mod/dfrn_poll.php

   1 <?php
   2
   3 require_once('include/items.php');
   4 require_once('include/auth.php');
   5
   6
   7 function dfrn_poll_init(&$a) {
   8
   9         $dfrn_id         = ((x($_GET,'dfrn_id'))         ? $_GET['dfrn_id']              : '');
  10         $type            = ((x($_GET,'type'))            ? $_GET['type']                 : '');
  11         $last_update     = ((x($_GET,'last_update'))     ? $_GET['last_update']          : '');
  12         $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url']      : '');
  13         $sec             = ((x($_GET,'sec'))             ? intval($_GET['sec'])          : 0);
  14         $dfrn_version    = ((x($_GET,'dfrn_version'))    ? (float) $_GET['dfrn_version'] : 0);
  15
  16
  17         $direction = (-1);
  18
  19
  20         if(strpos($dfrn_id,':') == 1) {
  21                 $direction = intval(substr($dfrn_id,0,1));
  22                 $dfrn_id   = substr($dfrn_id,2);
  23         }
  24
  25         if(($dfrn_id === '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
  26                 header("Content-type: application/atom+xml");
  27                 $o = get_feed_for($a, '*', $a->argv[1],$last_update);
  28                 echo $o;
  29                 killme();
  30         }
  31
  32         if((isset($type)) && ($type === 'profile')) {
  33
  34                 $sql_extra = '';
  35                 switch($direction) {
  36                         case (-1):
  37                                 $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
  38                                 $my_id = $dfrn_id;
  39                                 break;
  40                         case 0:
  41                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
  42                                 $my_id = '1:' . $dfrn_id;
  43                                 break;
  44                         case 1:
  45                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
  46                                 $my_id = '0:' . $dfrn_id;
  47                                 break;
  48                         default:
  49                                 goaway($a->get_baseurl());
  50                                 break; // NOTREACHED
  51                 }
  52
  53                 $r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
  54                         FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
  55                         WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
  56                         AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
  57                         dbesc($a->argv[1])
  58                 );
  59
  60                 if(count($r)) {
  61
  62                         $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
  63
  64                         if(strlen($s)) {
  65
  66                                 $xml = simplexml_load_string($s);
  67
  68                                 if((int) $xml->status == 1) {
  69                                         $_SESSION['authenticated'] = 1;
  70                                         $_SESSION['visitor_id'] = $r[0]['id'];
  71                                         notice( $r[0]['username'] . t(' welcomes ') . $r[0]['name'] . EOL);
  72                                         // Visitors get 1 day session.
  73                                         $session_id = session_id();
  74                                         $expire = time() + 86400;
  75                                         q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
  76                                                 dbesc($expire),
  77                                                 dbesc($session_id)
  78                                         );
  79                                 }
  80                         }
  81                         $profile = $r[0]['nickname'];
  82                         goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
  83                 }
  84                 goaway($a->get_baseurl());
  85
  86         }
  87
  88         if((isset($type)) && ($type === 'profile-check')) {
  89
  90                 switch($direction) {
  91                         case 1:
  92                                 $dfrn_id = '0:' . $dfrn_id;
  93                                 break;
  94                         case 0:
  95                                 $dfrn_id = '1:' . $dfrn_id;
  96                                 break;
  97                         default:
  98                                 break;
  99                 }
 100                 q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
 101                 $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
 102                         dbesc($dfrn_id));
 103                 if(count($r)) {
 104                         xml_status(1);
 105                         return; // NOTREACHED
 106                 }
 107                 xml_status(0);
 108                 return; // NOTREACHED
 109         }
 110
 111
 112 }
 113
 114
 115
 116 function dfrn_poll_post(&$a) {
 117
 118         $dfrn_id      = ((x($_POST,'dfrn_id'))      ? $_POST['dfrn_id']              : '');
 119         $challenge    = ((x($_POST,'challenge'))    ? $_POST['challenge']            : '');
 120         $url          = ((x($_POST,'url'))          ? $_POST['url']                  : '');
 121         $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 0);
 122
 123         $direction    = (-1);
 124         if(strpos($dfrn_id,':') == 1) {
 125                 $direction = intval(substr($dfrn_id,0,1));
 126                 $dfrn_id   = substr($dfrn_id,2);
 127         }
 128
 129
 130         $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
 131                 dbesc($dfrn_id),
 132                 dbesc($challenge)
 133         );
 134
 135         if(! count($r))
 136                 killme();
 137
 138         $type = $r[0]['type'];
 139         $last_update = $r[0]['last_update'];
 140
 141         $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
 142                 dbesc($dfrn_id),
 143                 dbesc($challenge)
 144         );
 145
 146
 147         $sql_extra = '';
 148         switch($direction) {
 149                 case (-1):
 150                         $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
 151                         $my_id = $dfrn_id;
 152                         break;
 153                 case 0:
 154                         $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
 155                         $my_id = '1:' . $dfrn_id;
 156                         break;
 157                 case 1:
 158                         $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
 159                         $my_id = '0:' . $dfrn_id;
 160                         break;
 161                 default:
 162                         goaway($a->get_baseurl());
 163                         break; // NOTREACHED
 164         }
 165
 166
 167         $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
 168
 169
 170         if(! count($r))
 171                 killme();
 172
 173         $owner_uid = $r[0]['uid'];
 174         $contact_id = $r[0]['id'];
 175
 176
 177         if($type === 'reputation' && strlen($url)) {
 178                 $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
 179                         dbesc($url),
 180                         intval($owner_uid)
 181                 );
 182                 $reputation = 0;
 183                 $text = '';
 184
 185                 if(count($r)) {
 186                         $reputation = $r[0]['rating'];
 187                         $text = $r[0]['reason'];
 188
 189                         if($r[0]['id'] == $contact_id) {        // inquiring about own reputation not allowed
 190                                 $reputation = 0;
 191                                 $text = '';
 192                         }
 193                 }
 194
 195                 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
 196                 <reputation>
 197                         <url>$url</url>
 198                         <rating>$reputation</rating>
 199                         <description>$text</description>
 200                 </reputation>
 201                 ";
 202                 killme();
 203                 // NOTREACHED
 204         }
 205         else {
 206                 header("Content-type: application/atom+xml");
 207                 $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction);
 208                 echo $o;
 209                 killme();
 210
 211         }
 212 }
 213
 214 function dfrn_poll_content(&$a) {
 215
 216         $dfrn_id      = ((x($_GET,'dfrn_id'))      ? $_GET['dfrn_id']              : '');
 217         $type         = ((x($_GET,'type'))         ? $_GET['type']                 : 'data');
 218         $last_update  = ((x($_GET,'last_update'))  ? $_GET['last_update']          : '');
 219         $dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
 220         $sec          = ((x($_GET,'sec'))          ? intval($_GET['sec'])          : 0);
 221
 222         $direction = (-1);
 223         if(strpos($dfrn_id,':') == 1) {
 224                 $direction = intval(substr($dfrn_id,0,1));
 225                 $dfrn_id = substr($dfrn_id,2);
 226         }
 227
 228
 229         if($dfrn_id != '') {
 230                 // initial communication from external contact
 231                 $hash = random_string();
 232
 233                 $status = 0;
 234
 235                 $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
 236
 237                 $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
 238                         VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
 239                         dbesc($hash),
 240                         dbesc($dfrn_id),
 241                         intval(time() + 60 ),
 242                         dbesc($type),
 243                         dbesc($last_update)
 244                 );
 245
 246                 $sql_extra = '';
 247                 switch($direction) {
 248                         case (-1):
 249                                 $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
 250                                 $my_id = $dfrn_id;
 251                                 break;
 252                         case 0:
 253                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
 254                                 $my_id = '1:' . $dfrn_id;
 255                                 break;
 256                         case 1:
 257                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
 258                                 $my_id = '0:' . $dfrn_id;
 259                                 break;
 260                         default:
 261                                 goaway($a->get_baseurl());
 262                                 break; // NOTREACHED
 263                 }
 264
 265                 $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
 266
 267                 if(count($r)) {
 268
 269                         $challenge = '';
 270                         $encrypted_id = '';
 271                         $id_str = $my_id . '.' . mt_rand(1000,9999);
 272
 273
 274                         if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {
 275                                 openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
 276                                 openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
 277                         }
 278                         else {
 279                                 openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
 280                                 openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
 281                         }
 282
 283                         $challenge = bin2hex($challenge);
 284                         $encrypted_id = bin2hex($encrypted_id);
 285                 }
 286                 else {
 287                         $status = 1;
 288                 }
 289
 290                 header("Content-type: text/xml");
 291                 echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
 292                         . '<dfrn_poll>' . "\r\n"
 293                         . "\t" . '<status>' . $status . '</status>' . "\r\n"
 294                         . "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
 295                         . "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
 296                         . "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
 297                         . '</dfrn_poll>' . "\r\n" ;
 298                 killme();
 299         }
 300 }
 301
 302