Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 666 lines (524 sloc) 19.96 kb
6348e70 projectred Initial checkin
projectred authored
1 <?php
2
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
3 /*
4 * Module: dfrn_confirm
5 * Purpose: Friendship acceptance for DFRN contacts
6 *
7 * There are two possible entry points and three scenarios.
8 *
9 * 1. A form was submitted by our user approving a friendship that originated elsewhere.
10 * This may also be called from dfrn_request to automatically approve a friendship.
11 *
12 * 2. We may be the target or other side of the conversation to scenario 1, and will
13 * interact with that process on our own user's behalf.
14 *
15 */
e0b392b friendica add a bit more logging to friend accept
friendika authored
16
0f47ac2 projectred celebrity/group/community pages about 75% implemented
projectred authored
17 function dfrn_confirm_post(&$a,$handsfree = null) {
99a903e projectred better intro text
projectred authored
18
0f47ac2 projectred celebrity/group/community pages about 75% implemented
projectred authored
19 if(is_array($handsfree)) {
20
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
21 /**
22 * We were called directly from dfrn_request due to automatic friend acceptance.
23 * Any $_POST parameters we may require are supplied in the $handsfree array.
24 *
25 */
0f47ac2 projectred celebrity/group/community pages about 75% implemented
projectred authored
26
27 $node = $handsfree['node'];
28 $a->interactive = false; // notice() becomes a no-op since nobody is there to see it
29
30 }
31 else {
32 if($a->argc > 1)
33 $node = $a->argv[1];
34 }
6348e70 projectred Initial checkin
projectred authored
35
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
36 /**
37 *
38 * Main entry point. Scenario 1. Our user received a friend request notification (perhaps
39 * from another site) and clicked 'Approve'.
40 * $POST['source_url'] is not set. If it is, it indicates Scenario 2.
41 *
42 * We may also have been called directly from dfrn_request ($handsfree != null) due to
43 * this being a page type which supports automatic friend acceptance. That is also Scenario 1
44 * since we are operating on behalf of our registered user to approve a friendship.
45 *
46 */
6348e70 projectred Initial checkin
projectred authored
47
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
48 if(! x($_POST,'source_url')) {
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
49
ac824fe projectred eradicate redundant get_uid function
projectred authored
50 $uid = ((is_array($handsfree)) ? $handsfree['uid'] : local_user());
6348e70 projectred Initial checkin
projectred authored
51
52 if(! $uid) {
8424f31 projectred a bit more robust about loading external pics
projectred authored
53 notice( t('Permission denied.') . EOL );
6348e70 projectred Initial checkin
projectred authored
54 return;
55 }
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
56
0f47ac2 projectred celebrity/group/community pages about 75% implemented
projectred authored
57 $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
58 intval($uid)
59 );
60
61 if(! $user) {
62 notice( t('Profile not found.') . EOL );
63 return;
64 }
65
6348e70 projectred Initial checkin
projectred authored
66
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
67 // These data elements may come from either the friend request notification form or $handsfree array.
0f47ac2 projectred celebrity/group/community pages about 75% implemented
projectred authored
68
69 if(is_array($handsfree)) {
ef39bd0 friendica more dfrn_confirm logging
friendika authored
70 logger('dfrn_confirm: Confirm in handsfree mode');
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
71 $dfrn_id = $handsfree['dfrn_id'];
72 $intro_id = $handsfree['intro_id'];
73 $duplex = $handsfree['duplex'];
0f47ac2 projectred celebrity/group/community pages about 75% implemented
projectred authored
74 }
75 else {
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
76 $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
77 $intro_id = ((x($_POST,'intro_id')) ? intval($_POST['intro_id']) : 0 );
78 $duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
79 $cid = ((x($_POST,'contact_id')) ? intval($_POST['contact_id']) : 0 );
0f47ac2 projectred celebrity/group/community pages about 75% implemented
projectred authored
80 }
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
81
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
82 /**
83 *
84 * Ensure that dfrn_id has precedence when we go to find the contact record.
85 * We only want to search based on contact id if there is no dfrn_id,
86 * e.g. for OStatus network followers.
87 *
88 */
89
90 if(strlen($dfrn_id))
91 $cid = 0;
92
ef39bd0 friendica more dfrn_confirm logging
friendika authored
93 logger('dfrn_confirm: Confirming request for dfrn_id (issued) ' . $dfrn_id);
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
94 if($cid)
95 logger('dfrn_confirm: Confirming follower with contact_id: ' . $cid);
ef39bd0 friendica more dfrn_confirm logging
friendika authored
96
e0b392b friendica add a bit more logging to friend accept
friendika authored
97
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
98 /**
99 *
100 * The other person will have been issued an ID when they first requested friendship.
101 * Locate their record. At this time, their record will have both pending and blocked set to 1.
102 * There won't be any dfrn_id if this is a network follower, so use the contact_id instead.
103 *
104 */
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
105
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
106 $r = q("SELECT * FROM `contact` WHERE ( ( `issued-id` != '' AND `issued-id` = '%s' ) OR ( `id` = %d AND `id` != 0 ) ) AND `uid` = %d LIMIT 1",
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
107 dbesc($dfrn_id),
108 intval($cid),
109 intval($uid)
0ddfdce projectred make it much easier to debug friend acceptance issues
projectred authored
110 );
6348e70 projectred Initial checkin
projectred authored
111
ffb1997 projectred mistpark 2.0 infrasturcture lands
projectred authored
112 if(! count($r)) {
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
113 logger('dfrn_confirm: Contact not found in DB.');
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
114 notice( t('Contact not found.') . EOL );
6348e70 projectred Initial checkin
projectred authored
115 return;
116 }
117
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
118 $contact = $r[0];
6348e70 projectred Initial checkin
projectred authored
119
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
120 $contact_id = $contact['id'];
121 $relation = $contact['rel'];
122 $site_pubkey = $contact['site-pubkey'];
123 $dfrn_confirm = $contact['confirm'];
124 $aes_allow = $contact['aes_allow'];
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
125
a3ddbb5 friendica issues with friendship again
friendika authored
126 $network = ((strlen($contact['issued-id'])) ? 'dfrn' : 'stat');
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
127
a3ddbb5 friendica issues with friendship again
friendika authored
128 if($network === 'dfrn') {
6348e70 projectred Initial checkin
projectred authored
129
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
130 /**
131 *
132 * Generate a key pair for all further communications with this person.
133 * We have a keypair for every contact, and a site key for unknown people.
134 * This provides a means to carry on relationships with other people if
135 * any single key is compromised. It is a robust key. We're much more
136 * worried about key leakage than anybody cracking it.
137 *
138 */
6348e70 projectred Initial checkin
projectred authored
139
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
140 $res = openssl_pkey_new(array(
3757c9c friendica use sha1 keys for friends as well
friendika authored
141 'digest_alg' => 'sha1',
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
142 'private_key_bits' => 4096,
143 'encrypt_key' => false )
144 );
6348e70 projectred Initial checkin
projectred authored
145
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
146 $private_key = '';
6348e70 projectred Initial checkin
projectred authored
147
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
148 openssl_pkey_export($res, $private_key);
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
149
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
150 $pubkey = openssl_pkey_get_details($res);
151 $public_key = $pubkey["key"];
6348e70 projectred Initial checkin
projectred authored
152
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
153 // Save the private key. Send them the public key.
6348e70 projectred Initial checkin
projectred authored
154
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
155 $r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
156 dbesc($private_key),
157 intval($contact_id),
158 intval($uid)
159 );
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
160
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
161 $params = array();
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
162
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
163 /**
164 *
165 * Per the DFRN protocol, we will verify both ends by encrypting the dfrn_id with our
166 * site private key (person on the other end can decrypt it with our site public key).
167 * Then encrypt our profile URL with the other person's site public key. They can decrypt
168 * it with their site private key. If the decryption on the other end fails for either
169 * item, it indicates tampering or key failure on at least one site and we will not be
170 * able to provide a secure communication pathway.
171 *
172 * If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
173 * or later) then we encrypt the personal public key we send them using AES-256-CBC and a
174 * random key which is encrypted with their site public key.
175 *
176 */
6348e70 projectred Initial checkin
projectred authored
177
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
178 $src_aes_key = random_string();
6348e70 projectred Initial checkin
projectred authored
179
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
180 $result = '';
181 openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
6348e70 projectred Initial checkin
projectred authored
182
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
183 $params['dfrn_id'] = bin2hex($result);
184 $params['public_key'] = $public_key;
0ddfdce projectred make it much easier to debug friend acceptance issues
projectred authored
185
6348e70 projectred Initial checkin
projectred authored
186
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
187 $my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
6348e70 projectred Initial checkin
projectred authored
188
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
189 openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
190 $params['source_url'] = bin2hex($params['source_url']);
ffb1997 projectred mistpark 2.0 infrasturcture lands
projectred authored
191
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
192 if($aes_allow && function_exists('openssl_encrypt')) {
193 openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
194 $params['aes_key'] = bin2hex($params['aes_key']);
195 $params['public_key'] = bin2hex(openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key));
196 }
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
197
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
198 $params['dfrn_version'] = DFRN_PROTOCOL_VERSION ;
199 if($duplex == 1)
200 $params['duplex'] = 1;
6348e70 projectred Initial checkin
projectred authored
201
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
202 logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA);
e0b392b friendica add a bit more logging to friend accept
friendika authored
203
9fb0bd5 friendica Raise network timeout during friend acceptance, because
friendika authored
204 /**
205 *
206 * POST all this stuff to the other site.
207 * Temporarily raise the network timeout to 120 seconds because the default 60
208 * doesn't always give the other side quite enough time to decrypt everything.
209 *
210 */
211
212 $a->config['system']['curl_timeout'] = 120;
6348e70 projectred Initial checkin
projectred authored
213
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
214 $res = post_url($dfrn_confirm,$params);
036964d projectred friend acceptance sets up lots of important stuff, so we
projectred authored
215
e0b392b friendica add a bit more logging to friend accept
friendika authored
216 logger('dfrn_confirm: Confirm: received data: ' . $res, LOGGER_DATA);
217
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
218 // Now figure out what they responded. Try to be robust if the remote site is
219 // having difficulty and throwing up errors of some kind.
036964d projectred friend acceptance sets up lots of important stuff, so we
projectred authored
220
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
221 $leading_junk = substr($res,0,strpos($res,'<?xml'));
036964d projectred friend acceptance sets up lots of important stuff, so we
projectred authored
222
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
223 $res = substr($res,strpos($res,'<?xml'));
224 if(! strlen($res)) {
036964d projectred friend acceptance sets up lots of important stuff, so we
projectred authored
225
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
226 // No XML at all, this exchange is messed up really bad.
227 // We shouldn't proceed, because the xml parser might choke,
228 // and $status is going to be zero, which indicates success.
229 // We can hardly call this a success.
230
231 notice( t('Response from remote site was not understood.') . EOL);
232 return;
233 }
036964d projectred friend acceptance sets up lots of important stuff, so we
projectred authored
234
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
235 if(strlen($leading_junk) && get_config('system','debugging')) {
236
237 // This might be more common. Mixed error text and some XML.
238 // If we're configured for debugging, show the text. Proceed in either case.
036964d projectred friend acceptance sets up lots of important stuff, so we
projectred authored
239
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
240 notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
241 }
6348e70 projectred Initial checkin
projectred authored
242
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
243 $xml = simplexml_load_string($res);
244 $status = (int) $xml->status;
245 $message = unxmlify($xml->message); // human readable text of what may have gone wrong.
246 switch($status) {
247 case 0:
248 notice( t("Confirmation completed successfully.") . EOL);
249 if(strlen($message))
250 notice( t('Remote site reported: ') . $message . EOL);
251 break;
252 case 1:
253 // birthday paradox - generate new dfrn-id and fall through.
254 $new_dfrn_id = random_string();
255 $r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
256 dbesc($new_dfrn_id),
257 intval($contact_id),
258 intval($uid)
259 );
260
261 case 2:
262 notice( t("Temporary failure. Please wait and try again.") . EOL);
263 if(strlen($message))
264 notice( t('Remote site reported: ') . $message . EOL);
265 break;
266
267
268 case 3:
269 notice( t("Introduction failed or was revoked.") . EOL);
270 if(strlen($message))
271 notice( t('Remote site reported: ') . $message . EOL);
272 break;
273 }
274
275 if(($status == 0) && ($intro_id)) {
276
277 // Success. Delete the notification.
278
279 $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
280 intval($intro_id),
281 intval($uid)
6348e70 projectred Initial checkin
projectred authored
282 );
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
283
036964d projectred friend acceptance sets up lots of important stuff, so we
projectred authored
284 }
6348e70 projectred Initial checkin
projectred authored
285
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
286 if($status != 0)
287 return;
6348e70 projectred Initial checkin
projectred authored
288 }
036964d projectred friend acceptance sets up lots of important stuff, so we
projectred authored
289
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
290
291 /*
292 *
293 * We have now established a relationship with the other site.
294 * Let's make our own personal copy of their profile photo so we don't have
295 * to always load it from their site.
296 *
297 * We will also update the contact record with the nature and scope of the relationship.
298 *
299 */
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
300
6348e70 projectred Initial checkin
projectred authored
301 require_once("Photo.php");
302
d2e20d0 projectred de-duplicate photo importation logic
projectred authored
303 $photos = import_profile_photo($contact['photo'],$uid,$contact_id);
e0b392b friendica add a bit more logging to friend accept
friendika authored
304
305 logger('dfrn_confirm: confirm - imported photos');
ffb1997 projectred mistpark 2.0 infrasturcture lands
projectred authored
306
a3ddbb5 friendica issues with friendship again
friendika authored
307 if($network === 'dfrn') {
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
308
309 $new_relation = REL_VIP;
310 if(($relation == REL_FAN) || ($duplex))
311 $new_relation = REL_BUD;
312
70bcf00 friendica if pre-existing relationship, don't set duplex
friendika authored
313 if(($relation == REL_FAN) && ($duplex))
314 $duplex = 0;
315
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
316 $r = q("UPDATE `contact` SET `photo` = '%s',
b94cb8d friendica add micro profile photo
friendika authored
317 `thumb` = '%s',
318 `micro` = '%s',
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
319 `rel` = %d,
320 `name-date` = '%s',
321 `uri-date` = '%s',
322 `avatar-date` = '%s',
323 `blocked` = 0,
324 `pending` = 0,
325 `duplex` = %d,
326 `network` = 'dfrn' WHERE `id` = %d LIMIT 1
327 ",
d2e20d0 projectred de-duplicate photo importation logic
projectred authored
328 dbesc($photos[0]),
329 dbesc($photos[1]),
b94cb8d friendica add micro profile photo
friendika authored
330 dbesc($photos[2]),
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
331 intval($new_relation),
332 dbesc(datetime_convert()),
333 dbesc(datetime_convert()),
334 dbesc(datetime_convert()),
335 intval($duplex),
336 intval($contact_id)
337 );
338 }
339 else {
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
340 // $network !== 'dfrn'
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
341
342 $notify = '';
343 $poll = '';
344
345 $arr = lrdd($contact['url']);
346 if(count($arr)) {
347 foreach($arr as $link) {
348 if($link['@attributes']['rel'] === 'salmon')
349 $notify = $link['@attributes']['href'];
350 if($link['@attributes']['rel'] === NAMESPACE_FEED)
351 $poll = $link['@attributes']['href'];
352 }
353 }
354
355 $r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
356 intval($intro_id),
357 intval($uid)
358 );
359
a3ddbb5 friendica issues with friendship again
friendika authored
360
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
361 $r = q("UPDATE `contact` SET `photo` = '%s',
b94cb8d friendica add micro profile photo
friendika authored
362 `thumb` = '%s',
363 `micro` = '%s',
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
364 `name-date` = '%s',
365 `uri-date` = '%s',
366 `avatar-date` = '%s',
367 `notify` = '%s',
368 `poll` = '%s',
369 `blocked` = 0,
a3ddbb5 friendica issues with friendship again
friendika authored
370 `pending` = 0,
371 `network` = 'stat'
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
372 WHERE `id` = %d LIMIT 1
373 ",
d2e20d0 projectred de-duplicate photo importation logic
projectred authored
374 dbesc($photos[0]),
375 dbesc($photos[1]),
b94cb8d friendica add micro profile photo
friendika authored
376 dbesc($photos[2]),
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
377 dbesc(datetime_convert()),
378 dbesc(datetime_convert()),
379 dbesc(datetime_convert()),
380 dbesc($notify),
381 dbesc($poll),
382 intval($contact_id)
383 );
384 }
385
6348e70 projectred Initial checkin
projectred authored
386 if($r === false)
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
387 notice( t('Unable to set contact photo.') . EOL);
6d7b018 projectred minor edit to last commit
projectred authored
388
b302012 friendica send new friend activity when appropriate
friendika authored
389 // reload contact info
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
390
b302012 friendica send new friend activity when appropriate
friendika authored
391 $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
392 intval($contact_id)
393 );
394 if(count($r))
395 $contact = $r[0];
396 else
397 $contact = null;
398
399 // Send a new friend post if we are allowed to...
400
401 $r = q("SELECT `hide-friends` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
402 intval($uid)
403 );
404 if((count($r)) && ($r[0]['hide-friends'] == 0) && (is_array($contact)) && isset($new_relation) && ($new_relation == REL_BUD)) {
405
406 require_once('include/items.php');
407
408 $self = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
409 intval($uid)
410 );
411
412 if(count($self)) {
413
414 $arr = array();
415 $arr['uri'] = $arr['parent-uri'] = item_new_uri($a->get_hostname(), $uid);
416 $arr['uid'] = $uid;
417 $arr['contact-id'] = $self[0]['id'];
418 $arr['wall'] = 1;
419 $arr['type'] = 'wall';
420 $arr['gravity'] = 0;
421 $arr['author-name'] = $arr['owner-name'] = $self[0]['name'];
422 $arr['author-link'] = $arr['owner-link'] = $self[0]['url'];
423 $arr['author-avatar'] = $arr['owner-avatar'] = $self[0]['thumb'];
424 $arr['verb'] = ACTIVITY_FRIEND;
425 $arr['object-type'] = ACTIVITY_OBJ_PERSON;
426 $arr['body'] = '[url=' . $self[0]['url'] . ']' . $self[0]['name'] . '[/url] ' . t('is now friends with')
427 . ' [url=' . $contact['url'] . ']' . $contact['name'] . '[/url]' . "\n\n\n"
428 . ' [url=' . $contact['url'] . ']' . '[img]' . $contact['thumb'] . '[/img][/url]';
429
430 $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $contact['name'] . '</title>'
431 . '<id>' . $contact['url'] . '/' . $contact['name'] . '</id>';
432 $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $contact['url'] . '" />' . "\n");
433 $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $contact['thumb'] . '" />' . "\n");
434 $arr['object'] .= '</link></object>' . "\n";
c55cb45 friendica revised openid patch, added fix for Windows servers, make "is now friend...
friendika authored
435 $arr['last-child'] = 1;
b302012 friendica send new friend activity when appropriate
friendika authored
436
437 $i = item_store($arr);
755c224 friendica move php path setting inside proc_run
friendika authored
438 if($i)
439 proc_run('php',"include/notifier.php","activity","$i");
b302012 friendica send new friend activity when appropriate
friendika authored
440
441 }
442
443 }
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
444 // Let's send our user to the contact editor in case they want to
445 // do anything special with this new friend.
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
446
0f47ac2 projectred celebrity/group/community pages about 75% implemented
projectred authored
447 if($handsfree === null)
448 goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
449 else
450 return;
451 //NOTREACHED
6348e70 projectred Initial checkin
projectred authored
452 }
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
453
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
454 /**
455 *
456 *
457 * End of Scenario 1. [Local confirmation of remote friend request].
458 *
459 * Begin Scenario 2. This is the remote response to the above scenario.
460 * This will take place on the site that originally initiated the friend request.
461 * In the section above where the confirming party makes a POST and
462 * retrieves xml status information, they are communicating with the following code.
463 *
464 */
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
465
466 if(x($_POST,'source_url')) {
467
468 // We are processing an external confirmation to an introduction created by our user.
469
4d0f0f9 friendica more instrumentation on dfrn_confirm to help track down why it quietly g...
friendika authored
470 $public_key = ((x($_POST,'public_key')) ? $_POST['public_key'] : '');
471 $dfrn_id = ((x($_POST,'dfrn_id')) ? hex2bin($_POST['dfrn_id']) : '');
472 $source_url = ((x($_POST,'source_url')) ? hex2bin($_POST['source_url']) : '');
473 $aes_key = ((x($_POST,'aes_key')) ? $_POST['aes_key'] : '');
474 $duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
475 $version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
ef39bd0 friendica more dfrn_confirm logging
friendika authored
476
477 logger('dfrn_confirm: requestee contacted: ' . $node);
6b67d00 projectred if pubkey is encrypted, it will also be packaged for safe transport
projectred authored
478
e0b392b friendica add a bit more logging to friend accept
friendika authored
479 logger('dfrn_confirm: request: POST=' . print_r($_POST,true), LOGGER_DATA);
480
6b67d00 projectred if pubkey is encrypted, it will also be packaged for safe transport
projectred authored
481 // If $aes_key is set, both of these items require unpacking from the hex transport encoding.
482
483 if(x($aes_key)) {
484 $aes_key = hex2bin($aes_key);
485 $public_key = hex2bin($public_key);
486 }
487
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
488 // Find our user's account
489
490 $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
491 dbesc($node));
492
493 if(! count($r)) {
9f78780 fabrixxm update source strings
fabrixxm authored
494 $message = sprintf(t('No user record found for \'%s\' '), $node);
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
495 xml_status(3,$message); // failure
496 // NOTREACHED
497 }
498
499 $my_prvkey = $r[0]['prvkey'];
500 $local_uid = $r[0]['uid'];
501
502
503 if(! strstr($my_prvkey,'BEGIN RSA PRIVATE KEY')) {
504 $message = t('Our site encryption key is apparently messed up.');
505 xml_status(3,$message);
506 }
507
508 // verify everything
509
510 $decrypted_source_url = "";
511 openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
512
513
514 if(! strlen($decrypted_source_url)) {
515 $message = t('Empty site URL was provided or URL could not be decrypted by us.');
516 xml_status(3,$message);
517 // NOTREACHED
518 }
519
520 $ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
521 dbesc($decrypted_source_url),
522 intval($local_uid)
523 );
524
525 if(! count($ret)) {
526 // this is either a bogus confirmation (?) or we deleted the original introduction.
527 $message = t('Contact record was not found for you on our site.');
528 xml_status(3,$message);
529 return; // NOTREACHED
530 }
531
532 $relation = $ret[0]['rel'];
533
534 // Decrypt all this stuff we just received
535
536 $foreign_pubkey = $ret[0]['site-pubkey'];
537 $dfrn_record = $ret[0]['id'];
538
539 $decrypted_dfrn_id = "";
540 openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
541
542 if(strlen($aes_key)) {
543 $decrypted_aes_key = "";
544 openssl_private_decrypt($aes_key,$decrypted_aes_key,$my_prvkey);
545 $dfrn_pubkey = openssl_decrypt($public_key,'AES-256-CBC',$decrypted_aes_key);
546 }
547 else {
548 $dfrn_pubkey = $public_key;
549 }
550
551 $r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1",
22f7ffc friendica enumerate required php modules
friendika authored
552 dbesc($decrypted_dfrn_id)
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
553 );
554 if(count($r)) {
555 $message = t('The ID provided by your system is a duplicate on our system. It should work if you try again.');
556 xml_status(1,$message); // Birthday paradox - duplicate dfrn-id
557 // NOTREACHED
558 }
559
560 $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
561 dbesc($decrypted_dfrn_id),
562 dbesc($dfrn_pubkey),
563 intval($dfrn_record)
564 );
565 if(! count($r)) {
566 $message = t('Unable to set your contact credentials on our system.');
567 xml_status(3,$message);
568 }
569
570 // We're good but now we have to scrape the profile photo and send notifications.
571
572
573
574 $r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
575 intval($dfrn_record));
576
d2e20d0 projectred de-duplicate photo importation logic
projectred authored
577 if(count($r))
578 $photo = $r[0]['photo'];
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
579 else
580 $photo = $a->get_baseurl() . '/images/default-profile.jpg';
d2e20d0 projectred de-duplicate photo importation logic
projectred authored
581
582 require_once("Photo.php");
583
584 $photos = import_profile_photo($photo,$local_uid,$dfrn_record);
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
585
e0b392b friendica add a bit more logging to friend accept
friendika authored
586 logger('dfrn_confirm: request - photos imported');
587
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
588 $new_relation = REL_FAN;
589 if(($relation == REL_VIP) || ($duplex))
590 $new_relation = REL_BUD;
591
70bcf00 friendica if pre-existing relationship, don't set duplex
friendika authored
592 if(($relation == REL_VIP) && ($duplex))
593 $duplex = 0;
594
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
595 $r = q("UPDATE `contact` SET
596 `photo` = '%s',
597 `thumb` = '%s',
a3ddbb5 friendica issues with friendship again
friendika authored
598 `micro` = '%s',
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
599 `rel` = %d,
600 `name-date` = '%s',
601 `uri-date` = '%s',
602 `avatar-date` = '%s',
603 `blocked` = 0,
604 `pending` = 0,
605 `duplex` = %d,
606 `network` = 'dfrn' WHERE `id` = %d LIMIT 1
607 ",
d2e20d0 projectred de-duplicate photo importation logic
projectred authored
608 dbesc($photos[0]),
609 dbesc($photos[1]),
a3ddbb5 friendica issues with friendship again
friendika authored
610 dbesc($photos[2]),
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
611 intval($new_relation),
612 dbesc(datetime_convert()),
613 dbesc(datetime_convert()),
614 dbesc(datetime_convert()),
615 intval($duplex),
616 intval($dfrn_record)
617 );
b41218c projectred workflow for federated/non-dfrn followers
projectred authored
618 if($r === false) { // indicates schema is messed up or total db failure
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
619 $message = t('Unable to update your contact profile details on our system');
620 xml_status(3,$message);
621 }
622
623 // Otherwise everything seems to have worked and we are almost done. Yay!
624 // Send an email notification
625
ef39bd0 friendica more dfrn_confirm logging
friendika authored
626 logger('dfrn_confirm: request: info updated');
627
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
628 $r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
629 WHERE `contact`.`id` = %d LIMIT 1",
630 intval($dfrn_record)
631 );
632 if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {
633
634 $tpl = (($new_relation == REL_BUD)
635 ? load_view_file('view/friend_complete_eml.tpl')
636 : load_view_file('view/intro_complete_eml.tpl'));
637
638 $email_tpl = replace_macros($tpl, array(
639 '$sitename' => $a->config['sitename'],
640 '$siteurl' => $a->get_baseurl(),
641 '$username' => $r[0]['username'],
642 '$email' => $r[0]['email'],
643 '$fn' => $r[0]['name'],
644 '$dfrn_url' => $r[0]['url'],
645 '$uid' => $newuid )
646 );
647
9f78780 fabrixxm update source strings
fabrixxm authored
648 $res = mail($r[0]['email'], sprintf(t("Connection accepted at %s"), $a->config['sitename']),
d825db3 friendica lint
friendika authored
649 $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] );
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
650 if(!$res) {
b9d7689 projectred added 's' keys - salmon keys, small keys, stupid keys, whatever...
projectred authored
651 // pointless throwing an error here and confusing the person at the other end of the wire.
524f73e projectred A bit more telemetry of friend confirms and lots of extra doco
projectred authored
652 }
653 }
654 xml_status(0); // Success
655 return; // NOTREACHED
656
657 ////////////////////// End of this scenario ///////////////////////////////////////////////
658 }
659
660 // somebody arrived here by mistake or they are fishing. Send them to the homepage.
661
662 goaway($a->get_baseurl());
663 // NOTREACHED
664
6348e70 projectred Initial checkin
projectred authored
665 }
Something went wrong with that request. Please try again.