diff --git a/dav/friendica/dav_friendica_auth.inc.php b/dav/friendica/dav_friendica_auth.inc.php index 9b42ab8a..acc33fa1 100644 --- a/dav/friendica/dav_friendica_auth.inc.php +++ b/dav/friendica/dav_friendica_auth.inc.php @@ -1,41 +1,41 @@ currentUser); - } + public function getUsers() { + return array($this->currentUser); + } /** * @return null|string */ - public function getCurrentUser() - { - return $this->currentUser; - } + public function getCurrentUser() { + return $this->currentUser; + } /** * Authenticates the user based on the current request. @@ -48,8 +48,8 @@ class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic * @throws Sabre_DAV_Exception_NotAuthenticated * @return bool */ - public function authenticate(Sabre_DAV_Server $server, $realm) - { + public function authenticate(Sabre_DAV_Server $server, $realm) { + $a = get_app(); if (isset($a->user["uid"])) { $this->currentUser = strtolower($a->user["nickname"]); @@ -67,7 +67,7 @@ class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic } // Authenticates the user - if (!$this->validateUserPass($userpass[0], $userpass[1])) { + if (!$this->validateUserPass($userpass[0],$userpass[1])) { $auth->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); } @@ -75,13 +75,19 @@ class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic return true; } + /** * @param string $username * @param string $password * @return bool */ - protected function validateUserPass($username, $password) - { - return User::authenticate($username, $password); - } + protected function validateUserPass($username, $password) { + $encrypted = hash('whirlpool',trim($password)); + $r = q("SELECT COUNT(*) anz FROM `user` WHERE `nickname` = '%s' AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", + dbesc(trim($username)), + dbesc($encrypted) + ); + return ($r[0]["anz"] == 1); + } + } diff --git a/jappixmini/jappixmini.php b/jappixmini/jappixmini.php index faac6a81..90499153 100644 --- a/jappixmini/jappixmini.php +++ b/jappixmini/jappixmini.php @@ -1,12 +1,13 @@ - * - */ +* Name: jappixmini +* Description: Provides a Facebook-like chat using Jappix Mini +* Version: 1.0.1 +* Author: leberwurscht +* +*/ + // // Copyright 2012 "Leberwurscht" // @@ -15,151 +16,141 @@ /* - Problem: - * jabber password should not be stored on server - * jabber password should not be sent between server and browser as soon as the user is logged in - * jabber password should not be reconstructible from communication between server and browser as soon as the user is logged in +Problem: +* jabber password should not be stored on server +* jabber password should not be sent between server and browser as soon as the user is logged in +* jabber password should not be reconstructible from communication between server and browser as soon as the user is logged in - Solution: - Only store an encrypted version of the jabber password on the server. The encryption key is only available to the browser - and not to the server (at least as soon as the user is logged in). It can be stored using the jappix setDB function. +Solution: +Only store an encrypted version of the jabber password on the server. The encryption key is only available to the browser +and not to the server (at least as soon as the user is logged in). It can be stored using the jappix setDB function. - This encryption key could be the friendica password, but then this password would be stored in the browser in cleartext. - It is better to use a hash of the password. - The server should not be able to reconstruct the password, so we can't take the same hash the server stores. But we can - use hash("some_prefix"+password). This will however not work with OpenID logins, for this type of login the password must - be queried manually. +This encryption key could be the friendica password, but then this password would be stored in the browser in cleartext. +It is better to use a hash of the password. +The server should not be able to reconstruct the password, so we can't take the same hash the server stores. But we can + use hash("some_prefix"+password). This will however not work with OpenID logins, for this type of login the password must +be queried manually. - Problem: - How to discover the jabber addresses of the friendica contacts? +Problem: +How to discover the jabber addresses of the friendica contacts? - Solution: - Each Friendica site with this addon provides a /jappixmini/ module page. We go through our contacts and retrieve - this information every week using a cron hook. +Solution: +Each Friendica site with this addon provides a /jappixmini/ module page. We go through our contacts and retrieve +this information every week using a cron hook. - Problem: - We do not want to make the jabber address public. +Problem: +We do not want to make the jabber address public. - Solution: - When two friendica users connect using DFRN, the relation gets a DFRN ID and a keypair is generated. - Using this keypair, we can provide the jabber address only to contacts: +Solution: +When two friendica users connect using DFRN, the relation gets a DFRN ID and a keypair is generated. +Using this keypair, we can provide the jabber address only to contacts: - Alice: +Alice: signed_address = openssl_*_encrypt(alice_jabber_address) - send signed_address to Bob, who does +send signed_address to Bob, who does trusted_address = openssl_*_decrypt(signed_address) save trusted_address encrypted_address = openssl_*_encrypt(bob_jabber_address) - reply with encrypted_address to Alice, who does +reply with encrypted_address to Alice, who does decrypted_address = openssl_*_decrypt(encrypted_address) save decrypted_address - Interface for this: - GET /jappixmini/?role=%s&signed_address=%s&dfrn_id=%s +Interface for this: +GET /jappixmini/?role=%s&signed_address=%s&dfrn_id=%s - Response: - json({"status":"ok", "encrypted_address":"%s"}) +Response: +json({"status":"ok", "encrypted_address":"%s"}) - */ +*/ -use Friendica\App; use Friendica\Core\Config; use Friendica\Core\PConfig; -use Friendica\Model\User; -function jappixmini_install() -{ - register_hook('plugin_settings', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings'); - register_hook('plugin_settings_post', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings_post'); +function jappixmini_install() { +register_hook('plugin_settings', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings'); +register_hook('plugin_settings_post', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings_post'); - register_hook('page_end', 'addon/jappixmini/jappixmini.php', 'jappixmini_script'); - register_hook('authenticate', 'addon/jappixmini/jappixmini.php', 'jappixmini_login'); +register_hook('page_end', 'addon/jappixmini/jappixmini.php', 'jappixmini_script'); +register_hook('authenticate', 'addon/jappixmini/jappixmini.php', 'jappixmini_login'); - register_hook('cron', 'addon/jappixmini/jappixmini.php', 'jappixmini_cron'); +register_hook('cron', 'addon/jappixmini/jappixmini.php', 'jappixmini_cron'); - // Jappix source download as required by AGPL - register_hook('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_download_source'); +// Jappix source download as required by AGPL +register_hook('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_download_source'); - // set standard configuration - $info_text = Config::get("jappixmini", "infotext"); - if (!$info_text) - set_confConfig::setig("jappixmini", "infotext", "To get the chat working, you need to know a BOSH host which works with your Jabber account. " . - "An example of a BOSH server that works for all accounts is https://bind.jappix.com/, but keep " . - "in mind that the BOSH server can read along all chat messages. If you know that your Jabber " . - "server also provides an own BOSH server, it is much better to use this one!" - ); +// set standard configuration +$info_text = Config::get("jappixmini", "infotext"); +if (!$info_text) set_confConfig::setig("jappixmini", "infotext", + "To get the chat working, you need to know a BOSH host which works with your Jabber account. ". + "An example of a BOSH server that works for all accounts is https://bind.jappix.com/, but keep ". + "in mind that the BOSH server can read along all chat messages. If you know that your Jabber ". + "server also provides an own BOSH server, it is much better to use this one!" +); - $bosh_proxy = Config::get("jappixmini", "bosh_proxy"); - if ($bosh_proxy === "") { - Config::set("jappixmini", "bosh_proxy", "1"); - } +$bosh_proxy = Config::get("jappixmini", "bosh_proxy"); +if ($bosh_proxy==="") Config::set("jappixmini", "bosh_proxy", "1"); - // set addon version so that safe updates are possible later - $addon_version = Config::get("jappixmini", "version"); - if ($addon_version === "") { - Config::set("jappixmini", "version", "1"); - } +// set addon version so that safe updates are possible later +$addon_version = Config::get("jappixmini", "version"); +if ($addon_version==="") Config::set("jappixmini", "version", "1"); } -function jappixmini_uninstall() -{ - unregister_hook('plugin_settings', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings'); - unregister_hook('plugin_settings_post', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings_post'); - unregister_hook('page_end', 'addon/jappixmini/jappixmini.php', 'jappixmini_script'); - unregister_hook('authenticate', 'addon/jappixmini/jappixmini.php', 'jappixmini_login'); +function jappixmini_uninstall() { +unregister_hook('plugin_settings', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings'); +unregister_hook('plugin_settings_post', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings_post'); - unregister_hook('cron', 'addon/jappixmini/jappixmini.php', 'jappixmini_cron'); +unregister_hook('page_end', 'addon/jappixmini/jappixmini.php', 'jappixmini_script'); +unregister_hook('authenticate', 'addon/jappixmini/jappixmini.php', 'jappixmini_login'); - unregister_hook('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_download_source'); +unregister_hook('cron', 'addon/jappixmini/jappixmini.php', 'jappixmini_cron'); + +unregister_hook('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_download_source'); } -function jappixmini_plugin_admin(App $a, &$o) -{ +function jappixmini_plugin_admin(&$a, &$o) { // display instructions and warnings on addon settings page for admin + if (!file_exists("addon/jappixmini.tgz")) { $o .= '

The source archive jappixmini.tgz does not exist. This is probably a violation of the Jappix License (AGPL).

'; } // warn if cron job has not yet been executed $cron_run = Config::get("jappixmini", "last_cron_execution"); - if (!$cron_run) { - $o .= "

Warning: The cron job has not yet been executed. If this message is still there after some time (usually 10 minutes), this means that autosubscribe and autoaccept will not work.

"; - } + if (!$cron_run) $o .= "

Warning: The cron job has not yet been executed. If this message is still there after some time (usually 10 minutes), this means that autosubscribe and autoaccept will not work.

"; // bosh proxy $bosh_proxy = intval(Config::get("jappixmini", "bosh_proxy")); $bosh_proxy = intval($bosh_proxy) ? ' checked="checked"' : ''; $o .= ''; - $o .= '
'; + $o .= '
'; // bosh address $bosh_address = Config::get("jappixmini", "bosh_address"); $o .= '


'; - $o .= '

'; + $o .= '

'; // default server address $default_server = Config::get("jappixmini", "default_server"); $o .= '


'; - $o .= '

'; + $o .= '

'; // default user name to friendica nickname $default_user = intval(Config::get("jappixmini", "default_user")); $default_user = intval($default_user) ? ' checked="checked"' : ''; $o .= ''; - $o .= '
'; + $o .= '
'; // info text field $info_text = Config::get("jappixmini", "infotext"); $o .= '


'; - $o .= '

'; + $o .= '

'; // submit button $o .= ''; } -function jappixmini_plugin_admin_post(App $a) -{ +function jappixmini_plugin_admin_post(&$a) { // set info text $submit = $_REQUEST['jappixmini-admin-settings']; if ($submit) { @@ -176,35 +167,29 @@ function jappixmini_plugin_admin_post(App $a) } } -function jappixmini_module() -{ - -} - -function jappixmini_init() -{ +function jappixmini_module() {} +function jappixmini_init(&$a) { // module page where other Friendica sites can submit Jabber addresses to and also can query Jabber addresses - // of local users + // of local users + $dfrn_id = $_REQUEST["dfrn_id"]; - if (!$dfrn_id) { - killme(); - } + if (!$dfrn_id) killme(); $role = $_REQUEST["role"]; - if ($role == "pub") { - $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", dbesc($dfrn_id)); - if (!count($r)) { - killme(); - } + if ($role=="pub") { + $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", + dbesc($dfrn_id) + ); + if (!count($r)) killme(); $encrypt_func = openssl_public_encrypt; $decrypt_func = openssl_public_decrypt; $key = $r[0]["pubkey"]; - } else if ($role == "prv") { - $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", dbesc($dfrn_id)); - if (!count($r)) { - killme(); - } + } else if ($role=="prv") { + $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", + dbesc($dfrn_id) + ); + if (!count($r)) killme(); $encrypt_func = openssl_private_encrypt; $decrypt_func = openssl_private_decrypt; @@ -226,14 +211,11 @@ function jappixmini_init() $now = intval(time()); PConfig::set($uid, "jappixmini", "id:$dfrn_id", "$now:$trusted_address"); } catch (Exception $e) { - } // do not return an address if user deactivated plugin $activated = PConfig::get($uid, 'jappixmini', 'activate'); - if (!$activated) { - killme(); - } + if (!$activated) killme(); // return the requested Jabber address try { @@ -247,8 +229,8 @@ function jappixmini_init() $encrypted_address_hex = bin2hex($encrypted_address); $answer = Array( - "status" => "ok", - "encrypted_address" => $encrypted_address_hex + "status"=>"ok", + "encrypted_address"=>$encrypted_address_hex ); $answer_json = json_encode($answer); @@ -259,128 +241,118 @@ function jappixmini_init() } } -function jappixmini_settings(App $a, &$s) -{ - // addon settings for a user - $activate = PConfig::get(local_user(), 'jappixmini', 'activate'); - $activate = intval($activate) ? ' checked="checked"' : ''; - $dontinsertchat = PConfig::get(local_user(), 'jappixmini', 'dontinsertchat'); - $insertchat = !(intval($dontinsertchat) ? ' checked="checked"' : ''); +function jappixmini_settings(&$a, &$s) { + // addon settings for a user - $defaultbosh = Config::get("jappixmini", "bosh_address"); + $activate = PConfig::get(local_user(),'jappixmini','activate'); + $activate = intval($activate) ? ' checked="checked"' : ''; + $dontinsertchat = PConfig::get(local_user(),'jappixmini','dontinsertchat'); + $insertchat = !(intval($dontinsertchat) ? ' checked="checked"' : ''); - if ($defaultbosh != "") { - PConfig::set(local_user(), 'jappixmini', 'bosh', $defaultbosh); - } + $defaultbosh = Config::get("jappixmini", "bosh_address"); - $username = PConfig::get(local_user(), 'jappixmini', 'username'); - $username = htmlentities($username); - $server = PConfig::get(local_user(), 'jappixmini', 'server'); - $server = htmlentities($server); - $bosh = PConfig::get(local_user(), 'jappixmini', 'bosh'); - $bosh = htmlentities($bosh); - $password = PConfig::get(local_user(), 'jappixmini', 'password'); - $autosubscribe = PConfig::get(local_user(), 'jappixmini', 'autosubscribe'); - $autosubscribe = intval($autosubscribe) ? ' checked="checked"' : ''; - $autoapprove = PConfig::get(local_user(), 'jappixmini', 'autoapprove'); - $autoapprove = intval($autoapprove) ? ' checked="checked"' : ''; - $encrypt = intval(PConfig::get(local_user(), 'jappixmini', 'encrypt')); - $encrypt_checked = $encrypt ? ' checked="checked"' : ''; - $encrypt_disabled = $encrypt ? '' : ' disabled="disabled"'; + if ($defaultbosh != "") + PConfig::set(local_user(),'jappixmini','bosh', $defaultbosh); - if ($server == "") { - $server = Config::get("jappixmini", "default_server"); - } + $username = PConfig::get(local_user(),'jappixmini','username'); + $username = htmlentities($username); + $server = PConfig::get(local_user(),'jappixmini','server'); + $server = htmlentities($server); + $bosh = PConfig::get(local_user(),'jappixmini','bosh'); + $bosh = htmlentities($bosh); + $password = PConfig::get(local_user(),'jappixmini','password'); + $autosubscribe = PConfig::get(local_user(),'jappixmini','autosubscribe'); + $autosubscribe = intval($autosubscribe) ? ' checked="checked"' : ''; + $autoapprove = PConfig::get(local_user(),'jappixmini','autoapprove'); + $autoapprove = intval($autoapprove) ? ' checked="checked"' : ''; + $encrypt = intval(PConfig::get(local_user(),'jappixmini','encrypt')); + $encrypt_checked = $encrypt ? ' checked="checked"' : ''; + $encrypt_disabled = $encrypt ? '' : ' disabled="disabled"'; - if (($username == "") && Config::get("jappixmini", "default_user")) { - $username = $a->user["nickname"]; - } + if ($server == "") + $server = Config::get("jappixmini", "default_server"); - $info_text = Config::get("jappixmini", "infotext"); - $info_text = htmlentities($info_text); - $info_text = str_replace("\n", "
", $info_text); + if (($username == "") && Config::get("jappixmini", "default_user")) + $username = $a->user["nickname"]; - // count contacts - $r = q("SELECT COUNT(1) as `cnt` FROM `pconfig` WHERE `uid`=%d AND `cat`='jappixmini' AND `k` LIKE 'id:%%'", local_user()); - if (count($r)) { - $contact_cnt = $r[0]["cnt"]; - } else { - $contact_cnt = 0; - } + $info_text = Config::get("jappixmini", "infotext"); + $info_text = htmlentities($info_text); + $info_text = str_replace("\n", "
", $info_text); - // count jabber addresses - $r = q("SELECT COUNT(1) as `cnt` FROM `pconfig` WHERE `uid`=%d AND `cat`='jappixmini' AND `k` LIKE 'id:%%' AND `v` LIKE '%%@%%'", local_user()); - if (count($r)) { - $address_cnt = $r[0]["cnt"]; - } else { - $address_cnt = 0; - } + // count contacts + $r = q("SELECT COUNT(1) as `cnt` FROM `pconfig` WHERE `uid`=%d AND `cat`='jappixmini' AND `k` LIKE 'id:%%'", local_user()); + if (count($r)) $contact_cnt = $r[0]["cnt"]; + else $contact_cnt = 0; - if (!$activate) { - // load scripts if not yet activated so that password can be saved - $a->page['htmlhead'] .= '' . "\r\n"; - $a->page['htmlhead'] .= '' . "\r\n"; + // count jabber addresses + $r = q("SELECT COUNT(1) as `cnt` FROM `pconfig` WHERE `uid`=%d AND `cat`='jappixmini' AND `k` LIKE 'id:%%' AND `v` LIKE '%%@%%'", local_user()); + if (count($r)) $address_cnt = $r[0]["cnt"]; + else $address_cnt = 0; - $a->page['htmlhead'] .= '' . "\r\n"; - } + if (!$activate) { + // load scripts if not yet activated so that password can be saved + $a->page['htmlhead'] .= ''."\r\n"; + $a->page['htmlhead'] .= ''."\r\n"; - $s .= ''; - $s .= '

' . t('Jappix Mini') . '

'; - $s .= ''; - $s .= ''; - $a->page['htmlhead'] .= ""; } -function jappixmini_settings_post(App $a, &$b) -{ +function jappixmini_settings_post(&$a,&$b) { // save addon settings for a user - if (!local_user()) { - return; - } + + if(! local_user()) return; $uid = local_user(); - if ($_POST['jappixmini-submit']) { + if($_POST['jappixmini-submit']) { $encrypt = intval($b['jappixmini-encrypt']); if ($encrypt) { // check that Jabber password was encrypted with correct Friendica password $friendica_password = trim($b['jappixmini-friendica-password']); - if (!User::authenticate((int) $uid, $friendica_password)) { + $encrypted = hash('whirlpool',$friendica_password); + $r = q("SELECT * FROM `user` WHERE `uid`=$uid AND `password`='%s'", + dbesc($encrypted) + ); + if (!count($r)) { info("Wrong friendica password!"); return; } @@ -438,152 +412,142 @@ function jappixmini_settings_post(App $a, &$b) $purge = intval($b['jappixmini-purge']); $username = trim($b['jappixmini-username']); - $old_username = PConfig::get($uid, 'jappixmini', 'username'); - if ($username != $old_username) { - $purge = 1; - } + $old_username = PConfig::get($uid,'jappixmini','username'); + if ($username!=$old_username) $purge = 1; $server = trim($b['jappixmini-server']); - $old_server = PConfig::get($uid, 'jappixmini', 'server'); - if ($server != $old_server) { - $purge = 1; - } + $old_server = PConfig::get($uid,'jappixmini','server'); + if ($server!=$old_server) $purge = 1; - PConfig::set($uid, 'jappixmini', 'username' , $username); - PConfig::set($uid, 'jappixmini', 'server' , $server); - PConfig::set($uid, 'jappixmini', 'bosh' , trim($b['jappixmini-bosh'])); - PConfig::set($uid, 'jappixmini', 'password' , trim($b['jappixmini-encrypted-password'])); - PConfig::set($uid, 'jappixmini', 'autosubscribe' , intval($b['jappixmini-autosubscribe'])); - PConfig::set($uid, 'jappixmini', 'autoapprove' , intval($b['jappixmini-autoapprove'])); - PConfig::set($uid, 'jappixmini', 'activate' , intval($b['jappixmini-activate'])); - PConfig::set($uid, 'jappixmini', 'dontinsertchat', intval($b['jappixmini-dont-insertchat'])); - PConfig::set($uid, 'jappixmini', 'encrypt' , $encrypt); - info('Jappix Mini settings saved.'); + PConfig::set($uid,'jappixmini','username',$username); + PConfig::set($uid,'jappixmini','server',$server); + PConfig::set($uid,'jappixmini','bosh',trim($b['jappixmini-bosh'])); + PConfig::set($uid,'jappixmini','password',trim($b['jappixmini-encrypted-password'])); + PConfig::set($uid,'jappixmini','autosubscribe',intval($b['jappixmini-autosubscribe'])); + PConfig::set($uid,'jappixmini','autoapprove',intval($b['jappixmini-autoapprove'])); + PConfig::set($uid,'jappixmini','activate',intval($b['jappixmini-activate'])); + PConfig::set($uid,'jappixmini','dontinsertchat',intval($b['jappixmini-dont-insertchat'])); + PConfig::set($uid,'jappixmini','encrypt',$encrypt); + info( 'Jappix Mini settings saved.' ); if ($purge) { q("DELETE FROM `pconfig` WHERE `uid`=$uid AND `cat`='jappixmini' AND `k` LIKE 'id:%%'"); - info('List of addresses purged.'); + info( 'List of addresses purged.' ); } } } -function jappixmini_script(App $a) -{ - // adds the script to the page header which starts Jappix Mini - if (!local_user()) { - return; - } +function jappixmini_script(&$a,&$s) { + // adds the script to the page header which starts Jappix Mini - if ($_GET["mode"] == "minimal") { - return; - } + if(! local_user()) return; - $activate = PConfig::get(local_user(), 'jappixmini', 'activate'); - $dontinsertchat = PConfig::get(local_user(), 'jappixmini', 'dontinsertchat'); - if (!$activate || $dontinsertchat) { - return; - } + if ($_GET["mode"] == "minimal") + return; - $a->page['htmlhead'] .= '' . "\r\n"; - $a->page['htmlhead'] .= '' . "\r\n"; + $activate = PConfig::get(local_user(),'jappixmini','activate'); + $dontinsertchat = PConfig::get(local_user(), 'jappixmini','dontinsertchat'); + if (!$activate || $dontinsertchat) return; - $a->page['htmlhead'] .= '' . "\r\n"; + $a->page['htmlhead'] .= ''."\r\n"; + $a->page['htmlhead'] .= ''."\r\n"; - $username = PConfig::get(local_user(), 'jappixmini', 'username'); - $username = str_replace("'", "\\'", $username); - $server = PConfig::get(local_user(), 'jappixmini', 'server'); - $server = str_replace("'", "\\'", $server); - $bosh = PConfig::get(local_user(), 'jappixmini', 'bosh'); - $bosh = str_replace("'", "\\'", $bosh); - $encrypt = PConfig::get(local_user(), 'jappixmini', 'encrypt'); - $encrypt = intval($encrypt); - $password = PConfig::get(local_user(), 'jappixmini', 'password'); - $password = str_replace("'", "\\'", $password); + $a->page['htmlhead'] .= ''."\r\n"; - $autoapprove = PConfig::get(local_user(), 'jappixmini', 'autoapprove'); - $autoapprove = intval($autoapprove); - $autosubscribe = PConfig::get(local_user(), 'jappixmini', 'autosubscribe'); - $autosubscribe = intval($autosubscribe); + $username = PConfig::get(local_user(),'jappixmini','username'); + $username = str_replace("'", "\\'", $username); + $server = PConfig::get(local_user(),'jappixmini','server'); + $server = str_replace("'", "\\'", $server); + $bosh = PConfig::get(local_user(),'jappixmini','bosh'); + $bosh = str_replace("'", "\\'", $bosh); + $encrypt = PConfig::get(local_user(),'jappixmini','encrypt'); + $encrypt = intval($encrypt); + $password = PConfig::get(local_user(),'jappixmini','password'); + $password = str_replace("'", "\\'", $password); - // set proxy if necessary - $use_proxy = Config::get('jappixmini', 'bosh_proxy'); - if ($use_proxy) { - $proxy = $a->get_baseurl() . '/addon/jappixmini/proxy.php'; - } else { - $proxy = ""; - } + $autoapprove = PConfig::get(local_user(),'jappixmini','autoapprove'); + $autoapprove = intval($autoapprove); + $autosubscribe = PConfig::get(local_user(),'jappixmini','autosubscribe'); + $autosubscribe = intval($autosubscribe); - // get a list of jabber accounts of the contacts - $contacts = Array(); - $uid = local_user(); - $rows = q("SELECT * FROM `pconfig` WHERE `uid`=$uid AND `cat`='jappixmini' AND `k` LIKE 'id:%%'"); - foreach ($rows as $row) { - $key = $row['k']; - $pos = strpos($key, ":"); - $dfrn_id = substr($key, $pos + 1); - $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", dbesc($dfrn_id), dbesc($dfrn_id)); - if (count($r)) - $name = $r[0]["name"]; + // set proxy if necessary + $use_proxy = Config::get('jappixmini','bosh_proxy'); + if ($use_proxy) { + $proxy = $a->get_baseurl().'/addon/jappixmini/proxy.php'; + } + else { + $proxy = ""; + } - $value = $row['v']; - $pos = strpos($value, ":"); - $address = substr($value, $pos + 1); - if (!$address) { - continue; - } - if (!$name) { - $name = $address; - } + // get a list of jabber accounts of the contacts + $contacts = Array(); + $uid = local_user(); + $rows = q("SELECT * FROM `pconfig` WHERE `uid`=$uid AND `cat`='jappixmini' AND `k` LIKE 'id:%%'"); + foreach ($rows as $row) { + $key = $row['k']; + $pos = strpos($key, ":"); + $dfrn_id = substr($key, $pos+1); + $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", + dbesc($dfrn_id), + dbesc($dfrn_id) + ); + if (count($r)) + $name = $r[0]["name"]; - $contacts[$address] = $name; - } - $contacts_json = json_encode($contacts); - $contacts_hash = sha1($contacts_json); + $value = $row['v']; + $pos = strpos($value, ":"); + $address = substr($value, $pos+1); + if (!$address) continue; + if (!$name) $name = $address; - // get nickname - $r = q("SELECT `username` FROM `user` WHERE `uid`=$uid"); - $nickname = json_encode($r[0]["username"]); - $groupchats = Config::get('jappixmini', 'groupchats'); - //if $groupchats has no value jappix_addon_start will produce a syntax error - if (empty($groupchats)) { - $groupchats = "{}"; - } + $contacts[$address] = $name; + } + $contacts_json = json_encode($contacts); + $contacts_hash = sha1($contacts_json); - // add javascript to start Jappix Mini - $a->page['htmlhead'] .= ""; - return; + return; } -function jappixmini_login(App $a, &$o) -{ - // create client secret on login to be able to encrypt jabber passwords - // for setDB and str_sha1, needed by jappixmini_addon_set_client_secret - $a->page['htmlhead'] .= '' . "\r\n"; +function jappixmini_login(&$a, &$o) { + // create client secret on login to be able to encrypt jabber passwords - // for jappixmini_addon_set_client_secret - $a->page['htmlhead'] .= '' . "\r\n"; + // for setDB and str_sha1, needed by jappixmini_addon_set_client_secret + $a->page['htmlhead'] .= ''."\r\n"; - // save hash of password - $o = str_replace("
page['htmlhead'] .= ''."\r\n"; + + // save hash of password + $o = str_replace("status != "ok") { - throw new Exception(); - } + if ($answer->status != "ok") throw new Exception(); $encrypted_address_hex = $answer->encrypted_address; - if (!$encrypted_address_hex) { - throw new Exception(); - } + if (!$encrypted_address_hex) throw new Exception(); $encrypted_address = hex2bin($encrypted_address_hex); - if (!$encrypted_address) { - throw new Exception(); - } + if (!$encrypted_address) throw new Exception(); // decrypt address $decrypted_address = ""; $decrypt_func($encrypted_address, $decrypted_address, $key); - if (!$decrypted_address) { - throw new Exception(); - } + if (!$decrypted_address) throw new Exception(); } catch (Exception $e) { $decrypted_address = ""; } @@ -690,10 +636,10 @@ function jappixmini_cron(App $a, $d) } } -function jappixmini_download_source(App $a, &$b) -{ +function jappixmini_download_source(&$a,&$b) { // Jappix Mini source download link on About page + $b .= '

Jappix Mini

'; - $b .= '

This site uses the jappixmini addon, which includes Jappix Mini by the Jappix authors and is distributed under the terms of the GNU Affero General Public License.

'; - $b .= '

You can download the source code of the addon. The rest of Friendica is distributed under compatible licenses and can be retrieved from https://github.com/friendica/friendica and https://github.com/friendica/friendica-addons

'; + $b .= '

This site uses the jappixmini addon, which includes Jappix Mini by the Jappix authors and is distributed under the terms of the GNU Affero General Public License.

'; + $b .= '

You can download the source code of the addon. The rest of Friendica is distributed under compatible licenses and can be retrieved from https://github.com/friendica/friendica and https://github.com/friendica/friendica-addons

'; } diff --git a/ldapauth/ldapauth.php b/ldapauth/ldapauth.php index 699d0dca..a0b270e3 100755 --- a/ldapauth/ldapauth.php +++ b/ldapauth/ldapauth.php @@ -1,4 +1,5 @@ * Author: aymhce */ - + /** * Friendica addon - * + * * Module: LDAP Authenticate * * Authenticate a user against an LDAP directory @@ -18,13 +19,13 @@ * * Optionally authenticates only if a member of a given group in the directory. * - * By default, the person must have registered with Friendica using the normal registration + * By default, the person must have registered with Friendica using the normal registration * procedures in order to have a Friendica user record, contact, and profile. * However, it's possible with an option to automate the creation of a Friendica basic account. * * Note when using with Windows Active Directory: you may need to set TLS_CACERT in your site - * ldap.conf file to the signing cert for your LDAP server. - * + * ldap.conf file to the signing cert for your LDAP server. + * * The configuration options for this module may be set in the .htconfig.php file * e.g.: * @@ -51,147 +52,145 @@ * * ...etc. */ - -require_once('include/user.php'); - use Friendica\Core\Config; +use Friendica\Model\User; - -function ldapauth_install() { +function ldapauth_install() +{ register_hook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate'); } - -function ldapauth_uninstall() { +function ldapauth_uninstall() +{ unregister_hook('authenticate', 'addon/ldapauth/ldapauth.php', 'ldapauth_hook_authenticate'); } - -function ldapauth_hook_authenticate($a,&$b) { - if(ldapauth_authenticate($b['username'],$b['password'])) { - $results = get_existing_account($b['username']); - if(! empty($results)){ - $b['user_record'] = $results[0]; - $b['authenticated'] = 1; - } - } - return; +function ldapauth_hook_authenticate($a, &$b) +{ + if (ldapauth_authenticate($b['username'], $b['password'])) { + $results = get_existing_account($b['username']); + if (!empty($results)) { + $b['user_record'] = $results[0]; + $b['authenticated'] = 1; + } + } + return; } -function ldapauth_authenticate($username,$password) { +function ldapauth_authenticate($username, $password) +{ + $ldap_server = Config::get('ldapauth', 'ldap_server'); + $ldap_binddn = Config::get('ldapauth', 'ldap_binddn'); + $ldap_bindpw = Config::get('ldapauth', 'ldap_bindpw'); + $ldap_searchdn = Config::get('ldapauth', 'ldap_searchdn'); + $ldap_userattr = Config::get('ldapauth', 'ldap_userattr'); + $ldap_group = Config::get('ldapauth', 'ldap_group'); + $ldap_autocreateaccount = Config::get('ldapauth', 'ldap_autocreateaccount'); + $ldap_autocreateaccount_emailattribute = Config::get('ldapauth', 'ldap_autocreateaccount_emailattribute'); + $ldap_autocreateaccount_nameattribute = Config::get('ldapauth', 'ldap_autocreateaccount_nameattribute'); - $ldap_server = Config::get('ldapauth','ldap_server'); - $ldap_binddn = Config::get('ldapauth','ldap_binddn'); - $ldap_bindpw = Config::get('ldapauth','ldap_bindpw'); - $ldap_searchdn = Config::get('ldapauth','ldap_searchdn'); - $ldap_userattr = Config::get('ldapauth','ldap_userattr'); - $ldap_group = Config::get('ldapauth','ldap_group'); - $ldap_autocreateaccount = Config::get('ldapauth','ldap_autocreateaccount'); - $ldap_autocreateaccount_emailattribute = Config::get('ldapauth','ldap_autocreateaccount_emailattribute'); - $ldap_autocreateaccount_nameattribute = Config::get('ldapauth','ldap_autocreateaccount_nameattribute'); - - if(! ((strlen($password)) - && (function_exists('ldap_connect')) - && (strlen($ldap_server)))) { - logger("ldapauth: not configured or missing php-ldap module"); - return false; - } + if (!(strlen($password) && function_exists('ldap_connect') && strlen($ldap_server))) { + logger("ldapauth: not configured or missing php-ldap module"); + return false; + } - $connect = @ldap_connect($ldap_server); + $connect = @ldap_connect($ldap_server); - if($connect === false) { - logger("ldapauth: could not connect to $ldap_server"); - return false; - } + if ($connect === false) { + logger("ldapauth: could not connect to $ldap_server"); + return false; + } - @ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION,3); - @ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); - if((@ldap_bind($connect,$ldap_binddn,$ldap_bindpw)) === false) { - logger("ldapauth: could not bind $ldap_server as $ldap_binddn"); - return false; - } + @ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); + @ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); + if ((@ldap_bind($connect, $ldap_binddn, $ldap_bindpw)) === false) { + logger("ldapauth: could not bind $ldap_server as $ldap_binddn"); + return false; + } - $res = @ldap_search($connect,$ldap_searchdn, $ldap_userattr . '=' . $username); + $res = @ldap_search($connect, $ldap_searchdn, $ldap_userattr . '=' . $username); - if(! $res) { - logger("ldapauth: $ldap_userattr=$username,$ldap_searchdn not found"); - return false; - } + if (!$res) { + logger("ldapauth: $ldap_userattr=$username,$ldap_searchdn not found"); + return false; + } - $id = @ldap_first_entry($connect,$res); + $id = @ldap_first_entry($connect, $res); - if(! $id) { - return false; - } + if (!$id) { + return false; + } - $dn = @ldap_get_dn($connect,$id); + $dn = @ldap_get_dn($connect, $id); - if(! @ldap_bind($connect,$dn,$password)) - return false; - - $emailarray = []; - $namearray = []; - if($ldap_autocreateaccount == "true"){ - if(! strlen($ldap_autocreateaccount_emailattribute)) - $ldap_autocreateaccount_emailattribute = "mail"; - if(! strlen($ldap_autocreateaccount_nameattribute)) - $ldap_autocreateaccount_nameattribute = "givenName"; - $emailarray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_emailattribute); - $namearray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_nameattribute); - } + if (!@ldap_bind($connect, $dn, $password)) { + return false; + } - if(! strlen($ldap_group)){ - ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]); - return true; - } + $emailarray = []; + $namearray = []; + if ($ldap_autocreateaccount == "true") { + if (!strlen($ldap_autocreateaccount_emailattribute)) { + $ldap_autocreateaccount_emailattribute = "mail"; + } + if (!strlen($ldap_autocreateaccount_nameattribute)) { + $ldap_autocreateaccount_nameattribute = "givenName"; + } + $emailarray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_emailattribute); + $namearray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_nameattribute); + } - $r = @ldap_compare($connect,$ldap_group,'member',$dn); - if ($r === -1) { - $err = @ldap_error($connect); - $eno = @ldap_errno($connect); - @ldap_close($connect); + if (!strlen($ldap_group)) { + ldap_autocreateaccount($ldap_autocreateaccount, $username, $password, $emailarray[0], $namearray[0]); + return true; + } - if ($eno === 32) { - logger("ldapauth: access control group Does Not Exist"); - return false; - } - elseif ($eno === 16) { - logger('ldapauth: membership attribute does not exist in access control group'); - return false; - } - else { - logger('ldapauth: error: ' . $err); - return false; - } - } - elseif ($r === false) { - @ldap_close($connect); - return false; - } + $r = @ldap_compare($connect, $ldap_group, 'member', $dn); + if ($r === -1) { + $err = @ldap_error($connect); + $eno = @ldap_errno($connect); + @ldap_close($connect); - ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$emailarray[0],$namearray[0]); - return true; + if ($eno === 32) { + logger("ldapauth: access control group Does Not Exist"); + return false; + } elseif ($eno === 16) { + logger('ldapauth: membership attribute does not exist in access control group'); + return false; + } else { + logger('ldapauth: error: ' . $err); + return false; + } + } elseif ($r === false) { + @ldap_close($connect); + return false; + } + + ldap_autocreateaccount($ldap_autocreateaccount, $username, $password, $emailarray[0], $namearray[0]); + return true; } -function ldap_autocreateaccount($ldap_autocreateaccount,$username,$password,$email,$name) { - if($ldap_autocreateaccount == "true"){ - $results = get_existing_account($username); - if(empty($results)){ - if (strlen($email) > 0 && strlen($name) > 0){ - $arr = array('username'=>$name,'nickname'=>$username,'email'=>$email,'password'=>$password,'verified'=>1); - $result = create_user($arr); - if ($result['success']){ - logger("ldapauth: account " . $username . " created"); - }else{ - logger("ldapauth: account " . $username . " was not created ! : " . implode($result)); - } - }else{ - logger("ldapauth: unable to create account, no email or nickname found"); - } - } - } +function ldap_autocreateaccount($ldap_autocreateaccount, $username, $password, $email, $name) +{ + if ($ldap_autocreateaccount == "true") { + $results = get_existing_account($username); + if (empty($results)) { + if (strlen($email) > 0 && strlen($name) > 0) { + $arr = array('username' => $name, 'nickname' => $username, 'email' => $email, 'password' => $password, 'verified' => 1); + $result = User::create($arr); + if ($result['success']) { + logger("ldapauth: account " . $username . " created"); + } else { + logger("ldapauth: account " . $username . " was not created ! : " . implode($result)); + } + } else { + logger("ldapauth: unable to create account, no email or nickname found"); + } + } + } } -function get_existing_account($username){ - return q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",$username); +function get_existing_account($username) +{ + return q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", $username); } diff --git a/statusnet/statusnet.php b/statusnet/statusnet.php index 8433580f..3c6ac499 100644 --- a/statusnet/statusnet.php +++ b/statusnet/statusnet.php @@ -998,6 +998,8 @@ function statusnet_fetch_contact($uid, $contact, $create_user) { group_add_member($uid,'',$contact_id,$g[0]['def_gid']); } + require_once("Photo.php"); + $photos = Photo::importProfilePhoto($contact->profile_image_url,$uid,$contact_id); q("UPDATE `contact` SET `photo` = '%s', @@ -1023,6 +1025,8 @@ function statusnet_fetch_contact($uid, $contact, $create_user) { logger("statusnet_fetch_contact: Updating contact ".$contact->screen_name, LOGGER_DEBUG); + require_once("Photo.php"); + $photos = Photo::importProfilePhoto($contact->profile_image_url, $uid, $r[0]['id']); q("UPDATE `contact` SET `photo` = '%s', diff --git a/twitter/twitter.php b/twitter/twitter.php index e8e89031..e38ea8a7 100644 --- a/twitter/twitter.php +++ b/twitter/twitter.php @@ -1024,6 +1024,8 @@ function twitter_fetch_contact($uid, $contact, $create_user) { group_add_member($uid,'',$contact_id,$g[0]['def_gid']); } + require_once("Photo.php"); + $photos = Photo::importProfilePhoto($avatar, $uid, $contact_id, true); if ($photos) { @@ -1055,6 +1057,8 @@ function twitter_fetch_contact($uid, $contact, $create_user) { logger("twitter_fetch_contact: Updating contact ".$contact->screen_name, LOGGER_DEBUG); + require_once("Photo.php"); + $photos = Photo::importProfilePhoto($avatar, $uid, $r[0]['id'], true); if ($photos) { diff --git a/windowsphonepush/windowsphonepush.php b/windowsphonepush/windowsphonepush.php index baa4c656..53bf83b8 100644 --- a/windowsphonepush/windowsphonepush.php +++ b/windowsphonepush/windowsphonepush.php @@ -1,58 +1,69 @@ - * - * + * + * * Pre-requisite: Windows Phone mobile device (at least WP 7.0) * Friendica mobile app on Windows Phone * * When plugin is installed, the system calls the plugin * name_install() function, located in 'addon/name/name.php', * where 'name' is the name of the addon. - * If the addon is removed from the configuration list, the + * If the addon is removed from the configuration list, the * system will call the name_uninstall() function. * * Version history: - * 1.1 : addon crashed on php versions >= 5.4 as of removed deprecated call-time + * 1.1 : addon crashed on php versions >= 5.4 as of removed deprecated call-time * pass-by-reference used in function calls within function windowsphonepush_content * 2.0 : adaption for supporting emphasizing new entries in app (count on tile cannot be read out, - * so we need to retrieve counter through show_settings secondly). Provide new function for + * so we need to retrieve counter through show_settings secondly). Provide new function for * calling from app to set the counter back after start (if user starts again before cronjob * sets the counter back * count only unseen elements which are not type=activity (likes and dislikes not seen as new elements) */ -use Friendica\App; -use Friendica\Core\PConfig; -use Friendica\Model\User; -function windowsphonepush_install() -{ - /* Our plugin will attach in three places. - * The first is within cron - so the push notifications will be +use Friendica\Core\PConfig; + +function windowsphonepush_install() { + + /** + * + * Our plugin will attach in three places. + * The first is within cron - so the push notifications will be * sent every 10 minutes (or whatever is set in crontab). + * */ + register_hook('cron', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_cron'); - /* Then we'll attach into the plugin settings page, and also the + /** + * + * Then we'll attach into the plugin settings page, and also the * settings post hook so that we can create and update - * user preferences. User shall be able to activate the plugin and + * user preferences. User shall be able to activate the plugin and * define whether he allows pushing first characters of item text + * */ + register_hook('plugin_settings', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_settings'); register_hook('plugin_settings_post', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_settings_post'); logger("installed windowsphonepush"); } -function windowsphonepush_uninstall() -{ - /* uninstall unregisters any hooks created with register_hook + +function windowsphonepush_uninstall() { + + /** + * + * uninstall unregisters any hooks created with register_hook * during install. Don't delete data in table `pconfig`. + * */ + unregister_hook('cron', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_cron'); unregister_hook('plugin_settings', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_settings'); unregister_hook('plugin_settings_post', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_settings_post'); @@ -60,48 +71,51 @@ function windowsphonepush_uninstall() logger("removed windowsphonepush"); } + /* declare the windowsphonepush function so that /windowsphonepush url requests will land here */ -function windowsphonepush_module() -{ +function windowsphonepush_module() {} -} -/* Callback from the settings post function. +/** + * + * Callback from the settings post function. * $post contains the $_POST array. * We will make sure we've got a valid user account * and if so set our configuration setting for this person. + * */ -function windowsphonepush_settings_post($a, $post) -{ - if (!local_user() || (!x($_POST, 'windowsphonepush-submit'))) { +function windowsphonepush_settings_post($a,$post) { + if(! local_user() || (! x($_POST,'windowsphonepush-submit'))) return; - } $enable = intval($_POST['windowsphonepush']); - PConfig::set(local_user(), 'windowsphonepush', 'enable', $enable); + PConfig::set(local_user(),'windowsphonepush','enable',$enable); - if ($enable) { - PConfig::set(local_user(), 'windowsphonepush', 'counterunseen', 0); + if($enable) { + PConfig::set(local_user(),'windowsphonepush','counterunseen', 0); } - PConfig::set(local_user(), 'windowsphonepush', 'senditemtext', intval($_POST['windowsphonepush-senditemtext'])); + PConfig::set(local_user(),'windowsphonepush','senditemtext',intval($_POST['windowsphonepush-senditemtext'])); - info(t('WindowsPhonePush settings updated.') . EOL); + info( t('WindowsPhonePush settings updated.') . EOL); } -/* Called from the Plugin Setting form. + +/** + * + * Called from the Plugin Setting form. * Add our own settings info to the page. + * */ -function windowsphonepush_settings(&$a, &$s) -{ - if (!local_user()) { +function windowsphonepush_settings(&$a,&$s) { + + if(! local_user()) return; - } /* Add our stylesheet to the page so we can make our settings look nice */ $a->page['htmlhead'] .= '' . "\r\n"; /* Get the current state of our config variables */ - $enabled = PConfig::get(local_user(), 'windowsphonepush', 'enable'); + $enabled = PConfig::get(local_user(),'windowsphonepush','enable'); $checked_enabled = (($enabled) ? ' checked="checked" ' : ''); $senditemtext = PConfig::get(local_user(), 'windowsphonepush', 'senditemtext'); @@ -123,7 +137,7 @@ function windowsphonepush_settings(&$a, &$s) $s .= ''; $s .= '
'; - /* provide a submit button - enable und senditemtext can be changed by the user */ + /* provide a submit button - enable und senditemtext can be changed by the user*/ $s .= '
'; /* provide further read-only information concerning the addon (useful for */ @@ -131,40 +145,47 @@ function windowsphonepush_settings(&$a, &$s) $s .= ''; $s .= ''; $s .= '
'; - + return; + } -/* Cron function used to regularly check all users on the server with active windowsphonepushplugin and send + +/** + * + * Cron function used to regularly check all users on the server with active windowsphonepushplugin and send * notifications to the Microsoft servers and consequently to the Windows Phone device + * */ -function windowsphonepush_cron() -{ + +function windowsphonepush_cron() { // retrieve all UID's for which the plugin windowsphonepush is enabled and loop through every user $r = q("SELECT * FROM `pconfig` WHERE `cat` = 'windowsphonepush' AND `k` = 'enable' AND `v` = 1"); - if (count($r)) { - foreach ($r as $rr) { + if(count($r)) { + foreach($r as $rr) { // load stored information for the user-id of the current loop $device_url = PConfig::get($rr['uid'], 'windowsphonepush', 'device_url'); $lastpushid = PConfig::get($rr['uid'], 'windowsphonepush', 'lastpushid'); - // pushing only possible if device_url (the URI on Microsoft server) is available or not "NA" (which will be sent + // pushing only possible if device_url (the URI on Microsoft server) is available or not "NA" (which will be sent // by app if user has switched the server setting in app - sending blank not possible as this would return an update error) - if (( $device_url == "" ) || ( $device_url == "NA" )) { + if ( ( $device_url == "" ) || ( $device_url == "NA" ) ) { // no Device-URL for the user availabe, but plugin is enabled --> write info to Logger logger("WARN: windowsphonepush is enable for user " . $rr['uid'] . ", but no Device-URL is specified for the user."); } else { - // retrieve the number of unseen items and the id of the latest one (if there are more than + // retrieve the number of unseen items and the id of the latest one (if there are more than // one new entries since last poller run, only the latest one will be pushed) - $count = q("SELECT count(`id`) as count, max(`id`) as max FROM `item` WHERE `unseen` = 1 AND `type` <> 'activity' AND `uid` = %d", intval($rr['uid'])); + $count = q("SELECT count(`id`) as count, max(`id`) as max FROM `item` WHERE `unseen` = 1 AND `type` <> 'activity' AND `uid` = %d", + intval($rr['uid']) + ); - // send number of unseen items to the device (the number will be displayed on Start screen until - // App will be started by user) - this update will be sent every 10 minutes to update the number to 0 if + // send number of unseen items to the device (the number will be displayed on Start screen until + // App will be started by user) - this update will be sent every 10 minutes to update the number to 0 if // user has loaded the timeline through app or website $res_tile = send_tile_update($device_url, "", $count[0]['count'], ""); switch (trim($res_tile)) { case "Received": - // ok, count has been pushed, let's save it in personal settings + // ok, count has been pushed, let's save it in personal settings PConfig::set($rr['uid'], 'windowsphonepush', 'counterunseen', $count[0]['count']); break; case "QueueFull": @@ -191,22 +212,24 @@ function windowsphonepush_cron() $senditemtext = PConfig::get($rr['uid'], 'windowsphonepush', 'senditemtext'); if ($senditemtext == 1) { // load item with the max id - $item = q("SELECT `author-name` as author, `body` as body FROM `item` where `id` = %d", intval($count[0]['max'])); + $item = q("SELECT `author-name` as author, `body` as body FROM `item` where `id` = %d", + intval($count[0]['max']) + ); // as user allows to send the item, we want to show the sender of the item in the toast - // toasts are limited to one line, therefore place is limited - author shall be in + // toasts are limited to one line, therefore place is limited - author shall be in // max. 15 chars (incl. dots); author is displayed in bold font $author = $item[0]['author']; $author = ((strlen($author) > 12) ? substr($author, 0, 12) . "..." : $author); // normally we show the body of the item, however if it is an url or an image we cannot - // show this in the toast (only test), therefore changing to an alternate text + // show this in the toast (only test), therefore changing to an alternate text // Otherwise BBcode-Tags will be eliminated and plain text cutted to 140 chars (incl. dots) // BTW: information only possible in English $body = $item[0]['body']; - if (substr($body, 0, 4) == "[url") { + if (substr($body, 0, 4) == "[url") $body = "URL/Image ..."; - } else { + else { require_once('include/bbcode.php'); require_once("include/html2plain.php"); $body = bbcode($body, false, false, 2, true); @@ -214,37 +237,40 @@ function windowsphonepush_cron() $body = ((strlen($body) > 137) ? substr($body, 0, 137) . "..." : $body); } } else { - // if user wishes higher privacy, we only display "Friendica - New timeline entry arrived" + // if user wishes higher privacy, we only display "Friendica - New timeline entry arrived" $author = "Friendica"; $body = "New timeline entry arrived ..."; } - // only if toast push notification returns the Notification status "Received" we will update th settings with the + // only if toast push notification returns the Notification status "Received" we will update th settings with the // new indicator max-id is checked against (QueueFull, Suppressed, N/A, Dropped shall qualify to resend - // the push notification some minutes later (BTW: if resulting in Expired for subscription status the + // the push notification some minutes later (BTW: if resulting in Expired for subscription status the // device_url will be deleted (no further try on this url, see send_push) // further log information done on count pushing with send_tile (see above) $res_toast = send_toast($device_url, $author, $body); if (trim($res_toast) === 'Received') { PConfig::set($rr['uid'], 'windowsphonepush', 'lastpushid', $count[0]['max']); - } + } } } } } } -/* Tile push notification change the number in the icon of the App in Start Screen of + +/* + * + * Tile push notification change the number in the icon of the App in Start Screen of * a Windows Phone Device, Image could be changed, not used for App "Friendica Mobile" + * */ -function send_tile_update($device_url, $image_url, $count, $title, $priority = 1) -{ +function send_tile_update($device_url, $image_url, $count, $title, $priority = 1) { $msg = "" . "" . - "" . - "" . $image_url . "" . - "" . $count . "" . - "" . $title . "" . - " " . + "". + "" . $image_url . "" . + "" . $count . "" . + "" . $title . "" . + " " . ""; $result = send_push($device_url, array( @@ -254,42 +280,48 @@ function send_tile_update($device_url, $image_url, $count, $title, $priority = 1 return $result; } -/* Toast push notification send information to the top of the display +/* + * + * Toast push notification send information to the top of the display * if the user is not currently using the Friendica Mobile App, however * there is only one line for displaying the information + * */ -function send_toast($device_url, $title, $message, $priority = 2) -{ - $msg = "" . +function send_toast($device_url, $title, $message, $priority = 2) { + $msg = "" . "" . - "" . - "" . $title . "" . - "" . $message . "" . - "" . - "" . + "" . + "" . $title . "" . + "" . $message . "" . + "" . + "" . ""; $result = send_push($device_url, array( 'X-WindowsPhone-Target: toast', - 'X-NotificationClass: ' . $priority, + 'X-NotificationClass: ' . $priority, ), $msg); return $result; } -// General function to send the push notification via cURL -function send_push($device_url, $headers, $msg) -{ +/* + * + * General function to send the push notification via cURL + * + */ +function send_push($device_url, $headers, $msg) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $device_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_HEADER, true); - curl_setopt($ch, CURLOPT_HTTPHEADER, $headers + array( - 'Content-Type: text/xml', - 'charset=utf-8', - 'Accept: application/*', - ) - ); + curl_setopt($ch, CURLOPT_HEADER, true); + curl_setopt($ch, CURLOPT_HTTPHEADER, + $headers + array( + 'Content-Type: text/xml', + 'charset=utf-8', + 'Accept: application/*', + ) + ); curl_setopt($ch, CURLOPT_POSTFIELDS, $msg); $output = curl_exec($ch); @@ -299,31 +331,35 @@ function send_push($device_url, $headers, $msg) // and log this fact $subscriptionStatus = get_header_value($output, 'X-SubscriptionStatus'); if ($subscriptionStatus == "Expired") { - PConfig::set(local_user(), 'windowsphonepush', 'device_url', ""); + PConfig::set(local_user(),'windowsphonepush','device_url', ""); logger("ERROR: the stored Device-URL " . $device_url . "returned an 'Expired' error, it has been deleted now."); } - // the notification status shall be returned to windowsphonepush_cron (will + // the notification status shall be returned to windowsphonepush_cron (will // update settings if 'Received' otherwise keep old value in settings (on QueuedFull. Suppressed, N/A, Dropped) $notificationStatus = get_header_value($output, 'X-NotificationStatus'); return $notificationStatus; -} + } -// helper function to receive statuses from webresponse of Microsoft server -function get_header_value($content, $header) -{ +/* + * helper function to receive statuses from webresponse of Microsoft server + */ +function get_header_value($content, $header) { return preg_match_all("/$header: (.*)/i", $content, $match) ? $match[1][0] : ""; } -/* reading information from url and deciding which function to start + +/* + * + * reading information from url and deciding which function to start * show_settings = delivering settings to check * update_settings = set the device_url * update_counterunseen = set counter for unseen elements to zero + * */ -function windowsphonepush_content(App $a) -{ +function windowsphonepush_content(&$a) { // Login with the specified Network credentials (like in api.php) - windowsphonepush_login($a); + windowsphonepush_login(); $path = $a->argv[0]; $path2 = $a->argv[1]; @@ -335,9 +371,9 @@ function windowsphonepush_content(App $a) break; case "update_settings": $ret = windowsphonepush_updatesettings($a); - header("Content-Type: application/json; charset=utf-8"); + header("Content-Type: application/json; charset=utf-8"); echo json_encode(array('status' => $ret)); - killme(); + killme(); break; case "update_counterunseen": $ret = windowsphonepush_updatecounterunseen(); @@ -351,12 +387,12 @@ function windowsphonepush_content(App $a) } } -// return settings for windowsphonepush addon to be able to check them in WP app -function windowsphonepush_showsettings() -{ - if (!local_user()) { +/* + * return settings for windowsphonepush addon to be able to check them in WP app + */ +function windowsphonepush_showsettings(&$a) { + if(! local_user()) return; - } $enable = PConfig::get(local_user(), 'windowsphonepush', 'enable'); $device_url = PConfig::get(local_user(), 'windowsphonepush', 'device_url'); @@ -365,36 +401,34 @@ function windowsphonepush_showsettings() $counterunseen = PConfig::get(local_user(), 'windowsphonepush', 'counterunseen'); $addonversion = "2.0"; - if (!$device_url) { + if (!$device_url) $device_url = ""; - } - if (!$lastpushid) { + if (!$lastpushid) $lastpushid = 0; - } - header("Content-Type: application/json"); - echo json_encode(array('uid' => local_user(), - 'enable' => $enable, - 'device_url' => $device_url, - 'senditemtext' => $senditemtext, - 'lastpushid' => $lastpushid, - 'counterunseen' => $counterunseen, - 'addonversion' => $addonversion)); + header ("Content-Type: application/json"); + echo json_encode(array('uid' => local_user(), + 'enable' => $enable, + 'device_url' => $device_url, + 'senditemtext' => $senditemtext, + 'lastpushid' => $lastpushid, + 'counterunseen' => $counterunseen, + 'addonversion' => $addonversion)); } -/* update_settings is used to transfer the device_url from WP device to the Friendica server +/* + * update_settings is used to transfer the device_url from WP device to the Friendica server * return the status of the operation to the server */ -function windowsphonepush_updatesettings() -{ - if (!local_user()) { +function windowsphonepush_updatesettings(&$a) { + if(! local_user()) { return "Not Authenticated"; } // no updating if user hasn't enabled the plugin $enable = PConfig::get(local_user(), 'windowsphonepush', 'enable'); - if (!$enable) { + if(! $enable) { return "Plug-in not enabled"; } @@ -405,69 +439,79 @@ function windowsphonepush_updatesettings() return "No valid Device-URL specified"; } - // check if sent url is already stored in database for another user, we assume that there was a change of + // check if sent url is already stored in database for another user, we assume that there was a change of // the user on the Windows Phone device and that device url is no longer true for the other user, so we - // et the device_url for the OTHER user blank (should normally not occur as App should include User/server + // et the device_url for the OTHER user blank (should normally not occur as App should include User/server // in url request to Microsoft Push Notification server) - $r = q("SELECT * FROM `pconfig` WHERE `uid` <> " . local_user() . " AND - `cat` = 'windowsphonepush' AND - `k` = 'device_url' AND + $r = q("SELECT * FROM `pconfig` WHERE `uid` <> " . local_user() . " AND + `cat` = 'windowsphonepush' AND + `k` = 'device_url' AND `v` = '" . $device_url . "'"); - if (count($r)) { - foreach ($r as $rr) { - PConfig::set($rr['uid'], 'windowsphonepush', 'device_url', ''); - logger("WARN: the sent URL was already registered with user '" . $rr['uid'] . "'. Deleted for this user as we expect to be correct now for user '" . local_user() . "'."); + if(count($r)) { + foreach($r as $rr) { + PConfig::set($rr['uid'], 'windowsphonepush', 'device_url', ''); + logger("WARN: the sent URL was already registered with user '" . $rr['uid'] . "'. Deleted for this user as we expect to be correct now for user '" . local_user() . "'."); } } - PConfig::set(local_user(), 'windowsphonepush', 'device_url', $device_url); + PConfig::set(local_user(),'windowsphonepush','device_url', $device_url); // output the successfull update of the device URL to the logger for error analysis if necessary logger("INFO: Device-URL for user '" . local_user() . "' has been updated with '" . $device_url . "'"); return "Device-URL updated successfully!"; } -// update_counterunseen is used to reset the counter to zero from Windows Phone app -function windowsphonepush_updatecounterunseen() -{ - if (!local_user()) { +/* + * update_counterunseen is used to reset the counter to zero from Windows Phone app + */ +function windowsphonepush_updatecounterunseen() { + if(! local_user()) { return "Not Authenticated"; } // no updating if user hasn't enabled the plugin $enable = PConfig::get(local_user(), 'windowsphonepush', 'enable'); - if (!$enable) { + if(! $enable) { return "Plug-in not enabled"; } - PConfig::set(local_user(), 'windowsphonepush', 'counterunseen', 0); + PConfig::set(local_user(),'windowsphonepush','counterunseen', 0); return "Counter set to zero"; } -/* helper function to login to the server with the specified Network credentials +/* + * helper function to login to the server with the specified Network credentials * (mainly copied from api.php) */ -function windowsphonepush_login(App $a) -{ +function windowsphonepush_login() { if (!isset($_SERVER['PHP_AUTH_USER'])) { - logger('API_login: ' . print_r($_SERVER, true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Friendica"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); + logger('API_login: ' . print_r($_SERVER, true), LOGGER_DEBUG); + header('WWW-Authenticate: Basic realm="Friendica"'); + header('HTTP/1.0 401 Unauthorized'); + die('This api requires login'); } - $user_id = User::authenticate($_SERVER['PHP_AUTH_USER'], trim($_SERVER['PHP_AUTH_PW'])); + $user = $_SERVER['PHP_AUTH_USER']; + $encrypted = hash('whirlpool',trim($_SERVER['PHP_AUTH_PW'])); - if ($user_id) { - $record = dba::select('user', [], ['uid' => $user_id], ['limit' => 1]); + // check if user specified by app is available in the user table + $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) + AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", + dbesc(trim($user)), + dbesc(trim($user)), + dbesc($encrypted) + ); + + if(count($r)){ + $record = $r[0]; } else { - logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Friendica"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); + logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); + header('WWW-Authenticate: Basic realm="Friendica"'); + header('HTTP/1.0 401 Unauthorized'); + die('This api requires login'); } - require_once 'include/security.php'; - authenticate_success($record); - $_SESSION["allow_api"] = true; + require_once('include/security.php'); + authenticate_success($record); $_SESSION["allow_api"] = true; call_hooks('logged_in', $a->user); } +