X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_poll.php;h=0d703dfb3122523a2b3484665e91ead80cef7e2d;hb=7ae1e4620de35329350fd54b3598666e143ea0a0;hp=5149dc3b211afd6b62de6074bd92d3a841c1b1fe;hpb=1bba63fb607c2cb5fb2c002e63ad7128ecf8b1ea;p=friendica.git

diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index 5149dc3b21..0d703dfb31 100644
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -16,6 +16,7 @@ function dfrn_poll_init(&$a) {
 	$challenge       = ((x($_GET,'challenge'))       ? $_GET['challenge']            : '');
 	$sec             = ((x($_GET,'sec'))             ? $_GET['sec']                  : '');
 	$dfrn_version    = ((x($_GET,'dfrn_version'))    ? (float) $_GET['dfrn_version'] : 2.0);
+	$perm            = ((x($_GET,'perm'))            ? $_GET['perm']                 : 'r');
 
 	$direction = (-1);
 
@@ -25,11 +26,24 @@ function dfrn_poll_init(&$a) {
 		$dfrn_id   = substr($dfrn_id,2);
 	}
 
-	if(($dfrn_id === '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
-		logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] );
+	if(($dfrn_id === '') && (! x($_POST,'dfrn_id'))) {
+		if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
+			killme();
+		}
+
+		$user = '';
+		if($a->argc > 1) {
+			$r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
+				dbesc($a->argv[1])
+			);
+			if((! count($r)) || (count($r) && $r[0]['hidewall']))
+				killme();
+			$user = $r[0]['nickname'];
+		}
+ 
+		logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
 		header("Content-type: application/atom+xml");
-		$o = get_feed_for($a, '', $a->argv[1],$last_update);
-		echo $o;
+		echo get_feed_for($a, '', $user,$last_update);
 		killme();
 	}
 
@@ -50,7 +64,7 @@ function dfrn_poll_init(&$a) {
 				$my_id = '0:' . $dfrn_id;
 				break;
 			default:
-				goaway($a->get_baseurl());
+				goaway(z_root());
 				break; // NOTREACHED
 		}
 
@@ -69,13 +83,20 @@ function dfrn_poll_init(&$a) {
 
 			if(strlen($s)) {
 
-				$xml = simplexml_load_string($s);
+				$xml = parse_xml_string($s);
 
 				if((int) $xml->status == 1) {
 					$_SESSION['authenticated'] = 1;
+					if(! x($_SESSION,'remote'))
+						$_SESSION['remote'] = array();
+
+					$_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']);
+
 					$_SESSION['visitor_id'] = $r[0]['id'];
 					$_SESSION['visitor_home'] = $r[0]['url'];
-					notice( sprintf(t('%s welcomes %s'), $r[0]['username'] , $r[0]['name']) . EOL);
+					$_SESSION['visitor_handle'] = $r[0]['addr'];
+					$_SESSION['visitor_visiting'] = $r[0]['uid'];
+					info( sprintf(t('%s welcomes %s'), $r[0]['username'] , $r[0]['name']) . EOL);
 					// Visitors get 1 day session.
 					$session_id = session_id();
 					$expire = time() + 86400;
@@ -88,7 +109,7 @@ function dfrn_poll_init(&$a) {
 			$profile = $r[0]['nickname'];
 			goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
 		}
-		goaway($a->get_baseurl());
+		goaway(z_root());
 
 	}
 
@@ -183,9 +204,10 @@ function dfrn_poll_post(&$a) {
 	$challenge    = ((x($_POST,'challenge'))    ? $_POST['challenge']            : '');
 	$url          = ((x($_POST,'url'))          ? $_POST['url']                  : '');
 	$sec          = ((x($_POST,'sec'))          ? $_POST['sec']                  : '');
-	$ptype        = ((x($_POST,'type'))         ? $_POST['type']                  : '');
+	$ptype        = ((x($_POST,'type'))         ? $_POST['type']                 : '');
 	$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
-
+	$perm         = ((x($_POST,'perm'))         ? $_POST['perm']                 : 'r');
+          
 	if($ptype === 'profile-check') {
 
 		if((strlen($challenge)) && (strlen($sec))) {
@@ -284,7 +306,7 @@ function dfrn_poll_post(&$a) {
 			$my_id = '0:' . $dfrn_id;
 			break;
 		default:
-			goaway($a->get_baseurl());
+			goaway(z_root());
 			break; // NOTREACHED
 	}
 
@@ -295,6 +317,7 @@ function dfrn_poll_post(&$a) {
 	if(! count($r))
 		killme();
 
+	$contact = $r[0];
 	$owner_uid = $r[0]['uid'];
 	$contact_id = $r[0]['id']; 
 
@@ -328,6 +351,23 @@ function dfrn_poll_post(&$a) {
 		// NOTREACHED
 	}
 	else {
+
+		// Update the writable flag if it changed		
+		logger('dfrn_poll: post request feed: ' . print_r($_POST,true),LOGGER_DATA);
+		if($dfrn_version >= 2.21) {
+			if($perm === 'rw')
+				$writable = 1;
+			else
+				$writable = 0;
+
+			if($writable !=  $contact['writable']) {
+				q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1",
+					intval($writable),
+					intval($contact_id)
+				);
+			}
+		}
+				
 		header("Content-type: application/atom+xml");
 		$o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction);
 		echo $o;
@@ -344,6 +384,7 @@ function dfrn_poll_content(&$a) {
 	$destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url']      : '');
 	$sec             = ((x($_GET,'sec'))             ? $_GET['sec']                  : '');
 	$dfrn_version    = ((x($_GET,'dfrn_version'))    ? (float) $_GET['dfrn_version'] : 2.0);
+	$perm            = ((x($_GET,'perm'))            ? $_GET['perm']                 : 'r');
 
 	$direction = (-1);
 	if(strpos($dfrn_id,':') == 1) {
@@ -388,15 +429,17 @@ function dfrn_poll_content(&$a) {
 				$my_id = '0:' . $dfrn_id;
 				break;
 			default:
-				goaway($a->get_baseurl());
+				goaway(z_root());
 				break; // NOTREACHED
 		}
 
+		$nickname = $a->argv[1];
+
 		$r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname` 
 			FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
 			WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 
 			AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
-			dbesc($a->argv[1])
+			dbesc($nickname)
 		);
 
 		if(count($r)) {
@@ -405,7 +448,7 @@ function dfrn_poll_content(&$a) {
 			$encrypted_id = '';
 			$id_str = $my_id . '.' . mt_rand(1000,9999);
 
-			if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {
+			if(($r[0]['duplex'] && strlen($r[0]['pubkey'])) || (! strlen($r[0]['prvkey']))) {
 				openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
 				openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
 			}
@@ -446,7 +489,7 @@ function dfrn_poll_content(&$a) {
 				));
 			}
 			
-			$profile = $r[0]['nickname'];
+			$profile = ((count($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
 
 			switch($destination_url) {
 				case 'profile':
@@ -468,7 +511,7 @@ function dfrn_poll_content(&$a) {
 
 			if(strlen($s) && strstr($s,'<?xml')) {
 
-				$xml = simplexml_load_string($s);
+				$xml = parse_xml_string($s);
 
 				logger('dfrn_poll: profile: parsed xml: ' . print_r($xml,true), LOGGER_DATA);
 
@@ -478,9 +521,13 @@ function dfrn_poll_content(&$a) {
 				
 				if(((int) $xml->status == 0) && ($xml->challenge == $hash)  && ($xml->sec == $sec)) {
 					$_SESSION['authenticated'] = 1;
+					if(! x($_SESSION,'remote'))
+						$_SESSION['remote'] = array();
+					$_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']);
 					$_SESSION['visitor_id'] = $r[0]['id'];
 					$_SESSION['visitor_home'] = $r[0]['url'];
-					notice( sprintf(t('%s welcomes %s'), $r[0]['username'] , $r[0]['name']) . EOL);
+					$_SESSION['visitor_visiting'] = $r[0]['uid'];
+					info( sprintf(t('%s welcomes %s'), $r[0]['username'] , $r[0]['name']) . EOL);
 					// Visitors get 1 day session.
 					$session_id = session_id();
 					$expire = time() + 86400;