From ffb1997902facb36b78a7cfa522f41f2b3d71cda Mon Sep 17 00:00:00 2001
From: Mike Macgirvin <mike@macgirvin.com>
Date: Wed, 8 Sep 2010 20:14:17 -0700
Subject: mistpark 2.0 infrasturcture lands

---
 mod/dfrn_confirm.php | 101 ++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 71 insertions(+), 30 deletions(-)

(limited to 'mod/dfrn_confirm.php')

diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 69c93abd6..86227d537 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -12,9 +12,12 @@ function dfrn_confirm_post(&$a) {
 		// We are processing an external confirmation to an introduction created by our user.
 
 		$public_key = $_POST['public_key'];
-		$dfrn_id = $_POST['dfrn_id'];
+		$dfrn_id    = $_POST['dfrn_id'];
 		$source_url = $_POST['source_url'];
-		$aes_key = $_POST['aes_key'];
+		$aes_key    = $_POST['aes_key'];
+		$duplex     = $_POST['duplex'];
+		$version_id = $_POST['dfrn_version'];
+
 
 		// Find our user's account
 
@@ -23,15 +26,15 @@ function dfrn_confirm_post(&$a) {
 
 		if(! count($r)) {
 			xml_status(3); // failure
+			return; // NOTREACHED
 		}
 
 		$my_prvkey = $r[0]['prvkey'];
 		$local_uid = $r[0]['uid'];
 
-		$decrypted_source_url = "";
-
 		// verify everything
 
+		$decrypted_source_url = "";
 		openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
 
 
@@ -41,15 +44,17 @@ function dfrn_confirm_post(&$a) {
 
 		if(! count($ret)) {
 			// this is either a bogus confirmation or we deleted the original introduction.
-			xml_status(3); 
+			xml_status(3);
+			return; // NOTREACHED 
 		}
 
-		$relation = $r[0]['rel'];
+		$relation = $ret[0]['rel'];
 
 		// Decrypt all this stuff we just received
 
 		$foreign_pubkey = $ret[0]['site-pubkey'];
-		$dfrn_record = $ret[0]['id'];
+		$dfrn_record    = $ret[0]['id'];
+
 		$decrypted_dfrn_id = "";
 		openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
 
@@ -64,14 +69,18 @@ function dfrn_confirm_post(&$a) {
 
 		$r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1",
 			dbesc($decrypted_dfrn_id),
-			intval($local_uid));
-		if(count($r))
+			intval($local_uid)
+		);
+		if(count($r)) {
 			xml_status(1); // Birthday paradox - duplicate dfrn-id
+			return; // NOTREACHED
+		}
 
 		$r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
 			dbesc($decrypted_dfrn_id),
 			dbesc($dfrn_pubkey),
-			intval($dfrn_record));
+			intval($dfrn_record)
+		);
 		if($r) {
 
 			// We're good but now we have to scrape the profile photo and send notifications.
@@ -118,13 +127,29 @@ function dfrn_confirm_post(&$a) {
 				$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
 			}
 
-			$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `rel` = %d, `name-date` = '%s', `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, `pending` = 0, `network` = 'dfrn' WHERE `id` = %d LIMIT 1",
+			$new_relation = DIRECTION_OUT;
+			if(($relation == DIRECTION_IN) || ($duplex))
+				$new_relation = DIRECTION_BOTH;
+
+			$r = q("UPDATE `contact` SET 
+				`photo` = '%s', 
+				`thumb` = '%s', 
+				`rel` = %d, 
+				`name-date` = '%s', 
+				`uri-date` = '%s', 
+				`avatar-date` = '%s', 
+				`blocked` = 0, 
+				`pending` = 0,
+				`duplex` = %d, 
+				`network` = 'dfrn' WHERE `id` = %d LIMIT 1
+			",
 				dbesc($photo),
 				dbesc($thumb),
-				intval(($relation == DIRECTION_IN) ? DIRECTION_BOTH: DIRECTION_OUT),
+				intval($new_relation),
 				dbesc(datetime_convert()),
 				dbesc(datetime_convert()),
 				dbesc(datetime_convert()),
+				intval($duplex),
 				intval($dfrn_record)
 			);
 			if($r === false)
@@ -135,7 +160,8 @@ function dfrn_confirm_post(&$a) {
 
 			$r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
 				WHERE `contact`.`id` = %d LIMIT 1",
-				intval($dfrn_record));
+				intval($dfrn_record)
+			);
 			if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {
 
 				$tpl = file_get_contents('view/intro_complete_eml.tpl');
@@ -151,13 +177,12 @@ function dfrn_confirm_post(&$a) {
 				);
 	
 				$res = mail($r[0]['email'], t("Introduction accepted at ") . $a->config['sitename'],
-					$email_tpl,t("From: Administrator@") . $_SERVER[SERVER_NAME] );
+					$email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
 				if(!$res) {
 					notice( t("Email notification failed.") . EOL );
 				}
 			}
 			xml_status(0); // Success
-
 			return; // NOTREACHED
 		}
 		else {
@@ -171,43 +196,44 @@ function dfrn_confirm_post(&$a) {
 
 		// We are processing a local confirmation initiated on this system by our user to an external introduction.
 
-		$uid = $_SESSION['uid'];
+		$uid = get_uid();
 
 		if(! $uid) {
 			notice( t("Permission denied.") . EOL );
 			return;
 		}	
 	
-		$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
+		$dfrn_id  = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
 		$intro_id = intval($_POST['intro_id']);
+		$duplex   = intval($_POST['duplex']);
 
 		$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1",
 				dbesc($dfrn_id),
 				intval($uid)
 				);
 
-		if((! $r) || (! count($r))) {
+		if(! count($r)) {
 			notice( t('Node does not exist.') . EOL );
 			return;
 		}
 
-		$contact_id = $r[0]['id'];
-		$relation = $r[0]['rel'];
-		$site_pubkey = $r[0]['site-pubkey'];
+		$contact_id   = $r[0]['id'];
+		$relation     = $r[0]['rel'];
+		$site_pubkey  = $r[0]['site-pubkey'];
 		$dfrn_confirm = $r[0]['confirm'];
-		$aes_allow = $r[0]['aes_allow'];
+		$aes_allow    = $r[0]['aes_allow'];
 
-		$res=openssl_pkey_new(array(
+		$res = openssl_pkey_new(array(
         		'digest_alg' => 'whirlpool',
         		'private_key_bits' => 4096,
-			'encrypt_key' => false ));
+			'encrypt_key' => false )
+		);
 
 
 		$private_key = '';
 
 		openssl_pkey_export($res, $private_key);
 
-
 		$pubkey = openssl_pkey_get_details($res);
 		$public_key = $pubkey["key"];
 
@@ -222,8 +248,8 @@ function dfrn_confirm_post(&$a) {
 		$params = array();
 
 		$src_aes_key = random_string();
-		$result = "";
 
+		$result = '';
 		openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']);
 
 		$params['dfrn_id'] = $result;
@@ -237,6 +263,10 @@ function dfrn_confirm_post(&$a) {
 			$params['public_key'] = openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key);
 		}
 
+		$params['dfrn_version'] = '2.0';
+		if($duplex == 1)
+			$params['duplex'] = 1;
+
 		$res = post_url($dfrn_confirm,$params);
 
 // uncomment the following two lines and comment the following xml/status lines
@@ -329,10 +359,23 @@ function dfrn_confirm_post(&$a) {
 			$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
 		}
 
-		$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `rel` = %d, `name-date` = '%s', `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, `pending` = 0, `network` = 'dfrn' WHERE `id` = %d LIMIT 1",
+		$new_relation = DIRECTION_IN;
+		if(($relation == DIRECTION_OUT) || ($duplex))
+			$new_relation = DIRECTION_BOTH;
+
+		$r = q("UPDATE `contact` SET `photo` = '%s', 
+			`thumb` = '%s', 
+			`rel` = %d, 
+			`name-date` = '%s', 
+			`uri-date` = '%s', 
+			`avatar-date` = '%s', 
+			`blocked` = 0, 
+			`pending` = 0, 
+			`network` = 'dfrn' WHERE `id` = %d LIMIT 1
+		",
 			dbesc($photo),
 			dbesc($thumb),
-			intval(($relation == DIRECTION_OUT) ? DIRECTION_BOTH: DIRECTION_IN),
+			intval($new_relation),
 			dbesc(datetime_convert()),
 			dbesc(datetime_convert()),
 			dbesc(datetime_convert()),
@@ -343,8 +386,6 @@ function dfrn_confirm_post(&$a) {
 
 		goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
 		return;  //NOTREACHED
-
 	}
-
 	return;
 }
-- 
cgit v1.2.3