X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_notify.php;h=142d1328450d20e06b14a838fd4bb4e3db267914;hb=073f3720ac3132b950fc0aec6470feb99c5e8b92;hp=54fa9b97d289240688820ccb4775fa26ba0c8985;hpb=846fa8d5f799ea61ff4400504eb9947019fd6f1b;p=friendica.git diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 54fa9b97d2..142d132845 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -6,10 +6,12 @@ require_once('include/items.php'); function dfrn_notify_post(&$a) { - $dfrn_id = notags(trim($_POST['dfrn_id'])); - $dfrn_version = (float) $_POST['dfrn_version']; - $challenge = notags(trim($_POST['challenge'])); - $data = $_POST['data']; + $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ''); + $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); + $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : ''); + $data = ((x($_POST,'data')) ? $_POST['data'] : ''); + $key = ((x($_POST,'key')) ? $_POST['key'] : ''); + $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0); $direction = (-1); if(strpos($dfrn_id,':') == 1) { @@ -22,7 +24,7 @@ function dfrn_notify_post(&$a) { dbesc($challenge) ); if(! count($r)) { - logger('dfrn_notify: could not match challenge to dfrn_id ' . $dfrn_id); + logger('dfrn_notify: could not match challenge to dfrn_id ' . $dfrn_id . ' challenge=' . $challenge); xml_status(3); } @@ -50,7 +52,8 @@ function dfrn_notify_post(&$a) { } - $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` + $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, + `contact`.`pubkey` AS `cpubkey`, `contact`.`prvkey` AS `cprvkey`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' $sql_extra LIMIT 1", @@ -63,11 +66,56 @@ function dfrn_notify_post(&$a) { //NOTREACHED } + // $importer in this case contains the contact record for the remote contact joined with the user record of our user. + $importer = $r[0]; logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']); logger('dfrn_notify: data: ' . $data, LOGGER_DATA); + if($dissolve == 1) { + + /** + * Relationship is dissolved permanently + */ + + require_once('include/Contact.php'); + contact_remove($importer['id']); + logger('relationship dissolved : ' . $importer['name'] . ' dissolved ' . $importer['username']); + xml_status(0); + + } + + if(strlen($key)) { + $rawkey = hex2bin(trim($key)); + logger('rino: md5 raw key: ' . md5($rawkey)); + $final_key = ''; + + if($dfrn_version >= 2.1) { + if((($importer['duplex']) && strlen($importer['cprvkey'])) || (! strlen($importer['cpubkey']))) { + openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']); + } + else { + openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']); + } + } + else { + if((($importer['duplex']) && strlen($importer['cpubkey'])) || (! strlen($importer['cprvkey']))) { + openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']); + } + else { + openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']); + } + } + + logger('rino: received key : ' . $final_key); + $data = aes_decrypt(hex2bin($data),$final_key); + logger('rino: decrypted data: ' . $data, LOGGER_DATA); + } + + + + if($importer['readonly']) { // We aren't receiving stuff from this person. But we will quietly ignore them // rather than a blatant "go away" message. @@ -226,6 +274,7 @@ function dfrn_notify_post(&$a) { if($is_reply) { if($feed->get_item_quantity() == 1) { logger('dfrn_notify: received remote comment'); + $is_like = false; // remote reply to our post. Import and then notify everybody else. $datarray = get_atom_elements($feed,$item); $datarray['type'] = 'remote-comment'; @@ -234,55 +283,64 @@ function dfrn_notify_post(&$a) { $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; if(($datarray['verb'] == ACTIVITY_LIKE) || ($datarray['verb'] == ACTIVITY_DISLIKE)) { + $is_like = true; $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; + $datarray['last-child'] = 0; } $posted_id = item_store($datarray); + $parent = 0; if($posted_id) { $r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($posted_id), intval($importer['importer_uid']) ); - if(count($r)) { + if(count($r)) + $parent = $r[0]['parent']; + + if(! $is_like) { $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d", dbesc(datetime_convert()), intval($importer['importer_uid']), intval($r[0]['parent']) ); - } - $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", + + $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc(datetime_convert()), intval($importer['importer_uid']), intval($posted_id) - ); + ); + } - $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); - - proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &", - array(),$foo)); - - if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) { - require_once('bbcode.php'); - $from = stripslashes($datarray['author-name']); - $tpl = load_view_file('view/cmnt_received_eml.tpl'); - $email_tpl = replace_macros($tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $importer['username'], - '$email' => $importer['email'], - '$display' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, - '$from' => $from, - '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) - )); - - $res = mail($importer['email'], $from . t(" commented on an item at ") . $a->config['sitename'], - $email_tpl,t("From: Administrator@") . $a->get_hostname() ); + if($posted_id && $parent) { + + $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); + + proc_run($php_path,"include/notifier.php","comment-import","$posted_id"); + + if((! $is_like) && ($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) { + require_once('bbcode.php'); + $from = stripslashes($datarray['author-name']); + $tpl = load_view_file('view/cmnt_received_eml.tpl'); + $email_tpl = replace_macros($tpl, array( + '$sitename' => $a->config['sitename'], + '$siteurl' => $a->get_baseurl(), + '$username' => $importer['username'], + '$email' => $importer['email'], + '$display' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, + '$from' => $from, + '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) + )); + + $res = mail($importer['email'], $from . t(' commented on an item at ') . $a->config['sitename'], + $email_tpl, "From: " . t('Administrator') . '@' . $a->get_hostname() ); + } } - } - xml_status(0); - // NOTREACHED + xml_status(0); + // NOTREACHED + } } else { // regular comment that is part of this total conversation. Have we seen it? If not, import it. @@ -321,13 +379,13 @@ function dfrn_notify_post(&$a) { if(($datarray['type'] != 'activity') && ($importer['notify-flags'] & NOTIFY_COMMENT)) { - $myconv = q("SELECT `author-link` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d", + $myconv = q("SELECT `author-link` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d AND `parent` != 0 ", dbesc($parent_uri), intval($importer['importer_uid']) ); if(count($myconv)) { foreach($myconv as $conv) { - if($conv['author-link'] != $importer['url']) + if(! link_compare($conv['author-link'],$importer['url'])) continue; require_once('bbcode.php'); $from = stripslashes($datarray['author-name']); @@ -338,7 +396,7 @@ function dfrn_notify_post(&$a) { '$username' => $importer['username'], '$email' => $importer['email'], '$from' => $from, - '$display' => $a->get_baseurl() . '/display/' . $r, + '$display' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $r, '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) )); @@ -414,12 +472,13 @@ function dfrn_notify_content(&$a) { $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time())); $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` ) - VALUES( '%s', '%s', '%s') ", + VALUES( '%s', '%s', %d ) ", dbesc($hash), dbesc($dfrn_id), - intval(time() + 60 ) + intval(time() + 90 ) ); + logger('dfrn_notify: challenge=' . $hash ); $sql_extra = ''; switch($direction) { @@ -452,24 +511,33 @@ function dfrn_notify_content(&$a) { $encrypted_id = ''; $id_str = $my_id . '.' . mt_rand(1000,9999); - if((($r[0]['duplex']) && strlen($r[0]['pubkey'])) || (! strlen($r[0]['prvkey']))) { - openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); - openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); - } - else { + if((($r[0]['duplex']) && strlen($r[0]['prvkey'])) || (! strlen($r[0]['pubkey']))) { openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); } + else { + openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); + openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); + } $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); + $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0); + + $rino_enable = get_config('system','rino_encrypt'); + + if(! $rino_enable) + $rino = 0; + + header("Content-type: text/xml"); echo '' . "\r\n" . '' . "\r\n" . "\t" . '' . $status . '' . "\r\n" . "\t" . '' . DFRN_PROTOCOL_VERSION . '' . "\r\n" + . "\t" . '' . $rino . '' . "\r\n" . "\t" . '' . $encrypted_id . '' . "\r\n" . "\t" . '' . $challenge . '' . "\r\n" . '' . "\r\n" ;