Merge branch 'master' of git://github.com/friendica/friendica

5 files changed, 118 insertions, 7 deletions

diff --git a/include/conversation.php b/include/conversation.php
index f4740688c..b458923e5 100755
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -217,7 +217,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 	if($update)
 		$return_url = $_SESSION['return_url'];
 	else
-		$return_url = $_SESSION['return_url'] = $a->cmd;
+		$return_url = $_SESSION['return_url'] = $a->query_string;
 
 	load_contact_links(local_user());
 
diff --git a/include/items.php b/include/items.php
index 3c55fbb4f..fdff6b642 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1595,6 +1595,14 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 				if((activity_match($datarray['verb'],ACTIVITY_LIKE)) || (activity_match($datarray['verb'],ACTIVITY_DISLIKE))) {
 					$datarray['type'] = 'activity';
 					$datarray['gravity'] = GRAVITY_LIKE;
+					// only one like or dislike per person
+					$r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1",
+						intval($datarray['uid']),
+						intval($datarray['contact-id']),
+						dbesc($datarray['verb'])
+					);
+					if($r && count($r))
+						continue; 
 				}
 
 				if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
@@ -2148,6 +2156,14 @@ function local_delivery($importer,$data) {
 					$datarray['type'] = 'activity';
 					$datarray['gravity'] = GRAVITY_LIKE;
 					$datarray['last-child'] = 0;
+					// only one like or dislike per person
+					$r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1",
+						intval($datarray['uid']),
+						intval($datarray['contact-id']),
+						dbesc($datarray['verb'])
+					);
+					if($r && count($r))
+						continue; 
 				}
 
 				if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
@@ -2297,6 +2313,15 @@ function local_delivery($importer,$data) {
 				if(($datarray['verb'] == ACTIVITY_LIKE) || ($datarray['verb'] == ACTIVITY_DISLIKE)) {
 					$datarray['type'] = 'activity';
 					$datarray['gravity'] = GRAVITY_LIKE;
+					// only one like or dislike per person
+					$r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1",
+						intval($datarray['uid']),
+						intval($datarray['contact-id']),
+						dbesc($datarray['verb'])
+					);
+					if($r && count($r))
+						continue; 
+
 				}
 
 				if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
diff --git a/include/nav.php b/include/nav.php
index 511ca07fc..aadfa82fd 100755
--- a/include/nav.php
+++ b/include/nav.php
@@ -122,6 +122,9 @@ function nav(&$a) {
 		}
 
 		$nav['messages'] = array('message', t('Messages'), "", t('Private mail'));
+		$nav['messages']['inbox'] = array('message', t('Inbox'), "", t('Inbox'));
+		$nav['messages']['outbox']= array('message/sent', t('Outbox'), "", t('Outbox'));
+		$nav['messages']['new'] = array('message/new', t('New Message'), "", t('New Message'));
 		
 		if(is_array($a->identities) && count($a->identities) > 1) {
 			$nav['manage'] = array('manage', t('Manage'), "", t('Manage other pages'));
diff --git a/include/security.php b/include/security.php
index bc2c9f0bf..9042d4d64 100755
--- a/include/security.php
+++ b/include/security.php
@@ -108,14 +108,18 @@ function can_write_wall(&$a,$owner) {
 
 	if(remote_user()) {
 
-		// user remembered decision and avoid a DB lookup for each and every display item
+		// use remembered decision and avoid a DB lookup for each and every display item
 		// DO NOT use this function if there are going to be multiple owners
 
+		// We have a contact-id for an authenticated remote user, this block determines if the contact
+		// belongs to this page owner, and has the necessary permissions to post content
+
 		if($verified === 2)
 			return true;
 		elseif($verified === 1)
 			return false;
 		else {
+
 			$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` 
 				WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 
 				AND `user`.`blockwall` = 0 AND `readonly` = 0  AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
@@ -125,6 +129,7 @@ function can_write_wall(&$a,$owner) {
 				intval(CONTACT_IS_FRIEND),
 				intval(PAGE_COMMUNITY)
 			);
+
 			if(count($r)) {
 				$verified = 2;
 				return true;
@@ -197,7 +202,79 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
 				" AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
 				  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
 				  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
-				  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s') 
+				  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s')
+				",
+				intval($remote_user),
+				intval($remote_user),
+				dbesc($gs),
+				dbesc($gs)
+			);
+		}
+	}
+	return $sql;
+}
+
+
+function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) {
+
+	$local_user = local_user();
+	$remote_user = remote_user();
+
+	/**
+	 * Construct permissions
+	 *
+	 * default permissions - anonymous user
+	 */
+
+	$sql = " AND allow_cid = '' 
+			 AND allow_gid = '' 
+			 AND deny_cid  = '' 
+			 AND deny_gid  = '' 
+			 AND private = 0
+	";
+
+	/**
+	 * Profile owner - everything is visible
+	 */
+
+	if(($local_user) && ($local_user == $owner_id)) {
+		$sql = ''; 
+	}
+
+	/**
+	 * Authenticated visitor. Unless pre-verified, 
+	 * check that the contact belongs to this $owner_id
+	 * and load the groups the visitor belongs to.
+	 * If pre-verified, the caller is expected to have already
+	 * done this and passed the groups into this function.
+	 */
+
+	elseif($remote_user) {
+
+		if(! $remote_verified) {
+			$r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1",
+				intval($remote_user),
+				intval($owner_id)
+			);
+			if(count($r)) {
+				$remote_verified = true;
+				$groups = init_groups_visitor($remote_user);
+			}
+		}
+		if($remote_verified) {
+		
+			$gs = '<<>>'; // should be impossible to match
+
+			if(is_array($groups) && count($groups)) {
+				foreach($groups as $g)
+					$gs .= '|<' . intval($g) . '>';
+			} 
+
+			$sql = sprintf(
+				" AND ( private = 0 OR (( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
+				  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
+				  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
+				  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s'))) 
 				",
 				intval($remote_user),
 				intval($remote_user),
@@ -207,4 +284,6 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
 		}
 	}
 	return $sql;
-}
\ No newline at end of file
+}
+
+
diff --git a/include/text.php b/include/text.php
index 042ee982c..5ad0154d7 100755..100644
--- a/include/text.php
+++ b/include/text.php
@@ -737,7 +737,10 @@ function smilies($s, $sample = false) {
 		':headdesk',
 		'~friendika', 
 		'~friendica', 
-		'Diaspora*' 
+//		'Diaspora*' 
+		':beard',
+		':whitebeard'
+
 	);
 
 	$icons = array(
@@ -778,8 +781,9 @@ function smilies($s, $sample = false) {
 		'<img src="' . $a->get_baseurl() . '/images/smiley-bangheaddesk.gif" alt=":headdesk" />',
 		'<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>',
 		'<a href="http://friendica.com">~friendica <img src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>',
-		'<a href="http://diasporafoundation.org">Diaspora<img src="' . $a->get_baseurl() . '/images/diaspora.png" alt="Diaspora*" /></a>',
-
+//		'<a href="http://diasporafoundation.org">Diaspora<img src="' . $a->get_baseurl() . '/images/diaspora.png" alt="Diaspora*" /></a>',
+		'<img src="' . $a->get_baseurl() . '/images/smiley-beard.png" alt=":beard" />',
+		'<img src="' . $a->get_baseurl() . '/images/smiley-whitebeard.png" alt=":whitebeard" />'
 	);
 
 	$params = array('texts' => $texts, 'icons' => $icons, 'string' => $s);