X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_notify.php;h=dffbb597404a544090a226b2388b506d0588d0fb;hb=3d9845f4a45f963161e31fe18d69ed31e38af003;hp=0a3dac2546da0efb075371eba1ff7f126ca33cb6;hpb=15f011b34c3a6005fc4d0b6230db44e7ccfa4fcc;p=friendica.git diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 0a3dac2546..dffbb59740 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -6,10 +6,12 @@ require_once('include/items.php'); function dfrn_notify_post(&$a) { - $dfrn_id = notags(trim($_POST['dfrn_id'])); - $dfrn_version = (float) $_POST['dfrn_version']; - $challenge = notags(trim($_POST['challenge'])); - $data = $_POST['data']; + $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ''); + $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); + $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : ''); + $data = ((x($_POST,'data')) ? $_POST['data'] : ''); + $key = ((x($_POST,'key')) ? $_POST['key'] : ''); + $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0); $direction = (-1); if(strpos($dfrn_id,':') == 1) { @@ -22,7 +24,7 @@ function dfrn_notify_post(&$a) { dbesc($challenge) ); if(! count($r)) { - logger('dfrn_notify: could not match challenge to dfrn_id ' . $dfrn_id); + logger('dfrn_notify: could not match challenge to dfrn_id ' . $dfrn_id . ' challenge=' . $challenge); xml_status(3); } @@ -50,7 +52,8 @@ function dfrn_notify_post(&$a) { } - $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` + $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, + `contact`.`pubkey` AS `cpubkey`, `contact`.`prvkey` AS `cprvkey`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' $sql_extra LIMIT 1", @@ -63,11 +66,56 @@ function dfrn_notify_post(&$a) { //NOTREACHED } + // $importer in this case contains the contact record for the remote contact joined with the user record of our user. + $importer = $r[0]; logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']); logger('dfrn_notify: data: ' . $data, LOGGER_DATA); + if($dissolve == 1) { + + /** + * Relationship is dissolved permanently + */ + + require_once('include/Contact.php'); + contact_remove($importer['id']); + logger('relationship dissolved : ' . $importer['name'] . ' dissolved ' . $importer['username']); + xml_status(0); + + } + + if(strlen($key)) { + $rawkey = hex2bin(trim($key)); + logger('rino: md5 raw key: ' . md5($rawkey)); + $final_key = ''; + + if($dfrn_version >= 2.1) { + if((($importer['duplex']) && strlen($importer['cprvkey'])) || (! strlen($importer['cpubkey']))) { + openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']); + } + else { + openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']); + } + } + else { + if((($importer['duplex']) && strlen($importer['cpubkey'])) || (! strlen($importer['cprvkey']))) { + openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']); + } + else { + openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']); + } + } + + logger('rino: received key : ' . $final_key); + $data = aes_decrypt(hex2bin($data),$final_key); + logger('rino: decrypted data: ' . $data, LOGGER_DATA); + } + + + + if($importer['readonly']) { // We aren't receiving stuff from this person. But we will quietly ignore them // rather than a blatant "go away" message. @@ -105,7 +153,6 @@ function dfrn_notify_post(&$a) { $msg['contact-id'] = $importer['id']; $msg['title'] = notags(unxmlify($base['subject'][0]['data'])); $msg['body'] = escape_tags(unxmlify($base['content'][0]['data'])); - $msg['delivered'] = 1; $msg['seen'] = 0; $msg['replied'] = 0; $msg['uri'] = notags(unxmlify($base['id'][0]['data'])); @@ -150,69 +197,80 @@ function dfrn_notify_post(&$a) { xml_status(0); // NOTREACHED } + + logger('dfrn_notify: feed item count = ' . $feed->get_item_quantity()); + + // process any deleted entries + + $del_entries = $feed->get_feed_tags(NAMESPACE_TOMB, 'deleted-entry'); + if(is_array($del_entries) && count($del_entries)) { + foreach($del_entries as $dentry) { + $deleted = false; + if(isset($dentry['attribs']['']['ref'])) { + $uri = $dentry['attribs']['']['ref']; + $deleted = true; + if(isset($dentry['attribs']['']['when'])) { + $when = $dentry['attribs']['']['when']; + $when = datetime_convert('UTC','UTC', $when, 'Y-m-d H:i:s'); + } + else + $when = datetime_convert('UTC','UTC','now','Y-m-d H:i:s'); + } + if($deleted) { + $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + dbesc($uri), + intval($importer['importer_uid']) + ); + if(count($r)) { + $item = $r[0]; - foreach($feed->get_items() as $item) { - - $deleted = false; + if(! $item['deleted']) + logger('dfrn_notify: deleting item ' . $item['id'] . ' uri=' . $item['uri'], LOGGER_DEBUG); - $rawdelete = $item->get_item_tags( NAMESPACE_TOMB , 'deleted-entry'); - if(isset($rawdelete[0]['attribs']['']['ref'])) { - $uri = $rawthread[0]['attribs']['']['ref']; - $deleted = true; - if(isset($rawdelete[0]['attribs']['']['when'])) { - $when = $rawthread[0]['attribs']['']['when']; - $when = datetime_convert('UTC','UTC', $when, 'Y-m-d H:i:s'); - } - else - $when = datetime_convert('UTC','UTC','now','Y-m-d H:i:s'); - } - if($deleted) { - $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", - dbesc($uri), - intval($importer['importer_uid']) - ); - if(count($r)) { - $item = $r[0]; - if($item['uri'] == $item['parent-uri']) { - $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' - WHERE `parent-uri` = '%s' AND `uid` = %d", - dbesc($when), - dbesc(datetime_convert()), - dbesc($item['uri']), - intval($importer['importer_uid']) - ); - } - else { - $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' - WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", - dbesc($when), - dbesc(datetime_convert()), - dbesc($uri), - intval($importer['importer_uid']) - ); - if($item['last-child']) { - // ensure that last-child is set in case the comment that had it just got wiped. - $q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ", + if($item['uri'] == $item['parent-uri']) { + $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' + WHERE `parent-uri` = '%s' AND `uid` = %d", + dbesc($when), dbesc(datetime_convert()), - dbesc($item['parent-uri']), - intval($item['uid']) + dbesc($item['uri']), + intval($importer['importer_uid']) ); - // who is the last child now? - $r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d - ORDER BY `created` DESC LIMIT 1", - dbesc($item['parent-uri']), - intval($importer['importer_uid']) + } + else { + $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' + WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + dbesc($when), + dbesc(datetime_convert()), + dbesc($uri), + intval($importer['importer_uid']) ); - if(count($r)) { - q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d LIMIT 1", - intval($r[0]['id']) + if($item['last-child']) { + // ensure that last-child is set in case the comment that had it just got wiped. + q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ", + dbesc(datetime_convert()), + dbesc($item['parent-uri']), + intval($item['uid']) ); - } - } + // who is the last child now? + $r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d + ORDER BY `created` DESC LIMIT 1", + dbesc($item['parent-uri']), + intval($importer['importer_uid']) + ); + if(count($r)) { + q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d LIMIT 1", + intval($r[0]['id']) + ); + } + } + } } - } - continue; + } } + } + + + foreach($feed->get_items() as $item) { $is_reply = false; $item_id = $item->get_id(); @@ -224,6 +282,8 @@ function dfrn_notify_post(&$a) { if($is_reply) { if($feed->get_item_quantity() == 1) { + logger('dfrn_notify: received remote comment'); + $is_like = false; // remote reply to our post. Import and then notify everybody else. $datarray = get_atom_elements($feed,$item); $datarray['type'] = 'remote-comment'; @@ -232,36 +292,43 @@ function dfrn_notify_post(&$a) { $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; if(($datarray['verb'] == ACTIVITY_LIKE) || ($datarray['verb'] == ACTIVITY_DISLIKE)) { + $is_like = true; $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; + $datarray['last-child'] = 0; } $posted_id = item_store($datarray); + $parent = 0; if($posted_id) { $r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($posted_id), intval($importer['importer_uid']) ); - if(count($r)) { + if(count($r)) + $parent = $r[0]['parent']; + + if(! $is_like) { $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d", dbesc(datetime_convert()), intval($importer['importer_uid']), intval($r[0]['parent']) ); - } - $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", + + $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc(datetime_convert()), intval($importer['importer_uid']), intval($posted_id) - ); + ); + } - if($datarray['type'] == 'remote-comment') { + if($posted_id && $parent) { + $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); - proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &", - array(),$foo)); - - if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) { + proc_run($php_path,"include/notifier.php","comment-import","$posted_id"); + + if((! $is_like) && ($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) { require_once('bbcode.php'); $from = stripslashes($datarray['author-name']); $tpl = load_view_file('view/cmnt_received_eml.tpl'); @@ -270,19 +337,18 @@ function dfrn_notify_post(&$a) { '$siteurl' => $a->get_baseurl(), '$username' => $importer['username'], '$email' => $importer['email'], - '$display' => $a->get_baseurl() . '/display/' . $posted_id, + '$display' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, '$from' => $from, - '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) + '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) )); - $res = mail($importer['email'], $from . t(" commented on your item at ") . $a->config['sitename'], - $email_tpl,t("From: Administrator@") . $a->get_hostname() ); + $res = mail($importer['email'], $from . t(' commented on an item at ') . $a->config['sitename'], + $email_tpl, "From: " . t('Administrator') . '@' . $a->get_hostname() ); } } + xml_status(0); + // NOTREACHED } - xml_status(0); - // NOTREACHED - } else { // regular comment that is part of this total conversation. Have we seen it? If not, import it. @@ -314,31 +380,30 @@ function dfrn_notify_post(&$a) { $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; } - $r = item_store($datarray); // find out if our user is involved in this conversation and wants to be notified. if(($datarray['type'] != 'activity') && ($importer['notify-flags'] & NOTIFY_COMMENT)) { - $myconv = q("SELECT `author-link` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d", + $myconv = q("SELECT `author-link` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d AND `parent` != 0 ", dbesc($parent_uri), intval($importer['importer_uid']) ); if(count($myconv)) { foreach($myconv as $conv) { - if($conv['author-link'] != $importer['url']) + if(! link_compare($conv['author-link'],$importer['url'])) continue; require_once('bbcode.php'); $from = stripslashes($datarray['author-name']); - $tpl = load_view_file('view/cmnt_received_eml.tpl'); + $tpl = load_view_file('view/cmnt_received_eml.tpl'); $email_tpl = replace_macros($tpl, array( '$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $importer['username'], '$email' => $importer['email'], '$from' => $from, - '$display' => $a->get_baseurl() . '/display' . $r, + '$display' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $r, '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) )); @@ -414,12 +479,13 @@ function dfrn_notify_content(&$a) { $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time())); $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` ) - VALUES( '%s', '%s', '%s') ", + VALUES( '%s', '%s', %d ) ", dbesc($hash), dbesc($dfrn_id), - intval(time() + 60 ) + intval(time() + 90 ) ); + logger('dfrn_notify: challenge=' . $hash ); $sql_extra = ''; switch($direction) { @@ -452,24 +518,33 @@ function dfrn_notify_content(&$a) { $encrypted_id = ''; $id_str = $my_id . '.' . mt_rand(1000,9999); - if((($r[0]['duplex']) && strlen($r[0]['pubkey'])) || (! strlen($r[0]['prvkey']))) { - openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); - openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); - } - else { + if((($r[0]['duplex']) && strlen($r[0]['prvkey'])) || (! strlen($r[0]['pubkey']))) { openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); } + else { + openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); + openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); + } $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); + $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0); + + $rino_enable = get_config('system','rino_encrypt'); + + if(! $rino_enable) + $rino = 0; + + header("Content-type: text/xml"); echo '' . "\r\n" . '' . "\r\n" . "\t" . '' . $status . '' . "\r\n" . "\t" . '' . DFRN_PROTOCOL_VERSION . '' . "\r\n" + . "\t" . '' . $rino . '' . "\r\n" . "\t" . '' . $encrypted_id . '' . "\r\n" . "\t" . '' . $challenge . '' . "\r\n" . '' . "\r\n" ;