X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_notify.php;h=e4aabba5a1626af7a7b293e4790e20384b910253;hb=bf60ec070bb5af0eb1d37772cfdacda4f9c39a19;hp=5779b68d2a1d7cbf28f820de0165cca147dce592;hpb=033935c19406c8468ed75fdd15a3a532f4e25319;p=friendica.git diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 5779b68d2a..e4aabba5a1 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -6,10 +6,11 @@ require_once('include/items.php'); function dfrn_notify_post(&$a) { - $dfrn_id = notags(trim($_POST['dfrn_id'])); - $dfrn_version = (float) $_POST['dfrn_version']; - $challenge = notags(trim($_POST['challenge'])); - $data = $_POST['data']; + $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ''); + $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); + $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : ''); + $data = ((x($_POST,'data')) ? $_POST['data'] : ''); + $key = ((x($_POST,'key')) ? $_POST['key'] : ''); $direction = (-1); if(strpos($dfrn_id,':') == 1) { @@ -21,8 +22,10 @@ function dfrn_notify_post(&$a) { dbesc($dfrn_id), dbesc($challenge) ); - if(! count($r)) + if(! count($r)) { + logger('dfrn_notify: could not match challenge to dfrn_id ' . $dfrn_id); xml_status(3); + } $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", dbesc($dfrn_id), @@ -34,7 +37,7 @@ function dfrn_notify_post(&$a) { $sql_extra = ''; switch($direction) { case (-1): - $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + $sql_extra = sprintf(" AND ( `issued-id` = '%s' OR `dfrn-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id)); break; case 0: $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); @@ -48,26 +51,50 @@ function dfrn_notify_post(&$a) { } - $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` + $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, + `contact`.`pubkey` AS `cpubkey`, `contact`.`prvkey` AS `cprvkey`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra LIMIT 1" + WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND `user`.`nickname` = '%s' $sql_extra LIMIT 1", + dbesc($a->argv[1]) ); if(! count($r)) { + logger('dfrn_notify: contact not found for dfrn_id ' . $dfrn_id); xml_status(3); //NOTREACHED } $importer = $r[0]; + logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']); + logger('dfrn_notify: data: ' . $data, LOGGER_DATA); if($importer['readonly']) { // We aren't receiving stuff from this person. But we will quietly ignore them // rather than a blatant "go away" message. + logger('dfrn_notify: ignoring'); xml_status(0); //NOTREACHED } + if(strlen($key)) { + $rawkey = hex2bin(trim($key)); + logger('rino: md5 raw key: ' . md5($rawkey)); + $final_key = ''; + + if((($importer['duplex']) && strlen($importer['cpubkey'])) || (! strlen($importer['cprvkey']))) { + openssl_public_decrypt($rawkey,$final_key,$importer['cpubkey']); + } + else { + openssl_private_decrypt($rawkey,$final_key,$importer['cprvkey']); + } + + logger('rino: received key : ' . $final_key); + $data = aes_decrypt(hex2bin($data),$final_key); + logger('rino: decrypted data: ' . $data, LOGGER_DATA); + } + // Consume notification feed. This may differ from consuming a public feed in several ways // - might contain email // - might contain remote followup to our message @@ -84,6 +111,8 @@ function dfrn_notify_post(&$a) { $rawmail = $feed->get_feed_tags( NAMESPACE_DFRN, 'mail' ); if(isset($rawmail[0]['child'][NAMESPACE_DFRN])) { + logger('dfrn_notify: private message received'); + $ismail = true; $base = $rawmail[0]['child'][NAMESPACE_DFRN]; @@ -95,7 +124,6 @@ function dfrn_notify_post(&$a) { $msg['contact-id'] = $importer['id']; $msg['title'] = notags(unxmlify($base['subject'][0]['data'])); $msg['body'] = escape_tags(unxmlify($base['content'][0]['data'])); - $msg['delivered'] = 1; $msg['seen'] = 0; $msg['replied'] = 0; $msg['uri'] = notags(unxmlify($base['id'][0]['data'])); @@ -104,13 +132,21 @@ function dfrn_notify_post(&$a) { dbesc_array($msg); - $r = q("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg)) + $r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg)) . "`) VALUES ('" . implode("', '", array_values($msg)) . "')" ); // send email notification if requested. require_once('bbcode.php'); if($importer['notify-flags'] & NOTIFY_MAIL) { + + $body = html_entity_decode(strip_tags(bbcode(stripslashes($msg['body']))),ENT_QUOTES,'UTF-8'); + + if(function_exists('quoted_printable_encode')) + $body = quoted_printable_encode($body); + else + $body = qp($body); + $tpl = load_view_file('view/mail_received_eml.tpl'); $email_tpl = replace_macros($tpl, array( '$sitename' => $a->config['sitename'], @@ -119,15 +155,21 @@ function dfrn_notify_post(&$a) { '$email' => $importer['email'], '$from' => $msg['from-name'], '$title' => stripslashes($msg['title']), - '$body' => strip_tags(bbcode(stripslashes($msg['body']))) + '$body' => $body )); $res = mail($importer['email'], t('New mail received at ') . $a->config['sitename'], - $email_tpl, 'From: ' . t('Administrator') . '@' . $a->get_hostname() ); + $email_tpl, 'From: ' . t('Administrator') . '@' . $a->get_hostname() . "\r\n" + . 'MIME-Version: 1.0' . "\r\n" + . 'Content-type: text/plain; charset=UTF-8' . "\r\n" + . 'Content-transfer-encoding: quoted-printable' . "\r\n" + ); } xml_status(0); // NOTREACHED } + + logger('dfrn_notify: feed item count = ' . $feed->get_item_quantity()); foreach($feed->get_items() as $item) { @@ -202,63 +244,67 @@ function dfrn_notify_post(&$a) { if($is_reply) { if($feed->get_item_quantity() == 1) { + logger('dfrn_notify: received remote comment'); + $is_like = false; // remote reply to our post. Import and then notify everybody else. - $datarray = get_atom_elements($item); + $datarray = get_atom_elements($feed,$item); $datarray['type'] = 'remote-comment'; $datarray['wall'] = 1; $datarray['parent-uri'] = $parent_uri; $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; if(($datarray['verb'] == ACTIVITY_LIKE) || ($datarray['verb'] == ACTIVITY_DISLIKE)) { + $is_like = true; $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; + $datarray['last-child'] = 0; } $posted_id = item_store($datarray); if($posted_id) { - $r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($posted_id), - intval($importer['importer_uid']) - ); - if(count($r)) { - $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d", - dbesc(datetime_convert()), - intval($importer['importer_uid']), - intval($r[0]['parent']) + if(! $is_like) { + $r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($posted_id), + intval($importer['importer_uid']) + ); + if(count($r)) { + $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d", + dbesc(datetime_convert()), + intval($importer['importer_uid']), + intval($r[0]['parent']) + ); + } + $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", + dbesc(datetime_convert()), + intval($importer['importer_uid']), + intval($posted_id) ); } - $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", - dbesc(datetime_convert()), - intval($importer['importer_uid']), - intval($posted_id) - ); - - if($datarray['type'] == 'remote-comment') { - $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); - $proc_debug = get_config('system','proc_debug'); - - proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" $proc_debug &", - array(),$foo)); - - if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) { - require_once('bbcode.php'); - $from = stripslashes($datarray['author-name']); - $tpl = load_view_file('view/cmnt_received_eml.tpl'); - $email_tpl = replace_macros($tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $importer['username'], - '$email' => $importer['email'], - '$from' => $from, + $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); + + proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &", + array(),$foo)); + + if((! $is_like) && ($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) { + require_once('bbcode.php'); + $from = stripslashes($datarray['author-name']); + $tpl = load_view_file('view/cmnt_received_eml.tpl'); + $email_tpl = replace_macros($tpl, array( + '$sitename' => $a->config['sitename'], + '$siteurl' => $a->get_baseurl(), + '$username' => $importer['username'], + '$email' => $importer['email'], + '$display' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, + '$from' => $from, '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) - )); + )); - $res = mail($importer['email'], $from . t(" commented on your item at ") . $a->config['sitename'], - $email_tpl,t("From: Administrator@") . $a->get_hostname() ); - } + $res = mail($importer['email'], $from . t(' commented on an item at ') . $a->config['sitename'], + $email_tpl, "From: " . t('Administrator') . '@' . $a->get_hostname() ); } } + xml_status(0); // NOTREACHED @@ -285,7 +331,7 @@ function dfrn_notify_post(&$a) { } continue; } - $datarray = get_atom_elements($item); + $datarray = get_atom_elements($feed,$item); $datarray['parent-uri'] = $parent_uri; $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; @@ -317,6 +363,7 @@ function dfrn_notify_post(&$a) { '$username' => $importer['username'], '$email' => $importer['email'], '$from' => $from, + '$display' => $a->get_baseurl() . '/display/' . $r, '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) )); @@ -352,7 +399,7 @@ function dfrn_notify_post(&$a) { } - $datarray = get_atom_elements($item); + $datarray = get_atom_elements($feed,$item); $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; @@ -377,6 +424,7 @@ function dfrn_notify_content(&$a) { $dfrn_id = notags(trim($_GET['dfrn_id'])); $dfrn_version = (float) $_GET['dfrn_version']; + logger('dfrn_notify: new notification dfrn_id=' . $dfrn_id); $direction = (-1); if(strpos($dfrn_id,':') == 1) { @@ -401,7 +449,7 @@ function dfrn_notify_content(&$a) { $sql_extra = ''; switch($direction) { case (-1): - $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); + $sql_extra = sprintf(" AND ( `issued-id` = '%s' OR `dfrn-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id)); $my_id = $dfrn_id; break; case 0: @@ -417,7 +465,10 @@ function dfrn_notify_content(&$a) { break; // NOTREACHED } - $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1"); + $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` + WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' $sql_extra LIMIT 1", + dbesc($a->argv[1]) + ); if(! count($r)) $status = 1; @@ -426,7 +477,7 @@ function dfrn_notify_content(&$a) { $encrypted_id = ''; $id_str = $my_id . '.' . mt_rand(1000,9999); - if(($r[0]['duplex']) && strlen($r[0]['pubkey'])) { + if((($r[0]['duplex']) && strlen($r[0]['pubkey'])) || (! strlen($r[0]['prvkey']))) { openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); } @@ -438,12 +489,21 @@ function dfrn_notify_content(&$a) { $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); + $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0); + + $rino_enable = get_config('system','rino_encrypt'); + + if(! $rino_enable) + $rino = 0; + + header("Content-type: text/xml"); echo '' . "\r\n" . '' . "\r\n" . "\t" . '' . $status . '' . "\r\n" . "\t" . '' . DFRN_PROTOCOL_VERSION . '' . "\r\n" + . "\t" . '' . $rino . '' . "\r\n" . "\t" . '' . $encrypted_id . '' . "\r\n" . "\t" . '' . $challenge . '' . "\r\n" . '' . "\r\n" ;