X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=include%2Fdfrn.php;h=4002bb4268de07a2dca041789dfac033ff557666;hb=2952e2b3e47d0d16e89c6ff81353a9059bfe474c;hp=c5d00e8a6730e8f2e8404d71891485e4b17df474;hpb=860f11e71b8aa4a61c956d3dc1a14c907b8c62cc;p=friendica.git diff --git a/include/dfrn.php b/include/dfrn.php index c5d00e8a67..4002bb4268 100644 --- a/include/dfrn.php +++ b/include/dfrn.php @@ -3,7 +3,8 @@ * @file include/dfrn.php * @brief The implementation of the dfrn protocol * - * https://github.com/friendica/friendica/wiki/Protocol + * @see https://github.com/friendica/friendica/wiki/Protocol and + * https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf */ require_once("include/Contact.php"); @@ -104,15 +105,15 @@ class dfrn { dbesc($owner_nick) ); - if(! count($r)) + if (! dbm::is_result($r)) { killme(); + } $owner = $r[0]; $owner_id = $owner['uid']; $owner_nick = $owner['nickname']; $sql_post_table = ""; - $visibility = ""; if(! $public_feed) { @@ -135,12 +136,13 @@ class dfrn { break; // NOTREACHED } - $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d $sql_extra LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE NOT `blocked` AND `contact`.`uid` = %d $sql_extra LIMIT 1", intval($owner_id) ); - if(! count($r)) + if (! dbm::is_result($r)) { killme(); + } $contact = $r[0]; require_once('include/security.php'); @@ -171,9 +173,6 @@ class dfrn { else $sort = 'ASC'; - $date_field = "`changed`"; - $sql_order = "`item`.`parent` ".$sort.", `item`.`created` ASC"; - if(! strlen($last_update)) $last_update = 'now -30 days'; @@ -190,22 +189,19 @@ class dfrn { $check_date = datetime_convert('UTC','UTC',$last_update,'Y-m-d H:i:s'); - // AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' ) - // dbesc($check_date), - - $r = q("SELECT STRAIGHT_JOIN `item`.*, `item`.`id` AS `item_id`, + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`network`, `contact`.`photo`, `contact`.`url`, `contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `sign`.`signed_text`, `sign`.`signature`, `sign`.`signer` - FROM `item` $sql_post_table - INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + FROM `item` USE INDEX (`uid_wall_changed`) $sql_post_table + STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` + AND (NOT `contact`.`blocked` OR `contact`.`pending`) LEFT JOIN `sign` ON `sign`.`iid` = `item`.`id` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`parent` != 0 - AND ((`item`.`wall` = 1) $visibility) AND `item`.$date_field > '%s' + WHERE `item`.`uid` = %d AND `item`.`visible` AND NOT `item`.`moderated` AND `item`.`parent` != 0 + AND `item`.`wall` AND `item`.`changed` > '%s' $sql_extra - ORDER BY $sql_order LIMIT 0, 300", + ORDER BY `item`.`parent` ".$sort.", `item`.`created` ASC LIMIT 0, 300", intval($owner_id), dbesc($check_date), dbesc($sort) @@ -395,7 +391,7 @@ class dfrn { * * @return object XML root object */ - private function add_header($doc, $owner, $authorelement, $alternatelink = "", $public = false) { + private static function add_header($doc, $owner, $authorelement, $alternatelink = "", $public = false) { if ($alternatelink == "") $alternatelink = $owner['url']; @@ -466,7 +462,7 @@ class dfrn { * * @return object XML author object */ - private function add_author($doc, $owner, $authorelement, $public) { + private static function add_author($doc, $owner, $authorelement, $public) { // Is the profile hidden or shouldn't be published in the net? Then add the "hide" element $r = q("SELECT `id` FROM `profile` INNER JOIN `user` ON `user`.`uid` = `profile`.`uid` @@ -595,7 +591,7 @@ class dfrn { * * @return object XML author object */ - private function add_entry_author($doc, $element, $contact_url, $item) { + private static function add_entry_author($doc, $element, $contact_url, $item) { $contact = get_contact_details_by_url($contact_url, $item["uid"]); @@ -635,7 +631,7 @@ class dfrn { * * @return object XML activity object */ - private function create_activity($doc, $element, $activity) { + private static function create_activity($doc, $element, $activity) { if($activity) { $entry = $doc->createElement($element); @@ -689,7 +685,7 @@ class dfrn { * * @return object XML attachment object */ - private function get_attachment($doc, $root, $item) { + private static function get_attachment($doc, $root, $item) { $arr = explode('[/attach],',$item['attach']); if(count($arr)) { foreach($arr as $r) { @@ -724,7 +720,7 @@ class dfrn { * * @return object XML entry object */ - private function entry($doc, $type, $item, $owner, $comment = false, $cid = 0) { + private static function entry($doc, $type, $item, $owner, $comment = false, $cid = 0) { $mentioned = array(); @@ -868,6 +864,30 @@ class dfrn { return $entry; } + /** + * @brief encrypts data via AES + * + * @param string $data The data that is to be encrypted + * @param string $key The AES key + * + * @return string encrypted data + */ + private static function aes_encrypt($data, $key) { + return openssl_encrypt($data, 'aes-128-ecb', $key, OPENSSL_RAW_DATA); + } + + /** + * @brief decrypts data via AES + * + * @param string $encrypted The encrypted data + * @param string $key The AES key + * + * @return string decrypted data + */ + public static function aes_decrypt($encrypted, $key) { + return openssl_decrypt($encrypted, 'aes-128-ecb', $key, OPENSSL_RAW_DATA); + } + /** * @brief Delivers the atom content to the contacts * @@ -892,8 +912,6 @@ class dfrn { $rino = get_config('system','rino_encrypt'); $rino = intval($rino); - // use RINO1 if mcrypt isn't installed and RINO2 was selected - if ($rino==2 and !function_exists('mcrypt_create_iv')) $rino=1; logger("Local rino version: ". $rino, LOGGER_DEBUG); @@ -917,11 +935,18 @@ class dfrn { logger('dfrn_deliver: ' . $url); - $xml = fetch_url($url); + $ret = z_fetch_url($url); + + if ($ret['errno'] == CURLE_OPERATION_TIMEDOUT) { + return -2; // timed out + } + + $xml = $ret['body']; $curl_stat = $a->get_curl_code(); - if(! $curl_stat) - return(-1); // timed out + if (!$curl_stat) { + return -3; // timed out + } logger('dfrn_deliver: ' . $xml, LOGGER_DATA); @@ -1012,8 +1037,8 @@ class dfrn { switch($rino_remote_version) { case 1: // Deprecated rino version! - $key = substr(random_string(),0,16); - $data = aes_encrypt($postvars['data'],$key); + $key = openssl_random_pseudo_bytes(16); + $data = self::aes_encrypt($postvars['data'], $key); break; case 2: // RINO 2 based on php-encryption @@ -1021,24 +1046,24 @@ class dfrn { $key = Crypto::createNewRandomKey(); } catch (CryptoTestFailed $ex) { logger('Cannot safely create a key'); - return -1; + return -4; } catch (CannotPerformOperation $ex) { logger('Cannot safely create a key'); - return -1; + return -5; } try { $data = Crypto::encrypt($postvars['data'], $key); } catch (CryptoTestFailed $ex) { logger('Cannot safely perform encryption'); - return -1; + return -6; } catch (CannotPerformOperation $ex) { logger('Cannot safely perform encryption'); - return -1; + return -7; } break; default: logger("rino: invalid requested verision '$rino_remote_version'"); - return -1; + return -8; } $postvars['rino'] = $rino_remote_version; @@ -1072,16 +1097,18 @@ class dfrn { logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA); - $xml = post_url($contact['notify'],$postvars); + $xml = post_url($contact['notify'], $postvars); logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA); $curl_stat = $a->get_curl_code(); - if((! $curl_stat) || (! strlen($xml))) - return(-1); // timed out + if ((!$curl_stat) || (!strlen($xml))) { + return -9; // timed out + } - if(($curl_stat == 503) && (stristr($a->get_curl_headers(),'retry-after'))) - return(-1); + if (($curl_stat == 503) && (stristr($a->get_curl_headers(),'retry-after'))) { + return -10; + } if(strpos($xml,' NULL_DATE) { logger("dfrn_deliver: $url back from the dead - removing mark for death"); require_once('include/Contact.php'); unmark_for_death($contact); @@ -1107,14 +1134,24 @@ class dfrn { * @param string $birthday Birthday of the contact * */ - private function birthday_event($contact, $birthday) { + private static function birthday_event($contact, $birthday) { + + // Check for duplicates + $r = q("SELECT `id` FROM `event` WHERE `uid` = %d AND `cid` = %d AND `start` = '%s' AND `type` = '%s' LIMIT 1", + intval($contact["uid"]), + intval($contact["id"]), + dbesc(datetime_convert("UTC","UTC", $birthday)), + dbesc("birthday")); + + if (dbm::is_result($r)) { + return; + } logger("updating birthday: ".$birthday." for contact ".$contact["id"]); $bdtext = sprintf(t("%s\'s birthday"), $contact["name"]); $bdtext2 = sprintf(t("Happy Birthday %s"), " [url=".$contact["url"]."]".$contact["name"]."[/url]") ; - $r = q("INSERT INTO `event` (`uid`,`cid`,`created`,`edited`,`start`,`finish`,`summary`,`desc`,`type`) VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", intval($contact["uid"]), @@ -1140,14 +1177,14 @@ class dfrn { * * @return Returns an array with relevant data of the author */ - private function fetchauthor($xpath, $context, $importer, $element, $onlyfetch, $xml = "") { + private static function fetchauthor($xpath, $context, $importer, $element, $onlyfetch, $xml = "") { $author = array(); $author["name"] = $xpath->evaluate($element."/atom:name/text()", $context)->item(0)->nodeValue; $author["link"] = $xpath->evaluate($element."/atom:uri/text()", $context)->item(0)->nodeValue; $r = q("SELECT `id`, `uid`, `url`, `network`, `avatar-date`, `name-date`, `uri-date`, `addr`, - `name`, `nick`, `about`, `location`, `keywords`, `xmpp`, `bdyear`, `bd`, `hidden` + `name`, `nick`, `about`, `location`, `keywords`, `xmpp`, `bdyear`, `bd`, `hidden`, `contact-type` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND `network` != '%s'", intval($importer["uid"]), dbesc(normalise_link($author["link"])), dbesc(NETWORK_STATUSNET)); if ($r) { @@ -1165,7 +1202,7 @@ class dfrn { // Until now we aren't serving different sizes - but maybe later $avatarlist = array(); - // @todo check if "avatar" or "photo" would be the best field in the specification + /// @todo check if "avatar" or "photo" would be the best field in the specification $avatars = $xpath->query($element."/atom:link[@rel='avatar']", $context); foreach($avatars AS $avatar) { $href = ""; @@ -1336,7 +1373,10 @@ class dfrn { $poco["generation"] = 2; $poco["photo"] = $author["avatar"]; $poco["hide"] = $hide; - update_gcontact($poco); + $poco["contact-type"] = $contact["contact-type"]; + $gcid = update_gcontact($poco); + + link_gcontact($gcid, $importer["uid"], $contact["id"]); } return($author); @@ -1351,7 +1391,7 @@ class dfrn { * * @return string XML string */ - private function transform_activity($xpath, $activity, $element) { + private static function transform_activity($xpath, $activity, $element) { if (!is_object($activity)) return ""; @@ -1384,7 +1424,7 @@ class dfrn { $objxml = $obj_doc->saveXML($obj_element); - // @todo This isn't totally clean. We should find a way to transform the namespaces + /// @todo This isn't totally clean. We should find a way to transform the namespaces $objxml = str_replace("<".$element.' xmlns="http://www.w3.org/2005/Atom">', "<".$element.">", $objxml); return($objxml); } @@ -1396,7 +1436,7 @@ class dfrn { * @param object $mail mail elements * @param array $importer Record of the importer user mixed with contact of the content */ - private function process_mail($xpath, $mail, $importer) { + private static function process_mail($xpath, $mail, $importer) { logger("Processing mails"); @@ -1414,9 +1454,9 @@ class dfrn { $msg["seen"] = 0; $msg["replied"] = 0; - dbesc_array($msg); + dbm::esc_array($msg, true); - $r = dbq("INSERT INTO `mail` (`".implode("`, `", array_keys($msg))."`) VALUES ('".implode("', '", array_values($msg))."')"); + $r = dbq("INSERT INTO `mail` (`".implode("`, `", array_keys($msg))."`) VALUES (".implode(", ", array_values($msg)).")"); // send notifications. @@ -1447,7 +1487,8 @@ class dfrn { * @param object $suggestion suggestion elements * @param array $importer Record of the importer user mixed with contact of the content */ - private function process_suggestion($xpath, $suggestion, $importer) { + private static function process_suggestion($xpath, $suggestion, $importer) { + $a = get_app(); logger("Processing suggestions"); @@ -1467,7 +1508,7 @@ class dfrn { dbesc(normalise_link($suggest["url"])), intval($suggest["uid"]) ); - if(count($r)) + if (dbm::is_result($r)) return false; // Do we already have an fcontact record for this person? @@ -1478,7 +1519,7 @@ class dfrn { dbesc($suggest["name"]), dbesc($suggest["request"]) ); - if(count($r)) { + if (dbm::is_result($r)) { $fid = $r[0]["id"]; // OK, we do. Do we already have an introduction for this person ? @@ -1486,7 +1527,7 @@ class dfrn { intval($suggest["uid"]), intval($fid) ); - if(count($r)) + if (dbm::is_result($r)) return false; } if(!$fid) @@ -1501,7 +1542,7 @@ class dfrn { dbesc($suggest["name"]), dbesc($suggest["request"]) ); - if(count($r)) + if (dbm::is_result($r)) $fid = $r[0]["id"]; else // database record did not get created. Quietly give up. @@ -1548,7 +1589,7 @@ class dfrn { * @param object $relocation relocation elements * @param array $importer Record of the importer user mixed with contact of the content */ - private function process_relocation($xpath, $relocation, $importer) { + private static function process_relocation($xpath, $relocation, $importer) { logger("Processing relocations"); @@ -1677,7 +1718,7 @@ class dfrn { * @param array $importer Record of the importer user mixed with contact of the content * @param int $entrytype Is it a toplevel entry, a comment or a relayed comment? */ - private function update_content($current, $item, $importer, $entrytype) { + private static function update_content($current, $item, $importer, $entrytype) { $changed = false; if (edited_timestamp_is_newer($current, $item)) { @@ -1729,7 +1770,7 @@ class dfrn { * * @return int Is it a toplevel entry, a comment or a relayed comment? */ - private function get_entry_type($importer, $item) { + private static function get_entry_type($importer, $item) { if ($item["parent-uri"] != $item["uri"]) { $community = false; @@ -1750,7 +1791,7 @@ class dfrn { LIMIT 1", dbesc($item["parent-uri"]) ); - if($r && count($r)) { + if (dbm::is_result($r)) { $r = q("SELECT `item`.`forum_mode`, `item`.`wall` FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` WHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' OR `item`.`thr-parent` = '%s') @@ -1762,7 +1803,7 @@ class dfrn { dbesc($r[0]["parent-uri"]), intval($importer["importer_uid"]) ); - if($r && count($r)) + if (dbm::is_result($r)) $is_a_remote_action = true; } @@ -1795,7 +1836,7 @@ class dfrn { * @param array $importer Record of the importer user mixed with contact of the content * @param int $posted_id The record number of item record that was just posted */ - private function do_poke($item, $importer, $posted_id) { + private static function do_poke($item, $importer, $posted_id) { $verb = urldecode(substr($item["verb"],strpos($item["verb"], "#")+1)); if(!$verb) return; @@ -1850,7 +1891,7 @@ class dfrn { * * @return bool Should the processing of the entries be continued? */ - private function process_verbs($entrytype, $importer, &$item, &$is_like) { + private static function process_verbs($entrytype, $importer, &$item, &$is_like) { logger("Process verb ".$item["verb"]." and object-type ".$item["object-type"]." for entrytype ".$entrytype, LOGGER_DEBUG); @@ -1900,7 +1941,7 @@ class dfrn { dbesc($item["verb"]), dbesc($item["parent-uri"]) ); - if($r && count($r)) + if (dbm::is_result($r)) return false; $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `author-link` = '%s' AND `verb` = '%s' AND `thr-parent` = '%s' AND NOT `deleted` LIMIT 1", @@ -1909,7 +1950,7 @@ class dfrn { dbesc($item["verb"]), dbesc($item["parent-uri"]) ); - if($r && count($r)) + if (dbm::is_result($r)) return false; } else $is_like = false; @@ -1925,7 +1966,7 @@ class dfrn { intval($importer["importer_uid"]) ); - if(!count($r)) + if (!dbm::is_result($r)) return false; // extract tag, if not duplicate, add to parent item @@ -1950,7 +1991,7 @@ class dfrn { * @param object $links link elements * @param array $item the item record */ - private function parse_links($links, &$item) { + private static function parse_links($links, &$item) { $rel = ""; $href = ""; $type = ""; @@ -1993,7 +2034,7 @@ class dfrn { * @param object $entry entry elements * @param array $importer Record of the importer user mixed with contact of the content */ - private function process_entry($header, $xpath, $entry, $importer) { + private static function process_entry($header, $xpath, $entry, $importer) { logger("Processing entries"); @@ -2002,6 +2043,20 @@ class dfrn { // Get the uri $item["uri"] = $xpath->query("atom:id/text()", $entry)->item(0)->nodeValue; + $item["edited"] = $xpath->query("atom:updated/text()", $entry)->item(0)->nodeValue; + + $current = q("SELECT `id`, `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + dbesc($item["uri"]), + intval($importer["importer_uid"]) + ); + + // Is there an existing item? + if (dbm::is_result($current) AND edited_timestamp_is_newer($current[0], $item) AND + (datetime_convert("UTC","UTC",$item["edited"]) < $current[0]["edited"])) { + logger("Item ".$item["uri"]." already existed.", LOGGER_DEBUG); + return; + } + // Fetch the owner $owner = self::fetchauthor($xpath, $entry, $importer, "dfrn:owner", true); @@ -2019,7 +2074,6 @@ class dfrn { $item["title"] = $xpath->query("atom:title/text()", $entry)->item(0)->nodeValue; $item["created"] = $xpath->query("atom:published/text()", $entry)->item(0)->nodeValue; - $item["edited"] = $xpath->query("atom:updated/text()", $entry)->item(0)->nodeValue; $item["body"] = $xpath->query("dfrn:env/text()", $entry)->item(0)->nodeValue; $item["body"] = str_replace(array(' ',"\t","\r","\n"), array('','','',''),$item["body"]); @@ -2197,7 +2251,7 @@ class dfrn { dbesc($item["uri"]), intval($importer["uid"]) ); - if(count($r)) + if (dbm::is_result($r)) $ev["id"] = $r[0]["id"]; $event_id = event_store($ev); @@ -2207,18 +2261,13 @@ class dfrn { } } - $r = q("SELECT `id`, `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", - dbesc($item["uri"]), - intval($importer["importer_uid"]) - ); - if (!self::process_verbs($entrytype, $importer, $item, $is_like)) { logger("Exiting because 'process_verbs' told us so", LOGGER_DEBUG); return; } // Update content if 'updated' changes - if(count($r)) { + if (dbm::is_result($current)) { if (self::update_content($r[0], $item, $importer, $entrytype)) logger("Item ".$item["uri"]." was updated.", LOGGER_DEBUG); else @@ -2240,7 +2289,7 @@ class dfrn { intval($posted_id), intval($importer["importer_uid"]) ); - if(count($r)) { + if (dbm::is_result($r)) { $parent = $r[0]["parent"]; $parent_uri = $r[0]["parent-uri"]; } @@ -2303,7 +2352,7 @@ class dfrn { * @param object $deletion deletion elements * @param array $importer Record of the importer user mixed with contact of the content */ - private function process_deletion($xpath, $deletion, $importer) { + private static function process_deletion($xpath, $deletion, $importer) { logger("Processing deletions"); @@ -2328,7 +2377,7 @@ class dfrn { intval($importer["uid"]), intval($importer["id"]) ); - if(!count($r)) { + if (!dbm::is_result($r)) { logger("Item with uri ".$uri." from contact ".$importer["id"]." for user ".$importer["uid"]." wasn't found.", LOGGER_DEBUG); return; } else { @@ -2357,7 +2406,7 @@ class dfrn { dbesc($xt->id), intval($importer["importer_uid"]) ); - if(count($i)) { + if (dbm::is_result($i)) { // For tags, the owner cannot remove the tag on the author's copy of the post. @@ -2422,7 +2471,7 @@ class dfrn { dbesc($item["parent-uri"]), intval($importer["uid"]) ); - if(count($r)) { + if (dbm::is_result($r)) { q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d", intval($r[0]["id"]) );