aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfabrixxm <fabrix.xm@gmail.com>2011-08-17 17:35:37 +0200
committerfabrixxm <fabrix.xm@gmail.com>2011-08-17 17:35:37 +0200
commitbdf42473a0341f291cd256323d122aa80bb0cb0b (patch)
tree922a5ba24a34d7ea89673019e82f68436edb7091 /include
parent6c423feed2d8bc5bd36d2a1cbac073915e523749 (diff)
parentdb03b1ab173d61b1ee75271dac1e48f3475ad42c (diff)
downloadvolse-hubzilla-bdf42473a0341f291cd256323d122aa80bb0cb0b.tar.gz
volse-hubzilla-bdf42473a0341f291cd256323d122aa80bb0cb0b.tar.bz2
volse-hubzilla-bdf42473a0341f291cd256323d122aa80bb0cb0b.zip
Merge remote-tracking branch 'friendika/master' into newui
Diffstat (limited to 'include')
-rw-r--r--include/Scrape.php88
-rw-r--r--include/acl.js4
-rw-r--r--include/acl_selectors.php4
-rw-r--r--include/api.php449
-rw-r--r--include/attach.php11
-rw-r--r--include/auth.php12
-rw-r--r--include/config.php218
-rw-r--r--include/conversation.php46
-rw-r--r--include/cronhooks.php43
-rw-r--r--include/crypto.php184
-rw-r--r--include/datetime.php109
-rw-r--r--include/diaspora.php815
-rw-r--r--include/event.php13
-rw-r--r--include/group.php28
-rw-r--r--include/hostxrd.php12
-rw-r--r--include/items.php46
-rw-r--r--include/main.js12
-rw-r--r--include/network.php695
-rw-r--r--include/notifier.php69
-rw-r--r--include/oembed.php6
-rw-r--r--include/plugin.php199
-rw-r--r--include/poller.php22
-rw-r--r--include/salmon.php95
-rw-r--r--include/security.php4
-rw-r--r--include/text.php954
25 files changed, 3850 insertions, 288 deletions
diff --git a/include/Scrape.php b/include/Scrape.php
index 6726d0b15..bfe795e19 100644
--- a/include/Scrape.php
+++ b/include/Scrape.php
@@ -1,6 +1,7 @@
<?php
require_once('library/HTML5/Parser.php');
+require_once('include/crypto.php');
if(! function_exists('scrape_dfrn')) {
function scrape_dfrn($url) {
@@ -171,6 +172,8 @@ function scrape_vcard($url) {
// Pull out hCard profile elements
+ $largest_photo = 0;
+
$items = $dom->getElementsByTagName('*');
foreach($items as $item) {
if(attribute_contains($item->getAttribute('class'), 'vcard')) {
@@ -179,8 +182,13 @@ function scrape_vcard($url) {
if(attribute_contains($x->getAttribute('class'),'fn'))
$ret['fn'] = $x->textContent;
if((attribute_contains($x->getAttribute('class'),'photo'))
- || (attribute_contains($x->getAttribute('class'),'avatar')))
- $ret['photo'] = $x->getAttribute('src');
+ || (attribute_contains($x->getAttribute('class'),'avatar'))) {
+ $size = intval($x->getAttribute('width'));
+ if(($size > $largest_photo) || (! $largest_photo)) {
+ $ret['photo'] = $x->getAttribute('src');
+ $largest_photo = $size;
+ }
+ }
if((attribute_contains($x->getAttribute('class'),'nickname'))
|| (attribute_contains($x->getAttribute('class'),'uid')))
$ret['nick'] = $x->textContent;
@@ -289,13 +297,24 @@ function probe_url($url) {
if(! $url)
return $result;
- $diaspora = false;
+ $diaspora = false;
+ $diaspora_base = '';
+ $diaspora_guid = '';
+ $diaspora_key = '';
$email_conversant = false;
$twitter = ((strpos($url,'twitter.com') !== false) ? true : false);
+ $at_addr = ((strpos($url,'@') !== false) ? true : false);
+
if(! $twitter) {
- $links = lrdd($url);
+
+ if(strpos($url,'mailto:') !== false && $at_addr) {
+ $url = str_replace('mailto:','',$url);
+ $links = array();
+ }
+ else
+ $links = lrdd($url);
if(count($links)) {
logger('probe_url: found lrdd links: ' . print_r($links,true), LOGGER_DATA);
@@ -312,8 +331,19 @@ function probe_url($url) {
$hcard = unamp($link['@attributes']['href']);
if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
$profile = unamp($link['@attributes']['href']);
- if($link['@attributes']['rel'] === 'http://joindiaspora.com/seed_location')
+ if($link['@attributes']['rel'] === 'http://joindiaspora.com/seed_location') {
+ $diaspora_base = unamp($link['@attributes']['href']);
+ $diaspora = true;
+ }
+ if($link['@attributes']['rel'] === 'http://joindiaspora.com/guid') {
+ $diaspora_guid = unamp($link['@attributes']['href']);
+ $diaspora = true;
+ }
+ if($link['@attributes']['rel'] === 'diaspora-public-key') {
+ $diaspora_key = base64_decode(unamp($link['@attributes']['href']));
+ $pubkey = rsatopem($diaspora_key);
$diaspora = true;
+ }
}
// Status.Net can have more than one profile URL. We need to match the profile URL
@@ -411,8 +441,17 @@ function probe_url($url) {
}
}
+ if($diaspora && $diaspora_base && $diaspora_guid) {
+ $notify = $diaspora_base . 'receive/post/' . $diaspora_guid;
+ if(strpos($url,'@'))
+ $addr = str_replace('acct:', '', $url);
+ }
+
if($network !== NETWORK_ZOT && $network !== NETWORK_DFRN && $network !== NETWORK_MAIL) {
- $network = NETWORK_OSTATUS;
+ if($diaspora)
+ $network = NETWORK_DIASPORA;
+ else
+ $network = NETWORK_OSTATUS;
$priority = 0;
if($hcard) {
@@ -429,13 +468,6 @@ function probe_url($url) {
logger('probe_url: scrape_vcard: ' . print_r($vcard,true), LOGGER_DATA);
}
- if(! $profile) {
- if($diaspora)
- $profile = $hcard;
- else
- $profile = $url;
- }
-
if($twitter) {
logger('twitter: setup');
$tid = basename($url);
@@ -451,10 +483,18 @@ function probe_url($url) {
if(x($vcard,'nick'))
$vcard['fn'] = $vcard['nick'];
-
- if(((! isset($vcard)) && (! $poll)) || ($twitter)) {
+ $check_feed = false;
+
+ if($twitter || ! $poll)
+ $check_feed = true;
+ if((! isset($vcard)) || (! $profile))
+ $check_feed = true;
+ if(($at_addr) && (! count($links)))
+ $check_feed = false;
+
+ if($check_feed) {
- $feedret = scrape_feed($url);
+ $feedret = scrape_feed(($poll) ? $poll : $url);
logger('probe_url: scrape_feed returns: ' . print_r($feedret,true), LOGGER_DATA);
if(count($feedret) && ($feedret['feed_atom'] || $feedret['feed_rss'])) {
$poll = ((x($feedret,'feed_atom')) ? unamp($feedret['feed_atom']) : unamp($feedret['feed_rss']));
@@ -488,6 +528,8 @@ function probe_url($url) {
if(strpos($vcard['fn'],'@') !== false)
$vcard['fn'] = substr($vcard['fn'],0,strpos($vcard['fn'],'@'));
$email = unxmlify($author->get_email());
+ if(! $profile && $author->get_link())
+ $profile = trim(unxmlify($author->get_link()));
if(! $vcard['photo']) {
$rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
if($rawtags) {
@@ -508,6 +550,8 @@ function probe_url($url) {
if(strpos($vcard['fn'],'@') !== false)
$vcard['fn'] = substr($vcard['fn'],0,strpos($vcard['fn'],'@'));
$email = unxmlify($author->get_email());
+ if(! $profile && $author->get_link())
+ $profile = trim(unxmlify($author->get_link()));
}
if(! $vcard['photo']) {
$rawmedia = $item->get_item_tags('http://search.yahoo.com/mrss/','thumbnail');
@@ -545,8 +589,10 @@ function probe_url($url) {
if(strpos($vcard['nick'],' '))
$vcard['nick'] = trim(substr($vcard['nick'],0,strpos($vcard['nick'],' ')));
}
- $network = 'feed';
- $priority = 2;
+ if(! $network)
+ $network = 'feed';
+ if(! $priority)
+ $priority = 2;
}
}
@@ -554,8 +600,12 @@ function probe_url($url) {
$a = get_app();
$vcard['photo'] = $a->get_baseurl() . '/images/default-profile.jpg' ;
}
+
+ if(! $profile)
+ $profile = $url;
+
$vcard['fn'] = notags($vcard['fn']);
- $vcard['nick'] = notags($vcard['nick']);
+ $vcard['nick'] = str_replace(' ','',notags($vcard['nick']));
$result['name'] = $vcard['fn'];
diff --git a/include/acl.js b/include/acl.js
index a0a1f5dd8..82b631ee9 100644
--- a/include/acl.js
+++ b/include/acl.js
@@ -153,6 +153,9 @@ ACL.prototype.updateview = function(){
$('#jot-perms-icon').removeClass('lock').addClass('unlock');
$('#jot-public').show();
$('.profile-jot-net input').attr('disabled', false);
+ if(editor != false) {
+ $('#profile-jot-desc').html(ispublic);
+ }
} else {
that.showall.removeClass("selected");
@@ -160,6 +163,7 @@ ACL.prototype.updateview = function(){
$('#jot-perms-icon').removeClass('unlock').addClass('lock');
$('#jot-public').hide();
$('.profile-jot-net input').attr('disabled', 'disabled');
+ $('#profile-jot-desc').html('&nbsp;');
}
$("#acl-list-content .acl-list-item").each(function(){
diff --git a/include/acl_selectors.php b/include/acl_selectors.php
index 99de67d64..48ba77a88 100644
--- a/include/acl_selectors.php
+++ b/include/acl_selectors.php
@@ -96,7 +96,7 @@ function contact_selector($selname, $selclass, $preselected = false, $options) {
$sql_extra = '';
if($x['mutual']) {
- $sql_extra .= sprintf(" AND `rel` = %d ", intval(REL_BUD));
+ $sql_extra .= sprintf(" AND `rel` = %d ", intval(CONTACT_IS_FRIEND));
}
if(intval($x['exclude']))
@@ -163,7 +163,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
$sql_extra = '';
if($privmail || $celeb) {
- $sql_extra .= sprintf(" AND `rel` = %d ", intval(REL_BUD));
+ $sql_extra .= sprintf(" AND `rel` = %d ", intval(CONTACT_IS_FRIEND));
}
if($privmail) {
diff --git a/include/api.php b/include/api.php
index 4e5ea43bd..7a44cf023 100644
--- a/include/api.php
+++ b/include/api.php
@@ -10,10 +10,9 @@
$API = Array();
-
function api_date($str){
//Wed May 23 06:01:13 +0000 2007
- return datetime_convert('UTC', 'UTC', $str, "D M d h:i:s +0000 Y" );
+ return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" );
}
@@ -111,7 +110,11 @@
if ($info['auth']===true && local_user()===false) {
api_login($a);
}
-
+
+ load_contact_links(local_user());
+
+ logger('API call for ' . $a->user['username'] . ': ' . $a->query_string);
+ logger('API parameters: ' . print_r($_REQUEST,true));
$type="json";
if (strpos($a->query_string, ".xml")>0) $type="xml";
if (strpos($a->query_string, ".json")>0) $type="json";
@@ -145,7 +148,26 @@
//echo "<pre>"; var_dump($r); die();
}
}
- return false;
+ $r = '<status><error>not implemented</error></status>';
+ switch($type){
+ case "xml":
+ header ("Content-Type: text/xml");
+ return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r;
+ break;
+ case "json":
+ header ("Content-Type: application/json");
+ return json_encode(array('error' => 'not implemented'));
+ break;
+ case "rss":
+ header ("Content-Type: application/rss+xml");
+ return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r;
+ break;
+ case "atom":
+ header ("Content-Type: application/atom+xml");
+ return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r;
+ break;
+
+ }
}
/**
@@ -157,7 +179,9 @@
$arr['$rss'] = array(
'alternate' => $user_info['url'],
'self' => $a->get_baseurl(). "/". $a->query_string,
+ 'base' => $a->get_baseurl(),
'updated' => api_date(null),
+ 'atom_updated' => datetime_convert('UTC','UTC','now',ATOM_TIME),
'language' => $user_info['language'],
'logo' => $a->get_baseurl()."/images/friendika-32.png",
);
@@ -168,9 +192,10 @@
/**
* Returns user info array.
*/
- function api_get_user(&$a, $contact_id=Null){
+ function api_get_user(&$a, $contact_id = Null){
$user = null;
$extra_query = "";
+
if(!is_null($contact_id)){
$user=$contact_id;
$extra_query = "AND `contact`.`id` = %d ";
@@ -185,7 +210,7 @@
$extra_query = "AND `contact`.`nick` = '%s' ";
}
- if (is_null($user)){
+ if (is_null($user) && $a->argc > 3){
list($user, $null) = explode(".",$a->argv[3]);
if(is_numeric($user)){
$user = intval($user);
@@ -196,17 +221,17 @@
}
}
- if ($user==='') {
+ if (! $user) {
if (local_user()===false) {
api_login($a); return False;
} else {
$user = $_SESSION['uid'];
- $extra_query = "AND `contact`.`uid` = %d ";
+ $extra_query = "AND `contact`.`uid` = %d AND `contact`.`self` = 1 ";
}
}
-
+ logger('api_user: ' . $extra_query . ' ' , $user);
// user info
$uinfo = q("SELECT *, `contact`.`id` as `cid` FROM `contact`
WHERE 1
@@ -217,43 +242,135 @@
return False;
}
- // count public wall messages
- $r = q("SELECT COUNT(`id`) as `count` FROM `item`
- WHERE `uid` = %d
- AND `type`='wall'
- AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
- intval($uinfo[0]['uid'])
- );
- $countitms = $r[0]['count'];
-
+ if($uinfo[0]['self']) {
+ $usr = q("select * from user where uid = %d limit 1",
+ intval(local_user())
+ );
+ $profile = q("select * from profile where uid = %d and `is-default` = 1 limit 1",
+ intval(local_user())
+ );
+
+ // count public wall messages
+ $r = q("SELECT COUNT(`id`) as `count` FROM `item`
+ WHERE `uid` = %d
+ AND `type`='wall'
+ AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
+ intval($uinfo[0]['uid'])
+ );
+ $countitms = $r[0]['count'];
+ }
+ else {
+ $r = q("SELECT COUNT(`id`) as `count` FROM `item`
+ WHERE `contact-id` = %d
+ AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
+ intval($uinfo[0]['id'])
+ );
+ $countitms = $r[0]['count'];
+ }
+
// count friends
$r = q("SELECT COUNT(`id`) as `count` FROM `contact`
- WHERE `uid` = %d
+ WHERE `uid` = %d AND `rel` IN ( %d, %d )
AND `self`=0 AND `blocked`=0",
- intval($uinfo[0]['uid'])
+ intval($uinfo[0]['uid']),
+ intval(CONTACT_IS_SHARING),
+ intval(CONTACT_IS_FRIEND)
);
$countfriends = $r[0]['count'];
-
+
+ $r = q("SELECT COUNT(`id`) as `count` FROM `contact`
+ WHERE `uid` = %d AND `rel` IN ( %d, %d )
+ AND `self`=0 AND `blocked`=0",
+ intval($uinfo[0]['uid']),
+ intval(CONTACT_IS_FOLLOWER),
+ intval(CONTACT_IS_FRIEND)
+ );
+ $countfollowers = $r[0]['count'];
+
+ $r = q("SELECT count(`id`) as `count` FROM item where starred = 1 and uid = %d and deleted = 0",
+ intval($uinfo[0]['uid'])
+ );
+ $starred = $r[0]['count'];
+
+
+ if(! $uinfo[0]['self']) {
+ $countfriends = 0;
+ $countfollowers = 0;
+ $starred = 0;
+ }
$ret = Array(
- 'uid' => $uinfo[0]['uid'],
- 'id' => $uinfo[0]['cid'],
+ 'uid' => intval($uinfo[0]['uid']),
+ 'id' => intval($uinfo[0]['cid']),
'name' => $uinfo[0]['name'],
- 'screen_name' => $uinfo[0]['nick'],
- 'location' => '', //$uinfo[0]['default-location'],
+ 'screen_name' => (($uinfo[0]['nick']) ? $uinfo[0]['nick'] : $uinfo[0]['name']),
+ 'location' => ($usr) ? $usr[0]['default-location'] : '',
'profile_image_url' => $uinfo[0]['micro'],
'url' => $uinfo[0]['url'],
'contact_url' => $a->get_baseurl()."/contacts/".$uinfo[0]['cid'],
- 'protected' => false, #
- 'friends_count' => $countfriends,
+ 'protected' => false,
+ 'friends_count' => intval($countfriends),
'created_at' => api_date($uinfo[0]['name-date']),
+ 'utc_offset' => "+00:00",
+ 'time_zone' => 'UTC', //$uinfo[0]['timezone'],
+ 'geo_enabled' => false,
+ 'statuses_count' => intval($countitms), #XXX: fix me
+ 'lang' => 'en', #XXX: fix me
+ 'description' => (($profile) ? $profile[0]['pdesc'] : ''),
+ 'followers_count' => intval($countfollowers),
+ 'favourites_count' => intval($starred),
+ 'contributors_enabled' => false,
+ 'follow_request_sent' => false,
+ 'profile_background_color' => 'cfe8f6',
+ 'profile_text_color' => '000000',
+ 'profile_link_color' => 'FF8500',
+ 'profile_sidebar_fill_color' =>'AD0066',
+ 'profile_sidebar_border_color' => 'AD0066',
+ 'profile_background_image_url' => '',
+ 'profile_background_tile' => false,
+ 'profile_use_background_image' => false,
+ 'notifications' => false,
+ 'following' => '', #XXX: fix me
+ 'verified' => true, #XXX: fix me
+ #'status' => null
+ );
+
+ return $ret;
+
+ }
+
+ function api_item_get_user(&$a, $item) {
+ // The author is our direct contact, in a conversation with us.
+ if(link_compare($item['url'],$item['author-link'])) {
+ return api_get_user($a,$item['cid']);
+ }
+ else {
+ // The author may be a contact of ours, but is replying to somebody else.
+ // Figure out if we know him/her.
+ $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
+ if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
+ return api_get_user($a,$a->contacts[$normalised]['id']);
+ }
+ // We don't know this person directly.
+ $ret = array(
+ 'uid' => 0,
+ 'id' => 0,
+ 'name' => $item['author-name'],
+ 'screen_name' => $item['author_name'],
+ 'location' => '', //$uinfo[0]['default-location'],
+ 'profile_image_url' => $item['author-avatar'],
+ 'url' => $item['author-link'],
+ 'contact_url' => 0,
+ 'protected' => false, #
+ 'friends_count' => 0,
+ 'created_at' => '',
'utc_offset' => 0, #XXX: fix me
'time_zone' => '', //$uinfo[0]['timezone'],
'geo_enabled' => false,
- 'statuses_count' => $countitms, #XXX: fix me
+ 'statuses_count' => 0,
'lang' => 'en', #XXX: fix me
'description' => '',
- 'followers_count' => $countfriends, #XXX: fix me
+ 'followers_count' => 0,
'favourites_count' => 0,
'contributors_enabled' => false,
'follow_request_sent' => false,
@@ -270,9 +387,8 @@
'followers' => '', #XXX: fix me
#'status' => null
);
-
- return $ret;
-
+
+ return $ret;
}
/**
@@ -281,7 +397,7 @@
function api_xmlify($val){
if (is_bool($val)) return $val?"true":"false";
if (is_array($val)) return array_map('api_xmlify', $val);
- return xmlify($val);
+ return xmlify((string) $val);
}
/**
@@ -289,9 +405,11 @@
*/
function api_apply_template($templatename, $type, $data){
+ $a = get_app();
+
switch($type){
- case "rss":
case "atom":
+ case "rss":
case "xml":
$data = api_xmlify($data);
$tpl = get_markup_template("api_".$templatename."_".$type.".tpl");
@@ -323,20 +441,39 @@
api_register_func('api/account/verify_credentials','api_account_verify_credentials', true);
+ /**
+ * get data from $_POST or $_GET
+ */
+ function requestdata($k){
+ if (isset($_POST[$k])){
+ return $_POST[$k];
+ }
+ if (isset($_GET[$k])){
+ return $_GET[$k];
+ }
+ return null;
+ }
// TODO - media uploads
-
function api_statuses_update(&$a, $type) {
if (local_user()===false) return false;
$user_info = api_get_user($a);
// convert $_POST array items to the form we use for web posts.
- $_POST['body'] = urldecode($_POST['status']);
- $_POST['parent'] = $_POST['in_reply_to_status_id'];
- if($_POST['lat'] && $_POST['long'])
- $_POST['coord'] = sprintf("%s %s",$_POST['lat'],$_POST['long']);
+ // logger('api_post: ' . print_r($_POST,true));
+
+ $_POST['body'] = urldecode(requestdata('status'));
+
+ $parent = requestdata('in_reply_to_status_id');
+ if(ctype_digit($parent))
+ $_POST['parent'] = $parent;
+ else
+ $_POST['parent_uri'] = $parent;
+
+ if(requestdata('lat') && requestdata('long'))
+ $_POST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long'));
$_POST['profile_uid'] = local_user();
- if($_POST['parent'])
+ if(requestdata('parent'))
$_POST['type'] = 'net-comment';
else
$_POST['type'] = 'wall';
@@ -473,7 +610,85 @@
$user_info = api_get_user($a);
// get last newtork messages
- $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
+// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
+
+ $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
+ `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+ `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+ `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
+ FROM `item`, `contact`
+ WHERE `item`.`uid` = %d
+ AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `contact`.`id` = `item`.`contact-id`
+ AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ $sql_extra
+ ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
+ intval($user_info['uid']),
+ 0,20
+ );
+
+ $ret = api_format_items($r,$user_info);
+
+
+ $data = array('$statuses' => $ret);
+ switch($type){
+ case "atom":
+ case "rss":
+ $data = api_rss_extra($a, $data, $user_info);
+ }
+
+ return api_apply_template("timeline", $type, $data);
+ }
+ api_register_func('api/statuses/home_timeline','api_statuses_home_timeline', true);
+ api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true);
+
+
+
+ function api_statuses_user_timeline(&$a, $type){
+ if (local_user()===false) return false;
+
+ $user_info = api_get_user($a);
+ // get last newtork messages
+// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
+
+ $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
+ `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+ `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+ `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
+ FROM `item`, `contact`
+ WHERE `item`.`uid` = %d
+ AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `item`.`wall` = 1
+ AND `contact`.`id` = `item`.`contact-id`
+ AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ $sql_extra
+ ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
+ intval($user_info['uid']),
+ 0,20
+ );
+
+ $ret = api_format_items($r,$user_info);
+
+
+ $data = array('$statuses' => $ret);
+ switch($type){
+ case "atom":
+ case "rss":
+ $data = api_rss_extra($a, $data, $user_info);
+ }
+
+ return api_apply_template("timeline", $type, $data);
+ }
+
+ api_register_func('api/statuses/user_timeline','api_statuses_user_timeline', true);
+
+
+ function api_favorites(&$a, $type){
+ if (local_user()===false) return false;
+
+ $user_info = api_get_user($a);
+ // get last newtork messages
+// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@@ -482,30 +697,56 @@
FROM `item`, `contact`
WHERE `item`.`uid` = %d
AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `item`.`starred` = 1
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
- ORDER BY `item`.`created` DESC LIMIT %d ,%d ",
+ ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
0,20
);
+
+ $ret = api_format_items($r,$user_info);
+
+
+ $data = array('$statuses' => $ret);
+ switch($type){
+ case "atom":
+ case "rss":
+ $data = api_rss_extra($a, $data, $user_info);
+ }
+
+ return api_apply_template("timeline", $type, $data);
+ }
+
+ api_register_func('api/favorites','api_favorites', true);
+
+
+ function api_format_items($r,$user_info) {
+
+ //logger('api_format_items: ' . print_r($r,true));
+
+ //logger('api_format_items: ' . print_r($user_info,true));
+
+ $a = get_app();
$ret = Array();
foreach($r as $item) {
- $status_user = (($item['cid']==$user_info['id'])?$user_info: api_get_user($a,$item['cid']));
+ $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
$status = array(
'created_at'=> api_date($item['created']),
'published' => datetime_convert('UTC','UTC',$item['created'],ATOM_TIME),
'updated' => datetime_convert('UTC','UTC',$item['edited'],ATOM_TIME),
- 'id' => $item['id'],
+ 'id' => intval($item['id']),
+ 'message_id' => $item['uri'],
'text' => strip_tags(bbcode($item['body'])),
- 'html' => bbcode($item['body']),
+ 'statusnet_html' => bbcode($item['body']),
'source' => (($item['app']) ? $item['app'] : 'web'),
'url' => ($item['plink']!=''?$item['plink']:$item['author-link']),
'truncated' => False,
- 'in_reply_to_status_id' => ($item['parent']!=$item['id']?$item['parent']:''),
+ 'in_reply_to_status_id' => ($item['parent']!=$item['id']? intval($item['parent']):''),
'in_reply_to_user_id' => '',
- 'favorited' => false,
+ 'favorited' => $item['starred'] ? true : false,
'in_reply_to_screen_name' => '',
'geo' => '',
'coordinates' => $item['coord'],
@@ -514,28 +755,16 @@
'annotations' => '',
'entities' => '',
'user' => $status_user ,
- 'objecttype' => $item['object-type'],
- 'verb' => $item['verb'],
- 'self' => $a->get_baseurl()."/api/statuses/show/".$ite['id'].".".$type,
- 'edit' => $a->get_baseurl()."/api/statuses/show/".$ite['id'].".".$type,
+ 'objecttype' => (($item['object-type']) ? $item['object-type'] : ACTIVITY_OBJ_NOTE),
+ 'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
+ 'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
+ 'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
);
$ret[]=$status;
};
-
- $data = array('$statuses' => $ret);
- switch($type){
- case "atom":
- case "rss":
- $data = api_rss_extra($a, $data, $user_info);
- }
-
- return api_apply_template("timeline", $type, $data);
+ return $ret;
}
- api_register_func('api/statuses/home_timeline','api_statuses_home_timeline', true);
- api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true);
- api_register_func('api/statuses/user_timeline','api_statuses_home_timeline', true);
- # TODO: user_timeline should be profile view
-
+
function api_account_rate_limit_status(&$a,$type) {
@@ -550,3 +779,93 @@
}
api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true);
+
+
+ function api_statusnet_config(&$a,$type) {
+ $name = $a->config['sitename'];
+ $server = $a->get_hostname();
+ $logo = $a->get_baseurl() . '/images/friendika-64.png';
+ $email = $a->config['admin_email'];
+ $closed = (($a->config['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false');
+ $private = (($a->config['system']['block_public']) ? 'true' : 'false');
+ $textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000);
+ if($a->config['api_import_size'])
+ $texlimit = string($a->config['api_import_size']);
+ $ssl = (($a->config['system']['have_ssl']) ? 'true' : 'false');
+ $sslserver = (($ssl === 'true') ? str_replace('http:','https:',$a->get_baseurl()) : '');
+
+ $config = array(
+ 'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '',
+ 'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '',
+ 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
+ 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
+ 'shorturllength' => '30'
+ ),
+ );
+
+ return api_apply_template('config', $type, array('$config' => $config));
+
+ }
+ api_register_func('api/statusnet/config','api_statusnet_config',false);
+
+
+ function api_statusnet_version(&$a,$type) {
+
+ // liar
+
+ if($type === 'xml') {
+ header("Content-type: application/xml");
+ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>0.9.7</version>' . "\r\n";
+ killme();
+ }
+ elseif($type === 'json') {
+ header("Content-type: application/json");
+ echo '"0.9.7"';
+ killme();
+ }
+ }
+ api_register_func('api/statusnet/version','api_statusnet_version',false);
+
+
+ function api_ff_ids(&$a,$type,$qtype) {
+ if(! local_user())
+ return false;
+
+ if($qtype == 'friends')
+ $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
+ if($qtype == 'followers')
+ $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
+
+
+ $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
+ intval(local_user())
+ );
+
+ if(is_array($r)) {
+ if($type === 'xml') {
+ header("Content-type: application/xml");
+ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<ids>' . "\r\n";
+ foreach($r as $rr)
+ echo '<id>' . $rr['id'] . '</id>' . "\r\n";
+ echo '</ids>' . "\r\n";
+ killme();
+ }
+ elseif($type === 'json') {
+ $ret = array();
+ header("Content-type: application/json");
+ foreach($r as $rr) $ret[] = $rr['id'];
+ echo json_encode($ret);
+ killme();
+ }
+ }
+ }
+
+ function api_friends_ids(&$a,$type) {
+ api_ff_ids($a,$type,'friends');
+ }
+ function api_followers_ids(&$a,$type) {
+ api_ff_ids($a,$type,'followers');
+ }
+ api_register_func('api/friends/ids','api_friends_ids',true);
+ api_register_func('api/followers/ids','api_followers_ids',true);
+
diff --git a/include/attach.php b/include/attach.php
index ca53081d9..4001d2af1 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -1,7 +1,7 @@
<?php
-if(!function_exists('mime_content_type')) {
-function mime_content_type($filename) {
+
+function z_mime_content_type($filename) {
$mime_types = array(
@@ -61,8 +61,9 @@ function mime_content_type($filename) {
'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
);
- if(strpos($filename,'.') !== false) {
- $ext = strtolower(array_pop(explode('.',$filename)));
+ $dot = strpos($filename,'.');
+ if($dot !== false) {
+ $ext = strtolower(substr($filename,$dot+1));
if (array_key_exists($ext, $mime_types)) {
return $mime_types[$ext];
}
@@ -76,5 +77,5 @@ function mime_content_type($filename) {
else {
return 'application/octet-stream';
}
-}}
+}
diff --git a/include/auth.php b/include/auth.php
index d1eb9d131..768af626f 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -25,7 +25,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
nuke_session();
info( t('Logged out.') . EOL);
- goaway($a->get_baseurl());
+ goaway(z_root());
}
if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
@@ -45,7 +45,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
// extra paranoia - if the IP changed, log them out
if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) {
nuke_session();
- goaway($a->get_baseurl());
+ goaway(z_root());
}
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
@@ -54,7 +54,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
if(! count($r)) {
nuke_session();
- goaway($a->get_baseurl());
+ goaway(z_root());
}
// initialise user environment
@@ -118,7 +118,7 @@ else {
if(($noid) || (strpos($temp_string,'@')) || (! validate_url($temp_string))) {
$a = get_app();
notice( t('Login failed.') . EOL);
- goaway($a->get_baseurl());
+ goaway(z_root());
// NOTREACHED
}
@@ -143,7 +143,7 @@ else {
if($a->config['register_policy'] == REGISTER_CLOSED) {
$a = get_app();
notice( t('Login failed.') . EOL);
- goaway($a->get_baseurl());
+ goaway(z_root());
// NOTREACHED
}
// new account
@@ -196,7 +196,7 @@ else {
if((! $record) || (! count($record))) {
logger('authenticate: failed login attempt: ' . trim($_POST['openid_url']));
notice( t('Login failed.') . EOL );
- goaway($a->get_baseurl());
+ goaway(z_root());
}
$_SESSION['uid'] = $record['uid'];
diff --git a/include/config.php b/include/config.php
new file mode 100644
index 000000000..f565ab117
--- /dev/null
+++ b/include/config.php
@@ -0,0 +1,218 @@
+<?php
+
+/**
+ *
+ * Arbitrary configuration storage
+ * Note:
+ * Please do not store booleans - convert to 0/1 integer values
+ * The get_?config() functions return boolean false for keys that are unset,
+ * and this could lead to subtle bugs.
+ *
+ * There are a few places in the code (such as the admin panel) where boolean
+ * configurations need to be fixed as of 10/08/2011.
+ */
+
+
+// retrieve a "family" of config variables from database to cached storage
+
+if(! function_exists('load_config')) {
+function load_config($family) {
+ global $a;
+ $r = q("SELECT * FROM `config` WHERE `cat` = '%s'",
+ dbesc($family)
+ );
+ if(count($r)) {
+ foreach($r as $rr) {
+ $k = $rr['k'];
+ if ($rr['cat'] === 'config') {
+ $a->config[$k] = $rr['v'];
+ } else {
+ $a->config[$family][$k] = $rr['v'];
+ }
+ }
+ }
+}}
+
+// get a particular config variable given the family name
+// and key. Returns false if not set.
+// $instore is only used by the set_config function
+// to determine if the key already exists in the DB
+// If a key is found in the DB but doesn't exist in
+// local config cache, pull it into the cache so we don't have
+// to hit the DB again for this item.
+
+if(! function_exists('get_config')) {
+function get_config($family, $key, $instore = false) {
+
+ global $a;
+
+ if(! $instore) {
+ if(isset($a->config[$family][$key])) {
+ if($a->config[$family][$key] === '!<unset>!') {
+ return false;
+ }
+ return $a->config[$family][$key];
+ }
+ }
+ $ret = q("SELECT `v` FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
+ dbesc($family),
+ dbesc($key)
+ );
+ if(count($ret)) {
+ // manage array value
+ $val = (preg_match("|^a:[0-9]+:{.*}$|", $ret[0]['v'])?unserialize( $ret[0]['v']):$ret[0]['v']);
+ $a->config[$family][$key] = $val;
+ return $val;
+ }
+ else {
+ $a->config[$family][$key] = '!<unset>!';
+ }
+ return false;
+}}
+
+// Store a config value ($value) in the category ($family)
+// under the key ($key)
+// Return the value, or false if the database update failed
+
+if(! function_exists('set_config')) {
+function set_config($family,$key,$value) {
+ global $a;
+
+ // manage array value
+ $dbvalue = (is_array($value)?serialize($value):$value);
+
+ if(get_config($family,$key,true) === false) {
+ $a->config[$family][$key] = $value;
+ $ret = q("INSERT INTO `config` ( `cat`, `k`, `v` ) VALUES ( '%s', '%s', '%s' ) ",
+ dbesc($family),
+ dbesc($key),
+ dbesc($dbvalue)
+ );
+ if($ret)
+ return $value;
+ return $ret;
+ }
+
+ $ret = q("UPDATE `config` SET `v` = '%s' WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
+ dbesc($dbvalue),
+ dbesc($family),
+ dbesc($key)
+ );
+
+ $a->config[$family][$key] = $value;
+
+ if($ret)
+ return $value;
+ return $ret;
+}}
+
+
+if(! function_exists('load_pconfig')) {
+function load_pconfig($uid,$family) {
+ global $a;
+ $r = q("SELECT * FROM `pconfig` WHERE `cat` = '%s' AND `uid` = %d",
+ dbesc($family),
+ intval($uid)
+ );
+ if(count($r)) {
+ foreach($r as $rr) {
+ $k = $rr['k'];
+ $a->config[$uid][$family][$k] = $rr['v'];
+ }
+ }
+}}
+
+
+
+if(! function_exists('get_pconfig')) {
+function get_pconfig($uid,$family, $key, $instore = false) {
+
+ global $a;
+
+ if(! $instore) {
+ if(isset($a->config[$uid][$family][$key])) {
+ if($a->config[$uid][$family][$key] === '!<unset>!') {
+ return false;
+ }
+ return $a->config[$uid][$family][$key];
+ }
+ }
+
+ $ret = q("SELECT `v` FROM `pconfig` WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1",
+ intval($uid),
+ dbesc($family),
+ dbesc($key)
+ );
+
+ if(count($ret)) {
+ $a->config[$uid][$family][$key] = $ret[0]['v'];
+ return $ret[0]['v'];
+ }
+ else {
+ $a->config[$uid][$family][$key] = '!<unset>!';
+ }
+ return false;
+}}
+
+if(! function_exists('del_config')) {
+function del_config($family,$key) {
+
+ global $a;
+ if(x($a->config[$family],$key))
+ unset($a->config[$family][$key]);
+ $ret = q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
+ dbesc($cat),
+ dbesc($key)
+ );
+ return $ret;
+}}
+
+
+
+// Same as above functions except these are for personal config storage and take an
+// additional $uid argument.
+
+if(! function_exists('set_pconfig')) {
+function set_pconfig($uid,$family,$key,$value) {
+
+ global $a;
+
+ if(get_pconfig($uid,$family,$key,true) === false) {
+ $a->config[$uid][$family][$key] = $value;
+ $ret = q("INSERT INTO `pconfig` ( `uid`, `cat`, `k`, `v` ) VALUES ( %d, '%s', '%s', '%s' ) ",
+ intval($uid),
+ dbesc($family),
+ dbesc($key),
+ dbesc($value)
+ );
+ if($ret)
+ return $value;
+ return $ret;
+ }
+ $ret = q("UPDATE `pconfig` SET `v` = '%s' WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1",
+ dbesc($value),
+ intval($uid),
+ dbesc($family),
+ dbesc($key)
+ );
+
+ $a->config[$uid][$family][$key] = $value;
+
+ if($ret)
+ return $value;
+ return $ret;
+}}
+
+if(! function_exists('del_pconfig')) {
+function del_pconfig($uid,$family,$key) {
+
+ global $a;
+ if(x($a->config[$uid][$family],$key))
+ unset($a->config[$uid][$family][$key]);
+ $ret = q("DELETE FROM `pconfig` WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1",
+ intval($uid),
+ dbesc($family),
+ dbesc($key)
+ );
+ return $ret;
+}}
diff --git a/include/conversation.php b/include/conversation.php
index 82a107c07..0d901a3c0 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -283,14 +283,14 @@ function conversation(&$a, $items, $mode, $update) {
continue;
$toplevelpost = (($item['id'] == $item['parent']) ? true : false);
-
+ $toplevelprivate = false;
// Take care of author collapsing and comment collapsing
// If a single author has more than 3 consecutive top-level posts, squash the remaining ones.
// If there are more than two comments, squash all but the last 2.
-
+
if($toplevelpost) {
-
+ $toplevelprivate = (($toplevelpost && $item['private']) ? true : false);
$item_writeable = (($item['writable'] || $item['self']) ? true : false);
if($blowhard == $item['cid'] && (! $item['self']) && ($mode != 'profile') && ($mode != 'notes')) {
@@ -312,9 +312,12 @@ function conversation(&$a, $items, $mode, $update) {
$comments_seen = 0;
$comments_collapsed = false;
}
- else
+ else {
+ // prevent private email from leaking into public conversation
+ if((! $toplevelpost) && (! toplevelprivate) && ($item['private']) && ($profile_owner != local_user()))
+ continue;
$comments_seen ++;
-
+ }
$override_comment_box = ((($page_writeable) && ($item_writeable)) ? true : false);
$show_comment_box = ((($page_writeable) && ($item_writeable) && ($comments_seen == $comments[$item['parent']])) ? true : false);
@@ -347,7 +350,7 @@ function conversation(&$a, $items, $mode, $update) {
if(($toplevelpost) && (! $item['self']) && ($mode !== 'profile')) {
- if($item['type'] === 'wall') {
+ if($item['wall']) {
// On the network page, I am the owner. On the display page it will be the profile owner.
// This will have been stored in $a->page_contact by our calling page.
@@ -359,7 +362,7 @@ function conversation(&$a, $items, $mode, $update) {
$template = $wallwall;
$commentww = 'ww';
}
- if(($item['type'] === 'remote') && (strlen($item['owner-link'])) && ($item['owner-link'] != $item['author-link'])) {
+ if((! $item['wall']) && (strlen($item['owner-link'])) && ($item['owner-link'] != $item['author-link'])) {
// Could be anybody.
@@ -444,7 +447,7 @@ function conversation(&$a, $items, $mode, $update) {
$profile_link = '';
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
- if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
+ if(($normalised != 'mailbox') && (x($a->contacts,$normalised)))
$profile_avatar = $a->contacts[$normalised]['thumb'];
else
$profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $thumb);
@@ -533,33 +536,6 @@ function conversation(&$a, $items, $mode, $update) {
return $o;
}
-
-if(! function_exists('load_contact_links')) {
-function load_contact_links($uid) {
-
- $a = get_app();
-
- $ret = array();
-
- if(! $uid || x($a->contacts,'empty'))
- return;
-
- $r = q("SELECT `id`,`network`,`url`,`thumb` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 ",
- intval($uid)
- );
- if(count($r)) {
- foreach($r as $rr){
- $url = normalise_link($rr['url']);
- $ret[$url] = $rr;
- }
- }
- else
- $ret['empty'] = true;
- $a->contacts = $ret;
- return;
-}}
-
-
function best_link_url($item,&$sparkle) {
$a = get_app();
diff --git a/include/cronhooks.php b/include/cronhooks.php
new file mode 100644
index 000000000..37541f013
--- /dev/null
+++ b/include/cronhooks.php
@@ -0,0 +1,43 @@
+<?php
+
+require_once("boot.php");
+
+
+function cronhooks_run($argv, $argc){
+ global $a, $db;
+
+ if(is_null($a)) {
+ $a = new App;
+ }
+
+ if(is_null($db)) {
+ @include(".htconfig.php");
+ require_once("dba.php");
+ $db = new dba($db_host, $db_user, $db_pass, $db_data);
+ unset($db_host, $db_user, $db_pass, $db_data);
+ };
+
+ require_once('include/session.php');
+ require_once('include/datetime.php');
+
+ load_config('config');
+ load_config('system');
+
+ $a->set_baseurl(get_config('system','url'));
+
+ load_hooks();
+
+ logger('cronhooks: start');
+
+
+ $d = datetime_convert();
+
+ call_hooks('cron', $d);
+
+ return;
+}
+
+if (array_search(__file__,get_included_files())===0){
+ cronhooks_run($argv,$argc);
+ killme();
+}
diff --git a/include/crypto.php b/include/crypto.php
new file mode 100644
index 000000000..1ab9e7b25
--- /dev/null
+++ b/include/crypto.php
@@ -0,0 +1,184 @@
+<?php
+
+require_once('library/ASNValue.class.php');
+require_once('library/asn1.php');
+
+
+function rsa_sign($data,$key) {
+
+ $sig = '';
+ if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+ openssl_sign($data,$sig,$key,'sha256');
+ }
+ else {
+ if(strlen($key) < 1024 || extension_loaded('gmp')) {
+ require_once('library/phpsec/Crypt/RSA.php');
+ $rsa = new CRYPT_RSA();
+ $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
+ $rsa->setHash('sha256');
+ $rsa->loadKey($key);
+ $sig = $rsa->sign($data);
+ }
+ else {
+ logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3');
+ openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key);
+ }
+ }
+ return $sig;
+}
+
+function rsa_verify($data,$sig,$key) {
+
+ if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+ $verify = openssl_verify($data,$sig,$key,'sha256');
+ }
+ else {
+ if(strlen($key) <= 300 || extension_loaded('gmp')) {
+ require_once('library/phpsec/Crypt/RSA.php');
+ $rsa = new CRYPT_RSA();
+ $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
+ $rsa->setHash('sha256');
+ $rsa->loadKey($key);
+ $verify = $rsa->verify($data,$sig);
+ }
+ else {
+ // fallback sha256 verify for PHP < 5.3 and large key lengths
+ $rawsig = '';
+ openssl_public_decrypt($sig,$rawsig,$key);
+ $verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false);
+ }
+ }
+ return $verify;
+}
+
+
+function DerToPem($Der, $Private=false)
+{
+ //Encode:
+ $Der = base64_encode($Der);
+ //Split lines:
+ $lines = str_split($Der, 65);
+ $body = implode("\n", $lines);
+ //Get title:
+ $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
+ //Add wrapping:
+ $result = "-----BEGIN {$title}-----\n";
+ $result .= $body . "\n";
+ $result .= "-----END {$title}-----\n";
+
+ return $result;
+}
+
+function DerToRsa($Der)
+{
+ //Encode:
+ $Der = base64_encode($Der);
+ //Split lines:
+ $lines = str_split($Der, 65);
+ $body = implode("\n", $lines);
+ //Get title:
+ $title = 'RSA PUBLIC KEY';
+ //Add wrapping:
+ $result = "-----BEGIN {$title}-----\n";
+ $result .= $body . "\n";
+ $result .= "-----END {$title}-----\n";
+
+ return $result;
+}
+
+
+function pkcs8_encode($Modulus,$PublicExponent) {
+ //Encode key sequence
+ $modulus = new ASNValue(ASNValue::TAG_INTEGER);
+ $modulus->SetIntBuffer($Modulus);
+ $publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
+ $publicExponent->SetIntBuffer($PublicExponent);
+ $keySequenceItems = array($modulus, $publicExponent);
+ $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
+ $keySequence->SetSequence($keySequenceItems);
+ //Encode bit string
+ $bitStringValue = $keySequence->Encode();
+ $bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte
+ $bitString = new ASNValue(ASNValue::TAG_BITSTRING);
+ $bitString->Value = $bitStringValue;
+ //Encode body
+ $bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();
+ $body = new ASNValue(ASNValue::TAG_SEQUENCE);
+ $body->Value = $bodyValue;
+ //Get DER encoded public key:
+ $PublicDER = $body->Encode();
+ return $PublicDER;
+}
+
+
+function pkcs1_encode($Modulus,$PublicExponent) {
+ //Encode key sequence
+ $modulus = new ASNValue(ASNValue::TAG_INTEGER);
+ $modulus->SetIntBuffer($Modulus);
+ $publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
+ $publicExponent->SetIntBuffer($PublicExponent);
+ $keySequenceItems = array($modulus, $publicExponent);
+ $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
+ $keySequence->SetSequence($keySequenceItems);
+ //Encode bit string
+ $bitStringValue = $keySequence->Encode();
+ return $bitStringValue;
+}
+
+
+function metopem($m,$e) {
+ $der = pkcs8_encode($m,$e);
+ $key = DerToPem($der,false);
+ return $key;
+}
+
+
+function pubrsatome($key,&$m,&$e) {
+ require_once('library/asn1.php');
+ require_once('include/salmon.php');
+
+ $lines = explode("\n",$key);
+ unset($lines[0]);
+ unset($lines[count($lines)]);
+ $x = base64_decode(implode('',$lines));
+
+ $r = ASN_BASE::parseASNString($x);
+
+ $m = base64url_decode($r[0]->asnData[0]->asnData);
+ $e = base64url_decode($r[0]->asnData[1]->asnData);
+}
+
+
+function rsatopem($key) {
+ pubrsatome($key,$m,$e);
+ return(metopem($m,$e));
+}
+
+function pemtorsa($key) {
+ pemtome($key,$m,$e);
+ return(metorsa($m,$e));
+}
+
+function pemtome($key,&$m,&$e) {
+ require_once('include/salmon.php');
+ $lines = explode("\n",$key);
+ unset($lines[0]);
+ unset($lines[count($lines)]);
+ $x = base64_decode(implode('',$lines));
+
+ $r = ASN_BASE::parseASNString($x);
+
+ $m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
+ $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
+}
+
+function metorsa($m,$e) {
+ $der = pkcs1_encode($m,$e);
+ $key = DerToRsa($der);
+ return $key;
+}
+
+function salmon_key($pubkey) {
+ pemtome($pubkey,$m,$e);
+ return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
+}
diff --git a/include/datetime.php b/include/datetime.php
index a056eaa60..3033b88af 100644
--- a/include/datetime.php
+++ b/include/datetime.php
@@ -84,12 +84,47 @@ function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d
function dob($dob) {
list($year,$month,$day) = sscanf($dob,'%4d-%2d-%2d');
$y = datetime_convert('UTC',date_default_timezone_get(),'now','Y');
- $o = datesel('',1920,$y,true,$year,$month,$day);
+ $f = get_config('system','birthday_input_format');
+ if(! $f)
+ $f = 'ymd';
+ $o = datesel($f,'',1920,$y,true,$year,$month,$day);
+ return $o;
+}
+
+
+function datesel_format($f) {
+
+ $o = '';
+
+ if(strlen($f)) {
+ for($x = 0; $x < strlen($f); $x ++) {
+ switch($f[$x]) {
+ case 'y':
+ if(strlen($o))
+ $o .= '-';
+ $o .= t('year');
+ break;
+ case 'm':
+ if(strlen($o))
+ $o .= '-';
+ $o .= t('month');
+ break;
+ case 'd':
+ if(strlen($o))
+ $o .= '-';
+ $o .= t('day');
+ break;
+ default:
+ break;
+ }
+ }
+ }
return $o;
}
// returns a date selector.
+// $f = format string, e.g. 'ymd' or 'mdy'
// $pre = prefix (if needed) for HTML name and class fields
// $ymin = first year shown in selector dropdown
// $ymax = last year shown in selector dropdown
@@ -99,40 +134,52 @@ function dob($dob) {
// $d = already selected day
if(! function_exists('datesel')) {
-function datesel($pre,$ymin,$ymax,$allow_blank,$y,$m,$d) {
+function datesel($f,$pre,$ymin,$ymax,$allow_blank,$y,$m,$d) {
$o = '';
- $o .= "<select name=\"{$pre}year\" class=\"{$pre}year\" size=\"1\">";
- if($allow_blank) {
- $sel = (($y == '0000') ? " selected=\"selected\" " : "");
- $o .= "<option value=\"0000\" $sel ></option>";
- }
- if($ymax > $ymin) {
- for($x = $ymax; $x >= $ymin; $x --) {
- $sel = (($x == $y) ? " selected=\"selected\" " : "");
- $o .= "<option value=\"$x\" $sel>$x</option>";
- }
- }
- else {
- for($x = $ymax; $x <= $ymin; $x ++) {
- $sel = (($x == $y) ? " selected=\"selected\" " : "");
- $o .= "<option value=\"$x\" $sel>$x</option>";
- }
- }
+ if(strlen($f)) {
+ for($z = 0; $z < strlen($f); $z ++) {
+ if($f[$z] === 'y') {
+
+ $o .= "<select name=\"{$pre}year\" class=\"{$pre}year\" size=\"1\">";
+ if($allow_blank) {
+ $sel = (($y == '0000') ? " selected=\"selected\" " : "");
+ $o .= "<option value=\"0000\" $sel ></option>";
+ }
+
+ if($ymax > $ymin) {
+ for($x = $ymax; $x >= $ymin; $x --) {
+ $sel = (($x == $y) ? " selected=\"selected\" " : "");
+ $o .= "<option value=\"$x\" $sel>$x</option>";
+ }
+ }
+ else {
+ for($x = $ymax; $x <= $ymin; $x ++) {
+ $sel = (($x == $y) ? " selected=\"selected\" " : "");
+ $o .= "<option value=\"$x\" $sel>$x</option>";
+ }
+ }
+ }
+ elseif($f[$z] == 'm') {
- $o .= "</select> <select name=\"{$pre}month\" class=\"{$pre}month\" size=\"1\">";
- for($x = (($allow_blank) ? 0 : 1); $x <= 12; $x ++) {
- $sel = (($x == $m) ? " selected=\"selected\" " : "");
- $y = (($x) ? $x : '');
- $o .= "<option value=\"$x\" $sel>$y</option>";
- }
-
- $o .= "</select> <select name=\"{$pre}day\" class=\"{$pre}day\" size=\"1\">";
- for($x = (($allow_blank) ? 0 : 1); $x <= 31; $x ++) {
- $sel = (($x == $d) ? " selected=\"selected\" " : "");
- $y = (($x) ? $x : '');
- $o .= "<option value=\"$x\" $sel>$y</option>";
+ $o .= "</select> <select name=\"{$pre}month\" class=\"{$pre}month\" size=\"1\">";
+ for($x = (($allow_blank) ? 0 : 1); $x <= 12; $x ++) {
+ $sel = (($x == $m) ? " selected=\"selected\" " : "");
+ $y = (($x) ? $x : '');
+ $o .= "<option value=\"$x\" $sel>$y</option>";
+ }
+ }
+ elseif($f[$z] == 'd') {
+
+ $o .= "</select> <select name=\"{$pre}day\" class=\"{$pre}day\" size=\"1\">";
+ for($x = (($allow_blank) ? 0 : 1); $x <= 31; $x ++) {
+ $sel = (($x == $d) ? " selected=\"selected\" " : "");
+ $y = (($x) ? $x : '');
+ $o .= "<option value=\"$x\" $sel>$y</option>";
+ }
+ }
+ }
}
$o .= "</select>";
diff --git a/include/diaspora.php b/include/diaspora.php
new file mode 100644
index 000000000..e089e3f04
--- /dev/null
+++ b/include/diaspora.php
@@ -0,0 +1,815 @@
+<?php
+
+require_once('include/crypto.php');
+require_once('include/items.php');
+
+function get_diaspora_key($uri) {
+ $key = '';
+
+ logger('Fetching diaspora key for: ' . $uri);
+
+ $arr = lrdd($uri);
+
+ if(is_array($arr)) {
+ foreach($arr as $a) {
+ if($a['@attributes']['rel'] === 'diaspora-public-key') {
+ $key = base64_decode($a['@attributes']['href']);
+ }
+ }
+ }
+ else {
+ return '';
+ }
+
+ if($key)
+ return rsatopem($key);
+ return '';
+}
+
+
+function diaspora_base_message($type,$data) {
+
+ $tpl = get_markup_template('diaspora_' . $type . '.tpl');
+ if(! $tpl)
+ return '';
+ return replace_macros($tpl,$data);
+
+}
+
+
+function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) {
+ $a = get_app();
+
+ $inner_aes_key = random_string(32);
+ $b_inner_aes_key = base64_encode($inner_aes_key);
+ $inner_iv = random_string(32);
+ $b_inner_iv = base64_encode($inner_iv);
+
+ $outer_aes_key = random_string(32);
+ $b_outer_aes_key = base64_encode($outer_aes_key);
+ $outer_iv = random_string(32);
+ $b_outer_iv = base64_encode($outer_iv);
+
+ $handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
+
+ $padded_data = pkcs5_pad($msg,16);
+ $inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv);
+
+ $b64_data = base64_encode($inner_encrypted);
+
+
+ $b64url_data = base64url_encode($b64_data);
+ $b64url_stripped = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data);
+ $lines = str_split($b64url_stripped,60);
+ $data = implode("\n",$lines);
+ $data = $data . (($data[-1] != "\n") ? "\n" : '') ;
+ $type = 'application/atom+xml';
+ $encoding = 'base64url';
+ $alg = 'RSA-SHA256';
+
+ $signable_data = $data . '.' . base64url_encode($type) . "\n" . '.'
+ . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
+
+ $signature = rsa_sign($signable_data,$prvkey);
+ $sig = base64url_encode($signature);
+
+$decrypted_header = <<< EOT
+<decrypted_header>
+ <iv>$b_inner_iv</iv>
+ <aes_key>$b_inner_aes_key</aes_key>
+ <author>
+ <name>{$user['username']}</name>
+ <uri>$handle</uri>
+ </author>
+</decrypted_header>
+EOT;
+
+ $decrypted_header = pkcs5_pad($decrypted_header,16);
+
+ $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv);
+
+ $outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key));
+ $encrypted_outer_key_bundle = '';
+ openssl_public_encrypt($outer_json,$encrypted_outer_key_bundle,$pubkey);
+
+ $b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle);
+ $encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle),
+ 'ciphertext' => base64_encode($ciphertext)));
+ $encrypted_header = '<encrypted_header>' . base64_encode($encrypted_header_json_object) . '</encrypted_header>';
+
+$magic_env = <<< EOT
+<?xml version='1.0' encoding='UTF-8'?>
+<entry xmlns='http://www.w3.org/2005/Atom'>
+ $encrypted_header
+ <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env">
+ <me:encoding>base64url</me:encoding>
+ <me:alg>RSA-SHA256</me:alg>
+ <me:data type="application/atom+xml">$data</me:data>
+ <me:sig>$sig</me:sig>
+ </me:env>
+</entry>
+EOT;
+
+ return $magic_env;
+
+}
+
+/**
+ *
+ * diaspora_decode($importer,$xml)
+ * array $importer -> from user table
+ * string $xml -> urldecoded Diaspora salmon
+ *
+ * Returns array
+ * 'message' -> decoded Diaspora XML message
+ * 'author' -> author diaspora handle
+ * 'key' -> author public key (converted to pkcs#8)
+ *
+ * Author and key are used elsewhere to save a lookup for verifying replies and likes
+ */
+
+
+function diaspora_decode($importer,$xml) {
+
+ $basedom = parse_xml_string($xml);
+
+ $atom = $basedom->children(NAMESPACE_ATOM1);
+
+ // Diaspora devs: This is kind of sucky - 'encrypted_header' does not belong in the atom namespace
+
+ $encrypted_header = json_decode(base64_decode($atom->encrypted_header));
+
+ $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key);
+ $ciphertext = base64_decode($encrypted_header->ciphertext);
+
+ $outer_key_bundle = '';
+ openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']);
+
+ $j_outer_key_bundle = json_decode($outer_key_bundle);
+
+ $outer_iv = base64_decode($j_outer_key_bundle->iv);
+ $outer_key = base64_decode($j_outer_key_bundle->key);
+
+ $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv);
+
+ $decrypted = pkcs5_unpad($decrypted);
+
+ /**
+ * $decrypted now contains something like
+ *
+ * <decrypted_header>
+ * <iv>8e+G2+ET8l5BPuW0sVTnQw==</iv>
+ * <aes_key>UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU=</aes_key>
+ * <author>
+ * <name>Ryan Hughes</name>
+ * <uri>acct:galaxor@diaspora.pirateship.org</uri>
+ * </author>
+ * </decrypted_header>
+ */
+
+ logger('decrypted: ' . $decrypted);
+ $idom = parse_xml_string($decrypted,false);
+
+ $inner_iv = base64_decode($idom->iv);
+ $inner_aes_key = base64_decode($idom->aes_key);
+
+ $author_link = str_replace('acct:','',$idom->author->uri);
+
+ $dom = $basedom->children(NAMESPACE_SALMON_ME);
+
+ // figure out where in the DOM tree our data is hiding
+
+ if($dom->provenance->data)
+ $base = $dom->provenance;
+ elseif($dom->env->data)
+ $base = $dom->env;
+ elseif($dom->data)
+ $base = $dom;
+
+ if(! $base) {
+ logger('mod-diaspora: unable to locate salmon data in xml ');
+ http_status_exit(400);
+ }
+
+
+ // Stash the signature away for now. We have to find their key or it won't be good for anything.
+ $signature = base64url_decode($base->sig);
+
+ // unpack the data
+
+ // strip whitespace so our data element will return to one big base64 blob
+ $data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data);
+
+ // Add back the 60 char linefeeds
+
+ // Diaspora devs: This completely violates the entire principle of salmon magic signatures,
+ // which was to have a message signing format that was completely ambivalent to linefeeds
+ // and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby
+ // use different linelengths for base64 output.
+
+ $lines = str_split($data,60);
+ $data = implode("\n",$lines);
+
+
+ // stash away some other stuff for later
+
+ $type = $base->data[0]->attributes()->type[0];
+ $keyhash = $base->sig[0]->attributes()->keyhash[0];
+ $encoding = $base->encoding;
+ $alg = $base->alg;
+
+ // Diaspora devs: I can't even begin to tell you how sucky this is. Read the freaking spec.
+
+ $signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
+
+
+ // decode the data
+ $data = base64url_decode($data);
+
+ // Now pull out the inner encrypted blob
+
+ $inner_encrypted = base64_decode($data);
+
+ $inner_decrypted =
+ $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv);
+
+ $inner_decrypted = pkcs5_unpad($inner_decrypted);
+
+ if(! $author_link) {
+ logger('mod-diaspora: Could not retrieve author URI.');
+ http_status_exit(400);
+ }
+
+ // Once we have the author URI, go to the web and try to find their public key
+ // *** or look it up locally ***
+
+ logger('mod-diaspora: Fetching key for ' . $author_link );
+
+ // Get diaspora public key (pkcs#1) and convert to pkcs#8
+
+ $key = get_diaspora_key($author_link);
+
+ if(! $key) {
+ logger('mod-diaspora: Could not retrieve author key.');
+ http_status_exit(400);
+ }
+
+ $verify = rsa_verify($signed_data,$signature,$key);
+
+ if(! $verify) {
+ logger('mod-diaspora: Message did not verify. Discarding.');
+ http_status_exit(400);
+ }
+
+ logger('mod-diaspora: Message verified.');
+
+ return array('message' => $inner_decrypted, 'author' => $author_link, 'key' => $key);
+
+}
+
+function diaspora_get_contact_by_handle($uid,$handle) {
+ $r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND `uid` = %d AND `addr` = '%s' LIMIT 1",
+ dbesc(NETWORK_DIASPORA),
+ intval($uid),
+ dbesc($handle)
+ );
+ if($r && count($r))
+ return $r[0];
+ return false;
+}
+
+function find_person_by_handle($handle) {
+ // we don't care about the uid, we just want to save an expensive webfinger probe
+ $r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1",
+ dbesc(NETWORK_DIASPORA),
+ dbesc($handle)
+ );
+ if(count($r))
+ return $r[0];
+ $r = probe_url($handle);
+ // need to cached this, perhaps in fcontact
+ if(count($r))
+ return ($r);
+ return false;
+}
+
+function diaspora_request($importer,$xml) {
+
+ $sender_handle = unxmlify($xml->sender_handle);
+ $recipient_handle = unxmlify($xml->recipient_handle);
+
+ if(! $sender_handle || ! $recipient_handle)
+ return;
+
+ $contact = diaspora_get_contact_by_handle($importer['uid'],$sender_handle);
+
+
+ if($contact) {
+
+ // perhaps we were already sharing with this person. Now they're sharing with us.
+ // That makes us friends.
+
+ if($contact['rel'] == CONTACT_IS_FOLLOWER) {
+ q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval(CONTACT_IS_FRIEND),
+ intval($contact['id']),
+ intval($importer['uid'])
+ );
+ }
+ // send notification?
+ return;
+ }
+
+ require_once('include/Scrape.php');
+ $ret = probe_url($sender_handle);
+
+ if((! count($ret)) || ($ret['network'] != NETWORK_DIASPORA)) {
+ logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle);
+ return;
+ }
+
+ $r = q("INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`)
+ VALUES ( %d, '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s',%d,%d) ",
+ intval($importer['uid']),
+ dbesc($ret['network']),
+ dbesc($ret['addr']),
+ datetime_convert(),
+ dbesc($ret['url']),
+ dbesc($ret['name']),
+ dbesc($ret['nick']),
+ dbesc($ret['photo']),
+ dbesc($ret['pubkey']),
+ dbesc($ret['notify']),
+ dbesc($ret['poll']),
+ 1,
+ 2
+ );
+
+ // find the contact record we just created
+
+ $contact_record = diaspora_get_contact_by_handle($importer['uid'],$sender_handle);
+
+ $hash = random_string() . (string) time(); // Generate a confirm_key
+
+ if($contact_record) {
+ $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`,`blocked`)
+ VALUES ( %d, %d, 1, %d, '%s', '%s', '%s', 0 )",
+ intval($importer['uid']),
+ intval($contact_record['id']),
+ 0,
+ dbesc( t('Sharing notification from Diaspora network')),
+ dbesc($hash),
+ dbesc(datetime_convert())
+ );
+ }
+
+ return;
+}
+
+function diaspora_post($importer,$xml) {
+
+ $guid = notags(unxmlify($xml->guid));
+ $diaspora_handle = notags(unxmlify($xml->diaspora_handle));
+
+ $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle);
+ if(! $contact)
+ return;
+
+ if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) {
+ logger('diaspora_post: Ignoring this author.');
+ http_status_exit(202);
+ // NOTREACHED
+ }
+
+ $message_id = $diaspora_handle . ':' . $guid;
+ $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `uri` = '%s' AND `guid` = '%s' LIMIT 1",
+ intval($importer['uid']),
+ dbesc($message_id),
+ dbesc($guid)
+ );
+ if(count($r))
+ return;
+
+ // allocate a guid on our system - we aren't fixing any collisions.
+ // we're ignoring them
+
+ $g = q("select * from guid where guid = '%s' limit 1",
+ dbesc($guid)
+ );
+ if(! count($g)) {
+ q("insert into guid ( guid ) values ( '%s' )",
+ dbesc($guid)
+ );
+ }
+
+ $created = unxmlify($xml->created_at);
+ $private = ((unxmlify($xml->public) == 'false') ? 1 : 0);
+
+ $body = unxmlify($xml->raw_message);
+
+ require_once('library/HTMLPurifier.auto.php');
+ require_once('include/html2bbcode.php');
+
+ $maxlen = get_max_import_size();
+ if($maxlen && (strlen($body) > $maxlen))
+ $body = substr($body,0, $maxlen);
+
+ if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) {
+
+ $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
+ '[youtube]$1[/youtube]', $body);
+
+ $body = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s',
+ '[youtube]$1[/youtube]', $body);
+
+ $body = oembed_html2bbcode($body);
+
+ $config = HTMLPurifier_Config::createDefault();
+ $config->set('Cache.DefinitionImpl', null);
+ $purifier = new HTMLPurifier($config);
+ $body = $purifier->purify($body);
+
+ $body = html2bbcode($body);
+ }
+
+ $datarray = array();
+ $datarray['uid'] = $importer['uid'];
+ $datarray['contact-id'] = $contact['id'];
+ $datarray['wall'] = 0;
+ $datarray['guid'] = $guid;
+ $datarray['uri'] = $datarray['parent-uri'] = $message_id;
+ $datarray['created'] = $datarray['edited'] = datetime_convert('UTC','UTC',$created);
+ $datarray['private'] = $private;
+ $datarray['parent'] = 0;
+ $datarray['owner-name'] = $contact['name'];
+ $datarray['owner-link'] = $contact['url'];
+ $datarray['owner-avatar'] = $contact['thumb'];
+ $datarray['author-name'] = $contact['name'];
+ $datarray['author-link'] = $contact['url'];
+ $datarray['author-avatar'] = $contact['thumb'];
+ $datarray['body'] = $body;
+
+ item_store($datarray);
+
+ return;
+
+}
+
+function diaspora_comment($importer,$xml,$msg) {
+
+ $guid = notags(unxmlify($xml->guid));
+ $parent_guid = notags(unxmlify($xml->parent_guid));
+ $diaspora_handle = notags(unxmlify($xml->diaspora_handle));
+ $target_type = notags(unxmlify($xml->target_type));
+ $text = unxmlify($xml->text);
+ $author_signature = notags(unxmlify($xml->author_signature));
+
+ $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : '');
+
+ $text = $xml->text;
+
+ $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']);
+ if(! $contact)
+ return;
+
+ if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) {
+ logger('diaspora_comment: Ignoring this author.');
+ http_status_exit(202);
+ // NOTREACHED
+ }
+
+ $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
+ intval($importer['uid']),
+ dbesc($parent_guid)
+ );
+ if(! count($r)) {
+ logger('diaspora_comment: parent item not found: ' . $guid);
+ return;
+ }
+ $parent_item = $r[0];
+
+ $author_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle;
+
+ $author_signature = base64_decode($author_signature);
+
+ if(stricmp($diaspora_handle,$msg['author']) == 0) {
+ $person = $contact;
+ $key = $msg['key'];
+ }
+ else {
+ $person = find_person_by_handle($diaspora_handle);
+
+ if(is_array($person) && x($person,'pubkey'))
+ $key = $person['pubkey'];
+ else {
+ logger('diaspora_comment: unable to find author details');
+ return;
+ }
+ }
+
+ if(! rsa_verify($author_signed_data,$author_signature,$key)) {
+ logger('diaspora_comment: verification failed.');
+ return;
+ }
+
+ if($parent_author_signature) {
+ $owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $msg['author'];
+
+ $parent_author_signature = base64_decode($parent_author_signature);
+
+ $key = $msg['key'];
+
+ if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
+ logger('diaspora_comment: owner verification failed.');
+ return;
+ }
+ }
+
+ // Phew! Everything checks out. Now create an item.
+
+ require_once('library/HTMLPurifier.auto.php');
+ require_once('include/html2bbcode.php');
+
+ $body = $text;
+
+ $maxlen = get_max_import_size();
+ if($maxlen && (strlen($body) > $maxlen))
+ $body = substr($body,0, $maxlen);
+
+ if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) {
+
+ $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
+ '[youtube]$1[/youtube]', $body);
+
+ $body = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s',
+ '[youtube]$1[/youtube]', $body);
+
+ $body = oembed_html2bbcode($body);
+
+ $config = HTMLPurifier_Config::createDefault();
+ $config->set('Cache.DefinitionImpl', null);
+ $purifier = new HTMLPurifier($config);
+ $body = $purifier->purify($body);
+
+ $body = html2bbcode($body);
+ }
+
+ $message_id = $diaspora_handle . ':' . $guid;
+
+ $datarray = array();
+ $datarray['uid'] = $importer['uid'];
+ $datarray['contact-id'] = $contact['id'];
+ $datarray['wall'] = $parent_item['wall'];
+ $datarray['gravity'] = GRAVITY_COMMENT;
+ $datarray['guid'] = $guid;
+ $datarray['uri'] = $message_id;
+ $datarray['parent-uri'] = $parent_item['uri'];
+
+ // No timestamps for comments? OK, we'll the use current time.
+ $datarray['created'] = $datarray['edited'] = datetime_convert();
+ $datarray['private'] = $parent_item['private'];
+
+ $datarray['owner-name'] = $contact['name'];
+ $datarray['owner-link'] = $contact['url'];
+ $datarray['owner-avatar'] = $contact['thumb'];
+
+ $datarray['author-name'] = $person['name'];
+ $datarray['author-link'] = $person['url'];
+ $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
+ $datarray['body'] = $body;
+
+ item_store($datarray);
+
+ return;
+
+}
+
+function diaspora_like($importer,$xml,$msg) {
+
+ $guid = notags(unxmlify($xml->guid));
+ $parent_guid = notags(unxmlify($xml->parent_guid));
+ $diaspora_handle = notags(unxmlify($xml->diaspora_handle));
+ $target_type = notags(unxmlify($xml->target_type));
+ $positive = notags(unxmlify($xml->positive));
+ $author_signature = notags(unxmlify($xml->author_signature));
+
+ $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : '');
+
+ // likes on comments not supported here and likes on photos not supported by Diaspora
+
+ if($target_type !== 'Post')
+ return;
+
+ $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']);
+ if(! $contact)
+ return;
+
+ if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) {
+ logger('diaspora_like: Ignoring this author.');
+ http_status_exit(202);
+ // NOTREACHED
+ }
+
+ $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
+ intval($importer['uid']),
+ dbesc($parent_guid)
+ );
+ if(! count($r)) {
+ logger('diaspora_like: parent item not found: ' . $guid);
+ return;
+ }
+
+ $parent_item = $r[0];
+
+ $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '$s' LIMIT 1",
+ intval($importer['uid']),
+ dbesc($guid)
+ );
+ if(count($r)) {
+ if($positive === 'true') {
+ logger('diaspora_like: duplicate like: ' . $guid);
+ return;
+ }
+ if($positive === 'false') {
+ q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($r[0]['id']),
+ intval($importer['uid'])
+ );
+ // FIXME
+ // send notification via proc_run()
+ return;
+ }
+ }
+ if($positive === 'false') {
+ logger('diaspora_like: unlike received with no corresponding like');
+ return;
+ }
+
+ $author_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $diaspora_handle;
+
+ $author_signature = base64_decode($author_signature);
+
+ if(stricmp($diaspora_handle,$msg['author']) == 0) {
+ $person = $contact;
+ $key = $msg['key'];
+ }
+ else {
+ $person = find_person_by_handle($diaspora_handle);
+ if(is_array($person) && x($person,'pubkey'))
+ $key = $person['pubkey'];
+ else {
+ logger('diaspora_comment: unable to find author details');
+ return;
+ }
+ }
+
+ if(! rsa_verify($author_signed_data,$author_signature,$key)) {
+ logger('diaspora_like: verification failed.');
+ return;
+ }
+
+ if($parent_author_signature) {
+ $owner_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $msg['author'];
+
+ $parent_author_signature = base64_decode($parent_author_signature);
+
+ $key = $msg['key'];
+
+ if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
+ logger('diaspora_like: owner verification failed.');
+ return;
+ }
+ }
+
+ // Phew! Everything checks out. Now create an item.
+
+ $uri = $diaspora_handle . ':' . $guid;
+
+ $activity = ACTIVITY_LIKE;
+ $post_type = (($parent_item['resource-id']) ? t('photo') : t('status'));
+ $objtype = (($parent_item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE );
+ $link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . '" />' . "\n") ;
+ $body = $parent_item['body'];
+
+ $obj = <<< EOT
+
+ <object>
+ <type>$objtype</type>
+ <local>1</local>
+ <id>{$parent_item['uri']}</id>
+ <link>$link</link>
+ <title></title>
+ <content>$body</content>
+ </object>
+EOT;
+ $bodyverb = t('%1$s likes %2$s\'s %3$s');
+
+ $arr = array();
+
+ $arr['uri'] = $uri;
+ $arr['uid'] = $importer['uid'];
+ $arr['contact-id'] = $contact['id'];
+ $arr['type'] = 'activity';
+ $arr['wall'] = $parent_item['wall'];
+ $arr['gravity'] = GRAVITY_LIKE;
+ $arr['parent'] = $parent_item['id'];
+ $arr['parent-uri'] = $parent_item['uri'];
+
+ $datarray['owner-name'] = $contact['name'];
+ $datarray['owner-link'] = $contact['url'];
+ $datarray['owner-avatar'] = $contact['thumb'];
+
+ $datarray['author-name'] = $person['name'];
+ $datarray['author-link'] = $person['url'];
+ $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
+
+ $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]';
+ $alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]';
+ $plink = '[url=' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . ']' . $post_type . '[/url]';
+ $arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink );
+
+ $arr['private'] = $parent_item['private'];
+ $arr['verb'] = $activity;
+ $arr['object-type'] = $objtype;
+ $arr['object'] = $obj;
+ $arr['visible'] = 1;
+ $arr['unseen'] = 1;
+ $arr['last-child'] = 0;
+
+ $post_id = item_store($arr);
+
+
+ // FIXME send notification
+
+
+}
+
+function diaspora_retraction($importer,$xml) {
+
+ $guid = notags(unxmlify($xml->guid));
+ $diaspora_handle = notags(unxmlify($xml->diaspora_handle));
+
+ $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle);
+ if(! $contact)
+ return;
+
+// if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) {
+// logger('diaspora_retraction: Ignoring this author.');
+// http_status_exit(202);
+// // NOTREACHED
+// }
+
+
+
+}
+
+function diaspora_share($me,$contact) {
+ $a = get_app();
+ $myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
+ $theiraddr = $contact['addr'];
+
+ $tpl = get_markup_template('diaspora_share.tpl');
+ $msg = replace_macros($tpl, array(
+ '$sender' => myaddr,
+ '$recipient' => $theiraddr
+ ));
+
+ $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']));
+
+ post_url($contact['notify'],$slap);
+ $return_code = $a->get_curl_code();
+ return $return_code;
+}
+
+function diaspora_send_status($item,$owner,$contact) {
+
+ $a = get_app();
+ $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
+ $theiraddr = $contact['addr'];
+ require_once('include/bbcode.php');
+
+ $body = xmlify(bbcode($item['body']));
+ $public = (($item['private']) ? 'false' : 'true');
+
+ require_once('include/datetime.php');
+ $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d h:i:s \U\T\C');
+
+ $tpl = get_markup_template('diaspora_post.tpl');
+ $msg = replace_macros($tpl, array(
+ '$body' => $body,
+ '$guid' => $item['guid'],
+ '$handle' => xmlify($myaddr),
+ '$public' => $public,
+ '$created' => $created
+ ));
+
+ logger('diaspora_send_status: base message: ' . $msg, LOGGER_DATA);
+
+ $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']));
+
+ post_url($contact['notify'],$slap);
+ $return_code = $a->get_curl_code();
+ logger('diaspora_send_status: returns: ' . $return_code);
+ return $return_code;
+}
+
diff --git a/include/event.php b/include/event.php
index aab195d24..99f685d0b 100644
--- a/include/event.php
+++ b/include/event.php
@@ -197,6 +197,7 @@ function event_store($arr) {
$arr['type'] = (($arr['type']) ? $arr['type'] : 'event' );
$arr['cid'] = ((intval($arr['cid'])) ? intval($arr['cid']) : 0);
$arr['uri'] = (x($arr,'uri') ? $arr['uri'] : item_new_uri($a->get_hostname(),$arr['uid']));
+ $arr['private'] = ((x($arr,'private')) ? intval($arr['private']) : 0);
if($arr['cid'])
$c = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
@@ -275,7 +276,7 @@ function event_store($arr) {
$object .= '</object>' . "\n";
- q("UPDATE `item` SET `body` = '%s', `object` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ q("UPDATE `item` SET `body` = '%s', `object` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `edited` = '%s', `private` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc(format_event_bbcode($arr)),
dbesc($object),
dbesc($arr['allow_cid']),
@@ -283,6 +284,7 @@ function event_store($arr) {
dbesc($arr['deny_cid']),
dbesc($arr['deny_gid']),
dbesc($arr['edited']),
+ intval($arr['private']),
intval($r[0]['id']),
intval($arr['uid'])
);
@@ -341,10 +343,11 @@ function event_store($arr) {
$item_arr['author-link'] = $contact['url'];
$item_arr['author-avatar'] = $contact['thumb'];
$item_arr['title'] = '';
- $item_arr['allow_cid'] = $str_contact_allow;
- $item_arr['allow_gid'] = $str_group_allow;
- $item_arr['deny_cid'] = $str_contact_deny;
- $item_arr['deny_gid'] = $str_group_deny;
+ $item_arr['allow_cid'] = $arr['allow_cid'];
+ $item_arr['allow_gid'] = $arr['allow_gid'];
+ $item_arr['deny_cid'] = $arr['deny_cid'];
+ $item_arr['deny_gid'] = $arr['deny_gid'];
+ $item_arr['private'] = $arr['private'];
$item_arr['last-child'] = 1;
$item_arr['visible'] = 1;
$item_arr['verb'] = ACTIVITY_POST;
diff --git a/include/group.php b/include/group.php
index e16c900d9..1ebae7b7b 100644
--- a/include/group.php
+++ b/include/group.php
@@ -136,7 +136,7 @@ function group_public_members($gid) {
-function group_side($every="contacts",$each="group",$edit = false, $group_id = 0) {
+function group_side($every="contacts",$each="group",$edit = false, $group_id = 0, $cid = 0) {
$o = '';
@@ -160,10 +160,19 @@ EOT;
$r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC",
intval($_SESSION['uid'])
);
+ if($cid) {
+ $member_of = groups_containing(local_user(),$cid);
+ }
+
if(count($r)) {
foreach($r as $rr) {
$selected = (($group_id == $rr['id']) ? ' class="group-selected" ' : '');
- $o .= ' <li class="sidebar-group-li">' . (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit') . "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "") . "<a href=\"$each/{$rr['id']}\" $selected >{$rr['name']}</a></li>\r\n";
+ $o .= ' <li class="sidebar-group-li">'
+ . (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit')
+ . "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "")
+ . (($cid) ? '<input type="checkbox" class="' . (($selected) ? 'ticked' : 'unticked') . '" onclick="contactgroupChangeMember(' . $rr['id'] . ',' . $cid . ');return true;" '
+ . ((in_array($rr['id'],$member_of)) ? ' checked="checked" ' : '') . '/>' : '')
+ . "<a href=\"$each/{$rr['id']}\" $selected >{$rr['name']}</a></li>\r\n";
}
}
$o .= " </ul>\r\n </div>";
@@ -204,3 +213,18 @@ function member_of($c) {
}
+function groups_containing($uid,$c) {
+
+ $r = q("SELECT `gid` FROM `group_member` WHERE `uid` = %d AND `group_member`.`contact-id` = %d ",
+ intval($uid),
+ intval($c)
+ );
+
+ $ret = array();
+ if(count($r)) {
+ foreach($r as $rr)
+ $ret[] = $rr['gid'];
+ }
+
+ return $ret;
+} \ No newline at end of file
diff --git a/include/hostxrd.php b/include/hostxrd.php
deleted file mode 100644
index 7040f927d..000000000
--- a/include/hostxrd.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-
-function hostxrd($baseurl) {
-
- header('Access-Control-Allow-Origin: *');
- header("Content-type: text/xml");
- $tpl = file_get_contents('view/xrd_host.tpl');
- echo str_replace('$domain',$baseurl,$tpl);
- session_write_close();
- exit();
-
-} \ No newline at end of file
diff --git a/include/items.php b/include/items.php
index 6593647ba..ec519ad9b 100644
--- a/include/items.php
+++ b/include/items.php
@@ -6,7 +6,6 @@ require_once('include/salmon.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
-
// default permissions - anonymous user
if(! strlen($owner_nick))
@@ -113,7 +112,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
$items = $r;
- $feed_template = get_markup_template('atom_feed.tpl');
+ $feed_template = get_markup_template(($dfrn_id) ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl');
$atom = '';
@@ -154,6 +153,9 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
if($dfrn_id === '') {
$type = 'html';
+ // catch any email that's in a public conversation and make sure it doesn't leak
+ if($item['private'])
+ continue;
}
else {
$type = 'text';
@@ -485,7 +487,6 @@ function get_atom_elements($feed,$item) {
if((x($res,'verb')) && ($res['verb'] === 'http://ostatus.org/schema/1.0/unfollow'))
$res['verb'] = ACTIVITY_UNFOLLOW;
-
$cats = $item->get_categories();
if($cats) {
$tag_arr = array();
@@ -520,7 +521,7 @@ function get_atom_elements($feed,$item) {
if(! $type)
$type = 'application/octet-stream';
- $att_arr[] = '[attach]href="' . $link . '" size="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]';
+ $att_arr[] = '[attach]href="' . $link . '" length="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]';
}
$res['attach'] = implode(',', $att_arr);
}
@@ -720,6 +721,13 @@ function item_store($arr,$force_parent = false) {
if($r[0]['uri'] != $r[0]['parent-uri']) {
$arr['thr-parent'] = $arr['parent-uri'];
$arr['parent-uri'] = $r[0]['parent-uri'];
+ $z = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `parent-uri` = '%s' AND `uid` = %d LIMIT 1",
+ dbesc($r[0]['parent-uri']),
+ dbesc($r[0]['parent-uri']),
+ intval($arr['uid'])
+ );
+ if($z && count($z))
+ $r = $z;
}
$parent_id = $r[0]['id'];
@@ -749,6 +757,8 @@ function item_store($arr,$force_parent = false) {
}
}
+ $arr['guid'] = get_guid();
+
call_hooks('post_remote',$arr);
dbesc_array($arr);
@@ -917,7 +927,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$postvars['dissolve'] = '1';
- if((($contact['rel']) && ($contact['rel'] != REL_FAN) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) {
+ if((($contact['rel']) && ($contact['rel'] != CONTACT_IS_SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) {
$postvars['data'] = $atom;
$postvars['perm'] = 'rw';
}
@@ -997,6 +1007,11 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee
require_once('library/simplepie/simplepie.inc');
+ if(! strlen($xml)) {
+ logger('consume_feed: empty input');
+ return;
+ }
+
$feed = new SimplePie();
$feed->set_raw_data($xml);
if($datedir)
@@ -1023,7 +1038,9 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee
if(count($hubs))
$hub = implode(',', $hubs);
- $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
+ $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'owner');
+ if(! $rawtags)
+ $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
if($rawtags) {
$elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10];
if($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) {
@@ -1349,6 +1366,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee
$ev['uid'] = $importer['uid'];
$ev['uri'] = $item_id;
$ev['edited'] = $datarray['edited'];
+ $ev['private'] = $datarray['private'];
if(is_array($contact))
$ev['cid'] = $contact['id'];
@@ -1444,9 +1462,9 @@ function new_follower($importer,$contact,$datarray,$item) {
$nick = $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data'];
if(is_array($contact)) {
- if($contact['network'] == 'stat' && $contact['rel'] == REL_FAN) {
+ if($contact['network'] == 'stat' && $contact['rel'] == CONTACT_IS_SHARING) {
$r = q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval(REL_BUD),
+ intval(CONTACT_IS_FRIEND),
intval($contact['id']),
intval($importer['uid'])
);
@@ -1468,12 +1486,12 @@ function new_follower($importer,$contact,$datarray,$item) {
dbesc($nick),
dbesc($photo),
dbesc('stat'),
- intval(REL_VIP)
+ intval(CONTACT_IS_FOLLOWER)
);
$r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `pending` = 1 AND `rel` = %d LIMIT 1",
intval($importer['uid']),
dbesc($url),
- intval(REL_VIP)
+ intval(CONTACT_IS_FOLLOWER)
);
if(count($r))
$contact_record = $r[0];
@@ -1518,9 +1536,9 @@ function new_follower($importer,$contact,$datarray,$item) {
function lose_follower($importer,$contact,$datarray,$item) {
- if(($contact['rel'] == REL_BUD) || ($contact['rel'] == REL_FAN)) {
+ if(($contact['rel'] == CONTACT_IS_FRIEND) || ($contact['rel'] == CONTACT_IS_SHARING)) {
q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d LIMIT 1",
- intval(REL_FAN),
+ intval(CONTACT_IS_SHARING),
intval($contact['id'])
);
}
@@ -1726,11 +1744,11 @@ function item_getfeedattach($item) {
if(count($arr)) {
foreach($arr as $r) {
$matches = false;
- $cnt = preg_match('|\[attach\]href=\"(.*?)\" size=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches);
+ $cnt = preg_match('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches);
if($cnt) {
$ret .= '<link rel="enclosure" href="' . xmlify($matches[1]) . '" type="' . xmlify($matches[3]) . '" ';
if(intval($matches[2]))
- $ret .= 'size="' . intval($matches[2]) . '" ';
+ $ret .= 'length="' . intval($matches[2]) . '" ';
if($matches[4] !== ' ')
$ret .= 'title="' . xmlify(trim($matches[4])) . '" ';
$ret .= ' />' . "\r\n";
diff --git a/include/main.js b/include/main.js
index 3574e6eb8..83dcc720c 100644
--- a/include/main.js
+++ b/include/main.js
@@ -194,7 +194,8 @@
else {
$('#' + ident + ' ' + '.wall-item-ago').replaceWith($(this).find('.wall-item-ago'));
- $('#' + ident + ' ' + '.wall-item-comment-wrapper').replaceWith($(this).find('.wall-item-comment-wrapper'));
+ if($('#' + ident + ' ' + '.comment-edit-text-empty').length)
+ $('#' + ident + ' ' + '.wall-item-comment-wrapper').replaceWith($(this).find('.wall-item-comment-wrapper'));
$('#' + ident + ' ' + '.wall-item-like').replaceWith($(this).find('.wall-item-like'));
$('#' + ident + ' ' + '.wall-item-dislike').replaceWith($(this).find('.wall-item-dislike'));
$('#' + ident + ' ' + '.my-comment-photo').each(function() {
@@ -361,6 +362,14 @@
});
}
+ function contactgroupChangeMember(gid,cid) {
+ $('body').css('cursor', 'wait');
+ $.get('contactgroup/' + gid + '/' + cid, function(data) {
+ $('body').css('cursor', 'auto');
+ });
+ }
+
+
function checkboxhighlight(box) {
if($(box).is(':checked')) {
$(box).addClass('checkeditem');
@@ -414,3 +423,4 @@ Array.prototype.remove = function(item) {
this.length = from < 0 ? this.length + from : from;
return this.push.apply(this, rest);
};
+
diff --git a/include/network.php b/include/network.php
new file mode 100644
index 000000000..bbf1d6a63
--- /dev/null
+++ b/include/network.php
@@ -0,0 +1,695 @@
+<?php
+
+
+// curl wrapper. If binary flag is true, return binary
+// results.
+
+if(! function_exists('fetch_url')) {
+function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0) {
+
+ $a = get_app();
+
+ $ch = curl_init($url);
+ if(($redirects > 8) || (! $ch))
+ return false;
+
+ curl_setopt($ch, CURLOPT_HEADER, true);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
+ curl_setopt($ch, CURLOPT_USERAGENT, "Friendika");
+
+ if(intval($timeout)) {
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
+ }
+ else {
+ $curl_time = intval(get_config('system','curl_timeout'));
+ curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60));
+ }
+ // by default we will allow self-signed certs
+ // but you can override this
+
+ $check_cert = get_config('system','verifyssl');
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false));
+
+ $prx = get_config('system','proxy');
+ if(strlen($prx)) {
+ curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
+ curl_setopt($ch, CURLOPT_PROXY, $prx);
+ $prxusr = get_config('system','proxyuser');
+ if(strlen($prxusr))
+ curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
+ }
+ if($binary)
+ curl_setopt($ch, CURLOPT_BINARYTRANSFER,1);
+
+ $a->set_curl_code(0);
+
+ // don't let curl abort the entire application
+ // if it throws any errors.
+
+ $s = @curl_exec($ch);
+
+ $base = $s;
+ $curl_info = curl_getinfo($ch);
+ $http_code = $curl_info['http_code'];
+
+ $header = '';
+
+ // Pull out multiple headers, e.g. proxy and continuation headers
+ // allow for HTTP/2.x without fixing code
+
+ while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) {
+ $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4);
+ $header .= $chunk;
+ $base = substr($base,strlen($chunk));
+ }
+
+ if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) {
+ $matches = array();
+ preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
+ $url = trim(array_pop($matches));
+ $url_parsed = @parse_url($url);
+ if (isset($url_parsed)) {
+ $redirects++;
+ return fetch_url($url,$binary,$redirects,$timeout);
+ }
+ }
+
+ $a->set_curl_code($http_code);
+
+ $body = substr($s,strlen($header));
+
+ $a->set_curl_headers($header);
+
+ curl_close($ch);
+ return($body);
+}}
+
+// post request to $url. $params is an array of post variables.
+
+if(! function_exists('post_url')) {
+function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) {
+ $a = get_app();
+ $ch = curl_init($url);
+ if(($redirects > 8) || (! $ch))
+ return false;
+
+ curl_setopt($ch, CURLOPT_HEADER, true);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
+ curl_setopt($ch, CURLOPT_POST,1);
+ curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
+ curl_setopt($ch, CURLOPT_USERAGENT, "Friendika");
+
+ if(intval($timeout)) {
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
+ }
+ else {
+ $curl_time = intval(get_config('system','curl_timeout'));
+ curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60));
+ }
+
+ if(defined('LIGHTTPD')) {
+ if(!is_array($headers)) {
+ $headers = array('Expect:');
+ } else {
+ if(!in_array('Expect:', $headers)) {
+ array_push($headers, 'Expect:');
+ }
+ }
+ }
+ if($headers)
+ curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+
+ $check_cert = get_config('system','verifyssl');
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false));
+ $prx = get_config('system','proxy');
+ if(strlen($prx)) {
+ curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
+ curl_setopt($ch, CURLOPT_PROXY, $prx);
+ $prxusr = get_config('system','proxyuser');
+ if(strlen($prxusr))
+ curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
+ }
+
+ $a->set_curl_code(0);
+
+ // don't let curl abort the entire application
+ // if it throws any errors.
+
+ $s = @curl_exec($ch);
+
+ $base = $s;
+ $curl_info = curl_getinfo($ch);
+ $http_code = $curl_info['http_code'];
+
+ $header = '';
+
+ // Pull out multiple headers, e.g. proxy and continuation headers
+ // allow for HTTP/2.x without fixing code
+
+ while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) {
+ $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4);
+ $header .= $chunk;
+ $base = substr($base,strlen($chunk));
+ }
+
+ if($http_code == 301 || $http_code == 302 || $http_code == 303) {
+ $matches = array();
+ preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
+ $url = trim(array_pop($matches));
+ $url_parsed = @parse_url($url);
+ if (isset($url_parsed)) {
+ $redirects++;
+ return post_url($url,$params,$headers,$redirects,$timeout);
+ }
+ }
+ $a->set_curl_code($http_code);
+ $body = substr($s,strlen($header));
+
+ $a->set_curl_headers($header);
+
+ curl_close($ch);
+ return($body);
+}}
+
+// Generic XML return
+// Outputs a basic dfrn XML status structure to STDOUT, with a <status> variable
+// of $st and an optional text <message> of $message and terminates the current process.
+
+if(! function_exists('xml_status')) {
+function xml_status($st, $message = '') {
+
+ $xml_message = ((strlen($message)) ? "\t<message>" . xmlify($message) . "</message>\r\n" : '');
+
+ if($st)
+ logger('xml_status returning non_zero: ' . $st . " message=" . $message);
+
+ header( "Content-type: text/xml" );
+ echo '<?xml version="1.0" encoding="UTF-8"?>'."\r\n";
+ echo "<result>\r\n\t<status>$st</status>\r\n$xml_message</result>\r\n";
+ killme();
+}}
+
+
+if(! function_exists('http_status_exit')) {
+function http_status_exit($val) {
+
+ if($val >= 400)
+ $err = 'Error';
+ if($val >= 200 && $val < 300)
+ $err = 'OK';
+
+ logger('http_status_exit ' . $val);
+ header($_SERVER["SERVER_PROTOCOL"] . ' ' . $val . ' ' . $err);
+ killme();
+
+}}
+
+
+// convert an XML document to a normalised, case-corrected array
+// used by webfinger
+
+if(! function_exists('convert_xml_element_to_array')) {
+function convert_xml_element_to_array($xml_element, &$recursion_depth=0) {
+
+ // If we're getting too deep, bail out
+ if ($recursion_depth > 512) {
+ return(null);
+ }
+
+ if (!is_string($xml_element) &&
+ !is_array($xml_element) &&
+ (get_class($xml_element) == 'SimpleXMLElement')) {
+ $xml_element_copy = $xml_element;
+ $xml_element = get_object_vars($xml_element);
+ }
+
+ if (is_array($xml_element)) {
+ $result_array = array();
+ if (count($xml_element) <= 0) {
+ return (trim(strval($xml_element_copy)));
+ }
+
+ foreach($xml_element as $key=>$value) {
+
+ $recursion_depth++;
+ $result_array[strtolower($key)] =
+ convert_xml_element_to_array($value, $recursion_depth);
+ $recursion_depth--;
+ }
+ if ($recursion_depth == 0) {
+ $temp_array = $result_array;
+ $result_array = array(
+ strtolower($xml_element_copy->getName()) => $temp_array,
+ );
+ }
+
+ return ($result_array);
+
+ } else {
+ return (trim(strval($xml_element)));
+ }
+}}
+
+// Given an email style address, perform webfinger lookup and
+// return the resulting DFRN profile URL, or if no DFRN profile URL
+// is located, returns an OStatus subscription template (prefixed
+// with the string 'stat:' to identify it as on OStatus template).
+// If this isn't an email style address just return $s.
+// Return an empty string if email-style addresses but webfinger fails,
+// or if the resultant personal XRD doesn't contain a supported
+// subscription/friend-request attribute.
+
+if(! function_exists('webfinger_dfrn')) {
+function webfinger_dfrn($s) {
+ if(! strstr($s,'@')) {
+ return $s;
+ }
+ $links = webfinger($s);
+ logger('webfinger_dfrn: ' . $s . ':' . print_r($links,true), LOGGER_DATA);
+ if(count($links)) {
+ foreach($links as $link)
+ if($link['@attributes']['rel'] === NAMESPACE_DFRN)
+ return $link['@attributes']['href'];
+ foreach($links as $link)
+ if($link['@attributes']['rel'] === NAMESPACE_OSTATUSSUB)
+ return 'stat:' . $link['@attributes']['template'];
+ }
+ return '';
+}}
+
+// Given an email style address, perform webfinger lookup and
+// return the array of link attributes from the personal XRD file.
+// On error/failure return an empty array.
+
+
+if(! function_exists('webfinger')) {
+function webfinger($s) {
+ $host = '';
+ if(strstr($s,'@')) {
+ $host = substr($s,strpos($s,'@') + 1);
+ }
+ if(strlen($host)) {
+ $tpl = fetch_lrdd_template($host);
+ logger('webfinger: lrdd template: ' . $tpl);
+ if(strlen($tpl)) {
+ $pxrd = str_replace('{uri}', urlencode('acct:' . $s), $tpl);
+ logger('webfinger: pxrd: ' . $pxrd);
+ $links = fetch_xrd_links($pxrd);
+ if(! count($links)) {
+ // try with double slashes
+ $pxrd = str_replace('{uri}', urlencode('acct://' . $s), $tpl);
+ logger('webfinger: pxrd: ' . $pxrd);
+ $links = fetch_xrd_links($pxrd);
+ }
+ return $links;
+ }
+ }
+ return array();
+}}
+
+if(! function_exists('lrdd')) {
+function lrdd($uri) {
+
+ $a = get_app();
+
+ // default priority is host priority, host-meta first
+
+ $priority = 'host';
+
+ // All we have is an email address. Resource-priority is irrelevant
+ // because our URI isn't directly resolvable.
+
+ if(strstr($uri,'@')) {
+ return(webfinger($uri));
+ }
+
+ // get the host meta file
+
+ $host = @parse_url($uri);
+
+ if($host) {
+ $url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://';
+ $url .= $host['host'] . '/.well-known/host-meta' ;
+ }
+ else
+ return array();
+
+ logger('lrdd: constructed url: ' . $url);
+
+ $xml = fetch_url($url);
+ $headers = $a->get_curl_headers();
+
+ if (! $xml)
+ return array();
+
+ logger('lrdd: host_meta: ' . $xml, LOGGER_DATA);
+
+ $h = parse_xml_string($xml);
+ if(! $h)
+ return array();
+
+ $arr = convert_xml_element_to_array($h);
+
+ if(isset($arr['xrd']['property'])) {
+ $property = $arr['crd']['property'];
+ if(! isset($property[0]))
+ $properties = array($property);
+ else
+ $properties = $property;
+ foreach($properties as $prop)
+ if((string) $prop['@attributes'] === 'http://lrdd.net/priority/resource')
+ $priority = 'resource';
+ }
+
+ // save the links in case we need them
+
+ $links = array();
+
+ if(isset($arr['xrd']['link'])) {
+ $link = $arr['xrd']['link'];
+ if(! isset($link[0]))
+ $links = array($link);
+ else
+ $links = $link;
+ }
+
+ // do we have a template or href?
+
+ if(count($links)) {
+ foreach($links as $link) {
+ if($link['@attributes']['rel'] && attribute_contains($link['@attributes']['rel'],'lrdd')) {
+ if(x($link['@attributes'],'template'))
+ $tpl = $link['@attributes']['template'];
+ elseif(x($link['@attributes'],'href'))
+ $href = $link['@attributes']['href'];
+ }
+ }
+ }
+
+ if((! isset($tpl)) || (! strpos($tpl,'{uri}')))
+ $tpl = '';
+
+ if($priority === 'host') {
+ if(strlen($tpl))
+ $pxrd = str_replace('{uri}', urlencode($uri), $tpl);
+ elseif(isset($href))
+ $pxrd = $href;
+ if(isset($pxrd)) {
+ logger('lrdd: (host priority) pxrd: ' . $pxrd);
+ $links = fetch_xrd_links($pxrd);
+ return $links;
+ }
+
+ $lines = explode("\n",$headers);
+ if(count($lines)) {
+ foreach($lines as $line) {
+ if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) {
+ return(fetch_xrd_links($matches[1]));
+ break;
+ }
+ }
+ }
+ }
+
+
+ // priority 'resource'
+
+
+ $html = fetch_url($uri);
+ $headers = $a->get_curl_headers();
+ logger('lrdd: headers=' . $headers, LOGGER_DEBUG);
+
+ // don't try and parse raw xml as html
+ if(! strstr($html,'<?xml')) {
+ require_once('library/HTML5/Parser.php');
+ $dom = @HTML5_Parser::parse($html);
+
+ if($dom) {
+ $items = $dom->getElementsByTagName('link');
+ foreach($items as $item) {
+ $x = $item->getAttribute('rel');
+ if($x == "lrdd") {
+ $pagelink = $item->getAttribute('href');
+ break;
+ }
+ }
+ }
+ }
+
+ if(isset($pagelink))
+ return(fetch_xrd_links($pagelink));
+
+ // next look in HTTP headers
+
+ $lines = explode("\n",$headers);
+ if(count($lines)) {
+ foreach($lines as $line) {
+ // TODO alter the following regex to support multiple relations (space separated)
+ if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) {
+ $pagelink = $matches[1];
+ break;
+ }
+ // don't try and run feeds through the html5 parser
+ if(stristr($line,'content-type:') && ((stristr($line,'application/atom+xml')) || (stristr($line,'application/rss+xml'))))
+ return array();
+ if(stristr($html,'<rss') || stristr($html,'<feed'))
+ return array();
+ }
+ }
+
+ if(isset($pagelink))
+ return(fetch_xrd_links($pagelink));
+
+ // If we haven't found any links, return the host xrd links (which we have already fetched)
+
+ if(isset($links))
+ return $links;
+
+ return array();
+
+}}
+
+
+
+// Given a host name, locate the LRDD template from that
+// host. Returns the LRDD template or an empty string on
+// error/failure.
+
+if(! function_exists('fetch_lrdd_template')) {
+function fetch_lrdd_template($host) {
+ $tpl = '';
+
+ $url1 = 'https://' . $host . '/.well-known/host-meta' ;
+ $url2 = 'http://' . $host . '/.well-known/host-meta' ;
+ $links = fetch_xrd_links($url1);
+ logger('fetch_lrdd_template from: ' . $url1);
+ logger('template (https): ' . print_r($links,true));
+ if(! count($links)) {
+ logger('fetch_lrdd_template from: ' . $url2);
+ $links = fetch_xrd_links($url2);
+ logger('template (http): ' . print_r($links,true));
+ }
+ if(count($links)) {
+ foreach($links as $link)
+ if($link['@attributes']['rel'] && $link['@attributes']['rel'] === 'lrdd')
+ $tpl = $link['@attributes']['template'];
+ }
+ if(! strpos($tpl,'{uri}'))
+ $tpl = '';
+ return $tpl;
+}}
+
+// Given a URL, retrieve the page as an XRD document.
+// Return an array of links.
+// on error/failure return empty array.
+
+if(! function_exists('fetch_xrd_links')) {
+function fetch_xrd_links($url) {
+
+ $xrd_timeout = intval(get_config('system','xrd_timeout'));
+ $redirects = 0;
+ $xml = fetch_url($url,false,$redirects,(($xrd_timeout) ? $xrd_timeout : 30));
+
+ logger('fetch_xrd_links: ' . $xml, LOGGER_DATA);
+
+ if ((! $xml) || (! stristr($xml,'<xrd')))
+ return array();
+
+ $h = parse_xml_string($xml);
+ if(! $h)
+ return array();
+
+ $arr = convert_xml_element_to_array($h);
+
+ $links = array();
+
+ if(isset($arr['xrd']['link'])) {
+ $link = $arr['xrd']['link'];
+ if(! isset($link[0]))
+ $links = array($link);
+ else
+ $links = $link;
+ }
+ if(isset($arr['xrd']['alias'])) {
+ $alias = $arr['xrd']['alias'];
+ if(! isset($alias[0]))
+ $aliases = array($alias);
+ else
+ $aliases = $alias;
+ if(count($aliases)) {
+ foreach($aliases as $alias) {
+ $links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias);
+ }
+ }
+ }
+
+ logger('fetch_xrd_links: ' . print_r($links,true), LOGGER_DATA);
+
+ return $links;
+
+}}
+
+
+// Take a URL from the wild, prepend http:// if necessary
+// and check DNS to see if it's real
+// return true if it's OK, false if something is wrong with it
+
+if(! function_exists('validate_url')) {
+function validate_url(&$url) {
+ if(substr($url,0,4) != 'http')
+ $url = 'http://' . $url;
+ $h = @parse_url($url);
+
+ if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) {
+ return true;
+ }
+ return false;
+}}
+
+// checks that email is an actual resolvable internet address
+
+if(! function_exists('validate_email')) {
+function validate_email($addr) {
+
+ if(! strpos($addr,'@'))
+ return false;
+ $h = substr($addr,strpos($addr,'@') + 1);
+
+ if(($h) && (dns_get_record($h, DNS_A + DNS_CNAME + DNS_PTR + DNS_MX))) {
+ return true;
+ }
+ return false;
+}}
+
+// Check $url against our list of allowed sites,
+// wildcards allowed. If allowed_sites is unset return true;
+// If url is allowed, return true.
+// otherwise, return false
+
+if(! function_exists('allowed_url')) {
+function allowed_url($url) {
+
+ $h = @parse_url($url);
+
+ if(! $h) {
+ return false;
+ }
+
+ $str_allowed = get_config('system','allowed_sites');
+ if(! $str_allowed)
+ return true;
+
+ $found = false;
+
+ $host = strtolower($h['host']);
+
+ // always allow our own site
+
+ if($host == strtolower($_SERVER['SERVER_NAME']))
+ return true;
+
+ $fnmatch = function_exists('fnmatch');
+ $allowed = explode(',',$str_allowed);
+
+ if(count($allowed)) {
+ foreach($allowed as $a) {
+ $pat = strtolower(trim($a));
+ if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) {
+ $found = true;
+ break;
+ }
+ }
+ }
+ return $found;
+}}
+
+// check if email address is allowed to register here.
+// Compare against our list (wildcards allowed).
+// Returns false if not allowed, true if allowed or if
+// allowed list is not configured.
+
+if(! function_exists('allowed_email')) {
+function allowed_email($email) {
+
+
+ $domain = strtolower(substr($email,strpos($email,'@') + 1));
+ if(! $domain)
+ return false;
+
+ $str_allowed = get_config('system','allowed_email');
+ if(! $str_allowed)
+ return true;
+
+ $found = false;
+
+ $fnmatch = function_exists('fnmatch');
+ $allowed = explode(',',$str_allowed);
+
+ if(count($allowed)) {
+ foreach($allowed as $a) {
+ $pat = strtolower(trim($a));
+ if(($fnmatch && fnmatch($pat,$domain)) || ($pat == $domain)) {
+ $found = true;
+ break;
+ }
+ }
+ }
+ return $found;
+}}
+
+
+if(! function_exists('gravatar_img')) {
+function gravatar_img($email) {
+ $size = 175;
+ $opt = 'identicon'; // psuedo-random geometric pattern if not found
+ $rating = 'pg';
+ $hash = md5(trim(strtolower($email)));
+
+ $url = 'http://www.gravatar.com/avatar/' . $hash . '.jpg'
+ . '?s=' . $size . '&d=' . $opt . '&r=' . $rating;
+
+ logger('gravatar: ' . $email . ' ' . $url);
+ return $url;
+}}
+
+
+if(! function_exists('parse_xml_string')) {
+function parse_xml_string($s,$strict = true) {
+ if($strict) {
+ if(! strstr($s,'<?xml'))
+ return false;
+ $s2 = substr($s,strpos($s,'<?xml'));
+ }
+ else
+ $s2 = $s;
+ libxml_use_internal_errors(true);
+
+ $x = @simplexml_load_string($s2);
+ if(! $x) {
+ logger('libxml: parse: error: ' . $s2, LOGGER_DATA);
+ foreach(libxml_get_errors() as $err)
+ logger('libxml: parse: ' . $err->code." at ".$err->line.":".$err->column." : ".$err->message, LOGGER_DATA);
+ libxml_clear_errors();
+ }
+ return $x;
+}}
diff --git a/include/notifier.php b/include/notifier.php
index 59e573762..15fb38534 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -50,8 +50,10 @@ function notifier_run($argv, $argc){
$recipients = array();
$url_recipients = array();
- if($cmd === 'mail') {
+ $normal_mode = true;
+ if($cmd === 'mail') {
+ $normal_mode = false;
$message = q("SELECT * FROM `mail` WHERE `id` = %d LIMIT 1",
intval($item_id)
);
@@ -64,6 +66,7 @@ function notifier_run($argv, $argc){
}
elseif($cmd === 'expire') {
+ $normal_mode = false;
$expire = true;
$items = q("SELECT * FROM `item` WHERE `uid` = %d AND `wall` = 1
AND `deleted` = 1 AND `changed` > UTC_TIMESTAMP - INTERVAL 10 MINUTE",
@@ -75,6 +78,7 @@ function notifier_run($argv, $argc){
return;
}
elseif($cmd === 'suggest') {
+ $normal_mode = false;
$suggest = q("SELECT * FROM `fsuggest` WHERE `id` = %d LIMIT 1",
intval($item_id)
);
@@ -95,7 +99,7 @@ function notifier_run($argv, $argc){
return;
}
- $parent_item = $r[0];
+ $target_item = $r[0];
$parent_id = intval($r[0]['parent']);
$uid = $r[0]['uid'];
$updated = $r[0]['edited'];
@@ -119,7 +123,8 @@ function notifier_run($argv, $argc){
$top_level = true;
}
- $r = q("SELECT `contact`.*, `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`,
+ $r = q("SELECT `contact`.*, `user`.`pubkey` AS `upubkey`, `user`.`prvkey` AS `uprvkey`,
+ `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`,
`user`.`page-flags`, `user`.`prvnets`
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1",
@@ -145,7 +150,7 @@ function notifier_run($argv, $argc){
$parent = $items[0];
- if($parent['type'] === 'remote' && (! $expire)) {
+ if($parent['wall'] == 0 && (! $expire)) {
// local followup to remote post
$followup = true;
$notify_hub = false; // not public
@@ -289,6 +294,11 @@ function notifier_run($argv, $argc){
if(! $item['parent'])
continue;
+ // private emails may be in included in public conversations. Filter them.
+
+ if(($notify_hub) && $item['private'])
+ continue;
+
$contact = get_item_contact($item,$contacts);
if(! $contact)
continue;
@@ -311,9 +321,9 @@ function notifier_run($argv, $argc){
$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
if(! $mail_disabled) {
- if((! strlen($parent_item['allow_cid'])) && (! strlen($parent_item['allow_gid']))
- && (! strlen($parent_item['deny_cid'])) && (! strlen($parent_item['deny_gid']))
- && (intval($parent_item['pubmail']))) {
+ if((! strlen($target_item['allow_cid'])) && (! strlen($target_item['allow_gid']))
+ && (! strlen($target_item['deny_cid'])) && (! strlen($target_item['deny_gid']))
+ && (intval($target_item['pubmail']))) {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `network` = '%s'",
intval($uid),
dbesc(NETWORK_MAIL)
@@ -346,7 +356,7 @@ function notifier_run($argv, $argc){
$deliver_status = 0;
switch($contact['network']) {
- case 'dfrn':
+ case NETWORK_DFRN:
logger('notifier: dfrndelivery: ' . $contact['name']);
$deliver_status = dfrn_deliver($owner,$contact,$atom);
@@ -364,7 +374,7 @@ function notifier_run($argv, $argc){
);
}
break;
- case 'stat':
+ case NETWORK_OSTATUS:
// Do not send to otatus if we are not configured to send to public networks
if($owner['prvnets'])
@@ -414,7 +424,7 @@ function notifier_run($argv, $argc){
}
break;
- case 'mail':
+ case NETWORK_MAIL:
if(get_config('system','dfrn_only'))
break;
@@ -491,9 +501,34 @@ function notifier_run($argv, $argc){
mail($addr, $subject, $message, $headers);
}
break;
- case 'feed':
- case 'face':
- case 'dspr':
+ case NETWORK_DIASPORA:
+ if(get_config('system','dfrn_only') || (! get_config('diaspora_enabled')) || (! $normal_mode))
+ break;
+
+ if($target_item['deleted']) {
+ // diaspora delete, (check for like)
+
+ break;
+ }
+ elseif($followup) {
+ // send to owner to relay
+
+ break;
+ }
+ elseif($target_item['parent'] != $target_item['id']) {
+ // we are the relay
+
+ break;
+ }
+ elseif($top_level) {
+ diaspora_send_status($target_item,$owner,$contact);
+ break;
+ }
+
+ break;
+
+ case NETWORK_FEED:
+ case NETWORK_FACEBOOK:
if(get_config('system','dfrn_only'))
break;
default:
@@ -504,7 +539,7 @@ function notifier_run($argv, $argc){
// send additional slaps to mentioned remote tags (@foo@example.com)
- if($slap && count($url_recipients) && $followup && $notify_hub && (! $expire)) {
+ if($slap && count($url_recipients) && ($followup || $top_level) && $notify_hub && (! $expire)) {
if(! get_config('system','dfrn_only')) {
foreach($url_recipients as $url) {
if($url) {
@@ -542,7 +577,7 @@ function notifier_run($argv, $argc){
*
*/
- $max_allowed = ((get_config('system','maxpubdeliver') === false) ? 150 : intval(get_config('system','maxpubdeliver')));
+ $max_allowed = ((get_config('system','maxpubdeliver') === false) ? 999 : intval(get_config('system','maxpubdeliver')));
/**
*
@@ -552,10 +587,10 @@ function notifier_run($argv, $argc){
*/
$r = q("SELECT `id`, `name` FROM `contact`
- WHERE `network` = 'dfrn' AND `uid` = %d AND `blocked` = 0 AND `pending` = 0
+ WHERE `network` = NETWORK_DFRN AND `uid` = %d AND `blocked` = 0 AND `pending` = 0
AND `rel` != %d ",
intval($owner['uid']),
- intval(REL_FAN)
+ intval(CONTACT_IS_SHARING)
);
if((count($r)) && (($max_allowed == 0) || (count($r) < $max_allowed))) {
diff --git a/include/oembed.php b/include/oembed.php
index 06a37d8e4..06f71a3b3 100644
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -7,6 +7,7 @@ function oembed_replacecb($matches){
function oembed_fetch_url($embedurl){
+
$r = q("SELECT v FROM `cache` WHERE k='%s'",
dbesc($embedurl));
@@ -16,7 +17,10 @@ function oembed_fetch_url($embedurl){
$txt = "";
// try oembed autodiscovery
- $html_text = fetch_url($embedurl);
+ $redirects = 0;
+ $html_text = fetch_url($embedurl, false, $redirects, 15);
+ if(! $html_text)
+ return;
$dom = @DOMDocument::loadHTML($html_text);
if ($dom){
$xpath = new DOMXPath($dom);
diff --git a/include/plugin.php b/include/plugin.php
new file mode 100644
index 000000000..9f2832981
--- /dev/null
+++ b/include/plugin.php
@@ -0,0 +1,199 @@
+<?php
+
+
+// install and uninstall plugin
+if (! function_exists('uninstall_plugin')){
+function uninstall_plugin($plugin){
+ logger("Addons: uninstalling " . $plugin);
+ q("DELETE FROM `addon` WHERE `name` = '%s' LIMIT 1",
+ dbesc($plugin)
+ );
+
+ @include_once('addon/' . $plugin . '/' . $plugin . '.php');
+ if(function_exists($plugin . '_uninstall')) {
+ $func = $plugin . '_uninstall';
+ $func();
+ }
+}}
+
+if (! function_exists('install_plugin')){
+function install_plugin($plugin){
+ logger("Addons: installing " . $plugin);
+ $t = filemtime('addon/' . $plugin . '/' . $plugin . '.php');
+ @include_once('addon/' . $plugin . '/' . $plugin . '.php');
+ if(function_exists($plugin . '_install')) {
+ $func = $plugin . '_install';
+ $func();
+
+ $plugin_admin = (function_exists($plugin."_plugin_admin")?1:0);
+
+ $r = q("INSERT INTO `addon` (`name`, `installed`, `timestamp`, `plugin_admin`) VALUES ( '%s', 1, %d , %d ) ",
+ dbesc($plugin),
+ intval($t),
+ $plugin_admin
+ );
+ }
+}}
+
+// reload all updated plugins
+
+if(! function_exists('reload_plugins')) {
+function reload_plugins() {
+ $plugins = get_config('system','addon');
+ if(strlen($plugins)) {
+
+ $r = q("SELECT * FROM `addon` WHERE `installed` = 1");
+ if(count($r))
+ $installed = $r;
+ else
+ $installed = array();
+
+ $parr = explode(',',$plugins);
+ if(count($parr)) {
+ foreach($parr as $pl) {
+ $pl = trim($pl);
+
+ $t = filemtime('addon/' . $pl . '/' . $pl . '.php');
+ foreach($installed as $i) {
+ if(($i['name'] == $pl) && ($i['timestamp'] != $t)) {
+ logger('Reloading plugin: ' . $i['name']);
+ @include_once('addon/' . $pl . '/' . $pl . '.php');
+
+ if(function_exists($pl . '_uninstall')) {
+ $func = $pl . '_uninstall';
+ $func();
+ }
+ if(function_exists($pl . '_install')) {
+ $func = $pl . '_install';
+ $func();
+ }
+ q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d LIMIT 1",
+ intval($t),
+ intval($i['id'])
+ );
+ }
+ }
+ }
+ }
+ }
+}}
+
+
+
+
+
+if(! function_exists('register_hook')) {
+function register_hook($hook,$file,$function) {
+
+ $r = q("SELECT * FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1",
+ dbesc($hook),
+ dbesc($file),
+ dbesc($function)
+ );
+ if(count($r))
+ return true;
+
+ $r = q("INSERT INTO `hook` (`hook`, `file`, `function`) VALUES ( '%s', '%s', '%s' ) ",
+ dbesc($hook),
+ dbesc($file),
+ dbesc($function)
+ );
+ return $r;
+}}
+
+if(! function_exists('unregister_hook')) {
+function unregister_hook($hook,$file,$function) {
+
+ $r = q("DELETE FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1",
+ dbesc($hook),
+ dbesc($file),
+ dbesc($function)
+ );
+ return $r;
+}}
+
+
+if(! function_exists('load_hooks')) {
+function load_hooks() {
+ $a = get_app();
+ $a->hooks = array();
+ $r = q("SELECT * FROM `hook` WHERE 1");
+ if(count($r)) {
+ foreach($r as $rr) {
+ $a->hooks[] = array($rr['hook'], $rr['file'], $rr['function']);
+ }
+ }
+}}
+
+
+if(! function_exists('call_hooks')) {
+function call_hooks($name, &$data = null) {
+ $a = get_app();
+
+ if(count($a->hooks)) {
+ foreach($a->hooks as $hook) {
+ if($hook[HOOK_HOOK] === $name) {
+ @include_once($hook[HOOK_FILE]);
+ if(function_exists($hook[HOOK_FUNCTION])) {
+ $func = $hook[HOOK_FUNCTION];
+ $func($a,$data);
+ }
+ }
+ }
+ }
+}}
+
+
+/*
+ * parse plugin comment in search of plugin infos.
+ * like
+ *
+ * * Name: Plugin
+ * * Description: A plugin which plugs in
+ * * Version: 1.2.3
+ * * Author: John <profile url>
+ * * Author: Jane <email>
+ * *
+ */
+
+if (! function_exists('get_plugin_info')){
+function get_plugin_info($plugin){
+ if (!is_file("addon/$plugin/$plugin.php")) return false;
+
+ $f = file_get_contents("addon/$plugin/$plugin.php");
+ $r = preg_match("|/\*.*\*/|msU", $f, $m);
+
+ $info=Array(
+ 'name' => $plugin,
+ 'description' => "",
+ 'author' => array(),
+ 'version' => ""
+ );
+
+ if ($r){
+ $ll = explode("\n", $m[0]);
+ foreach( $ll as $l ) {
+ $l = trim($l,"\t\n\r */");
+ if ($l!=""){
+ list($k,$v) = array_map("trim", explode(":",$l,2));
+ $k= strtolower($k);
+ if ($k=="author"){
+ $r=preg_match("|([^<]+)<([^>]+)>|", $v, $m);
+ if ($r) {
+ $info['author'][] = array('name'=>$m[1], 'link'=>$m[2]);
+ } else {
+ $info['author'][] = array('name'=>$v);
+ }
+ } else {
+ if (array_key_exists($k,$info)){
+ $info[$k]=$v;
+ }
+ }
+
+ }
+ }
+
+ }
+ return $info;
+}}
+
diff --git a/include/poller.php b/include/poller.php
index 569eb59d1..651736a99 100644
--- a/include/poller.php
+++ b/include/poller.php
@@ -80,15 +80,14 @@ function poller_run($argv, $argc){
$d = datetime_convert();
if(! $restart)
- call_hooks('cron', $d);
-
+ proc_run('php','include/cronhooks.php');
$contacts = q("SELECT `id` FROM `contact`
WHERE ( `rel` = %d OR `rel` = %d ) AND `poll` != ''
$sql_extra
AND `self` = 0 AND `blocked` = 0 AND `readonly` = 0 ORDER BY RAND()",
- intval(REL_FAN),
- intval(REL_BUD)
+ intval(CONTACT_IS_SHARING),
+ intval(CONTACT_IS_FRIEND)
);
if(! count($contacts)) {
@@ -101,7 +100,7 @@ function poller_run($argv, $argc){
intval($c['id'])
);
- if(! count($res))
+ if((! $res) || (! count($res)))
continue;
foreach($res as $contact) {
@@ -312,7 +311,7 @@ function poller_run($argv, $argc){
// Will only do this once per notify-enabled OStatus contact
// or if relationship changes
- $stat_writeable = ((($contact['notify']) && ($contact['rel'] == REL_VIP || $contact['rel'] == REL_BUD)) ? 1 : 0);
+ $stat_writeable = ((($contact['notify']) && ($contact['rel'] == CONTACT_IS_FOLLOWER || $contact['rel'] == CONTACT_IS_FRIEND)) ? 1 : 0);
if($stat_writeable != $contact['writable']) {
q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1",
@@ -323,7 +322,7 @@ function poller_run($argv, $argc){
// Are we allowed to import from this person?
- if($contact['rel'] == REL_VIP || $contact['blocked'] || $contact['readonly'])
+ if($contact['rel'] == CONTACT_IS_FOLLOWER || $contact['blocked'] || $contact['readonly'])
continue;
$xml = fetch_url($contact['poll']);
@@ -421,6 +420,10 @@ function poller_run($argv, $argc){
$datarray['contact-id'] = $contact['id'];
if($datarray['parent-uri'] === $datarray['uri'])
$datarray['private'] = 1;
+ if(! get_pconfig($importer_uid,'system','allow_public_email_replies')) {
+ $datarray['private'] = 1;
+ $datarray['allow_cid'] = '<' . $contact['id'] . '>';
+ }
$datarray['author-name'] = $contact['name'];
$datarray['author-link'] = 'mailbox';
$datarray['author-avatar'] = $contact['photo'];
@@ -440,7 +443,8 @@ function poller_run($argv, $argc){
}
}
elseif($contact['network'] === NETWORK_FACEBOOK) {
- // TODO: work in progress
+ // This is picked up by the Facebook plugin on a cron hook.
+ // Ignored here.
}
if($xml) {
@@ -463,7 +467,7 @@ function poller_run($argv, $argc){
consume_feed($xml,$importer,$contact,$hub,1);
- if((strlen($hub)) && ($hub_update) && (($contact['rel'] == REL_BUD) || (($contact['network'] === NETWORK_OSTATUS) && (! $contact['readonly'])))) {
+ if((strlen($hub)) && ($hub_update) && (($contact['rel'] == CONTACT_IS_FRIEND) || (($contact['network'] === NETWORK_OSTATUS) && (! $contact['readonly'])))) {
logger('poller: subscribing to hub(s) : ' . $hub . ' contact name : ' . $contact['name'] . ' local user : ' . $importer['name']);
$hubs = explode(',', $hub);
if(count($hubs)) {
diff --git a/include/salmon.php b/include/salmon.php
index 473432f25..4043b4f1d 100644
--- a/include/salmon.php
+++ b/include/salmon.php
@@ -1,53 +1,8 @@
<?php
-require_once('library/asn1.php');
+require_once('include/crypto.php');
-function salmon_key($pubkey) {
- $lines = explode("\n",$pubkey);
- unset($lines[0]);
- unset($lines[count($lines)]);
- $x = base64_decode(implode('',$lines));
- $r = ASN_BASE::parseASNString($x);
-
- $m = $r[0]->asnData[1]->asnData[0]->asnData[0]->asnData;
- $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData;
-
-
- return 'RSA' . '.' . $m . '.' . $e ;
-}
-
-
-function base64url_encode($s, $strip_padding = false) {
-
- $s = strtr(base64_encode($s),'+/','-_');
-
- if($strip_padding)
- $s = str_replace('=','',$s);
-
- return $s;
-}
-
-function base64url_decode($s) {
-
-/*
- * // Placeholder for new rev of salmon which strips base64 padding.
- * // PHP base64_decode handles the un-padded input without requiring this step
- * // Uncomment if you find you need it.
- *
- * $l = strlen($s);
- * if(! strpos($s,'=')) {
- * $m = $l % 4;
- * if($m == 2)
- * $s .= '==';
- * if($m == 3)
- * $s .= '=';
- * }
- *
- */
-
- return base64_decode(strtr($s,'-_','+/'));
-}
function get_salmon_key($uri,$keyhash) {
$ret = array();
@@ -141,28 +96,20 @@ EOT;
$data_type = 'application/atom+xml';
$encoding = 'base64url';
$algorithm = 'RSA-SHA256';
- $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])));
-
- // Setup RSA stuff to PKCS#1 sign the data
-
- set_include_path(get_include_path() . PATH_SEPARATOR . 'library/phpsec');
-
- require_once('library/phpsec/Crypt/RSA.php');
-
- $rsa = new CRYPT_RSA();
- $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
- $rsa->setHash('sha256');
- $rsa->loadKey($owner['sprvkey']);
+ $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true);
// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
$precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
- $signature = base64url_encode($rsa->sign($data . $precomputed));
+ $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),true),$owner['sprvkey']);
+
+ $signature2 = base64url_encode(rsa_sign($data . $precomputed),$owner['sprvkey']);
- $signature2 = base64url_encode($rsa->sign($data));
+ $signature3 = base64url_encode(rsa_sign($data),$owner['sprvkey']);
$salmon_tpl = get_markup_template('magicsig.tpl');
+
$salmon = replace_macros($salmon_tpl,array(
'$data' => $data,
'$encoding' => $encoding,
@@ -184,11 +131,11 @@ EOT;
if($return_code > 299) {
- logger('slapper: compliant salmon failed. Falling back to status.net hack');
+ logger('slapper: compliant salmon failed. Falling back to status.net hack2');
// Entirely likely that their salmon implementation is
// non-compliant. Let's try once more, this time only signing
- // the data, without the precomputed blob
+ // the data, without stripping '=' chars
$salmon = replace_macros($salmon_tpl,array(
'$data' => $data,
@@ -205,6 +152,30 @@ EOT;
));
$return_code = $a->get_curl_code();
+
+ if($return_code > 299) {
+
+ logger('slapper: compliant salmon failed. Falling back to status.net hack3');
+
+ // Entirely likely that their salmon implementation is
+ // non-compliant. Let's try once more, this time only signing
+ // the data, without the precomputed blob
+
+ $salmon = replace_macros($salmon_tpl,array(
+ '$data' => $data,
+ '$encoding' => $encoding,
+ '$algorithm' => $algorithm,
+ '$keyhash' => $keyhash,
+ '$signature' => $signature3
+ ));
+
+ // slap them
+ post_url($url,$salmon, array(
+ 'Content-type: application/magic-envelope+xml',
+ 'Content-length: ' . strlen($salmon)
+ ));
+ $return_code = $a->get_curl_code();
+ }
}
logger('slapper returned ' . $return_code);
if(! $return_code)
diff --git a/include/security.php b/include/security.php
index 789e47db2..6fbdd697f 100644
--- a/include/security.php
+++ b/include/security.php
@@ -28,8 +28,8 @@ function can_write_wall(&$a,$owner) {
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
intval($owner),
intval(remote_user()),
- intval(REL_VIP),
- intval(REL_BUD),
+ intval(CONTACT_IS_FOLLOWER),
+ intval(CONTACT_IS_FRIEND),
intval(PAGE_COMMUNITY)
);
if(count($r)) {
diff --git a/include/text.php b/include/text.php
new file mode 100644
index 000000000..803bf0e51
--- /dev/null
+++ b/include/text.php
@@ -0,0 +1,954 @@
+<?php
+
+// This is our template processor.
+// $s is the string requiring macro substitution.
+// $r is an array of key value pairs (search => replace)
+// returns substituted string.
+// WARNING: this is pretty basic, and doesn't properly handle search strings that are substrings of each other.
+// For instance if 'test' => "foo" and 'testing' => "bar", testing could become either bar or fooing,
+// depending on the order in which they were declared in the array.
+
+require_once("include/template_processor.php");
+
+if(! function_exists('replace_macros')) {
+function replace_macros($s,$r) {
+ global $t;
+
+ return $t->replace($s,$r);
+
+}}
+
+
+// random string, there are 86 characters max in text mode, 128 for hex
+// output is urlsafe
+
+define('RANDOM_STRING_HEX', 0x00 );
+define('RANDOM_STRING_TEXT', 0x01 );
+
+if(! function_exists('random_string')) {
+function random_string($size = 64,$type = RANDOM_STRING_HEX) {
+ // generate a bit of entropy and run it through the whirlpool
+ $s = hash('whirlpool', (string) rand() . uniqid(rand(),true) . (string) rand(),(($type == RANDOM_STRING_TEXT) ? true : false));
+ $s = (($type == RANDOM_STRING_TEXT) ? str_replace("\n","",base64url_encode($s,true)) : $s);
+ return(substr($s,0,$size));
+}}
+
+/**
+ * This is our primary input filter.
+ *
+ * The high bit hack only involved some old IE browser, forget which (IE5/Mac?)
+ * that had an XSS attack vector due to stripping the high-bit on an 8-bit character
+ * after cleansing, and angle chars with the high bit set could get through as markup.
+ *
+ * This is now disabled because it was interfering with some legitimate unicode sequences
+ * and hopefully there aren't a lot of those browsers left.
+ *
+ * Use this on any text input where angle chars are not valid or permitted
+ * They will be replaced with safer brackets. This may be filtered further
+ * if these are not allowed either.
+ *
+ */
+
+if(! function_exists('notags')) {
+function notags($string) {
+
+ return(str_replace(array("<",">"), array('[',']'), $string));
+
+// High-bit filter no longer used
+// return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
+}}
+
+// use this on "body" or "content" input where angle chars shouldn't be removed,
+// and allow them to be safely displayed.
+
+if(! function_exists('escape_tags')) {
+function escape_tags($string) {
+
+ return(htmlspecialchars($string));
+}}
+
+
+// generate a string that's random, but usually pronounceable.
+// used to generate initial passwords
+
+if(! function_exists('autoname')) {
+function autoname($len) {
+
+ $vowels = array('a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u');
+ if(mt_rand(0,5) == 4)
+ $vowels[] = 'y';
+
+ $cons = array(
+ 'b','bl','br',
+ 'c','ch','cl','cr',
+ 'd','dr',
+ 'f','fl','fr',
+ 'g','gh','gl','gr',
+ 'h',
+ 'j',
+ 'k','kh','kl','kr',
+ 'l',
+ 'm',
+ 'n',
+ 'p','ph','pl','pr',
+ 'qu',
+ 'r','rh',
+ 's','sc','sh','sm','sp','st',
+ 't','th','tr',
+ 'v',
+ 'w','wh',
+ 'x',
+ 'z','zh'
+ );
+
+ $midcons = array('ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp',
+ 'nd','ng','nk','nt','rn','rp','rt');
+
+ $noend = array('bl', 'br', 'cl','cr','dr','fl','fr','gl','gr',
+ 'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh');
+
+ $start = mt_rand(0,2);
+ if($start == 0)
+ $table = $vowels;
+ else
+ $table = $cons;
+
+ $word = '';
+
+ for ($x = 0; $x < $len; $x ++) {
+ $r = mt_rand(0,count($table) - 1);
+ $word .= $table[$r];
+
+ if($table == $vowels)
+ $table = array_merge($cons,$midcons);
+ else
+ $table = $vowels;
+
+ }
+
+ $word = substr($word,0,$len);
+
+ foreach($noend as $noe) {
+ if((strlen($word) > 2) && (substr($word,-2) == $noe)) {
+ $word = substr($word,0,-1);
+ break;
+ }
+ }
+ if(substr($word,-1) == 'q')
+ $word = substr($word,0,-1);
+ return $word;
+}}
+
+
+// escape text ($str) for XML transport
+// returns escaped text.
+
+if(! function_exists('xmlify')) {
+function xmlify($str) {
+ $buffer = '';
+
+ for($x = 0; $x < strlen($str); $x ++) {
+ $char = $str[$x];
+
+ switch( $char ) {
+
+ case "\r" :
+ break;
+ case "&" :
+ $buffer .= '&amp;';
+ break;
+ case "'" :
+ $buffer .= '&apos;';
+ break;
+ case "\"" :
+ $buffer .= '&quot;';
+ break;
+ case '<' :
+ $buffer .= '&lt;';
+ break;
+ case '>' :
+ $buffer .= '&gt;';
+ break;
+ case "\n" :
+ $buffer .= "\n";
+ break;
+ default :
+ $buffer .= $char;
+ break;
+ }
+ }
+ $buffer = trim($buffer);
+ return($buffer);
+}}
+
+// undo an xmlify
+// pass xml escaped text ($s), returns unescaped text
+
+if(! function_exists('unxmlify')) {
+function unxmlify($s) {
+ $ret = str_replace('&amp;','&', $s);
+ $ret = str_replace(array('&lt;','&gt;','&quot;','&apos;'),array('<','>','"',"'"),$ret);
+ return $ret;
+}}
+
+// convenience wrapper, reverse the operation "bin2hex"
+
+if(! function_exists('hex2bin')) {
+function hex2bin($s) {
+ if(! ctype_xdigit($s)) {
+ logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true));
+ return($s);
+ }
+
+ return(pack("H*",$s));
+}}
+
+// Automatic pagination.
+// To use, get the count of total items.
+// Then call $a->set_pager_total($number_items);
+// Optionally call $a->set_pager_itemspage($n) to the number of items to display on each page
+// Then call paginate($a) after the end of the display loop to insert the pager block on the page
+// (assuming there are enough items to paginate).
+// When using with SQL, the setting LIMIT %d, %d => $a->pager['start'],$a->pager['itemspage']
+// will limit the results to the correct items for the current page.
+// The actual page handling is then accomplished at the application layer.
+
+if(! function_exists('paginate')) {
+function paginate(&$a) {
+ $o = '';
+ $stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
+ $stripped = str_replace('q=','',$stripped);
+ $stripped = trim($stripped,'/');
+ $pagenum = $a->pager['page'];
+ $url = $a->get_baseurl() . '/' . $stripped;
+
+
+ if($a->pager['total'] > $a->pager['itemspage']) {
+ $o .= '<div class="pager">';
+ if($a->pager['page'] != 1)
+ $o .= '<span class="pager_prev">'."<a href=\"$url".'&page='.($a->pager['page'] - 1).'">' . t('prev') . '</a></span> ';
+
+ $o .= "<span class=\"pager_first\"><a href=\"$url"."&page=1\">" . t('first') . "</a></span> ";
+
+ $numpages = $a->pager['total'] / $a->pager['itemspage'];
+
+ $numstart = 1;
+ $numstop = $numpages;
+
+ if($numpages > 14) {
+ $numstart = (($pagenum > 7) ? ($pagenum - 7) : 1);
+ $numstop = (($pagenum > ($numpages - 7)) ? $numpages : ($numstart + 14));
+ }
+
+ for($i = $numstart; $i <= $numstop; $i++){
+ if($i == $a->pager['page'])
+ $o .= '<span class="pager_current">'.(($i < 10) ? '&nbsp;'.$i : $i);
+ else
+ $o .= "<span class=\"pager_n\"><a href=\"$url"."&page=$i\">".(($i < 10) ? '&nbsp;'.$i : $i)."</a>";
+ $o .= '</span> ';
+ }
+
+ if(($a->pager['total'] % $a->pager['itemspage']) != 0) {
+ if($i == $a->pager['page'])
+ $o .= '<span class="pager_current">'.(($i < 10) ? '&nbsp;'.$i : $i);
+ else
+ $o .= "<span class=\"pager_n\"><a href=\"$url"."&page=$i\">".(($i < 10) ? '&nbsp;'.$i : $i)."</a>";
+ $o .= '</span> ';
+ }
+
+ $lastpage = (($numpages > intval($numpages)) ? intval($numpages)+1 : $numpages);
+ $o .= "<span class=\"pager_last\"><a href=\"$url"."&page=$lastpage\">" . t('last') . "</a></span> ";
+
+ if(($a->pager['total'] - ($a->pager['itemspage'] * $a->pager['page'])) > 0)
+ $o .= '<span class="pager_next">'."<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . t('next') . '</a></span>';
+ $o .= '</div>'."\r\n";
+ }
+ return $o;
+}}
+
+// Turn user/group ACLs stored as angle bracketed text into arrays
+
+if(! function_exists('expand_acl')) {
+function expand_acl($s) {
+ // turn string array of angle-bracketed elements into numeric array
+ // e.g. "<1><2><3>" => array(1,2,3);
+ $ret = array();
+
+ if(strlen($s)) {
+ $t = str_replace('<','',$s);
+ $a = explode('>',$t);
+ foreach($a as $aa) {
+ if(intval($aa))
+ $ret[] = intval($aa);
+ }
+ }
+ return $ret;
+}}
+
+// Used to wrap ACL elements in angle brackets for storage
+
+if(! function_exists('sanitise_acl')) {
+function sanitise_acl(&$item) {
+ if(intval($item))
+ $item = '<' . intval(notags(trim($item))) . '>';
+ else
+ unset($item);
+}}
+
+
+// Convert an ACL array to a storable string
+
+if(! function_exists('perms2str')) {
+function perms2str($p) {
+ $ret = '';
+ $tmp = $p;
+ if(is_array($tmp)) {
+ array_walk($tmp,'sanitise_acl');
+ $ret = implode('',$tmp);
+ }
+ return $ret;
+}}
+
+// generate a guaranteed unique (for this domain) item ID for ATOM
+// safe from birthday paradox
+
+if(! function_exists('item_new_uri')) {
+function item_new_uri($hostname,$uid) {
+
+ do {
+ $dups = false;
+ $hash = random_string();
+
+ $uri = "urn:X-dfrn:" . $hostname . ':' . $uid . ':' . $hash;
+
+ $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
+ dbesc($uri));
+ if(count($r))
+ $dups = true;
+ } while($dups == true);
+ return $uri;
+}}
+
+// Generate a guaranteed unique photo ID.
+// safe from birthday paradox
+
+if(! function_exists('photo_new_resource')) {
+function photo_new_resource() {
+
+ do {
+ $found = false;
+ $resource = hash('md5',uniqid(mt_rand(),true));
+ $r = q("SELECT `id` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
+ dbesc($resource)
+ );
+ if(count($r))
+ $found = true;
+ } while($found == true);
+ return $resource;
+}}
+
+
+// wrapper to load a view template, checking for alternate
+// languages before falling back to the default
+
+// obsolete, deprecated.
+
+if(! function_exists('load_view_file')) {
+function load_view_file($s) {
+ global $lang, $a;
+ if(! isset($lang))
+ $lang = 'en';
+ $b = basename($s);
+ $d = dirname($s);
+ if(file_exists("$d/$lang/$b"))
+ return file_get_contents("$d/$lang/$b");
+
+ $theme = current_theme();
+
+ if(file_exists("$d/theme/$theme/$b"))
+ return file_get_contents("$d/theme/$theme/$b");
+
+ return file_get_contents($s);
+}}
+
+if(! function_exists('get_intltext_template')) {
+function get_intltext_template($s) {
+ global $lang;
+
+ if(! isset($lang))
+ $lang = 'en';
+
+ if(file_exists("view/$lang/$s"))
+ return file_get_contents("view/$lang/$s");
+ elseif(file_exists("view/en/$s"))
+ return file_get_contents("view/en/$s");
+ else
+ return file_get_contents("view/$s");
+}}
+
+if(! function_exists('get_markup_template')) {
+function get_markup_template($s) {
+
+ $theme = current_theme();
+
+ if(file_exists("view/theme/$theme/$s"))
+ return file_get_contents("view/theme/$theme/$s");
+ else
+ return file_get_contents("view/$s");
+
+}}
+
+
+
+
+
+// for html,xml parsing - let's say you've got
+// an attribute foobar="class1 class2 class3"
+// and you want to find out if it contains 'class3'.
+// you can't use a normal sub string search because you
+// might match 'notclass3' and a regex to do the job is
+// possible but a bit complicated.
+// pass the attribute string as $attr and the attribute you
+// are looking for as $s - returns true if found, otherwise false
+
+if(! function_exists('attribute_contains')) {
+function attribute_contains($attr,$s) {
+ $a = explode(' ', $attr);
+ if(count($a) && in_array($s,$a))
+ return true;
+ return false;
+}}
+
+if(! function_exists('logger')) {
+function logger($msg,$level = 0) {
+ $debugging = get_config('system','debugging');
+ $loglevel = intval(get_config('system','loglevel'));
+ $logfile = get_config('system','logfile');
+
+ if((! $debugging) || (! $logfile) || ($level > $loglevel))
+ return;
+
+ @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $msg . "\n", FILE_APPEND);
+ return;
+}}
+
+
+if(! function_exists('activity_match')) {
+function activity_match($haystack,$needle) {
+ if(($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle,NAMESPACE_ACTIVITY_SCHEMA)))
+ return true;
+ return false;
+}}
+
+
+// Pull out all #hashtags and @person tags from $s;
+// We also get @person@domain.com - which would make
+// the regex quite complicated as tags can also
+// end a sentence. So we'll run through our results
+// and strip the period from any tags which end with one.
+// Returns array of tags found, or empty array.
+
+
+if(! function_exists('get_tags')) {
+function get_tags($s) {
+ $ret = array();
+
+ // ignore anything in a code block
+
+ $s = preg_replace('/\[code\](.*?)\[\/code\]/sm','',$s);
+
+ // Match full names against @tags including the space between first and last
+ // We will look these up afterward to see if they are full names or not recognisable.
+
+ if(preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
+ foreach($match[1] as $mtch) {
+ if(strstr($mtch,"]")) {
+ // we might be inside a bbcode color tag - leave it alone
+ continue;
+ }
+ if(substr($mtch,-1,1) === '.')
+ $ret[] = substr($mtch,0,-1);
+ else
+ $ret[] = $mtch;
+ }
+ }
+
+ // Otherwise pull out single word tags. These can be @nickname, @first_last
+ // and #hash tags.
+
+ if(preg_match_all('/([@#][^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
+ foreach($match[1] as $mtch) {
+ if(strstr($mtch,"]")) {
+ // we might be inside a bbcode color tag - leave it alone
+ continue;
+ }
+ // ignore strictly numeric tags like #1
+ if((strpos($mtch,'#') === 0) && ctype_digit(substr($mtch,1)))
+ continue;
+ if(substr($mtch,-1,1) === '.')
+ $ret[] = substr($mtch,0,-1);
+ else
+ $ret[] = $mtch;
+ }
+ }
+ return $ret;
+}}
+
+
+// quick and dirty quoted_printable encoding
+
+if(! function_exists('qp')) {
+function qp($s) {
+return str_replace ("%","=",rawurlencode($s));
+}}
+
+
+
+if(! function_exists('get_mentions')) {
+function get_mentions($item) {
+ $o = '';
+ if(! strlen($item['tag']))
+ return $o;
+
+ $arr = explode(',',$item['tag']);
+ foreach($arr as $x) {
+ $matches = null;
+ if(preg_match('/@\[url=([^\]]*)\]/',$x,$matches)) {
+ $o .= "\t\t" . '<link rel="mentioned" href="' . $matches[1] . '" />' . "\r\n";
+ $o .= "\t\t" . '<link rel="ostatus:attention" href="' . $matches[1] . '" />' . "\r\n";
+ }
+ }
+ return $o;
+}}
+
+if(! function_exists('contact_block')) {
+function contact_block() {
+ $o = '';
+ $a = get_app();
+
+ $shown = get_pconfig($a->profile['uid'],'system','display_friend_count');
+ if(! $shown)
+ $shown = 24;
+
+ if((! is_array($a->profile)) || ($a->profile['hide-friends']))
+ return $o;
+ $r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0",
+ intval($a->profile['uid'])
+ );
+ if(count($r)) {
+ $total = intval($r[0]['total']);
+ }
+ if(! $total) {
+ $o .= '<h4 class="contact-h4">' . t('No contacts') . '</h4>';
+ return $o;
+ }
+ $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0 ORDER BY RAND() LIMIT %d",
+ intval($a->profile['uid']),
+ intval($shown)
+ );
+ if(count($r)) {
+ $o .= '<h4 class="contact-h4">' . sprintf( tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">';
+ foreach($r as $rr) {
+ $o .= micropro($rr,true,'mpfriend');
+ }
+ $o .= '</div><div id="contact-block-end"></div>';
+ $o .= '<div id="viewcontacts"><a id="viewcontacts-link" href="viewcontacts/' . $a->profile['nickname'] . '">' . t('View Contacts') . '</a></div>';
+
+ }
+
+ $arr = array('contacts' => $r, 'output' => $o);
+
+ call_hooks('contact_block_end', $arr);
+ return $o;
+
+}}
+
+if(! function_exists('micropro')) {
+function micropro($contact, $redirect = false, $class = '', $textmode = false) {
+
+ if($class)
+ $class = ' ' . $class;
+
+ $url = $contact['url'];
+ $sparkle = '';
+
+ if($redirect) {
+ $a = get_app();
+ $redirect_url = $a->get_baseurl() . '/redir/' . $contact['id'];
+ if(local_user() && ($contact['uid'] == local_user()) && ($contact['network'] === 'dfrn')) {
+ $url = $redirect_url;
+ $sparkle = ' sparkle';
+ }
+ }
+ $click = ((x($contact,'click')) ? ' onclick="' . $contact['click'] . '" ' : '');
+ if($click)
+ $url = '';
+ if($textmode) {
+ return '<div class="contact-block-textdiv' . $class . '"><a class="contact-block-link' . $class . $sparkle
+ . (($click) ? ' fakelink' : '') . '" '
+ . (($url) ? ' href="' . $url . '"' : '') . $click
+ . '" title="' . $contact['name'] . ' [' . $contact['url'] . ']" alt="' . $contact['name']
+ . '" >'. $contact['name'] . '</a></div>' . "\r\n";
+ }
+ else {
+ return '<div class="contact-block-div' . $class . '"><a class="contact-block-link' . $class . $sparkle
+ . (($click) ? ' fakelink' : '') . '" '
+ . (($url) ? ' href="' . $url . '"' : '') . $click . ' ><img class="contact-block-img' . $class . $sparkle . '" src="'
+ . $contact['micro'] . '" title="' . $contact['name'] . ' [' . $contact['url'] . ']" alt="' . $contact['name']
+ . '" /></a></div>' . "\r\n";
+ }
+}}
+
+
+
+if(! function_exists('search')) {
+function search($s,$id='search-box',$url='/search') {
+ $a = get_app();
+ $o = '<div id="' . $id . '">';
+ $o .= '<form action="' . $a->get_baseurl() . $url . '" method="get" >';
+ $o .= '<input type="text" name="search" id="search-text" value="' . $s .'" />';
+ $o .= '<input type="submit" name="submit" id="search-submit" value="' . t('Search') . '" />';
+ $o .= '</form></div>';
+ return $o;
+}}
+
+if(! function_exists('valid_email')) {
+function valid_email($x){
+ if(preg_match('/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/',$x))
+ return true;
+ return false;
+}}
+
+
+if(! function_exists('aes_decrypt')) {
+function aes_decrypt($val,$ky)
+{
+ $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+ for($a=0;$a<strlen($ky);$a++)
+ $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
+ $mode = MCRYPT_MODE_ECB;
+ $enc = MCRYPT_RIJNDAEL_128;
+ $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
+ return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
+}}
+
+
+if(! function_exists('aes_encrypt')) {
+function aes_encrypt($val,$ky)
+{
+ $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+ for($a=0;$a<strlen($ky);$a++)
+ $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
+ $mode=MCRYPT_MODE_ECB;
+ $enc=MCRYPT_RIJNDAEL_128;
+ $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
+ return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
+}}
+
+
+/**
+ *
+ * Function: linkify
+ *
+ * Replace naked text hyperlink with HTML formatted hyperlink
+ *
+ */
+
+if(! function_exists('linkify')) {
+function linkify($s) {
+ $s = preg_replace("/(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\.\=\_\~\#\'\%\$\!\+]*)/", ' <a href="$1" target="external-link">$1</a>', $s);
+ return($s);
+}}
+
+
+/**
+ *
+ * Function: smilies
+ *
+ * Description:
+ * Replaces text emoticons with graphical images
+ *
+ * @Parameter: string $s
+ *
+ * Returns string
+ */
+
+if(! function_exists('smilies')) {
+function smilies($s) {
+ $a = get_app();
+
+ return str_replace(
+ array( '&lt;3', '&lt;/3', '&lt;\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O',
+ '~friendika', 'Diaspora*' ),
+ array(
+ '<img src="' . $a->get_baseurl() . '/images/smiley-heart.gif" alt="<3" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="</3" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="<\\3" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":-)" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":)" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-wink.gif" alt=";-)" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":-(" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":(" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-P" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":P" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-x" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />',
+ '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />',
+ '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>',
+ '<a href="http://joindiaspora.com">Diaspora<img src="' . $a->get_baseurl() . '/images/diaspora.png" alt="Diaspora*" /></a>',
+
+ ), $s);
+}}
+
+
+
+if(! function_exists('day_translate')) {
+function day_translate($s) {
+ $ret = str_replace(array('Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sunday'),
+ array( t('Monday'), t('Tuesday'), t('Wednesday'), t('Thursday'), t('Friday'), t('Saturday'), t('Sunday')),
+ $s);
+
+ $ret = str_replace(array('January','February','March','April','May','June','July','August','September','October','November','December'),
+ array( t('January'), t('February'), t('March'), t('April'), t('May'), t('June'), t('July'), t('August'), t('September'), t('October'), t('November'), t('December')),
+ $ret);
+
+ return $ret;
+}}
+
+
+if(! function_exists('normalise_link')) {
+function normalise_link($url) {
+ $ret = str_replace(array('https:','//www.'), array('http:','//'), $url);
+ return(rtrim($ret,'/'));
+}}
+
+/**
+ *
+ * Compare two URLs to see if they are the same, but ignore
+ * slight but hopefully insignificant differences such as if one
+ * is https and the other isn't, or if one is www.something and
+ * the other isn't - and also ignore case differences.
+ *
+ * Return true if the URLs match, otherwise false.
+ *
+ */
+
+if(! function_exists('link_compare')) {
+function link_compare($a,$b) {
+ if(strcasecmp(normalise_link($a),normalise_link($b)) === 0)
+ return true;
+ return false;
+}}
+
+// Given an item array, convert the body element from bbcode to html and add smilie icons.
+// If attach is true, also add icons for item attachments
+
+
+if(! function_exists('prepare_body')) {
+function prepare_body($item,$attach = false) {
+
+ $s = prepare_text($item['body']);
+ if(! $attach)
+ return $s;
+
+ $arr = explode(',',$item['attach']);
+ if(count($arr)) {
+ $s .= '<div class="body-attach">';
+ foreach($arr as $r) {
+ $matches = false;
+ $icon = '';
+ $cnt = preg_match('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches);
+ if($cnt) {
+ $icontype = strtolower(substr($matches[3],0,strpos($matches[3],'/')));
+ switch($icontype) {
+ case 'video':
+ case 'audio':
+ case 'image':
+ case 'text':
+ $icon = '<div class="attachtype type-' . $icontype . '"></div>';
+ break;
+ default:
+ $icon = '<div class="attachtype type-unkn"></div>';
+ break;
+ }
+ $title = ((strlen(trim($matches[4]))) ? escape_tags(trim($matches[4])) : escape_tags($matches[1]));
+ $title .= ' ' . $matches[2] . ' ' . t('bytes');
+
+ $s .= '<a href="' . strip_tags($matches[1]) . '" title="' . $title . '" class="attachlink" target="external-link" >' . $icon . '</a>';
+ }
+ }
+ $s .= '<div class="clear"></div></div>';
+ }
+ return $s;
+}}
+
+
+// Given a text string, convert from bbcode to html and add smilie icons.
+
+if(! function_exists('prepare_text')) {
+function prepare_text($text) {
+
+ require_once('include/bbcode.php');
+
+ $s = smilies(bbcode($text));
+
+ return $s;
+}}
+
+
+/**
+ * return atom link elements for all of our hubs
+ */
+
+if(! function_exists('feed_hublinks')) {
+function feed_hublinks() {
+
+ $hub = get_config('system','huburl');
+
+ $hubxml = '';
+ if(strlen($hub)) {
+ $hubs = explode(',', $hub);
+ if(count($hubs)) {
+ foreach($hubs as $h) {
+ $h = trim($h);
+ if(! strlen($h))
+ continue;
+ $hubxml .= '<link rel="hub" href="' . xmlify($h) . '" />' . "\n" ;
+ }
+ }
+ }
+ return $hubxml;
+}}
+
+/* return atom link elements for salmon endpoints */
+
+if(! function_exists('feed_salmonlinks')) {
+function feed_salmonlinks($nick) {
+
+ $a = get_app();
+
+ $salmon = '<link rel="salmon" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ;
+
+ // old style links that status.net still needed as of 12/2010
+
+ $salmon .= ' <link rel="http://salmon-protocol.org/ns/salmon-replies" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ;
+ $salmon .= ' <link rel="http://salmon-protocol.org/ns/salmon-mention" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ;
+ return $salmon;
+}}
+
+if(! function_exists('get_plink')) {
+function get_plink($item) {
+ $a = get_app();
+ $plink = (((x($item,'plink')) && (! $item['private'])) ? '<div class="wall-item-links-wrapper"><a href="'
+ . $item['plink'] . '" title="' . t('link to source') . '" target="external-link" class="icon remote-link"></a></div>' : '');
+ return $plink;
+}}
+
+if(! function_exists('unamp')) {
+function unamp($s) {
+ return str_replace('&amp;', '&', $s);
+}}
+
+
+
+
+if(! function_exists('lang_selector')) {
+function lang_selector() {
+ global $lang;
+ $o = '<div id="lang-select-icon" class="icon language" title="' . t('Select an alternate language') . '" onclick="openClose(\'language-selector\');" ></div>';
+ $o .= '<div id="language-selector" style="display: none;" >';
+ $o .= '<form action="" method="post" ><select name="system_language" onchange="this.form.submit();" >';
+ $langs = glob('view/*/strings.php');
+ if(is_array($langs) && count($langs)) {
+ if(! in_array('view/en/strings.php',$langs))
+ $langs[] = 'view/en/';
+ asort($langs);
+ foreach($langs as $l) {
+ $ll = substr($l,5);
+ $ll = substr($ll,0,strrpos($ll,'/'));
+ $selected = (($ll === $lang) ? ' selected="selected" ' : '');
+ $o .= '<option value="' . $ll . '"' . $selected . '>' . $ll . '</option>';
+ }
+ }
+ $o .= '</select></form></div>';
+ return $o;
+}}
+
+
+if(! function_exists('return_bytes')) {
+function return_bytes ($size_str) {
+ switch (substr ($size_str, -1))
+ {
+ case 'M': case 'm': return (int)$size_str * 1048576;
+ case 'K': case 'k': return (int)$size_str * 1024;
+ case 'G': case 'g': return (int)$size_str * 1073741824;
+ default: return $size_str;
+ }
+}}
+
+function generate_user_guid() {
+ $found = true;
+ do {
+ $guid = random_string(16);
+ $x = q("SELECT `uid` FROM `user` WHERE `guid` = '%s' LIMIT 1",
+ dbesc($guid)
+ );
+ if(! count($x))
+ $found = false;
+ } while ($found == true );
+ return $guid;
+}
+
+
+function pkcs5_pad ($text, $blocksize)
+{
+ $pad = $blocksize - (strlen($text) % $blocksize);
+ return $text . str_repeat(chr($pad), $pad);
+}
+
+function pkcs5_unpad($text)
+{
+ $pad = ord($text{strlen($text)-1});
+ if ($pad > strlen($text)) return false;
+ if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
+ return substr($text, 0, -1 * $pad);
+}
+
+
+function base64url_encode($s, $strip_padding = false) {
+
+ $s = strtr(base64_encode($s),'+/','-_');
+
+ if($strip_padding)
+ $s = str_replace('=','',$s);
+
+ return $s;
+}
+
+function base64url_decode($s) {
+
+/*
+ * // Placeholder for new rev of salmon which strips base64 padding.
+ * // PHP base64_decode handles the un-padded input without requiring this step
+ * // Uncomment if you find you need it.
+ *
+ * $l = strlen($s);
+ * if(! strpos($s,'=')) {
+ * $m = $l % 4;
+ * if($m == 2)
+ * $s .= '==';
+ * if($m == 3)
+ * $s .= '=';
+ * }
+ *
+ */
+
+ return base64_decode(strtr($s,'-_','+/'));
+}
+
+function cc_license() {
+return '<div class="cc-license">' . t('Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.') . '</div>';
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 17:48:21 +0000