function new_dm($user_id, $type, $remote_name, $remote_profile, $remote_avatar, $remote_message, $remote_time) { $users = instance_model('users'); $users->verify_user_id($user_id); if(!($type == "public" || $type == 'private')) throw new invalid_dm_type_exception(); validate_username($remote_name); validate_url($remote_profile); validate_avatar($remote_avatar); validate_message($remote_message); $query = "INSERT INTO `direct-message` (`User_ID`, `Type`, `Remote_name`, `Remote_profile`, `Remote_avatar`, `Remote_message`, `Remote_time`) VALUES ('@v','@v','@v','@v','@v', '@v', '@v')"; $this->query($query, $user_id, $type, $remote_name, $remote_profile, $remote_avatar, $remote_message, $remote_time); }
function create_following($id, $remote_url, $remote_name, $remote_profile, $remote_avatar, $relation_pingback, $message_pingback) { $users = instance_model('users'); $user = $users->verify_user_id($id); validate_url($remote_url); validate_username($remote_name); validate_url($remote_profile); validate_avatar($remote_avatar); validate_url($relation_pingback); validate_url($message_pingback); $query = "INSERT INTO `following` (`User_ID`, `Remote_URL`, `Remote_name`, `Remote_profile`, `Remote_avatar`, `Relation_pingback`, `Message_pingback`) VALUES ('@v', '@v', '@v', '@v', '@v', '@v', '@v')"; $this->query($query, $id, $remote_url, $remote_name, $remote_profile, $remote_avatar, $relation_pingback, $message_pingback); }
function update_avatar($id, $new_avatar) { $this->verify_user_id($id); validate_avatar($new_avatar); $query = "UPDATE `users` SET `Avatar` = '@v' WHERE `ID` = '@v' LIMIT 1"; $this->query($query, $new_avatar, $id); }
function new_item($remote_url, $remote_name, $remote_profile, $remote_avatar, $time, $message) { validate_url($remote_url); validate_url($remote_profile); validate_avatar($remote_avatar); validate_username($remote_name); validate_message($message); $query = "INSERT INTO `message-cache` (`Remote_URL`, `Remote_name`, `Remote_profile`, `Remote_avatar`, `Remote_time`, `Remote_message`) VALUES ('@v','@v','@v','@v','@v', '@v')"; $this->query($query, $remote_url, $remote_name, $remote_profile, $remote_avatar, $time, $message); }
function get_message_stream($remote_url, $test = "", $check_signiture = true) { if($test == "") $xml = $this->http_request($remote_url); else $xml = $test; if($test == 'User does not exist on this node') throw new no_such_user_exception(); $parsed_xml = @simplexml_load_string($xml); if(!$parsed_xml) throw new malformed_xml_exception(); // Protocol version number must be numeric and have a decimal point if(!preg_match("/[0-9]+\.[0-9]+/", $parsed_xml->protocol_version)) throw new invalid_protocol_version_exception(); // check protocol version tag exitsts if($parsed_xml->protocol_version > PROTOCOL_VERSION) throw new messages_from_the_future_exception(); $parsed_xml->head->by_user = base64_decode($parsed_xml->head->by_user); $parsed_xml->head->user_pub_key = base64_decode($parsed_xml->head->user_pub_key); $parsed_xml->head->user_bio = base64_decode($parsed_xml->head->user_bio); $parsed_xml->head->user_avatar = base64_decode($parsed_xml->head->user_avatar); $parsed_xml->head->user_profile = base64_decode($parsed_xml->head->user_profile); $parsed_xml->head->message_pingback = base64_decode($parsed_xml->head->message_pingback); $parsed_xml->head->relation_pingback = base64_decode($parsed_xml->head->relation_pingback); for($i = 0; $i < count($parsed_xml->message); $i ++) { $parsed_xml->message[$i]->time = base64_decode($parsed_xml->message[$i]->time); $parsed_xml->message[$i]->message = base64_decode($parsed_xml->message[$i]->message); } // Varify stream signature if($check_signiture == true) { $signature_str = $parsed_xml->protocol_version . $parsed_xml->head->by_user . $parsed_xml->head->user_bio . $parsed_xml->head->user_avatar . $parsed_xml->head->user_profile . $parsed_xml->head->message_pingback . $parsed_xml->head->relation_pingback; foreach($parsed_xml->message as $message) $signature_str .= ($message->time . $message->message); validate_pub_key($parsed_xml->head->user_pub_key); $pubkeyid = openssl_get_publickey($parsed_xml->head->user_pub_key); $result = openssl_verify($signature_str, base64_decode($parsed_xml->head->data_sig), $pubkeyid); openssl_free_key($pubkeyid); if($result != 1) throw new stream_signature_error_exception(); } // Varify user info validate_username($parsed_xml->head->by_user); validate_bio($parsed_xml->head->user_bio); validate_avatar($parsed_xml->head->user_avatar); // Validate URL's validate_url($parsed_xml->head->user_profile); validate_url($parsed_xml->head->message_pingback); validate_url($parsed_xml->head->relation_pingback); // Check that all URL's point to the same host name $remote = parse_url($remote_url); $profile = parse_url($parsed_xml->head->user_profile); $message = parse_url($parsed_xml->head->message_pingback); $relation = parse_url($parsed_xml->head->relation_pingback); if( $profile['host'] != $remote['host'] || $message['host'] != $remote['host'] || $relation['host'] != $remote['host']) throw new exception('Invalid message stream'); return $parsed_xml; }
function test_validate_avatar_wrong_size() { $this->setExpectedException('invalid_avatar_exception'); validate_avatar(APP_ROOT . 'tests/models/files/bad_avatar.jpg'); }