]> git.mxchange.org Git - friendica.git/blob - mod/dfrn_confirm.php
Merge pull request #1338 from annando/1501-global-contacts
[friendica.git] / mod / dfrn_confirm.php
1 <?php
2
3 /*
4  * Module: dfrn_confirm
5  * Purpose: Friendship acceptance for DFRN contacts
6  *
7  * There are two possible entry points and three scenarios.
8  *
9  *   1. A form was submitted by our user approving a friendship that originated elsewhere.
10  *      This may also be called from dfrn_request to automatically approve a friendship.
11  *
12  *   2. We may be the target or other side of the conversation to scenario 1, and will
13  *      interact with that process on our own user's behalf.
14  *
15  */
16
17 require_once('include/enotify.php');
18
19 function dfrn_confirm_post(&$a,$handsfree = null) {
20
21         if(is_array($handsfree)) {
22
23                 /**
24                  * We were called directly from dfrn_request due to automatic friend acceptance.
25                  * Any $_POST parameters we may require are supplied in the $handsfree array.
26                  *
27                  */
28
29                 $node = $handsfree['node'];
30                 $a->interactive = false; // notice() becomes a no-op since nobody is there to see it
31
32         }
33         else {
34                 if($a->argc > 1)
35                         $node = $a->argv[1];
36         }
37
38                 /**
39                  *
40                  * Main entry point. Scenario 1. Our user received a friend request notification (perhaps
41                  * from another site) and clicked 'Approve'.
42                  * $POST['source_url'] is not set. If it is, it indicates Scenario 2.
43                  *
44                  * We may also have been called directly from dfrn_request ($handsfree != null) due to
45                  * this being a page type which supports automatic friend acceptance. That is also Scenario 1
46                  * since we are operating on behalf of our registered user to approve a friendship.
47                  *
48                  */
49
50         if(! x($_POST,'source_url')) {
51
52                 $uid = ((is_array($handsfree)) ? $handsfree['uid'] : local_user());
53
54                 if(! $uid) {
55                         notice( t('Permission denied.') . EOL );
56                         return;
57                 }
58
59                 $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
60                         intval($uid)
61                 );
62
63                 if(! $user) {
64                         notice( t('Profile not found.') . EOL );
65                         return;
66                 }
67
68
69                 // These data elements may come from either the friend request notification form or $handsfree array.
70
71                 if(is_array($handsfree)) {
72                         logger('Confirm in handsfree mode');
73                         $dfrn_id   = $handsfree['dfrn_id'];
74                         $intro_id  = $handsfree['intro_id'];
75                         $duplex    = $handsfree['duplex'];
76                         $hidden    = ((array_key_exists('hidden',$handsfree)) ? intval($handsfree['hidden']) : 0 );
77                         $activity  = ((array_key_exists('activity',$handsfree)) ? intval($handsfree['activity']) : 0 );
78                 }
79                 else {
80                         $dfrn_id  = ((x($_POST,'dfrn_id'))    ? notags(trim($_POST['dfrn_id'])) : "");
81                         $intro_id = ((x($_POST,'intro_id'))   ? intval($_POST['intro_id'])      : 0 );
82                         $duplex   = ((x($_POST,'duplex'))     ? intval($_POST['duplex'])        : 0 );
83                         $cid      = ((x($_POST,'contact_id')) ? intval($_POST['contact_id'])    : 0 );
84                         $hidden   = ((x($_POST,'hidden'))     ? intval($_POST['hidden'])        : 0 );
85                         $activity = ((x($_POST,'activity'))   ? intval($_POST['activity'])      : 0 );
86                 }
87
88                 /**
89                  *
90                  * Ensure that dfrn_id has precedence when we go to find the contact record.
91                  * We only want to search based on contact id if there is no dfrn_id,
92                  * e.g. for OStatus network followers.
93                  *
94                  */
95
96                 if(strlen($dfrn_id))
97                         $cid = 0;
98
99                 logger('Confirming request for dfrn_id (issued) ' . $dfrn_id);
100                 if($cid)
101                         logger('Confirming follower with contact_id: ' . $cid);
102
103
104                 /**
105                  *
106                  * The other person will have been issued an ID when they first requested friendship.
107                  * Locate their record. At this time, their record will have both pending and blocked set to 1.
108                  * There won't be any dfrn_id if this is a network follower, so use the contact_id instead.
109                  *
110                  */
111
112                 $r = q("SELECT * FROM `contact` WHERE ( ( `issued-id` != '' AND `issued-id` = '%s' ) OR ( `id` = %d AND `id` != 0 ) ) AND `uid` = %d AND `duplex` = 0 LIMIT 1",
113                         dbesc($dfrn_id),
114                         intval($cid),
115                         intval($uid)
116                 );
117
118                 if(! count($r)) {
119                         logger('Contact not found in DB.');
120                         notice( t('Contact not found.') . EOL );
121                         notice( t('This may occasionally happen if contact was requested by both persons and it has already been approved.') . EOL );
122                         return;
123                 }
124
125                 $contact = $r[0];
126
127                 $contact_id   = $contact['id'];
128                 $relation     = $contact['rel'];
129                 $site_pubkey  = $contact['site-pubkey'];
130                 $dfrn_confirm = $contact['confirm'];
131                 $aes_allow    = $contact['aes_allow'];
132
133                 $network = ((strlen($contact['issued-id'])) ? NETWORK_DFRN : NETWORK_OSTATUS);
134
135                 if($contact['network'])
136                         $network = $contact['network'];
137
138                 if($network === NETWORK_DFRN) {
139
140                         /**
141                          *
142                          * Generate a key pair for all further communications with this person.
143                          * We have a keypair for every contact, and a site key for unknown people.
144                          * This provides a means to carry on relationships with other people if
145                          * any single key is compromised. It is a robust key. We're much more
146                          * worried about key leakage than anybody cracking it.
147                          *
148                          */
149                         require_once('include/crypto.php');
150
151                         $res = new_keypair(4096);
152
153
154                         $private_key = $res['prvkey'];
155                         $public_key  = $res['pubkey'];
156
157                         // Save the private key. Send them the public key.
158
159                         $r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d",
160                                 dbesc($private_key),
161                                 intval($contact_id),
162                                 intval($uid)
163                         );
164
165                         $params = array();
166
167                         /**
168                          *
169                          * Per the DFRN protocol, we will verify both ends by encrypting the dfrn_id with our
170                          * site private key (person on the other end can decrypt it with our site public key).
171                          * Then encrypt our profile URL with the other person's site public key. They can decrypt
172                          * it with their site private key. If the decryption on the other end fails for either
173                          * item, it indicates tampering or key failure on at least one site and we will not be
174                          * able to provide a secure communication pathway.
175                          *
176                          * If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
177                          * or later) then we encrypt the personal public key we send them using AES-256-CBC and a
178                          * random key which is encrypted with their site public key.
179                          *
180                          */
181
182                         $src_aes_key = random_string();
183
184                         $result = '';
185                         openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
186
187                         $params['dfrn_id'] = bin2hex($result);
188                         $params['public_key'] = $public_key;
189
190
191                         $my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
192
193                         openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
194                         $params['source_url'] = bin2hex($params['source_url']);
195
196                         if($aes_allow && function_exists('openssl_encrypt')) {
197                                 openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
198                                 $params['aes_key'] = bin2hex($params['aes_key']);
199                                 $params['public_key'] = bin2hex(openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key));
200                         }
201
202                         $params['dfrn_version'] = DFRN_PROTOCOL_VERSION ;
203                         if($duplex == 1)
204                                 $params['duplex'] = 1;
205
206                         if($user[0]['page-flags'] == PAGE_COMMUNITY)
207                                 $params['page'] = 1;
208                         if($user[0]['page-flags'] == PAGE_PRVGROUP)
209                                 $params['page'] = 2;
210
211                         logger('Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA);
212
213                         /**
214                          *
215                          * POST all this stuff to the other site.
216                          * Temporarily raise the network timeout to 120 seconds because the default 60
217                          * doesn't always give the other side quite enough time to decrypt everything.
218                          *
219                          */
220
221                         $a->config['system']['curl_timeout'] = 120;
222
223                         $res = post_url($dfrn_confirm,$params);
224
225                         logger(' Confirm: received data: ' . $res, LOGGER_DATA);
226
227                         // Now figure out what they responded. Try to be robust if the remote site is
228                         // having difficulty and throwing up errors of some kind.
229
230                         $leading_junk = substr($res,0,strpos($res,'<?xml'));
231
232                         $res = substr($res,strpos($res,'<?xml'));
233                         if(! strlen($res)) {
234
235                                         // No XML at all, this exchange is messed up really bad.
236                                         // We shouldn't proceed, because the xml parser might choke,
237                                         // and $status is going to be zero, which indicates success.
238                                         // We can hardly call this a success.
239
240                                 notice( t('Response from remote site was not understood.') . EOL);
241                                 return;
242                         }
243
244                         if(strlen($leading_junk) && get_config('system','debugging')) {
245
246                                         // This might be more common. Mixed error text and some XML.
247                                         // If we're configured for debugging, show the text. Proceed in either case.
248
249                                 notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
250                         }
251
252                         if(stristr($res, "<status")===false) {
253                                 // wrong xml! stop here!
254                                 notice( t('Unexpected response from remote site: ') . EOL . htmlspecialchars($res) . EOL );
255                                 return;
256                         }
257
258                         $xml = parse_xml_string($res);
259                         $status = (int) $xml->status;
260                         $message = unxmlify($xml->message);   // human readable text of what may have gone wrong.
261                         switch($status) {
262                                 case 0:
263                                         info( t("Confirmation completed successfully.") . EOL);
264                                         if(strlen($message))
265                                                 notice( t('Remote site reported: ') . $message . EOL);
266                                         break;
267                                 case 1:
268                                         // birthday paradox - generate new dfrn-id and fall through.
269                                         $new_dfrn_id = random_string();
270                                         $r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
271                                                 dbesc($new_dfrn_id),
272                                                 intval($contact_id),
273                                                 intval($uid)
274                                         );
275
276                                 case 2:
277                                         notice( t("Temporary failure. Please wait and try again.") . EOL);
278                                         if(strlen($message))
279                                                 notice( t('Remote site reported: ') . $message . EOL);
280                                         break;
281
282
283                                 case 3:
284                                         notice( t("Introduction failed or was revoked.") . EOL);
285                                         if(strlen($message))
286                                                 notice( t('Remote site reported: ') . $message . EOL);
287                                         break;
288                                 }
289
290                         if(($status == 0) && ($intro_id)) {
291
292                                 // Success. Delete the notification.
293
294                                 $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d",
295                                         intval($intro_id),
296                                         intval($uid)
297                                 );
298
299                         }
300
301                         if($status != 0)
302                                 return;
303                 }
304
305
306                 /*
307                  *
308                  * We have now established a relationship with the other site.
309                  * Let's make our own personal copy of their profile photo so we don't have
310                  * to always load it from their site.
311                  *
312                  * We will also update the contact record with the nature and scope of the relationship.
313                  *
314                  */
315
316                 require_once('include/Photo.php');
317
318                 $photos = import_profile_photo($contact['photo'],$uid,$contact_id);
319
320                 logger('dfrn_confirm: confirm - imported photos');
321
322                 if($network === NETWORK_DFRN) {
323
324                         $new_relation = CONTACT_IS_FOLLOWER;
325                         if(($relation == CONTACT_IS_SHARING) || ($duplex))
326                                 $new_relation = CONTACT_IS_FRIEND;
327
328                         if(($relation == CONTACT_IS_SHARING) && ($duplex))
329                                 $duplex = 0;
330
331                         $r = q("UPDATE `contact` SET
332                                 `photo` = '%s',
333                                 `thumb` = '%s',
334                                 `micro` = '%s',
335                                 `rel` = %d,
336                                 `name-date` = '%s',
337                                 `uri-date` = '%s',
338                                 `avatar-date` = '%s',
339                                 `blocked` = 0,
340                                 `pending` = 0,
341                                 `duplex` = %d,
342                                 `hidden` = %d,
343                                 `network` = 'dfrn' WHERE `id` = %d
344                         ",
345                                 dbesc($photos[0]),
346                                 dbesc($photos[1]),
347                                 dbesc($photos[2]),
348                                 intval($new_relation),
349                                 dbesc(datetime_convert()),
350                                 dbesc(datetime_convert()),
351                                 dbesc(datetime_convert()),
352                                 intval($duplex),
353                                 intval($hidden),
354                                 intval($contact_id)
355                         );
356                 }
357                 else {
358
359                         // $network !== NETWORK_DFRN
360
361                         $network = (($contact['network']) ? $contact['network'] : NETWORK_OSTATUS);
362                         $notify = (($contact['notify']) ? $contact['notify'] : '');
363                         $poll   = (($contact['poll']) ? $contact['poll'] : '');
364
365                         if((! $contact['notify']) || (! $contact['poll'])) {
366                                 $arr = lrdd($contact['url']);
367                                 if(count($arr)) {
368                                         foreach($arr as $link) {
369                                                 if($link['@attributes']['rel'] === 'salmon')
370                                                         $notify = $link['@attributes']['href'];
371                                                 if($link['@attributes']['rel'] === NAMESPACE_FEED)
372                                                         $poll = $link['@attributes']['href'];
373                                         }
374                                 }
375                         }
376
377                         $new_relation = $contact['rel'];
378                         $writable = $contact['writable'];
379
380                         if($network === NETWORK_DIASPORA) {
381                                 if($duplex)
382                                         $new_relation = CONTACT_IS_FRIEND;
383                                 else
384                                         $new_relation = CONTACT_IS_SHARING;
385
386                                 if($new_relation != CONTACT_IS_FOLLOWER)
387                                         $writable = 1;
388                         }
389
390                         $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d",
391                                 intval($intro_id),
392                                 intval($uid)
393                         );
394
395
396                         $r = q("UPDATE `contact` SET `photo` = '%s',
397                                 `thumb` = '%s',
398                                 `micro` = '%s',
399                                 `name-date` = '%s',
400                                 `uri-date` = '%s',
401                                 `avatar-date` = '%s',
402                                 `notify` = '%s',
403                                 `poll` = '%s',
404                                 `blocked` = 0,
405                                 `pending` = 0,
406                                 `network` = '%s',
407                                 `writable` = %d,
408                                 `hidden` = %d,
409                                 `rel` = %d
410                                 WHERE `id` = %d
411                         ",
412                                 dbesc($photos[0]),
413                                 dbesc($photos[1]),
414                                 dbesc($photos[2]),
415                                 dbesc(datetime_convert()),
416                                 dbesc(datetime_convert()),
417                                 dbesc(datetime_convert()),
418                                 dbesc($notify),
419                                 dbesc($poll),
420                                 dbesc($network),
421                                 intval($writable),
422                                 intval($hidden),
423                                 intval($new_relation),
424                                 intval($contact_id)
425                         );
426                 }
427
428                 if($r === false)
429                                 notice( t('Unable to set contact photo.') . EOL);
430
431                 // reload contact info
432
433                 $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
434                         intval($contact_id)
435                 );
436                 if(count($r))
437                         $contact = $r[0];
438                 else
439                         $contact = null;
440
441
442                 if((isset($new_relation) && $new_relation == CONTACT_IS_FRIEND)) {
443
444                         if(($contact) && ($contact['network'] === NETWORK_DIASPORA)) {
445                                 require_once('include/diaspora.php');
446                                 $ret = diaspora_share($user[0],$r[0]);
447                                 logger('mod_follow: diaspora_share returns: ' . $ret);
448                         }
449
450                         // Send a new friend post if we are allowed to...
451
452                         $r = q("SELECT `hide-friends` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
453                                 intval($uid)
454                         );
455
456                         if((count($r)) && ($r[0]['hide-friends'] == 0) && ($activity) && (! $hidden)) {
457
458                                 require_once('include/items.php');
459
460                                 $self = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
461                                         intval($uid)
462                                 );
463
464                                 if(count($self)) {
465
466                                         $arr = array();
467                                         $arr['uri'] = $arr['parent-uri'] = item_new_uri($a->get_hostname(), $uid);
468                                         $arr['uid'] = $uid;
469                                         $arr['contact-id'] = $self[0]['id'];
470                                         $arr['wall'] = 1;
471                                         $arr['type'] = 'wall';
472                                         $arr['gravity'] = 0;
473                                         $arr['origin'] = 1;
474                                         $arr['author-name'] = $arr['owner-name'] = $self[0]['name'];
475                                         $arr['author-link'] = $arr['owner-link'] = $self[0]['url'];
476                                         $arr['author-avatar'] = $arr['owner-avatar'] = $self[0]['thumb'];
477
478                                         $A = '[url=' . $self[0]['url'] . ']' . $self[0]['name'] . '[/url]';
479                                         $APhoto = '[url=' . $self[0]['url'] . ']' . '[img]' . $self[0]['thumb'] . '[/img][/url]';
480
481                                         $B = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]';
482                                         $BPhoto = '[url=' . $contact['url'] . ']' . '[img]' . $contact['thumb'] . '[/img][/url]';
483
484                                         $arr['verb'] = ACTIVITY_FRIEND;
485                                     $arr['object-type'] = ACTIVITY_OBJ_PERSON;
486                                         $arr['body'] =  sprintf( t('%1$s is now friends with %2$s'), $A, $B)."\n\n\n".$BPhoto;
487
488                                         $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $contact['name'] . '</title>'
489                                                 . '<id>' . $contact['url'] . '/' . $contact['name'] . '</id>';
490                                         $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $contact['url'] . '" />' . "\n");
491                                         $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $contact['thumb'] . '" />' . "\n");
492                                         $arr['object'] .= '</link></object>' . "\n";
493
494                                         $arr['last-child'] = 1;
495
496                                         $arr['allow_cid'] = $user[0]['allow_cid'];
497                                         $arr['allow_gid'] = $user[0]['allow_gid'];
498                                         $arr['deny_cid']  = $user[0]['deny_cid'];
499                                         $arr['deny_gid']  = $user[0]['deny_gid'];
500
501                                         $i = item_store($arr);
502                                         if($i)
503                                         proc_run('php',"include/notifier.php","activity","$i");
504                                 }
505                         }
506                 }
507
508
509                 $g = q("select def_gid from user where uid = %d limit 1",
510                         intval($uid)
511                 );
512                 if($contact && $g && intval($g[0]['def_gid'])) {
513                         require_once('include/group.php');
514                         group_add_member($uid,'',$contact['id'],$g[0]['def_gid']);
515                 }
516
517                 // Let's send our user to the contact editor in case they want to
518                 // do anything special with this new friend.
519
520                 if($handsfree === null)
521                         goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
522                 else
523                         return;
524                 //NOTREACHED
525         }
526
527         /**
528          *
529          *
530          * End of Scenario 1. [Local confirmation of remote friend request].
531          *
532          * Begin Scenario 2. This is the remote response to the above scenario.
533          * This will take place on the site that originally initiated the friend request.
534          * In the section above where the confirming party makes a POST and
535          * retrieves xml status information, they are communicating with the following code.
536          *
537          */
538
539         if(x($_POST,'source_url')) {
540
541                 // We are processing an external confirmation to an introduction created by our user.
542
543                 $public_key = ((x($_POST,'public_key'))   ? $_POST['public_key']           : '');
544                 $dfrn_id    = ((x($_POST,'dfrn_id'))      ? hex2bin($_POST['dfrn_id'])     : '');
545                 $source_url = ((x($_POST,'source_url'))   ? hex2bin($_POST['source_url'])  : '');
546                 $aes_key    = ((x($_POST,'aes_key'))      ? $_POST['aes_key']              : '');
547                 $duplex     = ((x($_POST,'duplex'))       ? intval($_POST['duplex'])       : 0 );
548                 $page       = ((x($_POST,'page'))         ? intval($_POST['page'])         : 0 );
549                 $version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
550
551                 $forum = (($page == 1) ? 1 : 0);
552                 $prv   = (($page == 2) ? 1 : 0);
553
554                 logger('dfrn_confirm: requestee contacted: ' . $node);
555
556                 logger('dfrn_confirm: request: POST=' . print_r($_POST,true), LOGGER_DATA);
557
558                 // If $aes_key is set, both of these items require unpacking from the hex transport encoding.
559
560                 if(x($aes_key)) {
561                         $aes_key = hex2bin($aes_key);
562                         $public_key = hex2bin($public_key);
563                 }
564
565                 // Find our user's account
566
567                 $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
568                         dbesc($node));
569
570                 if(! count($r)) {
571                         $message = sprintf(t('No user record found for \'%s\' '), $node);
572                         xml_status(3,$message); // failure
573                         // NOTREACHED
574                 }
575
576                 $my_prvkey = $r[0]['prvkey'];
577                 $local_uid = $r[0]['uid'];
578
579
580                 if(! strstr($my_prvkey,'PRIVATE KEY')) {
581                         $message = t('Our site encryption key is apparently messed up.');
582                         xml_status(3,$message);
583                 }
584
585                 // verify everything
586
587                 $decrypted_source_url = "";
588                 openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
589
590
591                 if(! strlen($decrypted_source_url)) {
592                         $message = t('Empty site URL was provided or URL could not be decrypted by us.');
593                         xml_status(3,$message);
594                         // NOTREACHED
595                 }
596
597                 $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
598                         dbesc($decrypted_source_url),
599                         intval($local_uid)
600                 );
601                 if(! count($ret)) {
602                         if(strstr($decrypted_source_url,'http:'))
603                                 $newurl = str_replace('http:','https:',$decrypted_source_url);
604                         else
605                                 $newurl = str_replace('https:','http:',$decrypted_source_url);
606
607                         $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
608                                 dbesc($newurl),
609                                 intval($local_uid)
610                         );
611                         if(! count($ret)) {
612                                 // this is either a bogus confirmation (?) or we deleted the original introduction.
613                                 $message = t('Contact record was not found for you on our site.');
614                                 xml_status(3,$message);
615                                 return; // NOTREACHED
616                         }
617                 }
618
619                 $relation = $ret[0]['rel'];
620
621                 // Decrypt all this stuff we just received
622
623                 $foreign_pubkey = $ret[0]['site-pubkey'];
624                 $dfrn_record    = $ret[0]['id'];
625
626                 if(! $foreign_pubkey) {
627                         $message = sprintf( t('Site public key not available in contact record for URL %s.'), $newurl);
628                         xml_status(3,$message);
629                 }
630
631                 $decrypted_dfrn_id = "";
632                 openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
633
634                 if(strlen($aes_key)) {
635                         $decrypted_aes_key = "";
636                         openssl_private_decrypt($aes_key,$decrypted_aes_key,$my_prvkey);
637                         $dfrn_pubkey = openssl_decrypt($public_key,'AES-256-CBC',$decrypted_aes_key);
638                 }
639                 else {
640                         $dfrn_pubkey = $public_key;
641                 }
642
643                 $r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1",
644                         dbesc($decrypted_dfrn_id)
645                 );
646                 if(count($r)) {
647                         $message = t('The ID provided by your system is a duplicate on our system. It should work if you try again.');
648                         xml_status(1,$message); // Birthday paradox - duplicate dfrn-id
649                         // NOTREACHED
650                 }
651
652                 $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d",
653                         dbesc($decrypted_dfrn_id),
654                         dbesc($dfrn_pubkey),
655                         intval($dfrn_record)
656                 );
657                 if(! count($r)) {
658                         $message = t('Unable to set your contact credentials on our system.');
659                         xml_status(3,$message);
660                 }
661
662                 // It's possible that the other person also requested friendship.
663                 // If it is a duplex relationship, ditch the issued-id if one exists.
664
665                 if($duplex) {
666                         $r = q("UPDATE `contact` SET `issued-id` = '' WHERE `id` = %d",
667                                 intval($dfrn_record)
668                         );
669                 }
670
671                 // We're good but now we have to scrape the profile photo and send notifications.
672
673
674
675                 $r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
676                         intval($dfrn_record));
677
678                 if(count($r))
679                         $photo = $r[0]['photo'];
680                 else
681                         $photo = $a->get_baseurl() . '/images/person-175.jpg';
682
683                 require_once("include/Photo.php");
684
685                 $photos = import_profile_photo($photo,$local_uid,$dfrn_record);
686
687                 logger('dfrn_confirm: request - photos imported');
688
689                 $new_relation = CONTACT_IS_SHARING;
690                 if(($relation == CONTACT_IS_FOLLOWER) || ($duplex))
691                         $new_relation = CONTACT_IS_FRIEND;
692
693                 if(($relation == CONTACT_IS_FOLLOWER) && ($duplex))
694                         $duplex = 0;
695
696                 $r = q("UPDATE `contact` SET
697                         `photo` = '%s',
698                         `thumb` = '%s',
699                         `micro` = '%s',
700                         `rel` = %d,
701                         `name-date` = '%s',
702                         `uri-date` = '%s',
703                         `avatar-date` = '%s',
704                         `blocked` = 0,
705                         `pending` = 0,
706                         `duplex` = %d,
707                         `forum` = %d,
708                         `prv` = %d,
709                         `network` = '%s' WHERE `id` = %d
710                 ",
711                         dbesc($photos[0]),
712                         dbesc($photos[1]),
713                         dbesc($photos[2]),
714                         intval($new_relation),
715                         dbesc(datetime_convert()),
716                         dbesc(datetime_convert()),
717                         dbesc(datetime_convert()),
718                         intval($duplex),
719                         intval($forum),
720                         intval($prv),
721                         dbesc(NETWORK_DFRN),
722                         intval($dfrn_record)
723                 );
724                 if($r === false) {    // indicates schema is messed up or total db failure
725                         $message = t('Unable to update your contact profile details on our system');
726                         xml_status(3,$message);
727                 }
728
729                 // Otherwise everything seems to have worked and we are almost done. Yay!
730                 // Send an email notification
731
732                 logger('dfrn_confirm: request: info updated');
733
734                 $r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
735                         WHERE `contact`.`id` = %d LIMIT 1",
736                         intval($dfrn_record)
737                 );
738
739                 if(count($r))
740                         $combined = $r[0];
741
742                 if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {
743                         $mutual = ($new_relation == CONTACT_IS_FRIEND);
744                         notification(array(
745                                 'type'         => NOTIFY_CONFIRM,
746                                 'notify_flags' => $r[0]['notify-flags'],
747                                 'language'     => $r[0]['language'],
748                                 'to_name'      => $r[0]['username'],
749                                 'to_email'     => $r[0]['email'],
750                                 'uid'          => $r[0]['uid'],
751                                 'link'             => $a->get_baseurl() . '/contacts/' . $dfrn_record,
752                                 'source_name'  => ((strlen(stripslashes($r[0]['name']))) ? stripslashes($r[0]['name']) : t('[Name Withheld]')),
753                                 'source_link'  => $r[0]['url'],
754                                 'source_photo' => $r[0]['photo'],
755                                 'verb'         => ($mutual?ACTIVITY_FRIEND:ACTIVITY_FOLLOW),
756                                 'otype'        => 'intro'
757                         ));
758                 }
759
760                 // Send a new friend post if we are allowed to...
761
762                 if($page && intval(get_pconfig($local_uid,'system','post_joingroup'))) {
763                         $r = q("SELECT `hide-friends` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
764                                 intval($local_uid)
765                         );
766
767                         if((count($r)) && ($r[0]['hide-friends'] == 0)) {
768
769                                 require_once('include/items.php');
770
771                                 $self = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
772                                         intval($local_uid)
773                                 );
774
775                                 if(count($self)) {
776
777                                         $arr = array();
778                                         $arr['uri'] = $arr['parent-uri'] = item_new_uri($a->get_hostname(), $local_uid);
779                                         $arr['uid'] = $local_uid;
780                                         $arr['contact-id'] = $self[0]['id'];
781                                         $arr['wall'] = 1;
782                                         $arr['type'] = 'wall';
783                                         $arr['gravity'] = 0;
784                                         $arr['origin'] = 1;
785                                         $arr['author-name'] = $arr['owner-name'] = $self[0]['name'];
786                                         $arr['author-link'] = $arr['owner-link'] = $self[0]['url'];
787                                         $arr['author-avatar'] = $arr['owner-avatar'] = $self[0]['thumb'];
788
789                                         $A = '[url=' . $self[0]['url'] . ']' . $self[0]['name'] . '[/url]';
790                                         $APhoto = '[url=' . $self[0]['url'] . ']' . '[img]' . $self[0]['thumb'] . '[/img][/url]';
791
792                                         $B = '[url=' . $combined['url'] . ']' . $combined['name'] . '[/url]';
793                                         $BPhoto = '[url=' . $combined['url'] . ']' . '[img]' . $combined['thumb'] . '[/img][/url]';
794
795                                         $arr['verb'] = ACTIVITY_JOIN;
796                                         $arr['object-type'] = ACTIVITY_OBJ_GROUP;
797                                         $arr['body'] =  sprintf( t('%1$s has joined %2$s'), $A, $B)."\n\n\n" .$BPhoto;
798                                         $arr['object'] = '<object><type>' . ACTIVITY_OBJ_GROUP . '</type><title>' . $combined['name'] . '</title>'
799                                                 . '<id>' . $combined['url'] . '/' . $combined['name'] . '</id>';
800                                         $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $combined['url'] . '" />' . "\n");
801                                         $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $combined['thumb'] . '" />' . "\n");
802                                         $arr['object'] .= '</link></object>' . "\n";
803
804                                         $arr['last-child'] = 1;
805
806                                         $arr['allow_cid'] = $user[0]['allow_cid'];
807                                         $arr['allow_gid'] = $user[0]['allow_gid'];
808                                         $arr['deny_cid']  = $user[0]['deny_cid'];
809                                         $arr['deny_gid']  = $user[0]['deny_gid'];
810
811                                         $i = item_store($arr);
812                                         if($i)
813                                         proc_run('php',"include/notifier.php","activity","$i");
814
815                                 }
816                         }
817                 }
818                 xml_status(0); // Success
819                 return; // NOTREACHED
820
821                         ////////////////////// End of this scenario ///////////////////////////////////////////////
822         }
823
824         // somebody arrived here by mistake or they are fishing. Send them to the homepage.
825
826         goaway(z_root());
827         // NOTREACHED
828
829 }