From 2c96ad77396b0df2be481c4f90cc61ebaa83bc75 Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Sun, 12 Sep 2010 21:25:37 -0700 Subject: tag each side of the duplex --- mod/dfrn_poll.php | 162 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 120 insertions(+), 42 deletions(-) (limited to 'mod/dfrn_poll.php') diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 89fc379fb..4b8a7f112 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -17,51 +17,69 @@ function dfrn_poll_init(&$a) { $dfrn_version = ((x($_GET,'dfrn_version')) ? $_GET['dfrn_version'] : '1.0'); $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : ''); + + $direction = (-1); + + + if(strpos($dfrn_id,':') == 1) { + $direction = intval(substr($dfrn_id,0,1)); + $dfrn_id = substr($dfrn_id,2); + } + if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) { - $o = get_feed_for($a,'*', $a->argv[1],$last_update); + $o = get_feed_for($a, '*', $a->argv[1],$last_update); echo $o; killme(); } if((x($type)) && ($type == 'profile')) { + $sql_extra = ''; + switch($direction) { + case (-1): + $sql_extra = sprintf(" AND `dfrn-id` = '%s' ", dbesc($dfrn_id)); + $my_id = $dfrn_id; + break; + case 0: + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '1:' . $dfrn_id; + break; + case 1: + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '0:' . $dfrn_id; + break; + default: + goaway($a->get_baseurl()); + break; // NOTREACHED + } + $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) ", - dbesc($dfrn_id), - dbesc($dfrn_id) - ); + WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra LIMIT 1"); if(count($r)) { - foreach($r as $rr) { - - // On a multi-user site, the query above *may* have returned two results. - // One of those could be the logged-in user who is now visiting "this" cell, - // as both share the dfrn_id. We will skip that entry if it unfortunately - // happens to come up first. - - if(local_user() && ($rr['uid'] == get_uid())) - continue; - - $s = fetch_url($rr['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check'); - if(strlen($s)) { - $xml = simplexml_load_string($s); - if((int) $xml->status == 1) { - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $rr['id']; - notice( t('Hi ') . $rr['name'] . EOL); - // Visitors get 1 day session. - $session_id = session_id(); - $expire = time() + 86400; - q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", - dbesc($expire), - dbesc($session_id) - ); - } + + $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check'); + + if(strlen($s)) { + + $xml = simplexml_load_string($s); + + if((int) $xml->status == 1) { + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $r[0]['id']; + notice( t('Hi ') . $r[0]['name'] . EOL); + // Visitors get 1 day session. + $session_id = session_id(); + $expire = time() + 86400; + q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", + dbesc($expire), + dbesc($session_id) + ); } - $profile = $rr['nickname']; - goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); } + $profile = $r[0]['nickname']; + goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); } goaway($a->get_baseurl()); @@ -69,6 +87,16 @@ function dfrn_poll_init(&$a) { if((x($type)) && ($type == 'profile-check')) { + switch($direction) { + case 1: + $dfrn_id = '0:' . $dfrn_id; + break; + case 0: + $dfrn_id = '1:' . $dfrn_id; + break; + default: + break; + } q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time())); $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC", dbesc($dfrn_id)); @@ -91,6 +119,12 @@ function dfrn_poll_post(&$a) { $challenge = notags(trim($_POST['challenge'])); $url = $_POST['url']; + $direction = (-1); + if(strpos($dfrn_id,':') == 1) { + $direction = intval(substr($dfrn_id,0,1)); + $dfrn_id = substr($dfrn_id,2); + } + $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", dbesc($dfrn_id), dbesc($challenge) @@ -107,10 +141,28 @@ function dfrn_poll_post(&$a) { ); - $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) LIMIT 1", - dbesc($dfrn_id), - dbesc($dfrn_id) - ); + $sql_extra = ''; + switch($direction) { + case (-1): + $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + $my_id = $dfrn_id; + break; + case 0: + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '1:' . $dfrn_id; + break; + case 1: + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '0:' . $dfrn_id; + break; + default: + goaway($a->get_baseurl()); + break; // NOTREACHED + } + + + $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1"); + if(! count($r)) killme(); @@ -169,6 +221,12 @@ function dfrn_poll_content(&$a) { if(x($_GET,'last_update')) $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update']; + $direction = (-1); + if(strpos($dfrn_id,':') == 1) { + $direction = intval(substr($dfrn_id,0,1)); + $dfrn_id = substr($dfrn_id,2); + } + if($dfrn_id != '') { // initial communication from external contact @@ -187,16 +245,36 @@ function dfrn_poll_content(&$a) { dbesc($last_update) ); - $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) - AND `blocked` = 0 AND `pending` = 0 LIMIT 1", - dbesc($_GET['dfrn_id']), - dbesc($_GET['dfrn_id']) - ); + + $sql_extra = ''; + switch($direction) { + case (-1): + $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + $my_id = $dfrn_id; + break; + case 0: + $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '1:' . $dfrn_id; + break; + case 1: + $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); + $my_id = '0:' . $dfrn_id; + break; + default: + goaway($a->get_baseurl()); + break; // NOTREACHED + } + + + + + $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1"); + if(count($r)) { $challenge = ''; $encrypted_id = ''; - $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); + $id_str = $my_id . '.' . mt_rand(1000,9999); if($r[0]['duplex'] && strlen($r[0]['pubkey'])) { -- cgit v1.2.3