path: root/Zotlabs/Module/Webpages.php

<?php
namespace Zotlabs\Module;

require_once('include/channel.php');
require_once('include/conversation.php');
require_once('include/acl_selectors.php');


class Webpages extends \Zotlabs\Web\Controller {

	function init() {
	
		if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) {
			$sys = get_sys_channel();
			if($sys && intval($sys['channel_id'])) {
				\App::$is_sys = true;
			}
		}
	
		if(argc() > 1)
			$which = argv(1);
		else
			return;
	
		profile_load($which);
	
	}
	
	
	function get() {
	
		if(! \App::$profile) {
			notice( t('Requested profile is not available.') . EOL );
			\App::$error = 404;
			return;
		}
	
		$which = argv(1);
		
		$_SESSION['return_url'] = \App::$query_string;
	
		$uid = local_channel();
		$owner = 0;
		$channel = null;
		$observer = \App::get_observer();
	
		$channel = \App::get_channel();
	
		if(\App::$is_sys && is_site_admin()) {
			$sys = get_sys_channel();
			if($sys && intval($sys['channel_id'])) {
				$uid = $owner = intval($sys['channel_id']);
				$channel = $sys;
				$observer = $sys;
			}
		}
	
		if(! $owner) {
			// Figure out who the page owner is.
			$r = q("select channel_id from channel where channel_address = '%s'",
				dbesc($which)
			);
			if($r) {
				$owner = intval($r[0]['channel_id']);
			}
		}
	
		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
	
		$perms = get_all_perms($owner,$ob_hash);
	
		if(! $perms['write_pages']) {
			notice( t('Permission denied.') . EOL);
			return;
		}
	
		$mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype'));
	
		$layout = (($_REQUEST['layout']) ? $_REQUEST['layout'] : get_pconfig($owner,'system','page_layout'));
	
		// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
		// Nickname is set to the observers xchan, and profile_uid to the owner's.  
		// This lets you post pages at other people's channels.
	
		if((! $channel) && ($uid) && ($uid == \App::$profile_uid)) {
			$channel = \App::get_channel();
		}
		if($channel) {
			$channel_acl = array(
				'allow_cid' => $channel['channel_allow_cid'],
				'allow_gid' => $channel['channel_allow_gid'],
				'deny_cid'  => $channel['channel_deny_cid'],
				'deny_gid'  => $channel['channel_deny_gid']
			);
		}
		else
			$channel_acl = array();
	
		$is_owner = ($uid && $uid == $owner);
		$o = profile_tabs($a, $is_owner, \App::$profile['channel_address']);
	
		$x = array(
			'webpage' => ITEM_TYPE_WEBPAGE,
			'is_owner' => true,
			'nickname' => \App::$profile['channel_address'],
			'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
			'acl' => (($is_owner) ? populate_acl($channel_acl,false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''),
			'showacl' => (($is_owner) ? true : false),
			'visitor' => true,
			'hide_location' => true,
			'hide_voting' => true,
			'profile_uid' => intval($owner),
			'mimetype' => $mimetype,
			'mimeselect' => true,
			'layout' => $layout,
			'layoutselect' => true,
			'expanded' => true,
			'novoting'=> true,
			'bbco_autocomplete' => 'bbcode',
			'bbcode' => true
		);
		
		if($_REQUEST['title'])
			$x['title'] = $_REQUEST['title'];
		if($_REQUEST['body'])
			$x['body'] = $_REQUEST['body'];
		if($_REQUEST['pagetitle'])
			$x['pagetitle'] = $_REQUEST['pagetitle'];
	
		$editor = status_editor($a,$x);
	
		// Get a list of webpages.  We can't display all them because endless scroll makes that unusable, 
		// so just list titles and an edit link.
	
	
		/** @TODO - this should be replaced with pagelist_widget */
	
		$sql_extra = item_permissions_sql($owner);
	

		$r = q("select * from iconfig left join item on iconfig.iid = item.id 
			where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item_type = %d 
			$sql_extra order by item.created desc",
			intval($owner),
			intval(ITEM_TYPE_WEBPAGE)
		);

//		$r = q("select * from item_id left join item on item_id.iid = item.id 
//			where item_id.uid = %d and service = 'WEBPAGE' and item_type = %d $sql_extra order by item.created desc",
//			intval($owner),
//			intval(ITEM_TYPE_WEBPAGE)
//		);
	
		$pages = null;
	
		if($r) {
			$pages = array();
			foreach($r as $rr) {
				unobscure($rr);
	
				$lockstate = (($rr['allow_cid'] || $rr['allow_gid'] || $rr['deny_cid'] || $rr['deny_gid']) ? 'lock' : 'unlock');
	
				$element_arr = array(
					'type'		=> 'webpage',
					'title'		=> $rr['title'],
					'body'		=> $rr['body'],
					'created'	=> $rr['created'],
					'edited'	=> $rr['edited'],
					'mimetype'	=> $rr['mimetype'],
					'pagetitle'	=> $rr['v'],
					'mid'		=> $rr['mid'],
					'layout_mid'    => $rr['layout_mid']
				);
				$pages[$rr['iid']][] = array(
					'url'		=> $rr['iid'],
					'pagetitle'	=> $rr['v'],
					'title'		=> $rr['title'],
					'created'	=> datetime_convert('UTC',date_default_timezone_get(),$rr['created']),
					'edited'	=> datetime_convert('UTC',date_default_timezone_get(),$rr['edited']),
					'bb_element'	=> '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]',
					'lockstate'     => $lockstate
				);
			}
		}
	
	
		//Build the base URL for edit links
		$url = z_root() . '/editwebpage/' . $which;
		
		$o .= replace_macros(get_markup_template('webpagelist.tpl'), array(
			'$listtitle'    => t('Webpages'),
			'$baseurl'      => $url,
			'$create'       => t('Create'),
			'$edit'         => t('Edit'),
			'$share'	=> t('Share'),
			'$delete'	=> t('Delete'),
			'$pages'        => $pages,
			'$channel'      => $which,
			'$editor'	=> $editor,
			'$view'         => t('View'),
			'$preview'      => t('Preview'),
			'$actions_txt'  => t('Actions'),
			'$pagelink_txt' => t('Page Link'),
			'$title_txt'    => t('Page Title'),
			'$created_txt'  => t('Created'),
			'$edited_txt'   => t('Edited')
		));
	
		return $o;
	}
	
	function post() {
		
		if(($_FILES) && array_key_exists('zip_file',$_FILES) && isset($_POST['w_upload'])) {
			$source = $_FILES["zip_file"]["tmp_name"];
			$type = $_FILES["zip_file"]["type"];
			$okay = false;
			$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed');
			foreach ($accepted_types as $mime_type) {
				if ($mime_type == $type) {
					$okay = true;
					break;
				}
			}
			if(!$okay) {
				json_return_and_die(array('message' => 'Invalid file MIME type'));
			}
			$zip = new \ZipArchive();
			if ($zip->open($source) === true) {
				$tmp_folder_name = random_string(5);
				$website = dirname($source) . '/' . $tmp_folder_name;
				$zip->extractTo($website); // change this to the correct site path
				$zip->close();
				@unlink($source);	// delete the compressed file now that the content has been extracted

				require_once('include/import.php');
				$elements = [];
				$elements['pages'] = scan_webpage_elements($website, 'page');
				$elements['layouts'] = scan_webpage_elements($website, 'layout');
				$elements['blocks'] = scan_webpage_elements($website, 'block');
				
				$channel = \App::get_channel();
				// Import layout first so that pages that reference new layouts will find
				// the mid of layout items in the database
				foreach($elements['layouts'] as &$layout) {
					$layout = import_webpage_element($layout, $channel, 'layout');
				}
				foreach($elements['pages'] as &$page) {
					$page = import_webpage_element($page, $channel, 'page');
				}
				foreach($elements['blocks'] as &$block) {
					$block = import_webpage_element($block, $channel, 'block');
				}
				
				// Without the if statement below, the folder is deleted before the import completes.
				if($elements) {	
					rrmdir($website);	// Delete the temporary decompressed files
				}
			}	
			
			return null;
		} 
		
		if (($_POST) && array_key_exists('path',$_POST) && isset($_POST['cloudsubmit'])) {
			$ret = [];
			// Warning: Do not edit the following line. The first symbol is UTF-8 &#65312; 
			$path = str_replace('@','@',notags(trim($_REQUEST['path'])));		

			$h = @parse_url($path);

			if(! $h || !x($h, 'path')) {
				return null;
			}
			if(substr($h['path'],-1,1) === '/') {
				$h['path'] = substr($h['path'],0,-1);
			}
			if(substr($h['path'],0,1) === '/') {
				$h['path'] = substr($h['path'],1);
			}
			$folders = explode('/', $h['path']);
			$f = array_shift($folders);
			
			$channel = \App::get_channel();
			$nick = \App::$profile['channel_address'];
			//check to see if the absolute path was provided (/cloud/channelname/path/to/folder)
			if(($f === 'cloud') ) { 
				$g = array_shift($folders);
				if( $g !== $nick) {
					// if nick does not follow "cloud", then the top level folder must be called  "cloud"
					// and the given path must be relative to "/cloud/channelname/". 
					$folders = array_unshift($f,array_unshift($g, $folders));
				} 
			}
			$clouddir = 'store/' . $nick . '/';
			$folder_path = $clouddir . implode('/', $folders);
			
			
//			if(!(is_dir($folder_path) && is_readable($folder_path))) {
//				logger('path is not readable: ' . $folder_path);
//				return null;
//			}
			$subdir = '/';
			$valid = true;
			while($folders && $valid && is_dir($clouddir . $subdir) && is_readable($clouddir . $subdir)) {
				logger('hashed path: ' . $clouddir . $subdir);
				$valid = false;
				$f = array_shift($folders);
				$items = array_diff(scandir($clouddir . $subdir), array('.', '..')); // hashed names
				foreach($items as $item) {
					$filename = find_filename_by_hash($channel['channel_id'], $item);
					if($filename === $f) {
						$subdir .= $item . '/';
						$valid = true;
					}
				}
			}
			if(!$valid) {
				logger('path is not valid: ' . $folder_path);
			}
			
			
			return null;
			
		}
	}
	
}