diff options
| author | Michael Vogel <icarus@dabo.de> | 2012-06-04 08:09:15 +0200 |
|---|---|---|
| committer | Michael Vogel <icarus@dabo.de> | 2012-06-04 08:09:15 +0200 |
| commit | 0353410cd4b8153fd2b6e9d3524c6e46ad4acd68 (patch) | |
| tree | e93cc7977a7367eb6281c733d9a34730dae3bf95 /include | |
| parent | 5de91c2a7c924ac6067828a0e5bfbef5572c1f39 (diff) | |
| parent | ca105f1c669950768a1f4cd6b93f471cabbc5114 (diff) | |
| download | volse-hubzilla-0353410cd4b8153fd2b6e9d3524c6e46ad4acd68.tar.gz volse-hubzilla-0353410cd4b8153fd2b6e9d3524c6e46ad4acd68.tar.bz2 volse-hubzilla-0353410cd4b8153fd2b6e9d3524c6e46ad4acd68.zip | |
Merge remote branch 'upstream/master'
Diffstat (limited to 'include')
| -rw-r--r-- | include/api.php | 4 | ||||
| -rw-r--r-- | include/bbcode.php | 9 | ||||
| -rw-r--r-- | include/conversation.php | 53 | ||||
| -rw-r--r-- | include/datetime.php | 6 | ||||
| -rw-r--r-- | include/delivery.php | 15 | ||||
| -rwxr-xr-x[-rw-r--r--] | include/diaspora.php | 209 | ||||
| -rw-r--r-- | include/enotify.php | 3 | ||||
| -rw-r--r-- | include/event.php | 17 | ||||
| -rw-r--r-- | include/follow.php | 243 | ||||
| -rwxr-xr-x[-rw-r--r--] | include/items.php | 55 | ||||
| -rw-r--r-- | include/nav.php | 2 | ||||
| -rw-r--r-- | include/notifier.php | 21 | ||||
| -rw-r--r-- | include/profile_advanced.php | 5 | ||||
| -rw-r--r-- | include/text.php | 5 | ||||
| -rw-r--r-- | include/user.php | 327 |
15 files changed, 875 insertions, 99 deletions
diff --git a/include/api.php b/include/api.php index cd8526f89..9925b5766 100644 --- a/include/api.php +++ b/include/api.php @@ -997,8 +997,8 @@ else $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", dbesc(protect_sprintf('%' . $myurl)), - dbesc(protect_sprintf('%' . $myurl . '\\]%')), - dbesc(protect_sprintf('%' . $diasp_url . '\\]%')) + dbesc(protect_sprintf('%' . $myurl . ']%')), + dbesc(protect_sprintf('%' . $diasp_url . ']%')) ); if ($max_id > 0) diff --git a/include/bbcode.php b/include/bbcode.php index 85d310b75..efc362880 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -52,6 +52,8 @@ function bb_unspacefy_and_trim($st) { function bbcode($Text,$preserve_nl = false) { + $a = get_app(); + // Hide all [noparse] contained bbtags spacefying them $Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_spacefy',$Text); @@ -114,6 +116,11 @@ function bbcode($Text,$preserve_nl = false) { $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '<a href="$1" target="external-link">$2</a>', $Text); //$Text = preg_replace("/\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" target="_blank">$2</a>', $Text); + // we may need to restrict this further if it picks up too many strays + // link acct:user@host to a webfinger profile redirector + + $Text = preg_replace('/acct:(.*?)@(.*?)([ ,])/', '<a href="' . $a->get_baseurl() . '/acctlink?addr=' . "$1@$2" + . '" target="extlink" >acct:' . "$1@$2$3" . '</a>',$Text); // Perform MAIL Search $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1">$1</a>', $Text); @@ -226,7 +233,7 @@ function bbcode($Text,$preserve_nl = false) { $endlessloop = 0; while ((strpos($Text, "[/quote]")!== false) and (strpos($Text, "[quote=") !== false) and (++$endlessloop < 20)) $Text = preg_replace("/\[quote=[\"\']*(.*?)[\"\']*\](.*?)\[\/quote\]/ism", - "<br /><strong class=".'"author"'.">" . $t_wrote . "</strong><blockquote class=".'"author"'.">$2</blockquote>", + "<br /><strong class=".'"author"'.">" . $t_wrote . "</strong><blockquote>$2</blockquote>", $Text); // [img=widthxheight]image source[/img] diff --git a/include/conversation.php b/include/conversation.php index dc574ddff..a9c6287a9 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -173,6 +173,12 @@ function localize_item(&$item){ $item['body'] = str_replace($mtch[0],'@[url=' . zrl($mtch[1]). ']',$item['body']); } } + if(preg_match_all('/\[url=(.*?)\/photos\/(.*?)\/image\/(.*?)\]\[img(.*?)\]h(.*?)\[\/img\]\[\/url\]/is',$item['body'],$matches,PREG_SET_ORDER)) { +logger('matched'); + foreach($matches as $mtch) { + $item['body'] = str_replace($mtch[0],'[url=' . zrl($mtch[1] . '/photos/' . $mtch[2] . '/image/' . $mtch[3] ,true) . '][img' . $mtch[4] . ']h' . $mtch[5] . '[/img][/url]',$item['body']); + } + } } @@ -496,7 +502,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { // On the network page, I am the owner. On the display page it will be the profile owner. // This will have been stored in $a->page_contact by our calling page. - // Put this person on the left of the wall-to-wall notice. + // Put this person as the wall owner of the wall-to-wall notice. $owner_url = zrl($a->page_contact['url']); $owner_photo = $a->page_contact['thumb']; @@ -504,23 +510,38 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $template = $wallwall; $commentww = 'ww'; } - if((! $item['wall']) && (strlen($item['owner-link'])) && (! link_compare($item['owner-link'],$item['author-link']))) { - // Could be anybody. - - $owner_url = $item['owner-link']; - $owner_photo = $item['owner-avatar']; - $owner_name = $item['owner-name']; - $template = $wallwall; - $commentww = 'ww'; - // If it is our contact, use a friendly redirect link - if((link_compare($item['owner-link'],$item['url'])) - && ($item['network'] === NETWORK_DFRN)) { - $owner_url = $redirect_url; - $osparkle = ' sparkle'; + if((! $item['wall']) && $item['owner-link']) { + + $owner_linkmatch = (($item['owner-link']) && link_compare($item['owner-link'],$item['author-link'])); + $alias_linkmatch = (($item['alias']) && link_compare($item['alias'],$item['author-link'])); + $owner_namematch = (($item['owner-name']) && $item['owner-name'] == $item['author-name']); + if((! $owner_linkmatch) && (! $alias_linkmatch) && (! $owner_namematch)) { + + // The author url doesn't match the owner (typically the contact) + // and also doesn't match the contact alias. + // The name match is a hack to catch several weird cases where URLs are + // all over the park. It can be tricked, but this prevents you from + // seeing "Bob Smith to Bob Smith via Wall-to-wall" and you know darn + // well that it's the same Bob Smith. + + // But it could be somebody else with the same name. It just isn't highly likely. + + + $owner_url = $item['owner-link']; + $owner_photo = $item['owner-avatar']; + $owner_name = $item['owner-name']; + $template = $wallwall; + $commentww = 'ww'; + // If it is our contact, use a friendly redirect link + if((link_compare($item['owner-link'],$item['url'])) + && ($item['network'] === NETWORK_DFRN)) { + $owner_url = $redirect_url; + $osparkle = ' sparkle'; + } + else + $owner_url = zrl($owner_url); } - else - $owner_url = zrl($owner_url); } } diff --git a/include/datetime.php b/include/datetime.php index f4dcfce62..3b1491e4d 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -244,7 +244,7 @@ function timesel($pre,$h,$m) { // Limited to range of timestamps if(! function_exists('relative_date')) { -function relative_date($posted_date) { +function relative_date($posted_date,$format = null) { $localtime = datetime_convert('UTC',date_default_timezone_get(),$posted_date); @@ -274,7 +274,9 @@ function relative_date($posted_date) { if ($d >= 1) { $r = round($d); // translators - e.g. 22 hours ago, 1 minute ago - return sprintf( t('%1$d %2$s ago'),$r, (($r == 1) ? $str[0] : $str[1])); + if(! $format) + $format = t('%1$d %2$s ago'); + return sprintf( $format,$r, (($r == 1) ? $str[0] : $str[1])); } } }} diff --git a/include/delivery.php b/include/delivery.php index 32943d5da..e6cfc8155 100644 --- a/include/delivery.php +++ b/include/delivery.php @@ -113,6 +113,7 @@ function delivery_run($argv, $argc){ $uid = $r[0]['uid']; $updated = $r[0]['edited']; + // The following seems superfluous. We've already checked for "if (! intval($r[0]['parent']))" a few lines up if(! $parent_id) continue; @@ -508,17 +509,17 @@ function delivery_run($argv, $argc){ // unsupported break; } - elseif(($target_item['deleted']) && ($target_item['verb'] !== ACTIVITY_LIKE)) { - logger('delivery: diaspora retract: ' . $loc); - // diaspora delete, + elseif(($target_item['deleted']) && ($target_item['uri'] === $target_item['parent-uri'])) { + // top-level retraction + logger('delivery: diaspora retract: ' . $loc); + diaspora_send_retraction($target_item,$owner,$contact,$public_message); break; } - elseif($target_item['parent'] != $target_item['id']) { - - logger('delivery: diaspora relay: ' . $loc); + elseif($target_item['uri'] !== $target_item['parent-uri']) { + // we are the relay - send comments, likes and relayable_retractions to our conversants + logger('delivery: diaspora relay: ' . $loc); - // we are the relay - send comments, likes and unlikes to our conversants diaspora_send_relay($target_item,$owner,$contact,$public_message); break; } diff --git a/include/diaspora.php b/include/diaspora.php index 3f2cdf8e4..1e6662f04 100644..100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -83,6 +83,9 @@ function diaspora_dispatch($importer,$msg) { elseif($xmlbase->signed_retraction) { $ret = diaspora_signed_retraction($importer,$xmlbase->signed_retraction,$msg); } + elseif($xmlbase->relayable_retraction) { + $ret = diaspora_signed_retraction($importer,$xmlbase->relayable_retraction,$msg); + } elseif($xmlbase->photo) { $ret = diaspora_photo($importer,$xmlbase->photo,$msg); } @@ -677,7 +680,7 @@ function diaspora_post($importer,$xml) { return; } - // allocate a guid on our system - we aren't fixing any collisions. + // allocate a guid on our system - we aren't fixing any collisions. // we're ignoring them $g = q("select * from guid where guid = '%s' limit 1", @@ -844,7 +847,7 @@ function diaspora_reshare($importer,$xml) { $prefix = '♲ ' . $details . "\n"; - // allocate a guid on our system - we aren't fixing any collisions. + // allocate a guid on our system - we aren't fixing any collisions. // we're ignoring them $g = q("select * from guid where guid = '%s' limit 1", @@ -948,7 +951,7 @@ function diaspora_asphoto($importer,$xml) { return; } - // allocate a guid on our system - we aren't fixing any collisions. + // allocate a guid on our system - we aren't fixing any collisions. // we're ignoring them $g = q("select * from guid where guid = '%s' limit 1", @@ -1602,22 +1605,28 @@ function diaspora_like($importer,$xml,$msg) { logger('diaspora_like: duplicate like: ' . $guid); return; } + // Note: I don't think "Like" objects with positive = "false" are ever actually used + // It looks like "RelayableRetractions" are used for "unlike" instead if($positive === 'false') { - q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", + logger('diaspora_like: received a like with positive set to "false"...ignoring'); +/* q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($r[0]['id']), intval($importer['uid']) - ); + );*/ // FIXME // send notification via proc_run() return; } } + // Note: I don't think "Like" objects with positive = "false" are ever actually used + // It looks like "RelayableRetractions" are used for "unlike" instead if($positive === 'false') { - logger('diaspora_like: unlike received with no corresponding like'); + logger('diaspora_like: received a like with positive set to "false"'); + logger('diaspora_like: unlike received with no corresponding like...ignoring'); return; } - $author_signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; + $signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; $author_signature = base64_decode($author_signature); @@ -1635,20 +1644,20 @@ function diaspora_like($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { + if(! rsa_verify($signed_data,$author_signature,$key,'sha256')) { logger('diaspora_like: verification failed.'); return; } if($parent_author_signature) { - $owner_signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; + //$owner_signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; $parent_author_signature = base64_decode($parent_author_signature); $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha256')) { + if(! rsa_verify($signed_data,$parent_author_signature,$key,'sha256')) { logger('diaspora_like: owner verification failed.'); return; } @@ -1783,38 +1792,89 @@ function diaspora_signed_retraction($importer,$xml,$msg) { $type = notags(unxmlify($xml->target_type)); $sig = notags(unxmlify($xml->target_author_signature)); + $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); + $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); if(! $contact) { logger('diaspora_signed_retraction: no contact'); return; } - // this may not yet work for comments. Need to see how the relaying works - // and figure out who signs it. - $signed_data = $guid . ';' . $type ; - $sig = base64_decode($sig); + $sig_decode = base64_decode($sig); - $key = $msg['key']; + if(strcasecmp($diaspora_handle,$msg['author']) == 0) { + $person = $contact; + $key = $msg['key']; + } + else { + $person = find_diaspora_person_by_handle($diaspora_handle); + + if(is_array($person) && x($person,'pubkey')) + $key = $person['pubkey']; + else { + logger('diaspora_signed_retraction: unable to find author details'); + return; + } + } - if(! rsa_verify($signed_data,$sig,$key,'sha256')) { - logger('diaspora_signed_retraction: owner verification failed.' . print_r($msg,true)); + if(! rsa_verify($signed_data,$sig_decode,$key,'sha256')) { + logger('diaspora_signed_retraction: retraction-owner verification failed.' . print_r($msg,true)); return; } - if($type === 'StatusMessage') { + if($parent_author_signature) { + $parent_author_signature = base64_decode($parent_author_signature); + + $key = $msg['key']; + + if(! rsa_verify($signed_data,$parent_author_signature,$key,'sha256')) { + logger('diaspora_signed_retraction: failed to verify person relaying the retraction (e.g. owner of a post relaying a retracted comment'); + return; + } + + } + + if($type === 'StatusMessage' || $type === 'Comment' || $type === 'Like') { $r = q("select * from item where guid = '%s' and uid = %d and not file like '%%[%%' limit 1", dbesc($guid), intval($importer['uid']) ); if(count($r)) { if(link_compare($r[0]['author-link'],$contact['url'])) { - q("update item set `deleted` = 1, `changed` = '%s' where `id` = %d limit 1", + q("update item set `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '' , `title` = '' where `id` = %d limit 1", + dbesc(datetime_convert()), dbesc(datetime_convert()), intval($r[0]['id']) ); + + // Now check if the retraction needs to be relayed by us + // + // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always + // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent. + // The only item with `parent` and `id` as the parent id is the parent item. + $p = q("select origin from item where parent = %d and id = %d limit 1", + $r[0]['parent'], + $r[0]['parent'] + ); + if(count($p)) { + if(($p[0]['origin']) && (! $parent_author_signature)) { + q("insert into sign (`retract_iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + $r[0]['id'], + dbesc($signed_data), + dbesc($sig), + dbesc($diaspora_handle) + ); + + // the existence of parent_author_signature would have meant the parent_author or owner + // is already relaying. + logger('diaspora_signed_retraction: relaying relayable_retraction'); + + proc_run('php','include/notifier.php','relayable_retraction',$r[0]['id']); + } + } } } } @@ -2055,8 +2115,12 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $theiraddr = $contact['addr']; - $p = q("select guid from item where parent = %d limit 1", - $item['parent'] + // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always + // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent. + // The only item with `parent` and `id` as the parent id is the parent item. + $p = q("select guid from item where parent = %d and id = %d limit 1", + intval($item['parent']), + intval($item['parent']) ); if(count($p)) $parent_guid = $p[0]['guid']; @@ -2067,7 +2131,11 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { $tpl = get_markup_template('diaspora_like.tpl'); $like = true; $target_type = 'Post'; - $positive = (($item['deleted']) ? 'false' : 'true'); +// $positive = (($item['deleted']) ? 'false' : 'true'); + $positive = 'true'; + + if(($item['deleted'])) + logger('diaspora_send_followup: received deleted "like". Those should go to diaspora_send_retraction'); } else { $tpl = get_markup_template('diaspora_comment.tpl'); @@ -2107,41 +2175,51 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $theiraddr = $contact['addr']; - $p = q("select guid from item where parent = %d limit 1", - $item['parent'] + // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always + // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent. + // The only item with `parent` and `id` as the parent id is the parent item. + $p = q("select guid from item where parent = %d and id = %d limit 1", + intval($item['parent']), + intval($item['parent']) ); if(count($p)) $parent_guid = $p[0]['guid']; else return; - if($item['verb'] === ACTIVITY_LIKE) { + $like = false; + $relay_retract = false; + $sql_sign_id = 'iid'; + if( $item['deleted']) { + $tpl = get_markup_template('diaspora_relayable_retraction.tpl'); + $relay_retract = true; + $sql_sign_id = 'retract_iid'; + $target_type = ( ($item['verb'] === ACTIVITY_LIKE) ? 'Like' : 'Comment'); + } + elseif($item['verb'] === ACTIVITY_LIKE) { $tpl = get_markup_template('diaspora_like_relay.tpl'); $like = true; $target_type = 'Post'; - $positive = (($item['deleted']) ? 'false' : 'true'); +// $positive = (($item['deleted']) ? 'false' : 'true'); + $positive = 'true'; } else { $tpl = get_markup_template('diaspora_comment_relay.tpl'); - $like = false; } $body = $item['body']; $text = html_entity_decode(bb2diaspora($body)); - // fetch the original signature if somebody sent the post to us to relay - // If we are relaying for a reply originating on our own account, there wasn't a 'send to relay' - // action. It wasn't needed. In that case create the original signature and the - // owner (parent author) signature - // comments from other networks will be relayed under our name, with a brief - // preamble to describe what's happening and noting the real author - $r = q("select * from sign where iid = %d limit 1", + // fetch the original signature if the relayable was created by a Diaspora + // or DFRN user. Relayables for other networks are not supported. + + $r = q("select * from sign where " . $sql_sign_id . " = %d limit 1", intval($item['id']) ); if(count($r)) { @@ -2152,6 +2230,12 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { } else { + // Author signature information (for likes, comments, and retractions of likes or comments, + // whether from Diaspora or Friendica) must be placed in the `sign` table before this + // function is called + logger('diaspora_send_relay: original author signature not found, cannot send relayable'); + return; +/* $itemcontact = q("select * from contact where `id` = %d limit 1", intval($item['contact-id']) ); @@ -2160,29 +2244,40 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { $prefix = sprintf( t('[Relayed] Comment authored by %s from network %s'), '['. $item['author-name'] . ']' . '(' . $item['author-link'] . ')', network_to_name($itemcontact['network'])) . "\n"; + // "$body" was assigned to "$text" above. It isn't used after that, so I don't think + // the following change will do anything $body = $prefix . $body; + + // I think this comment will fail upon reaching Diaspora, because "$signed_text" is not defined } } else { + // I'm confused about this "else." Since it sets "$handle = $myaddr," it seems like it should be for the case + // where the top-level post owner commented on his own post, i.e. "$itemcontact[0]['self']" is true. But it's + // positioned to be for the case where "count($itemcontact)" is 0. + + $handle = $myaddr; if($like) - $signed_text = $item['guid'] . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $myaddr; + $signed_text = $item['guid'] . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $handle; + elseif($relay_retract) + $signed_text = $item['guid'] . ';' . $target_type; else - $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; + $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $handle; $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); - q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + q("insert into sign (`" . $sql_sign_id . "`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($item['id']), dbesc($signed_text), - dbesc(base64_encode($authorsig)), - dbesc($myaddr) + dbesc($authorsig), + dbesc($handle) ); - $handle = $myaddr; } +*/ } - // sign it + // sign it with the top-level owner's signature $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); @@ -2190,14 +2285,15 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { '$guid' => xmlify($item['guid']), '$parent_guid' => xmlify($parent_guid), '$target_type' =>xmlify($target_type), - '$authorsig' => xmlify($orig_sign['signature']), + '$authorsig' => xmlify($authorsig), '$parentsig' => xmlify($parentauthorsig), '$body' => xmlify($text), '$positive' => xmlify($positive), '$handle' => xmlify($handle) )); - logger('diaspora_relay_comment: base message: ' . $msg, LOGGER_DATA); + logger('diaspora_send_relay: base message: ' . $msg, LOGGER_DATA); + $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch))); @@ -2212,14 +2308,25 @@ function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) { $a = get_app(); $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); - $signed_text = $item['guid'] . ';' . 'StatusMessage'; + // Check whether the retraction is for a top-level post or whether it's a relayable + if( $item['uri'] !== $item['parent-uri'] ) { + + $tpl = get_markup_template('diaspora_relay_retraction.tpl'); + $target_type = (($item['verb'] === ACTIVITY_LIKE) ? 'Like' : 'Comment'); + } + else { + + $tpl = get_markup_template('diaspora_signed_retract.tpl'); + $target_type = 'StatusMessage'; + } + + $signed_text = $item['guid'] . ';' . $target_type; - $tpl = get_markup_template('diaspora_signed_retract.tpl'); $msg = replace_macros($tpl, array( - '$guid' => $item['guid'], - '$type' => 'StatusMessage', - '$handle' => $myaddr, - '$signature' => base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')) + '$guid' => xmlify($item['guid']), + '$type' => xmlify($target_type), + '$handle' => xmlify($myaddr), + '$signature' => xmlify(base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256'))) )); $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch))); @@ -2343,3 +2450,5 @@ function diaspora_transmit($owner,$contact,$slap,$public_batch) { return(($return_code) ? $return_code : (-1)); } + + diff --git a/include/enotify.php b/include/enotify.php index f7ef74fac..fe0f128b6 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -20,6 +20,9 @@ function notification($params) { $sender_name = $product; $hostname = $a->get_hostname(); + if(strpos($hostname,':')) + $hostname = substr($hostname,0,strpos($hostname,':')); + $sender_email = t('noreply') . '@' . $hostname; $additional_mail_header = ""; diff --git a/include/event.php b/include/event.php index 29202badd..866ae8c3f 100644 --- a/include/event.php +++ b/include/event.php @@ -42,7 +42,7 @@ function format_event_html($ev) { return $o; } - +/* function parse_event($h) { require_once('include/Scrape.php'); @@ -108,7 +108,7 @@ function parse_event($h) { return $ret; } - +*/ function format_event_bbcode($ev) { @@ -162,7 +162,6 @@ function bbtoevent($s) { $match = ''; if(preg_match("/\[event\-adjust\](.*?)\[\/event\-adjust\]/is",$s,$match)) $ev['adjust'] = $match[1]; - $match = ''; $ev['nofinish'] = (((x($ev, 'start') && $ev['start']) && (!x($ev, 'finish') || !$ev['finish'])) ? 1 : 0); return $ev; @@ -294,10 +293,14 @@ function event_store($arr) { intval($arr['uid']) ); - return $r[0]['id']; + $item_id = $r[0]['id']; } else - return 0; + $item_id = 0; + + call_hooks("event_updated", $arr['id']); + + return $item_id; } else { @@ -361,7 +364,7 @@ function event_store($arr) { $item_arr['body'] = format_event_bbcode($event); - $item_arr['object'] = '<object><type>' . xmlify(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . xmlify($uri) . '</id>'; + $item_arr['object'] = '<object><type>' . xmlify(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . xmlify($arr['uri']) . '</id>'; $item_arr['object'] .= '<content>' . xmlify(format_event_bbcode($event)) . '</content>'; $item_arr['object'] .= '</object>' . "\n"; @@ -383,6 +386,8 @@ function event_store($arr) { ); } + call_hooks("event_created", $event['id']); + return $item_id; } } diff --git a/include/follow.php b/include/follow.php new file mode 100644 index 000000000..d92d7577d --- /dev/null +++ b/include/follow.php @@ -0,0 +1,243 @@ +<?php + + +// +// Takes a $uid and a url/handle and adds a new contact +// Currently if the contact is DFRN, interactive needs to be true, to redirect to the +// dfrn_request page. + +// Otherwise this can be used to bulk add statusnet contacts, twitter contacts, etc. +// Returns an array +// $return['success'] boolean true if successful +// $return['message'] error text if success is false. + + + +function new_contact($uid,$url,$interactive = false) { + + $result = array('success' => false,'message' => ''); + + $a = get_app(); + + // remove ajax junk, e.g. Twitter + + $url = str_replace('/#!/','/',$url); + + if(! allowed_url($url)) { + $result['message'] = t('Disallowed profile URL.'); + return $result; + } + + if(! $url) { + $result['message'] = t('Connect URL missing.'); + return $result; + } + + $arr = array('url' => $url, 'contact' => array()); + + call_hooks('follow', $arr); + + if(x($arr['contact'],'name')) + $ret = $arr['contact']; + else + $ret = probe_url($url); + + if($ret['network'] === NETWORK_DFRN) { + if($interactive) { + if(strlen($a->path)) + $myaddr = bin2hex($a->get_baseurl() . '/profile/' . $a->user['nickname']); + else + $myaddr = bin2hex($a->user['nickname'] . '@' . $a->get_hostname()); + + goaway($ret['request'] . "&addr=$myaddr"); + + // NOTREACHED + } + } + else { + if(get_config('system','dfrn_only')) { + $result['message'] = t('This site is not configured to allow communications with other networks.') . EOL; + $result['message'] != t('No compatible communication protocols or feeds were discovered.') . EOL; + return $result; + } + } + + // This extra param just confuses things, remove it + if($ret['network'] === NETWORK_DIASPORA) + $ret['url'] = str_replace('?absolute=true','',$ret['url']); + + + // do we have enough information? + + if(! ((x($ret,'name')) && (x($ret,'poll')) && ((x($ret,'url')) || (x($ret,'addr'))))) { + $result['message'] .= t('The profile address specified does not provide adequate information.') . EOL; + if(! x($ret,'poll')) + $result['message'] .= t('No compatible communication protocols or feeds were discovered.') . EOL; + if(! x($ret,'name')) + $result['message'] .= t('An author or name was not found.') . EOL; + if(! x($ret,'url')) + $result['message'] .= t('No browser URL could be matched to this address.') . EOL; + if(strpos($url,'@') !== false) { + $result['message'] .= t('Unable to match @-style Identity Address with a known protocol or email contact.') . EOL; + $result['message'] .= t('Use mailto: in front of address to force email check.') . EOL; + } + return $result; + } + + if($ret['network'] === NETWORK_OSTATUS && get_config('system','ostatus_disabled')) { + $result['message'] .= t('The profile address specified belongs to a network which has been disabled on this site.') . EOL; + $ret['notify'] = ''; + } + + if(! $ret['notify']) { + $result['message'] .= t('Limited profile. This person will be unable to receive direct/personal notifications from you.') . EOL; + } + + $writeable = ((($ret['network'] === NETWORK_OSTATUS) && ($ret['notify'])) ? 1 : 0); + $hidden = (($ret['network'] === NETWORK_MAIL) ? 1 : 0); + + if($ret['network'] === NETWORK_MAIL) { + $writeable = 1; + + } + if($ret['network'] === NETWORK_DIASPORA) + $writeable = 1; + + // check if we already have a contact + // the poll url is more reliable than the profile url, as we may have + // indirect links or webfinger links + + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `poll` = '%s' LIMIT 1", + intval($uid), + dbesc($ret['poll']) + ); + + + if(count($r)) { + // update contact + if($r[0]['rel'] == CONTACT_IS_FOLLOWER || ($network === NETWORK_DIASPORA && $r[0]['rel'] == CONTACT_IS_SHARING)) { + q("UPDATE `contact` SET `rel` = %d , `readonly` = 0 WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval(CONTACT_IS_FRIEND), + intval($r[0]['id']), + intval($uid) + ); + } + } + else { + + $new_relation = (($ret['network'] === NETWORK_MAIL) ? CONTACT_IS_FRIEND : CONTACT_IS_SHARING); + if($ret['network'] === NETWORK_DIASPORA) + $new_relation = CONTACT_IS_FOLLOWER; + + // create contact record + $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `addr`, `alias`, `batch`, `notify`, `poll`, `poco`, `name`, `nick`, `photo`, `network`, `pubkey`, `rel`, `priority`, + `writable`, `hidden`, `blocked`, `readonly`, `pending` ) + VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, 0, 0, 0 ) ", + intval($uid), + dbesc(datetime_convert()), + dbesc($ret['url']), + dbesc(normalise_link($ret['url'])), + dbesc($ret['addr']), + dbesc($ret['alias']), + dbesc($ret['batch']), + dbesc($ret['notify']), + dbesc($ret['poll']), + dbesc($ret['poco']), + dbesc($ret['name']), + dbesc($ret['nick']), + dbesc($ret['photo']), + dbesc($ret['network']), + dbesc($ret['pubkey']), + intval($new_relation), + intval($ret['priority']), + intval($writeable), + intval($hidden) + ); + } + + $r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1", + dbesc($ret['url']), + intval($uid) + ); + + if(! count($r)) { + $result['message'] .= t('Unable to retrieve contact information.') . EOL; + return $result; + } + + $contact = $r[0]; + $contact_id = $r[0]['id']; + + + $g = q("select def_gid from user where uid = %d limit 1", + intval($uid) + ); + if($g && intval($g[0]['def_gid'])) { + require_once('include/group.php'); + group_add_member($uid,'',$contact_id,$g[0]['def_gid']); + } + + require_once("Photo.php"); + + $photos = import_profile_photo($ret['photo'],$uid,$contact_id); + + $r = q("UPDATE `contact` SET `photo` = '%s', + `thumb` = '%s', + `micro` = '%s', + `name-date` = '%s', + `uri-date` = '%s', + `avatar-date` = '%s' + WHERE `id` = %d LIMIT 1 + ", + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval($contact_id) + ); + + + // pull feed and consume it, which should subscribe to the hub. + + proc_run('php',"include/poller.php","$contact_id"); + + // create a follow slap + + $tpl = get_markup_template('follow_slap.tpl'); + $slap = replace_macros($tpl, array( + '$name' => $a->user['username'], + '$profile_page' => $a->get_baseurl() . '/profile/' . $a->user['nickname'], + '$photo' => $a->contact['photo'], + '$thumb' => $a->contact['thumb'], + '$published' => datetime_convert('UTC','UTC', 'now', ATOM_TIME), + '$item_id' => 'urn:X-dfrn:' . $a->get_hostname() . ':follow:' . random_string(), + '$title' => '', + '$type' => 'text', + '$content' => t('following'), + '$nick' => $a->user['nickname'], + '$verb' => ACTIVITY_FOLLOW, + '$ostat_follow' => '' + )); + + $r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` + WHERE `user`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1", + intval($uid) + ); + + if(count($r)) { + if(($contact['network'] == NETWORK_OSTATUS) && (strlen($contact['notify']))) { + require_once('include/salmon.php'); + slapper($r[0],$contact['notify'],$slap); + } + if($contact['network'] == NETWORK_DIASPORA) { + require_once('include/diaspora.php'); + $ret = diaspora_share($a->user,$contact); + logger('mod_follow: diaspora_share returns: ' . $ret); + } + } + + $result['success'] = true; + return $result; +} diff --git a/include/items.php b/include/items.php index 3fe977b6f..4513db1db 100644..100755 --- a/include/items.php +++ b/include/items.php @@ -180,6 +180,10 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) foreach($items as $item) { + // prevent private email from leaking. + if($item['network'] === NETWORK_MAIL) + continue; + // public feeds get html, our own nodes use bbcode if($public_feed) { @@ -1063,9 +1067,6 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $a = get_app(); -// if((! strlen($contact['issued-id'])) && (! $contact['duplex']) && (! ($owner['page-flags'] == PAGE_COMMUNITY))) -// return 3; - $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); if($contact['duplex'] && $contact['dfrn-id']) @@ -1130,6 +1131,9 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); + if($owner['page-flags'] == PAGE_PRVGROUP) + $page = 2; + $final_dfrn_id = ''; if($perm) { @@ -1183,7 +1187,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['ssl_policy'] = $ssl_policy; if($page) - $postvars['page'] = '1'; + $postvars['page'] = $page; if($rino && $rino_allowed && (! $dissolve)) { $key = substr(random_string(),0,16); @@ -2931,10 +2935,10 @@ function fix_private_photos($s,$uid, $item = null, $cid = 0) { $a = get_app(); logger('fix_private_photos', LOGGER_DEBUG); - $site = substr($a->get_baseurl(),strpos($a->get_baseurl,'://')); + $site = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')); - if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) { - $image = $matches[1]; + if(preg_match("/\[img(.*?)\](.*?)\[\/img\]/is",$s,$matches)) { + $image = $matches[2]; logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG); if(stristr($image , $site . '/photo/')) { $replace = false; @@ -3274,7 +3278,42 @@ function drop_item($id,$interactive = true) { q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d LIMIT 1", intval($r[0]['id']) ); - } + } + + // Add a relayable_retraction signature for Diaspora. Note that we can't add a target_author_signature + // if the comment was deleted by a remote user. That should be ok, because if a remote user is deleting + // the comment, that means we're the home of the post, and Diaspora will only + // check the parent_author_signature of retractions that it doesn't have to relay further + // + // I don't think this function gets called for an "unlike," but I'll check anyway + $signed_text = $item['guid'] . ';' . ( ($item['verb'] === ACTIVITY_LIKE) ? 'Like' : 'Comment'); + + if(local_user() == $item['uid']) { + + $handle = $a->user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $authorsig = base64_encode(rsa_sign($signed_text,$a->user['prvkey'],'sha256')); + } + else { + $r = q("SELECT `nick`, `url` FROM `contact` WHERE `id` = '%d' LIMIT 1", + $item['contact-id'] + ); + if(count($r)) { + // The below handle only works for NETWORK_DFRN. I think that's ok, because this function + // only handles DFRN deletes + $handle_baseurl_start = strpos($r['url'],'://') + 3; + $handle_baseurl_length = strpos($r['url'],'/profile') - $handle_baseurl_start; + $handle = $r['nick'] . '@' . substr($r['url'], $handle_baseurl_start, $handle_baseurl_length); + $authorsig = ''; + } + } + + if(isset($handle)) + q("insert into sign (`retract_iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + intval($item['id']), + dbesc($signed_text), + dbesc($authorsig), + dbesc($handle) + ); } $drop_id = intval($item['id']); diff --git a/include/nav.php b/include/nav.php index 2c9c643a9..909ba9b54 100644 --- a/include/nav.php +++ b/include/nav.php @@ -117,7 +117,7 @@ function nav(&$a) { /* only show friend requests for normal pages. Other page types have automatic friendship. */ - if($_SESSION['page_flags'] == PAGE_NORMAL) { + if($_SESSION['page_flags'] == PAGE_NORMAL || $_SESSION['page_flags'] == PAGE_PRVGROUP) { $nav['introductions'] = array('notifications/intros', t('Introductions'), "", t('Friend Requests')); $nav['notifications'] = array('notifications', t('Notifications'), "", t('Notifications')); $nav['notifications']['all']=array('notifications/system', t('See all notifications'), "", ""); diff --git a/include/notifier.php b/include/notifier.php index 070e7a436..f0a1940d4 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -125,6 +125,7 @@ function notifier_run($argv, $argc){ $uid = $r[0]['uid']; $updated = $r[0]['edited']; + // The following seems superfluous. We've already checked for "if (! intval($r[0]['parent']))" a few lines up if(! $parent_id) return; @@ -596,7 +597,7 @@ function notifier_run($argv, $argc){ break; case NETWORK_OSTATUS: - // Do not send to otatus if we are not configured to send to public networks + // Do not send to ostatus if we are not configured to send to public networks if($owner['prvnets']) break; if(get_config('system','ostatus_disabled') || get_config('system','dfrn_only')) @@ -737,18 +738,19 @@ function notifier_run($argv, $argc){ // unsupported break; } - elseif(($target_item['deleted']) && ($target_item['verb'] !== ACTIVITY_LIKE)) { - // diaspora delete, + elseif(($target_item['deleted']) && (($target_item['uri'] === $target_item['parent-uri']) || $followup)) { + // send both top-level retractions and relayable retractions for owner to relay diaspora_send_retraction($target_item,$owner,$contact); break; } elseif($followup) { - // send comments, likes and retractions of likes to owner to relay + // send comments and likes to owner to relay diaspora_send_followup($target_item,$owner,$contact); break; } - elseif($target_item['parent'] != $target_item['id']) { - // we are the relay - send comments, likes and unlikes to our conversants + elseif($target_item['uri'] !== $target_item['parent-uri']) { + // we are the relay - send comments, likes and relayable_retractions + // (of comments and likes) to our conversants diaspora_send_relay($target_item,$owner,$contact); break; } @@ -858,6 +860,13 @@ function notifier_run($argv, $argc){ } + // If the item was deleted, clean up the `sign` table + if($target_item['deleted']) { + $r = q("DELETE FROM sign where `retract_iid` = %d", + intval($target_item['id']) + ); + } + logger('notifier: calling hooks', LOGGER_DEBUG); if($normal_mode) diff --git a/include/profile_advanced.php b/include/profile_advanced.php index 8c2acd8e7..ffb45090b 100644 --- a/include/profile_advanced.php +++ b/include/profile_advanced.php @@ -39,11 +39,16 @@ function advanced_profile(&$a) { if($a->profile['with']) $profile['marital']['with'] = $a->profile['with']; + if(strlen($a->profile['howlong']) && $a->profile['howlong'] !== '0000-00-00 00:00:00') { + $profile['howlong'] = relative_date($a->profile['howlong'], t('for %1$d %2$s')); + } if($a->profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), $a->profile['sexual'] ); if($a->profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify($a->profile['homepage']) ); + if($a->profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify($a->profile['hometown']) ); + if($a->profile['pub_keywords']) $profile['pub_keywords'] = array( t('Tags:'), $a->profile['pub_keywords']); if($a->profile['politic']) $profile['politic'] = array( t('Political Views:'), $a->profile['politic']); diff --git a/include/text.php b/include/text.php index d6a9ef5d3..d4a4d5580 100644 --- a/include/text.php +++ b/include/text.php @@ -742,6 +742,8 @@ function smilies($s, $sample = false) { ':homebrew', ':coffee', ':facepalm', + ':like', + ':dislike', '~friendika', '~friendica' @@ -778,6 +780,8 @@ function smilies($s, $sample = false) { '<img src="' . $a->get_baseurl() . '/images/beer_mug.gif" alt=":homebrew" />', '<img src="' . $a->get_baseurl() . '/images/coffee.gif" alt=":coffee" />', '<img src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />', + '<img src="' . $a->get_baseurl() . '/images/like.gif" alt=":like" />', + '<img src="' . $a->get_baseurl() . '/images/dislike.gif" alt=":dislike" />', '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>', '<a href="http://friendica.com">~friendica <img src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>' ); @@ -887,6 +891,7 @@ function prepare_body($item,$attach = false) { } else $s = prepare_text($item['body']); + $prep_arr = array('item' => $item, 'html' => $s); call_hooks('prepare_body', $prep_arr); $s = $prep_arr['html']; diff --git a/include/user.php b/include/user.php new file mode 100644 index 000000000..af43a2b52 --- /dev/null +++ b/include/user.php @@ -0,0 +1,327 @@ +<?php + +require_once('include/config.php'); +require_once('include/network.php'); +require_once('include/plugin.php'); +require_once('include/text.php'); +require_once('include/pgettext.php'); +require_once('include/datetime.php'); + +function create_user($arr) { + + // Required: { username, nickname, email } or { openid_url } + + $a = get_app(); + $result = array('success' => false, 'user' => null, 'password' => '', 'message' => ''); + + $using_invites = get_config('system','invitation_only'); + $num_invites = get_config('system','number_invites'); + + + $invite_id = ((x($arr,'invite_id')) ? notags(trim($arr['invite_id'])) : ''); + $username = ((x($arr,'username')) ? notags(trim($arr['username'])) : ''); + $nickname = ((x($arr,'nickname')) ? notags(trim($arr['nickname'])) : ''); + $email = ((x($arr,'email')) ? notags(trim($arr['email'])) : ''); + $openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : ''); + $photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : ''); + $password = ((x($arr,'password')) ? trim($arr['password']) : ''); + $blocked = ((x($arr,'blocked')) ? intval($arr['blocked']) : 0); + $verified = ((x($arr,'verified')) ? intval($arr['verified']) : 0); + + $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0); + $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); + + $tmp_str = $openid_url; + + if($using_invites) { + if(! $invite_id) { + $result['message'] .= t('An invitation is required.') . EOL; + return $result; + } + $r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id)); + if(! results($r)) { + $result['message'] .= t('Invitation could not be verified.') . EOL; + return $result; + } + } + + if((! x($username)) || (! x($email)) || (! x($nickname))) { + if($openid_url) { + if(! validate_url($tmp_str)) { + $result['message'] .= t('Invalid OpenID url') . EOL; + return $result; + } + $_SESSION['register'] = 1; + $_SESSION['openid'] = $openid_url; + require_once('library/openid.php'); + $openid = new LightOpenID; + $openid->identity = $openid_url; + $openid->returnUrl = $a->get_baseurl() . '/openid'; + $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); + $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); + goaway($openid->authUrl()); + // NOTREACHED + } + + notice( t('Please enter the required information.') . EOL ); + return; + } + + if(! validate_url($tmp_str)) + $openid_url = ''; + + + $err = ''; + + // collapse multiple spaces in name + $username = preg_replace('/ +/',' ',$username); + + if(mb_strlen($username) > 48) + $result['message'] .= t('Please use a shorter name.') . EOL; + if(mb_strlen($username) < 3) + $result['message'] .= t('Name too short.') . EOL; + + // I don't really like having this rule, but it cuts down + // on the number of auto-registrations by Russian spammers + + // Using preg_match was completely unreliable, due to mixed UTF-8 regex support + // $no_utf = get_config('system','no_utf'); + // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); + + // So now we are just looking for a space in the full name. + + $loose_reg = get_config('system','no_regfullname'); + if(! $loose_reg) { + $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); + if(! strpos($username,' ')) + $result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL; + } + + + if(! allowed_email($email)) + $result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL; + + if((! valid_email($email)) || (! validate_email($email))) + $result['message'] .= t('Not a valid email address.') . EOL; + + // Disallow somebody creating an account using openid that uses the admin email address, + // since openid bypasses email verification. We'll allow it if there is not yet an admin account. + + if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { + $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", + dbesc($email) + ); + if(count($r)) + $result['message'] .= t('Cannot use that email.') . EOL; + } + + $nickname = $arr['nickname'] = strtolower($nickname); + + if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) + $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL; + $r = q("SELECT `uid` FROM `user` + WHERE `nickname` = '%s' LIMIT 1", + dbesc($nickname) + ); + if(count($r)) + $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; + + // Check deleted accounts that had this nickname. Doesn't matter to us, + // but could be a security issue for federated platforms. + + $r = q("SELECT * FROM `userd` + WHERE `username` = '%s' LIMIT 1", + dbesc($nickname) + ); + if(count($r)) + $result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL; + + if(strlen($result['message'])) { + return $result; + } + + $new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999)); + $new_password_encoded = hash('whirlpool',$new_password); + + $result['password'] = $new_password; + + require_once('include/crypto.php'); + + $keys = new_keypair(1024); + + if($keys === false) { + $result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL; + return $result; + } + + $prvkey = $keys['prvkey']; + $pubkey = $keys['pubkey']; + + /** + * + * Create another keypair for signing/verifying + * salmon protocol messages. We have to use a slightly + * less robust key because this won't be using openssl + * but the phpseclib. Since it is PHP interpreted code + * it is not nearly as efficient, and the larger keys + * will take several minutes each to process. + * + */ + + $sres = new_keypair(512); + $sprvkey = $sres['prvkey']; + $spubkey = $sres['pubkey']; + + $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, + `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` ) + VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )", + dbesc(generate_user_guid()), + dbesc($username), + dbesc($new_password_encoded), + dbesc($email), + dbesc($openid_url), + dbesc($nickname), + dbesc($pubkey), + dbesc($prvkey), + dbesc($spubkey), + dbesc($sprvkey), + dbesc(datetime_convert()), + intval($verified), + intval($blocked) + ); + + if($r) { + $r = q("SELECT * FROM `user` + WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", + dbesc($username), + dbesc($new_password_encoded) + ); + if($r !== false && count($r)) { + $u = $r[0]; + $newuid = intval($r[0]['uid']); + } + } + else { + $result['message'] .= t('An error occurred during registration. Please try again.') . EOL ; + return $result; + } + + /** + * if somebody clicked submit twice very quickly, they could end up with two accounts + * due to race condition. Remove this one. + */ + + $r = q("SELECT `uid` FROM `user` + WHERE `nickname` = '%s' ", + dbesc($nickname) + ); + if((count($r) > 1) && $newuid) { + $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; + q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", + intval($newuid) + ); + return $result; + } + + if(x($newuid) !== false) { + $r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb`, `publish`, `net-publish` ) + VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ", + intval($newuid), + t('default'), + 1, + dbesc($username), + dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), + dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), + intval($publish), + intval($netpublish) + + ); + if($r === false) { + $result['message'] .= t('An error occurred creating your default profile. Please try again.') . EOL; + // Start fresh next time. + $r = q("DELETE FROM `user` WHERE `uid` = %d", + intval($newuid)); + return $result; + } + $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`, + `request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` ) + VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ", + intval($newuid), + datetime_convert(), + dbesc($username), + dbesc($nickname), + dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), + dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), + dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"), + dbesc($a->get_baseurl() . "/profile/$nickname"), + dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")), + dbesc($a->get_baseurl() . "/dfrn_request/$nickname"), + dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"), + dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"), + dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"), + dbesc($a->get_baseurl() . "/poco/$nickname"), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc(datetime_convert()) + ); + + // Create a group with no members. This allows somebody to use it + // right away as a default group for new contacts. + + require_once('include/group.php'); + group_add($newuid, t('Friends')); + + } + + // if we have no OpenID photo try to look up an avatar + if(! strlen($photo)) + $photo = avatar_img($email); + + // unless there is no avatar-plugin loaded + if(strlen($photo)) { + require_once('include/Photo.php'); + $photo_failure = false; + + $filename = basename($photo); + $img_str = fetch_url($photo,true); + $img = new Photo($img_str); + if($img->is_valid()) { + + $img->scaleImageSquare(175); + + $hash = photo_new_resource(); + + $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 ); + + if($r === false) + $photo_failure = true; + + $img->scaleImage(80); + + $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 ); + + if($r === false) + $photo_failure = true; + + $img->scaleImage(48); + + $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 ); + + if($r === false) + $photo_failure = true; + + if(! $photo_failure) { + q("UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' ", + dbesc($hash) + ); + } + } + } + + call_hooks('register_account', $newuid); + + $result['success'] = true; + $result['user'] = $u; + return $result; + +}
\ No newline at end of file |