Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

197 lines
4.7 KiB

11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
  1. <?php
  2. require_once('include/items.php');
  3. require_once('include/auth.php');
  4. function dfrn_poll_init(&$a) {
  5. $dfrn_id = '';
  6. if(x($_GET,'dfrn_id'))
  7. $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
  8. if(x($_GET,'type'))
  9. $type = $a->config['dfrn_poll_type'] = $_GET['type'];
  10. if(x($_GET,'last_update'))
  11. $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
  12. if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
  13. $o = get_feed_for($a,'*', $a->argv[1],$last_update);
  14. echo $o;
  15. killme();
  16. }
  17. if((x($type)) && ($type == 'profile')) {
  18. $r = q("SELECT `contact`.*, `user`.`nickname`
  19. FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
  20. WHERE `issued-id` = '%s' LIMIT 1",
  21. dbesc($dfrn_id));
  22. if(count($r)) {
  23. $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check');
  24. if(strlen($s)) {
  25. $xml = simplexml_load_string($s);
  26. if((int) $xml->status == 1) {
  27. $_SESSION['authenticated'] = 1;
  28. $_SESSION['visitor_id'] = $r[0]['id'];
  29. $_SESSION['sysmsg'] .= "Hi {$r[0]['name']}" . EOL;
  30. // Visitors get 1 day session.
  31. $session_id = session_id();
  32. $expire = time() + 86400;
  33. q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
  34. dbesc($expire),
  35. dbesc($session_id));
  36. }
  37. }
  38. $profile = ((strlen($r[0]['nickname'])) ? $r[0]['nickname'] : $r[0]['uid']);
  39. goaway($a->get_baseurl() . "/profile/$profile/visit");
  40. }
  41. goaway($a->get_baseurl());
  42. }
  43. if((x($type)) && ($type == 'profile-check')) {
  44. q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
  45. $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
  46. dbesc($dfrn_id));
  47. if(count($r))
  48. xml_status(1);
  49. xml_status(0);
  50. return; // NOTREACHED
  51. }
  52. }
  53. function dfrn_poll_post(&$a) {
  54. $dfrn_id = notags(trim($_POST['dfrn_id']));
  55. $challenge = notags(trim($_POST['challenge']));
  56. $url = $_POST['url'];
  57. $r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
  58. dbesc($dfrn_id),
  59. dbesc($challenge)
  60. );
  61. if(! count($r))
  62. killme();
  63. $type = $r[0]['type'];
  64. $last_update = $r[0]['last_update'];
  65. $r = q("DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
  66. dbesc($dfrn_id),
  67. dbesc($challenge)
  68. );
  69. $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' LIMIT 1",
  70. dbesc($dfrn_id)
  71. );
  72. if(! count($r))
  73. killme();
  74. $owner_uid = $r[0]['uid'];
  75. $contact_id = $r[0]['id'];
  76. if($type == 'reputation' && strlen($url)) {
  77. $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
  78. dbesc($url),
  79. intval($owner_uid)
  80. );
  81. $reputation = 0;
  82. $text = '';
  83. if(count($r)) {
  84. $reputation = $r[0]['rating'];
  85. $text = $r[0]['reason'];
  86. if($r[0]['id'] == $contact_id) { // inquiring about own reputation not allowed
  87. $reputation = 0;
  88. $text = '';
  89. }
  90. }
  91. echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
  92. <reputation>
  93. <url>$url</url>
  94. <rating>$reputation</rating>
  95. <description>$text</description>
  96. </reputation>
  97. ";
  98. killme();
  99. return; // NOTREACHED
  100. }
  101. else {
  102. $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update);
  103. echo $o;
  104. killme();
  105. }
  106. }
  107. function dfrn_poll_content(&$a) {
  108. $dfrn_id = '';
  109. $type = 'data';
  110. if(x($_GET,'dfrn_id'))
  111. $dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
  112. if(x($_GET,'type'))
  113. $type = $a->config['dfrn_poll_type'] = $_GET['type'];
  114. if(x($_GET,'last_update'))
  115. $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
  116. if($dfrn_id != '') {
  117. // initial communication from external contact
  118. $hash = random_string();
  119. $status = 0;
  120. $r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
  121. $r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
  122. VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
  123. dbesc($hash),
  124. dbesc(notags(trim($_GET['dfrn_id']))),
  125. intval(time() + 60 ),
  126. dbesc($type),
  127. dbesc($last_update)
  128. );
  129. $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
  130. dbesc($_GET['dfrn_id']));
  131. if((! count($r)) || (! strlen($r[0]['prvkey'])))
  132. $status = 1;
  133. $challenge = '';
  134. openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
  135. $challenge = bin2hex($challenge);
  136. $encrypted_id = '';
  137. $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
  138. openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
  139. $encrypted_id = bin2hex($encrypted_id);
  140. echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>'
  141. . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
  142. session_write_close();
  143. exit;
  144. }
  145. }