<?php require_once('bbcode.php'); function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update, $direction = 0) { // default permissions - anonymous user $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; if(strlen($owner_id) && ! intval($owner_id)) { $r = q("SELECT `uid`, `nickname` FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($owner_id) ); if(count($r)) { $owner_id = $r[0]['uid']; $owner_nick = $r[0]['nickname']; } } $r = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1", intval($owner_id) ); if(count($r)) { $owner = $r[0]; $owner['nickname'] = $owner_nick; } else killme(); if($dfrn_id && $dfrn_id != '*') { $sql_extra = ''; switch($direction) { case (-1): $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id)); $my_id = $dfrn_id; break; case 0: $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); $my_id = '1:' . $dfrn_id; break; case 1: $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); $my_id = '0:' . $dfrn_id; break; default: return false; break; // NOTREACHED } $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d $sql_extra LIMIT 1", intval($owner_id) ); if(! count($r)) return false; $contact = $r[0]; $groups = init_groups_visitor($contact['id']); if(count($groups)) { for($x = 0; $x < count($groups); $x ++) $groups[$x] = '<' . intval($groups[$x]) . '>' ; $gs = implode('|', $groups); } else $gs = '<<>>' ; // Impossible to match $sql_extra = sprintf(" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs) ); } if($dfrn_id === '' || $dfrn_id === '*') $sort = 'DESC'; else $sort = 'ASC'; if(! strlen($last_update)) $last_update = 'now -30 days'; $check_date = datetime_convert('UTC','UTC',$last_update,'Y-m-d H:i:s'); $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`wall` = 1 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' ) $sql_extra ORDER BY `parent` %s, `created` ASC LIMIT 0, 300", intval($owner_id), dbesc($check_date), dbesc($check_date), dbesc($sort) ); // Will check further below if this actually returned results. // We will provide an empty feed in any case. $items = $r; $feed_template = load_view_file('view/atom_feed.tpl'); $atom = ''; $hub = get_config('system','huburl'); $hubxml = ''; if(strlen($hub)) { $hubs = explode(',', $hub); if(count($hubs)) { foreach($hubs as $h) { $h = trim($h); if(! strlen($h)) continue; $hubxml .= '<link rel="hub" href="' . xmlify($h) . '" />' . "\n" ; } } } $salmon = '<link rel="salmon" href="' . xmlify($a->get_baseurl() . '/salmon/' . $owner_nick) . '" />' . "\n" ; $salmon .= '<link rel="http://salmon-protocol.org/ns/salmon-replies" href="' . xmlify($a->get_baseurl() . '/salmon/' . $owner_nick) . '" />' . "\n" ; $salmon .= '<link rel="http://salmon-protocol.org/ns/salmon-mention" href="' . xmlify($a->get_baseurl() . '/salmon/' . $owner_nick) . '" />' . "\n" ; $atom .= replace_macros($feed_template, array( '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now' , ATOM_TIME)) , '$hub' => $hubxml, '$salmon' => $salmon, '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) )); if(! count($items)) { $atom .= '</feed>' . "\r\n"; return $atom; } foreach($items as $item) { // public feeds get html, our own nodes use bbcode if($dfrn_id === '*') { $type = 'html'; } else { $type = 'text'; } $atom .= atom_entry($item,$type,null,$owner,true); } $atom .= '</feed>' . "\r\n"; return $atom; } function construct_verb($item) { if($item['verb']) return $item['verb']; return ACTIVITY_POST; } function construct_activity_object($item) { if($item['object']) { $o = '<as:object>' . "\r\n"; $r = @simplexml_load_string($item['object']); if($r->type) $o .= '<as:object-type>' . xmlify($r->type) . '</as:object-type>' . "\r\n"; if($r->id) $o .= '<id>' . xmlify($r->id) . '</id>' . "\r\n"; if($r->title) $o .= '<title>' . xmlify($r->title) . '</title>' . "\r\n"; if($r->link) { if(substr($r->link,0,1) === '<') $o .= $r->link; else $o .= '<link rel="alternate" type="text/html" href="' . xmlify($r->link) . '" />' . "\r\n"; } if($r->content) $o .= '<content type="html" >' . xmlify(bbcode($r->content)) . '</content>' . "\r\n"; $o .= '</as:object>' . "\r\n"; return $o; } return ''; } function construct_activity_target($item) { if($item['target']) { $o = '<as:target>' . "\r\n"; $r = @simplexml_load_string($item['target']); if($r->type) $o .= '<as:object-type>' . xmlify($r->type) . '</as:object-type>' . "\r\n"; if($r->id) $o .= '<id>' . xmlify($r->id) . '</id>' . "\r\n"; if($r->title) $o .= '<title>' . xmlify($r->title) . '</title>' . "\r\n"; if($r->link) { if(substr($r->link,0,1) === '<') $o .= $r->link; else $o .= '<link rel="alternate" type="text/html" href="' . xmlify($r->link) . '" />' . "\r\n"; } if($r->content) $o .= '<content type="html" >' . xmlify(bbcode($r->content)) . '</content>' . "\r\n"; $o .= '</as:target>' . "\r\n"; return $o; } return ''; } function get_atom_elements($feed,$item) { require_once('library/HTMLPurifier.auto.php'); require_once('include/html2bbcode.php'); $best_photo = array(); $res = array(); $author = $item->get_author(); $res['author-name'] = unxmlify($author->get_name()); $res['author-link'] = unxmlify($author->get_link()); $res['uri'] = unxmlify($item->get_id()); $res['title'] = unxmlify($item->get_title()); $res['body'] = unxmlify($item->get_content()); // look for a photo. We should check media size and find the best one, // but for now let's just find any author photo $rawauthor = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author'); if($rawauthor && $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) { $base = $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']; foreach($base as $link) { if(! $res['author-avatar']) { if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar') $res['author-avatar'] = unxmlify($link['attribs']['']['href']); } } } $rawactor = $item->get_item_tags(NAMESPACE_ACTIVITY, 'actor'); if($rawactor && activity_match($rawactor[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data'],ACTIVITY_OBJ_PERSON)) { $base = $rawactor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']; if($base && count($base)) { foreach($base as $link) { if($link['attribs']['']['rel'] === 'alternate' && (! $res['author-link'])) $res['author-link'] = unxmlify($link['attribs']['']['href']); if(! $res['author-avatar']) { if($link['attribs']['']['rel'] === 'avatar' || $link['attribs']['']['rel'] === 'photo') $res['author-avatar'] = unxmlify($link['attribs']['']['href']); } } } } // No photo/profile-link on the item - look at the feed level if((! $res['author-link']) || (! $res['author-avatar'])) { $rawauthor = $feed->get_feed_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author'); if($rawauthor && $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) { $base = $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']; foreach($base as $link) { if($link['attribs']['']['rel'] === 'alternate' && (! $res['author-link'])) $res['author-link'] = unxmlify($link['attribs']['']['href']); if(! $res['author-avatar']) { if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar') $res['author-avatar'] = unxmlify($link['attribs']['']['href']); } } } $rawactor = $feed->get_feed_tags(NAMESPACE_ACTIVITY, 'subject'); if($rawactor && activity_match($rawactor[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data'],ACTIVITY_OBJ_PERSON)) { $base = $rawactor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']; if($base && count($base)) { foreach($base as $link) { if($link['attribs']['']['rel'] === 'alternate' && (! $res['author-link'])) $res['author-link'] = unxmlify($link['attribs']['']['href']); if(! $res['author-avatar']) { if($link['attribs']['']['rel'] === 'avatar' || $link['attribs']['']['rel'] === 'photo') $res['author-avatar'] = unxmlify($link['attribs']['']['href']); } } } } } $maxlen = get_max_import_size(); if($maxlen && (strlen($res['body']) > $maxlen)) $res['body'] = substr($res['body'],0, $maxlen); // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust // the content type. Our own network only emits text normally, though it might have been converted to // html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will // have to assume it is all html and needs to be purified. // It doesn't matter all that much security wise - because before this content is used anywhere, we are // going to escape any tags we find regardless, but this lets us import a limited subset of html from // the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining // html. if(strpos($res['body'],'<')) { $res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $res['body']); $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.DefinitionImpl', null); // we shouldn't need a whitelist, because the bbcode converter // will strip out any unsupported tags. // $config->set('HTML.Allowed', 'p,b,a[href],i'); $purifier = new HTMLPurifier($config); $res['body'] = $purifier->purify($res['body']); } $res['body'] = html2bbcode($res['body']); $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) $res['last-child'] = 1; else $res['last-child'] = 0; $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published'); if($rawcreated) $res['created'] = unxmlify($rawcreated[0]['data']); $rawlocation = $item->get_item_tags(NAMESPACE_DFRN, 'location'); if($rawlocation) $res['location'] = unxmlify($rawlocation[0]['data']); $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'updated'); if($rawedited) $res['edited'] = unxmlify($rawcreated[0]['data']); $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner'); if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']) $res['owner-name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']); elseif($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']) $res['owner-name'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']); if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']) $res['owner-link'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']); elseif($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']) $res['owner-link'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']); if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) { $base = $rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']; foreach($base as $link) { if(! $res['owner-avatar']) { if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar') $res['owner-avatar'] = unxmlify($link['attribs']['']['href']); } } } $rawgeo = $item->get_item_tags(NAMESPACE_GEORSS,'point'); if($rawgeo) $res['coord'] = unxmlify($rawgeo[0]['data']); $rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb'); // select between supported verbs if($rawverb) $res['verb'] = unxmlify($rawverb[0]['data']); $rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'object'); if($rawobj) { $res['object'] = '<object>' . "\n"; if($rawobj[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data']) { $res['object-type'] = $rawobj[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data']; $res['object'] .= '<type>' . $rawobj[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data'] . '</type>' . "\n"; } if($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data']) $res['object'] .= '<id>' . $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'] . '</id>' . "\n"; if($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) $res['object'] .= '<link>' . encode_rel_links($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) . '</link>' . "\n"; if($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['title'][0]['data']) $res['object'] .= '<title>' . $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['title'][0]['data'] . '</title>' . "\n"; if($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data']) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data']; if(! $body) $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; if(strpos($body,'<')) { $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $body); $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.DefinitionImpl', null); $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); } $body = html2bbcode($body); $res['object'] .= '<content>' . $body . '</content>' . "\n"; } $res['object'] .= '</object>' . "\n"; } $rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'target'); if($rawobj) { $res['target'] = '<target>' . "\n"; if($rawobj[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data']) { $res['target'] .= '<type>' . $rawobj[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data'] . '</type>' . "\n"; } if($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data']) $res['target'] .= '<id>' . $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'] . '</id>' . "\n"; if($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) $res['target'] .= '<link>' . encode_rel_links($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) . '</link>' . "\n"; if($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['title'][0]['data']) $res['target'] .= '<title>' . $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['title'][0]['data'] . '</title>' . "\n"; if($rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data']) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data']; if(! $body) $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; if(strpos($body,'<')) { $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $body); $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.DefinitionImpl', null); $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); } $body = html2bbcode($body); $res['target'] .= '<content>' . $body . '</content>' . "\n"; } $res['target'] .= '</target>' . "\n"; } return $res; } function encode_rel_links($links) { $o = ''; if(! ((is_array($links)) && (count($links)))) return $o; foreach($links as $link) { $o .= '<link '; if($link['attribs']['']['rel']) $o .= 'rel="' . $link['attribs']['']['rel'] . '" '; if($link['attribs']['']['type']) $o .= 'type="' . $link['attribs']['']['type'] . '" '; if($link['attribs']['']['href']) $o .= 'type="' . $link['attribs']['']['href'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['width']) $o .= 'media:width="' . $link['attribs'][NAMESPACE_MEDIA]['width'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['height']) $o .= 'media:height="' . $link['attribs'][NAMESPACE_MEDIA]['height'] . '" '; $o .= ' />' . "\n" ; } return xmlify($o); } function item_store($arr) { if($arr['gravity']) $arr['gravity'] = intval($arr['gravity']); elseif($arr['parent-uri'] == $arr['uri']) $arr['gravity'] = 0; elseif(activity_match($arr['verb'],ACTIVITY_POST)) $arr['gravity'] = 6; if(! x($arr,'type')) $arr['type'] = 'remote'; $arr['wall'] = ((intval($arr['wall'])) ? 1 : 0); $arr['uri'] = notags(trim($arr['uri'])); $arr['author-name'] = notags(trim($arr['author-name'])); $arr['author-link'] = notags(trim($arr['author-link'])); $arr['author-avatar'] = notags(trim($arr['author-avatar'])); $arr['owner-name'] = notags(trim($arr['owner-name'])); $arr['owner-link'] = notags(trim($arr['owner-link'])); $arr['owner-avatar'] = notags(trim($arr['owner-avatar'])); $arr['created'] = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert()); $arr['edited'] = ((x($arr,'edited') !== false) ? datetime_convert('UTC','UTC',$arr['edited']) : datetime_convert()); $arr['changed'] = datetime_convert(); $arr['title'] = notags(trim($arr['title'])); $arr['location'] = notags(trim($arr['location'])); $arr['coord'] = notags(trim($arr['coord'])); $arr['body'] = escape_tags(trim($arr['body'])); $arr['last-child'] = intval($arr['last-child']); $arr['visible'] = ((x($arr,'visible') !== false) ? intval($arr['visible']) : 1); $arr['deleted'] = 0; $arr['parent-uri'] = notags(trim($arr['parent-uri'])); $arr['verb'] = notags(trim($arr['verb'])); $arr['object-type'] = notags(trim($arr['object-type'])); $arr['object'] = trim($arr['object']); $parent_id = 0; $parent_missing = false; dbesc_array($arr); logger('item_store: ' . print_r($arr,true), LOGGER_DATA); $r = q("INSERT INTO `item` (`" . implode("`, `", array_keys($arr)) . "`) VALUES ('" . implode("', '", array_values($arr)) . "')" ); // find the parent and snarf the item id and ACL's $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($arr['parent-uri']), intval($arr['uid']) ); if(count($r)) { $parent_id = $r[0]['id']; $allow_cid = $r[0]['allow_cid']; $allow_gid = $r[0]['allow_gid']; $deny_cid = $r[0]['deny_cid']; $deny_gid = $r[0]['deny_gid']; } else { $parent_missing = true; } $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", $arr['uri'], // already dbesc'd intval($arr['uid']) ); if(count($r)) { $current_post = $r[0]['id']; logger('item_store: created item ' . $current_post); } else return 0; if($parent_missing) { logger('item_store: item parent was not found - ignoring item'); // perhaps the parent was deleted, but in any case, this thread is dead // and unfortunately our brand new item now has to be destroyed q("DELETE FROM `item` WHERE `id` = %d LIMIT 1", intval($current_post) ); return 0; } // Set parent id - all of the parent's ACL's are also inherited by this post $r = q("UPDATE `item` SET `parent` = %d, `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `id` = %d LIMIT 1", intval($parent_id), dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), dbesc($deny_gid), intval($current_post) ); return $current_post; } function get_item_contact($item,$contacts) { if(! count($contacts) || (! is_array($item))) return false; foreach($contacts as $contact) { if($contact['id'] == $item['contact-id']) { return $contact; break; // NOTREACHED } } return false; } function dfrn_deliver($owner,$contact,$atom) { if((! strlen($contact['dfrn-id'])) && (! $contact['duplex']) && (! ($owner['page-flags'] == PAGE_COMMUNITY))) return 3; $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); if($contact['duplex'] && $contact['dfrn-id']) $idtosend = '0:' . $orig_id; if($contact['duplex'] && $contact['issued-id']) $idtosend = '1:' . $orig_id; $url = $contact['notify'] . '?dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION ; logger('dfrn_deliver: ' . $url); $xml = fetch_url($url); logger('dfrn_deliver: ' . $xml); if(! $xml) return 3; $res = simplexml_load_string($xml); if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id))) return (($res->status) ? $res->status : 3); $postvars = array(); $sent_dfrn_id = hex2bin($res->dfrn_id); $challenge = hex2bin($res->challenge); $final_dfrn_id = ''; if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']); openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']); } else { openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']); } $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); if(strpos($final_dfrn_id,':') == 1) $final_dfrn_id = substr($final_dfrn_id,2); if($final_dfrn_id != $orig_id) { logger('dfrn_deliver: wrong dfrn_id.'); // did not decode properly - cannot trust this site return 3; } $postvars['dfrn_id'] = $idtosend; $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION; if(($contact['rel']) && ($contact['rel'] != REL_FAN) && (! $contact['blocked']) && (! $contact['readonly'])) { $postvars['data'] = $atom; } elseif($owner['page-flags'] == PAGE_COMMUNITY) { $postvars['data'] = $atom; } else { $postvars['data'] = str_replace('<dfrn:comment-allow>1','<dfrn:comment-allow>0',$atom); } $xml = post_url($contact['notify'],$postvars); logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true) . "\n" . "RECEIVING: " . $xml); $res = simplexml_load_string($xml); return $res->status; } /* * * consume_feed - process atom feed and update anything/everything we might need to update * * $xml = the (atom) feed to consume - no RSS spoken here, it might partially work since simplepie * handles both, but we don't claim it will work well, and are reasonably certain it won't. * $importer = the contact_record (joined to user_record) of the local user who owns this relationship. * It is this person's stuff that is going to be updated. * $contact = the person who is sending us stuff. If not set, we MAY be processing a "follow" activity * from an external network and MAY create an appropriate contact record. Otherwise, we MUST * have a contact record. * $hub = should wefind ahub declation in the feed, pass it back to our calling process, who might (or * might not) try and subscribe to it. * */ function consume_feed($xml,$importer,$contact, &$hub) { require_once('simplepie/simplepie.inc'); $feed = new SimplePie(); $feed->set_raw_data($xml); $feed->enable_order_by_date(false); $feed->init(); // Check at the feed level for updated contact name and/or photo $debugging = get_config('system','debugging'); $name_updated = ''; $new_name = ''; $photo_timestamp = ''; $photo_url = ''; $hubs = $feed->get_links('hub'); if(count($hubs)) $hub = implode(',', $hubs); $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author'); if($rawtags) { $elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]; if($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) { $name_updated = $elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']; $new_name = $elems['name'][0]['data']; } if(($elems['link'][0]['attribs']['']['rel'] === 'photo') && ($elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated'])) { $photo_timestamp = datetime_convert('UTC','UTC',$elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated']); $photo_url = $elems['link'][0]['attribs']['']['href']; } } if(! $photo_timestamp) { $photo_rawupdate = $feed->get_feed_tags(NAMESPACE_DFRN,'icon-updated'); if($photo_rawupdate) { $photo_timestamp = datetime_convert('UTC','UTC',$photo_rawupdate[0]['data']); $photo_url = $feed->get_image_url(); } } if((is_array($contact)) && ($photo_timestamp) && (strlen($photo_url)) && ($photo_timestamp > $contact['avatar-date'])) { require_once("Photo.php"); $photo_failure = false; $r = q("SELECT `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d LIMIT 1", intval($contact['id']), intval($contact['uid']) ); if(count($r)) { $resource_id = $r[0]['resource-id']; $img_str = fetch_url($photo_url,true); $img = new Photo($img_str); if($img->is_valid()) { q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND contact-id` = %d AND `uid` = %d", dbesc($resource_id), intval($contact['id']), intval($contact['uid']) ); $img->scaleImageSquare(175); $hash = $resource_id; $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), t('Contact Photos') , 4); $img->scaleImage(80); $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), t('Contact Photos') , 5); $img->scaleImage(48); $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), t('Contact Photos') , 6); if($r) q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc(datetime_convert()), intval($contact['uid']), intval($contact['id']) ); } } } if((is_array($contact)) && ($name_updated) && (strlen($new_name)) && ($name_updated > $contact['name-date'])) { q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc(notags(trim($new_name))), dbesc(datetime_convert()), intval($contact['uid']), intval($contact['id']) ); } // Now process the feed if($feed->get_item_quantity()) { foreach($feed->get_items() as $item) { $deleted = false; $rawdelete = $item->get_item_tags( NAMESPACE_TOMB, 'deleted-entry'); if(isset($rawdelete[0]['attribs']['']['ref'])) { $uri = $rawthread[0]['attribs']['']['ref']; $deleted = true; if(isset($rawdelete[0]['attribs']['']['when'])) { $when = $rawthread[0]['attribs']['']['when']; $when = datetime_convert('UTC','UTC', $when, 'Y-m-d H:i:s'); } else $when = datetime_convert('UTC','UTC','now','Y-m-d H:i:s'); } if($deleted && is_array($contact)) { $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d AND `contact-id` = %d LIMIT 1", dbesc($uri), intval($importer['uid']), intval($contact['id']) ); if(count($r)) { $item = $r[0]; if($item['uri'] == $item['parent-uri']) { $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '', `title` = '' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc($when), dbesc(datetime_convert()), dbesc($item['uri']), intval($importer['uid']) ); } else { $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '', `title` = '' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($when), dbesc(datetime_convert()), dbesc($uri), intval($importer['uid']) ); if($item['last-child']) { // ensure that last-child is set in case the comment that had it just got wiped. $q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ", dbesc(datetime_convert()), dbesc($item['parent-uri']), intval($item['uid']) ); // who is the last child now? $r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d ORDER BY `created` DESC LIMIT 1", dbesc($item['parent-uri']), intval($importer['uid']) ); if(count($r)) { q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d LIMIT 1", intval($r[0]['id']) ); } } } } continue; } $is_reply = false; $item_id = $item->get_id(); $rawthread = $item->get_item_tags( NAMESPACE_THREAD,'in-reply-to'); if(isset($rawthread[0]['attribs']['']['ref'])) { $is_reply = true; $parent_uri = $rawthread[0]['attribs']['']['ref']; } if(($is_reply) && is_array($contact)) { // Have we seen it? If not, import it. $item_id = $item->get_id(); $r = q("SELECT `uid`, `last-child`, `edited` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['uid']) ); // FIXME update content if 'updated' changes if(count($r)) { $allow = $item->get_item_tags( NAMESPACE_DFRN, 'comment-allow'); if($allow && $allow[0]['data'] != $r[0]['last-child']) { $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc($parent_uri), intval($importer['uid']) ); $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", intval($allow[0]['data']), dbesc(datetime_convert()), dbesc($item_id), intval($importer['uid']) ); } continue; } $datarray = get_atom_elements($feed,$item); if($contact['network'] === 'stat' && strlen($datarray['title'])) unset($datarray['title']); $datarray['parent-uri'] = $parent_uri; $datarray['uid'] = $importer['uid']; $datarray['contact-id'] = $contact['id']; if((activity_match($datarray['verb'],ACTIVITY_LIKE)) || (activity_match($datarray['verb'],ACTIVITY_DISLIKE))) { $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; } $r = item_store($datarray); continue; } else { // Head post of a conversation. Have we seen it? If not, import it. $item_id = $item->get_id(); $r = q("SELECT `uid`, `last-child`, `edited` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['uid']) ); if(count($r)) { $allow = $item->get_item_tags( NAMESPACE_DFRN, 'comment-allow'); if($allow && $allow[0]['data'] != $r[0]['last-child']) { $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", intval($allow[0]['data']), dbesc(datetime_convert()), dbesc($item_id), intval($importer['uid']) ); } continue; } $datarray = get_atom_elements($feed,$item); if(activity_match($datarray['verb'],ACTIVITY_FOLLOW)) { logger('consume-feed: New follower'); new_follower($importer,$contact,$datarray,$item); return; } if(activity_match($datarray['verb'],ACTIVITY_UNFOLLOW)) { lose_follower($importer,$contact,$datarray,$item); return; } if(! is_array($contact)) return; if($contact['network'] === 'stat') { if(strlen($datarray['title'])) unset($datarray['title']); if(($contact['rel'] == REL_VIP) || ($contact['rel'] == REL_BUD)) $datarray['last-child'] = 1; } $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['uid']; $datarray['contact-id'] = $contact['id']; $r = item_store($datarray); continue; } } } } function new_follower($importer,$contact,$datarray,$item) { $url = notags(trim($datarray['author-link'])); $name = notags(trim($datarray['author-name'])); $photo = notags(trim($datarray['author-avatar'])); $rawtag = $item->get_item_tags(NAMESPACE_ACTIVITY,'actor'); if($rawtag && $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data']) $nick = $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data']; if(is_array($contact)) { if($contact['network'] == 'stat' && $contact['rel'] == REL_FAN) { $r = q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(REL_BUD), intval($contact['id']), intval($importer['uid']) ); } // send email notification to owner? } else { // create contact record - set to readonly $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `name`, `nick`, `photo`, `network`, `rel`, `blocked`, `readonly`, `pending` ) VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 1, 1 ) ", intval($importer['uid']), dbesc(datetime_convert()), dbesc($url), dbesc($name), dbesc($nick), dbesc($photo), dbesc('stat'), intval(REL_VIP) ); $r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `pending` = 1 AND `rel` = %d LIMIT 1", intval($importer['uid']), dbesc($url), intval(REL_VIP) ); if(count($r)) $contact_record = $r[0]; // create notification $hash = random_string(); if(is_array($contact_record)) { $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `hash`, `datetime`) VALUES ( %d, %d, 0, 0, '%s', '%s' )", intval($importer['uid']), intval($contact_record['id']), dbesc($hash), dbesc(datetime_convert()) ); } $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($importer['uid']) ); if(count($r)) { if(($r[0]['notify-flags'] & NOTIFY_INTRO) && ($r[0]['page-flags'] == PAGE_NORMAL)) { $email_tpl = load_view_file('view/follow_notify_eml.tpl'); $email = replace_macros($email_tpl, array( '$requestor' => ((strlen($name)) ? $name : t('[Name Withheld]')), '$url' => $url, '$myname' => $r[0]['username'], '$siteurl' => $a->get_baseurl(), '$sitename' => $a->config['sitename'] )); $res = mail($r[0]['email'], t("You have a new follower at ") . $a->config['sitename'], $email, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] ); } } } } function lose_follower($importer,$contact,$datarray,$item) { if(($contact['rel'] == REL_BUD) || ($contact['rel'] == REL_FAN)) { q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d LIMIT 1", intval(REL_FAN), intval($contact['id']) ); } else { contact_remove($contact['id']); } } function subscribe_to_hub($url,$importer,$contact) { if(is_array($importer)) { $r = q("SELECT `nickname` FROM `user` WHERE `uid` = %d LIMIT 1", intval($importer['uid']) ); } if(! count($r)) return; $push_url = get_config('system','url') . '/pubsub/' . $r[0]['nickname'] . '/' . $contact['id']; // Use a single verify token, even if multiple hubs $verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : random_string()); $params= 'hub.mode=subscribe&hub.callback=' . urlencode($push_url) . '&hub.topic=' . urlencode($contact['poll']) . '&hub.verify=async&hub.verify_token=' . $verify_token; logger('subscribe_to_hub: subscribing ' . $contact['name'] . ' to hub ' . $url . ' with verifier ' . $verify_token); if(! strlen($contact['hub-verify'])) { $r = q("UPDATE `contact` SET `hub-verify` = '%s' WHERE `id` = %d LIMIT 1", dbesc($verify_token), intval($contact['id']) ); } post_url($url,$params); return; } function atom_author($tag,$name,$uri,$h,$w,$photo) { $o = ''; if(! $tag) return $o; $name = xmlify($name); $uri = xmlify($uri); $h = intval($h); $w = intval($w); $photo = xmlify($photo); $o .= "<$tag>\r\n"; $o .= "<name>$name</name>\r\n"; $o .= "<uri>$uri</uri>\r\n"; $o .= '<link rel="photo" type="image/jpeg" media:width="' . $w . '" media:height="' . $h . '" href="' . $photo . '" />' . "\r\n"; $o .= '<link rel="avatar" type="image/jpeg" media:width="' . $w . '" media:height="' . $h . '" href="' . $photo . '" />' . "\r\n"; $o .= "</$tag>\r\n"; return $o; } function atom_entry($item,$type,$author,$owner,$comment = false) { if($item['deleted']) return '<at:deleted-entry ref="' . xmlify($item['uri']) . '" when="' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '" />' . "\r\n"; $a = get_app(); $o = "\r\n\r\n<entry>\r\n"; if(is_array($author)) $o .= atom_author('author',$author['name'],$author['url'],80,80,$author['thumb']); else $o .= atom_author('author',$item['name'],$item['url'],80,80,$item['thumb']); if(strlen($item['owner-name'])) $o .= atom_author('dfrn:owner',$item['owner-name'],$item['owner-link'],80,80,$item['owner-avatar']); if($item['parent'] != $item['id']) $o .= '<thr:in-reply-to ref="' . xmlify($item['parent-uri']) . '" type="text/html" href="' . xmlify($a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id']) . '" />' . "\r\n"; $o .= '<id>' . xmlify($item['uri']) . '</id>' . "\r\n"; $o .= '<title>' . xmlify($item['title']) . '</title>' . "\r\n"; $o .= '<published>' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '</published>' . "\r\n"; $o .= '<updated>' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '</updated>' . "\r\n"; $o .= '<content type="' . $type . '" >' . xmlify(($type === 'html') ? bbcode($item['body']) : $item['body']) . '</content>' . "\r\n"; $o .= '<link rel="alternate" href="' . xmlify($a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id']) . '" />' . "\r\n"; if($comment) $o .= '<dfrn:comment-allow>' . intval($item['last-child']) . '</dfrn:comment-allow>' . "\r\n"; if($item['location']) $o .= '<dfrn:location>' . xmlify($item['location']) . '</dfrn:location>' . "\r\n"; if($item['coord']) $o .= '<georss:point>' . xmlify($item['coord']) . '</georss:point>' . "\r\n"; $verb = construct_verb($item); $o .= '<as:verb>' . xmlify($verb) . '</as:verb>' . "\r\n"; $actobj = construct_activity_object($item); if(strlen($actobj)) $o .= $actobj; $actarg = construct_activity_target($item); if(strlen($actarg)) $o .= $actarg; $mentioned = get_mentions($item); if($mentioned) $o .= $mentioned; $o .= '</entry>' . "\r\n"; return $o; }