X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_notify.php;h=7f160de44390e0b4be395083bb9fea802d226afd;hb=10c72ec2f19e58405778526a29413bfe91de98f3;hp=71860ac3b13e50d8eccdba825248758df4a6f2bc;hpb=7684f63ecdfce560f24475630144f6058df15ca9;p=friendica.git diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php old mode 100755 new mode 100644 index 71860ac3b1..7f160de443 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -6,7 +6,7 @@ require_once('include/event.php'); function dfrn_notify_post(&$a) { - + logger(__function__, LOGGER_TRACE); $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ''); $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : ''); @@ -17,6 +17,9 @@ function dfrn_notify_post(&$a) { $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none'); $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0); + $forum = (($page == 1) ? 1 : 0); + $prv = (($page == 2) ? 1 : 0); + $writable = (-1); if($dfrn_version >= 2.21) { $writable = (($perm === 'rw') ? 1 : 0); @@ -37,7 +40,7 @@ function dfrn_notify_post(&$a) { xml_status(3); } - $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", + $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s'", dbesc($dfrn_id), dbesc($challenge) ); @@ -59,22 +62,22 @@ function dfrn_notify_post(&$a) { xml_status(3); break; // NOTREACHED } - + // be careful - $importer will contain both the contact information for the contact // sending us the post, and also the user information for the person receiving it. // since they are mixed together, it is easy to get them confused. - $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, - `contact`.`pubkey` AS `cpubkey`, - `contact`.`prvkey` AS `cprvkey`, - `contact`.`thumb` AS `thumb`, + $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, + `contact`.`pubkey` AS `cpubkey`, + `contact`.`prvkey` AS `cprvkey`, + `contact`.`thumb` AS `thumb`, `contact`.`url` as `url`, `contact`.`name` as `senderName`, - `user`.* - FROM `contact` - LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND `user`.`nickname` = '%s' AND `user`.`account_expired` = 0 $sql_extra LIMIT 1", + `user`.* + FROM `contact` + LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` + WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND `user`.`nickname` = '%s' AND `user`.`account_expired` = 0 AND `user`.`account_removed` = 0 $sql_extra LIMIT 1", dbesc($a->argv[1]) ); @@ -84,14 +87,15 @@ function dfrn_notify_post(&$a) { //NOTREACHED } - // $importer in this case contains the contact record for the remote contact joined with the user record of our user. + // $importer in this case contains the contact record for the remote contact joined with the user record of our user. $importer = $r[0]; - if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $page)) { - q("UPDATE `contact` SET `writable` = %d, forum = %d WHERE `id` = %d LIMIT 1", + if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $forum) || ($importer['prv'] != $prv)) { + q("UPDATE `contact` SET `writable` = %d, forum = %d, prv = %d WHERE `id` = %d", intval(($writable == (-1)) ? $importer['writable'] : $writable), - intval($page), + intval($forum), + intval($prv), intval($importer['id']) ); if($writable != (-1)) @@ -99,65 +103,11 @@ function dfrn_notify_post(&$a) { $importer['forum'] = $page; } - // if contact's ssl policy changed, update our links - $ssl_changed = false; - - if($ssl_policy == 'self' && strstr($importer['url'],'https:')) { - $ssl_changed = true; - $importer['url'] = str_replace('https:','http:',$importer['url']); - $importer['nurl'] = normalise_link($importer['url']); - $importer['photo'] = str_replace('https:','http:',$importer['photo']); - $importer['thumb'] = str_replace('https:','http:',$importer['thumb']); - $importer['micro'] = str_replace('https:','http:',$importer['micro']); - $importer['request'] = str_replace('https:','http:',$importer['request']); - $importer['notify'] = str_replace('https:','http:',$importer['notify']); - $importer['poll'] = str_replace('https:','http:',$importer['poll']); - $importer['confirm'] = str_replace('https:','http:',$importer['confirm']); - $importer['poco'] = str_replace('https:','http:',$importer['poco']); - } + // if contact's ssl policy changed, update our links - if($ssl_policy == 'full' && strstr($importer['url'],'http:')) { - $ssl_changed = true; - $importer['url'] = str_replace('http:','https:',$importer['url']); - $importer['nurl'] = normalise_link($importer['url']); - $importer['photo'] = str_replace('http:','https:',$importer['photo']); - $importer['thumb'] = str_replace('http:','https:',$importer['thumb']); - $importer['micro'] = str_replace('http:','https:',$importer['micro']); - $importer['request'] = str_replace('http:','https:',$importer['request']); - $importer['notify'] = str_replace('http:','https:',$importer['notify']); - $importer['poll'] = str_replace('http:','https:',$importer['poll']); - $importer['confirm'] = str_replace('http:','https:',$importer['confirm']); - $importer['poco'] = str_replace('http:','https:',$importer['poco']); - } + fix_contact_ssl_policy($importer,$ssl_policy); - if($ssl_changed) { - q("update contact set - url = '%s', - nurl = '%s', - photo = '%s', - thumb = '%s', - micro = '%s', - request = '%s', - notify = '%s', - poll = '%s', - confirm = '%s', - poco = '%s' - where id = %d limit 1", - dbesc($importer['url']), - dbesc($importer['nurl']), - dbesc($importer['photo']), - dbesc($importer['thumb']), - dbesc($importer['micro']), - dbesc($importer['request']), - dbesc($importer['notify']), - dbesc($importer['poll']), - dbesc($importer['confirm']), - dbesc($importer['poco']), - intval($importer['id']) - ); - } - logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']); logger('dfrn_notify: data: ' . $data, LOGGER_DATA); @@ -167,13 +117,20 @@ function dfrn_notify_post(&$a) { * Relationship is dissolved permanently */ - require_once('include/Contact.php'); + require_once('include/Contact.php'); contact_remove($importer['id']); logger('relationship dissolved : ' . $importer['name'] . ' dissolved ' . $importer['username']); xml_status(0); } + + // If we are setup as a soapbox we aren't accepting input from this person + + if($importer['page-flags'] == PAGE_SOAPBOX) + xml_status(0); + + if(strlen($key)) { $rawkey = hex2bin(trim($key)); logger('rino: md5 raw key: ' . md5($rawkey)); @@ -261,9 +218,9 @@ function dfrn_notify_content(&$a) { break; // NOTREACHED } - $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` - WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' - AND `user`.`account_expired` = 0 $sql_extra LIMIT 1", + $r = q("SELECT `contact`.*, `user`.`nickname`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` + WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' + AND `user`.`account_expired` = 0 AND `user`.`account_removed` = 0 $sql_extra LIMIT 1", dbesc($a->argv[1]) ); @@ -299,15 +256,22 @@ function dfrn_notify_content(&$a) { if(! $rino_enable) $rino = 0; + if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) { + $perm = 'rw'; + } + else { + $perm = 'r'; + } header("Content-type: text/xml"); - echo '' . "\r\n" + echo '' . "\r\n" . '' . "\r\n" . "\t" . '' . $status . '' . "\r\n" . "\t" . '' . DFRN_PROTOCOL_VERSION . '' . "\r\n" - . "\t" . '' . $rino . '' . "\r\n" - . "\t" . '' . $encrypted_id . '' . "\r\n" + . "\t" . '' . $rino . '' . "\r\n" + . "\t" . '' . $perm . '' . "\r\n" + . "\t" . '' . $encrypted_id . '' . "\r\n" . "\t" . '' . $challenge . '' . "\r\n" . '' . "\r\n" ;