X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_request.php;h=7a8021784de9d3d0671ee5283dc7737aa72d5e63;hb=98b727029570b96febd0c5046b688cab1a9bb882;hp=5455996069d0b5fd3324e0073b5c1e2d7d8b10fe;hpb=95bfa17254e655af74e6cbe7a93785be011b2d62;p=friendica.git diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 5455996069..7a8021784d 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -1,18 +1,22 @@ argc > 1) @@ -20,7 +24,7 @@ function dfrn_request_init(&$a) { profile_load($a,$which); return; -}} +} /** @@ -38,8 +42,6 @@ function dfrn_request_init(&$a) { * After logging in, we click 'submit' to approve the linkage. * */ - -if(! function_exists('dfrn_request_post')) { function dfrn_request_post(&$a) { if(($a->argc != 2) || (! count($a->profile))) { @@ -53,7 +55,7 @@ function dfrn_request_post(&$a) { } - /** + /* * * Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell * to confirm the request, and then we've clicked submit (perhaps after logging in). @@ -63,7 +65,7 @@ function dfrn_request_post(&$a) { if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)) { - /** + /* * Ensure this is a valid request */ @@ -75,23 +77,24 @@ function dfrn_request_post(&$a) { $confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : ""); $hidden = ((x($_POST,'hidden-contact')) ? intval($_POST['hidden-contact']) : 0); $contact_record = null; + $blocked = 1; + $pending = 1; if(x($dfrn_url)) { - /** + /* * Lookup the contact based on their URL (which is the only unique thing we have at the moment) */ - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1", intval(local_user()), - dbesc($dfrn_url), dbesc(normalise_link($dfrn_url)) ); - if(count($r)) { + if (dbm::is_result($r)) { if(strlen($r[0]['dfrn-id'])) { - /** + /* * We don't need to be here. It has already happened. */ @@ -111,11 +114,11 @@ function dfrn_request_post(&$a) { } else { - /** + /* * Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo */ - $parms = scrape_dfrn($dfrn_url); + $parms = Probe::profile($dfrn_url); if(! count($parms)) { notice( t('Profile location is not valid or does not contain profile information.') . EOL ); @@ -126,7 +129,7 @@ function dfrn_request_post(&$a) { notice( t('Warning: profile location has no identifiable owner name.') . EOL ); if(! x($parms,'photo')) notice( t('Warning: profile location has no profile photo.') . EOL ); - $invalid = validate_dfrn($parms); + $invalid = Probe::valid_dfrn($parms); if($invalid) { notice( sprintf( tt("%d required parameter was not found at the given location", "%d required parameters were not found at the given location", @@ -137,19 +140,20 @@ function dfrn_request_post(&$a) { $dfrn_request = $parms['dfrn-request']; - /********* Escape the entire array ********/ + $photo = $parms["photo"]; + + // Escape the entire array dbesc_array($parms); - /******************************************/ - /** + /* * Create a contact record on our site for the other person */ $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `addr`, `name`, `nick`, `photo`, `site-pubkey`, - `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`, `hidden`) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d)", + `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`, `hidden`, `blocked`, `pending`) + VALUES ( %d, '%s', '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d)", intval(local_user()), datetime_convert(), dbesc($dfrn_url), @@ -166,7 +170,9 @@ function dfrn_request_post(&$a) { $parms['dfrn-poco'], dbesc(NETWORK_DFRN), intval($aes_allow), - intval($hidden) + intval($hidden), + intval($blocked), + intval($pending) ); } @@ -174,24 +180,24 @@ function dfrn_request_post(&$a) { info( t("Introduction complete.") . EOL); } - $r = q("select id from contact where uid = %d and url = '%s' and `site-pubkey` = '%s' limit 1", + $r = q("SELECT `id`, `network` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `site-pubkey` = '%s' LIMIT 1", intval(local_user()), dbesc($dfrn_url), $parms['key'] // this was already escaped ); - if(count($r)) { - $g = q("select def_gid from user where uid = %d limit 1", - intval(local_user()) - ); - if($g && intval($g[0]['def_gid'])) { - require_once('include/group.php'); - group_add_member(local_user(),'',$r[0]['id'],$g[0]['def_gid']); - } - $forwardurl = $a->get_baseurl()."/contacts/".$r[0]['id']; + if (dbm::is_result($r)) { + $def_gid = get_default_group(local_user(), $r[0]["network"]); + if(intval($def_gid)) + group_add_member(local_user(), '', $r[0]['id'], $def_gid); + + if (isset($photo)) + update_contact_avatar($photo, local_user(), $r[0]["id"], true); + + $forwardurl = App::get_baseurl()."/contacts/".$r[0]['id']; } else - $forwardurl = $a->get_baseurl()."/contacts"; + $forwardurl = App::get_baseurl()."/contacts"; - /** + /* * Allow the blocked remote notification to complete */ @@ -218,7 +224,7 @@ function dfrn_request_post(&$a) { return; // NOTREACHED } - /** + /* * Otherwise: * * Scenario 1: @@ -252,11 +258,13 @@ function dfrn_request_post(&$a) { $contact_record = null; $failed = false; $parms = null; + $blocked = 1; + $pending = 1; if( x($_POST,'dfrn_url')) { - /** + /* * Block friend request spam */ @@ -265,7 +273,7 @@ function dfrn_request_post(&$a) { dbesc(datetime_convert('UTC','UTC','now - 24 hours')), intval($uid) ); - if(count($r) > $maxreq) { + if (dbm::is_result($r) && count($r) > $maxreq) { notice( sprintf( t('%s has received too many connection requests today.'), $a->profile['name']) . EOL); notice( t('Spam protection measures have been invoked.') . EOL); notice( t('Friends are advised to please try again in 24 hours.') . EOL); @@ -273,7 +281,7 @@ function dfrn_request_post(&$a) { } } - /** + /* * * Cleanup old introductions that remain blocked. * Also remove the contact record, but only if there is no existing relationship @@ -287,7 +295,7 @@ function dfrn_request_post(&$a) { AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 30 MINUTE ", dbesc(NETWORK_MAIL2) ); - if(count($r)) { + if (dbm::is_result($r)) { foreach($r as $rr) { if(! $rr['rel']) { q("DELETE FROM `contact` WHERE `id` = %d", @@ -300,7 +308,7 @@ function dfrn_request_post(&$a) { } } - /** + /* * * Cleanup any old email intros - which will have a greater lifetime */ @@ -312,7 +320,7 @@ function dfrn_request_post(&$a) { AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 3 DAY ", dbesc(NETWORK_MAIL2) ); - if(count($r)) { + if (dbm::is_result($r)) { foreach($r as $rr) { if(! $rr['rel']) { q("DELETE FROM `contact` WHERE `id` = %d", @@ -350,8 +358,6 @@ function dfrn_request_post(&$a) { $nurl = normalise_url($host); $poll = 'email ' . random_string(); $notify = 'smtp ' . random_string(); - $blocked = 1; - $pending = 1; $network = NETWORK_MAIL2; $rel = CONTACT_IS_FOLLOWER; @@ -364,8 +370,8 @@ function dfrn_request_post(&$a) { $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval($uid) ); - if(! count($r)) { + if (! dbm::is_result($r)) { notice( t('This account has not been configured for email. Request failed.') . EOL); return; } @@ -388,20 +394,16 @@ function dfrn_request_post(&$a) { intval($rel) ); - $r = q("select id from contact where poll = '%s' and uid = %d limit 1", + $r = q("SELECT `id`, `network` FROM `contact` WHERE `poll` = '%s' AND `uid` = %d LIMIT 1", dbesc($poll), intval($uid) ); - if(count($r)) { + if (dbm::is_result($r)) { $contact_id = $r[0]['id']; - $g = q("select def_gid from user where uid = %d limit 1", - intval($uid) - ); - if($g && intval($g[0]['def_gid'])) { - require_once('include/group.php'); - group_add_member($uid,'',$contact_id,$g[0]['def_gid']); - } + $def_gid = get_default_group($uid, $r[0]["network"]); + if (intval($def_gid)) + group_add_member($uid, '', $contact_id, $def_gid); $photo = avatar_img($addr); @@ -429,8 +431,8 @@ function dfrn_request_post(&$a) { $hash = random_string(); - $r = q("insert into intro ( uid, `contact-id`, knowyou, note, hash, datetime, blocked ) - values( %d , %d, %d, '%s', '%s', '%s', %d ) ", + $r = q("INSERT INTO `intro` ( `uid`, `contact-id`, knowyou, note, hash, datetime, blocked ) + VALUES( %d , %d, %d, '%s', '%s', '%s', %d ) ", intval($uid), intval($contact_id), ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0), @@ -448,7 +450,7 @@ function dfrn_request_post(&$a) { $network = $data["network"]; // Canonicalise email-style profile locator - $url = webfinger_dfrn($url,$hcard); + $url = Probe::webfinger_dfrn($url,$hcard); if (substr($url,0,5) === 'stat:') { @@ -471,7 +473,7 @@ function dfrn_request_post(&$a) { dbesc($url) ); - if(count($ret)) { + if (dbm::is_result($ret)) { if(strlen($ret[0]['issued-id'])) { notice( t('You have already introduced yourself here.') . EOL ); return; @@ -499,31 +501,31 @@ function dfrn_request_post(&$a) { else { if(! validate_url($url)) { notice( t('Invalid profile URL.') . EOL); - goaway($a->get_baseurl() . '/' . $a->cmd); + goaway(App::get_baseurl() . '/' . $a->cmd); return; // NOTREACHED } if(! allowed_url($url)) { notice( t('Disallowed profile URL.') . EOL); - goaway($a->get_baseurl() . '/' . $a->cmd); + goaway(App::get_baseurl() . '/' . $a->cmd); return; // NOTREACHED } require_once('include/Scrape.php'); - $parms = scrape_dfrn(($hcard) ? $hcard : $url); + $parms = Probe::profile(($hcard) ? $hcard : $url); if(! count($parms)) { notice( t('Profile location is not valid or does not contain profile information.') . EOL ); - goaway($a->get_baseurl() . '/' . $a->cmd); + goaway(App::get_baseurl() . '/' . $a->cmd); } else { if(! x($parms,'fn')) notice( t('Warning: profile location has no identifiable owner name.') . EOL ); if(! x($parms,'photo')) notice( t('Warning: profile location has no profile photo.') . EOL ); - $invalid = validate_dfrn($parms); + $invalid = Probe::valid_dfrn($parms); if($invalid) { notice( sprintf( tt("%d required parameter was not found at the given location", "%d required parameters were not found at the given location", @@ -536,16 +538,16 @@ function dfrn_request_post(&$a) { $parms['url'] = $url; $parms['issued-id'] = $issued_id; - + $photo = $parms["photo"]; dbesc_array($parms); $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `addr`, `name`, `nick`, `issued-id`, `photo`, `site-pubkey`, - `request`, `confirm`, `notify`, `poll`, `poco`, `network` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `blocked`, `pending` ) + VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )", intval($uid), dbesc(datetime_convert()), $parms['url'], - dbesc(normalise_link($parms['url'])), + dbesc(normalise_link($url)), $parms['addr'], $parms['fn'], $parms['nick'], @@ -557,7 +559,9 @@ function dfrn_request_post(&$a) { $parms['dfrn-notify'], $parms['dfrn-poll'], $parms['dfrn-poco'], - dbesc(NETWORK_DFRN) + dbesc(NETWORK_DFRN), + intval($blocked), + intval($pending) ); // find the contact record we just created @@ -568,8 +572,10 @@ function dfrn_request_post(&$a) { $parms['url'], $parms['issued-id'] ); - if(count($r)) + if (dbm::is_result($r)) { $contact_record = $r[0]; + update_contact_avatar($photo, $uid, $contact_record["id"], true); + } } } @@ -599,7 +605,7 @@ function dfrn_request_post(&$a) { // "Homecoming" - send the requestor back to their site to record the introduction. - $dfrn_url = bin2hex($a->get_baseurl() . '/profile/' . $nickname); + $dfrn_url = bin2hex(App::get_baseurl() . '/profile/' . $nickname); $aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0); goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" @@ -611,7 +617,7 @@ function dfrn_request_post(&$a) { // END $network === NETWORK_DFRN } elseif (($network != NETWORK_PHANTOM) AND ($url != "")) { - /** + /* * * Substitute our user's feed URL into $url template * Send the subscriber home to subscribe @@ -628,7 +634,7 @@ function dfrn_request_post(&$a) { $uri = urlencode($uri); } else - $uri = $a->get_baseurl().'/profile/'.$nickname; + $uri = App::get_baseurl().'/profile/'.$nickname; $url = str_replace('{uri}', $uri, $url); goaway($url); @@ -640,12 +646,9 @@ function dfrn_request_post(&$a) { } } return; -}} - +} - -if(! function_exists('dfrn_request_content')) { function dfrn_request_content(&$a) { if(($a->argc != 2) || (! count($a->profile))) @@ -717,7 +720,7 @@ function dfrn_request_content(&$a) { dbesc($_GET['confirm_key']) ); - if(count($intro)) { + if (dbm::is_result($intro)) { $r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `contact`.`id` = %d LIMIT 1", @@ -726,7 +729,7 @@ function dfrn_request_content(&$a) { $auto_confirm = false; - if(count($r)) { + if (dbm::is_result($r)) { if(($r[0]['page-flags'] != PAGE_NORMAL) && ($r[0]['page-flags'] != PAGE_PRVGROUP)) $auto_confirm = true; @@ -739,7 +742,7 @@ function dfrn_request_content(&$a) { 'to_name' => $r[0]['username'], 'to_email' => $r[0]['email'], 'uid' => $r[0]['uid'], - 'link' => $a->get_baseurl() . '/notifications/intros', + 'link' => App::get_baseurl() . '/notifications/intros', 'source_name' => ((strlen(stripslashes($r[0]['name']))) ? stripslashes($r[0]['name']) : t('[Name Withheld]')), 'source_link' => $r[0]['url'], 'source_photo' => $r[0]['photo'], @@ -751,11 +754,11 @@ function dfrn_request_content(&$a) { if($auto_confirm) { require_once('mod/dfrn_confirm.php'); $handsfree = array( - 'uid' => $r[0]['uid'], - 'node' => $r[0]['nickname'], - 'dfrn_id' => $r[0]['issued-id'], + 'uid' => $r[0]['uid'], + 'node' => $r[0]['nickname'], + 'dfrn_id' => $r[0]['issued-id'], 'intro_id' => $intro[0]['id'], - 'duplex' => (($r[0]['page-flags'] == PAGE_FREELOVE) ? 1 : 0), + 'duplex' => (($r[0]['page-flags'] == PAGE_FREELOVE) ? 1 : 0), 'activity' => intval(get_pconfig($r[0]['uid'],'system','post_newfriend')) ); dfrn_confirm_post($a,$handsfree); @@ -779,7 +782,7 @@ function dfrn_request_content(&$a) { } else { - /** + /* * Normal web request. Display our user's introduction form. */ @@ -791,7 +794,7 @@ function dfrn_request_content(&$a) { } - /** + /* * Try to auto-fill the profile address */ @@ -803,7 +806,7 @@ function dfrn_request_content(&$a) { $myaddr = $_GET['address']; elseif(local_user()) { if(strlen($a->path)) { - $myaddr = $a->get_baseurl() . '/profile/' . $a->user['nickname']; + $myaddr = App::get_baseurl() . '/profile/' . $a->user['nickname']; } else { $myaddr = $a->user['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 ); @@ -814,7 +817,7 @@ function dfrn_request_content(&$a) { $target_addr = $a->profile['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 ); - /** + /* * * The auto_request form only has the profile address * because nobody is going to read the comments and @@ -839,8 +842,9 @@ function dfrn_request_content(&$a) { $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval($a->profile['uid']) ); - if(! count($r)) + if (! dbm::is_result($r)) { $mail_disabled = 1; + } } // "coming soon" is disabled for now @@ -879,4 +883,4 @@ function dfrn_request_content(&$a) { } return; // Somebody is fishing. -}} +}