Ejemplo n.º 1
0
/**
 * @brief Refreshes after permission changed or friending, etc.
 *
 * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified
 * to fetch new permissions via a finger/discovery operation. This may result in a new connection
 * (abook entry) being added to a local channel and it may result in auto-permissions being granted.
 *
 * Friending in zot is accomplished by sending a refresh packet to a specific channel which indicates a
 * permission change has been made by the sender which affects the target channel. The hub controlling
 * the target channel does targetted discovery (a zot-finger request requesting permissions for the local
 * channel). These are decoded here, and if necessary and abook structure (addressbook) is created to store
 * the permissions assigned to this channel.
 *
 * Initially these abook structures are created with a 'pending' flag, so that no reverse permissions are
 * implied until this is approved by the owner channel. A channel can also auto-populate permissions in
 * return and send back a refresh packet of its own. This is used by forum and group communication channels
 * so that friending and membership in the channel's "club" is automatic.
 *
 * @param array $them => xchan structure of sender
 * @param array $channel => local channel structure of target recipient, required for "friending" operations
 * @param array $force default false
 *
 * @returns boolean true if successful, else false
 */
function zot_refresh($them, $channel = null, $force = false)
{
    if (array_key_exists('xchan_network', $them) && $them['xchan_network'] !== 'zot') {
        logger('zot_refresh: not got zot. ' . $them['xchan_name']);
        return true;
    }
    logger('zot_refresh: them: ' . print_r($them, true), LOGGER_DATA, LOG_DEBUG);
    if ($channel) {
        logger('zot_refresh: channel: ' . print_r($channel, true), LOGGER_DATA, LOG_DEBUG);
    }
    $url = null;
    if ($them['hubloc_url']) {
        $url = $them['hubloc_url'];
    } else {
        $r = null;
        // if they re-installed the server we could end up with the wrong record - pointing to the old install.
        // We'll order by reverse id to try and pick off the newest one first and hopefully end up with the
        // correct hubloc. If this doesn't work we may have to re-write this section to try them all.
        if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) {
            $r = q("select hubloc_url, hubloc_primary from hubloc where hubloc_addr = '%s' order by hubloc_id desc", dbesc($them['xchan_addr']));
        }
        if (!$r) {
            $r = q("select hubloc_url, hubloc_primary from hubloc where hubloc_hash = '%s' order by hubloc_id desc", dbesc($them['xchan_hash']));
        }
        if ($r) {
            foreach ($r as $rr) {
                if (intval($rr['hubloc_primary'])) {
                    $url = $rr['hubloc_url'];
                    break;
                }
            }
            if (!$url) {
                $url = $r[0]['hubloc_url'];
            }
        }
    }
    if (!$url) {
        logger('zot_refresh: no url');
        return false;
    }
    $token = random_string();
    $postvars = array();
    $postvars['token'] = $token;
    if ($channel) {
        $postvars['target'] = $channel['channel_guid'];
        $postvars['target_sig'] = $channel['channel_guid_sig'];
        $postvars['key'] = $channel['channel_pubkey'];
    }
    if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) {
        $postvars['address'] = $them['xchan_addr'];
    }
    if (array_key_exists('xchan_hash', $them) && $them['xchan_hash']) {
        $postvars['guid_hash'] = $them['xchan_hash'];
    }
    if (array_key_exists('xchan_guid', $them) && $them['xchan_guid'] && array_key_exists('xchan_guid_sig', $them) && $them['xchan_guid_sig']) {
        $postvars['guid'] = $them['xchan_guid'];
        $postvars['guid_sig'] = $them['xchan_guid_sig'];
    }
    $rhs = '/.well-known/zot-info';
    $result = z_post_url($url . $rhs, $postvars);
    logger('zot_refresh: zot-info: ' . print_r($result, true), LOGGER_DATA, LOG_DEBUG);
    if ($result['success']) {
        $j = json_decode($result['body'], true);
        if (!($j && $j['success'])) {
            logger('zot_refresh: result not decodable');
            return false;
        }
        $signed_token = is_array($j) && array_key_exists('signed_token', $j) ? $j['signed_token'] : null;
        if ($signed_token) {
            $valid = rsa_verify('token.' . $token, base64url_decode($signed_token), $j['key']);
            if (!$valid) {
                logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR);
                return false;
            }
        } else {
            logger('No signed token from ' . $url . $rhs, LOGGER_NORMAL, LOG_WARNING);
            // after 2017-01-01 this will be a hard error unless you over-ride it.
            if (time() > 1483228800 && !get_config('system', 'allow_unsigned_zotfinger')) {
                return false;
            }
        }
        $x = import_xchan($j, $force ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED);
        if (!$x['success']) {
            return false;
        }
        $their_perms = 0;
        if ($channel) {
            $global_perms = get_perms();
            if ($j['permissions']['data']) {
                $permissions = crypto_unencapsulate(array('data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), $channel['channel_prvkey']);
                if ($permissions) {
                    $permissions = json_decode($permissions, true);
                }
                logger('decrypted permissions: ' . print_r($permissions, true), LOGGER_DATA, LOG_DEBUG);
            } else {
                $permissions = $j['permissions'];
            }
            $connected_set = false;
            if ($permissions && is_array($permissions)) {
                foreach ($permissions as $k => $v) {
                    // The connected permission means you are in their address book
                    if ($k === 'connected') {
                        $connected_set = intval($v);
                        continue;
                    }
                    if ($v && array_key_exists($k, $global_perms)) {
                        $their_perms = $their_perms | intval($global_perms[$k][1]);
                    }
                }
            }
            if (array_key_exists('profile', $j) && array_key_exists('next_birthday', $j['profile'])) {
                $next_birthday = datetime_convert('UTC', 'UTC', $j['profile']['next_birthday']);
            } else {
                $next_birthday = NULL_DATE;
            }
            $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($x['hash']), intval($channel['channel_id']));
            if ($r) {
                // connection exists
                // if the dob is the same as what we have stored (disregarding the year), keep the one
                // we have as we may have updated the year after sending a notification; and resetting
                // to the one we just received would cause us to create duplicated events.
                if (substr($r[0]['abook_dob'], 5) == substr($next_birthday, 5)) {
                    $next_birthday = $r[0]['abook_dob'];
                }
                $current_abook_connected = intval($r[0]['abook_unconnected']) ? 0 : 1;
                $y = q("update abook set abook_their_perms = %d, abook_dob = '%s'\n\t\t\t\t\twhere abook_xchan = '%s' and abook_channel = %d\n\t\t\t\t\tand abook_self = 0 ", intval($their_perms), dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']));
                //				if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) {
                // if they are in your address book but you aren't in theirs, and/or this does not
                // match your current connected state setting, toggle it.
                /** @FIXME uncoverted to postgres */
                /** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */
                //					$y1 = q("update abook set abook_unconnected = 1
                //						where abook_xchan = '%s' and abook_channel = %d
                //						and abook_self = 0 limit 1",
                //						dbesc($x['hash']),
                //						intval($channel['channel_id'])
                //					);
                //				}
                if (!$y) {
                    logger('abook update failed');
                } else {
                    // if we were just granted read stream permission and didn't have it before, try to pull in some posts
                    if (!($r[0]['abook_their_perms'] & PERMS_R_STREAM) && $their_perms & PERMS_R_STREAM) {
                        Zotlabs\Daemon\Master::Summon(array('Onepoll', $r[0]['abook_id']));
                    }
                }
            } else {
                // new connection
                $role = get_pconfig($channel['channel_id'], 'system', 'permissions_role');
                if ($role) {
                    $xx = get_role_perms($role);
                    if ($xx['perms_auto']) {
                        $default_perms = $xx['perms_accept'];
                    }
                }
                if (!$default_perms) {
                    $default_perms = intval(get_pconfig($channel['channel_id'], 'system', 'autoperms'));
                }
                // Keep original perms to check if we need to notify them
                $previous_perms = get_all_perms($channel['channel_id'], $x['hash']);
                $closeness = get_pconfig($channel['channel_id'], 'system', 'new_abook_closeness');
                if ($closeness === false) {
                    $closeness = 80;
                }
                $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), intval($closeness), dbesc($x['hash']), intval($their_perms), intval($default_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($next_birthday), intval($default_perms ? 0 : 1));
                if ($y) {
                    logger("New introduction received for {$channel['channel_name']}");
                    $new_perms = get_all_perms($channel['channel_id'], $x['hash']);
                    // Send a clone sync packet and a permissions update if permissions have changed
                    $new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 order by abook_created desc limit 1", dbesc($x['hash']), intval($channel['channel_id']));
                    if ($new_connection) {
                        if ($new_perms != $previous_perms) {
                            Zotlabs\Daemon\Master::Summon(array('Notifier', 'permission_create', $new_connection[0]['abook_id']));
                        }
                        Zotlabs\Lib\Enotify::submit(array('type' => NOTIFY_INTRO, 'from_xchan' => $x['hash'], 'to_xchan' => $channel['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id']));
                        if ($their_perms & PERMS_R_STREAM) {
                            if ($channel['channel_w_stream'] & PERMS_PENDING || !intval($new_connection[0]['abook_pending'])) {
                                Zotlabs\Daemon\Master::Summon(array('Onepoll', $new_connection[0]['abook_id']));
                            }
                        }
                        /** If there is a default group for this channel, add this connection to it */
                        $default_group = $channel['channel_default_group'];
                        if ($default_group) {
                            require_once 'include/group.php';
                            $g = group_rec_byhash($channel['channel_id'], $default_group);
                            if ($g) {
                                group_add_member($channel['channel_id'], '', $x['hash'], $g['id']);
                            }
                        }
                        unset($new_connection[0]['abook_id']);
                        unset($new_connection[0]['abook_account']);
                        unset($new_connection[0]['abook_channel']);
                        $abconfig = load_abconfig($channel['channel_id'], $new_connection['abook_xchan']);
                        if ($abconfig) {
                            $new_connection['abconfig'] = $abconfig;
                        }
                        build_sync_packet($channel['channel_id'], array('abook' => $new_connection));
                    }
                }
            }
        }
        return true;
    }
    return false;
}
Ejemplo n.º 2
0
function format_and_send_email($sender, $xchan, $item)
{
    $title = $item['title'];
    $body = $item['body'];
    $textversion = strip_tags(html_entity_decode(bbcode(str_replace(array("\\r", "\\n"), array("", "\n"), $body)), ENT_QUOTES, 'UTF-8'));
    $htmlversion = bbcode(str_replace(array("\\r", "\\n"), array("", "<br />\n"), $body));
    $banner = t('$Projectname Notification');
    $product = t('$projectname');
    // PLATFORM_NAME;
    $siteurl = z_root();
    $thanks = t('Thank You,');
    $sitename = get_config('system', 'sitename');
    $site_admin = sprintf(t('%s Administrator'), $sitename);
    // load the template for private message notifications
    $tpl = get_markup_template('email_notify_html.tpl');
    $email_html_body = replace_macros($tpl, array('$banner' => $banner, '$notify_icon' => Zotlabs\Lib\System::get_notify_icon(), '$product' => $product, '$preamble' => '', '$sitename' => $sitename, '$siteurl' => $siteurl, '$source_name' => $sender['xchan_name'], '$source_link' => $sender['xchan_url'], '$source_photo' => $sender['xchan_photo_m'], '$username' => $xchan['xchan_name'], '$hsitelink' => $datarray['hsitelink'], '$hitemlink' => $datarray['hitemlink'], '$thanks' => $thanks, '$site_admin' => $site_admin, '$title' => $title, '$htmlversion' => $htmlversion));
    // load the template for private message notifications
    $tpl = get_markup_template('email_notify_text.tpl');
    $email_text_body = replace_macros($tpl, array('$banner' => $banner, '$product' => $product, '$preamble' => '', '$sitename' => $sitename, '$siteurl' => $siteurl, '$source_name' => $sender['xchan_name'], '$source_link' => $sender['xchan_url'], '$source_photo' => $sender['xchan_photo_m'], '$username' => $xchan['xchan_name'], '$hsitelink' => $datarray['hsitelink'], '$hitemlink' => $datarray['hitemlink'], '$thanks' => $thanks, '$site_admin' => $site_admin, '$title' => $title, '$textversion' => $textversion));
    $sender_name = t('Administrator');
    $hostname = App::get_hostname();
    if (strpos($hostname, ':')) {
        $hostname = substr($hostname, 0, strpos($hostname, ':'));
    }
    $sender_email = 'noreply' . '@' . $hostname;
    // use the EmailNotification library to send the message
    Zotlabs\Lib\Enotify::send(array('fromName' => $product, 'fromEmail' => $sender_email, 'replyTo' => $sender_email, 'toEmail' => str_replace('mailto:', '', $xchan['xchan_addr']), 'messageSubject' => $title ? $title : t('No Subject'), 'htmlVersion' => $email_html_body, 'textVersion' => $email_text_body, 'additionalMailHeader' => ''));
}