mod/dfrn_poll.php

   1 <?php
   2
   3 require_once('include/items.php');
   4 require_once('include/auth.php');
   5
   6
   7 function dfrn_poll_init(&$a) {
   8
   9         $dfrn_id = '';
  10
  11         if(x($_GET,'dfrn_id'))
  12                 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
  13         if(x($_GET,'type'))
  14                 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
  15         if(x($_GET,'last_update'))
  16                 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
  17         $dfrn_version    = ((x($_GET,'dfrn_version'))    ? $_GET['dfrn_version']    : '1.0');
  18         $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
  19
  20
  21         $direction = (-1);
  22
  23
  24         if(strpos($dfrn_id,':') == 1) {
  25                 $direction = intval(substr($dfrn_id,0,1));
  26                 $dfrn_id = substr($dfrn_id,2);
  27         }
  28
  29         if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
  30                 $o = get_feed_for($a, '*', $a->argv[1],$last_update);
  31                 echo $o;
  32                 killme();
  33         }
  34
  35         if((x($type)) && ($type == 'profile')) {
  36
  37                 $sql_extra = '';
  38                 switch($direction) {
  39                         case (-1):
  40                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' ", dbesc($dfrn_id));
  41                                 $my_id = $dfrn_id;
  42                                 break;
  43                         case 0:
  44                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
  45                                 $my_id = '1:' . $dfrn_id;
  46                                 break;
  47                         case 1:
  48                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
  49                                 $my_id = '0:' . $dfrn_id;
  50                                 break;
  51                         default:
  52                                 goaway($a->get_baseurl());
  53                                 break; // NOTREACHED
  54                 }
  55
  56                 $r = q("SELECT `contact`.*, `user`.`nickname`
  57                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
  58                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra LIMIT 1");
  59
  60                 if(count($r)) {
  61
  62                         $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
  63
  64                         if(strlen($s)) {
  65
  66                                 $xml = simplexml_load_string($s);
  67
  68                                 if((int) $xml->status == 1) {
  69                                         $_SESSION['authenticated'] = 1;
  70                                         $_SESSION['visitor_id'] = $r[0]['id'];
  71                                         notice( t('Hi ') . $r[0]['name'] . EOL);
  72                                         // Visitors get 1 day session.
  73                                         $session_id = session_id();
  74                                         $expire = time() + 86400;
  75                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
  76                                                 dbesc($expire),
  77                                                 dbesc($session_id)
  78                                         );
  79                                 }
  80                         }
  81                         $profile = $r[0]['nickname'];
  82                         goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
  83                 }
  84                 goaway($a->get_baseurl());
  85
  86         }
  87
  88         if((x($type)) && ($type == 'profile-check')) {
  89
  90                 switch($direction) {
  91                         case 1:
  92                                 $dfrn_id = '0:' . $dfrn_id;
  93                                 break;
  94                         case 0:
  95                                 $dfrn_id = '1:' . $dfrn_id;
  96                                 break;
  97                         default:
  98                                 break;
  99                 }
 100                 q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
 101                 $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
 102                         dbesc($dfrn_id));
 103                 if(count($r)) {
 104                         xml_status(1);
 105                         return; // NOTREACHED
 106                 }
 107                 xml_status(0);
 108                 return; // NOTREACHED
 109         }
 110
 111
 112 }
 113
 114
 115
 116 function dfrn_poll_post(&$a) {
 117
 118         $dfrn_id = notags(trim($_POST['dfrn_id']));
 119         $challenge = notags(trim($_POST['challenge']));
 120         $url = $_POST['url'];
 121
 122         $direction = (-1);
 123         if(strpos($dfrn_id,':') == 1) {
 124                 $direction = intval(substr($dfrn_id,0,1));
 125                 $dfrn_id = substr($dfrn_id,2);
 126         }
 127
 128         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
 129                 dbesc($dfrn_id),
 130                 dbesc($challenge)
 131         );
 132         if(! count($r))
 133                 killme();
 134
 135         $type = $r[0]['type'];
 136         $last_update = $r[0]['last_update'];
 137
 138         $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
 139                 dbesc($dfrn_id),
 140                 dbesc($challenge)
 141         );
 142
 143
 144         $sql_extra = '';
 145         switch($direction) {
 146                 case (-1):
 147                         $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
 148                         $my_id = $dfrn_id;
 149                         break;
 150                 case 0:
 151                         $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
 152                         $my_id = '1:' . $dfrn_id;
 153                         break;
 154                 case 1:
 155                         $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
 156                         $my_id = '0:' . $dfrn_id;
 157                         break;
 158                 default:
 159                         goaway($a->get_baseurl());
 160                         break; // NOTREACHED
 161         }
 162
 163
 164         $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
 165
 166
 167         if(! count($r))
 168                 killme();
 169
 170         $owner_uid = $r[0]['uid'];
 171         $contact_id = $r[0]['id'];
 172
 173
 174         if($type == 'reputation' && strlen($url)) {
 175                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
 176                         dbesc($url),
 177                         intval($owner_uid)
 178                 );
 179                 $reputation = 0;
 180                 $text = '';
 181
 182                 if(count($r)) {
 183                         $reputation = $r[0]['rating'];
 184                         $text = $r[0]['reason'];
 185
 186                         if($r[0]['id'] == $contact_id) {        // inquiring about own reputation not allowed
 187                                 $reputation = 0;
 188                                 $text = '';
 189                         }
 190                 }
 191
 192                 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
 193                 <reputation>
 194                         <url>$url</url>
 195                         <rating>$reputation</rating>
 196                         <description>$text</description>
 197                 </reputation>
 198                 ";
 199                 killme();
 200                 return; // NOTREACHED
 201         }
 202         else {
 203
 204                 $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update);
 205                 echo $o;
 206                 killme();
 207
 208         }
 209 }
 210
 211 function dfrn_poll_content(&$a) {
 212
 213
 214         $dfrn_id = '';
 215         $type = 'data';
 216
 217         if(x($_GET,'dfrn_id'))
 218                 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
 219         if(x($_GET,'type'))
 220                 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
 221         if(x($_GET,'last_update'))
 222                 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
 223
 224         $direction = (-1);
 225         if(strpos($dfrn_id,':') == 1) {
 226                 $direction = intval(substr($dfrn_id,0,1));
 227                 $dfrn_id = substr($dfrn_id,2);
 228         }
 229
 230
 231         if($dfrn_id != '') {
 232                 // initial communication from external contact
 233                 $hash = random_string();
 234
 235                 $status = 0;
 236
 237                 $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
 238
 239                 $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
 240                         VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
 241                         dbesc($hash),
 242                         dbesc(notags(trim($_GET['dfrn_id']))),
 243                         intval(time() + 60 ),
 244                         dbesc($type),
 245                         dbesc($last_update)
 246                 );
 247
 248
 249                 $sql_extra = '';
 250                 switch($direction) {
 251                         case (-1):
 252                                 $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
 253                                 $my_id = $dfrn_id;
 254                                 break;
 255                         case 0:
 256                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
 257                                 $my_id = '1:' . $dfrn_id;
 258                                 break;
 259                         case 1:
 260                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
 261                                 $my_id = '0:' . $dfrn_id;
 262                                 break;
 263                         default:
 264                                 goaway($a->get_baseurl());
 265                                 break; // NOTREACHED
 266                 }
 267
 268
 269
 270
 271                 $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
 272
 273                 if(count($r)) {
 274
 275                         $challenge = '';
 276                         $encrypted_id = '';
 277                         $id_str = $my_id . '.' . mt_rand(1000,9999);
 278
 279
 280                         if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {
 281                                 openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
 282                                 openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
 283                         }
 284                         else {
 285                                 openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
 286                                 openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
 287                         }
 288
 289                         $challenge = bin2hex($challenge);
 290                         $encrypted_id = bin2hex($encrypted_id);
 291                 }
 292                 else {
 293                         $status = 1;
 294                 }
 295
 296                 echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_version>2.0</dfrn_version><dfrn_id>' . $encrypted_id . '</dfrn_id>'
 297                         . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
 298                 session_write_close();
 299                 exit;
 300         }
 301 }
 302
 303