2010-07-01 19:48:07 -04:00
< ? php
2010-12-14 19:34:49 -05:00
/**
2021-03-29 02:40:20 -04:00
* @ copyright Copyright ( C ) 2010 - 2021 , the Friendica project
2020-02-09 10:18:46 -05:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
2010-12-14 19:34:49 -05:00
*
2020-02-09 10:18:46 -05:00
* Handles communication associated with the issuance of friend requests .
2010-12-14 19:34:49 -05:00
*
2020-06-15 13:47:23 -04:00
* @ see PDF with dfrn specs : https :// github . com / friendica / friendica / blob / stable / spec / dfrn2 . pdf
2016-11-29 13:57:30 -05:00
* You also find a graphic which describes the confirmation process at
2020-06-15 13:47:23 -04:00
* https :// github . com / friendica / friendica / blob / stable / spec / dfrn2_contact_request . png
2010-12-14 19:34:49 -05:00
*/
2018-01-24 21:08:45 -05:00
2017-04-30 00:07:00 -04:00
use Friendica\App ;
2018-10-29 17:20:46 -04:00
use Friendica\Core\Logger ;
2018-08-11 16:40:44 -04:00
use Friendica\Core\Protocol ;
2018-10-31 10:35:50 -04:00
use Friendica\Core\Renderer ;
2020-01-04 17:59:20 -05:00
use Friendica\Core\Search ;
2019-09-28 14:09:11 -04:00
use Friendica\Core\Session ;
2020-03-04 16:07:05 -05:00
use Friendica\Core\System ;
2018-07-20 08:19:26 -04:00
use Friendica\Database\DBA ;
2019-12-15 18:28:31 -05:00
use Friendica\DI ;
2017-12-07 09:04:24 -05:00
use Friendica\Model\Contact ;
2017-12-09 13:45:17 -05:00
use Friendica\Model\Group ;
2021-01-23 04:53:44 -05:00
use Friendica\Model\Notification ;
2018-01-14 21:22:39 -05:00
use Friendica\Model\Profile ;
2018-01-24 21:08:45 -05:00
use Friendica\Model\User ;
2019-12-27 16:19:28 -05:00
use Friendica\Module\Security\Login ;
2017-05-07 14:44:30 -04:00
use Friendica\Network\Probe ;
2019-10-23 18:25:43 -04:00
use Friendica\Protocol\Activity ;
2018-01-26 21:38:34 -05:00
use Friendica\Util\DateTimeFormat ;
2018-01-26 23:09:48 -05:00
use Friendica\Util\Network ;
2018-11-08 08:45:46 -05:00
use Friendica\Util\Strings ;
2017-05-07 14:45:19 -04:00
2017-11-29 12:17:12 -05:00
function dfrn_request_init ( App $a )
{
2018-01-14 21:22:39 -05:00
if ( $a -> argc > 1 ) {
2010-07-01 19:48:07 -04:00
$which = $a -> argv [ 1 ];
2019-01-07 12:51:48 -05:00
Profile :: load ( $a , $which );
2018-01-14 21:22:39 -05:00
}
2010-07-01 19:48:07 -04:00
return ;
2016-11-27 19:13:47 -05:00
}
2010-07-01 19:48:07 -04:00
2010-12-14 19:34:49 -05:00
/**
* Function : dfrn_request_post
*
* Purpose :
* Handles multiple scenarios .
*
* Scenario 1 :
* Clicking 'submit' on a friend request page .
*
* Scenario 2 :
* Following Scenario 1 , we are brought back to our home site
* in order to link our friend request with our own server cell .
* After logging in , we click 'submit' to approve the linkage .
*
2019-01-07 01:07:42 -05:00
* @ param App $a
* @ throws ImagickException
* @ throws \Friendica\Network\HTTPException\InternalServerErrorException
2010-12-14 19:34:49 -05:00
*/
2017-12-16 20:13:10 -05:00
function dfrn_request_post ( App $a )
{
2020-01-29 23:19:03 -05:00
if ( $a -> argc != 2 || empty ( $a -> profile )) {
Logger :: log ( 'Wrong count of argc or profiles: argc=' . $a -> argc . ', profile()=' . count ( $a -> profile ? ? []));
2010-07-01 19:48:07 -04:00
return ;
2016-03-01 08:42:55 -05:00
}
2010-07-01 19:48:07 -04:00
2018-11-30 09:06:22 -05:00
if ( ! empty ( $_POST [ 'cancel' ])) {
2019-12-15 18:28:31 -05:00
DI :: baseUrl () -> redirect ();
2014-09-06 11:28:46 -04:00
}
2010-07-01 19:48:07 -04:00
2016-11-27 19:13:47 -05:00
/*
2010-12-14 19:34:49 -05:00
* Scenario 2 : We ' ve introduced ourself to another cell , then have been returned to our own cell
2014-09-06 11:28:46 -04:00
* to confirm the request , and then we ' ve clicked submit ( perhaps after logging in ) .
2010-12-14 19:34:49 -05:00
* That brings us here :
*/
2018-11-30 09:06:22 -05:00
if ( ! empty ( $_POST [ 'localconfirm' ]) && ( $_POST [ 'localconfirm' ] == 1 )) {
2017-12-16 20:13:10 -05:00
// Ensure this is a valid request
2018-11-30 09:06:22 -05:00
if ( local_user () && ( $a -> user [ 'nickname' ] == $a -> argv [ 1 ]) && ! empty ( $_POST [ 'dfrn_url' ])) {
$dfrn_url = Strings :: escapeTags ( trim ( $_POST [ 'dfrn_url' ]));
$aes_allow = ! empty ( $_POST [ 'aes_allow' ]);
2019-10-15 09:01:17 -04:00
$confirm_key = $_POST [ 'confirm_key' ] ? ? '' ;
2018-11-30 09:06:22 -05:00
$hidden = ( ! empty ( $_POST [ 'hidden-contact' ]) ? intval ( $_POST [ 'hidden-contact' ]) : 0 );
2010-07-22 05:13:39 -04:00
$contact_record = null ;
2018-11-30 09:06:22 -05:00
$blocked = 1 ;
$pending = 1 ;
2014-03-11 18:52:32 -04:00
2018-11-30 09:06:22 -05:00
if ( ! empty ( $dfrn_url )) {
2017-12-16 20:13:10 -05:00
// Lookup the contact based on their URL (which is the only unique thing we have at the moment)
2016-11-27 19:13:47 -05:00
$r = q ( " SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1 " ,
2016-11-28 09:30:36 -05:00
intval ( local_user ()),
2018-11-08 11:28:29 -05:00
DBA :: escape ( Strings :: normaliseLink ( $dfrn_url ))
2010-07-06 00:39:55 -04:00
);
2014-03-11 18:52:32 -04:00
2018-07-21 08:46:04 -04:00
if ( DBA :: isResult ( $r )) {
2017-12-16 20:13:10 -05:00
if ( strlen ( $r [ 0 ][ 'dfrn-id' ])) {
// We don't need to be here. It has already happened.
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( " This introduction has already been accepted. " ));
2010-07-22 05:13:39 -04:00
return ;
2018-01-04 11:53:57 -05:00
} else {
2010-07-22 05:13:39 -04:00
$contact_record = $r [ 0 ];
2018-01-04 11:53:57 -05:00
}
2010-07-22 05:13:39 -04:00
}
2013-12-02 14:30:24 -05:00
2017-12-16 20:13:10 -05:00
if ( is_array ( $contact_record )) {
2018-01-04 11:53:57 -05:00
$r = q ( " UPDATE `contact` SET `ret-aes` = %d, hidden = %d WHERE `id` = %d " ,
intval ( $aes_allow ),
intval ( $hidden ),
intval ( $contact_record [ 'id' ])
2010-07-22 05:13:39 -04:00
);
2017-12-16 20:13:10 -05:00
} else {
// Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
2016-07-04 02:05:30 -04:00
$parms = Probe :: profile ( $dfrn_url );
2014-08-20 18:56:21 -04:00
2017-12-16 20:13:10 -05:00
if ( ! count ( $parms )) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Profile location is not valid or does not contain profile information.' ));
2010-07-06 00:39:55 -04:00
return ;
2017-12-16 20:13:10 -05:00
} else {
2018-11-30 09:06:22 -05:00
if ( empty ( $parms [ 'fn' ])) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Warning: profile location has no identifiable owner name.' ));
2016-12-20 11:43:46 -05:00
}
2018-11-30 09:06:22 -05:00
if ( empty ( $parms [ 'photo' ])) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Warning: profile location has no profile photo.' ));
2016-12-20 11:43:46 -05:00
}
2017-05-08 10:19:10 -04:00
$invalid = Probe :: validDfrn ( $parms );
2016-12-20 11:43:46 -05:00
if ( $invalid ) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> tt ( " %d required parameter was not found at the given location " , " %d required parameters were not found at the given location " , $invalid ));
2010-07-22 05:13:39 -04:00
return ;
}
}
2010-07-01 19:48:07 -04:00
2010-07-22 05:13:39 -04:00
$dfrn_request = $parms [ 'dfrn-request' ];
2010-07-06 00:39:55 -04:00
2016-06-25 07:56:55 -04:00
$photo = $parms [ " photo " ];
2016-11-27 19:13:47 -05:00
// Escape the entire array
2018-07-21 08:48:29 -04:00
DBA :: escapeArray ( $parms );
2010-12-14 19:34:49 -05:00
2017-12-16 20:13:10 -05:00
// Create a contact record on our site for the other person
2015-11-25 12:46:02 -05:00
$r = q ( " INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `addr`, `name`, `nick`, `photo`, `site-pubkey`,
2018-08-02 10:11:21 -04:00
`request` , `confirm` , `notify` , `poll` , `network` , `aes_allow` , `hidden` , `blocked` , `pending` )
VALUES ( % d , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , % d , % d , % d , % d ) " ,
2010-10-18 17:34:59 -04:00
intval ( local_user ()),
2018-01-26 21:38:34 -05:00
DateTimeFormat :: utcNow (),
2018-07-21 09:10:13 -04:00
DBA :: escape ( $dfrn_url ),
2018-11-08 11:28:29 -05:00
DBA :: escape ( Strings :: normaliseLink ( $dfrn_url )),
2015-11-25 12:46:02 -05:00
$parms [ 'addr' ],
2010-07-22 05:13:39 -04:00
$parms [ 'fn' ],
2010-10-23 04:20:26 -04:00
$parms [ 'nick' ],
2010-07-22 05:13:39 -04:00
$parms [ 'photo' ],
$parms [ 'key' ],
$parms [ 'dfrn-request' ],
$parms [ 'dfrn-confirm' ],
$parms [ 'dfrn-notify' ],
$parms [ 'dfrn-poll' ],
2018-08-11 16:40:44 -04:00
DBA :: escape ( Protocol :: DFRN ),
2012-05-29 21:43:56 -04:00
intval ( $aes_allow ),
2016-11-28 21:08:46 -05:00
intval ( $hidden ),
intval ( $blocked ),
intval ( $pending )
2010-07-22 05:13:39 -04:00
);
}
2010-07-06 00:39:55 -04:00
2016-12-20 15:15:53 -05:00
if ( $r ) {
2020-07-23 02:25:01 -04:00
info ( DI :: l10n () -> t ( " Introduction complete. " ));
2010-07-22 05:13:39 -04:00
}
2016-03-06 07:15:27 -05:00
$r = q ( " SELECT `id`, `network` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `site-pubkey` = '%s' LIMIT 1 " ,
2012-06-12 04:13:09 -04:00
intval ( local_user ()),
2018-07-21 09:10:13 -04:00
DBA :: escape ( $dfrn_url ),
2019-10-15 09:01:17 -04:00
$parms [ 'key' ] ? ? '' // Potentially missing
2012-06-12 04:13:09 -04:00
);
2018-07-21 08:46:04 -04:00
if ( DBA :: isResult ( $r )) {
2018-02-11 21:25:09 -05:00
Group :: addMember ( User :: getDefaultGroup ( local_user (), $r [ 0 ][ " network " ]), $r [ 0 ][ 'id' ]);
2016-04-13 16:21:23 -04:00
2017-12-09 13:42:02 -05:00
if ( isset ( $photo )) {
2020-07-25 07:48:52 -04:00
Contact :: updateAvatar ( $r [ 0 ][ " id " ], $photo , true );
2017-12-09 13:42:02 -05:00
}
2016-06-25 07:56:55 -04:00
2018-10-19 17:56:54 -04:00
$forward_path = " contact/ " . $r [ 0 ][ 'id' ];
2016-12-20 04:44:27 -05:00
} else {
2018-10-19 17:56:54 -04:00
$forward_path = " contact " ;
2016-12-20 04:44:27 -05:00
}
2012-06-12 04:13:09 -04:00
2017-12-16 20:13:10 -05:00
// Allow the blocked remote notification to complete
2016-12-20 04:44:27 -05:00
if ( is_array ( $contact_record )) {
2010-07-22 05:13:39 -04:00
$dfrn_request = $contact_record [ 'request' ];
2016-12-20 04:44:27 -05:00
}
2010-07-01 19:48:07 -04:00
2019-01-07 12:51:48 -05:00
if ( ! empty ( $dfrn_request ) && strlen ( $confirm_key )) {
2020-03-04 16:35:40 -05:00
DI :: httpRequest () -> fetch ( $dfrn_request . '?confirm_key=' . $confirm_key );
2016-12-20 04:44:27 -05:00
}
2014-08-20 18:56:21 -04:00
2010-12-14 19:34:49 -05:00
// (ignore reply, nothing we can do it failed)
2019-12-15 18:28:31 -05:00
DI :: baseUrl () -> redirect ( $forward_path );
2010-07-22 05:13:39 -04:00
return ; // NOTREACHED
}
2010-07-01 19:48:07 -04:00
}
2010-07-22 05:13:39 -04:00
2017-12-16 20:13:10 -05:00
// invalid/bogus request
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Unrecoverable protocol error.' ));
2019-12-15 18:28:31 -05:00
DI :: baseUrl () -> redirect ();
2010-07-22 05:13:39 -04:00
return ; // NOTREACHED
2010-07-01 19:48:07 -04:00
}
2016-11-27 19:13:47 -05:00
/*
2010-12-14 19:34:49 -05:00
* Otherwise :
2014-09-06 11:28:46 -04:00
*
2010-12-14 19:34:49 -05:00
* Scenario 1 :
2014-09-06 11:28:46 -04:00
* We are the requestee . A person from a remote cell has made an introduction
* on our profile web page and clicked submit . We will use their DFRN - URL to
* figure out how to contact their cell .
2010-12-14 19:34:49 -05:00
*
* Scrape the originating DFRN - URL for everything we need . Create a contact record
* and an introduction to show our user next time he / she logs in .
* Finally redirect back to the requestor so that their site can record the request .
2014-09-06 11:28:46 -04:00
* If our user ( the requestee ) later confirms this request , a record of it will need
* to exist on the requestor ' s cell in order for the confirmation process to complete ..
2010-12-14 19:34:49 -05:00
*
* It ' s possible that neither the requestor or the requestee are logged in at the moment ,
* and the requestor does not yet have any credentials to the requestee profile .
*
* Who is the requestee ? We ' ve already loaded their profile which means their nickname should be
* in $a -> argv [ 1 ] and we should have their complete info in $a -> profile .
*
*/
2020-01-29 23:19:03 -05:00
if ( empty ( $a -> profile [ 'uid' ])) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Profile unavailable.' ));
2010-07-22 05:13:39 -04:00
return ;
}
2010-12-20 03:27:00 -05:00
$nickname = $a -> profile [ 'nickname' ];
$uid = $a -> profile [ 'uid' ];
$maxreq = intval ( $a -> profile [ 'maxreq' ]);
2010-07-06 00:39:55 -04:00
$contact_record = null ;
2010-12-20 03:27:00 -05:00
$failed = false ;
$parms = null ;
2016-11-29 09:52:12 -05:00
$blocked = 1 ;
$pending = 1 ;
2010-07-01 19:48:07 -04:00
2018-11-30 09:06:22 -05:00
if ( ! empty ( $_POST [ 'dfrn_url' ])) {
2017-12-16 20:13:10 -05:00
// Block friend request spam
if ( $maxreq ) {
2010-12-20 03:27:00 -05:00
$r = q ( " SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d " ,
2018-07-21 09:10:13 -04:00
DBA :: escape ( DateTimeFormat :: utc ( 'now - 24 hours' )),
2010-12-20 03:27:00 -05:00
intval ( $uid )
);
2018-07-21 08:46:04 -04:00
if ( DBA :: isResult ( $r ) && count ( $r ) > $maxreq ) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( '%s has received too many connection requests today.' , $a -> profile [ 'name' ]));
notice ( DI :: l10n () -> t ( 'Spam protection measures have been invoked.' ));
notice ( DI :: l10n () -> t ( 'Friends are advised to please try again in 24 hours.' ));
2010-12-20 03:27:00 -05:00
return ;
2014-09-06 11:28:46 -04:00
}
2010-12-20 03:27:00 -05:00
}
2017-12-16 20:13:10 -05:00
/* Cleanup old introductions that remain blocked .
2011-01-07 03:24:08 -05:00
* Also remove the contact record , but only if there is no existing relationship
2011-12-12 02:33:56 -05:00
*/
2014-09-06 11:28:46 -04:00
$r = q ( " SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
2011-12-12 02:33:56 -05:00
FROM `intro` LEFT JOIN `contact` on `intro` . `contact-id` = `contact` . `id`
2014-09-06 11:28:46 -04:00
WHERE `intro` . `blocked` = 1 AND `contact` . `self` = 0
2017-12-03 04:19:58 -05:00
AND `intro` . `datetime` < UTC_TIMESTAMP () - INTERVAL 30 MINUTE "
2011-12-12 02:33:56 -05:00
);
2018-07-21 08:46:04 -04:00
if ( DBA :: isResult ( $r )) {
2016-12-20 15:15:53 -05:00
foreach ( $r as $rr ) {
2017-12-16 20:13:10 -05:00
if ( ! $rr [ 'rel' ]) {
2018-07-20 08:19:26 -04:00
DBA :: delete ( 'contact' , [ 'id' => $rr [ 'cid' ], 'self' => false ]);
2011-12-12 02:33:56 -05:00
}
2018-07-20 08:19:26 -04:00
DBA :: delete ( 'intro' , [ 'id' => $rr [ 'iid' ]]);
2011-12-12 02:33:56 -05:00
}
}
2010-07-01 19:48:07 -04:00
$url = trim ( $_POST [ 'dfrn_url' ]);
2017-12-16 20:13:10 -05:00
if ( ! strlen ( $url )) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( " Invalid locator " ));
2010-07-06 00:39:55 -04:00
return ;
}
2011-09-06 21:06:19 -04:00
$hcard = '' ;
2010-07-19 22:09:58 -04:00
2017-12-03 04:19:58 -05:00
// Detect the network
2020-07-16 06:22:14 -04:00
$data = Contact :: getByURL ( $url );
2017-12-03 04:19:58 -05:00
$network = $data [ " network " ];
2012-04-10 22:15:52 -04:00
2020-06-24 20:57:47 -04:00
// Canonicalize email-style profile locator
2020-12-13 12:18:10 -05:00
$url = Probe :: webfingerDfrn ( $data [ 'url' ] ? ? $url , $hcard );
2012-12-23 05:47:14 -05:00
2017-12-16 20:13:10 -05:00
if ( substr ( $url , 0 , 5 ) === 'stat:' ) {
2017-12-03 04:19:58 -05:00
// Every time we detect the remote subscription we define this as OStatus.
// We do this even if it is not OStatus.
// we only need to pass this through another section of the code.
2018-08-11 16:40:44 -04:00
if ( $network != Protocol :: DIASPORA ) {
$network = Protocol :: OSTATUS ;
2012-04-10 22:15:52 -04:00
}
2017-12-16 20:13:10 -05:00
$url = substr ( $url , 5 );
2016-01-01 11:49:07 -05:00
} else {
2018-08-11 16:40:44 -04:00
$network = Protocol :: DFRN ;
2010-07-08 10:03:25 -04:00
}
2010-07-06 00:39:55 -04:00
2018-10-30 09:58:45 -04:00
Logger :: log ( 'dfrn_request: url: ' . $url . ',network=' . $network , Logger :: DEBUG );
2016-12-14 10:36:32 -05:00
2018-08-11 16:40:44 -04:00
if ( $network === Protocol :: DFRN ) {
2014-09-06 11:28:46 -04:00
$ret = q ( " SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1 " ,
2010-10-12 22:32:15 -04:00
intval ( $uid ),
2018-07-21 09:10:13 -04:00
DBA :: escape ( $url )
2010-07-06 00:39:55 -04:00
);
2010-09-13 20:12:54 -04:00
2018-07-21 08:46:04 -04:00
if ( DBA :: isResult ( $ret )) {
2017-12-16 20:13:10 -05:00
if ( strlen ( $ret [ 0 ][ 'issued-id' ])) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'You have already introduced yourself here.' ));
2010-10-12 22:32:15 -04:00
return ;
2018-07-24 22:53:46 -04:00
} elseif ( $ret [ 0 ][ 'rel' ] == Contact :: FRIEND ) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Apparently you are already friends with %s.' , $a -> profile [ 'name' ]));
2010-10-17 23:04:17 -04:00
return ;
2017-12-16 20:13:10 -05:00
} else {
2010-10-12 22:32:15 -04:00
$contact_record = $ret [ 0 ];
2018-01-15 08:05:12 -05:00
$parms = [ 'dfrn-request' => $ret [ 0 ][ 'request' ]];
2010-10-12 22:32:15 -04:00
}
2010-09-13 20:12:54 -04:00
}
2010-10-17 23:04:17 -04:00
2018-11-08 08:45:46 -05:00
$issued_id = Strings :: getRandomHex ();
2010-10-12 22:32:15 -04:00
2017-12-16 20:13:10 -05:00
if ( is_array ( $contact_record )) {
2010-10-12 22:32:15 -04:00
// There is a contact record but no issued-id, so this
// is a reciprocal introduction from a known contact
2013-12-02 14:30:24 -05:00
$r = q ( " UPDATE `contact` SET `issued-id` = '%s' WHERE `id` = %d " ,
2018-07-21 09:10:13 -04:00
DBA :: escape ( $issued_id ),
2010-10-12 22:32:15 -04:00
intval ( $contact_record [ 'id' ])
);
2017-12-16 20:13:10 -05:00
} else {
2018-01-27 11:13:41 -05:00
$url = Network :: isUrlValid ( $url );
2017-12-16 20:13:10 -05:00
if ( ! $url ) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Invalid profile URL.' ));
2019-12-15 19:33:13 -05:00
DI :: baseUrl () -> redirect ( DI :: args () -> getCommand ());
2010-10-12 22:32:15 -04:00
return ; // NOTREACHED
}
2010-07-01 19:48:07 -04:00
2018-01-27 11:13:41 -05:00
if ( ! Network :: isUrlAllowed ( $url )) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Disallowed profile URL.' ));
2019-12-15 19:33:13 -05:00
DI :: baseUrl () -> redirect ( DI :: args () -> getCommand ());
2010-10-12 22:32:15 -04:00
return ; // NOTREACHED
2010-07-01 19:48:07 -04:00
}
2014-09-06 11:28:46 -04:00
2018-01-27 11:13:41 -05:00
if ( Network :: isUrlBlocked ( $url )) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Blocked domain' ));
2019-12-15 19:33:13 -05:00
DI :: baseUrl () -> redirect ( DI :: args () -> getCommand ());
2017-04-25 22:45:56 -04:00
return ; // NOTREACHED
}
2010-07-01 19:48:07 -04:00
2016-07-04 02:05:30 -04:00
$parms = Probe :: profile (( $hcard ) ? $hcard : $url );
2010-10-12 22:32:15 -04:00
2017-12-16 20:13:10 -05:00
if ( ! count ( $parms )) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Profile location is not valid or does not contain profile information.' ));
2019-12-15 19:33:13 -05:00
DI :: baseUrl () -> redirect ( DI :: args () -> getCommand ());
2017-12-16 20:13:10 -05:00
} else {
2018-11-30 09:06:22 -05:00
if ( empty ( $parms [ 'fn' ])) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Warning: profile location has no identifiable owner name.' ));
2016-12-20 11:43:46 -05:00
}
2018-11-30 09:06:22 -05:00
if ( empty ( $parms [ 'photo' ])) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Warning: profile location has no profile photo.' ));
2016-12-20 11:43:46 -05:00
}
2017-05-08 10:19:10 -04:00
$invalid = Probe :: validDfrn ( $parms );
2016-12-20 11:43:46 -05:00
if ( $invalid ) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> tt ( " %d required parameter was not found at the given location " , " %d required parameters were not found at the given location " , $invalid ));
2014-09-06 11:28:46 -04:00
2010-10-12 22:32:15 -04:00
return ;
}
}
2010-07-01 19:48:07 -04:00
2010-10-12 22:32:15 -04:00
$parms [ 'url' ] = $url ;
$parms [ 'issued-id' ] = $issued_id ;
2016-06-25 07:56:55 -04:00
$photo = $parms [ " photo " ];
2010-07-06 00:39:55 -04:00
2018-07-21 08:48:29 -04:00
DBA :: escapeArray ( $parms );
2015-11-25 12:46:02 -05:00
$r = q ( " INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `addr`, `name`, `nick`, `issued-id`, `photo`, `site-pubkey`,
2018-08-02 10:11:21 -04:00
`request` , `confirm` , `notify` , `poll` , `network` , `blocked` , `pending` )
VALUES ( % d , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , % d , % d ) " ,
2010-07-06 00:39:55 -04:00
intval ( $uid ),
2018-07-21 09:10:13 -04:00
DBA :: escape ( DateTimeFormat :: utcNow ()),
2010-07-06 00:39:55 -04:00
$parms [ 'url' ],
2018-11-08 11:28:29 -05:00
DBA :: escape ( Strings :: normaliseLink ( $url )),
2015-11-25 12:46:02 -05:00
$parms [ 'addr' ],
2010-10-12 22:32:15 -04:00
$parms [ 'fn' ],
2010-10-23 04:20:26 -04:00
$parms [ 'nick' ],
2010-10-12 22:32:15 -04:00
$parms [ 'issued-id' ],
$parms [ 'photo' ],
$parms [ 'key' ],
$parms [ 'dfrn-request' ],
$parms [ 'dfrn-confirm' ],
$parms [ 'dfrn-notify' ],
2011-08-18 19:47:45 -04:00
$parms [ 'dfrn-poll' ],
2018-08-11 16:40:44 -04:00
DBA :: escape ( Protocol :: DFRN ),
2016-11-29 09:52:12 -05:00
intval ( $blocked ),
intval ( $pending )
2010-07-06 00:39:55 -04:00
);
2010-07-01 19:48:07 -04:00
2010-10-12 22:32:15 -04:00
// find the contact record we just created
2016-12-20 04:44:27 -05:00
if ( $r ) {
2014-03-11 18:52:32 -04:00
$r = q ( " SELECT `id` FROM `contact`
2010-10-12 22:32:15 -04:00
WHERE `uid` = % d AND `url` = '%s' AND `issued-id` = '%s' LIMIT 1 " ,
intval ( $uid ),
$parms [ 'url' ],
$parms [ 'issued-id' ]
);
2018-07-21 08:46:04 -04:00
if ( DBA :: isResult ( $r )) {
2010-10-12 22:32:15 -04:00
$contact_record = $r [ 0 ];
2020-07-25 07:48:52 -04:00
Contact :: updateAvatar ( $contact_record [ " id " ], $photo , true );
2016-06-25 07:56:55 -04:00
}
2010-10-12 22:32:15 -04:00
}
}
2016-12-20 04:44:27 -05:00
if ( $r === false ) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Failed to update contact record.' ));
2010-10-12 22:32:15 -04:00
return ;
}
2010-07-01 19:48:07 -04:00
2018-11-08 08:45:46 -05:00
$hash = Strings :: getRandomHex () . ( string ) time (); // Generate a confirm_key
2013-12-02 14:30:24 -05:00
2016-12-20 04:44:27 -05:00
if ( is_array ( $contact_record )) {
2019-01-07 01:23:49 -05:00
q ( " INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
2010-10-12 22:32:15 -04:00
VALUES ( % d , % d , 1 , % d , '%s' , '%s' , '%s' ) " ,
intval ( $uid ),
intval ( $contact_record [ 'id' ]),
2018-11-30 09:06:22 -05:00
intval ( ! empty ( $_POST [ 'knowyou' ])),
2019-10-15 09:01:17 -04:00
DBA :: escape ( Strings :: escapeTags ( trim ( $_POST [ 'dfrn-request-message' ] ? ? '' ))),
2018-07-21 09:10:13 -04:00
DBA :: escape ( $hash ),
DBA :: escape ( DateTimeFormat :: utcNow ())
2010-10-12 22:32:15 -04:00
);
}
2014-08-20 18:56:21 -04:00
2010-10-17 23:04:17 -04:00
// This notice will only be seen by the requestor if the requestor and requestee are on the same server.
2017-12-16 20:13:10 -05:00
if ( ! $failed ) {
2020-07-23 02:25:01 -04:00
info ( DI :: l10n () -> t ( 'Your introduction has been sent.' ));
2016-12-20 04:44:27 -05:00
}
2010-07-01 19:48:07 -04:00
2010-10-12 22:32:15 -04:00
// "Homecoming" - send the requestor back to their site to record the introduction.
2019-12-15 19:05:15 -05:00
$dfrn_url = bin2hex ( DI :: baseUrl () -> get () . '/profile/' . $nickname );
2010-10-12 22:32:15 -04:00
$aes_allow = (( function_exists ( 'openssl_encrypt' )) ? 1 : 0 );
2010-07-01 19:48:07 -04:00
2018-10-19 14:11:27 -04:00
System :: externalRedirect ( $parms [ 'dfrn-request' ] . " ?dfrn_url= $dfrn_url "
2014-09-06 11:28:46 -04:00
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
2017-12-16 20:13:10 -05:00
. '&confirm_key=' . $hash
2010-10-12 22:32:15 -04:00
. (( $aes_allow ) ? " &aes_allow=1 " : " " )
);
// NOTREACHED
2018-08-11 16:40:44 -04:00
// END $network === Protocol::DFRN
} elseif (( $network != Protocol :: PHANTOM ) && ( $url != " " )) {
2014-09-06 11:28:46 -04:00
2017-12-16 20:13:10 -05:00
/* Substitute our user ' s feed URL into $url template
2010-12-14 19:34:49 -05:00
* Send the subscriber home to subscribe
*/
2015-12-27 21:14:38 -05:00
// Diaspora needs the uri in the format user@domain.tld
// Diaspora will support the remote subscription in a future version
2018-08-11 16:40:44 -04:00
if ( $network == Protocol :: DIASPORA ) {
2020-02-06 17:45:22 -05:00
$uri = urlencode ( $a -> profile [ 'addr' ]);
2016-12-20 04:44:27 -05:00
} else {
2020-02-06 17:45:22 -05:00
$uri = urlencode ( $a -> profile [ 'url' ]);
2016-12-20 04:44:27 -05:00
}
2015-12-27 21:14:38 -05:00
$url = str_replace ( '{uri}' , $uri , $url );
2018-10-19 14:11:27 -04:00
System :: externalRedirect ( $url );
2010-10-12 22:32:15 -04:00
// NOTREACHED
2018-08-11 16:40:44 -04:00
// END $network != Protocol::PHANTOM
2015-12-27 21:14:38 -05:00
} else {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( " Remote subscription can't be done for your network. Please subscribe directly on your system. " ));
2015-12-27 21:14:38 -05:00
return ;
2010-10-12 22:32:15 -04:00
}
2017-12-16 20:13:10 -05:00
} return ;
2016-11-27 19:13:47 -05:00
}
2010-07-22 05:13:39 -04:00
2017-12-16 20:13:10 -05:00
function dfrn_request_content ( App $a )
{
2019-05-28 21:14:21 -04:00
if ( $a -> argc != 2 || empty ( $a -> profile )) {
2010-07-01 19:48:07 -04:00
return " " ;
2016-12-20 04:44:27 -05:00
}
2010-07-01 19:48:07 -04:00
// "Homecoming". Make sure we're logged in to this site as the correct user. Then offer a confirm button
// to send us to the post section to record the introduction.
2018-11-30 09:06:22 -05:00
if ( ! empty ( $_GET [ 'dfrn_url' ])) {
2017-12-16 20:13:10 -05:00
if ( ! local_user ()) {
2020-07-23 02:25:01 -04:00
info ( DI :: l10n () -> t ( " Please login to confirm introduction. " ));
2011-01-07 02:41:14 -05:00
/* setup the return URL to come back to this page if they use openid */
2017-12-17 11:40:59 -05:00
return Login :: form ();
2010-07-01 19:48:07 -04:00
}
2014-09-06 11:28:46 -04:00
// Edge case, but can easily happen in the wild. This person is authenticated,
2010-07-01 19:48:07 -04:00
// but not as the person who needs to deal with this request.
2010-07-22 05:13:39 -04:00
if ( $a -> user [ 'nickname' ] != $a -> argv [ 1 ]) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( " Incorrect identity currently logged in. Please login to <strong>this</strong> profile. " ));
2017-12-17 11:40:59 -05:00
return Login :: form ();
2010-07-01 19:48:07 -04:00
}
2018-11-09 13:29:42 -05:00
$dfrn_url = Strings :: escapeTags ( trim ( hex2bin ( $_GET [ 'dfrn_url' ])));
2018-11-30 09:06:22 -05:00
$aes_allow = ! empty ( $_GET [ 'aes_allow' ]);
2019-10-15 09:01:17 -04:00
$confirm_key = $_GET [ 'confirm_key' ] ? ? '' ;
2015-04-08 18:10:21 -04:00
// Checking fastlane for validity
2018-11-30 09:06:22 -05:00
if ( ! empty ( $_SESSION [ 'fastlane' ]) && ( Strings :: normaliseLink ( $_SESSION [ " fastlane " ]) == Strings :: normaliseLink ( $dfrn_url ))) {
2015-04-08 18:10:21 -04:00
$_POST [ " dfrn_url " ] = $dfrn_url ;
$_POST [ " confirm_key " ] = $confirm_key ;
$_POST [ " localconfirm " ] = 1 ;
$_POST [ " hidden-contact " ] = 0 ;
2020-01-18 14:52:34 -05:00
$_POST [ " submit " ] = DI :: l10n () -> t ( 'Confirm' );
2015-04-08 18:10:21 -04:00
dfrn_request_post ( $a );
2018-12-24 23:14:09 -05:00
exit ();
2015-04-08 18:10:21 -04:00
}
2018-10-31 10:44:06 -04:00
$tpl = Renderer :: getMarkupTemplate ( " dfrn_req_confirm.tpl " );
2018-10-31 10:35:50 -04:00
$o = Renderer :: replaceMacros ( $tpl , [
2010-07-01 19:48:07 -04:00
'$dfrn_url' => $dfrn_url ,
'$aes_allow' => (( $aes_allow ) ? '<input type="hidden" name="aes_allow" value="1" />' : " " ),
2020-01-18 14:52:34 -05:00
'$hidethem' => DI :: l10n () -> t ( 'Hide this contact' ),
2010-07-01 19:48:07 -04:00
'$confirm_key' => $confirm_key ,
2020-01-18 14:52:34 -05:00
'$welcome' => DI :: l10n () -> t ( 'Welcome home %s.' , $a -> user [ 'username' ]),
'$please' => DI :: l10n () -> t ( 'Please confirm your introduction/connection request to %s.' , $dfrn_url ),
'$submit' => DI :: l10n () -> t ( 'Confirm' ),
2010-07-01 19:48:07 -04:00
'$uid' => $_SESSION [ 'uid' ],
2010-07-20 23:48:08 -04:00
'$nickname' => $a -> user [ 'nickname' ],
2010-07-01 19:48:07 -04:00
'dfrn_rawurl' => $_GET [ 'dfrn_url' ]
2018-01-15 08:05:12 -05:00
]);
2010-07-01 19:48:07 -04:00
return $o ;
2018-11-30 09:06:22 -05:00
} elseif ( ! empty ( $_GET [ 'confirm_key' ])) {
2010-07-22 05:13:39 -04:00
// we are the requestee and it is now safe to send our user their introduction,
2014-09-06 11:28:46 -04:00
// We could just unblock it, but first we have to jump through a few hoops to
// send an email, or even to find out if we need to send an email.
2010-07-22 05:13:39 -04:00
$intro = q ( " SELECT * FROM `intro` WHERE `hash` = '%s' LIMIT 1 " ,
2018-07-21 09:10:13 -04:00
DBA :: escape ( $_GET [ 'confirm_key' ])
2010-07-22 05:13:39 -04:00
);
2018-07-21 08:46:04 -04:00
if ( DBA :: isResult ( $intro )) {
2010-07-22 05:13:39 -04:00
$r = q ( " SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact` . `id` = % d LIMIT 1 " ,
intval ( $intro [ 0 ][ 'contact-id' ])
);
2010-10-17 23:04:17 -04:00
$auto_confirm = false ;
2018-07-21 08:46:04 -04:00
if ( DBA :: isResult ( $r )) {
2019-01-06 12:37:48 -05:00
if ( $r [ 0 ][ 'page-flags' ] != User :: PAGE_FLAGS_NORMAL && $r [ 0 ][ 'page-flags' ] != User :: PAGE_FLAGS_PRVGROUP ) {
2014-03-11 18:52:32 -04:00
$auto_confirm = true ;
2017-12-16 20:13:10 -05:00
}
2011-12-26 18:47:40 -05:00
2017-12-16 20:13:10 -05:00
if ( ! $auto_confirm ) {
2018-01-15 08:05:12 -05:00
notification ([
2021-01-23 04:53:44 -05:00
'type' => Notification\Type :: INTRO ,
'otype' => Notification\ObjectType :: INTRO ,
2020-11-25 14:56:39 -05:00
'verb' => Activity :: REQ_FRIEND ,
'uid' => $r [ 0 ][ 'uid' ],
'cid' => $r [ 0 ][ 'id' ],
'link' => DI :: baseUrl () . '/notifications/intros' ,
2018-01-15 08:05:12 -05:00
]);
2010-07-22 05:13:39 -04:00
}
2011-12-26 18:47:40 -05:00
2017-12-16 20:13:10 -05:00
if ( $auto_confirm ) {
2017-05-07 14:40:23 -04:00
require_once 'mod/dfrn_confirm.php' ;
2018-01-15 08:05:12 -05:00
$handsfree = [
2016-12-14 03:56:27 -05:00
'uid' => $r [ 0 ][ 'uid' ],
'node' => $r [ 0 ][ 'nickname' ],
'dfrn_id' => $r [ 0 ][ 'issued-id' ],
2010-10-17 23:04:17 -04:00
'intro_id' => $intro [ 0 ][ 'id' ],
2019-01-06 12:37:48 -05:00
'duplex' => (( $r [ 0 ][ 'page-flags' ] == User :: PAGE_FLAGS_FREELOVE ) ? 1 : 0 ),
2018-01-15 08:05:12 -05:00
];
2017-12-16 20:13:10 -05:00
dfrn_confirm_post ( $a , $handsfree );
2010-10-17 23:04:17 -04:00
}
2010-07-22 05:13:39 -04:00
}
2017-12-16 20:13:10 -05:00
if ( ! $auto_confirm ) {
2010-07-01 19:48:07 -04:00
2010-10-17 23:04:17 -04:00
// If we are auto_confirming, this record will have already been nuked
// in dfrn_confirm_post()
2019-01-07 01:23:49 -05:00
q ( " UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' " ,
2018-07-21 09:10:13 -04:00
DBA :: escape ( $_GET [ 'confirm_key' ])
2010-10-17 23:04:17 -04:00
);
}
2010-07-22 05:13:39 -04:00
}
2011-08-18 19:47:45 -04:00
2018-12-26 00:40:12 -05:00
exit ();
2017-12-16 20:13:10 -05:00
} else {
// Normal web request. Display our user's introduction form.
2020-01-19 15:21:13 -05:00
if ( DI :: config () -> get ( 'system' , 'block_public' ) && ! Session :: isAuthenticated ()) {
if ( ! DI :: config () -> get ( 'system' , 'local_block' )) {
2020-07-23 02:25:01 -04:00
notice ( DI :: l10n () -> t ( 'Public access denied.' ));
2012-09-06 23:17:50 -04:00
return ;
}
2011-04-21 22:12:22 -04:00
}
2017-12-16 20:13:10 -05:00
// Try to auto-fill the profile address
2014-08-20 18:56:21 -04:00
// At first look if an address was provided
// Otherwise take the local address
2018-11-30 09:06:22 -05:00
if ( ! empty ( $_GET [ 'addr' ])) {
2014-08-20 18:56:21 -04:00
$myaddr = hex2bin ( $_GET [ 'addr' ]);
2018-11-30 09:06:22 -05:00
} elseif ( ! empty ( $_GET [ 'address' ])) {
2014-08-20 18:56:21 -04:00
$myaddr = $_GET [ 'address' ];
2016-12-19 08:26:13 -05:00
} elseif ( local_user ()) {
2019-12-15 18:39:54 -05:00
if ( strlen ( DI :: baseUrl () -> getUrlPath ())) {
2019-12-30 17:00:08 -05:00
$myaddr = DI :: baseUrl () . '/profile/' . $a -> user [ 'nickname' ];
2016-12-19 08:26:13 -05:00
} else {
2019-12-30 17:00:08 -05:00
$myaddr = $a -> user [ 'nickname' ] . '@' . substr ( DI :: baseUrl (), strpos ( DI :: baseUrl (), '://' ) + 3 );
2011-01-01 16:12:31 -05:00
}
2016-12-19 08:26:13 -05:00
} else {
2016-12-20 11:43:46 -05:00
// last, try a zrl
2018-01-14 21:22:39 -05:00
$myaddr = Profile :: getMyURL ();
2016-12-20 11:43:46 -05:00
}
2012-04-27 19:23:25 -04:00
2019-12-30 17:00:08 -05:00
$target_addr = $a -> profile [ 'nickname' ] . '@' . substr ( DI :: baseUrl (), strpos ( DI :: baseUrl (), '://' ) + 3 );
2011-09-05 21:34:30 -04:00
2017-12-16 20:13:10 -05:00
/* The auto_request form only has the profile address
2014-09-06 11:28:46 -04:00
* because nobody is going to read the comments and
2011-01-01 16:12:31 -05:00
* it doesn ' t matter if they know you or not .
*/
2019-01-06 12:37:48 -05:00
if ( $a -> profile [ 'page-flags' ] == User :: PAGE_FLAGS_NORMAL ) {
2018-10-31 10:44:06 -04:00
$tpl = Renderer :: getMarkupTemplate ( 'dfrn_request.tpl' );
2016-12-19 08:26:13 -05:00
} else {
2018-10-31 10:44:06 -04:00
$tpl = Renderer :: getMarkupTemplate ( 'auto_request.tpl' );
2016-12-20 11:43:46 -05:00
}
2011-01-01 16:12:31 -05:00
2018-10-31 10:35:50 -04:00
$o = Renderer :: replaceMacros ( $tpl , [
2020-02-05 22:41:04 -05:00
'$header' => DI :: l10n () -> t ( 'Friend/Connection Request' ),
'$page_desc' => DI :: l10n () -> t ( 'Enter your Webfinger address (user@domain.tld) or profile URL here. If this isn\'t supported by your system (for example it doesn\'t work with Diaspora), you have to subscribe to <strong>%s</strong> directly on your system' , $target_addr ),
'$invite_desc' => DI :: l10n () -> t ( 'If you are not yet a member of the free social web, <a href="%s">follow this link to find a public Friendica node and join us today</a>.' , Search :: getGlobalDirectory () . '/servers' ),
'$your_address' => DI :: l10n () -> t ( 'Your Webfinger address or profile URL:' ),
'$pls_answer' => DI :: l10n () -> t ( 'Please answer the following:' ),
'$submit' => DI :: l10n () -> t ( 'Submit Request' ),
'$cancel' => DI :: l10n () -> t ( 'Cancel' ),
'$request' => 'dfrn_request/' . $a -> argv [ 1 ],
'$name' => $a -> profile [ 'name' ],
'$myaddr' => $myaddr ,
2020-02-09 01:01:11 -05:00
'$does_know_you' => [ 'knowyou' , DI :: l10n () -> t ( '%s knows you' , $a -> profile [ 'name' ])],
2020-02-05 22:41:04 -05:00
'$addnote_field' => [ 'dfrn-request-message' , DI :: l10n () -> t ( 'Add a personal note:' )],
2018-01-15 08:05:12 -05:00
]);
2010-07-22 05:13:39 -04:00
return $o ;
2010-07-01 19:48:07 -04:00
}
2016-11-27 19:13:47 -05:00
}