mod/dfrn_poll.php

   1 <?php
   2
   3 require_once('include/items.php');
   4 require_once('include/auth.php');
   5
   6
   7 function dfrn_poll_init(&$a) {
   8
   9         $dfrn_id = '';
  10
  11         if(x($_GET,'dfrn_id'))
  12                 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
  13         if(x($_GET,'type'))
  14                 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
  15         if(x($_GET,'last_update'))
  16                 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
  17
  18         if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
  19                 $o = get_feed_for($a,'*', $a->argv[1],$last_update);
  20                 echo $o;
  21                 killme();
  22         }
  23
  24         if((x($type)) && ($type == 'profile')) {
  25
  26                 $r = q("SELECT `contact`.*, `user`.`nickname`
  27                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
  28                         WHERE `issued-id` = '%s' LIMIT 1",
  29                         dbesc($dfrn_id));
  30                 if(count($r)) {
  31                         $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check');
  32                         if(strlen($s)) {
  33                                 $xml = simplexml_load_string($s);
  34                                 if((int) $xml->status == 1) {
  35                                         $_SESSION['authenticated'] = 1;
  36                                         $_SESSION['visitor_id'] = $r[0]['id'];
  37                                         notice( t('Hi ') . $r[0]['name'] . EOL);
  38                                         // Visitors get 1 day session.
  39                                         $session_id = session_id();
  40                                         $expire = time() + 86400;
  41                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
  42                                                 dbesc($expire),
  43                                                 dbesc($session_id));
  44                                 }
  45                         }
  46                         $profile = ((strlen($r[0]['nickname'])) ? $r[0]['nickname'] : $r[0]['uid']);
  47                         goaway($a->get_baseurl() . "/profile/$profile/visit");
  48                 }
  49                 goaway($a->get_baseurl());
  50         }
  51
  52         if((x($type)) && ($type == 'profile-check')) {
  53
  54                 q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
  55                 $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
  56                         dbesc($dfrn_id));
  57                 if(count($r))
  58                         xml_status(1);
  59                 xml_status(0);
  60                 return; // NOTREACHED
  61         }
  62
  63
  64 }
  65
  66
  67
  68 function dfrn_poll_post(&$a) {
  69
  70         $dfrn_id = notags(trim($_POST['dfrn_id']));
  71         $challenge = notags(trim($_POST['challenge']));
  72         $url = $_POST['url'];
  73
  74         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
  75                 dbesc($dfrn_id),
  76                 dbesc($challenge)
  77         );
  78         if(! count($r))
  79                 killme();
  80
  81         $type = $r[0]['type'];
  82         $last_update = $r[0]['last_update'];
  83
  84         $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
  85                 dbesc($dfrn_id),
  86                 dbesc($challenge)
  87         );
  88
  89
  90         $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' LIMIT 1",
  91                 dbesc($dfrn_id)
  92         );
  93         if(! count($r))
  94                 killme();
  95
  96         $owner_uid = $r[0]['uid'];
  97         $contact_id = $r[0]['id'];
  98
  99
 100         if($type == 'reputation' && strlen($url)) {
 101                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
 102                         dbesc($url),
 103                         intval($owner_uid)
 104                 );
 105                 $reputation = 0;
 106                 $text = '';
 107
 108                 if(count($r)) {
 109                         $reputation = $r[0]['rating'];
 110                         $text = $r[0]['reason'];
 111
 112                         if($r[0]['id'] == $contact_id) {        // inquiring about own reputation not allowed
 113                                 $reputation = 0;
 114                                 $text = '';
 115                         }
 116                 }
 117
 118                 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
 119                 <reputation>
 120                         <url>$url</url>
 121                         <rating>$reputation</rating>
 122                         <description>$text</description>
 123                 </reputation>
 124                 ";
 125                 killme();
 126                 return; // NOTREACHED
 127         }
 128         else {
 129
 130                 $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update);
 131                 echo $o;
 132                 killme();
 133
 134         }
 135 }
 136
 137 function dfrn_poll_content(&$a) {
 138
 139
 140         $dfrn_id = '';
 141         $type = 'data';
 142
 143         if(x($_GET,'dfrn_id'))
 144                 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
 145         if(x($_GET,'type'))
 146                 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
 147         if(x($_GET,'last_update'))
 148                 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
 149
 150
 151         if($dfrn_id != '') {
 152                 // initial communication from external contact
 153                 $hash = random_string();
 154
 155                 $status = 0;
 156
 157                 $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
 158
 159                 $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
 160                         VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
 161                         dbesc($hash),
 162                         dbesc(notags(trim($_GET['dfrn_id']))),
 163                         intval(time() + 60 ),
 164                         dbesc($type),
 165                         dbesc($last_update)
 166                 );
 167
 168                 $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
 169                         dbesc($_GET['dfrn_id']));
 170                 if((count($r)) && (strlen($r[0]['prvkey']))) {
 171
 172                         $challenge = '';
 173
 174                         openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
 175                         $challenge = bin2hex($challenge);
 176
 177                         $encrypted_id = '';
 178                         $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
 179
 180                         openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
 181                         $encrypted_id = bin2hex($encrypted_id);
 182                 }
 183                 else {
 184                         $status = 1;  // key not found
 185                 }
 186
 187                 echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>'
 188                         . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
 189                 session_write_close();
 190                 exit;
 191         }
 192
 193
 194
 195
 196
 197 }
 198
 199