mod/dfrn_poll.php

   1 <?php
   2
   3
   4 function dfrn_poll_init(&$a) {
   5
   6         if(x($_GET,'dfrn_id'))
   7                 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
   8         if(x($_GET,'type'))
   9                 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
  10         if(x($_GET,'last_update'))
  11                 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
  12
  13
  14
  15         if(! x($dfrn_id))
  16                 return;
  17
  18
  19         if((x($type)) && ($type == 'profile')) {
  20
  21                 $r = q("SELECT `contact`.*, `user`.`nickname`
  22                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
  23                         WHERE `issued-id` = '%s' LIMIT 1",
  24                         dbesc($dfrn_id));
  25                 if(count($r)) {
  26                         $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check');
  27                         if(strlen($s)) {
  28                                 $xml = simplexml_load_string($s);
  29                                 if((int) $xml->status == 1) {
  30                                         $_SESSION['authenticated'] = 1;
  31                                         $_SESSION['visitor_id'] = $r[0]['id'];
  32                                         $_SESSION['sysmsg'] .= "Hi {$r[0]['name']}" . EOL;
  33                                         // Visitors get 1 day session.
  34                                         $session_id = session_id();
  35                                         $expire = time() + 86400;
  36                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
  37                                                 dbesc($expire),
  38                                                 dbesc($session_id));
  39                                 }
  40                         }
  41                         $profile = ((strlen($r[0]['nickname'])) ? $r[0]['nickname'] : $r[0]['uid']);
  42                         goaway($a->get_baseurl() . "/profile/$profile/visit");
  43                 }
  44                 goaway($a->get_baseurl());
  45         }
  46
  47         if((x($type)) && ($type == 'profile-check')) {
  48
  49                 q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
  50                 $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
  51                         dbesc($dfrn_id));
  52                 if(count($r))
  53                         xml_status(1);
  54                 xml_status(0);
  55                 return; // NOTREACHED
  56         }
  57
  58
  59         if($dfrn_id != '*') {
  60                 // initial communication from external contact
  61                 $hash = random_string();
  62
  63                 $status = 0;
  64
  65                 $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
  66
  67                 $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
  68                         VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
  69                         dbesc($hash),
  70                         dbesc(notags(trim($_GET['dfrn_id']))),
  71                         intval(time() + 60 ),
  72                         dbesc($type),
  73                         dbesc($last_update)
  74                 );
  75
  76                 $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 LIMIT 1",
  77                         dbesc($_GET['dfrn_id']));
  78                 if((! count($r)) || (! strlen($r[0]['prvkey'])))
  79                         $status = 1;
  80
  81                 $challenge = '';
  82
  83                 openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
  84                 $challenge = bin2hex($challenge);
  85                 echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>'
  86                         . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
  87                 session_write_close();
  88                 exit;
  89         }
  90 }
  91
  92
  93
  94 function dfrn_poll_post(&$a) {
  95
  96         $dfrn_id = notags(trim($_POST['dfrn_id']));
  97         $challenge = notags(trim($_POST['challenge']));
  98         $url = $_POST['url'];
  99         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
 100                 dbesc($dfrn_id),
 101                 dbesc($challenge)
 102         );
 103         if(! count($r))
 104                 xml_status(3);
 105
 106         $type = $r[0]['type'];
 107         $last_update = $r[0]['last_update'];
 108
 109         $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
 110                 dbesc($dfrn_id),
 111                 dbesc($challenge)
 112         );
 113
 114
 115         $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' LIMIT 1",
 116                 dbesc($dfrn_id)
 117         );
 118         if(! count($r))
 119                 xml_status(3);
 120
 121         $owner_uid = $r[0]['uid'];
 122         $contact_id = $r[0]['id'];
 123
 124
 125         if($type == 'reputation' && strlen($url)) {
 126                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
 127                         dbesc($url),
 128                         intval($owner_uid)
 129                 );
 130                 $reputation = 0;
 131                 $text = '';
 132
 133                 if(count($r)) {
 134                         $reputation = $r[0]['rating'];
 135                         $text = $r[0]['reason'];
 136
 137                         if($r[0]['id'] == $contact_id) {        // inquiring about own reputation not allowed
 138                                 $reputation = 0;
 139                                 $text = '';
 140                         }
 141                 }
 142
 143                 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
 144                 <reputation>
 145                         <url>$url</url>
 146                         <rating>$reputation</rating>
 147                         <description>$text</description>
 148                 </reputation>
 149                 ";
 150                 killme();
 151                 return; // NOTREACHED
 152         }
 153
 154
 155
 156 }
 157
 158
 159
 160
 161 function dfrn_poll_content(&$a) {
 162
 163
 164
 165
 166 }