2010-07-01 19:48:07 -04:00
< ? php
2010-12-24 22:04:40 -05:00
2010-07-18 09:02:19 -04:00
require_once ( 'include/items.php' );
2010-07-18 23:49:10 -04:00
require_once ( 'include/auth.php' );
2010-07-01 19:48:07 -04:00
function dfrn_poll_init ( & $a ) {
2010-12-24 22:04:40 -05:00
2010-10-31 19:38:22 -04:00
$dfrn_id = (( x ( $_GET , 'dfrn_id' )) ? $_GET [ 'dfrn_id' ] : '' );
2010-12-07 22:40:12 -05:00
$type = (( x ( $_GET , 'type' )) ? $_GET [ 'type' ] : 'data' );
2010-10-31 19:38:22 -04:00
$last_update = (( x ( $_GET , 'last_update' )) ? $_GET [ 'last_update' ] : '' );
$destination_url = (( x ( $_GET , 'destination_url' )) ? $_GET [ 'destination_url' ] : '' );
2010-12-07 22:40:12 -05:00
$challenge = (( x ( $_GET , 'challenge' )) ? $_GET [ 'challenge' ] : '' );
$sec = (( x ( $_GET , 'sec' )) ? $_GET [ 'sec' ] : '' );
$dfrn_version = (( x ( $_GET , 'dfrn_version' )) ? ( float ) $_GET [ 'dfrn_version' ] : 2.0 );
2011-04-10 21:38:55 -04:00
$perm = (( x ( $_GET , 'perm' )) ? $_GET [ 'perm' ] : 'r' );
2010-09-13 00:25:37 -04:00
$direction = ( - 1 );
if ( strpos ( $dfrn_id , ':' ) == 1 ) {
$direction = intval ( substr ( $dfrn_id , 0 , 1 ));
2010-10-31 19:38:22 -04:00
$dfrn_id = substr ( $dfrn_id , 2 );
2010-09-13 00:25:37 -04:00
}
2010-09-26 20:24:20 -04:00
if (( $dfrn_id === '' ) && ( ! x ( $_POST , 'dfrn_id' )) && ( $a -> argc > 1 )) {
2011-04-21 20:29:47 -04:00
if (( get_config ( 'system' , 'block_public' )) && ( ! local_user ()) && ( ! remote_user ())) {
killme ();
}
2011-05-25 20:20:41 -04:00
$r = q ( " SELECT `hidewall` FROM `profile` LEFT JOIN `user` ON `profile`.`uid` = `user`.`uid` WHERE `user`.`nickname` = '%s' AND `profile`.`is-default` = 1 LIMIT 1 " ,
dbesc ( $a -> argv [ 1 ])
);
if ( count ( $r ) && $r [ 0 ][ 'hidewall' ])
killme ();
2011-01-30 18:28:50 -05:00
logger ( 'dfrn_poll: public feed request from ' . $_SERVER [ 'REMOTE_ADDR' ] );
2010-10-13 22:06:52 -04:00
header ( " Content-type: application/atom+xml " );
2011-02-07 20:06:04 -05:00
$o = get_feed_for ( $a , '' , $a -> argv [ 1 ], $last_update );
2010-07-18 09:02:19 -04:00
echo $o ;
killme ();
}
2010-12-07 22:40:12 -05:00
if (( $type === 'profile' ) && ( ! strlen ( $sec ))) {
2010-07-01 19:48:07 -04:00
2010-09-13 00:25:37 -04:00
$sql_extra = '' ;
switch ( $direction ) {
case ( - 1 ) :
2010-10-18 03:43:49 -04:00
$sql_extra = sprintf ( " AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) " , dbesc ( $dfrn_id ), dbesc ( $dfrn_id ));
2010-09-13 00:25:37 -04:00
$my_id = $dfrn_id ;
break ;
case 0 :
$sql_extra = sprintf ( " AND `issued-id` = '%s' AND `duplex` = 1 " , dbesc ( $dfrn_id ));
$my_id = '1:' . $dfrn_id ;
break ;
case 1 :
$sql_extra = sprintf ( " AND `dfrn-id` = '%s' AND `duplex` = 1 " , dbesc ( $dfrn_id ));
$my_id = '0:' . $dfrn_id ;
break ;
default :
goaway ( $a -> get_baseurl ());
break ; // NOTREACHED
}
2010-11-25 21:22:54 -05:00
$r = q ( " SELECT `contact`.*, `user`.`username`, `user`.`nickname`
2010-07-01 19:48:07 -04:00
FROM `contact` LEFT JOIN `user` ON `contact` . `uid` = `user` . `uid`
2010-10-18 03:43:49 -04:00
WHERE `contact` . `blocked` = 0 AND `contact` . `pending` = 0
AND `user` . `nickname` = '%s' $sql_extra LIMIT 1 " ,
dbesc ( $a -> argv [ 1 ])
);
2010-09-09 20:09:38 -04:00
2010-07-01 19:48:07 -04:00
if ( count ( $r )) {
2010-09-13 00:25:37 -04:00
2011-03-30 18:04:18 -04:00
$s = fetch_url ( $r [ 0 ][ 'poll' ] . '?dfrn_id=' . $my_id . '&type=profile-check' );
2010-09-13 00:25:37 -04:00
2010-12-07 22:40:12 -05:00
logger ( " dfrn_poll: old profile returns " . $s , LOGGER_DATA );
2010-09-13 00:25:37 -04:00
if ( strlen ( $s )) {
2011-04-04 22:36:18 -04:00
$xml = parse_xml_string ( $s );
2010-09-13 00:25:37 -04:00
if (( int ) $xml -> status == 1 ) {
$_SESSION [ 'authenticated' ] = 1 ;
$_SESSION [ 'visitor_id' ] = $r [ 0 ][ 'id' ];
2011-01-04 08:06:10 -05:00
$_SESSION [ 'visitor_home' ] = $r [ 0 ][ 'url' ];
2011-04-20 18:27:10 -04:00
$_SESSION [ 'visitor_visiting' ] = $r [ 0 ][ 'uid' ];
2011-05-23 05:39:57 -04:00
info ( sprintf ( t ( '%s welcomes %s' ), $r [ 0 ][ 'username' ] , $r [ 0 ][ 'name' ]) . EOL );
2010-09-13 00:25:37 -04:00
// Visitors get 1 day session.
$session_id = session_id ();
$expire = time () + 86400 ;
q ( " UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1 " ,
dbesc ( $expire ),
dbesc ( $session_id )
);
2010-07-01 19:48:07 -04:00
}
}
2010-09-13 00:25:37 -04:00
$profile = $r [ 0 ][ 'nickname' ];
goaway (( strlen ( $destination_url )) ? $destination_url : $a -> get_baseurl () . '/profile/' . $profile );
2010-07-01 19:48:07 -04:00
}
goaway ( $a -> get_baseurl ());
2010-09-08 23:14:17 -04:00
2010-07-01 19:48:07 -04:00
}
2011-03-30 18:04:18 -04:00
if ( $type === 'profile-check' && $dfrn_version < 2.2 ) {
2010-07-01 19:48:07 -04:00
2010-12-07 22:40:12 -05:00
if (( strlen ( $challenge )) && ( strlen ( $sec ))) {
q ( " DELETE FROM `profile_check` WHERE `expire` < " . intval ( time ()));
$r = q ( " SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1 " ,
dbesc ( $sec )
);
if ( ! count ( $r )) {
2010-12-25 16:51:39 -05:00
xml_status ( 3 , 'No ticket' );
2010-12-07 22:40:12 -05:00
// NOTREACHED
}
$orig_id = $r [ 0 ][ 'dfrn_id' ];
2010-12-25 16:51:39 -05:00
if ( strpos ( $orig_id , ':' ))
2010-12-07 22:40:12 -05:00
$orig_id = substr ( $orig_id , 2 );
$c = q ( " SELECT * FROM `contact` WHERE `id` = %d LIMIT 1 " ,
intval ( $r [ 0 ][ 'cid' ])
);
if ( ! count ( $c )) {
2010-12-25 16:51:39 -05:00
xml_status ( 3 , 'No profile' );
2010-12-07 22:40:12 -05:00
}
$contact = $c [ 0 ];
$sent_dfrn_id = hex2bin ( $dfrn_id );
$challenge = hex2bin ( $challenge );
$final_dfrn_id = '' ;
if (( $contact [ 'duplex' ]) && strlen ( $contact [ 'prvkey' ])) {
openssl_private_decrypt ( $sent_dfrn_id , $final_dfrn_id , $contact [ 'prvkey' ]);
openssl_private_decrypt ( $challenge , $decoded_challenge , $contact [ 'prvkey' ]);
}
else {
openssl_public_decrypt ( $sent_dfrn_id , $final_dfrn_id , $contact [ 'pubkey' ]);
openssl_public_decrypt ( $challenge , $decoded_challenge , $contact [ 'pubkey' ]);
}
$final_dfrn_id = substr ( $final_dfrn_id , 0 , strpos ( $final_dfrn_id , '.' ));
if ( strpos ( $final_dfrn_id , ':' ) == 1 )
$final_dfrn_id = substr ( $final_dfrn_id , 2 );
if ( $final_dfrn_id != $orig_id ) {
2010-12-25 16:51:39 -05:00
logger ( 'profile_check: ' . $final_dfrn_id . ' != ' . $orig_id , LOGGER_DEBUG );
2010-12-07 22:40:12 -05:00
// did not decode properly - cannot trust this site
2010-12-25 16:51:39 -05:00
xml_status ( 3 , 'Bad decryption' );
2010-12-07 22:40:12 -05:00
}
header ( " Content-type: text/xml " );
echo " <?xml version= \" 1.0 \" encoding= \" UTF-8 \" ?><dfrn_poll><status>0</status><challenge> $decoded_challenge </challenge><sec> $sec </sec></dfrn_poll> " ;
killme ();
// NOTREACHED
2010-09-13 00:25:37 -04:00
}
2010-12-07 22:40:12 -05:00
else {
// old protocol
switch ( $direction ) {
case 1 :
$dfrn_id = '0:' . $dfrn_id ;
break ;
case 0 :
$dfrn_id = '1:' . $dfrn_id ;
break ;
default :
break ;
}
q ( " DELETE FROM `profile_check` WHERE `expire` < " . intval ( time ()));
$r = q ( " SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC " ,
dbesc ( $dfrn_id ));
if ( count ( $r )) {
xml_status ( 1 );
return ; // NOTREACHED
}
xml_status ( 0 );
2010-09-08 23:14:17 -04:00
return ; // NOTREACHED
}
2010-07-01 19:48:07 -04:00
}
}
2010-07-18 05:49:38 -04:00
function dfrn_poll_post ( & $a ) {
2010-10-31 19:38:22 -04:00
$dfrn_id = (( x ( $_POST , 'dfrn_id' )) ? $_POST [ 'dfrn_id' ] : '' );
$challenge = (( x ( $_POST , 'challenge' )) ? $_POST [ 'challenge' ] : '' );
$url = (( x ( $_POST , 'url' )) ? $_POST [ 'url' ] : '' );
2011-03-30 18:04:18 -04:00
$sec = (( x ( $_POST , 'sec' )) ? $_POST [ 'sec' ] : '' );
2011-04-10 21:38:55 -04:00
$ptype = (( x ( $_POST , 'type' )) ? $_POST [ 'type' ] : '' );
2010-12-07 22:40:12 -05:00
$dfrn_version = (( x ( $_POST , 'dfrn_version' )) ? ( float ) $_POST [ 'dfrn_version' ] : 2.0 );
2011-04-10 21:38:55 -04:00
$perm = (( x ( $_POST , 'perm' )) ? $_POST [ 'perm' ] : 'r' );
2010-07-18 23:49:10 -04:00
2011-03-30 18:04:18 -04:00
if ( $ptype === 'profile-check' ) {
if (( strlen ( $challenge )) && ( strlen ( $sec ))) {
logger ( 'dfrn_poll: POST: profile-check' );
q ( " DELETE FROM `profile_check` WHERE `expire` < " . intval ( time ()));
$r = q ( " SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1 " ,
dbesc ( $sec )
);
if ( ! count ( $r )) {
xml_status ( 3 , 'No ticket' );
// NOTREACHED
}
$orig_id = $r [ 0 ][ 'dfrn_id' ];
if ( strpos ( $orig_id , ':' ))
$orig_id = substr ( $orig_id , 2 );
$c = q ( " SELECT * FROM `contact` WHERE `id` = %d LIMIT 1 " ,
intval ( $r [ 0 ][ 'cid' ])
);
if ( ! count ( $c )) {
xml_status ( 3 , 'No profile' );
}
$contact = $c [ 0 ];
$sent_dfrn_id = hex2bin ( $dfrn_id );
$challenge = hex2bin ( $challenge );
$final_dfrn_id = '' ;
if (( $contact [ 'duplex' ]) && strlen ( $contact [ 'prvkey' ])) {
openssl_private_decrypt ( $sent_dfrn_id , $final_dfrn_id , $contact [ 'prvkey' ]);
openssl_private_decrypt ( $challenge , $decoded_challenge , $contact [ 'prvkey' ]);
}
else {
openssl_public_decrypt ( $sent_dfrn_id , $final_dfrn_id , $contact [ 'pubkey' ]);
openssl_public_decrypt ( $challenge , $decoded_challenge , $contact [ 'pubkey' ]);
}
$final_dfrn_id = substr ( $final_dfrn_id , 0 , strpos ( $final_dfrn_id , '.' ));
if ( strpos ( $final_dfrn_id , ':' ) == 1 )
$final_dfrn_id = substr ( $final_dfrn_id , 2 );
if ( $final_dfrn_id != $orig_id ) {
logger ( 'profile_check: ' . $final_dfrn_id . ' != ' . $orig_id , LOGGER_DEBUG );
// did not decode properly - cannot trust this site
xml_status ( 3 , 'Bad decryption' );
}
header ( " Content-type: text/xml " );
echo " <?xml version= \" 1.0 \" encoding= \" UTF-8 \" ?><dfrn_poll><status>0</status><challenge> $decoded_challenge </challenge><sec> $sec </sec></dfrn_poll> " ;
killme ();
// NOTREACHED
}
}
2010-10-12 23:29:04 -04:00
$direction = ( - 1 );
2010-09-13 00:25:37 -04:00
if ( strpos ( $dfrn_id , ':' ) == 1 ) {
$direction = intval ( substr ( $dfrn_id , 0 , 1 ));
2010-10-31 19:38:22 -04:00
$dfrn_id = substr ( $dfrn_id , 2 );
2010-09-13 00:25:37 -04:00
}
2010-09-20 23:26:55 -04:00
2010-07-18 05:49:38 -04:00
$r = q ( " SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1 " ,
dbesc ( $dfrn_id ),
dbesc ( $challenge )
);
2010-09-20 23:26:55 -04:00
2010-07-18 05:49:38 -04:00
if ( ! count ( $r ))
2010-07-18 09:02:19 -04:00
killme ();
2010-07-18 05:49:38 -04:00
$type = $r [ 0 ][ 'type' ];
$last_update = $r [ 0 ][ 'last_update' ];
$r = q ( " DELETE FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1 " ,
dbesc ( $dfrn_id ),
dbesc ( $challenge )
);
2010-09-13 00:25:37 -04:00
$sql_extra = '' ;
switch ( $direction ) {
case ( - 1 ) :
$sql_extra = sprintf ( " AND `issued-id` = '%s' " , dbesc ( $dfrn_id ));
$my_id = $dfrn_id ;
break ;
case 0 :
$sql_extra = sprintf ( " AND `issued-id` = '%s' AND `duplex` = 1 " , dbesc ( $dfrn_id ));
$my_id = '1:' . $dfrn_id ;
break ;
case 1 :
$sql_extra = sprintf ( " AND `dfrn-id` = '%s' AND `duplex` = 1 " , dbesc ( $dfrn_id ));
$my_id = '0:' . $dfrn_id ;
break ;
default :
goaway ( $a -> get_baseurl ());
break ; // NOTREACHED
}
$r = q ( " SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1 " );
2010-09-02 03:31:11 -04:00
2010-07-18 05:49:38 -04:00
if ( ! count ( $r ))
2010-07-18 09:02:19 -04:00
killme ();
2010-07-18 05:49:38 -04:00
2011-04-10 22:29:21 -04:00
$contact = $r [ 0 ];
2010-07-18 05:49:38 -04:00
$owner_uid = $r [ 0 ][ 'uid' ];
$contact_id = $r [ 0 ][ 'id' ];
2010-09-26 20:24:20 -04:00
if ( $type === 'reputation' && strlen ( $url )) {
2010-07-18 05:49:38 -04:00
$r = q ( " SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1 " ,
dbesc ( $url ),
intval ( $owner_uid )
);
$reputation = 0 ;
$text = '' ;
if ( count ( $r )) {
$reputation = $r [ 0 ][ 'rating' ];
$text = $r [ 0 ][ 'reason' ];
if ( $r [ 0 ][ 'id' ] == $contact_id ) { // inquiring about own reputation not allowed
$reputation = 0 ;
$text = '' ;
}
}
echo " <?xml version= \" 1.0 \" encoding= \" UTF-8 \" ?>
< reputation >
< url > $url </ url >
< rating > $reputation </ rating >
< description > $text </ description >
</ reputation >
" ;
killme ();
2010-10-12 23:29:04 -04:00
// NOTREACHED
2010-07-18 05:49:38 -04:00
}
2010-07-18 09:02:19 -04:00
else {
2011-04-10 22:29:21 -04:00
// Update the writable flag if it changed
2011-04-10 22:46:40 -04:00
logger ( 'dfrn_poll: post request feed: ' . print_r ( $_POST , true ), LOGGER_DATA );
2011-04-10 22:29:21 -04:00
if ( $dfrn_version >= 2.21 ) {
if ( $perm === 'rw' )
$writable = 1 ;
else
$writable = 0 ;
2011-04-10 22:46:40 -04:00
if ( $writable != $contact [ 'writable' ]) {
2011-04-10 22:29:21 -04:00
q ( " UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1 " ,
intval ( $writable ),
intval ( $contact_id )
);
}
}
2010-10-13 22:06:52 -04:00
header ( " Content-type: application/atom+xml " );
2010-09-17 06:10:19 -04:00
$o = get_feed_for ( $a , $dfrn_id , $a -> argv [ 1 ], $last_update , $direction );
2010-07-18 09:02:19 -04:00
echo $o ;
killme ();
2010-07-18 05:49:38 -04:00
2010-07-18 09:02:19 -04:00
}
2010-07-18 05:49:38 -04:00
}
2010-07-18 23:49:10 -04:00
function dfrn_poll_content ( & $a ) {
2010-12-07 22:40:12 -05:00
$dfrn_id = (( x ( $_GET , 'dfrn_id' )) ? $_GET [ 'dfrn_id' ] : '' );
$type = (( x ( $_GET , 'type' )) ? $_GET [ 'type' ] : 'data' );
$last_update = (( x ( $_GET , 'last_update' )) ? $_GET [ 'last_update' ] : '' );
$destination_url = (( x ( $_GET , 'destination_url' )) ? $_GET [ 'destination_url' ] : '' );
$sec = (( x ( $_GET , 'sec' )) ? $_GET [ 'sec' ] : '' );
$dfrn_version = (( x ( $_GET , 'dfrn_version' )) ? ( float ) $_GET [ 'dfrn_version' ] : 2.0 );
2011-04-10 21:38:55 -04:00
$perm = (( x ( $_GET , 'perm' )) ? $_GET [ 'perm' ] : 'r' );
2010-10-12 23:29:04 -04:00
2010-09-13 00:25:37 -04:00
$direction = ( - 1 );
if ( strpos ( $dfrn_id , ':' ) == 1 ) {
$direction = intval ( substr ( $dfrn_id , 0 , 1 ));
$dfrn_id = substr ( $dfrn_id , 2 );
}
2010-07-18 23:49:10 -04:00
2010-08-06 20:02:05 -04:00
if ( $dfrn_id != '' ) {
2010-07-18 23:49:10 -04:00
// initial communication from external contact
$hash = random_string ();
$status = 0 ;
$r = q ( " DELETE FROM `challenge` WHERE `expire` < " . intval ( time ()));
2010-12-07 22:40:12 -05:00
if ( $type !== 'profile' ) {
$r = q ( " INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
VALUES ( '%s' , '%s' , '%s' , '%s' , '%s' ) " ,
dbesc ( $hash ),
dbesc ( $dfrn_id ),
intval ( time () + 60 ),
dbesc ( $type ),
dbesc ( $last_update )
);
}
2010-09-13 00:25:37 -04:00
$sql_extra = '' ;
switch ( $direction ) {
case ( - 1 ) :
2010-12-07 22:40:12 -05:00
if ( $type === 'profile' )
$sql_extra = sprintf ( " AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) " , dbesc ( $dfrn_id ), dbesc ( $dfrn_id ));
else
$sql_extra = sprintf ( " AND `issued-id` = '%s' " , dbesc ( $dfrn_id ));
2010-09-13 00:25:37 -04:00
$my_id = $dfrn_id ;
break ;
case 0 :
$sql_extra = sprintf ( " AND `issued-id` = '%s' AND `duplex` = 1 " , dbesc ( $dfrn_id ));
$my_id = '1:' . $dfrn_id ;
break ;
case 1 :
$sql_extra = sprintf ( " AND `dfrn-id` = '%s' AND `duplex` = 1 " , dbesc ( $dfrn_id ));
$my_id = '0:' . $dfrn_id ;
break ;
default :
goaway ( $a -> get_baseurl ());
break ; // NOTREACHED
}
2010-12-07 22:40:12 -05:00
$r = q ( " SELECT `contact`.*, `user`.`username`, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact` . `uid` = `user` . `uid`
WHERE `contact` . `blocked` = 0 AND `contact` . `pending` = 0
AND `user` . `nickname` = '%s' $sql_extra LIMIT 1 " ,
dbesc ( $a -> argv [ 1 ])
);
2010-09-13 00:25:37 -04:00
2010-09-02 03:31:11 -04:00
if ( count ( $r )) {
2010-07-18 23:49:10 -04:00
2010-08-17 01:05:04 -04:00
$challenge = '' ;
$encrypted_id = '' ;
2010-09-13 00:25:37 -04:00
$id_str = $my_id . '.' . mt_rand ( 1000 , 9999 );
2010-08-05 05:57:03 -04:00
2010-09-08 23:14:17 -04:00
if ( $r [ 0 ][ 'duplex' ] && strlen ( $r [ 0 ][ 'pubkey' ])) {
2010-09-02 03:31:11 -04:00
openssl_public_encrypt ( $hash , $challenge , $r [ 0 ][ 'pubkey' ]);
openssl_public_encrypt ( $id_str , $encrypted_id , $r [ 0 ][ 'pubkey' ]);
}
else {
openssl_private_encrypt ( $hash , $challenge , $r [ 0 ][ 'prvkey' ]);
openssl_private_encrypt ( $id_str , $encrypted_id , $r [ 0 ][ 'prvkey' ]);
}
$challenge = bin2hex ( $challenge );
2010-08-17 01:05:04 -04:00
$encrypted_id = bin2hex ( $encrypted_id );
}
else {
2010-09-02 03:31:11 -04:00
$status = 1 ;
2010-12-10 17:21:33 -05:00
$challenge = '' ;
$encrypted_id = '' ;
2010-08-17 01:05:04 -04:00
}
2010-12-03 00:09:55 -05:00
2010-12-07 22:40:12 -05:00
if (( $type === 'profile' ) && ( strlen ( $sec ))) {
2011-03-30 18:04:18 -04:00
2011-04-01 17:39:09 -04:00
// URL reply
2011-03-30 18:04:18 -04:00
if ( $dfrn_version < 2.2 ) {
$s = fetch_url ( $r [ 0 ][ 'poll' ]
. '?dfrn_id=' . $encrypted_id
. '&type=profile-check'
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
. '&challenge=' . $challenge
. '&sec=' . $sec
);
}
else {
$s = post_url ( $r [ 0 ][ 'poll' ], array (
'dfrn_id' => $encrypted_id ,
'type' => 'profile-check' ,
'dfrn_version' => DFRN_PROTOCOL_VERSION ,
'challenge' => $challenge ,
'sec' => $sec
));
}
2011-04-04 03:50:25 -04:00
2011-04-04 04:18:28 -04:00
$profile = $r [ 0 ][ 'nickname' ];
2011-04-01 03:59:10 -04:00
switch ( $destination_url ) {
case 'profile' :
$dest = $a -> get_baseurl () . '/profile/' . $profile . '?tab=profile' ;
break ;
case 'photos' :
$dest = $a -> get_baseurl () . '/photos/' . $profile ;
break ;
case 'status' :
2011-04-01 17:39:09 -04:00
case '' :
2011-04-01 03:59:10 -04:00
$dest = $a -> get_baseurl () . '/profile/' . $profile ;
break ;
2011-04-01 17:39:09 -04:00
default :
$dest = $destination_url ;
break ;
2011-04-01 03:59:10 -04:00
}
2010-12-07 22:40:12 -05:00
logger ( " dfrn_poll: sec profile: " . $s , LOGGER_DATA );
if ( strlen ( $s ) && strstr ( $s , '<?xml' )) {
2011-04-04 22:36:18 -04:00
$xml = parse_xml_string ( $s );
2010-12-07 22:40:12 -05:00
logger ( 'dfrn_poll: profile: parsed xml: ' . print_r ( $xml , true ), LOGGER_DATA );
logger ( 'dfrn_poll: secure profile: challenge: ' . $xml -> challenge . ' expecting ' . $hash );
logger ( 'dfrn_poll: secure profile: sec: ' . $xml -> sec . ' expecting ' . $sec );
if ((( int ) $xml -> status == 0 ) && ( $xml -> challenge == $hash ) && ( $xml -> sec == $sec )) {
$_SESSION [ 'authenticated' ] = 1 ;
$_SESSION [ 'visitor_id' ] = $r [ 0 ][ 'id' ];
2011-01-04 08:06:10 -05:00
$_SESSION [ 'visitor_home' ] = $r [ 0 ][ 'url' ];
2011-04-20 18:27:10 -04:00
$_SESSION [ 'visitor_visiting' ] = $r [ 0 ][ 'uid' ];
2011-05-23 05:39:57 -04:00
info ( sprintf ( t ( '%s welcomes %s' ), $r [ 0 ][ 'username' ] , $r [ 0 ][ 'name' ]) . EOL );
2010-12-07 22:40:12 -05:00
// Visitors get 1 day session.
$session_id = session_id ();
$expire = time () + 86400 ;
q ( " UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1 " ,
dbesc ( $expire ),
dbesc ( $session_id )
);
}
2011-04-01 03:59:10 -04:00
goaway ( $dest );
2010-12-07 22:40:12 -05:00
}
2011-04-01 03:59:10 -04:00
goaway ( $dest );
2010-12-07 22:40:12 -05:00
// NOTREACHED
}
else {
// XML reply
header ( " Content-type: text/xml " );
echo '<?xml version="1.0" encoding="UTF-8"?>' . " \r \n "
. '<dfrn_poll>' . " \r \n "
. " \t " . '<status>' . $status . '</status>' . " \r \n "
. " \t " . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . " \r \n "
. " \t " . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . " \r \n "
. " \t " . '<challenge>' . $challenge . '</challenge>' . " \r \n "
. '</dfrn_poll>' . " \r \n " ;
killme ();
// NOTREACHED
}
2010-07-18 23:49:10 -04:00
}
}
2010-07-18 05:49:38 -04:00