]> git.mxchange.org Git - friendica.git/blob - mod/dfrn_poll.php
added more notifier logging
[friendica.git] / mod / dfrn_poll.php
1 <?php
2
3 require_once('include/items.php');
4 require_once('include/auth.php');
5
6
7 function dfrn_poll_init(&$a) {
8
9         $dfrn_id         = ((x($_GET,'dfrn_id'))         ? $_GET['dfrn_id']              : '');
10         $type            = ((x($_GET,'type'))            ? $_GET['type']                 : '');
11         $last_update     = ((x($_GET,'last_update'))     ? $_GET['last_update']          : '');
12         $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url']      : '');
13         $dfrn_version    = ((x($_GET,'dfrn_version'))    ? (float) $_GET['dfrn_version'] : 0);
14
15
16         $direction = (-1);
17
18
19         if(strpos($dfrn_id,':') == 1) {
20                 $direction = intval(substr($dfrn_id,0,1));
21                 $dfrn_id   = substr($dfrn_id,2);
22         }
23
24         if(($dfrn_id === '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
25                 header("Content-type: application/atom+xml");
26                 $o = get_feed_for($a, '*', $a->argv[1],$last_update);
27                 echo $o;
28                 killme();
29         }
30
31         if((isset($type)) && ($type === 'profile')) {
32
33                 $sql_extra = '';
34                 switch($direction) {
35                         case (-1):
36                                 $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
37                                 $my_id = $dfrn_id;
38                                 break;
39                         case 0:
40                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
41                                 $my_id = '1:' . $dfrn_id;
42                                 break;
43                         case 1:
44                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
45                                 $my_id = '0:' . $dfrn_id;
46                                 break;
47                         default:
48                                 goaway($a->get_baseurl());
49                                 break; // NOTREACHED
50                 }
51
52                 $r = q("SELECT `contact`.*, `user`.`nickname` 
53                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
54                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 
55                         AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
56                         dbesc($a->argv[1])
57                 );
58                 
59                 if(count($r)) {
60
61                         $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
62
63                         if(strlen($s)) {
64
65                                 $xml = simplexml_load_string($s);
66
67                                 if((int) $xml->status == 1) {
68                                         $_SESSION['authenticated'] = 1;
69                                         $_SESSION['visitor_id'] = $r[0]['id'];
70                                         notice( t('Hi ') . $r[0]['name'] . EOL);
71                                         // Visitors get 1 day session.
72                                         $session_id = session_id();
73                                         $expire = time() + 86400;
74                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
75                                                 dbesc($expire),
76                                                 dbesc($session_id)
77                                         ); 
78                                 }
79                         }
80                         $profile = $r[0]['nickname'];
81                         goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
82                 }
83                 goaway($a->get_baseurl());
84
85         }
86
87         if((isset($type)) && ($type === 'profile-check')) {
88
89                 switch($direction) {
90                         case 1:
91                                 $dfrn_id = '0:' . $dfrn_id;
92                                 break;
93                         case 0:
94                                 $dfrn_id = '1:' . $dfrn_id;
95                                 break;
96                         default:
97                                 break;
98                 }
99                 q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
100                 $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
101                         dbesc($dfrn_id));
102                 if(count($r)) {
103                         xml_status(1);
104                         return; // NOTREACHED
105                 }
106                 xml_status(0);
107                 return; // NOTREACHED
108         }
109
110
111 }
112
113
114
115 function dfrn_poll_post(&$a) {
116
117         $dfrn_id      = ((x($_POST,'dfrn_id'))      ? $_POST['dfrn_id']              : '');
118         $challenge    = ((x($_POST,'challenge'))    ? $_POST['challenge']            : '');
119         $url          = ((x($_POST,'url'))          ? $_POST['url']                  : '');
120         $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 0);
121
122         $direction    = (-1);
123         if(strpos($dfrn_id,':') == 1) {
124                 $direction = intval(substr($dfrn_id,0,1));
125                 $dfrn_id   = substr($dfrn_id,2);
126         }
127
128
129         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
130                 dbesc($dfrn_id),
131                 dbesc($challenge)
132         );
133
134         if(! count($r))
135                 killme();
136
137         $type = $r[0]['type'];
138         $last_update = $r[0]['last_update'];
139
140         $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
141                 dbesc($dfrn_id),
142                 dbesc($challenge)
143         );
144
145
146         $sql_extra = '';
147         switch($direction) {
148                 case (-1):
149                         $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
150                         $my_id = $dfrn_id;
151                         break;
152                 case 0:
153                         $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
154                         $my_id = '1:' . $dfrn_id;
155                         break;
156                 case 1:
157                         $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
158                         $my_id = '0:' . $dfrn_id;
159                         break;
160                 default:
161                         goaway($a->get_baseurl());
162                         break; // NOTREACHED
163         }
164
165
166         $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
167
168
169         if(! count($r))
170                 killme();
171
172         $owner_uid = $r[0]['uid'];
173         $contact_id = $r[0]['id']; 
174
175
176         if($type === 'reputation' && strlen($url)) {
177                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
178                         dbesc($url),
179                         intval($owner_uid)
180                 );
181                 $reputation = 0;
182                 $text = '';
183
184                 if(count($r)) {
185                         $reputation = $r[0]['rating'];
186                         $text = $r[0]['reason'];
187
188                         if($r[0]['id'] == $contact_id) {        // inquiring about own reputation not allowed
189                                 $reputation = 0;
190                                 $text = '';
191                         }
192                 }
193
194                 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
195                 <reputation>
196                         <url>$url</url>
197                         <rating>$reputation</rating>
198                         <description>$text</description>
199                 </reputation>
200                 ";
201                 killme();
202                 // NOTREACHED
203         }
204         else {
205                 header("Content-type: application/atom+xml");
206                 $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction);
207                 echo $o;
208                 killme();
209
210         }
211 }
212
213 function dfrn_poll_content(&$a) {
214
215
216         $dfrn_id = '';
217         $type = 'data';
218
219         if(x($_GET,'dfrn_id'))
220                 $dfrn_id = $_GET['dfrn_id'];
221         if(x($_GET,'type'))
222                 $type = $_GET['type'];
223         if(x($_GET,'last_update'))
224                 $last_update = $_GET['last_update'];
225
226         $dfrn_version = (float) $_GET['dfrn_version'];
227
228         $direction = (-1);
229         if(strpos($dfrn_id,':') == 1) {
230                 $direction = intval(substr($dfrn_id,0,1));
231                 $dfrn_id = substr($dfrn_id,2);
232         }
233
234
235         if($dfrn_id != '') {
236                 // initial communication from external contact
237                 $hash = random_string();
238
239                 $status = 0;
240
241                 $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
242
243                 $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
244                         VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
245                         dbesc($hash),
246                         dbesc($dfrn_id),
247                         intval(time() + 60 ),
248                         dbesc($type),
249                         dbesc($last_update)
250                 );
251
252
253                 $sql_extra = '';
254                 switch($direction) {
255                         case (-1):
256                                 $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
257                                 $my_id = $dfrn_id;
258                                 break;
259                         case 0:
260                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
261                                 $my_id = '1:' . $dfrn_id;
262                                 break;
263                         case 1:
264                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
265                                 $my_id = '0:' . $dfrn_id;
266                                 break;
267                         default:
268                                 goaway($a->get_baseurl());
269                                 break; // NOTREACHED
270                 }
271
272
273
274
275                 $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
276
277                 if(count($r)) {
278
279                         $challenge = '';
280                         $encrypted_id = '';
281                         $id_str = $my_id . '.' . mt_rand(1000,9999);
282
283
284                         if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {
285                                 openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
286                                 openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
287                         }
288                         else {
289                                 openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
290                                 openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
291                         }
292
293                         $challenge = bin2hex($challenge);
294                         $encrypted_id = bin2hex($encrypted_id);
295                 }
296                 else {
297                         $status = 1;
298                 }
299                 header("Content-type: text/xml");
300                 echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
301                         . '<dfrn_poll>' . "\r\n"
302                         . "\t" . '<status>' .$status . '</status>' . "\r\n"
303                         . "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
304                         . "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
305                         . "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
306                         . '</dfrn_poll>' . "\r\n" ;
307                 killme();
308         }
309 }
310
311