start on 2way comms, 2.0 dev

This commit is contained in:
Mike Macgirvin 2010-09-02 00:31:11 -07:00
parent 19a28434c4
commit b49858b038
7 changed files with 110 additions and 74 deletions

View file

@ -266,12 +266,12 @@
if($rr['self']) if($rr['self'])
continue; continue;
if(! strlen($rr['dfrn-id'])) if((! strlen($rr['dfrn-id'])) || ($rr['duplex'] && ! strlen($rr['issued-id'])))
continue; continue;
$idtosend = (($rr['duplex']) ? $rr['issued-id'] : $rr['dfrn-id']);
$url = $rr['notify'] . '?dfrn_id=' . $idtosend;
$url = $rr['notify'] . '?dfrn_id=' . $rr['dfrn-id'];
$xml = fetch_url($url); $xml = fetch_url($url);
@ -288,25 +288,31 @@
$postvars = array(); $postvars = array();
$sent_dfrn_id = hex2bin($res->dfrn_id); $sent_dfrn_id = hex2bin($res->dfrn_id);
$challenge = hex2bin($res->challenge);
$final_dfrn_id = ''; $final_dfrn_id = '';
if($rr['duplex']) {
openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['prvkey']);
openssl_private_decrypt($challenge,$postvars['challenge'],$rr['prvkey']);
}
else {
openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['pubkey']); openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['pubkey']);
openssl_public_decrypt($challenge,$postvars['challenge'],$rr['pubkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if($final_dfrn_id != $rr['dfrn-id']) { if(($final_dfrn_id != $rr['dfrn-id']) || (($rr['duplex']) && ($final_dfrn_id != $rr['issued-id']))) {
// did not decode properly - cannot trust this site // did not decode properly - cannot trust this site
continue; continue;
} }
$postvars['dfrn_id'] = $rr['dfrn-id']; $postvars['dfrn_id'] = (($duplex) ? $rr['issued-id'] : $rr['dfrn-id']);
$challenge = hex2bin($res->challenge);
openssl_public_decrypt($challenge,$postvars['challenge'],$rr['pubkey']);
if($cmd == 'mail') { if($cmd == 'mail') {
$postvars['data'] = $atom; $postvars['data'] = $atom;
} }
elseif(strlen($rr['dfrn-id']) && (! ($rr['blocked']) || ($rr['readonly']))) { elseif(((strlen($rr['dfrn-id'])) || (($rr['duplex']) && (strlen($rr['issued-id']))))
&& (! ($rr['blocked']) || ($rr['readonly']))) {
$postvars['data'] = $atom; $postvars['data'] = $atom;
} }
else { else {

View file

@ -15,13 +15,11 @@ require_once('datetime.php');
require_once('simplepie/simplepie.inc'); require_once('simplepie/simplepie.inc');
require_once('include/items.php'); require_once('include/items.php');
$a->set_baseurl(get_config('system','url')); $a->set_baseurl(get_config('system','url'));
$contacts = q("SELECT * FROM `contact` $contacts = q("SELECT * FROM `contact`
WHERE `dfrn-id` != '' AND `self` = 0 AND `blocked` = 0 WHERE ( `dfrn-id` != '' OR (`issued-id` != '' AND `duplex` = 1))
AND `readonly` = 0 ORDER BY RAND()"); AND `self` = 0 AND `blocked` = 0 AND `readonly` = 0 ORDER BY RAND()");
if(! count($contacts)) if(! count($contacts))
killme(); killme();
@ -75,11 +73,15 @@ require_once('include/items.php');
? datetime_convert('UTC','UTC','now - 30 days','Y-m-d\TH:i:s\Z') ? datetime_convert('UTC','UTC','now - 30 days','Y-m-d\TH:i:s\Z')
: datetime_convert('UTC','UTC',$contact['last-update'],'Y-m-d\TH:i:s\Z')); : datetime_convert('UTC','UTC',$contact['last-update'],'Y-m-d\TH:i:s\Z'));
$url = $contact['poll'] . '?dfrn_id=' . $contact['dfrn-id'] . '&type=data&last_update=' . $last_update ; $idtosend = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']);
$url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ;
$xml = fetch_url($url); $xml = fetch_url($url);
echo "URL: " . $url; echo "URL: " . $url;
echo "XML: " . $xml; echo "XML: " . $xml;
if(! $xml) if(! $xml)
continue; continue;
@ -91,19 +93,28 @@ echo "XML: " . $xml;
$postvars = array(); $postvars = array();
$sent_dfrn_id = hex2bin($res->dfrn_id); $sent_dfrn_id = hex2bin($res->dfrn_id);
$challenge = hex2bin($res->challenge);
$final_dfrn_id = ''; $final_dfrn_id = '';
if($contact['duplex']) {
openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']);
}
else {
openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if($final_dfrn_id != $contact['dfrn-id']) { if(($final_dfrn_id != $contact['dfrn-id'])
|| (($contact['duplex']) && ($final_dfrn_id != $contact['issued-id']))) {
// did not decode properly - cannot trust this site // did not decode properly - cannot trust this site
continue; continue;
} }
$postvars['dfrn_id'] = $contact['dfrn-id']; $postvars['dfrn_id'] = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']);
$challenge = hex2bin($res->challenge);
openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']);
$xml = post_url($contact['poll'],$postvars); $xml = post_url($contact['poll'],$postvars);

View file

@ -23,7 +23,10 @@ function dfrn_notify_post(&$a) {
// find the local user who owns this relationship. // find the local user who owns this relationship.
$r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `issued-id` = '%s' LIMIT 1", $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact`
LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s' )) LIMIT 1",
dbesc($dfrn_id),
dbesc($dfrn_id) dbesc($dfrn_id)
); );
@ -341,20 +344,28 @@ function dfrn_notify_content(&$a) {
intval(time() + 60 ) intval(time() + 60 )
); );
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s'))
dbesc($_GET['dfrn_id'])); AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
if((! count($r)) || (! strlen($r[0]['prvkey']))) dbesc($_GET['dfrn_id']),
dbesc($_GET['dfrn_id'])
);
if(! count($r))
$status = 1; $status = 1;
$challenge = ''; $challenge = '';
openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
$challenge = bin2hex($challenge);
$encrypted_id = ''; $encrypted_id = '';
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
if($r[0]['duplex']) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
}
else {
openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
}
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id); $encrypted_id = bin2hex($encrypted_id);
echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ; echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ;

View file

@ -25,8 +25,11 @@ function dfrn_poll_init(&$a) {
$r = q("SELECT `contact`.*, `user`.`nickname` $r = q("SELECT `contact`.*, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `dfrn-id` = '%s' LIMIT 1", WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex `= 1 )) LIMIT 1",
dbesc($dfrn_id)); dbesc($dfrn_id),
dbesc($dfrn_id)
);
if(count($r)) { if(count($r)) {
$s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check'); $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check');
if(strlen($s)) { if(strlen($s)) {
@ -87,9 +90,11 @@ function dfrn_poll_post(&$a) {
); );
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' LIMIT 1", $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) LIMIT 1",
dbesc($dfrn_id),
dbesc($dfrn_id) dbesc($dfrn_id)
); );
if(! count($r)) if(! count($r))
killme(); killme();
@ -165,23 +170,32 @@ function dfrn_poll_content(&$a) {
dbesc($last_update) dbesc($last_update)
); );
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 ))
dbesc($_GET['dfrn_id'])); AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
if((count($r)) && (strlen($r[0]['prvkey']))) { dbesc($_GET['dfrn_id']),
dbesc($_GET['dfrn_id'])
);
if(count($r)) {
$challenge = ''; $challenge = '';
openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
$challenge = bin2hex($challenge);
$encrypted_id = ''; $encrypted_id = '';
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
if($r[0]['duplex']) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
}
else {
openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
}
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id); $encrypted_id = bin2hex($encrypted_id);
} }
else { else {
$status = 1; // key not found $status = 1;
} }
echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>'
@ -189,11 +203,6 @@ function dfrn_poll_content(&$a) {
session_write_close(); session_write_close();
exit; exit;
} }
} }

View file

@ -4,17 +4,20 @@ function redir_init(&$a) {
if((! local_user()) || (! ($a->argc == 2)) || (! intval($a->argv[1]))) if((! local_user()) || (! ($a->argc == 2)) || (! intval($a->argv[1])))
goaway($a->get_baseurl()); goaway($a->get_baseurl());
$r = q("SELECT `issued-id`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", $r = q("SELECT `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]), intval($a->argv[1]),
intval($_SESSION['uid'])); intval($_SESSION['uid']));
if(! count($r)) if(! count($r))
goaway($a->get_baseurl()); goaway($a->get_baseurl());
$dfrn_id = (($r[0]['duplex']) ? $r[0]['dfrn-id'] : $r[0]['issued-id']);
q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`) q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`)
VALUES( %d, '%s', %d )", VALUES( %d, '%s', %d )",
intval($_SESSION['uid']), intval($_SESSION['uid']),
dbesc($r[0]['issued-id']), dbesc($dfrn_id),
intval(time() + 45)); intval(time() + 45));
goaway ($r[0]['poll'] . '?dfrn_id=' . $r[0]['issued-id'] . '&type=profile'); goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile');

View file

@ -2,20 +2,16 @@
<feed xmlns="http://www.w3.org/2005/Atom" <feed xmlns="http://www.w3.org/2005/Atom"
xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:thr="http://purl.org/syndication/thread/1.0"
xmlns:at="http://purl.org/atompub/tombstones/1.0" xmlns:at="http://purl.org/atompub/tombstones/1.0"
xmlns:media="http://purl.org/syndication/atommedia"
xmlns:dfrn="http://purl.org/macgirvin/dfrn/1.0" xmlns:dfrn="http://purl.org/macgirvin/dfrn/1.0"
xmlns:as="http://activitystrea.ms/spec/1.0/" > xmlns:as="http://activitystrea.ms/spec/1.0/" >
<id>$feed_id</id> <id>$feed_id</id>
<title>$feed_title</title> <title>$feed_title</title>
<icon>$photo</icon>
<dfrn:icon-updated>$picdate</dfrn:icon-updated>
<updated>$feed_updated</updated> <updated>$feed_updated</updated>
<author> <author>
<name>$name</name> <name dfrn:updated="$namdate" >$name</name>
<dfrn:name-updated>$namdate</dfrn:name-updated> <uri dfrn:updated="$uridate" >$profile_page</uri>
<uri>$profile_page</uri> <link rel="photo" type="image/jpeg" dfrn:updated="$picdate" href="$thumb" />
<dfrn:uri-updated>$uridate</dfrn:uri-updated>
<dfrn:avatar>$thumb</dfrn:avatar>
<dfrn:avatar-updated>$picdate</dfrn:avatar-updated>
</author> </author>

View file

@ -2,19 +2,19 @@
<author> <author>
<name>$name</name> <name>$name</name>
<uri>$profile_page</uri> <uri>$profile_page</uri>
<dfrn:avatar>$thumb</dfrn:avatar> <link rel="photo" type="image/jpeg" href="$thumb" />
</author> </author>
<dfrn:owner> <dfrn:owner>
<dfrn:name>$owner_name</dfrn:name> <dfrn:name>$owner_name</dfrn:name>
<dfrn:uri>$owner_profile_page</dfrn:uri> <dfrn:uri>$owner_profile_page</dfrn:uri>
<dfrn:avatar>$owner_thumb</dfrn:avatar> <link rel="photo" type="image/jpeg" href="$owner_thumb" />
</dfrn:owner> </dfrn:owner>
<id>$item_id</id> <id>$item_id</id>
<title>$title</title> <title>$title</title>
<published>$published</published> <published>$published</published>
<updated>$updated</updated> <updated>$updated</updated>
<content>$content</content> <content type="$type" >$content</content>
<dfrn:location>$location</dfrn:location> <dfrn:location>$location</dfrn:location>
<dfrn:comment-allow>$comment_allow</dfrn:comment-allow> <dfrn:comment-allow>$comment_allow</dfrn:comment-allow>
</entry> </entry>