aboutsummaryrefslogblamecommitdiffstats
path: root/mod/item.php
blob: acb97a062607ba32277341af8fafb60ec1f0a0ea (plain) (tree) 
6348e70da


6348e70da

6695b4a20

6348e70da






17808daf5

17808daf5

6348e70da

c4f31ec65








d090033a0

f937de932

c4f31ec65




6348e70da

e0e2a032c

6348e70da

25567fa04

6348e70da


7e16f8cda











c6267a2cd

7e16f8cda













c6267a2cd

7e16f8cda



2e5fb9c37

e0e2a032c

7e16f8cda

e0e2a032c

d090033a0

f937de932


e0e2a032c


f937de932

aff4f63ff


6348e70da

aff4f63ff

6348e70da

5e4df4b3f

6348e70da

f937de932

6348e70da

f937de932










9f81c3345



fa154248d






9f81c3345

bec3d15c5



0a4c5a694



6348e70da

0a4c5a694

9b0584e59

9b0584e59


0a4c5a694








































6348e70da

0a4c5a694




9b0584e59


0a4c5a694



6348e70da

9cc49f27e

0a4c5a694














9cc49f27e

0a4c5a694


9cc49f27e

6695b4a20

f937de932

7a6665b5c




































d090033a0













7a6665b5c









d090033a0

7a6665b5c



















6348e70da

1
2

3

4

5
6
7
8
9
10

11

12

13

14
15
16
17
18
19
20
21

22

23

24
25
26
27

28

29

30

31

32
33

34
35
36
37
38
39
40
41
42
43
44

45

46
47
48
49
50
51
52
53
54
55
56
57
58

59

60
61
62

63

64

65

66

67

68
69

70
71

72

73
74

75

76

77

78

79

80

81

82
83
84
85
86
87
88
89
90
91

92
93
94

95
96
97
98
99
100

101

102
103
104

105
106
107

108

109

110

111
112

113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

153

154
155
156
157

158
159

160
161
162

163

164

165
166
167
168
169
170
171
172
173
174
175
176
177
178

179

180
181

182

183

184

185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220

221
222
223
224
225
226
227
228
229
230
231
232
233

234
235
236
237
238
239
240
241
242

243

244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262

263


     
                         
 





                                                 
 
 
                                                                        







                                                                      
                                                                            
                                                                            



                                     
                                                                                       
 
                                               
                                                    

                       










                                                            
                                                          












                                                                
                                                         


                                                              
                                               
                                                  
 
                             
                                                           

                                                                    

         
                                      

                                                                              
                                                      
         
              
                                                                                         
                                                  
                             
                                                  









                                                                                 


                                                   





                                                              
         


                                                                 


                                        
 
                                                                                             
 

                                                                            







































                                                                                                                              
                                                         



                                                                 

                                                


                                           
                 
 













                                                                                                             
 

                                                                                                              
 
                                                            
                             



































                                                                                                            












                                                                                                                        








                                                                                         
                                                    


















                                                                                                                      
 
<?php

function item_post(&$a) {

	if((! local_user()) && (! remote_user()))
		return;

	require_once('include/security.php');

	$uid = $_SESSION['uid'];


	$parent = ((x($_POST,'parent')) ? intval($_POST['parent']) : 0);

	$parent_item = null;

	if($parent) {
		$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
			intval($parent)
		);
		if(! count($r)) {
			notice( t('Unable to locate original post.') . EOL);
			goaway($a->get_baseurl() . "/" . $_POST['return'] );
		}
		$parent_item = $r[0];
	}

	$profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0);

	if(! can_write_wall($a,$profile_uid)) {
		notice("Permission denied." . EOL) ;
		return;
	}
	
	$str_group_allow = '';
	$group_allow = $_POST['group_allow'];
	if(is_array($group_allow)) {
		array_walk($group_allow,'sanitise_acl');
		$str_group_allow = implode('',$group_allow);
	}

	$str_contact_allow = '';
	$contact_allow = $_POST['contact_allow'];
	if(is_array($contact_allow)) {
		array_walk($contact_allow,'sanitise_acl');
		$str_contact_allow = implode('',$contact_allow);
	}

	$str_group_deny = '';
	$group_deny = $_POST['group_deny'];
	if(is_array($group_deny)) {
		array_walk($group_deny,'sanitise_acl');
		$str_group_deny = implode('',$group_deny);
	}

	$str_contact_deny = '';
	$contact_deny = $_POST['contact_deny'];
	if(is_array($contact_deny)) {
		array_walk($contact_deny,'sanitise_acl');
		$str_contact_deny = implode('',$contact_deny);
	}

	$title = notags(trim($_POST['title']));
	$body = escape_tags(trim($_POST['body']));

	if(! strlen($body)) {
		notice( t('Empty post discarded.') . EOL );
		goaway($a->get_baseurl() . "/" . $_POST['return'] );

	}

	// get contact info for poster

	if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id']))) {
		$contact_id = $_SESSION['visitor_id'];
	}
	else {
		$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
			intval($_SESSION['uid']));
		if(count($r))
			$contact_id = $r[0]['id'];
	}

	// get contact info for owner
	
	$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
		intval($profile_uid)
	);
	if(count($r))
		$contact_record = $r[0];

	$post_type == notags(trim($_POST['type']));

	if($post_type == 'net-comment') {
		if($parent_item !== null) {
			if($parent_item['type'] == 'remote')
				$post_type = 'remote-comment';
			else		
				$post_type = 'wall-comment';
		}
	}

	$notify_type = (($parent) ? 'comment-new' : 'wall-new' );

	do {
		$dups = false;
		$hash = random_string();

		$uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $profile_uid . ':' . $hash;

		$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
			dbesc($uri));
		if(count($r))
			$dups = true;
	} while($dups == true);


	$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`,
		`edited`, `uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
		VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
		intval($profile_uid),
		dbesc($post_type),
		intval($contact_id),
		dbesc($contact_record['name']),
		dbesc($contact_record['url']),
		dbesc($contact_record['thumb']),
		datetime_convert(),
		datetime_convert(),
		dbesc($uri),
		dbesc($title),
		dbesc($body),
		dbesc($str_contact_allow),
		dbesc($str_group_allow),
		dbesc($str_contact_deny),
		dbesc($str_group_deny)
	);
	$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
		dbesc($uri));
	if(count($r)) {
		$post_id = $r[0]['id'];

		if($parent) {

			// This item is the last leaf and gets the comment box, clear any ancestors
			$r = q("UPDATE `item` SET `last-child` = 0 WHERE `parent` = %d ",
				intval($parent)
			);

			// Inherit ACL's from the parent item.
			// TODO merge with subsequent UPDATE operation and save a db write 

			$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
				WHERE `id` = %d LIMIT 1",
				dbesc($parent_item['allow_cid']),
				dbesc($parent_item['allow_gid']),
				dbesc($parent_item['deny_cid']),
				dbesc($parent_item['deny_gid']),
				intval($post_id)
			);
		}
		else {
			$parent = $post_id;
		}

		$r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `last-child` = 1, `visible` = 1
			WHERE `id` = %d LIMIT 1",
			intval($parent),
			dbesc(($parent == $post_id) ? $uri : $parent_item['uri']),
			intval($post_id)
		);
		// photo comments turn the corresponding item visible to the profile wall
		if(! $parent_item['visible']) {
			$r = q("UPDATE `item` SET `visible = 1 WHERE `id` = %d LIMIT 1",
				intval($parent_item['id'])
			);
		}
	}
	$url = $a->get_baseurl();

	proc_close(proc_open("php include/notifier.php \"$url\" \"$notify_type\" \"$post_id\" > notify.log &",
		array(),$foo));

	goaway($a->get_baseurl() . "/" . $_POST['return'] );
	return; // NOTREACHED
}

function item_content(&$a) {

	if((! local_user()) && (! remote_user()))
		return;

	require_once('include/security.php');

	$uid = $_SESSION['uid'];

	if(($a->argc == 3) && ($a->argv[1] == 'drop') && intval($a->argv[2])) {

		// locate item to be deleted

		$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
			intval($a->argv[2])
		);

		if(! count($r)) {
			notice("Item not found." . EOL);
			goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
		}
		$item = $r[0];

		// check if logged in user is either the author or owner of this item

		if(($_SESSION['visitor_id'] == $item['contact-id']) || ($_SESSION['uid'] == $item['uid'])) {

			// delete the item

			$r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s' WHERE `id` = %d LIMIT 1",
				dbesc(datetime_convert()),
				intval($item['id'])
			);

			// If item is a link to a photo resource, nuke all the associated photos 
			// (visitors will not have photo resources)
			// This only applies to photos uploaded from the photos page. Photos inserted into a post do not
			// generate a resource-id and therefore aren't intimately linked to the item. 

			if(strlen($item['resource-id'])) {
				$q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ",
					dbesc($item['resource-id']),
					intval($item['uid'])
				);
				// ignore the result
			}

			// If it's the parent of a comment thread, kill all the kids

			if($item['uri'] == $item['parent-uri']) {
				$r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s' 
					WHERE `parent-uri` = '%s' AND `uid` = %d ",
					dbesc(datetime_convert()),
					dbesc($item['parent-uri']),
					intval($item['uid'])
				);
				// ignore the result
			}

			$url = $a->get_baseurl();
			$drop_id = intval($item['id']);

			// send the notification upstream/downstream as the case may be

			proc_close(proc_open("php include/notifier.php \"$url\" \"drop\" \"$drop_id\" > notify.log &",
				array(),$foo));

			goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
			return; //NOTREACHED
		}
		else {
			notice("Permission denied." . EOL);
			goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
			return; //NOTREACHED
		}
	}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 08:16:13 +0000