]> git.mxchange.org Git - friendica.git/blob - mod/dfrn_confirm.php
Merge pull request #6977 from annando/fix-reshare
[friendica.git] / mod / dfrn_confirm.php
1 <?php
2 /**
3  * @file mod/dfrn_confirm.php
4  * @brief Module: dfrn_confirm
5  * Purpose: Friendship acceptance for DFRN contacts
6  *
7  * There are two possible entry points and three scenarios.
8  *
9  *   1. A form was submitted by our user approving a friendship that originated elsewhere.
10  *      This may also be called from dfrn_request to automatically approve a friendship.
11  *
12  *   2. We may be the target or other side of the conversation to scenario 1, and will
13  *      interact with that process on our own user's behalf.
14  *
15  *  @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf
16  *    You also find a graphic which describes the confirmation process at
17  *    https://github.com/friendica/friendica/blob/master/spec/dfrn2_contact_confirmation.png
18  */
19
20 use Friendica\App;
21 use Friendica\Core\Config;
22 use Friendica\Core\L10n;
23 use Friendica\Core\Logger;
24 use Friendica\Core\Protocol;
25 use Friendica\Core\System;
26 use Friendica\Database\DBA;
27 use Friendica\Model\Contact;
28 use Friendica\Model\Group;
29 use Friendica\Model\User;
30 use Friendica\Network\Probe;
31 use Friendica\Protocol\Diaspora;
32 use Friendica\Protocol\ActivityPub;
33 use Friendica\Util\Crypto;
34 use Friendica\Util\DateTimeFormat;
35 use Friendica\Util\Network;
36 use Friendica\Util\Strings;
37 use Friendica\Util\XML;
38
39 function dfrn_confirm_post(App $a, $handsfree = null)
40 {
41         $node = null;
42         if (is_array($handsfree)) {
43                 /*
44                  * We were called directly from dfrn_request due to automatic friend acceptance.
45                  * Any $_POST parameters we may require are supplied in the $handsfree array.
46                  *
47                  */
48                 $node = $handsfree['node'];
49                 $a->interactive = false; // notice() becomes a no-op since nobody is there to see it
50         } elseif ($a->argc > 1) {
51                 $node = $a->argv[1];
52         }
53
54         /*
55          * Main entry point. Scenario 1. Our user received a friend request notification (perhaps
56          * from another site) and clicked 'Approve'.
57          * $POST['source_url'] is not set. If it is, it indicates Scenario 2.
58          *
59          * We may also have been called directly from dfrn_request ($handsfree != null) due to
60          * this being a page type which supports automatic friend acceptance. That is also Scenario 1
61          * since we are operating on behalf of our registered user to approve a friendship.
62          */
63         if (empty($_POST['source_url'])) {
64                 $uid = defaults($handsfree, 'uid', local_user());
65                 if (!$uid) {
66                         notice(L10n::t('Permission denied.') . EOL);
67                         return;
68                 }
69
70                 $user = DBA::selectFirst('user', [], ['uid' => $uid]);
71                 if (!DBA::isResult($user)) {
72                         notice(L10n::t('Profile not found.') . EOL);
73                         return;
74                 }
75
76                 // These data elements may come from either the friend request notification form or $handsfree array.
77                 if (is_array($handsfree)) {
78                         Logger::log('Confirm in handsfree mode');
79                         $dfrn_id  = $handsfree['dfrn_id'];
80                         $intro_id = $handsfree['intro_id'];
81                         $duplex   = $handsfree['duplex'];
82                         $cid      = 0;
83                         $hidden   = intval(defaults($handsfree, 'hidden'  , 0));
84                 } else {
85                         $dfrn_id  = Strings::escapeTags(trim(defaults($_POST, 'dfrn_id'   , '')));
86                         $intro_id =      intval(defaults($_POST, 'intro_id'  , 0));
87                         $duplex   =      intval(defaults($_POST, 'duplex'    , 0));
88                         $cid      =      intval(defaults($_POST, 'contact_id', 0));
89                         $hidden   =      intval(defaults($_POST, 'hidden'    , 0));
90                 }
91
92                 /*
93                  * Ensure that dfrn_id has precedence when we go to find the contact record.
94                  * We only want to search based on contact id if there is no dfrn_id,
95                  * e.g. for OStatus network followers.
96                  */
97                 if (strlen($dfrn_id)) {
98                         $cid = 0;
99                 }
100
101                 Logger::log('Confirming request for dfrn_id (issued) ' . $dfrn_id);
102                 if ($cid) {
103                         Logger::log('Confirming follower with contact_id: ' . $cid);
104                 }
105
106                 /*
107                  * The other person will have been issued an ID when they first requested friendship.
108                  * Locate their record. At this time, their record will have both pending and blocked set to 1.
109                  * There won't be any dfrn_id if this is a network follower, so use the contact_id instead.
110                  */
111                 $r = q("SELECT *
112                         FROM `contact`
113                         WHERE (
114                                 (`issued-id` != '' AND `issued-id` = '%s')
115                                 OR
116                                 (`id` = %d AND `id` != 0)
117                         )
118                         AND `uid` = %d
119                         AND `duplex` = 0
120                         LIMIT 1",
121                         DBA::escape($dfrn_id),
122                         intval($cid),
123                         intval($uid)
124                 );
125                 if (!DBA::isResult($r)) {
126                         Logger::log('Contact not found in DB.');
127                         notice(L10n::t('Contact not found.') . EOL);
128                         notice(L10n::t('This may occasionally happen if contact was requested by both persons and it has already been approved.') . EOL);
129                         return;
130                 }
131
132                 $contact = $r[0];
133
134                 $contact_id   = $contact['id'];
135                 $relation     = $contact['rel'];
136                 $site_pubkey  = $contact['site-pubkey'];
137                 $dfrn_confirm = $contact['confirm'];
138                 $aes_allow    = $contact['aes_allow'];
139
140                 $network = ((strlen($contact['issued-id'])) ? Protocol::DFRN : Protocol::OSTATUS);
141
142                 if ($contact['network']) {
143                         $network = $contact['network'];
144                 }
145
146                 if ($network === Protocol::DFRN) {
147                         /*
148                          * Generate a key pair for all further communications with this person.
149                          * We have a keypair for every contact, and a site key for unknown people.
150                          * This provides a means to carry on relationships with other people if
151                          * any single key is compromised. It is a robust key. We're much more
152                          * worried about key leakage than anybody cracking it.
153                          */
154                         $res = Crypto::newKeypair(4096);
155
156                         $private_key = $res['prvkey'];
157                         $public_key  = $res['pubkey'];
158
159                         // Save the private key. Send them the public key.
160                         q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d",
161                                 DBA::escape($private_key),
162                                 intval($contact_id),
163                                 intval($uid)
164                         );
165
166                         $params = [];
167
168                         /*
169                          * Per the DFRN protocol, we will verify both ends by encrypting the dfrn_id with our
170                          * site private key (person on the other end can decrypt it with our site public key).
171                          * Then encrypt our profile URL with the other person's site public key. They can decrypt
172                          * it with their site private key. If the decryption on the other end fails for either
173                          * item, it indicates tampering or key failure on at least one site and we will not be
174                          * able to provide a secure communication pathway.
175                          *
176                          * If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
177                          * or later) then we encrypt the personal public key we send them using AES-256-CBC and a
178                          * random key which is encrypted with their site public key.
179                          */
180
181                         $src_aes_key = openssl_random_pseudo_bytes(64);
182
183                         $result = '';
184                         openssl_private_encrypt($dfrn_id, $result, $user['prvkey']);
185
186                         $params['dfrn_id'] = bin2hex($result);
187                         $params['public_key'] = $public_key;
188
189                         $my_url = System::baseUrl() . '/profile/' . $user['nickname'];
190
191                         openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
192                         $params['source_url'] = bin2hex($params['source_url']);
193
194                         if ($aes_allow && function_exists('openssl_encrypt')) {
195                                 openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
196                                 $params['aes_key'] = bin2hex($params['aes_key']);
197                                 $params['public_key'] = bin2hex(openssl_encrypt($public_key, 'AES-256-CBC', $src_aes_key));
198                         }
199
200                         $params['dfrn_version'] = DFRN_PROTOCOL_VERSION;
201                         if ($duplex == 1) {
202                                 $params['duplex'] = 1;
203                         }
204
205                         if ($user['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
206                                 $params['page'] = 1;
207                         }
208
209                         if ($user['page-flags'] == User::PAGE_FLAGS_PRVGROUP) {
210                                 $params['page'] = 2;
211                         }
212
213                         Logger::log('Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params, true), Logger::DATA);
214
215                         /*
216                          *
217                          * POST all this stuff to the other site.
218                          * Temporarily raise the network timeout to 120 seconds because the default 60
219                          * doesn't always give the other side quite enough time to decrypt everything.
220                          *
221                          */
222
223                         $res = Network::post($dfrn_confirm, $params, null, $redirects, 120)->getBody();
224
225                         Logger::log(' Confirm: received data: ' . $res, Logger::DATA);
226
227                         // Now figure out what they responded. Try to be robust if the remote site is
228                         // having difficulty and throwing up errors of some kind.
229
230                         $leading_junk = substr($res, 0, strpos($res, '<?xml'));
231
232                         $res = substr($res, strpos($res, '<?xml'));
233                         if (!strlen($res)) {
234                                 // No XML at all, this exchange is messed up really bad.
235                                 // We shouldn't proceed, because the xml parser might choke,
236                                 // and $status is going to be zero, which indicates success.
237                                 // We can hardly call this a success.
238                                 notice(L10n::t('Response from remote site was not understood.') . EOL);
239                                 return;
240                         }
241
242                         if (strlen($leading_junk) && Config::get('system', 'debugging')) {
243                                 // This might be more common. Mixed error text and some XML.
244                                 // If we're configured for debugging, show the text. Proceed in either case.
245                                 notice(L10n::t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL);
246                         }
247
248                         if (stristr($res, "<status") === false) {
249                                 // wrong xml! stop here!
250                                 Logger::log('Unexpected response posting to ' . $dfrn_confirm);
251                                 notice(L10n::t('Unexpected response from remote site: ') . EOL . htmlspecialchars($res) . EOL);
252                                 return;
253                         }
254
255                         $xml = XML::parseString($res);
256                         $status = (int) $xml->status;
257                         $message = XML::unescape($xml->message);   // human readable text of what may have gone wrong.
258                         switch ($status) {
259                                 case 0:
260                                         info(L10n::t("Confirmation completed successfully.") . EOL);
261                                         break;
262                                 case 1:
263                                         // birthday paradox - generate new dfrn-id and fall through.
264                                         $new_dfrn_id = Strings::getRandomHex();
265                                         q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
266                                                 DBA::escape($new_dfrn_id),
267                                                 intval($contact_id),
268                                                 intval($uid)
269                                         );
270
271                                 case 2:
272                                         notice(L10n::t("Temporary failure. Please wait and try again.") . EOL);
273                                         break;
274                                 case 3:
275                                         notice(L10n::t("Introduction failed or was revoked.") . EOL);
276                                         break;
277                         }
278
279                         if (strlen($message)) {
280                                 notice(L10n::t('Remote site reported: ') . $message . EOL);
281                         }
282
283                         if (($status == 0) && $intro_id) {
284                                 $intro = DBA::selectFirst('intro', ['note'], ['id' => $intro_id]);
285                                 if (DBA::isResult($intro)) {
286                                         DBA::update('contact', ['reason' => $intro['note']], ['id' => $contact_id]);
287                                 }
288
289                                 // Success. Delete the notification.
290                                 DBA::delete('intro', ['id' => $intro_id]);
291                         }
292
293                         if ($status != 0) {
294                                 return;
295                         }
296                 }
297
298                 /*
299                  * We have now established a relationship with the other site.
300                  * Let's make our own personal copy of their profile photo so we don't have
301                  * to always load it from their site.
302                  *
303                  * We will also update the contact record with the nature and scope of the relationship.
304                  */
305                 Contact::updateAvatar($contact['photo'], $uid, $contact_id);
306
307                 Logger::log('dfrn_confirm: confirm - imported photos');
308
309                 if ($network === Protocol::DFRN) {
310                         $new_relation = Contact::FOLLOWER;
311
312                         if (($relation == Contact::SHARING) || ($duplex)) {
313                                 $new_relation = Contact::FRIEND;
314                         }
315
316                         if (($relation == Contact::SHARING) && ($duplex)) {
317                                 $duplex = 0;
318                         }
319
320                         $r = q("UPDATE `contact` SET `rel` = %d,
321                                 `name-date` = '%s',
322                                 `uri-date` = '%s',
323                                 `blocked` = 0,
324                                 `pending` = 0,
325                                 `duplex` = %d,
326                                 `hidden` = %d,
327                                 `network` = '%s' WHERE `id` = %d
328                         ",
329                                 intval($new_relation),
330                                 DBA::escape(DateTimeFormat::utcNow()),
331                                 DBA::escape(DateTimeFormat::utcNow()),
332                                 intval($duplex),
333                                 intval($hidden),
334                                 DBA::escape(Protocol::DFRN),
335                                 intval($contact_id)
336                         );
337                 } else {
338                         if ($network == Protocol::ACTIVITYPUB) {
339                                 ActivityPub\Transmitter::sendContactAccept($contact['url'], $contact['hub-verify'], $uid);
340                                 // Setting "pending" to true on a bidirectional contact request could create a problem when it isn't accepted on the other side
341                                 // Then we have got a situation where - although one direction is accepted - the contact still appears as pending.
342                                 // Possibly we need two different "pending" fields, one for incoming, one for outgoing?
343                                 // This has to be thought over, but for now this here is a better solution.
344                                 // $pending = $duplex;
345                                 $pending = false;
346                         } else {
347                                 $pending = false;
348                         }
349
350                         // $network !== Protocol::DFRN
351                         $network = defaults($contact, 'network', Protocol::OSTATUS);
352
353                         $arr = Probe::uri($contact['url'], $network);
354
355                         $notify  = defaults($contact, 'notify' , $arr['notify']);
356                         $poll    = defaults($contact, 'poll'   , $arr['poll']);
357
358                         $addr = $arr['addr'];
359
360                         $new_relation = $contact['rel'];
361                         $writable = $contact['writable'];
362
363                         if (in_array($network, [Protocol::DIASPORA, Protocol::ACTIVITYPUB])) {
364                                 if ($duplex) {
365                                         $new_relation = Contact::FRIEND;
366                                 } else {
367                                         $new_relation = Contact::FOLLOWER;
368                                 }
369
370                                 if ($new_relation != Contact::FOLLOWER) {
371                                         $writable = 1;
372                                 }
373                         }
374
375                         DBA::delete('intro', ['id' => $intro_id]);
376
377                         $fields = ['name-date' => DateTimeFormat::utcNow(),
378                                 'uri-date' => DateTimeFormat::utcNow(), 'addr' => $addr,
379                                 'notify' => $notify, 'poll' => $poll, 'blocked' => false,
380                                 'pending' => $pending, 'network' => $network,
381                                 'writable' => $writable, 'hidden' => $hidden, 'rel' => $new_relation];
382                         DBA::update('contact', $fields, ['id' => $contact_id]);
383                 }
384
385                 if (!DBA::isResult($r)) {
386                         notice(L10n::t('Unable to set contact photo.') . EOL);
387                 }
388
389                 // reload contact info
390                 $contact = DBA::selectFirst('contact', [], ['id' => $contact_id]);
391                 if ((isset($new_relation) && $new_relation == Contact::FRIEND)) {
392                         if (DBA::isResult($contact) && ($contact['network'] === Protocol::DIASPORA)) {
393                                 $ret = Diaspora::sendShare($user, $contact);
394                                 Logger::log('share returns: ' . $ret);
395                         }
396                 }
397
398                 Group::addMember(User::getDefaultGroup($uid, $contact["network"]), $contact['id']);
399
400                 if ($network == Protocol::ACTIVITYPUB && $duplex) {
401                         ActivityPub\Transmitter::sendActivity('Follow', $contact['url'], $uid);
402                 }
403
404                 // Let's send our user to the contact editor in case they want to
405                 // do anything special with this new friend.
406                 if ($handsfree === null) {
407                         $a->internalRedirect('contact/' . intval($contact_id));
408                 } else {
409                         return;
410                 }
411                 //NOTREACHED
412         }
413
414         /*
415          * End of Scenario 1. [Local confirmation of remote friend request].
416          *
417          * Begin Scenario 2. This is the remote response to the above scenario.
418          * This will take place on the site that originally initiated the friend request.
419          * In the section above where the confirming party makes a POST and
420          * retrieves xml status information, they are communicating with the following code.
421          */
422         if (!empty($_POST['source_url'])) {
423                 // We are processing an external confirmation to an introduction created by our user.
424                 $public_key =         defaults($_POST, 'public_key', '');
425                 $dfrn_id    = hex2bin(defaults($_POST, 'dfrn_id'   , ''));
426                 $source_url = hex2bin(defaults($_POST, 'source_url', ''));
427                 $aes_key    =         defaults($_POST, 'aes_key'   , '');
428                 $duplex     =  intval(defaults($_POST, 'duplex'    , 0));
429                 $page       =  intval(defaults($_POST, 'page'      , 0));
430
431                 $forum = (($page == 1) ? 1 : 0);
432                 $prv   = (($page == 2) ? 1 : 0);
433
434                 Logger::log('dfrn_confirm: requestee contacted: ' . $node);
435
436                 Logger::log('dfrn_confirm: request: POST=' . print_r($_POST, true), Logger::DATA);
437
438                 // If $aes_key is set, both of these items require unpacking from the hex transport encoding.
439
440                 if (!empty($aes_key)) {
441                         $aes_key = hex2bin($aes_key);
442                         $public_key = hex2bin($public_key);
443                 }
444
445                 // Find our user's account
446                 $user = DBA::selectFirst('user', [], ['nickname' => $node]);
447                 if (!DBA::isResult($user)) {
448                         $message = L10n::t('No user record found for \'%s\' ', $node);
449                         System::xmlExit(3, $message); // failure
450                         // NOTREACHED
451                 }
452
453                 $my_prvkey = $user['prvkey'];
454                 $local_uid = $user['uid'];
455
456
457                 if (!strstr($my_prvkey, 'PRIVATE KEY')) {
458                         $message = L10n::t('Our site encryption key is apparently messed up.');
459                         System::xmlExit(3, $message);
460                 }
461
462                 // verify everything
463
464                 $decrypted_source_url = "";
465                 openssl_private_decrypt($source_url, $decrypted_source_url, $my_prvkey);
466
467
468                 if (!strlen($decrypted_source_url)) {
469                         $message = L10n::t('Empty site URL was provided or URL could not be decrypted by us.');
470                         System::xmlExit(3, $message);
471                         // NOTREACHED
472                 }
473
474                 $contact = DBA::selectFirst('contact', [], ['url' => $decrypted_source_url, 'uid' => $local_uid]);
475                 if (!DBA::isResult($contact)) {
476                         if (strstr($decrypted_source_url, 'http:')) {
477                                 $newurl = str_replace('http:', 'https:', $decrypted_source_url);
478                         } else {
479                                 $newurl = str_replace('https:', 'http:', $decrypted_source_url);
480                         }
481
482                         $contact = DBA::selectFirst('contact', [], ['url' => $newurl, 'uid' => $local_uid]);
483                         if (!DBA::isResult($contact)) {
484                                 // this is either a bogus confirmation (?) or we deleted the original introduction.
485                                 $message = L10n::t('Contact record was not found for you on our site.');
486                                 System::xmlExit(3, $message);
487                                 return; // NOTREACHED
488                         }
489                 }
490
491                 $relation = $contact['rel'];
492
493                 // Decrypt all this stuff we just received
494
495                 $foreign_pubkey = $contact['site-pubkey'];
496                 $dfrn_record = $contact['id'];
497
498                 if (!$foreign_pubkey) {
499                         $message = L10n::t('Site public key not available in contact record for URL %s.', $decrypted_source_url);
500                         System::xmlExit(3, $message);
501                 }
502
503                 $decrypted_dfrn_id = "";
504                 openssl_public_decrypt($dfrn_id, $decrypted_dfrn_id, $foreign_pubkey);
505
506                 if (strlen($aes_key)) {
507                         $decrypted_aes_key = "";
508                         openssl_private_decrypt($aes_key, $decrypted_aes_key, $my_prvkey);
509                         $dfrn_pubkey = openssl_decrypt($public_key, 'AES-256-CBC', $decrypted_aes_key);
510                 } else {
511                         $dfrn_pubkey = $public_key;
512                 }
513
514                 if (DBA::exists('contact', ['dfrn-id' => $decrypted_dfrn_id])) {
515                         $message = L10n::t('The ID provided by your system is a duplicate on our system. It should work if you try again.');
516                         System::xmlExit(1, $message); // Birthday paradox - duplicate dfrn-id
517                         // NOTREACHED
518                 }
519
520                 $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d",
521                         DBA::escape($decrypted_dfrn_id),
522                         DBA::escape($dfrn_pubkey),
523                         intval($dfrn_record)
524                 );
525                 if (!DBA::isResult($r)) {
526                         $message = L10n::t('Unable to set your contact credentials on our system.');
527                         System::xmlExit(3, $message);
528                 }
529
530                 // It's possible that the other person also requested friendship.
531                 // If it is a duplex relationship, ditch the issued-id if one exists.
532
533                 if ($duplex) {
534                         q("UPDATE `contact` SET `issued-id` = '' WHERE `id` = %d",
535                                 intval($dfrn_record)
536                         );
537                 }
538
539                 // We're good but now we have to scrape the profile photo and send notifications.
540                 $contact = DBA::selectFirst('contact', ['photo'], ['id' => $dfrn_record]);
541                 if (DBA::isResult($contact)) {
542                         $photo = $contact['photo'];
543                 } else {
544                         $photo = System::baseUrl() . '/images/person-300.jpg';
545                 }
546
547                 Contact::updateAvatar($photo, $local_uid, $dfrn_record);
548
549                 Logger::log('dfrn_confirm: request - photos imported');
550
551                 $new_relation = Contact::SHARING;
552
553                 if (($relation == Contact::FOLLOWER) || ($duplex)) {
554                         $new_relation = Contact::FRIEND;
555                 }
556
557                 if (($relation == Contact::FOLLOWER) && ($duplex)) {
558                         $duplex = 0;
559                 }
560
561                 $r = q("UPDATE `contact` SET
562                         `rel` = %d,
563                         `name-date` = '%s',
564                         `uri-date` = '%s',
565                         `blocked` = 0,
566                         `pending` = 0,
567                         `duplex` = %d,
568                         `forum` = %d,
569                         `prv` = %d,
570                         `network` = '%s' WHERE `id` = %d
571                 ",
572                         intval($new_relation),
573                         DBA::escape(DateTimeFormat::utcNow()),
574                         DBA::escape(DateTimeFormat::utcNow()),
575                         intval($duplex),
576                         intval($forum),
577                         intval($prv),
578                         DBA::escape(Protocol::DFRN),
579                         intval($dfrn_record)
580                 );
581                 if (!DBA::isResult($r)) {       // indicates schema is messed up or total db failure
582                         $message = L10n::t('Unable to update your contact profile details on our system');
583                         System::xmlExit(3, $message);
584                 }
585
586                 // Otherwise everything seems to have worked and we are almost done. Yay!
587                 // Send an email notification
588
589                 Logger::log('dfrn_confirm: request: info updated');
590
591                 $combined = null;
592                 $r = q("SELECT `contact`.*, `user`.*
593                         FROM `contact`
594                         LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
595                         WHERE `contact`.`id` = %d
596                         LIMIT 1",
597                         intval($dfrn_record)
598                 );
599                 if (DBA::isResult($r)) {
600                         $combined = $r[0];
601
602                         if ($combined['notify-flags'] & NOTIFY_CONFIRM) {
603                                 $mutual = ($new_relation == Contact::FRIEND);
604                                 notification([
605                                         'type'         => NOTIFY_CONFIRM,
606                                         'notify_flags' => $combined['notify-flags'],
607                                         'language'     => $combined['language'],
608                                         'to_name'      => $combined['username'],
609                                         'to_email'     => $combined['email'],
610                                         'uid'          => $combined['uid'],
611                                         'link'         => System::baseUrl() . '/contact/' . $dfrn_record,
612                                         'source_name'  => ((strlen(stripslashes($combined['name']))) ? stripslashes($combined['name']) : L10n::t('[Name Withheld]')),
613                                         'source_link'  => $combined['url'],
614                                         'source_photo' => $combined['photo'],
615                                         'verb'         => ($mutual?ACTIVITY_FRIEND:ACTIVITY_FOLLOW),
616                                         'otype'        => 'intro'
617                                 ]);
618                         }
619                 }
620
621                 System::xmlExit(0); // Success
622                 return; // NOTREACHED
623                 ////////////////////// End of this scenario ///////////////////////////////////////////////
624         }
625
626         // somebody arrived here by mistake or they are fishing. Send them to the homepage.
627         $a->internalRedirect();
628         // NOTREACHED
629 }