3 require_once('include/items.php');
4 require_once('include/auth.php');
7 function dfrn_poll_init(&$a) {
10 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
12 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
13 if(x($_GET,'last_update'))
14 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
22 if(($dfrn_id == '*') && ($a->argc > 1)) {
23 $o = get_feed_for($a,'*', $a->argv[1],$last_update);
28 if((x($type)) && ($type == 'profile')) {
30 $r = q("SELECT `contact`.*, `user`.`nickname`
31 FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
32 WHERE `issued-id` = '%s' LIMIT 1",
35 $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check');
37 $xml = simplexml_load_string($s);
38 if((int) $xml->status == 1) {
39 $_SESSION['authenticated'] = 1;
40 $_SESSION['visitor_id'] = $r[0]['id'];
41 $_SESSION['sysmsg'] .= "Hi {$r[0]['name']}" . EOL;
42 // Visitors get 1 day session.
43 $session_id = session_id();
44 $expire = time() + 86400;
45 q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
50 $profile = ((strlen($r[0]['nickname'])) ? $r[0]['nickname'] : $r[0]['uid']);
51 goaway($a->get_baseurl() . "/profile/$profile/visit");
53 goaway($a->get_baseurl());
56 if((x($type)) && ($type == 'profile-check')) {
58 q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
59 $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
72 function dfrn_poll_post(&$a) {
74 $dfrn_id = notags(trim($_POST['dfrn_id']));
75 $challenge = notags(trim($_POST['challenge']));
78 $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
85 $type = $r[0]['type'];
86 $last_update = $r[0]['last_update'];
88 $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
94 $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' LIMIT 1",
100 $owner_uid = $r[0]['uid'];
101 $contact_id = $r[0]['id'];
104 if($type == 'reputation' && strlen($url)) {
105 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
113 $reputation = $r[0]['rating'];
114 $text = $r[0]['reason'];
116 if($r[0]['id'] == $contact_id) { // inquiring about own reputation not allowed
122 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
125 <rating>$reputation</rating>
126 <description>$text</description>
130 return; // NOTREACHED
134 $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update);
141 function dfrn_poll_content(&$a) {
143 if(x($_GET,'dfrn_id'))
144 $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
146 $type = $a->config['dfrn_poll_type'] = $_GET['type'];
147 if(x($_GET,'last_update'))
148 $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
151 if($dfrn_id != '*') {
152 // initial communication from external contact
153 $hash = random_string();
157 $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
159 $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
160 VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
162 dbesc(notags(trim($_GET['dfrn_id']))),
163 intval(time() + 60 ),
168 $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
169 dbesc($_GET['dfrn_id']));
170 if((! count($r)) || (! strlen($r[0]['prvkey'])))
175 openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
176 $challenge = bin2hex($challenge);
177 echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $_GET['dfrn_id'] . '</dfrn_id>'
178 . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
179 session_write_close();