mod/dfrn_poll.php

   1 <?php
   2
   3 require_once('include/items.php');
   4 require_once('include/auth.php');
   5
   6
   7 function dfrn_poll_init(&$a) {
   8
   9         $dfrn_id = '';
  10
  11         if(x($_GET,'dfrn_id'))
  12                 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
  13         if(x($_GET,'type'))
  14                 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
  15         if(x($_GET,'last_update'))
  16                 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
  17         $dfrn_version    = ((x($_GET,'dfrn_version'))    ? $_GET['dfrn_version']    : '1.0');
  18         $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
  19
  20         if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
  21                 $o = get_feed_for($a,'*', $a->argv[1],$last_update);
  22                 echo $o;
  23                 killme();
  24         }
  25
  26         if((x($type)) && ($type == 'profile')) {
  27
  28                 $r = q("SELECT `contact`.*, `user`.`nickname`
  29                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
  30                         WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) ",
  31                         dbesc($dfrn_id),
  32                         dbesc($dfrn_id)
  33                 );
  34
  35                 if(count($r)) {
  36                         foreach($r as $rr) {
  37
  38                                 // On a multi-user site, the query above *may* have returned two results.
  39                                 // One of those could be the logged-in user who is now visiting "this" cell,
  40                                 // as both share the dfrn_id. We will skip that entry if it unfortunately
  41                                 // happens to come up first.
  42
  43                                 if(local_user() && ($rr['uid'] == get_uid()))
  44                                         continue;
  45
  46                                 $s = fetch_url($rr['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check');
  47                                 if(strlen($s)) {
  48                                         $xml = simplexml_load_string($s);
  49                                         if((int) $xml->status == 1) {
  50                                                 $_SESSION['authenticated'] = 1;
  51                                                 $_SESSION['visitor_id'] = $rr['id'];
  52                                                 notice( t('Hi ') . $rr['name'] . EOL);
  53                                                 // Visitors get 1 day session.
  54                                                 $session_id = session_id();
  55                                                 $expire = time() + 86400;
  56                                                 q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
  57                                                         dbesc($expire),
  58                                                         dbesc($session_id)
  59                                                 );
  60                                         }
  61                                 }
  62                                 $profile = $rr['nickname'];
  63                                 goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
  64                         }
  65                 }
  66                 goaway($a->get_baseurl());
  67
  68         }
  69
  70         if((x($type)) && ($type == 'profile-check')) {
  71
  72                 q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
  73                 $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
  74                         dbesc($dfrn_id));
  75                 if(count($r)) {
  76                         xml_status(1);
  77                         return; // NOTREACHED
  78                 }
  79                 xml_status(0);
  80                 return; // NOTREACHED
  81         }
  82
  83
  84 }
  85
  86
  87
  88 function dfrn_poll_post(&$a) {
  89
  90         $dfrn_id = notags(trim($_POST['dfrn_id']));
  91         $challenge = notags(trim($_POST['challenge']));
  92         $url = $_POST['url'];
  93
  94         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
  95                 dbesc($dfrn_id),
  96                 dbesc($challenge)
  97         );
  98         if(! count($r))
  99                 killme();
 100
 101         $type = $r[0]['type'];
 102         $last_update = $r[0]['last_update'];
 103
 104         $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
 105                 dbesc($dfrn_id),
 106                 dbesc($challenge)
 107         );
 108
 109
 110         $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) LIMIT 1",
 111                 dbesc($dfrn_id),
 112                 dbesc($dfrn_id)
 113         );
 114
 115         if(! count($r))
 116                 killme();
 117
 118         $owner_uid = $r[0]['uid'];
 119         $contact_id = $r[0]['id'];
 120
 121
 122         if($type == 'reputation' && strlen($url)) {
 123                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
 124                         dbesc($url),
 125                         intval($owner_uid)
 126                 );
 127                 $reputation = 0;
 128                 $text = '';
 129
 130                 if(count($r)) {
 131                         $reputation = $r[0]['rating'];
 132                         $text = $r[0]['reason'];
 133
 134                         if($r[0]['id'] == $contact_id) {        // inquiring about own reputation not allowed
 135                                 $reputation = 0;
 136                                 $text = '';
 137                         }
 138                 }
 139
 140                 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
 141                 <reputation>
 142                         <url>$url</url>
 143                         <rating>$reputation</rating>
 144                         <description>$text</description>
 145                 </reputation>
 146                 ";
 147                 killme();
 148                 return; // NOTREACHED
 149         }
 150         else {
 151
 152                 $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update);
 153                 echo $o;
 154                 killme();
 155
 156         }
 157 }
 158
 159 function dfrn_poll_content(&$a) {
 160
 161
 162         $dfrn_id = '';
 163         $type = 'data';
 164
 165         if(x($_GET,'dfrn_id'))
 166                 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
 167         if(x($_GET,'type'))
 168                 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
 169         if(x($_GET,'last_update'))
 170                 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
 171
 172
 173         if($dfrn_id != '') {
 174                 // initial communication from external contact
 175                 $hash = random_string();
 176
 177                 $status = 0;
 178
 179                 $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
 180
 181                 $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
 182                         VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
 183                         dbesc($hash),
 184                         dbesc(notags(trim($_GET['dfrn_id']))),
 185                         intval(time() + 60 ),
 186                         dbesc($type),
 187                         dbesc($last_update)
 188                 );
 189
 190                 $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 ))
 191                         AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
 192                         dbesc($_GET['dfrn_id']),
 193                         dbesc($_GET['dfrn_id'])
 194                 );
 195                 if(count($r)) {
 196
 197                         $challenge = '';
 198                         $encrypted_id = '';
 199                         $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
 200
 201
 202                         if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {
 203                                 openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
 204                                 openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
 205                         }
 206                         else {
 207                                 openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
 208                                 openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
 209                         }
 210
 211                         $challenge = bin2hex($challenge);
 212                         $encrypted_id = bin2hex($encrypted_id);
 213                 }
 214                 else {
 215                         $status = 1;
 216                 }
 217
 218                 echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_version>2.0</dfrn_version><dfrn_id>' . $encrypted_id . '</dfrn_id>'
 219                         . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
 220                 session_write_close();
 221                 exit;
 222         }
 223 }
 224
 225