<?php
function map_perms($channel,$zguid,$zsig) {
$is_contact = false;
$is_site = false;
$is_network = false;
$is_anybody = true;
// To avoid sending the lengthy target_sig with each request,
// We should provide an array of results for each target
// and let the sender match the signature.
if(strlen($zguid) && strlen($zsig)) {
$is_network = true;
$r = q("select * from contact where guid = '%s' and uid = %d limit 1",
dbesc($zguid),
intval($channel['channel_id'])
);
if($r && count($r)) {
$is_contact = true;
$contact = $r[0];
}
$r = q("select * from channel where channel_guid = '%s'",
dbesc($zguid)
);
if($r && count($r)) {
foreach($r as $rr) {
if(base64url_encode(rsa_sign($rr['channel_guid'],$rr['channel_prvkey'])) === $zsig) {
$is_site = true;
break;
}
}
}
}
$perms = array(
'view_stream' => array('channel_r_stream', PERMS_R_STREAM ),
'view_profile' => array('channel_r_profile', PERMS_R_PROFILE),
'view_photos' => array('channel_r_photos', PERMS_R_PHOTOS),
'view_contacts' => array('channel_r_abook', PERMS_R_ABOOK),
'send_stream' => array('channel_w_stream', PERMS_W_STREAM),
'post_wall' => array('channel_w_wall', PERMS_W_WALL),
'tag_deliver' => array('channel_w_tagwall', PERMS_W_TAGWALL),
'post_comments' => array('channel_w_comment', PERMS_W_COMMENT),
'post_mail' => array('channel_w_mail', PERMS_W_MAIL),
'post_photos' => array('channel_w_photos', PERMS_W_PHOTOS),
'chat' => array('channel_w_chat', PERMS_W_CHAT),
);
$ret = array();
foreach($perms as $k => $v) {
$ret[$k] = z_check_perms($k,$v,$channel,$contact,$is_contact,$is_site,$is_network,$is_anybody);
}
return $ret;
}
function z_check_perms($k,$v,$channel,$contact,$is_contact,$is_site,$is_network,$is_anybody) {
$allow = (($contact['self']) ? true : false);
switch($channel[$v[0]]) {
case PERMS_PUBLIC:
if($is_anybody)
$allow = true;
break;
case PERMS_NETWORK:
if($is_network)
$allow = true;
break;
case PERMS_SITE:
if($is_site)
$allow = true;
break;
case PERMS_CONTACTS:
if($is_contact)
$allow = true;
break;
case PERMS_SPECIFIC:
if($is_contact && is_array($contact) && ($contact['my_perms'] & $v[1]))
$allow = true;
break;
default:
break;
}
return $allow;
}
// Included here for completeness, but this is a very dangerous operation.
// It is the caller's responsibility to confirm the requestor's intent and
// authorisation to do this.
function user_remove($uid) {
if(! $uid)
return;
$a = get_app();
logger('Removing user: ' . $uid);
$r = q("select * from user where uid = %d limit 1", intval($uid));
call_hooks('remove_user',$r[0]);
// save username (actually the nickname as it is guaranteed
// unique), so it cannot be re-registered in the future.
q("insert into userd ( username ) values ( '%s' )",
$r[0]['nickname']
);
q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `gcign` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `group` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `group_member` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `intro` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `event` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `item` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `item_id` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `mail` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `mailacct` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `manage` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `notify` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `photo` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `attach` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `profile` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `profile_check` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `pconfig` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `search` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `spam` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `user` WHERE `uid` = %d", intval($uid));
if($uid == local_user()) {
unset($_SESSION['authenticated']);
unset($_SESSION['uid']);
goaway($a->get_baseurl());
}
}
function contact_remove($id) {
$r = q("select uid from contact where id = %d limit 1",
intval($id)
);
if((! count($r)) || (! intval($r[0]['uid'])))
return;
$archive = get_pconfig($r[0]['uid'], 'system','archive_removed_contacts');
if($archive) {
q("update contact set `archive` = 1, `network` = 'none', `writable` = 0 where id = %d limit 1",
intval($id)
);
return;
}
q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
intval($id)
);
q("DELETE FROM `item` WHERE `contact-id` = %d ",
intval($id)
);
q("DELETE FROM `photo` WHERE `contact-id` = %d ",
intval($id)
);
q("DELETE FROM `mail` WHERE `contact-id` = %d ",
intval($id)
);
q("DELETE FROM `event` WHERE `cid` = %d ",
intval($id)
);
q("DELETE FROM `queue` WHERE `cid` = %d ",
intval($id)
);
}
// sends an unfriend message. Does not remove the contact
function terminate_friendship($user,$self,$contact) {
$a = get_app();
require_once('include/datetime.php');
if($contact['network'] === NETWORK_DFRN) {
require_once('include/items.php');
dfrn_deliver($user,$contact,'placeholder', 1);
}
}
// Contact has refused to recognise us as a friend. We will start a countdown.
// If they still don't recognise us in 32 days, the relationship is over,
// and we won't waste any more time trying to communicate with them.
// This provides for the possibility that their database is temporarily messed
// up or some other transient event and that there's a possibility we could recover from it.
if(! function_exists('mark_for_death')) {
function mark_for_death($contact) {
if($contact['archive'])
return;
if($contact['term_date'] == '0000-00-00 00:00:00') {
q("UPDATE `contact` SET `term_date` = '%s' WHERE `id` = %d LIMIT 1",
dbesc(datetime_convert()),
intval($contact['id'])
);
}
else {
// TODO: We really should send a notification to the owner after 2-3 weeks
// so they won't be surprised when the contact vanishes and can take
// remedial action if this was a serious mistake or glitch
$expiry = $contact['term_date'] . ' + 32 days ';
if(datetime_convert() > datetime_convert('UTC','UTC',$expiry)) {
// relationship is really truly dead.
// archive them rather than delete
// though if the owner tries to unarchive them we'll start the whole process over again
q("update contact set `archive` = 1 where id = %d limit 1",
intval($contact['id'])
);
//contact_remove($contact['id']);
}
}
}}
if(! function_exists('unmark_for_death')) {
function unmark_for_death($contact) {
// It's a miracle. Our dead contact has inexplicably come back to life.
q("UPDATE `contact` SET `term_date` = '%s' WHERE `id` = %d LIMIT 1",
dbesc('0000-00-00 00:00:00'),
intval($contact['id'])
);
}}
if(! function_exists('contact_photo_menu')){
function contact_photo_menu($contact) {
$a = get_app();
$contact_url="";
$pm_url="";
$status_link="";
$photos_link="";
$posts_link="";
$poke_link="";
$sparkle = false;
if($contact['network'] === NETWORK_DFRN) {
$sparkle = true;
$profile_link = $a->get_baseurl() . '/redir/' . $contact['id'];
}
else
$profile_link = $contact['url'];
if($profile_link === 'mailbox')
$profile_link = '';
if($sparkle) {
$status_link = $profile_link . "?url=status";
$photos_link = $profile_link . "?url=photos";
$profile_link = $profile_link . "?url=profile";
$pm_url = $a->get_baseurl() . '/message/new/' . $contact['id'];
}
$poke_link = $a->get_baseurl() . '/poke/?f=&c=' . $contact['id'];
$contact_url = $a->get_baseurl() . '/contacts/' . $contact['id'];
$posts_link = $a->get_baseurl() . '/network/?cid=' . $contact['id'];
$menu = Array(
t("Poke") => $poke_link,
t("View Status") => $status_link,
t("View Profile") => $profile_link,
t("View Photos") => $photos_link,
t("Network Posts") => $posts_link,
t("Edit Contact") => $contact_url,
t("Send PM") => $pm_url,
);
$args = array('contact' => $contact, 'menu' => &$menu);
call_hooks('contact_photo_menu', $args);
$o = "";
foreach($menu as $k=>$v){
if ($v!="") {
if(($k !== t("Network Posts")) && ($k !== t("Send PM")) && ($k !== t('Edit Contact')))
$o .= "<li><a target=\"redir\" href=\"$v\">$k</a></li>\n";
else
$o .= "<li><a href=\"$v\">$k</a></li>\n";
}
}
return $o;
}}
function random_profile() {
$r = q("select xchan_profile from xchan where xchan_network = 'zot' order by rand() limit 1");
if($r && count($r))
return $r[0]['xchan_profile'];
return '';
}
function contacts_not_grouped($uid,$start = 0,$count = 0) {
if(! $count) {
$r = q("select count(*) as total from contact where uid = %d and self = 0 and id not in (select distinct(`contact-id`) from group_member where uid = %d) ",
intval($uid),
intval($uid)
);
return $r;
}
$r = q("select * from contact where uid = %d and self = 0 and id not in (select distinct(`contact-id`) from group_member where uid = %d) and blocked = 0 and pending = 0 limit %d, %d",
intval($uid),
intval($uid),
intval($start),
intval($count)
);
return $r;
}