friendica
/
friendica
mirror of https://github.com/friendica/friendica.git
5
7
Fork 5
Code Issues Releases Wiki Activity

tag each side of the duplex

Browse Source
pull/1/head
Mike Macgirvin 12 years ago
parent 19661d4c25
commit 2c96ad7739
5 changed files with 225 additions and 61 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 17
      include/notifier.php
  2. 21
      include/poller.php
  3. 74
      mod/dfrn_notify.php
  4. 162
      mod/dfrn_poll.php
  5. 12
      mod/redir.php

17
include/notifier.php
Unescape View File

@ -278,10 +278,19 @@
if((! strlen($rr['dfrn-id'])) && (! $rr['duplex']))
continue;
$idtosend = (($rr['dfrn-id']) ? $rr['dfrn-id'] : $rr['issued-id']);
$idtosend = $orig_id = (($rr['dfrn-id']) ? $rr['dfrn-id'] : $rr['issued-id']);
if($rr['duplex'] && $rr['dfrn-id'])
$idtosend = '0:' . $orig_id;
if($rr['duplex'] && $rr['issued-id'])
$idtosend = '1:' . $orig_id;
$url = $rr['notify'] . '?dfrn_id=' . $idtosend;
if($debugging)
echo "URL: $url";
$xml = fetch_url($url);
if($debugging)
@ -312,7 +321,11 @@
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if($final_dfrn_id != $idtosend) {
if(strpos($final_dfrn_id,':') == 1)
$final_dfrn_id = substr($final_dfrn_id,2);
if($final_dfrn_id != $orig_id) {
// did not decode properly - cannot trust this site
continue;
}

21
include/poller.php
Unescape View File

@ -79,10 +79,16 @@
? datetime_convert('UTC','UTC','now - 30 days','Y-m-d\TH:i:s\Z')
: datetime_convert('UTC','UTC',$contact['last-update'],'Y-m-d\TH:i:s\Z'));
$idtosend = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']);
$url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ;
$idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']);
if(intval($contact['duplex']) && $contact['dfrn-id'])
$idtosend = '0:' . $orig_id;
if(intval($contact['duplex']) && $contact['issued-id'])
$idtosend = '1:' . $orig_id;
$url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ;
$xml = fetch_url($url);
if($debugging) {
@ -93,6 +99,8 @@
if(! $xml)
continue;
$res = simplexml_load_string($xml);
if(intval($res->status) == 1)
@ -122,13 +130,20 @@
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if($final_dfrn_id != $idtosend) {
if(strpos($final_dfrn_id,':') == 1)
$final_dfrn_id = substr($final_dfrn_id,2);
if($final_dfrn_id != $orig_id) {
// did not decode properly - cannot trust this site
continue;
}
$postvars['dfrn_id'] = $idtosend;
$xml = post_url($contact['poll'],$postvars);
if($debugging) {

74
mod/dfrn_notify.php
Unescape View File

@ -9,6 +9,13 @@ function dfrn_notify_post(&$a) {
$dfrn_id = notags(trim($_POST['dfrn_id']));
$challenge = notags(trim($_POST['challenge']));
$data = $_POST['data'];
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
}
$r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
dbesc($dfrn_id),
dbesc($challenge)
@ -23,11 +30,26 @@ function dfrn_notify_post(&$a) {
// find the local user who owns this relationship.
$sql_extra = '';
switch($direction) {
case (-1):
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
break;
default:
xml_status(3);
break; // NOTREACHED
}
$r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact`
LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s' )) LIMIT 1",
dbesc($dfrn_id),
dbesc($dfrn_id)
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra LIMIT 1"
);
if(! count($r)) {
@ -336,7 +358,18 @@ function dfrn_notify_post(&$a) {
function dfrn_notify_content(&$a) {
if(x($_GET,'dfrn_id')) {
// initial communication from external contact
// initial communication from external contact, $direction is their direction.
// If this is a duplex communication, ours will be the opposite.
$dfrn_id = notags(trim($_GET['dfrn_id']));
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
}
$hash = random_string();
$status = 0;
@ -346,21 +379,40 @@ function dfrn_notify_content(&$a) {
$r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` )
VALUES( '%s', '%s', '%s') ",
dbesc($hash),
dbesc(notags(trim($_GET['dfrn_id']))),
dbesc($dfrn_id),
intval(time() + 60 )
);
$r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s'))
AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
dbesc($_GET['dfrn_id']),
dbesc($_GET['dfrn_id'])
);
$sql_extra = '';
switch($direction) {
case (-1):
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
$status = 1;
break; // NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
if(! count($r))
$status = 1;
$challenge = '';
$encrypted_id = '';
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
$id_str = $my_id . '.' . mt_rand(1000,9999);
if(($r[0]['duplex']) && strlen($r[0]['pubkey'])) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);

162
mod/dfrn_poll.php
Unescape View File

@ -17,51 +17,69 @@ function dfrn_poll_init(&$a) {
$dfrn_version = ((x($_GET,'dfrn_version')) ? $_GET['dfrn_version'] : '1.0');
$destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
}
if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
$o = get_feed_for($a,'*', $a->argv[1],$last_update);
$o = get_feed_for($a, '*', $a->argv[1],$last_update);
echo $o;
killme();
}
if((x($type)) && ($type == 'profile')) {
$sql_extra = '';
switch($direction) {
case (-1):
$sql_extra = sprintf(" AND `dfrn-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
goaway($a->get_baseurl());
break; // NOTREACHED
}
$r = q("SELECT `contact`.*, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) ",
dbesc($dfrn_id),
dbesc($dfrn_id)
);
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra LIMIT 1");
if(count($r)) {
foreach($r as $rr) {
// On a multi-user site, the query above *may* have returned two results.
// One of those could be the logged-in user who is now visiting "this" cell,
// as both share the dfrn_id. We will skip that entry if it unfortunately
// happens to come up first.
if(local_user() && ($rr['uid'] == get_uid()))
continue;
$s = fetch_url($rr['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check');
if(strlen($s)) {
$xml = simplexml_load_string($s);
if((int) $xml->status == 1) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $rr['id'];
notice( t('Hi ') . $rr['name'] . EOL);
// Visitors get 1 day session.
$session_id = session_id();
$expire = time() + 86400;
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
dbesc($expire),
dbesc($session_id)
);
}
$s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
if(strlen($s)) {
$xml = simplexml_load_string($s);
if((int) $xml->status == 1) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['id'];
notice( t('Hi ') . $r[0]['name'] . EOL);
// Visitors get 1 day session.
$session_id = session_id();
$expire = time() + 86400;
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
dbesc($expire),
dbesc($session_id)
);
}
$profile = $rr['nickname'];
goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
}
$profile = $r[0]['nickname'];
goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
}
goaway($a->get_baseurl());
@ -69,6 +87,16 @@ function dfrn_poll_init(&$a) {
if((x($type)) && ($type == 'profile-check')) {
switch($direction) {
case 1:
$dfrn_id = '0:' . $dfrn_id;
break;
case 0:
$dfrn_id = '1:' . $dfrn_id;
break;
default:
break;
}
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
dbesc($dfrn_id));
@ -91,6 +119,12 @@ function dfrn_poll_post(&$a) {
$challenge = notags(trim($_POST['challenge']));
$url = $_POST['url'];
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
}
$r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
dbesc($dfrn_id),
dbesc($challenge)
@ -107,10 +141,28 @@ function dfrn_poll_post(&$a) {
);
$r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) LIMIT 1",
dbesc($dfrn_id),
dbesc($dfrn_id)
);
$sql_extra = '';
switch($direction) {
case (-1):
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
goaway($a->get_baseurl());
break; // NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
if(! count($r))
killme();
@ -169,6 +221,12 @@ function dfrn_poll_content(&$a) {
if(x($_GET,'last_update'))
$last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
}
if($dfrn_id != '') {
// initial communication from external contact
@ -187,16 +245,36 @@ function dfrn_poll_content(&$a) {
dbesc($last_update)
);
$r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 ))
AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
dbesc($_GET['dfrn_id']),
dbesc($_GET['dfrn_id'])
);
$sql_extra = '';
switch($direction) {
case (-1):
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
goaway($a->get_baseurl());
break; // NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
if(count($r)) {
$challenge = '';
$encrypted_id = '';
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
$id_str = $my_id . '.' . mt_rand(1000,9999);
if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {

12
mod/redir.php
Unescape View File

@ -10,10 +10,16 @@ function redir_init(&$a) {
if(! count($r))
goaway($a->get_baseurl());
$dfrn_id = $r[0]['issued-id'];
if((! $dfrn_id) && ($r[0]['duplex']))
$dfrn_id = $r[0]['dfrn-id'];
$dfrn_id = $orig_id = $r[0]['issued-id'];
if($r[0]['duplex'] && $r[0]['issued-id']) {
$orig_id = $r[0]['issued-id'];
$dfrn_id = '1:' . $orig_id;
}
if($r[0]['duplex'] && $r[0]['dfrn-id']) {
$orig_id = $r[0]['dfrn-id'];
$dfrn_id = '0:' . $orig_id;
}
q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`)
VALUES( %d, '%s', %d )",
intval($_SESSION['uid']),

Write Preview
Loading…
Cancel
Save