X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_request.php;h=24c466bba5655e9533073ffe5d89d383e7ffb9cb;hb=3c076b53fe0fb3d5e625b773a5e4723dece0a057;hp=9c8064db5224dda5d9ac586ee8b5a12b5b62b36f;hpb=70f4f172dc1785f9a68b5f0dafbfb4cc365a449f;p=friendica.git diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 9c8064db52..24c466bba5 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -217,17 +217,57 @@ function dfrn_request_post(&$a) { return; } - $nickname = $a->profile['nickname']; - $notify_flags = $a->profile['notify-flags']; - $uid = $a->profile['uid']; - + $nickname = $a->profile['nickname']; + $notify_flags = $a->profile['notify-flags']; + $uid = $a->profile['uid']; + $maxreq = intval($a->profile['maxreq']); $contact_record = null; - $failed = false; - $parms = null; + $failed = false; + $parms = null; if( x($_POST,'dfrn_url')) { + /** + * Block friend request spam + */ + + if($maxreq) { + $r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d", + dbesc(datetime_convert('UTC','UTC','now - 24 hours')), + intval($uid) + ); + if(count($r) > $maxreq) { + notice( $a->profile['name'] . t(' has received too many connection requests today.') . EOL); + notice( t('Spam protection measures have been invoked.') . EOL); + notice( t('Friends are advised to please try again in 24 hours.') . EOL); + return; + } + } + + /** + * + * Cleanup old introductions that remain blocked. + * Also remove the contact record, but only if there is no existing relationship + * + */ + + $r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel` + FROM `intro` LEFT JOIN `contact` on `intro`.`contact-id` = `contact`.`id` + WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0 AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 30 MINUTE "); + if(count($r)) { + foreach($r as $rr) { + if(! $rr['rel']) { + q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1", + intval($rr['cid']) + ); + } + q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", + intval($rr['iid']) + ); + } + } + $url = trim($_POST['dfrn_url']); if(! strlen($url)) { notice( t("Invalid locator") . EOL ); @@ -427,7 +467,6 @@ function dfrn_request_content(&$a) { if(($a->argc != 2) || (! count($a->profile))) return ""; - $a->page['template'] = 'profile'; // "Homecoming". Make sure we're logged in to this site as the correct user. Then offer a confirm button // to send us to the post section to record the introduction. @@ -436,6 +475,12 @@ function dfrn_request_content(&$a) { if(! local_user()) { notice( t("Please login to confirm introduction.") . EOL ); + + /* setup the return URL to come back to this page if they use openid */ + + $stripped = str_replace('q=','',$a->query_string); + $_SESSION['return_url'] = trim($stripped,'/'); + return login(); } @@ -528,12 +573,44 @@ function dfrn_request_content(&$a) { return; // NOTREACHED } else { - $myaddr = ((x($_GET,'address')) ? urldecode($_GET['address']) : ''); - // Normal web request. Display our user's introduction form. + + /** + * Normal web request. Display our user's introduction form. + */ + + /** + * Try to auto-fill the profile address + */ + + if(local_user()) { + if(strlen($a->path)) { + $myaddr = $a->get_baseurl() . '/profile/' . $a->user['nickname']; + } + else { + $myaddr = $a->user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3 ); + } + } + elseif(x($_GET,'addr')) { + $myaddr = hex2bin($_GET['addr']); + } + else { + /* $_GET variables are already urldecoded */ + $myaddr = ((x($_GET,'address')) ? $_GET['address'] : ''); + } + + /** + * + * The auto_request form only has the profile address + * because nobody is going to read the comments and + * it doesn't matter if they know you or not. + * + */ + if($a->profile['page-flags'] == PAGE_NORMAL) $tpl = load_view_file('view/dfrn_request.tpl'); else $tpl = load_view_file('view/auto_request.tpl'); + $o .= replace_macros($tpl,array( '$header' => t('Friend/Connection Request'), '$pls_answer' => t('Please answer the following:'),