]> git.mxchange.org Git - friendica.git/blob - mod/dfrn_confirm.php
ca6afca8bd5a0a3578559f367c8c9f7a40bdfc0d
[friendica.git] / mod / dfrn_confirm.php
1 <?php
2
3
4
5 function dfrn_confirm_post(&$a) {
6         
7         if($a->argc > 1)
8                 $node = $a->argv[1];
9
10         if(x($_POST,'source_url')) {
11
12                 // We are processing an external confirmation to an introduction created by our user.
13
14                 $public_key = $_POST['public_key'];
15                 $dfrn_id = $_POST['dfrn_id'];
16                 $source_url = $_POST['source_url'];
17                 $aes_key = $_POST['aes_key'];
18
19                 // Find our user's account
20
21                 $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
22                         dbesc($node));
23
24                 if(! count($r)) {
25                         xml_status(3); // failure
26                 }
27
28                 $my_prvkey = $r[0]['prvkey'];
29                 $local_uid = $r[0]['uid'];
30
31                 $decrypted_source_url = "";
32
33                 // verify everything
34
35                 openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
36
37
38                 $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
39                         dbesc($decrypted_source_url),
40                         intval($local_uid));
41
42                 if(! count($ret)) {
43                         // this is either a bogus confirmation or we deleted the original introduction.
44                         xml_status(3); 
45                 }
46
47                 // Decrypt all this stuff we just received
48
49                 $foreign_pubkey = $ret[0]['site-pubkey'];
50                 $dfrn_record = $ret[0]['id'];
51                 $decrypted_dfrn_id = "";
52                 openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
53
54                 if(strlen($aes_key)) {
55                         $decrypted_aes_key = "";
56                         openssl_private_decrypt($aes_key,$decrypted_aes_key,$my_prvkey);
57                         $dfrn_pubkey = openssl_decrypt($public_key,'AES-256-CBC',$decrypted_aes_key);
58                 }
59                 else {
60                         $dfrn_pubkey = $public_key;
61                 }
62
63                 $r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1",
64                         dbesc($decrypted_dfrn_id),
65                         intval($local_uid));
66                 if(count($r))
67                         xml_status(1); // Birthday paradox - duplicate dfrn-id
68
69                 $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
70                         dbesc($decrypted_dfrn_id),
71                         dbesc($dfrn_pubkey),
72                         intval($dfrn_record));
73                 if($r) {
74
75                         // We're good but now we have to scrape the profile photo and send notifications.
76
77                         require_once("Photo.php");
78
79                         $photo_failure = false;
80
81                         $r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
82                                 intval($dfrn_record));
83                         if(count($r)) {
84
85                                 $filename = basename($r[0]['photo']);
86                                 $img_str = fetch_url($r[0]['photo'],true);
87                                 $img = new Photo($img_str);
88                                 if($img) {
89
90                                         $img->scaleImageSquare(175);
91                                         
92                                         $hash = hash('md5',uniqid(mt_rand(),true));
93
94                                         $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
95                                                 `height`, `width`, `data`, `scale` )
96                                                 VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )",
97                                                 intval($local_uid),
98                                                 dbesc($hash),
99                                                 datetime_convert(),
100                                                 datetime_convert(),
101                                                 dbesc(basename($r[0]['photo'])),
102                                                 intval($img->getHeight()),
103                                                 intval($img->getWidth()),
104                                                 dbesc($img->imageString())
105                                         );
106                                         if($r === false)
107                                                 $photo_failure = true;
108                                         
109                                         $img->scaleImage(80);
110                                         $r =  q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
111                                                 `height`, `width`, `data`, `scale` )
112                                                 VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )",
113                                                 intval($local_uid),
114                                                 dbesc($hash),
115                                                 datetime_convert(),
116                                                 datetime_convert(),
117                                                 dbesc(basename($r[0]['photo'])),
118                                                 intval($img->getHeight()),
119                                                 intval($img->getWidth()),
120                                                 dbesc($img->imageString())
121                                         );
122                                         if($r === false)
123                                                 $photo_failure = true;
124
125                                         $photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg';
126                                         $thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg';
127                                         
128                                 }
129                                 else
130                                         $photo_failure = true;
131                         }
132                         else
133                                 $photo_failure = true;
134
135                         if($photo_failure) {
136                                 $photo = $a->get_baseurl() . '/images/default-profile.jpg';
137                                 $thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
138                         }
139
140                         $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `blocked` = 0, `pending` = 0 WHERE `id` = %d LIMIT 1",
141                                 dbesc($photo),
142                                 dbesc($thumb),
143                                 intval($dfrn_record)
144                         );
145                         if($r === false)
146                                 notice( t("Unable to set contact photo info.") . EOL);
147
148                         // Otherwise everything seems to have worked and we are almost done. Yay!
149                         // Send an email notification
150
151                         $r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
152                                 WHERE `contact`.`id` = %d LIMIT 1",
153                                 intval($dfrn_record));
154                         if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {
155
156                                 $tpl = file_get_contents('view/intro_complete_eml.tpl');
157                         
158                                 $email_tpl = replace_macros($tpl, array(
159                                         '$sitename' => $a->config['sitename'],
160                                         '$siteurl' =>  $a->get_baseurl(),
161                                         '$username' => $r[0]['username'],
162                                         '$email' => $r[0]['email'],
163                                         '$fn' => $r[0]['name'],
164                                         '$dfrn_url' => $r[0]['url'],
165                                         '$uid' => $newuid )
166                                 );
167         
168                                 $res = mail($r[0]['email'], t("Introduction accepted at ") . $a->config['sitename'],
169                                         $email_tpl,t("From: Administrator@") . $_SERVER[SERVER_NAME] );
170                                 if(!$res) {
171                                         notice( t("Email notification failed.") . EOL );
172                                 }
173                         }
174                         xml_status(0); // Success
175
176                         return; // NOTREACHED
177                 }
178                 else {
179                         xml_status(2);  // Hopefully temporary problem that can be retried.
180                 }
181                 return; // NOTREACHED
182
183         ////////////////////// End of this scenario ///////////////////////////////////////////////
184         }
185         else {
186
187                 // We are processing a local confirmation initiated on this system by our user to an external introduction.
188
189                 $uid = $_SESSION['uid'];
190
191                 if(! $uid) {
192                         notice(t("Permission denied.") . EOL );
193                         return;
194                 }       
195         
196                 $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
197                 $intro_id = intval($_POST['intro_id']);
198
199                 $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1",
200                                 dbesc($dfrn_id),
201                                 intval($uid)
202                                 );
203
204                 if((! $r) || (! count($r))) {
205                         notice( t('Node does not exist.') . EOL );
206                         return;
207                 }
208
209                 $contact_id = $r[0]['id'];
210                 $site_pubkey = $r[0]['site-pubkey'];
211                 $dfrn_confirm = $r[0]['confirm'];
212                 $aes_allow = $r[0]['aes_allow'];
213
214                 $res=openssl_pkey_new(array(
215                         'digest_alg' => 'whirlpool',
216                         'private_key_bits' => 4096,
217                         'encrypt_key' => false ));
218
219
220                 $private_key = '';
221
222                 openssl_pkey_export($res, $private_key);
223
224
225                 $pubkey = openssl_pkey_get_details($res);
226                 $public_key = $pubkey["key"];
227
228                 $r = q("UPDATE `contact` SET `issued-pubkey` = '%s', `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
229                         dbesc($public_key),
230                         dbesc($private_key),
231                         intval($contact_id),
232                         intval($uid) 
233                 );
234
235
236                 $params = array();
237
238                 $src_aes_key = random_string();
239                 $result = "";
240
241                 openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']);
242
243                 $params['dfrn_id'] = $result;
244                 $params['public_key'] = $public_key;
245
246
247                 openssl_public_encrypt($_SESSION['my_url'], $params['source_url'], $site_pubkey);
248
249                 if($aes_allow && function_exists('openssl_encrypt')) {
250                         openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
251                         $params['public_key'] = openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key);
252                 }
253
254                 $res = post_url($dfrn_confirm,$params);
255
256 // uncomment the following two lines and comment the following xml/status lines
257 // to debug the remote confirmation section (when both confirmations 
258 // and responses originate on this system)
259
260 // echo $res;
261 // $status = 0;
262
263                 $xml = simplexml_load_string($res);
264                 $status = (int) $xml->status;
265                 switch($status) {
266                         case 0:
267                                 notice( t("Confirmation completed successfully") . EOL);
268                                 break;
269                         case 1:
270
271                                 // birthday paradox - generate new dfrn-id and fall through.
272
273                                 $new_dfrn_id = random_string();
274                                 $r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
275                                         dbesc($new_dfrn_id),
276                                         intval($contact_id),
277                                         intval($uid) 
278                                 );
279
280                         case 2:
281                                 notice( t("Temporary failure. Please wait and try again.") . EOL);
282                                 break;
283
284
285                         case 3:
286                                 notice( t("Introduction failed or was revoked. Cannot complete.") . EOL);
287                                 break;
288                 }
289
290                 if(($status == 0 || $status == 3) && ($intro_id)) {
291
292                         //delete the notification
293
294                         $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
295                                 intval($intro_id),
296                                 intval($uid)
297                         );
298                         
299                 }
300                 if($status != 0) 
301                         return;
302                 
303
304                 require_once("Photo.php");
305
306                 $photo_failure = false;
307
308                 $r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
309                         intval($contact_id));
310                 if(count($r)) {
311
312                         $filename = basename($r[0]['photo']);
313                         $img_str = fetch_url($r[0]['photo'],true);
314                         $img = new Photo($img_str);
315                         if($img) {
316
317                                 $img->scaleImageSquare(175);
318                                         
319                                 $hash = hash('md5',uniqid(mt_rand(),true));
320
321                                 $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
322                                         `height`, `width`, `data`, `scale` )
323                                         VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )",
324                                         intval($local_uid),
325                                         dbesc($hash),
326                                         datetime_convert(),
327                                         datetime_convert(),
328                                         dbesc(basename($r[0]['photo'])),
329                                         intval($img->getHeight()),
330                                         intval($img->getWidth()),
331                                         dbesc($img->imageString())
332                                 );
333                                 if($r === false)
334                                         $photo_failure = true;
335                                 $img->scaleImage(80);
336                                 $r =  q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
337                                         `height`, `width`, `data`, `scale` )
338                                          VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )",
339                                          intval($local_uid),
340                                          dbesc($hash),
341                                          datetime_convert(),
342                                          datetime_convert(),
343                                          dbesc(basename($r[0]['photo'])),
344                                          intval($img->getHeight()),
345                                          intval($img->getWidth()),
346                                          dbesc($img->imageString())
347                                 );
348                                 if($r === false)
349                                         $photo_failure = true;
350
351                                 $photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg';
352                                 $thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg';
353                                         
354                         }
355                         else
356                                 $photo_failure = true;
357                 }
358                 else
359                         $photo_failure = true;
360
361                 if($photo_failure) {
362                         $photo = $a->get_baseurl() . '/images/default-profile.jpg';
363                         $thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
364                 }
365
366                 $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `blocked` = 0, `pending` = 0 WHERE `id` = %d LIMIT 1",
367                         dbesc($photo),
368                         dbesc($thumb),
369                         intval($contact_id)
370                 );
371                 if($r === false)
372                         notice( t("Unable to set contact photo info.") . EOL);
373
374                 goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
375                 return;  //NOTREACHED
376
377         }
378
379         return;
380 }