5 * Description: Provides a Facebook-like chat using Jappix Mini
7 * Author: leberwurscht <leberwurscht@hoegners.de>
11 // Copyright 2012 "Leberwurscht" <leberwurscht@hoegners.de>
13 // This file is dual-licensed under the MIT license (see MIT.txt) and the AGPL license (see jappix/COPYING).
19 * jabber password should not be stored on server
20 * jabber password should not be sent between server and browser as soon as the user is logged in
21 * jabber password should not be reconstructible from communication between server and browser as soon as the user is logged in
24 Only store an encrypted version of the jabber password on the server. The encryption key is only available to the browser
25 and not to the server (at least as soon as the user is logged in). It can be stored using the jappix setDB function.
27 This encryption key could be the friendica password, but then this password would be stored in the browser in cleartext.
28 It is better to use a hash of the password.
29 The server should not be able to reconstruct the password, so we can't take the same hash the server stores. But we can
30 use hash("some_prefix"+password). This will however not work with OpenID logins, for this type of login the password must
34 How to discover the jabber addresses of the friendica contacts?
37 Each Friendica site with this addon provides a /jappixmini/ module page. We go through our contacts and retrieve
38 this information every week using a cron hook.
41 We do not want to make the jabber address public.
44 When two friendica users connect using DFRN, the relation gets a DFRN ID and a keypair is generated.
45 Using this keypair, we can provide the jabber address only to contacts:
48 signed_address = openssl_*_encrypt(alice_jabber_address)
49 send signed_address to Bob, who does
50 trusted_address = openssl_*_decrypt(signed_address)
52 encrypted_address = openssl_*_encrypt(bob_jabber_address)
53 reply with encrypted_address to Alice, who does
54 decrypted_address = openssl_*_decrypt(encrypted_address)
55 save decrypted_address
58 GET /jappixmini/?role=%s&signed_address=%s&dfrn_id=%s
61 json({"status":"ok", "encrypted_address":"%s"})
66 use Friendica\Core\Hook;
67 use Friendica\Core\Logger;
68 use Friendica\Core\Protocol;
69 use Friendica\Database\DBA;
71 use Friendica\Model\User;
72 use Friendica\Util\Network;
74 function jappixmini_install()
76 Hook::register('addon_settings', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings');
77 Hook::register('addon_settings_post', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings_post');
79 Hook::register('page_end', 'addon/jappixmini/jappixmini.php', 'jappixmini_script');
80 Hook::register('authenticate', 'addon/jappixmini/jappixmini.php', 'jappixmini_login');
82 Hook::register('cron', 'addon/jappixmini/jappixmini.php', 'jappixmini_cron');
84 // Jappix source download as required by AGPL
85 Hook::register('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_download_source');
87 // set standard configuration
88 $info_text = DI::config()->get("jappixmini", "infotext");
90 DI::config()->set("jappixmini", "infotext", "To get the chat working, you need to know a BOSH host which works with your Jabber account. " .
91 "An example of a BOSH server that works for all accounts is https://bind.jappix.com/, but keep " .
92 "in mind that the BOSH server can read along all chat messages. If you know that your Jabber " .
93 "server also provides an own BOSH server, it is much better to use this one!"
96 $bosh_proxy = DI::config()->get("jappixmini", "bosh_proxy");
97 if ($bosh_proxy === "") {
98 DI::config()->set("jappixmini", "bosh_proxy", "1");
101 // set addon version so that safe updates are possible later
102 $addon_version = DI::config()->get("jappixmini", "version");
103 if ($addon_version === "") {
104 DI::config()->set("jappixmini", "version", "1");
108 function jappixmini_uninstall()
110 Hook::unregister('addon_settings', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings');
111 Hook::unregister('addon_settings_post', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings_post');
113 Hook::unregister('page_end', 'addon/jappixmini/jappixmini.php', 'jappixmini_script');
114 Hook::unregister('authenticate', 'addon/jappixmini/jappixmini.php', 'jappixmini_login');
116 Hook::unregister('cron', 'addon/jappixmini/jappixmini.php', 'jappixmini_cron');
118 Hook::unregister('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_download_source');
121 function jappixmini_addon_admin(App $a, &$o)
123 // display instructions and warnings on addon settings page for admin
124 if (!file_exists("addon/jappixmini.tgz")) {
125 $o .= '<p><strong style="color:#fff;background-color:#f00">The source archive jappixmini.tgz does not exist. This is probably a violation of the Jappix License (AGPL).</strong></p>';
128 // warn if cron job has not yet been executed
129 $cron_run = DI::config()->get("jappixmini", "last_cron_execution");
131 $o .= "<p><strong>Warning: The cron job has not yet been executed. If this message is still there after some time (usually 10 minutes), this means that autosubscribe and autoaccept will not work.</strong></p>";
135 $bosh_proxy = intval(DI::config()->get("jappixmini", "bosh_proxy"));
136 $bosh_proxy = intval($bosh_proxy) ? ' checked="checked"' : '';
137 $o .= '<label for="jappixmini-proxy">Activate BOSH proxy</label>';
138 $o .= ' <input id="jappixmini-proxy" type="checkbox" name="jappixmini-proxy" value="1"' . $bosh_proxy . ' /><br />';
141 $bosh_address = DI::config()->get("jappixmini", "bosh_address");
142 $o .= '<p><label for="jappixmini-address">Adress of the default BOSH proxy. If enabled it overrides the user settings:</label><br />';
143 $o .= '<input id="jappixmini-address" type="text" name="jappixmini-address" value="' . $bosh_address . '" /></p>';
145 // default server address
146 $default_server = DI::config()->get("jappixmini", "default_server");
147 $o .= '<p><label for="jappixmini-server">Adress of the default jabber server:</label><br />';
148 $o .= '<input id="jappixmini-server" type="text" name="jappixmini-server" value="' . $default_server . '" /></p>';
150 // default user name to friendica nickname
151 $default_user = intval(DI::config()->get("jappixmini", "default_user"));
152 $default_user = intval($default_user) ? ' checked="checked"' : '';
153 $o .= '<label for="jappixmini-user">Set the default username to the nickname:</label>';
154 $o .= ' <input id="jappixmini-user" type="checkbox" name="jappixmini-defaultuser" value="1"' . $default_user . ' /><br />';
157 $info_text = DI::config()->get("jappixmini", "infotext");
158 $o .= '<p><label for="jappixmini-infotext">Info text to help users with configuration (important if you want to provide your own BOSH host!):</label><br />';
159 $o .= '<textarea id="jappixmini-infotext" name="jappixmini-infotext" rows="5" cols="50">' . htmlentities($info_text) . '</textarea></p>';
162 $o .= '<input type="submit" name="jappixmini-admin-settings" value="OK" />';
165 function jappixmini_addon_admin_post(App $a)
168 $submit = $_REQUEST['jappixmini-admin-settings'];
170 $info_text = $_REQUEST['jappixmini-infotext'];
171 $bosh_proxy = intval($_REQUEST['jappixmini-proxy']);
172 $default_user = intval($_REQUEST['jappixmini-defaultuser']);
173 $bosh_address = $_REQUEST['jappixmini-address'];
174 $default_server = $_REQUEST['jappixmini-server'];
175 DI::config()->set("jappixmini", "infotext", $info_text);
176 DI::config()->set("jappixmini", "bosh_proxy", $bosh_proxy);
177 DI::config()->set("jappixmini", "bosh_address", $bosh_address);
178 DI::config()->set("jappixmini", "default_server", $default_server);
179 DI::config()->set("jappixmini", "default_user", $default_user);
183 function jappixmini_module()
188 function jappixmini_init()
190 // module page where other Friendica sites can submit Jabber addresses to and also can query Jabber addresses
192 $dfrn_id = $_REQUEST["dfrn_id"];
197 $role = $_REQUEST["role"];
198 if ($role == "pub") {
199 $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
204 $encrypt_func = 'openssl_public_encrypt';
205 $decrypt_func = 'openssl_public_decrypt';
206 $key = $r[0]["pubkey"];
207 } else if ($role == "prv") {
208 $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", DBA::escape($dfrn_id));
213 $encrypt_func = 'openssl_private_encrypt';
214 $decrypt_func = 'openssl_private_decrypt';
215 $key = $r[0]["prvkey"];
222 // save the Jabber address we received
224 $signed_address_hex = $_REQUEST["signed_address"];
225 $signed_address = hex2bin($signed_address_hex);
227 $trusted_address = "";
228 $decrypt_func($signed_address, $trusted_address, $key);
230 $now = intval(time());
231 DI::pConfig()->set($uid, "jappixmini", "id:$dfrn_id", "$now:$trusted_address");
232 } catch (Exception $e) {
236 // do not return an address if user deactivated addon
237 $activated = DI::pConfig()->get($uid, 'jappixmini', 'activate');
242 // return the requested Jabber address
244 $username = DI::pConfig()->get($uid, 'jappixmini', 'username');
245 $server = DI::pConfig()->get($uid, 'jappixmini', 'server');
246 $address = "$username@$server";
248 $encrypted_address = "";
249 $encrypt_func($address, $encrypted_address, $key);
251 $encrypted_address_hex = bin2hex($encrypted_address);
255 "encrypted_address" => $encrypted_address_hex
258 $answer_json = json_encode($answer);
261 } catch (Exception $e) {
266 function jappixmini_settings(App $a, &$s)
268 // addon settings for a user
269 $activate = DI::pConfig()->get(local_user(), 'jappixmini', 'activate');
270 $activate = intval($activate) ? ' checked="checked"' : '';
271 $dontinsertchat = DI::pConfig()->get(local_user(), 'jappixmini', 'dontinsertchat');
272 $insertchat = !(intval($dontinsertchat) ? ' checked="checked"' : '');
274 $defaultbosh = DI::config()->get("jappixmini", "bosh_address");
276 if ($defaultbosh != "") {
277 DI::pConfig()->set(local_user(), 'jappixmini', 'bosh', $defaultbosh);
280 $username = DI::pConfig()->get(local_user(), 'jappixmini', 'username');
281 $username = htmlentities($username);
282 $server = DI::pConfig()->get(local_user(), 'jappixmini', 'server');
283 $server = htmlentities($server);
284 $bosh = DI::pConfig()->get(local_user(), 'jappixmini', 'bosh');
285 $bosh = htmlentities($bosh);
286 $password = DI::pConfig()->get(local_user(), 'jappixmini', 'password');
287 $autosubscribe = DI::pConfig()->get(local_user(), 'jappixmini', 'autosubscribe');
288 $autosubscribe = intval($autosubscribe) ? ' checked="checked"' : '';
289 $autoapprove = DI::pConfig()->get(local_user(), 'jappixmini', 'autoapprove');
290 $autoapprove = intval($autoapprove) ? ' checked="checked"' : '';
291 $encrypt = intval(DI::pConfig()->get(local_user(), 'jappixmini', 'encrypt'));
292 $encrypt_checked = $encrypt ? ' checked="checked"' : '';
293 $encrypt_disabled = $encrypt ? '' : ' disabled="disabled"';
296 $server = DI::config()->get("jappixmini", "default_server");
299 if (($username == "") && DI::config()->get("jappixmini", "default_user")) {
300 $username = $a->user["nickname"];
303 $info_text = DI::config()->get("jappixmini", "infotext");
304 $info_text = htmlentities($info_text);
305 $info_text = str_replace("\n", "<br />", $info_text);
308 $r = q("SELECT COUNT(1) as `cnt` FROM `pconfig` WHERE `uid`=%d AND `cat`='jappixmini' AND `k` LIKE 'id:%%'", local_user());
310 $contact_cnt = $r[0]["cnt"];
315 // count jabber addresses
316 $r = q("SELECT COUNT(1) as `cnt` FROM `pconfig` WHERE `uid`=%d AND `cat`='jappixmini' AND `k` LIKE 'id:%%' AND `v` LIKE '%%@%%'", local_user());
318 $address_cnt = $r[0]["cnt"];
324 // load scripts if not yet activated so that password can be saved
325 DI::page()['htmlhead'] .= '<script type="text/javascript" src="' . DI::baseUrl()->get() . '/addon/jappixmini/jappix/php/get.php?t=js&g=mini.xml"></script>' . "\r\n";
326 DI::page()['htmlhead'] .= '<script type="text/javascript" src="' . DI::baseUrl()->get() . '/addon/jappixmini/jappix/php/get.php?t=js&f=presence.js~caps.js~name.js~roster.js"></script>' . "\r\n";
328 DI::page()['htmlhead'] .= '<script type="text/javascript" src="' . DI::baseUrl()->get() . '/addon/jappixmini/lib.js"></script>' . "\r\n";
331 $s .= '<span id="settings_jappixmini_inflated" class="settings-block fakelink" style="display: block;" onclick="openClose(\'settings_jappixmini_expanded\'); openClose(\'settings_jappixmini_inflated\');">';
332 $s .= '<h3>' . DI::l10n()->t('Jappix Mini') . '</h3>';
334 $s .= '<div id="settings_jappixmini_expanded" class="settings-block" style="display: none;">';
335 $s .= '<span class="fakelink" onclick="openClose(\'settings_jappixmini_expanded\'); openClose(\'settings_jappixmini_inflated\');">';
336 $s .= '<h3>' . DI::l10n()->t('Jappix Mini') . '</h3>';
339 $s .= '<label for="jappixmini-activate">' . DI::l10n()->t('Activate addon') . '</label>';
340 $s .= ' <input id="jappixmini-activate" type="checkbox" name="jappixmini-activate" value="1"' . $activate . ' />';
342 $s .= '<label for"jappixmini-dont-insertchat">' . DI::l10n()->t('Do <em>not</em> insert the Jappixmini Chat-Widget into the webinterface') . '</label>';
343 $s .= '<input id="jappixmini-dont-insertchat" type="checkbox" name="jappixmini-dont-insertchat" value="1"' . $insertchat . ' />';
345 $s .= '<label for="jappixmini-username">' . DI::l10n()->t('Jabber username') . '</label>';
346 $s .= ' <input id="jappixmini-username" type="text" name="jappixmini-username" value="' . $username . '" />';
348 $s .= '<label for="jappixmini-server">' . DI::l10n()->t('Jabber server') . '</label>';
349 $s .= ' <input id="jappixmini-server" type="text" name="jappixmini-server" value="' . $server . '" />';
352 if ($defaultbosh == "") {
353 $s .= '<label for="jappixmini-bosh">' . DI::l10n()->t('Jabber BOSH host') . '</label>';
354 $s .= ' <input id="jappixmini-bosh" type="text" name="jappixmini-bosh" value="' . $bosh . '" />';
358 $s .= '<label for="jappixmini-password">' . DI::l10n()->t('Jabber password') . '</label>';
359 $s .= ' <input type="hidden" id="jappixmini-password" name="jappixmini-encrypted-password" value="' . $password . '" />';
360 $s .= ' <input id="jappixmini-clear-password" type="password" value="" onchange="jappixmini_set_password();" />';
362 $onchange = "document.getElementById('jappixmini-friendica-password').disabled = !this.checked;jappixmini_set_password();";
363 $s .= '<label for="jappixmini-encrypt">' . DI::l10n()->t('Encrypt Jabber password with Friendica password (recommended)') . '</label>';
364 $s .= ' <input id="jappixmini-encrypt" type="checkbox" name="jappixmini-encrypt" onchange="' . $onchange . '" value="1"' . $encrypt_checked . ' />';
366 $s .= '<label for="jappixmini-friendica-password">' . DI::l10n()->t('Friendica password') . '</label>';
367 $s .= ' <input id="jappixmini-friendica-password" name="jappixmini-friendica-password" type="password" onchange="jappixmini_set_password();" value=""' . $encrypt_disabled . ' />';
369 $s .= '<label for="jappixmini-autoapprove">' . DI::l10n()->t('Approve subscription requests from Friendica contacts automatically') . '</label>';
370 $s .= ' <input id="jappixmini-autoapprove" type="checkbox" name="jappixmini-autoapprove" value="1"' . $autoapprove . ' />';
372 $s .= '<label for="jappixmini-autosubscribe">' . DI::l10n()->t('Subscribe to Friendica contacts automatically') . '</label>';
373 $s .= ' <input id="jappixmini-autosubscribe" type="checkbox" name="jappixmini-autosubscribe" value="1"' . $autosubscribe . ' />';
375 $s .= '<label for="jappixmini-purge">' . DI::l10n()->t('Purge internal list of jabber addresses of contacts') . '</label>';
376 $s .= ' <input id="jappixmini-purge" type="checkbox" name="jappixmini-purge" value="1" />';
379 $s .= '<br />Configuration help:<p style="margin-left:2em;">' . $info_text . '</p>';
381 $s .= '<br />Status:<p style="margin-left:2em;">Addon knows ' . $address_cnt . ' Jabber addresses of ' . $contact_cnt . ' Friendica contacts (takes some time, usually 10 minutes, to update).</p>';
382 $s .= '<input type="submit" name="jappixmini-submit" value="' . DI::l10n()->t('Save Settings') . '" />';
383 $s .= ' <input type="button" value="' . DI::l10n()->t('Add contact') . '" onclick="jappixmini_addon_subscribe();" />';
387 DI::page()['htmlhead'] .= "<script type=\"text/javascript\">
388 function jappixmini_set_password() {
389 encrypt = document.getElementById('jappixmini-encrypt').checked;
390 password = document.getElementById('jappixmini-password');
391 clear_password = document.getElementById('jappixmini-clear-password');
393 friendica_password = document.getElementById('jappixmini-friendica-password');
395 if (friendica_password) {
396 jappixmini_addon_set_client_secret(friendica_password.value);
397 jappixmini_addon_encrypt_password(clear_password.value, function(encrypted_password){
398 password.value = encrypted_password;
403 password.value = clear_password.value;
407 jQuery(document).ready(function() {
408 encrypt = document.getElementById('jappixmini-encrypt').checked;
409 password = document.getElementById('jappixmini-password');
410 clear_password = document.getElementById('jappixmini-clear-password');
412 jappixmini_addon_decrypt_password(password.value, function(decrypted_password){
413 clear_password.value = decrypted_password;
417 clear_password.value = password.value;
423 function jappixmini_settings_post(App $a, &$b)
425 // save addon settings for a user
431 if ($_POST['jappixmini-submit']) {
432 $encrypt = intval($b['jappixmini-encrypt']);
434 // check that Jabber password was encrypted with correct Friendica password
435 $friendica_password = trim($b['jappixmini-friendica-password']);
436 if (!User::authenticate((int) $uid, $friendica_password)) {
437 info("Wrong friendica password!");
442 $purge = intval($b['jappixmini-purge']);
444 $username = trim($b['jappixmini-username']);
445 $old_username = DI::pConfig()->get($uid, 'jappixmini', 'username');
446 if ($username != $old_username) {
450 $server = trim($b['jappixmini-server']);
451 $old_server = DI::pConfig()->get($uid, 'jappixmini', 'server');
452 if ($server != $old_server) {
456 DI::pConfig()->set($uid, 'jappixmini', 'username' , $username);
457 DI::pConfig()->set($uid, 'jappixmini', 'server' , $server);
458 DI::pConfig()->set($uid, 'jappixmini', 'bosh' , trim($b['jappixmini-bosh']));
459 DI::pConfig()->set($uid, 'jappixmini', 'password' , trim($b['jappixmini-encrypted-password']));
460 DI::pConfig()->set($uid, 'jappixmini', 'autosubscribe' , intval($b['jappixmini-autosubscribe']));
461 DI::pConfig()->set($uid, 'jappixmini', 'autoapprove' , intval($b['jappixmini-autoapprove']));
462 DI::pConfig()->set($uid, 'jappixmini', 'activate' , intval($b['jappixmini-activate']));
463 DI::pConfig()->set($uid, 'jappixmini', 'dontinsertchat', intval($b['jappixmini-dont-insertchat']));
464 DI::pConfig()->set($uid, 'jappixmini', 'encrypt' , $encrypt);
465 info('Jappix Mini settings saved.');
468 q("DELETE FROM `pconfig` WHERE `uid`=$uid AND `cat`='jappixmini' AND `k` LIKE 'id:%%'");
469 info('List of addresses purged.');
474 function jappixmini_script(App $a)
476 // adds the script to the page header which starts Jappix Mini
481 if (($_GET['mode'] ?? '') == 'minimal') {
485 $activate = DI::pConfig()->get(local_user(), 'jappixmini', 'activate');
486 $dontinsertchat = DI::pConfig()->get(local_user(), 'jappixmini', 'dontinsertchat');
487 if (!$activate || $dontinsertchat) {
491 DI::page()['htmlhead'] .= '<script type="text/javascript" src="' . DI::baseUrl()->get() . '/addon/jappixmini/jappix/php/get.php?t=js&g=mini.xml"></script>' . "\r\n";
492 DI::page()['htmlhead'] .= '<script type="text/javascript" src="' . DI::baseUrl()->get() . '/addon/jappixmini/jappix/php/get.php?t=js&f=presence.js~caps.js~name.js~roster.js"></script>' . "\r\n";
494 DI::page()['htmlhead'] .= '<script type="text/javascript" src="' . DI::baseUrl()->get() . '/addon/jappixmini/lib.js"></script>' . "\r\n";
496 $username = DI::pConfig()->get(local_user(), 'jappixmini', 'username');
497 $username = str_replace("'", "\\'", $username);
498 $server = DI::pConfig()->get(local_user(), 'jappixmini', 'server');
499 $server = str_replace("'", "\\'", $server);
500 $bosh = DI::pConfig()->get(local_user(), 'jappixmini', 'bosh');
501 $bosh = str_replace("'", "\\'", $bosh);
502 $encrypt = DI::pConfig()->get(local_user(), 'jappixmini', 'encrypt');
503 $encrypt = intval($encrypt);
504 $password = DI::pConfig()->get(local_user(), 'jappixmini', 'password');
505 $password = str_replace("'", "\\'", $password);
507 $autoapprove = DI::pConfig()->get(local_user(), 'jappixmini', 'autoapprove');
508 $autoapprove = intval($autoapprove);
509 $autosubscribe = DI::pConfig()->get(local_user(), 'jappixmini', 'autosubscribe');
510 $autosubscribe = intval($autosubscribe);
512 // set proxy if necessary
513 $use_proxy = DI::config()->get('jappixmini', 'bosh_proxy');
515 $proxy = DI::baseUrl()->get() . '/addon/jappixmini/proxy.php';
520 // get a list of jabber accounts of the contacts
523 $rows = q("SELECT * FROM `pconfig` WHERE `uid`=$uid AND `cat`='jappixmini' AND `k` LIKE 'id:%%'");
524 foreach ($rows as $row) {
526 $pos = strpos($key, ":");
527 $dfrn_id = substr($key, $pos + 1);
528 $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
530 $name = $r[0]["name"];
533 $pos = strpos($value, ":");
534 $address = substr($value, $pos + 1);
542 $contacts[$address] = $name;
544 $contacts_json = json_encode($contacts);
545 $contacts_hash = sha1($contacts_json);
548 $r = q("SELECT `username` FROM `user` WHERE `uid`=$uid");
549 $nickname = json_encode($r[0]["username"]);
550 $groupchats = DI::config()->get('jappixmini', 'groupchats');
551 //if $groupchats has no value jappix_addon_start will produce a syntax error
552 if (empty($groupchats)) {
556 // add javascript to start Jappix Mini
557 DI::page()['htmlhead'] .= "<script type=\"text/javascript\">
558 jQuery(document).ready(function() {
559 jappixmini_addon_start('$server', '$username', '$proxy', '$bosh', $encrypt, '$password', $nickname, $contacts_json, '$contacts_hash', $autoapprove, $autosubscribe, $groupchats);
566 function jappixmini_login(App $a, &$o)
568 // create client secret on login to be able to encrypt jabber passwords
569 // for setDB and str_sha1, needed by jappixmini_addon_set_client_secret
570 DI::page()['htmlhead'] .= '<script type="text/javascript" src="' . DI::baseUrl()->get() . '/addon/jappixmini/jappix/php/get.php?t=js&f=datastore.js~jsjac.js"></script>' . "\r\n";
572 // for jappixmini_addon_set_client_secret
573 DI::page()['htmlhead'] .= '<script type="text/javascript" src="' . DI::baseUrl()->get() . '/addon/jappixmini/lib.js"></script>' . "\r\n";
575 // save hash of password
576 $o = str_replace("<form ", "<form onsubmit=\"jappixmini_addon_set_client_secret(this.elements['id_password'].value);return true;\" ", $o);
579 function jappixmini_cron(App $a, $d)
581 // For autosubscribe/autoapprove, we need to maintain a list of jabber addresses of our contacts.
582 DI::config()->set("jappixmini", "last_cron_execution", $d);
584 // go through list of users with jabber enabled
585 $users = q("SELECT `uid` FROM `pconfig` WHERE `cat`='jappixmini' AND (`k`='autosubscribe' OR `k`='autoapprove') AND `v`='1'");
586 Logger::log("jappixmini: Update list of contacts' jabber accounts for " . count($users) . " users.");
588 if (!count($users)) {
592 foreach ($users as $row) {
595 // for each user, go through list of contacts
596 $contacts = q("SELECT * FROM `contact` WHERE `uid`=%d AND ((LENGTH(`dfrn-id`) AND LENGTH(`pubkey`)) OR (LENGTH(`issued-id`) AND LENGTH(`prvkey`))) AND `network` = '%s'",
597 intval($uid), DBA::escape(Protocol::DFRN));
598 foreach ($contacts as $contact_row) {
599 $request = $contact_row["request"];
604 $dfrn_id = $contact_row["dfrn-id"];
606 $key = $contact_row["pubkey"];
607 $encrypt_func = 'openssl_public_encrypt';
608 $decrypt_func = 'openssl_public_decrypt';
611 $dfrn_id = $contact_row["issued-id"];
612 $key = $contact_row["prvkey"];
613 $encrypt_func = 'openssl_private_encrypt';
614 $decrypt_func = 'openssl_private_decrypt';
618 // check if jabber address already present
619 $present = DI::pConfig()->get($uid, "jappixmini", "id:" . $dfrn_id);
620 $now = intval(time());
622 // $present has format "timestamp:jabber_address"
623 $p = strpos($present, ":");
624 $timestamp = intval(substr($present, 0, $p));
626 // do not re-retrieve jabber address if last retrieval
627 // is not older than a week
628 if ($now - $timestamp < 3600 * 24 * 7) {
633 // construct base retrieval address
634 $pos = strpos($request, "/dfrn_request/");
635 if ($pos === false) {
639 $base = substr($request, 0, $pos) . "/jappixmini?role=$role";
641 // construct own address
642 $username = DI::pConfig()->get($uid, 'jappixmini', 'username');
646 $server = DI::pConfig()->get($uid, 'jappixmini', 'server');
651 $address = $username . "@" . $server;
654 $signed_address = "";
655 $encrypt_func($address, $signed_address, $key);
657 // construct request url
658 $signed_address_hex = bin2hex($signed_address);
659 $url = $base . "&signed_address=$signed_address_hex&dfrn_id=" . urlencode($dfrn_id);
663 $answer_json = Network::fetchUrl($url);
666 $answer = json_decode($answer_json);
667 if (empty($answer->status) || ($answer->status != "ok")) {
668 throw new Exception();
671 $encrypted_address_hex = $answer->encrypted_address;
672 if (!$encrypted_address_hex) {
673 throw new Exception();
676 $encrypted_address = hex2bin($encrypted_address_hex);
677 if (!$encrypted_address) {
678 throw new Exception();
682 $decrypted_address = "";
683 $decrypt_func($encrypted_address, $decrypted_address, $key);
684 if (!$decrypted_address) {
685 throw new Exception();
687 } catch (Exception $e) {
688 $decrypted_address = "";
692 DI::pConfig()->set($uid, "jappixmini", "id:$dfrn_id", "$now:$decrypted_address");
697 function jappixmini_download_source(App $a, &$b)
699 // Jappix Mini source download link on About page
700 $b .= '<h1>Jappix Mini</h1>';
701 $b .= '<p>This site uses the jappixmini addon, which includes Jappix Mini by the <a href="' . DI::baseUrl()->get() . '/addon/jappixmini/jappix/AUTHORS">Jappix authors</a> and is distributed under the terms of the <a href="' . DI::baseUrl()->get() . '/addon/jappixmini/jappix/COPYING">GNU Affero General Public License</a>.</p>';
702 $b .= '<p>You can download the <a href="' . DI::baseUrl()->get() . '/addon/jappixmini.tgz">source code of the addon</a>. The rest of Friendica is distributed under compatible licenses and can be retrieved from <a href="https://github.com/friendica/friendica">https://github.com/friendica/friendica</a> and <a href="https://github.com/friendica/friendica-addons">https://github.com/friendica/friendica-addons</a></p>';
projects / friendica-addons.git / blob