|
|
@ -17,51 +17,69 @@ function dfrn_poll_init(&$a) { |
|
|
|
$dfrn_version = ((x($_GET,'dfrn_version')) ? $_GET['dfrn_version'] : '1.0'); |
|
|
|
$destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : ''); |
|
|
|
|
|
|
|
|
|
|
|
$direction = (-1); |
|
|
|
|
|
|
|
|
|
|
|
if(strpos($dfrn_id,':') == 1) { |
|
|
|
$direction = intval(substr($dfrn_id,0,1)); |
|
|
|
$dfrn_id = substr($dfrn_id,2); |
|
|
|
} |
|
|
|
|
|
|
|
if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) { |
|
|
|
$o = get_feed_for($a,'*', $a->argv[1],$last_update); |
|
|
|
$o = get_feed_for($a, '*', $a->argv[1],$last_update); |
|
|
|
echo $o; |
|
|
|
killme(); |
|
|
|
} |
|
|
|
|
|
|
|
if((x($type)) && ($type == 'profile')) { |
|
|
|
|
|
|
|
$sql_extra = ''; |
|
|
|
switch($direction) { |
|
|
|
case (-1): |
|
|
|
$sql_extra = sprintf(" AND `dfrn-id` = '%s' ", dbesc($dfrn_id)); |
|
|
|
$my_id = $dfrn_id; |
|
|
|
break; |
|
|
|
case 0: |
|
|
|
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); |
|
|
|
$my_id = '1:' . $dfrn_id; |
|
|
|
break; |
|
|
|
case 1: |
|
|
|
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); |
|
|
|
$my_id = '0:' . $dfrn_id; |
|
|
|
break; |
|
|
|
default: |
|
|
|
goaway($a->get_baseurl()); |
|
|
|
break; // NOTREACHED
|
|
|
|
} |
|
|
|
|
|
|
|
$r = q("SELECT `contact`.*, `user`.`nickname`
|
|
|
|
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` |
|
|
|
WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) ",
|
|
|
|
dbesc($dfrn_id), |
|
|
|
dbesc($dfrn_id) |
|
|
|
); |
|
|
|
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra LIMIT 1");
|
|
|
|
|
|
|
|
if(count($r)) { |
|
|
|
foreach($r as $rr) { |
|
|
|
|
|
|
|
// On a multi-user site, the query above *may* have returned two results.
|
|
|
|
// One of those could be the logged-in user who is now visiting "this" cell,
|
|
|
|
// as both share the dfrn_id. We will skip that entry if it unfortunately
|
|
|
|
// happens to come up first.
|
|
|
|
|
|
|
|
if(local_user() && ($rr['uid'] == get_uid())) |
|
|
|
continue; |
|
|
|
|
|
|
|
$s = fetch_url($rr['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check'); |
|
|
|
if(strlen($s)) { |
|
|
|
$xml = simplexml_load_string($s); |
|
|
|
if((int) $xml->status == 1) { |
|
|
|
$_SESSION['authenticated'] = 1; |
|
|
|
$_SESSION['visitor_id'] = $rr['id']; |
|
|
|
notice( t('Hi ') . $rr['name'] . EOL); |
|
|
|
// Visitors get 1 day session.
|
|
|
|
$session_id = session_id(); |
|
|
|
$expire = time() + 86400; |
|
|
|
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", |
|
|
|
dbesc($expire), |
|
|
|
dbesc($session_id) |
|
|
|
); |
|
|
|
} |
|
|
|
|
|
|
|
$s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check'); |
|
|
|
|
|
|
|
if(strlen($s)) { |
|
|
|
|
|
|
|
$xml = simplexml_load_string($s); |
|
|
|
|
|
|
|
if((int) $xml->status == 1) { |
|
|
|
$_SESSION['authenticated'] = 1; |
|
|
|
$_SESSION['visitor_id'] = $r[0]['id']; |
|
|
|
notice( t('Hi ') . $r[0]['name'] . EOL); |
|
|
|
// Visitors get 1 day session.
|
|
|
|
$session_id = session_id(); |
|
|
|
$expire = time() + 86400; |
|
|
|
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", |
|
|
|
dbesc($expire), |
|
|
|
dbesc($session_id) |
|
|
|
); |
|
|
|
} |
|
|
|
$profile = $rr['nickname']; |
|
|
|
goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); |
|
|
|
} |
|
|
|
$profile = $r[0]['nickname']; |
|
|
|
goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); |
|
|
|
} |
|
|
|
goaway($a->get_baseurl()); |
|
|
|
|
|
|
@ -69,6 +87,16 @@ function dfrn_poll_init(&$a) { |
|
|
|
|
|
|
|
if((x($type)) && ($type == 'profile-check')) { |
|
|
|
|
|
|
|
switch($direction) { |
|
|
|
case 1: |
|
|
|
$dfrn_id = '0:' . $dfrn_id; |
|
|
|
break; |
|
|
|
case 0: |
|
|
|
$dfrn_id = '1:' . $dfrn_id; |
|
|
|
break; |
|
|
|
default: |
|
|
|
break; |
|
|
|
} |
|
|
|
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time())); |
|
|
|
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC", |
|
|
|
dbesc($dfrn_id)); |
|
|
@ -91,6 +119,12 @@ function dfrn_poll_post(&$a) { |
|
|
|
$challenge = notags(trim($_POST['challenge'])); |
|
|
|
$url = $_POST['url']; |
|
|
|
|
|
|
|
$direction = (-1); |
|
|
|
if(strpos($dfrn_id,':') == 1) { |
|
|
|
$direction = intval(substr($dfrn_id,0,1)); |
|
|
|
$dfrn_id = substr($dfrn_id,2); |
|
|
|
} |
|
|
|
|
|
|
|
$r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1", |
|
|
|
dbesc($dfrn_id), |
|
|
|
dbesc($challenge) |
|
|
@ -107,10 +141,28 @@ function dfrn_poll_post(&$a) { |
|
|
|
); |
|
|
|
|
|
|
|
|
|
|
|
$r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 )) LIMIT 1", |
|
|
|
dbesc($dfrn_id), |
|
|
|
dbesc($dfrn_id) |
|
|
|
); |
|
|
|
$sql_extra = ''; |
|
|
|
switch($direction) { |
|
|
|
case (-1): |
|
|
|
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); |
|
|
|
$my_id = $dfrn_id; |
|
|
|
break; |
|
|
|
case 0: |
|
|
|
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); |
|
|
|
$my_id = '1:' . $dfrn_id; |
|
|
|
break; |
|
|
|
case 1: |
|
|
|
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); |
|
|
|
$my_id = '0:' . $dfrn_id; |
|
|
|
break; |
|
|
|
default: |
|
|
|
goaway($a->get_baseurl()); |
|
|
|
break; // NOTREACHED
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1"); |
|
|
|
|
|
|
|
|
|
|
|
if(! count($r)) |
|
|
|
killme(); |
|
|
@ -169,6 +221,12 @@ function dfrn_poll_content(&$a) { |
|
|
|
if(x($_GET,'last_update')) |
|
|
|
$last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update']; |
|
|
|
|
|
|
|
$direction = (-1); |
|
|
|
if(strpos($dfrn_id,':') == 1) { |
|
|
|
$direction = intval(substr($dfrn_id,0,1)); |
|
|
|
$dfrn_id = substr($dfrn_id,2); |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if($dfrn_id != '') { |
|
|
|
// initial communication from external contact
|
|
|
@ -187,16 +245,36 @@ function dfrn_poll_content(&$a) { |
|
|
|
dbesc($last_update) |
|
|
|
); |
|
|
|
|
|
|
|
$r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `dfrn-id` = '%s' AND `duplex` = 1 ))
|
|
|
|
AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
|
|
|
|
dbesc($_GET['dfrn_id']), |
|
|
|
dbesc($_GET['dfrn_id']) |
|
|
|
); |
|
|
|
|
|
|
|
$sql_extra = ''; |
|
|
|
switch($direction) { |
|
|
|
case (-1): |
|
|
|
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); |
|
|
|
$my_id = $dfrn_id; |
|
|
|
break; |
|
|
|
case 0: |
|
|
|
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); |
|
|
|
$my_id = '1:' . $dfrn_id; |
|
|
|
break; |
|
|
|
case 1: |
|
|
|
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); |
|
|
|
$my_id = '0:' . $dfrn_id; |
|
|
|
break; |
|
|
|
default: |
|
|
|
goaway($a->get_baseurl()); |
|
|
|
break; // NOTREACHED
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1"); |
|
|
|
|
|
|
|
if(count($r)) { |
|
|
|
|
|
|
|
$challenge = ''; |
|
|
|
$encrypted_id = ''; |
|
|
|
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); |
|
|
|
$id_str = $my_id . '.' . mt_rand(1000,9999); |
|
|
|
|
|
|
|
|
|
|
|
if($r[0]['duplex'] && strlen($r[0]['pubkey'])) { |
|
|
|