From f0a62d8908cef31982c1c2b24fc9dbc8b59b8bdb Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 14 Mar 2012 20:36:23 -0700
Subject: [PATCH] ssl_policy stuff

---
 boot.php            | 19 +++++++++++---
 include/items.php   | 17 +++++++++++++
 mod/admin.php       | 17 +++++++------
 mod/dfrn_notify.php | 60 +++++++++++++++++++++++++++++++++++++++++++++
 view/admin_site.tpl |  1 +
 5 files changed, 103 insertions(+), 11 deletions(-)

diff --git a/boot.php b/boot.php
index ba731ddee2..22a4e39be5 100755
--- a/boot.php
+++ b/boot.php
@@ -379,11 +379,22 @@ class App {
 
 		$scheme = $this->scheme;
 
-		if(x($this->config,'ssl_policy')) {
-			if(($ssl) || ($this->config['ssl_policy'] == SSL_POLICY_FULL)) 
-				$scheme = 'https';
-			if(($this->config['ssl_policy'] == SSL_POLICY_SELFSIGN) && (local_user() || x($_POST,'auth-params')))
+		if((x($this->config,'system')) && (x($this->config['system'],'ssl_policy'))) {
+			if($this->config['system']['ssl_policy'] == SSL_POLICY_FULL) 
 				$scheme = 'https';
+
+//			We need to populate the $ssl flag across the entire program before turning this on.
+//			Basically, we'll have $ssl = true on any links which can only be seen by a logged in user
+//			(and also the login link). Anything seen by an outsider will have it turned off.
+//			At present, setting SSL_POLICY_SELFSIGN will only force remote contacts to update their 
+//			contact links to this site with "http:" if they are currently using "https:"
+
+//			if($this->config['system']['ssl_policy'] == SSL_POLICY_SELFSIGN) {
+//				if($ssl)
+//					$scheme = 'https';
+//				else
+//					$scheme = 'http';
+//			}
 		}
 
 		$this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
diff --git a/include/items.php b/include/items.php
index 70c72ae165..4b1523ff65 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1046,6 +1046,21 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
 	if(! $rino_enable)
 		$rino = 0;
 
+	$ssl_val = intval(get_config('system','ssl_policy'));
+	$ssl_policy = '';
+	switch($ssl_val){
+		case SSL_POLICY_FULL:
+			$ssl_policy = 'full';
+			break;
+		case SSL_POLICY_SELFSIGN:
+			$ssl_policy = 'self';
+			break;			
+		case SSL_POLICY_NONE:
+		default:
+			$ssl_policy = 'none';
+			break;
+	}
+
 	$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
 
 	logger('dfrn_deliver: ' . $url);
@@ -1118,6 +1133,8 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
 		$postvars['perm'] = 'r';
 	}
 
+	$postvars['ssl_policy'] = $ssl_policy;
+
 	if($rino && $rino_allowed && (! $dissolve)) {
 		$key = substr(random_string(),0,16);
 		$data = bin2hex(aes_encrypt($postvars['data'],$key));
diff --git a/mod/admin.php b/mod/admin.php
index 93714bb5f9..2b8d9bcd23 100755
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -151,11 +151,7 @@ function admin_page_summary(&$a) {
 
 	$r = q("SELECT COUNT(id) as `count` FROM `register`");
 	$pending = $r[0]['count'];
-	
-	
-	
-	
-	
+		
 	$t = get_markup_template("admin_summary.tpl");
 	return replace_macros($t, array(
 		'$title' => t('Administration'),
@@ -210,7 +206,7 @@ function admin_page_site_post(&$a){
 	$dfrn_only          =	((x($_POST,'dfrn_only'))	    ? True	:	False);
     $ostatus_disabled   =   !((x($_POST,'ostatus_disabled')) ? True  :   False);
 	$diaspora_enabled   =   ((x($_POST,'diaspora_enabled')) ? True   :  False);
-
+	$ssl_policy         =   ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0);
 
 	set_config('config','sitename',$sitename);
 	if ($banner==""){
@@ -222,6 +218,7 @@ function admin_page_site_post(&$a){
 	} else {
 		set_config('system','banner', $banner);
 	}
+	set_config('system','ssl_policy',$ssl_policy);
 	set_config('system','language', $language);
 	set_config('system','theme', $theme);
 	set_config('system','maximagesize', $maximagesize);
@@ -305,6 +302,12 @@ function admin_page_site(&$a) {
 		REGISTER_APPROVE => t("Requires approval"),
 		REGISTER_OPEN => t("Open")
 	); 
+
+	$ssl_choices = array(
+		SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"),
+		SSL_POLICY_FULL => t("Force all links to use SSL"),
+		SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
+	);
 	
 	$t = get_markup_template("admin_site.tpl");
 	return replace_macros($t, array(
@@ -322,7 +325,7 @@ function admin_page_site(&$a) {
 		'$banner'			=> array('banner', t("Banner/Logo"), $banner, ""),
 		'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
 		'$theme' 			=> array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
-
+		'$ssl_policy'       => array('ssl_policy', t("SSL link policy"), get_config('system','ssl_policy'), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
 		'$maximagesize'		=> array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
 
 		'$register_policy'	=> array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 0c0c27e3d6..3dbdc5b328 100755
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -14,6 +14,7 @@ function dfrn_notify_post(&$a) {
 	$key          = ((x($_POST,'key'))          ? $_POST['key']                     : '');
 	$dissolve     = ((x($_POST,'dissolve'))     ? intval($_POST['dissolve'])        :  0);
 	$perm         = ((x($_POST,'perm'))         ? notags(trim($_POST['perm']))      : 'r');
+	$ssl_policy   = ((x($_POST,'ssl_policy'))   ? notags(trim($_POST['ssl_policy'])): 'none');
 
 	$writable = (-1);
 	if($dfrn_version >= 2.21) {
@@ -94,6 +95,65 @@ function dfrn_notify_post(&$a) {
 		$importer['writable'] = $writable;
 	}
 
+	// if contact's ssl policy changed, update our links
+
+	$ssl_changed = false;
+
+	if($ssl_policy == 'self' && strstr($importer['url'],'https:')) {
+		$ssl_changed = true;
+		$importer['url']     = 	str_replace('https:','http:',$importer['url']);
+		$importer['nurl']    = normalise_link($importer['url']);
+		$importer['photo']   = 	str_replace('https:','http:',$importer['photo']);
+		$importer['thumb']   = 	str_replace('https:','http:',$importer['thumb']);
+		$importer['micro']   = 	str_replace('https:','http:',$importer['micro']);
+		$importer['request'] = 	str_replace('https:','http:',$importer['request']);
+		$importer['notify']  = 	str_replace('https:','http:',$importer['notify']);
+		$importer['poll']    = 	str_replace('https:','http:',$importer['poll']);
+		$importer['confirm'] = 	str_replace('https:','http:',$importer['confirm']);
+		$importer['poco']    = 	str_replace('https:','http:',$importer['poco']);
+	}
+
+	if($ssl_policy == 'full' && strstr($importer['url'],'http:')) {
+		$ssl_changed = true;
+		$importer['url']     = 	str_replace('http:','https:',$importer['url']);
+		$importer['nurl']    = normalise_link($importer['url']);
+		$importer['photo']   = 	str_replace('http:','https:',$importer['photo']);
+		$importer['thumb']   = 	str_replace('http:','https:',$importer['thumb']);
+		$importer['micro']   = 	str_replace('http:','https:',$importer['micro']);
+		$importer['request'] = 	str_replace('http:','https:',$importer['request']);
+		$importer['notify']  = 	str_replace('http:','https:',$importer['notify']);
+		$importer['poll']    = 	str_replace('http:','https:',$importer['poll']);
+		$importer['confirm'] = 	str_replace('http:','https:',$importer['confirm']);
+		$importer['poco']    = 	str_replace('http:','https:',$importer['poco']);
+	}
+
+	if($ssl_changed) {
+		q("update contact set 
+			url = '%s', 
+			nurl = '%s',
+			photo = '%s',
+			thumb = '%s',
+			micro = '%s',
+			request = '%s',
+			notify = '%s',
+			poll = '%s',
+			confirm = '%s',
+			poco = '%s'
+			where id = %d limit 1",
+			dbesc($importer['url']),
+			dbesc($importer['nurl']),
+			dbesc($importer['photo']),
+			dbesc($importer['thumb']),
+			dbesc($importer['micro']),
+			dbesc($importer['request']),
+			dbesc($importer['notify']),
+			dbesc($importer['poll']),
+			dbesc($importer['confirm']),
+			dbesc($importer['poco']),
+			intval($importer['id'])
+		);
+	}
+			
 	logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
 	logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
 
diff --git a/view/admin_site.tpl b/view/admin_site.tpl
index 9a12298454..01fe893c65 100755
--- a/view/admin_site.tpl
+++ b/view/admin_site.tpl
@@ -7,6 +7,7 @@
 	{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
 	{{ inc field_select.tpl with $field=$language }}{{ endinc }}
 	{{ inc field_select.tpl with $field=$theme }}{{ endinc }}
+	{{ inc field_select.tpl with $field=$ssl_policy }}{{ endinc }}
 	
 	<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>
 	
-- 
2.39.5