + } // FIXME send notification - + return; } function diaspora_retraction($importer,$xml) { -- cgit v1.2.3 From bc5935061b674a5503a1a82a458dfaf3317e4c70 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 16:47:45 -0700 Subject: dfrn friendship issue --- include/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/security.php b/include/security.php index 6fbdd697f..684a88a51 100644 --- a/include/security.php +++ b/include/security.php @@ -28,7 +28,7 @@ function can_write_wall(&$a,$owner) { AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", intval($owner), intval(remote_user()), - intval(CONTACT_IS_FOLLOWER), + intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), intval(PAGE_COMMUNITY) ); -- cgit v1.2.3 From 2df7251b349fa3ef9650cf8adb1fb680f253930d Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 17:30:06 -0700 Subject: notifier issue --- include/network.php | 7 ++++--- include/notifier.php | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index ade8a40ac..10e3648a1 100644 --- a/include/network.php +++ b/include/network.php @@ -697,8 +697,8 @@ function parse_xml_string($s,$strict = true) { function add_fcontact($arr) { $r = q("insert into fcontact ( `url`,`name`,`photo`,`request`,`nick`,`addr`, - `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey` ) - values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", + `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey`,`updated` ) + values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", dbesc($arr['url']), dbesc($arr['name']), dbesc($arr['photo']), @@ -710,7 +710,8 @@ function add_fcontact($arr) { dbesc($arr['confirm']), dbesc($arr['network']), dbesc($arr['alias']), - dbesc($arr['pubkey']) + dbesc($arr['pubkey']), + dbesc(datetime_convert()) ); return $r; } diff --git a/include/notifier.php b/include/notifier.php index 15fb38534..89c36e434 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -587,8 +587,9 @@ function notifier_run($argv, $argc){ */ $r = q("SELECT `id`, `name` FROM `contact` - WHERE `network` = NETWORK_DFRN AND `uid` = %d AND `blocked` = 0 AND `pending` = 0 + WHERE `network` = '%s' AND `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `rel` != %d ", + dbesc(NETWORK_DFRN), intval($owner['uid']), intval(CONTACT_IS_SHARING) ); -- cgit v1.2.3 From 457f8c3e957859972b6b0c8a235d38da0986bcbf Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 19:14:13 -0700 Subject: use mb_strlen when iterating utf8 --- include/items.php | 2 +- include/text.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index ec519ad9b..39a61c4ad 100644 --- a/include/items.php +++ b/include/items.php @@ -1635,7 +1635,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { $o .= '' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '' . "\r\n"; $o .= '' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '' . "\r\n"; $o .= '' . base64url_encode($body, true) . '' . "\r\n"; - $o .= '' . xmlify(($type === 'html') ? bbcode($body) : $body) . '' . "\r\n"; + $o .= '' . xmlify((($type === 'html') ? bbcode($body) : $body)) . '' . "\r\n"; $o .= '' . "\r\n"; if($comment) $o .= '' . intval($item['last-child']) . '' . "\r\n"; diff --git a/include/text.php b/include/text.php index 803bf0e51..b13cf980f 100644 --- a/include/text.php +++ b/include/text.php @@ -147,7 +147,7 @@ if(! function_exists('xmlify')) { function xmlify($str) { $buffer = ''; - for($x = 0; $x < strlen($str); $x ++) { + for($x = 0; $x < mb_strlen($str); $x ++) { $char = $str[$x]; switch( $char ) { -- cgit v1.2.3 From d2c6c21a88239e956b7e6a3c5a41a8a819502991 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 21:09:44 -0700 Subject: lots more diaspora communications - can see light at the end --- include/diaspora.php | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++- include/notifier.php | 20 +++++--- 2 files changed, 151 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 6fe08dcd0..422e7fc57 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -801,7 +801,7 @@ function diaspora_share($me,$contact) { function diaspora_send_status($item,$owner,$contact) { $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $theiraddr = $contact['addr']; require_once('include/bbcode.php'); @@ -830,3 +830,141 @@ function diaspora_send_status($item,$owner,$contact) { return $return_code; } + +function diaspora_send_followup($item,$owner,$contact) { + + $a = get_app(); + $myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $theiraddr = $contact['addr']; + + $p = q("select guid from item where parent = %d limit 1", + $item['parent'] + ); + if(count($p)) + $parent_guid = $p[0]['guid']; + else + return; + + if($item['verb'] === ACTIVITY_LIKE) { + $tpl = get_markup_template('diaspora_like.tpl'); + $like = true; + $target_type = 'Post'; + $positive = (($item['deleted']) ? 'false' : 'true'); + } + else { + $tpl = get_markup_template('diaspora_comment.tpl'); + $like = false; + } + + $text = bbcode($item['body']); + + // sign it + + if($like) + $signed_text = $item['guid'] . ';' . $target_type . ';' . $positive . ';' . $myaddr; + else + $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . $myaddr; + + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'])); + + $msg = replace_macros($tpl,array( + '$guid' => xmlify($item['guid']), + '$parent_guid' => xmlify($parent_guid), + '$target_type' =>xmlify($target_type), + '$authorsig' => xmlify($authorsig), + '$text' => xmlify($text), + '$positive' => xmlify($positive), + '$diaspora_handle' => xmlify($myaddr) + )); + + logger('diaspora_followup: base message: ' . $msg, LOGGER_DATA); + + $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])); + + post_url($contact['notify'],$slap); + $return_code = $a->get_curl_code(); + logger('diaspora_send_status: returns: ' . $return_code); + return $return_code; + +} + + +function diaspora_send_relay($item,$owner,$contact) { + + + $p = q("select guid from item where parent = %d limit 1", + $item['parent'] + ); + if(count($p)) + $parent_guid = $p[0]['guid']; + else + return; + + // fetch the original signature + $r = q("select * from sign where iid = %d limit 1", + intval($item['id']) + ); + if(! count($r)) + return; + $orig_sign = $r[0]; + + if($item['verb'] === ACTIVITY_LIKE) { + $tpl = get_markup_template('diaspora_like_relay.tpl'); + $like = true; + $target_type = 'Post'; + $positive = (($item['deleted']) ? 'false' : 'true'); + } + else { + $tpl = get_markup_template('diaspora_comment_relay.tpl'); + $like = false; + } + + $text = bbcode($item['body']); + + // sign it + + if($like) + $parent_signed_text = $orig_sign['signed_text']; + else + $parent_signed_text = $orig_sign['signed_text']; + + $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'])); + + $msg = replace_macros($tpl,array( + '$guid' => xmlify($item['guid']), + '$parent_guid' => xmlify($parent_guid), + '$target_type' =>xmlify($target_type), + '$authorsig' => xmlify($orig_sign['signature']), + '$parentsig' => xmlify($parentauthorsig), + '$text' => xmlify($text), + '$positive' => xmlify($positive), + '$diaspora_handle' => xmlify($myaddr) + )); + + // fetch the original signature + $r = q("select * from sign where iid = %d limit 1", + intval($item['id']) + ); + if(! count($r)) + return; + + logger('diaspora_relay_comment: base message: ' . $msg, LOGGER_DATA); + + $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])); + + post_url($contact['notify'],$slap); + $return_code = $a->get_curl_code(); + logger('diaspora_send_status: returns: ' . $return_code); + return $return_code; + +} + + + +function diaspora_send_retraction($item,$owner,$contact) { + + + + + +} \ No newline at end of file diff --git a/include/notifier.php b/include/notifier.php index 89c36e434..afb907f09 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -504,20 +504,24 @@ function notifier_run($argv, $argc){ case NETWORK_DIASPORA: if(get_config('system','dfrn_only') || (! get_config('diaspora_enabled')) || (! $normal_mode)) break; - - if($target_item['deleted']) { - // diaspora delete, (check for like) - + + if($target_item['verb'] === ACTIVITY_DISLIKE) { + // unsupported + break; + } + elseif($target_item['deleted'] && (! $parent_item['verb'] === ACTIVITY_LIKE)) { + // diaspora delete, + diaspora_send_retraction($target_item,$owner,$contact); break; } elseif($followup) { - // send to owner to relay - + // send comments, likes and retractions of likes to owner to relay + diaspora_send_followup($target_item,$owner,$contact); break; } elseif($target_item['parent'] != $target_item['id']) { - // we are the relay - + // we are the relay - send comments, likes and unlikes to our conversants + diaspora_send_relay($target_item,$owner,$contact); break; } elseif($top_level) { -- cgit v1.2.3 From c05c20aa56eaba3102e6c56a0160999352619b61 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 21:31:34 -0700 Subject: set writable (e.g. writeable) flag for Diaspora contacts --- include/diaspora.php | 2 +- include/notifier.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 422e7fc57..5aadef884 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -308,7 +308,7 @@ function diaspora_request($importer,$xml) { // That makes us friends. if($contact['rel'] == CONTACT_IS_FOLLOWER) { - q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", + q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(CONTACT_IS_FRIEND), intval($contact['id']), intval($importer['uid']) diff --git a/include/notifier.php b/include/notifier.php index afb907f09..8572b53dd 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -575,7 +575,7 @@ function notifier_run($argv, $argc){ /** * - * If you have less than 150 dfrn friends and it's a public message, + * If you have less than 999 dfrn friends and it's a public message, * we'll just go ahead and push them out securely with dfrn/rino. * If you've got more than that, you'll have to rely on PuSH delivery. * -- cgit v1.2.3 From 9167b2057ba3dfb2840c5821de4a269ef93c9549 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 21:50:41 -0700 Subject: diaspora share - blocked specified twice --- include/diaspora.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 5aadef884..9e6e9eb60 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -350,8 +350,8 @@ function diaspora_request($importer,$xml) { $hash = random_string() . (string) time(); // Generate a confirm_key if($contact_record) { - $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`,`blocked`) - VALUES ( %d, %d, 1, %d, '%s', '%s', '%s', 0 )", + $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime` ) + VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )", intval($importer['uid']), intval($contact_record['id']), 0, -- cgit v1.2.3 From 0a0c5013ce726f39bd25760518d15276418d8766 Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 22:01:35 -0700 Subject: debug --- include/diaspora.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 9e6e9eb60..b6f05be62 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -318,14 +318,14 @@ function diaspora_request($importer,$xml) { return; } - require_once('include/Scrape.php'); - $ret = probe_url($sender_handle); + $ret = find_diaspora_person_by_handle($sender_handle); + if((! count($ret)) || ($ret['network'] != NETWORK_DIASPORA)) { logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle); return; } - +dbg(1); $r = q("INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`) VALUES ( %d, '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s',%d,%d) ", intval($importer['uid']), @@ -360,7 +360,7 @@ function diaspora_request($importer,$xml) { dbesc(datetime_convert()) ); } - +dbg(0); return; } -- cgit v1.2.3 From 4cef4ec918db7d2f4f5902b4a731f4076a98084d Mon Sep 17 00:00:00 2001 From: Friendika Date: Thu, 18 Aug 2011 22:03:58 -0700 Subject: fix d* intros --- include/diaspora.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index b6f05be62..44772d431 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -325,7 +325,7 @@ function diaspora_request($importer,$xml) { logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle); return; } -dbg(1); + $r = q("INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`) VALUES ( %d, '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s',%d,%d) ", intval($importer['uid']), @@ -351,16 +351,17 @@ dbg(1); if($contact_record) { $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime` ) - VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )", + VALUES ( %d, %d, %d, %d, '%s', '%s', '%s' )", intval($importer['uid']), intval($contact_record['id']), 0, + 0, dbesc( t('Sharing notification from Diaspora network')), dbesc($hash), dbesc(datetime_convert()) ); } -dbg(0); + return; } -- cgit v1.2.3 From 395faae0b2eee4a134799f55b17784487088eb41 Mon Sep 17 00:00:00 2001 From: Friendika Date: Fri, 19 Aug 2011 02:24:30 -0700 Subject: double url encode diaspora communications --- include/diaspora.php | 21 +++++++++++++-------- include/notifier.php | 3 ++- 2 files changed, 15 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 44772d431..9b3969b73 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -792,7 +792,7 @@ function diaspora_share($me,$contact) { '$recipient' => $theiraddr )); - $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey'])); + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']))); post_url($contact['notify'],$slap); $return_code = $a->get_curl_code(); @@ -823,7 +823,7 @@ function diaspora_send_status($item,$owner,$contact) { logger('diaspora_send_status: base message: ' . $msg, LOGGER_DATA); - $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])); + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); post_url($contact['notify'],$slap); $return_code = $a->get_curl_code(); @@ -835,7 +835,7 @@ function diaspora_send_status($item,$owner,$contact) { function diaspora_send_followup($item,$owner,$contact) { $a = get_app(); - $myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $theiraddr = $contact['addr']; $p = q("select guid from item where parent = %d limit 1", @@ -864,7 +864,7 @@ function diaspora_send_followup($item,$owner,$contact) { if($like) $signed_text = $item['guid'] . ';' . $target_type . ';' . $positive . ';' . $myaddr; else - $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . $myaddr; + $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'])); @@ -873,14 +873,14 @@ function diaspora_send_followup($item,$owner,$contact) { '$parent_guid' => xmlify($parent_guid), '$target_type' =>xmlify($target_type), '$authorsig' => xmlify($authorsig), - '$text' => xmlify($text), + '$body' => xmlify($text), '$positive' => xmlify($positive), - '$diaspora_handle' => xmlify($myaddr) + '$handle' => xmlify($myaddr) )); logger('diaspora_followup: base message: ' . $msg, LOGGER_DATA); - $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])); + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); post_url($contact['notify'],$slap); $return_code = $a->get_curl_code(); @@ -893,6 +893,11 @@ function diaspora_send_followup($item,$owner,$contact) { function diaspora_send_relay($item,$owner,$contact) { + $a = get_app(); + $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $theiraddr = $contact['addr']; + + $p = q("select guid from item where parent = %d limit 1", $item['parent'] ); @@ -951,7 +956,7 @@ function diaspora_send_relay($item,$owner,$contact) { logger('diaspora_relay_comment: base message: ' . $msg, LOGGER_DATA); - $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])); + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); post_url($contact['notify'],$slap); $return_code = $a->get_curl_code(); diff --git a/include/notifier.php b/include/notifier.php index 8572b53dd..cf8871fb9 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -502,7 +502,8 @@ function notifier_run($argv, $argc){ } break; case NETWORK_DIASPORA: - if(get_config('system','dfrn_only') || (! get_config('diaspora_enabled')) || (! $normal_mode)) + require_once('include/diaspora.php'); + if(get_config('system','dfrn_only') || (! get_config('system','diaspora_enabled')) || (! $normal_mode)) break; if($target_item['verb'] === ACTIVITY_DISLIKE) { -- cgit v1.2.3 From 16129a4b8c689cfa4c8dcd793f39d91e026abc72 Mon Sep 17 00:00:00 2001 From: Friendika Date: Fri, 19 Aug 2011 02:53:44 -0700 Subject: better reporting when d* parent not found --- include/diaspora.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 9b3969b73..aaae7a717 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -482,7 +482,7 @@ function diaspora_comment($importer,$xml,$msg) { dbesc($parent_guid) ); if(! count($r)) { - logger('diaspora_comment: parent item not found: ' . $guid); + logger('diaspora_comment: parent item not found: parent: ' . $parent_guid . ' item: ' . $guid); return; } $parent_item = $r[0]; -- cgit v1.2.3 From 68c237f79f39dd5296770d872aa4a3f439448b28 Mon Sep 17 00:00:00 2001 From: Friendika Date: Fri, 19 Aug 2011 04:11:06 -0700 Subject: typo on d* path --- include/Scrape.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/Scrape.php b/include/Scrape.php index 1c9fe7d45..cc46af644 100644 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -485,7 +485,7 @@ function probe_url($url, $mode = PROBE_NORMAL) { if($diaspora && $diaspora_base && $diaspora_guid) { if($mode == PROBE_DIASPORA || ! $notify) - $notify = $diaspora_base . 'receive/post/' . $diaspora_guid; + $notify = $diaspora_base . 'receive/users/' . $diaspora_guid; if(strpos($url,'@')) $addr = str_replace('acct:', '', $url); } -- cgit v1.2.3 From b49175ec5d81caec8e10a6a1bf17adb6a13661f4 Mon Sep 17 00:00:00 2001 From: Friendika Date: Fri, 19 Aug 2011 04:48:54 -0700 Subject: more logging --- include/diaspora.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index aaae7a717..0be2392d1 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -26,6 +26,8 @@ function diaspora_base_message($type,$data) { function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $a = get_app(); + logger('diaspora_msg_build: ' . $msg, LOGGER_DATA); + $inner_aes_key = random_string(32); $b_inner_aes_key = base64_encode($inner_aes_key); $inner_iv = random_string(32); @@ -96,6 +98,7 @@ $magic_env = <<< EOT EOT; + logger('diaspora_msg_build: magic_env: ' . $magic_env, LOGGER_DATA); return $magic_env; } -- cgit v1.2.3 From 9a52b152719e0e3e224fa19379f7f5e78dd986ce Mon Sep 17 00:00:00 2001 From: Friendika Date: Fri, 19 Aug 2011 05:20:30 -0700 Subject: don't allow removal of self contact --- include/diaspora.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 0be2392d1..b14c38f1d 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -789,9 +789,10 @@ function diaspora_share($me,$contact) { $myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $theiraddr = $contact['addr']; +logger('diaspora_share: contact: ' . print_r($contact,true), LOGGER_DATA); $tpl = get_markup_template('diaspora_share.tpl'); $msg = replace_macros($tpl, array( - '$sender' => myaddr, + '$sender' => $myaddr, '$recipient' => $theiraddr )); -- cgit v1.2.3 From 62e939de52acbfbfab1af143b9da2e48d6f4fc27 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Fri, 19 Aug 2011 14:57:54 +0200 Subject: API: add pagination in timelines and add statuses/friends and followers --- include/api.php | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 63 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 7a44cf023..f2dc8aff1 100644 --- a/include/api.php +++ b/include/api.php @@ -332,7 +332,7 @@ 'notifications' => false, 'following' => '', #XXX: fix me 'verified' => true, #XXX: fix me - #'status' => null + 'status' => null ); return $ret; @@ -612,6 +612,13 @@ // get last newtork messages // $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + // params + $count = (x($_GET,'count')?$_GET['count']:20); + $page = (x($_GET,'page')?$_GET['page']:0); + + $start = $page*$count; + + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, @@ -624,7 +631,7 @@ $sql_extra ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), - 0,20 + $start, $count ); $ret = api_format_items($r,$user_info); @@ -651,6 +658,13 @@ // get last newtork messages // $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + // params + $count = (x($_GET,'count')?$_GET['count']:20); + $page = (x($_GET,'page')?$_GET['page']:0); + + $start = $page*$count; + + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, @@ -664,7 +678,7 @@ $sql_extra ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), - 0,20 + $start, $count ); $ret = api_format_items($r,$user_info); @@ -780,6 +794,51 @@ } api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true); + /** + * https://dev.twitter.com/docs/api/1/get/statuses/friends + * This function is deprecated by Twitter + **/ + function api_statuses_f(&$a, $type, $qtype) { + if (local_user()===false) return false; + $user_info = api_get_user($a); + + if($qtype == 'friends') + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + if($qtype == 'followers') + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + + $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", + intval(local_user()) + ); + + $ret = array(); + foreach($r as $cid){ + $ret[] = api_get_user($a, $cid['id']); + } + + $data = array('$users' => $ret); + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("friends", $type, $data); + + } + function api_statuses_friends(&$a, $type){ + return api_statuses_f($a,$type,"friends"); + } + function api_statuses_followers(&$a, $type){ + return api_statuses_f($a,$type,"followers"); + } + api_register_func('api/statuses/friends','api_statuses_friends',true); + api_register_func('api/statuses/followers','api_statuses_followers',true); + + + + + function api_statusnet_config(&$a,$type) { $name = $a->config['sitename']; @@ -808,7 +867,6 @@ } api_register_func('api/statusnet/config','api_statusnet_config',false); - function api_statusnet_version(&$a,$type) { // liar @@ -869,3 +927,4 @@ api_register_func('api/friends/ids','api_friends_ids',true); api_register_func('api/followers/ids','api_followers_ids',true); + -- cgit v1.2.3 From fc9c73da492f97c47ffa15601c2411f58b24c0d3 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Fri, 19 Aug 2011 15:09:10 +0200 Subject: API: missing template and small fix for hotot --- include/api.php | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index f2dc8aff1..dd169f833 100644 --- a/include/api.php +++ b/include/api.php @@ -796,12 +796,24 @@ /** * https://dev.twitter.com/docs/api/1/get/statuses/friends - * This function is deprecated by Twitter + * This function is deprecated by Twitter + * returns: json, xml **/ function api_statuses_f(&$a, $type, $qtype) { if (local_user()===false) return false; $user_info = api_get_user($a); + if (x($_GET,'cursor') && $_GET['cursor']=='undefined'){ + /* this is to stop Hotot to load friends multiple times + * I'm not sure if I'm missing return something or + * is a bug in hotot. Workaround, meantime + */ + + $ret=Array(); + $data = array('$users' => $ret); + return api_apply_template("friends", $type, $data); + } + if($qtype == 'friends') $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); if($qtype == 'followers') @@ -816,13 +828,8 @@ $ret[] = api_get_user($a, $cid['id']); } + $data = array('$users' => $ret); - switch($type){ - case "atom": - case "rss": - $data = api_rss_extra($a, $data, $user_info); - } - return api_apply_template("friends", $type, $data); } -- cgit v1.2.3 From 43040faf22c44b2fc55f87cfcb24b56ed6624045 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Fri, 19 Aug 2011 16:54:41 +0200 Subject: move send private message code out of view code --- include/message.php | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 include/message.php (limited to 'include') diff --git a/include/message.php b/include/message.php new file mode 100644 index 000000000..cca913b4e --- /dev/null +++ b/include/message.php @@ -0,0 +1,96 @@ +get_baseurl() . ':' . local_user() . ':' . $hash ; + + if(! strlen($replyto)) + $replyto = $uri; + + $r = q("INSERT INTO `mail` ( `uid`, `from-name`, `from-photo`, `from-url`, + `contact-id`, `title`, `body`, `seen`, `replied`, `uri`, `parent-uri`, `created`) + VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s', '%s', '%s' )", + intval(local_user()), + dbesc($me[0]['name']), + dbesc($me[0]['thumb']), + dbesc($me[0]['url']), + intval($recipient), + dbesc($subject), + dbesc($body), + 1, + 0, + dbesc($uri), + dbesc($replyto), + datetime_convert() + ); + $r = q("SELECT * FROM `mail` WHERE `uri` = '%s' and `uid` = %d LIMIT 1", + dbesc($uri), + intval(local_user()) + ); + if(count($r)) + $post_id = $r[0]['id']; + + /** + * + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. + * + */ + + $match = null; + + if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) { + $images = $match[1]; + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE `photo` SET `allow_cid` = '%s' + WHERE `resource-id` = '%s' AND `album` = '%s' AND `uid` = %d ", + dbesc('<' . $recipient . '>'), + dbesc($image_uri), + dbesc( t('Wall Photos')), + intval(local_user()) + ); + } + } + } + + if($post_id) { + proc_run('php',"include/notifier.php","mail","$post_id"); + return intval($post_id); + } else { + return -3; + } + +} -- cgit v1.2.3 From 5c78872940bdc9973c777ff8a89b3bd6c9477868 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Fri, 19 Aug 2011 16:55:43 +0200 Subject: API: private messages (only json) --- include/api.php | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 136 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index dd169f833..a599f0d9b 100644 --- a/include/api.php +++ b/include/api.php @@ -196,6 +196,7 @@ $user = null; $extra_query = ""; + if(!is_null($contact_id)){ $user=$contact_id; $extra_query = "AND `contact`.`id` = %d "; @@ -332,7 +333,7 @@ 'notifications' => false, 'following' => '', #XXX: fix me 'verified' => true, #XXX: fix me - 'status' => null + 'status' => array() ); return $ret; @@ -631,7 +632,7 @@ $sql_extra ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), - $start, $count + intval($start), intval($count) ); $ret = api_format_items($r,$user_info); @@ -678,7 +679,7 @@ $sql_extra ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), - $start, $count + intval($start), intval($count) ); $ret = api_format_items($r,$user_info); @@ -703,6 +704,11 @@ $user_info = api_get_user($a); // get last newtork messages // $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + // params + $count = (x($_GET,'count')?$_GET['count']:20); + $page = (x($_GET,'page')?$_GET['page']:0); + + $start = $page*$count; $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, @@ -717,7 +723,7 @@ $sql_extra ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), - 0,20 + intval($start), intval($count) ); $ret = api_format_items($r,$user_info); @@ -935,3 +941,129 @@ api_register_func('api/followers/ids','api_followers_ids',true); + function api_direct_messages_new(&$a, $type) { + if (local_user()===false) return false; + + if (!x($_POST, "text") || !x($_POST,"screen_name")) return; + + $sender = api_get_user($a); + + $r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'", + intval(local_user()), + dbesc($_POST['screen_name'])); + + $recipient = api_get_user($a, $r[0]['id']); + + + require_once("include/message.php"); + $sub = ( (strlen($_POST['text'])>10)?substr($_POST['text'],0,10)."...":$_POST['text']); + $id = send_message($recipient['id'], $_POST['text'], $sub); + + + if ($id>-1) { + $r = q("SELECT * FROM `mail` WHERE id=%d", intval($id)); + $item = $r[0]; + $ret=Array( + 'id' => $item['id'], + 'created_at'=> datetime_convert('UTC','UTC',$item['created'],ATOM_TIME), + 'sender_id'=> $sender['id'] , + 'sender_screen_name'=> $sender['screen_name'], + 'sender'=> $sender, + 'recipient_id'=> $recipient['id'], + 'recipient_screen_name'=> $recipient['screen_name'], + 'recipient'=> $recipient, + + 'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) , + + ); + + } else { + $ret = array("error"=>$id); + } + + $data = Array('$messages'=>$ret); + + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("direct_messages", $type, $data); + + } + api_register_func('api/direct_messages/new','api_direct_messages_new',true); + + function api_direct_messages_box(&$a, $type, $box) { + if (local_user()===false) return false; + + $user_info = api_get_user($a); + + // params + $count = (x($_GET,'count')?$_GET['count']:20); + $page = (x($_GET,'page')?$_GET['page']:0); + + $start = $page*$count; + + + if ($box=="sentbox") { + $sql_extra = "`from-url`='%s'"; + } else { + $sql_extra = "`from-url`!='%s'"; + } + + $r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d", + intval(local_user()), + dbesc( $a->get_baseurl() . '/profile/' . $a->user['nickname'] ), + intval($start), intval($count) + ); + + $ret = Array(); + foreach($r as $item){ + switch ($box){ + case "inbox": + $recipient = $user_info; + $sender = api_get_user($a,$item['contact-id']); + break; + case "sentbox": + $recipient = api_get_user($a,$item['contact-id']); + $sender = $user_info; + break; + } + + $ret[]=Array( + 'id' => $item['id'], + 'created_at'=> datetime_convert('UTC','UTC',$item['created'],ATOM_TIME), + 'sender_id'=> $sender['id'] , + 'sender_screen_name'=> $sender['screen_name'], + 'sender'=> $sender, + 'recipient_id'=> $recipient['id'], + 'recipient_screen_name'=> $recipient['screen_name'], + 'recipient'=> $recipient, + + 'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) , + + ); + + } + + + $data = array('$messages' => $ret); + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("direct_messages", $type, $data); + + } + + function api_direct_messages_sentbox(&$a, $type){ + return api_direct_messages_box($a, $type, "sentbox"); + } + function api_direct_messages_inbox(&$a, $type){ + return api_direct_messages_box($a, $type, "inbox"); + } + api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true); + api_register_func('api/direct_messages','api_direct_messages_inbox',true); -- cgit v1.2.3 From 46dd2535df9040e81717abf0241081f161f3a007 Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Fri, 19 Aug 2011 20:33:34 +0200 Subject: API work. Identicurse compatiblity --- include/api.php | 47 +++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 18 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index a599f0d9b..aa42313b2 100644 --- a/include/api.php +++ b/include/api.php @@ -353,11 +353,15 @@ return api_get_user($a,$a->contacts[$normalised]['id']); } // We don't know this person directly. + + list($nick, $name) = array_map("trim",explode("(",$item['author-name'])); + $name=str_replace(")","",$name); + $ret = array( 'uid' => 0, 'id' => 0, - 'name' => $item['author-name'], - 'screen_name' => $item['author_name'], + 'name' => $name, + 'screen_name' => $nick, 'location' => '', //$uinfo[0]['default-location'], 'profile_image_url' => $item['author-avatar'], 'url' => $item['author-link'], @@ -386,7 +390,7 @@ 'notifications' => false, 'verified' => true, #XXX: fix me 'followers' => '', #XXX: fix me - #'status' => null + 'status' => array() ); return $ret; @@ -608,18 +612,18 @@ */ function api_statuses_home_timeline(&$a, $type){ if (local_user()===false) return false; - + $user_info = api_get_user($a); // get last newtork messages -// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; // params - $count = (x($_GET,'count')?$_GET['count']:20); - $page = (x($_GET,'page')?$_GET['page']:0); + $count = (x($_REQUEST,'count')?$_REQUEST['count']:20); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if ($page<0) $page=0; + $since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); $start = $page*$count; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, @@ -630,8 +634,10 @@ AND `contact`.`id` = `item`.`contact-id` AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra + AND `item`.`id`>%d ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), + intval($since_id), intval($start), intval($count) ); @@ -657,11 +663,12 @@ $user_info = api_get_user($a); // get last newtork messages -// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; // params - $count = (x($_GET,'count')?$_GET['count']:20); - $page = (x($_GET,'page')?$_GET['page']:0); + $count = (x($_REQUEST,'count')?$_REQUEST['count']:20); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if ($page<0) $page=0; + $since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); $start = $page*$count; @@ -677,8 +684,10 @@ AND `contact`.`id` = `item`.`contact-id` AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra + AND `item`.`id`>%d ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), + intval($since_id), intval($start), intval($count) ); @@ -703,10 +712,11 @@ $user_info = api_get_user($a); // get last newtork messages -// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + // params $count = (x($_GET,'count')?$_GET['count']:20); - $page = (x($_GET,'page')?$_GET['page']:0); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if ($page<0) $page=0; $start = $page*$count; @@ -755,8 +765,8 @@ $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item)); $status = array( 'created_at'=> api_date($item['created']), - 'published' => datetime_convert('UTC','UTC',$item['created'],ATOM_TIME), - 'updated' => datetime_convert('UTC','UTC',$item['edited'],ATOM_TIME), + 'published' => api_date($item['created']), + 'updated' => api_date($item['edited']), 'id' => intval($item['id']), 'message_id' => $item['uri'], 'text' => strip_tags(bbcode($item['body'])), @@ -965,7 +975,7 @@ $item = $r[0]; $ret=Array( 'id' => $item['id'], - 'created_at'=> datetime_convert('UTC','UTC',$item['created'],ATOM_TIME), + 'created_at'=> api_date($item['created']), 'sender_id'=> $sender['id'] , 'sender_screen_name'=> $sender['screen_name'], 'sender'=> $sender, @@ -1001,7 +1011,8 @@ // params $count = (x($_GET,'count')?$_GET['count']:20); - $page = (x($_GET,'page')?$_GET['page']:0); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if ($page<0) $page=0; $start = $page*$count; @@ -1033,7 +1044,7 @@ $ret[]=Array( 'id' => $item['id'], - 'created_at'=> datetime_convert('UTC','UTC',$item['created'],ATOM_TIME), + 'created_at'=> api_date($item['created']), 'sender_id'=> $sender['id'] , 'sender_screen_name'=> $sender['screen_name'], 'sender'=> $sender, -- cgit v1.2.3 From 8e24db3ef5c0bd15aba50aa48fd4745fe7191dbb Mon Sep 17 00:00:00 2001 From: Friendika Date: Fri, 19 Aug 2011 14:34:28 -0700 Subject: incorrect iv length for blocksize --- include/crypto.php | 2 ++ include/diaspora.php | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index 1ab9e7b25..6b27e832b 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -182,3 +182,5 @@ function salmon_key($pubkey) { pemtome($pubkey,$m,$e); return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ; } + + diff --git a/include/diaspora.php b/include/diaspora.php index b14c38f1d..2e8ff6892 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -30,12 +30,12 @@ function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $inner_aes_key = random_string(32); $b_inner_aes_key = base64_encode($inner_aes_key); - $inner_iv = random_string(32); + $inner_iv = random_string(16); $b_inner_iv = base64_encode($inner_iv); $outer_aes_key = random_string(32); $b_outer_aes_key = base64_encode($outer_aes_key); - $outer_iv = random_string(32); + $outer_iv = random_string(16); $b_outer_iv = base64_encode($outer_iv); $handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); -- cgit v1.2.3 From 0d9d576aa642e02eb8673aa20bdf4b6a18ae6bc3 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 20 Aug 2011 04:53:11 -0700 Subject: move encryption functions to crypto file --- include/crypto.php | 42 +++++++++++++++++++++++++++++++++++++++++- include/diaspora.php | 1 + include/items.php | 5 +++-- include/text.php | 40 ---------------------------------------- include/zotfns.php | 2 ++ 5 files changed, 47 insertions(+), 43 deletions(-) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index 6b27e832b..999b48be4 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -74,7 +74,7 @@ function DerToRsa($Der) //Encode: $Der = base64_encode($Der); //Split lines: - $lines = str_split($Der, 65); + $lines = str_split($Der, 64); $body = implode("\n", $lines); //Get title: $title = 'RSA PUBLIC KEY'; @@ -184,3 +184,43 @@ function salmon_key($pubkey) { } + +if(! function_exists('aes_decrypt')) { +function aes_decrypt($val,$ky) +{ + $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + for($a=0;$a=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null)); +}} + + +if(! function_exists('aes_encrypt')) { +function aes_encrypt($val,$ky) +{ + $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + for($a=0;$a strlen($text)) return false; + if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; + return substr($text, 0, -1 * $pad); +} diff --git a/include/diaspora.php b/include/diaspora.php index 2e8ff6892..a52c82913 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -141,6 +141,7 @@ function diaspora_decode($importer,$xml) { $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); + $decrypted = pkcs5_unpad($decrypted); /** diff --git a/include/items.php b/include/items.php index 39a61c4ad..b84b71ba8 100644 --- a/include/items.php +++ b/include/items.php @@ -1,8 +1,9 @@ =0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null)); -}} - - -if(! function_exists('aes_encrypt')) { -function aes_encrypt($val,$ky) -{ - $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; - for($a=0;$a strlen($text)) return false; - if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; - return substr($text, 0, -1 * $pad); -} - function base64url_encode($s, $strip_padding = false) { diff --git a/include/zotfns.php b/include/zotfns.php index b695b6fcb..b23fce82a 100644 --- a/include/zotfns.php +++ b/include/zotfns.php @@ -2,6 +2,8 @@ require_once('include/salmon.php'); +require_once('include/crypto.php'); + function zot_get($url,$args) { $argstr = ''; -- cgit v1.2.3 From 8fa6f492420f830b4c9c06f2f391853e82285825 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 20 Aug 2011 15:09:09 -0700 Subject: until algorithm is sorted, ignore D* verification failures so we can debug the rest --- include/crypto.php | 17 +++++++++-------- include/diaspora.php | 32 +++++++++++++++----------------- 2 files changed, 24 insertions(+), 25 deletions(-) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index 999b48be4..a75a9aa74 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -3,19 +3,20 @@ require_once('library/ASNValue.class.php'); require_once('library/asn1.php'); +// supported algorithms are 'sha256', 'sha1' -function rsa_sign($data,$key) { +function rsa_sign($data,$key,$alg = 'sha256') { $sig = ''; - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { - openssl_sign($data,$sig,$key,'sha256'); + if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { + openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256')); } else { if(strlen($key) < 1024 || extension_loaded('gmp')) { require_once('library/phpsec/Crypt/RSA.php'); $rsa = new CRYPT_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); + $rsa->setHash($alg); $rsa->loadKey($key); $sig = $rsa->sign($data); } @@ -27,17 +28,17 @@ function rsa_sign($data,$key) { return $sig; } -function rsa_verify($data,$sig,$key) { +function rsa_verify($data,$sig,$key,$alg = 'sha256') { - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { - $verify = openssl_verify($data,$sig,$key,'sha256'); + if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { + $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256')); } else { if(strlen($key) <= 300 || extension_loaded('gmp')) { require_once('library/phpsec/Crypt/RSA.php'); $rsa = new CRYPT_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); + $rsa->setHash($alg); $rsa->loadKey($key); $verify = $rsa->verify($data,$sig); } diff --git a/include/diaspora.php b/include/diaspora.php index a52c82913..308e5777b 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -192,7 +192,7 @@ function diaspora_decode($importer,$xml) { // Add back the 60 char linefeeds - // Diaspora devs: This completely violates the entire principle of salmon magic signatures, + // This completely violates the entire principle of salmon magic signatures, // which was to have a message signing format that was completely ambivalent to linefeeds // and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby // use different linelengths for base64 output. @@ -208,7 +208,7 @@ function diaspora_decode($importer,$xml) { $encoding = $base->encoding; $alg = $base->alg; - // Diaspora devs: I can't even begin to tell you how sucky this is. Please read the spec. + // I can't even begin to tell you how sucky this is. Please read the spec. $signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; @@ -231,12 +231,10 @@ function diaspora_decode($importer,$xml) { } // Once we have the author URI, go to the web and try to find their public key - // *** or look it up locally *** + // (first this will look it up locally if it is in the fcontact cache) + // This will also convert diaspora public key from pkcs#1 to pkcs#8 logger('mod-diaspora: Fetching key for ' . $author_link ); - - // Get diaspora public key (pkcs#1) and convert to pkcs#8 - $key = get_diaspora_key($author_link); if(! $key) { @@ -510,9 +508,10 @@ function diaspora_comment($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key)) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha1')) { logger('diaspora_comment: verification failed.'); - return; +// until we figure out what is different about their signing algorithm, accept it +// return; } @@ -523,9 +522,9 @@ function diaspora_comment($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha1')) { logger('diaspora_comment: owner verification failed.'); - return; +// return; } } @@ -677,9 +676,9 @@ function diaspora_like($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key)) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha1')) { logger('diaspora_like: verification failed.'); - return; +// return; } if($parent_author_signature) { @@ -689,9 +688,9 @@ function diaspora_like($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha1')) { logger('diaspora_like: owner verification failed.'); - return; +// return; } } @@ -790,7 +789,6 @@ function diaspora_share($me,$contact) { $myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $theiraddr = $contact['addr']; -logger('diaspora_share: contact: ' . print_r($contact,true), LOGGER_DATA); $tpl = get_markup_template('diaspora_share.tpl'); $msg = replace_macros($tpl, array( '$sender' => $myaddr, @@ -871,7 +869,7 @@ function diaspora_send_followup($item,$owner,$contact) { else $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; - $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'])); + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha1'); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), @@ -939,7 +937,7 @@ function diaspora_send_relay($item,$owner,$contact) { else $parent_signed_text = $orig_sign['signed_text']; - $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'])); + $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha1')); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), -- cgit v1.2.3 From 349ea8d4758a78e668405d3c1c2b3e0f6dd9f25a Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 20 Aug 2011 17:46:33 -0700 Subject: don't generate guid if one provided wirth msg --- include/items.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index b84b71ba8..746e3b294 100644 --- a/include/items.php +++ b/include/items.php @@ -695,6 +695,7 @@ function item_store($arr,$force_parent = false) { $arr['tag'] = ((x($arr,'tag')) ? notags(trim($arr['tag'])) : ''); $arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : ''); $arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : ''); + $arr['guid'] = ((x($arr,'guid')) ? notags(trim($arr['guid'])) : get_guid()); if($arr['parent-uri'] === $arr['uri']) { $parent_id = 0; @@ -758,7 +759,6 @@ function item_store($arr,$force_parent = false) { } } - $arr['guid'] = get_guid(); call_hooks('post_remote',$arr); -- cgit v1.2.3 From c6a05443f7baa92f3e1716d0229fbb3f1f9aa556 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 20 Aug 2011 17:50:39 -0700 Subject: stricmp does not exist - strcasecmp does --- include/diaspora.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 308e5777b..e943ea086 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -493,7 +493,7 @@ function diaspora_comment($importer,$xml,$msg) { $author_signature = base64_decode($author_signature); - if(stricmp($diaspora_handle,$msg['author']) == 0) { + if(strcasecmp($diaspora_handle,$msg['author']) == 0) { $person = $contact; $key = $msg['key']; } @@ -662,7 +662,7 @@ function diaspora_like($importer,$xml,$msg) { $author_signature = base64_decode($author_signature); - if(stricmp($diaspora_handle,$msg['author']) == 0) { + if(strcasecmp($diaspora_handle,$msg['author']) == 0) { $person = $contact; $key = $msg['key']; } -- cgit v1.2.3 From f5c0443b91b7be1d75b19f72a30dc01041cf157c Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 20 Aug 2011 18:05:05 -0700 Subject: sql syntax --- include/diaspora.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index e943ea086..44b97400b 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -634,7 +634,7 @@ function diaspora_like($importer,$xml,$msg) { $parent_item = $r[0]; - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '$s' LIMIT 1", + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", intval($importer['uid']), dbesc($guid) ); -- cgit v1.2.3 From c6cab2cfa855da8589f2a6714b0231085df710e5 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 20 Aug 2011 18:08:43 -0700 Subject: get_app for diaspora_like --- include/diaspora.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 44b97400b..08dcee138 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -599,6 +599,7 @@ function diaspora_comment($importer,$xml,$msg) { function diaspora_like($importer,$xml,$msg) { + $a = get_app(); $guid = notags(unxmlify($xml->guid)); $parent_guid = notags(unxmlify($xml->parent_guid)); $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); -- cgit v1.2.3 From c6f0d997e6d1ef832edfc656462aee38b404f75b Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 20 Aug 2011 18:14:19 -0700 Subject: set author/owner on likes --- include/diaspora.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 08dcee138..d75a91b6d 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -722,6 +722,7 @@ EOT; $arr['uri'] = $uri; $arr['uid'] = $importer['uid']; + $arr['guid'] = $guid; $arr['contact-id'] = $contact['id']; $arr['type'] = 'activity'; $arr['wall'] = $parent_item['wall']; @@ -729,13 +730,13 @@ EOT; $arr['parent'] = $parent_item['id']; $arr['parent-uri'] = $parent_item['uri']; - $datarray['owner-name'] = $contact['name']; - $datarray['owner-link'] = $contact['url']; - $datarray['owner-avatar'] = $contact['thumb']; + $arr['owner-name'] = $contact['name']; + $arr['owner-link'] = $contact['url']; + $arr['owner-avatar'] = $contact['thumb']; - $datarray['author-name'] = $person['name']; - $datarray['author-link'] = $person['url']; - $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); + $arr['author-name'] = $person['name']; + $arr['author-link'] = $person['url']; + $arr['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; $alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]'; -- cgit v1.2.3 From a3eb73ed11fb9940755b2a3e6d996232609c0e7f Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 20 Aug 2011 20:54:03 -0700 Subject: diaspora sign/verify requires SHA0 hash algorithm --- include/crypto.php | 4 ++-- include/diaspora.php | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index a75a9aa74..a20606db5 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -9,7 +9,7 @@ function rsa_sign($data,$key,$alg = 'sha256') { $sig = ''; if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { - openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256')); + openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } else { if(strlen($key) < 1024 || extension_loaded('gmp')) { @@ -31,7 +31,7 @@ function rsa_sign($data,$key,$alg = 'sha256') { function rsa_verify($data,$sig,$key,$alg = 'sha256') { if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') { - $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256')); + $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg)); } else { if(strlen($key) <= 300 || extension_loaded('gmp')) { diff --git a/include/diaspora.php b/include/diaspora.php index d75a91b6d..5ee10901c 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -508,10 +508,9 @@ function diaspora_comment($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha1')) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { logger('diaspora_comment: verification failed.'); -// until we figure out what is different about their signing algorithm, accept it -// return; + return; } @@ -522,9 +521,9 @@ function diaspora_comment($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha1')) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { logger('diaspora_comment: owner verification failed.'); -// return; + return; } } @@ -677,9 +676,9 @@ function diaspora_like($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha1')) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { logger('diaspora_like: verification failed.'); -// return; + return; } if($parent_author_signature) { @@ -689,9 +688,9 @@ function diaspora_like($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha1')) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { logger('diaspora_like: owner verification failed.'); -// return; + return; } } @@ -871,7 +870,7 @@ function diaspora_send_followup($item,$owner,$contact) { else $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; - $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha1'); + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha'); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), @@ -939,7 +938,7 @@ function diaspora_send_relay($item,$owner,$contact) { else $parent_signed_text = $orig_sign['signed_text']; - $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha1')); + $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha')); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), -- cgit v1.2.3 From c97652a044d009d7212f3fc4195e9aabd1c236c5 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 21 Aug 2011 00:13:44 -0700 Subject: php error when no aliases --- include/network.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index 10e3648a1..d4f0d8aa7 100644 --- a/include/network.php +++ b/include/network.php @@ -536,7 +536,7 @@ function fetch_xrd_links($url) { $aliases = array($alias); else $aliases = $alias; - if(count($aliases)) { + if($aliases && count($aliases)) { foreach($aliases as $alias) { $links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias); } -- cgit v1.2.3 From e3eb4c131f7730151b8df865cb14f6767f2eface Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 21 Aug 2011 04:18:39 -0700 Subject: D* likes not verifying, ignore result until we figure out the signable_string exactly --- include/diaspora.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 5ee10901c..9b9d2cf8d 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -671,14 +671,14 @@ function diaspora_like($importer,$xml,$msg) { if(is_array($person) && x($person,'pubkey')) $key = $person['pubkey']; else { - logger('diaspora_comment: unable to find author details'); + logger('diaspora_like: unable to find author details'); return; } } if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { logger('diaspora_like: verification failed.'); - return; +// return; } if($parent_author_signature) { @@ -690,7 +690,7 @@ function diaspora_like($importer,$xml,$msg) { if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { logger('diaspora_like: owner verification failed.'); - return; +// return; } } -- cgit v1.2.3 From 213f832443944a8e3555ecf6b5951b71596fea6f Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 21 Aug 2011 17:24:50 -0700 Subject: add trailing slash to diaspora notify url on send --- include/diaspora.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 9b9d2cf8d..541172911 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -83,7 +83,9 @@ EOT; $b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle); $encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle), 'ciphertext' => base64_encode($ciphertext))); - $encrypted_header = '' . base64_encode($encrypted_header_json_object) . ''; + $cipher_json = base64_encode($encrypted_header_json_object); + + $encrypted_header = '' . $cipher_json . ''; $magic_env = <<< EOT @@ -798,7 +800,7 @@ function diaspora_share($me,$contact) { $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']))); - post_url($contact['notify'],$slap); + post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); return $return_code; } @@ -829,7 +831,7 @@ function diaspora_send_status($item,$owner,$contact) { $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); - post_url($contact['notify'],$slap); + post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); logger('diaspora_send_status: returns: ' . $return_code); return $return_code; @@ -886,7 +888,7 @@ function diaspora_send_followup($item,$owner,$contact) { $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); - post_url($contact['notify'],$slap); + post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); logger('diaspora_send_status: returns: ' . $return_code); return $return_code; @@ -962,7 +964,7 @@ function diaspora_send_relay($item,$owner,$contact) { $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']))); - post_url($contact['notify'],$slap); + post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); logger('diaspora_send_status: returns: ' . $return_code); return $return_code; -- cgit v1.2.3 From 4ec706cfc7f469c8e1313d125d0fe2611276fe7c Mon Sep 17 00:00:00 2001 From: Friendika Date: Sun, 21 Aug 2011 17:48:42 -0700 Subject: log the friend request - it's important --- include/diaspora.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 541172911..faededa6a 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -802,6 +802,7 @@ function diaspora_share($me,$contact) { post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); + logger('diaspora_send_share: returns: ' . $return_code); return $return_code; } @@ -890,7 +891,7 @@ function diaspora_send_followup($item,$owner,$contact) { post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); - logger('diaspora_send_status: returns: ' . $return_code); + logger('diaspora_send_followup: returns: ' . $return_code); return $return_code; } @@ -966,7 +967,7 @@ function diaspora_send_relay($item,$owner,$contact) { post_url($contact['notify'] . '/',$slap); $return_code = $a->get_curl_code(); - logger('diaspora_send_status: returns: ' . $return_code); + logger('diaspora_send_relay: returns: ' . $return_code); return $return_code; } -- cgit v1.2.3 From 812222fb1757c046b80a7b8169d69626256098cf Mon Sep 17 00:00:00 2001 From: Friendika Date: Mon, 22 Aug 2011 01:57:52 -0700 Subject: correct the diaspora_like signable string format --- include/diaspora.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index faededa6a..4113e9ce1 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -660,7 +660,7 @@ function diaspora_like($importer,$xml,$msg) { return; } - $author_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $diaspora_handle; + $author_signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; $author_signature = base64_decode($author_signature); @@ -680,7 +680,7 @@ function diaspora_like($importer,$xml,$msg) { if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { logger('diaspora_like: verification failed.'); -// return; + return; } if($parent_author_signature) { @@ -692,7 +692,7 @@ function diaspora_like($importer,$xml,$msg) { if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { logger('diaspora_like: owner verification failed.'); -// return; + return; } } -- cgit v1.2.3 From 564ade0685470158ac487d9a9f18a21079c729bb Mon Sep 17 00:00:00 2001 From: Friendika Date: Mon, 22 Aug 2011 04:55:09 -0700 Subject: store key with contact record --- include/diaspora.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 4113e9ce1..f3adc608e 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -77,10 +77,15 @@ EOT; $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv); $outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key)); + $encrypted_outer_key_bundle = ''; openssl_public_encrypt($outer_json,$encrypted_outer_key_bundle,$pubkey); - + + logger('outer_bundle_encrypt: ' . openssl_error_string()); $b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle); + + logger('outer_bundle: ' . $b64_encrypted_outer_key_bundle . ' key: ' . $pubkey); + $encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle), 'ciphertext' => base64_encode($ciphertext))); $cipher_json = base64_encode($encrypted_header_json_object); -- cgit v1.2.3