diff options
author | Olivier van Helden <olivier@van-helden.net> | 2014-12-03 17:54:07 -0400 |
---|---|---|
committer | Olivier van Helden <olivier@van-helden.net> | 2014-12-03 17:54:07 -0400 |
commit | e523061b7261439a71bdacf8f46d4c614740b356 (patch) | |
tree | 1a0577c64197c4289ed154d2c2d5fdf48a7e5192 /mod | |
parent | 13fd91d6f5723774a1b96257f8096acb2873b4ed (diff) | |
parent | b71b45aafc618d32d23c099a4d4db8bad2f09e54 (diff) | |
download | volse-hubzilla-e523061b7261439a71bdacf8f46d4c614740b356.tar.gz volse-hubzilla-e523061b7261439a71bdacf8f46d4c614740b356.tar.bz2 volse-hubzilla-e523061b7261439a71bdacf8f46d4c614740b356.zip |
Merge pull request #1 from friendica/master
Merge master from friendica
Diffstat (limited to 'mod')
64 files changed, 1621 insertions, 1146 deletions
diff --git a/mod/acl.php b/mod/acl.php index 01f5103f1..797a3633b 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -49,7 +49,7 @@ function acl_init(&$a){ if ($type=='' || $type=='c'){ $r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2" , + WHERE abook_channel = %d AND not ( abook_flags & %d )>0 and not (xchan_flags & %d )>0 $sql_extra2" , intval(local_user()), intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED), intval(XCHAN_FLAGS_DELETED) @@ -59,7 +59,7 @@ function acl_init(&$a){ if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_user(),'system','taganyone'))) { if(((! $r) || (! $r[0]['total'])) && $type == 'c') { $r = q("SELECT COUNT(xchan_hash) AS c FROM xchan - WHERE not (xchan_flags & %d ) $sql_extra2" , + WHERE not (xchan_flags & %d )>0 $sql_extra2" , intval(XCHAN_FLAGS_DELETED) ); $contact_count = (int)$r[0]['c']; @@ -75,8 +75,8 @@ function acl_init(&$a){ $r = q("SELECT count(xchan_hash) as c FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) - and not ( xchan_flags & %d ) + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) + and not ( xchan_flags & %d )>0 $sql_extra2 ", intval(local_user()), intval(PERMS_W_MAIL), @@ -92,7 +92,7 @@ function acl_init(&$a){ // autocomplete for Contacts $r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and not ( xchan_flags & %d ) $sql_extra2" , + WHERE abook_channel = %d and not ( xchan_flags & %d )>0 $sql_extra2" , intval(local_user()), intval(XCHAN_FLAGS_DELETED) ); @@ -110,17 +110,18 @@ function acl_init(&$a){ if ($type=='' || $type=='g'){ $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`name`, - GROUP_CONCAT(DISTINCT `group_member`.`xchan` SEPARATOR ',') as uids + %s as uids FROM `groups`,`group_member` WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d AND `group_member`.`gid`=`groups`.`id` $sql_extra GROUP BY `groups`.`id` ORDER BY `groups`.`name` - LIMIT %d,%d", + LIMIT %d OFFSET %d", + db_concat('group_member.xchan', ','), intval(local_user()), - intval($start), - intval($count) + intval($count), + intval($start) ); foreach($r as $g){ @@ -140,7 +141,7 @@ function acl_init(&$a){ if ($type=='' || $type=='c') { $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" , + WHERE abook_channel = %d AND not ( abook_flags & %d )>0 and not (xchan_flags & %d )>0 $sql_extra2 order by xchan_name asc" , intval(local_user()), intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED), intval(XCHAN_FLAGS_DELETED) @@ -149,7 +150,7 @@ function acl_init(&$a){ if((! $r) && $type == 'c') { $r = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags FROM xchan - WHERE not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" , + WHERE not (xchan_flags & %d )>0 $sql_extra2 order by xchan_name asc" , intval(XCHAN_FLAGS_DELETED) ); } @@ -159,8 +160,8 @@ function acl_init(&$a){ $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) - and not (xchan_flags & %d) + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) + and not (xchan_flags & %d)>0 $sql_extra3 ORDER BY `xchan_name` ASC ", intval(local_user()), @@ -171,7 +172,7 @@ function acl_init(&$a){ elseif(($type == 'a') || ($type == 'p')) { $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d - and not (xchan_flags & %d) + and not (xchan_flags & %d)>0 $sql_extra3 ORDER BY xchan_name ASC ", intval(local_user()), diff --git a/mod/admin.php b/mod/admin.php index 06f44c89b..0e580960a 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -238,7 +238,6 @@ function admin_page_site_post(&$a){ $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); - $theme_accessibility = ((x($_POST,'theme_accessibility')) ? notags(trim($_POST['theme_accessibility'])) : ''); // $site_channel = ((x($_POST,'site_channel')) ? notags(trim($_POST['site_channel'])) : ''); $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); @@ -298,12 +297,6 @@ function admin_page_site_post(&$a){ } else { set_config('system','mobile_theme', $theme_mobile); } - if ( $theme_accessibility === '---' ) { - del_config('system','accessibility_theme'); - } else { - set_config('system','accessibility_theme', $theme_accessibility); - } - // set_config('system','site_channel', $site_channel); set_config('system','maximagesize', $maximagesize); @@ -357,27 +350,32 @@ function admin_page_site(&$a) { } /* Installed themes */ - $theme_choices = array(); - $theme_choices_mobile = array(); - $theme_choices_mobile["---"] = t("No special theme for mobile devices"); - $theme_choices_accessibility = array(); - $theme_choices_accessibility["---"] =t("No special theme for accessibility"); - $files = glob('view/theme/*'); - if($files) { - foreach($files as $file) { - $f = basename($file); - $theme_name = ((file_exists($file . '/experimental')) ? sprintf("%s - Experimental", $f) : $f); - if (file_exists($file . '/mobile')) { - $theme_choices_mobile[$f] = $theme_name; - } - if (file_exists($file . '/accessibility')) { - $theme_choices_accessibility[$f] = $theme_name; + $theme_choices_mobile["---"] = t("Default"); + $theme_choices = array(); + $files = glob('view/theme/*'); + if($files) { + foreach($files as $file) { + $vars = ''; + $f = basename($file); + if (file_exists($file . '/library')) + continue; + if (file_exists($file . '/mobile')) + $vars = t('mobile'); + if (file_exists($file . '/experimental')) + $vars .= t('experimental'); + if (file_exists($file . '/unsupported')) + $vars .= t('unsupported'); + if ($vars) { + $theme_choices[$f] = $f . ' (' . $vars . ')'; + $theme_choices_mobile[$f] = $f . ' (' . $vars . ')'; } - $theme_choices[$f] = $theme_name; - } - } - - + else { + $theme_choices[$f] = $f; + $theme_choices_mobile[$f] = $f; + } + } + } + /* Banner */ $banner = get_config('system','banner'); if($banner == false) @@ -425,7 +423,6 @@ function admin_page_site(&$a) { '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices), '$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile), - '$theme_accessibility' => array('theme_accessibility', t("Accessibility system theme"), get_config('system','accessibility_theme'), t("Accessibility theme"), $theme_choices_accessibility), // '$site_channel' => array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")), '$diaspora_enabled' => array('diaspora_enabled',t('Enable Diaspora Protocol'), get_config('system','diaspora_enabled'), t('Communicate with Diaspora and Friendica - experimental')), '$feed_contacts' => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')), @@ -594,7 +591,7 @@ function admin_page_users_post(&$a){ if (x($_POST,'page_users_block')){ foreach($users as $uid){ - q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d limit 1", + q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d", intval(ACCOUNT_BLOCKED), intval( $uid ) ); @@ -650,7 +647,7 @@ function admin_page_users(&$a){ }; break; case "block":{ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); - q("UPDATE account SET account_flags = ( account_flags ^ %d ) where account_id = %d", + q("UPDATE account SET account_flags = ( account_flags & ~%d ) where account_id = %d", intval(ACCOUNT_BLOCKED), intval( $uid ) ); @@ -664,13 +661,13 @@ function admin_page_users(&$a){ } /* get pending */ - $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) ", + $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d )>0 ", intval(ACCOUNT_PENDING) ); /* get users */ - $total = q("SELECT count(*) as total FROM account where 1"); + $total = q("SELECT count(*) as total FROM account"); if(count($total)) { $a->set_pager_total($total[0]['total']); $a->set_pager_itemspage(100); @@ -690,14 +687,15 @@ function admin_page_users(&$a){ if($_REQUEST['order'] === 'created') $order = " order by account_created desc "; - $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d ) > 0 as `blocked`, " . - "(SELECT GROUP_CONCAT( ch.channel_address SEPARATOR ' ') FROM channel as ch " . - "WHERE ch.channel_account_id = ac.account_id and not (ch.channel_pageflags & %d )) as `channels` " . - "FROM account as ac where true $serviceclass $order limit %d , %d ", + $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d )>0 as `blocked`, " . + "(SELECT %s FROM channel as ch " . + "WHERE ch.channel_account_id = ac.account_id and not (ch.channel_pageflags & %d )>0) as `channels` " . + "FROM account as ac where true $serviceclass $order limit %d offset %d ", intval(ACCOUNT_BLOCKED), + db_concat('ch.channel_address', ' '), intval(PAGE_REMOVED), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); // function _setup_users($e){ @@ -764,7 +762,7 @@ function admin_page_channels_post(&$a){ if (x($_POST,'page_channels_block')){ foreach($channels as $uid){ - q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d", + q("UPDATE channel SET channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d", intval(PAGE_CENSORED), intval( $uid ) ); @@ -812,7 +810,7 @@ function admin_page_channels(&$a){ case "block":{ check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't'); - q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d", + q("UPDATE channel SET channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d", intval(PAGE_CENSORED), intval( $uid ) ); @@ -828,7 +826,7 @@ function admin_page_channels(&$a){ /* get channels */ - $total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)", + $total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)>0", intval(PAGE_REMOVED) ); if($total) { @@ -838,10 +836,10 @@ function admin_page_channels(&$a){ $order = " order by channel_name asc "; - $channels = q("SELECT * from channel where not ( channel_pageflags & %d ) $order limit %d , %d ", + $channels = q("SELECT * from channel where not ( channel_pageflags & %d )>0 $order limit %d offset %d ", intval(PAGE_REMOVED), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); if($channels) { @@ -1295,7 +1293,7 @@ readable."); function admin_page_profs_post(&$a) { if($_REQUEST['id']) { - $r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d limit 1", + $r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d", dbesc($_REQUEST['field_name']), dbesc($_REQUEST['field_type']), dbesc($_REQUEST['field_desc']), @@ -1323,7 +1321,7 @@ function admin_page_profs_post(&$a) { function admin_page_profs(&$a) { if((argc() > 3) && argv(2) == 'drop' && intval(argv(3))) { - $r = q("delete from profdef where id = %d limit 1", + $r = q("delete from profdef where id = %d", intval(argv(3)) ); // remove from allowed fields diff --git a/mod/blocks.php b/mod/blocks.php index 3f2bef116..6237a645b 100644 --- a/mod/blocks.php +++ b/mod/blocks.php @@ -1,108 +1,140 @@ <?php -function blocks_content(&$a) { +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); +function blocks_init(&$a) { + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } if(argc() > 1) $which = argv(1); - else { + else + return; + + profile_load($a,$which); + +} + + +function blocks_content(&$a) { + + if(! $a->profile) { notice( t('Requested profile is not available.') . EOL ); $a->error = 404; return; } - profile_load($a,$which,0); + $which = argv(1); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); - // Figure out who the page owner is. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); - } + $channel = $a->get_channel(); - // Block design features from visitors + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } - if((! local_user()) || (local_user() != $owner)) { - notice( t('Permission denied.') . EOL); - return; + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } } + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + $perms = get_all_perms($owner,$ob_hash); + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } -// Get the observer, check their permissions - $observer = $a->get_observer(); - $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + // Block design features from visitors - $perms = get_all_perms($owner,$ob_hash); + if((! $uid) || ($uid != $owner)) { + notice( t('Permission denied.') . EOL); + return; + } - if(! $perms['write_pages']) { - notice( t('Permission denied.') . EOL); - return; - } + if(feature_enabled($owner,'expert')) { + $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); + if(! $mimetype) + $mimetype = 'choose'; + } + else { + $mimetype = 'text/bbcode'; + } -// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages -// Nickname is set to the observers xchan, and profile_uid to the owners. -// This lets you post pages at other people's channels. -require_once ('include/conversation.php'); - $x = array( - 'webpage' => ITEM_BUILDBLOCK, - 'is_owner' => true, - 'nickname' => $a->profile['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'bang' => (($group || $cid) ? '!' : ''), - 'showacl' => false, - 'visitor' => true, - 'mimetype' => 'choose', - 'ptlabel' => t('Block Name'), - 'profile_uid' => intval($owner), - ); - if($_REQUEST['title']) - $x['title'] = $_REQUEST['title']; - if($_REQUEST['body']) - $x['body'] = $_REQUEST['body']; - if($_REQUEST['pagetitle']) - $x['pagetitle'] = $_REQUEST['pagetitle']; + $x = array( + 'webpage' => ITEM_BUILDBLOCK, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'showacl' => false, + 'visitor' => true, + 'mimetype' => $mimetype, + 'ptlabel' => t('Block Name'), + 'profile_uid' => intval($owner), + ); + if($_REQUEST['title']) + $x['title'] = $_REQUEST['title']; + if($_REQUEST['body']) + $x['body'] = $_REQUEST['body']; + if($_REQUEST['pagetitle']) + $x['pagetitle'] = $_REQUEST['pagetitle']; - $o .= status_editor($a,$x); - //Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. -//TODO - this should be replaced with pagelist_widget + $o .= status_editor($a,$x); -$r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", - intval($owner) -); + $r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", + intval($owner) + ); - $pages = null; + $pages = null; - if($r) { - $pages = array(); - foreach($r as $rr) { - $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); - } - } + if($r) { + $pages = array(); + foreach($r as $rr) { + $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); + } + } + //Build the base URL for edit links + $url = z_root() . '/editblock/' . $which; -//Build the base URL for edit links - $url = z_root() . "/editblock/" . $which; -// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). - return $o . replace_macros(get_markup_template("blocklist.tpl"), array( + $o .= replace_macros(get_markup_template('blocklist.tpl'), array( '$baseurl' => $url, '$edit' => t('Edit'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1', - - )); + )); - + return $o; } diff --git a/mod/channel.php b/mod/channel.php index e4a7173c0..54b25ad8b 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -137,21 +137,26 @@ function channel_content(&$a, $update = 0, $load = false) { $sql_extra = item_permissions_sql($a->profile['profile_uid'],$remote_contact,$groups); + if(get_pconfig($a->profile['profile_uid'],'system','channel_list_mode')) + $page_mode = 'list'; + else + $page_mode = 'client'; + if(($update) && (! $load)) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0 - AND (item_flags & %d) AND (item_flags & %d) $sql_extra limit 1", + AND (item_flags & %d)>0 AND (item_flags & %d)>0 $sql_extra limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_UNSEEN) ); } else { - $r = q("SELECT distinct parent AS `item_id` from item + $r = q("SELECT distinct parent AS `item_id`, created from item left join abook on item.author_xchan = abook.abook_xchan WHERE uid = %d AND item_restrict = 0 - AND (item_flags & %d) AND ( item_flags & %d ) + AND (item_flags & %d)>0 AND ( item_flags & %d )>0 AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) $sql_extra ORDER BY created DESC", @@ -179,12 +184,12 @@ function channel_content(&$a, $update = 0, $load = false) { $itemspage = get_pconfig(local_user(),'system','itemspage'); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); - $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); if($load || ($_COOKIE['jsAvailable'] != 1)) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0 - AND (item_flags & %d) $sql_extra limit 1", + AND (item_flags & %d)>0 $sql_extra limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL) @@ -194,10 +199,10 @@ function channel_content(&$a, $update = 0, $load = false) { } } else { - $r = q("SELECT distinct id AS item_id FROM item + $r = q("SELECT distinct id AS item_id, created FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE uid = %d AND item_restrict = 0 - AND (item_flags & %d) and (item_flags & %d) + AND (item_flags & %d)>0 and (item_flags & %d)>0 AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) $sql_extra $sql_extra2 ORDER BY created DESC $pager_sql ", @@ -246,9 +251,14 @@ function channel_content(&$a, $update = 0, $load = false) { // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. + $maxheight = get_pconfig($a->profile['profile_uid'],'system','channel_divmore_height'); + if(! $maxheight) + $maxheight = 400; + $o .= '<div id="live-channel"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . $a->profile['profile_uid'] - . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; + . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] + . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( '$baseurl' => z_root(), @@ -279,12 +289,31 @@ function channel_content(&$a, $update = 0, $load = false) { } + $update_unseen = ''; + if($page_mode === 'list') { - if($is_owner) { + /** + * in "list mode", only mark the parent item and any like activities as "seen". + * We won't distinguish between comment likes and post likes. The important thing + * is that the number of unseen comments will be accurate. The SQL to separate the + * comment likes could also get somewhat hairy. + */ + + if($parents_str) { + $update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )"; + $update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) "; + } + } + else { + if($parents_str) { + $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )"; + } + } - $r = q("UPDATE item SET item_flags = (item_flags ^ %d) - WHERE (item_flags & %d) AND (item_flags & %d) AND uid = %d ", + if($is_owner && $update_unseen) { + $r = q("UPDATE item SET item_flags = (item_flags & ~%d) + WHERE (item_flags & %d) > 0 AND (item_flags & %d) > 0 AND uid = %d $update_unseen", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(ITEM_WALL), @@ -294,7 +323,7 @@ function channel_content(&$a, $update = 0, $load = false) { if($_COOKIE['jsAvailable'] == 1) { - $o .= conversation($a,$items,'channel',$update,'client'); + $o .= conversation($a,$items,'channel',$update,$page_mode); } else { $o .= conversation($a,$items,'channel',$update,'traditional'); } diff --git a/mod/chatsvc.php b/mod/chatsvc.php index 43aa3d3c0..44225e6dd 100644 --- a/mod/chatsvc.php +++ b/mod/chatsvc.php @@ -73,7 +73,7 @@ function chatsvc_content(&$a) { intval($a->data['chat']['uid']) ); - $r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s' limit 1", + $r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", dbesc($status), dbesc(datetime_convert()), intval($room_id), @@ -141,7 +141,7 @@ function chatsvc_content(&$a) { } } - $r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s' limit 1", + $r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", dbesc(datetime_convert()), intval($a->data['chat']['room_id']), dbesc(get_observer_hash()), diff --git a/mod/connect.php b/mod/connect.php index f7748bcaf..396fca645 100644 --- a/mod/connect.php +++ b/mod/connect.php @@ -38,7 +38,8 @@ function connect_post(&$a) { $text = escape_tags($_POST['text']); if($has_premium != $premium) { - $r = q("update channel set channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d limit 1", + $r = q("update channel set channel_pageflags = ( channel_pageflags %s %d ) where channel_id = %d", + db_getfunc('^'), intval(PAGE_PREMIUM), intval(local_user()) ); diff --git a/mod/connections.php b/mod/connections.php index 0dfcfebf1..70e28913a 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -81,7 +81,7 @@ function connections_post(&$a) { } $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d - where abook_id = %d AND abook_channel = %d LIMIT 1", + where abook_id = %d AND abook_channel = %d", dbesc($profile_id), intval($abook_my_perms), intval($closeness), @@ -213,7 +213,7 @@ function connections_content(&$a) { nav_set_selected('intros'); break; case 'ifpending': - $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", + $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)", intval(local_user()), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), @@ -250,13 +250,13 @@ function connections_content(&$a) { } - $sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " ) " : ""); + $sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " )>0 " : ""); if(argv(1) === 'pending') - $sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " ) "; + $sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " )>0 "; } else { - $sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " ) "; + $sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " )>0 "; $unblocked = true; } @@ -342,7 +342,7 @@ function connections_content(&$a) { } $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) $sql_extra $sql_extra2 ", + where abook_channel = %d and not (abook_flags & %d)>0 and not (xchan_flags & %d )>0 $sql_extra $sql_extra2 ", intval(local_user()), intval(ABOOK_FLAG_SELF), intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) @@ -353,12 +353,12 @@ function connections_content(&$a) { } $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - WHERE abook_channel = %d and not (abook_flags & %d) and not ( xchan_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", + WHERE abook_channel = %d and not (abook_flags & %d)>0 and not ( xchan_flags & %d)>0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ", intval(local_user()), intval(ABOOK_FLAG_SELF), intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); $contacts = array(); diff --git a/mod/connedit.php b/mod/connedit.php index 60f284797..fbc2c8c33 100644 --- a/mod/connedit.php +++ b/mod/connedit.php @@ -117,7 +117,7 @@ function connedit_post(&$a) { } $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d - where abook_id = %d AND abook_channel = %d LIMIT 1", + where abook_id = %d AND abook_channel = %d", dbesc($profile_id), intval($abook_my_perms), intval($closeness), @@ -300,7 +300,7 @@ function connedit_content(&$a) { $cmd = argv(2); $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) LIMIT 1", + WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d )>0 LIMIT 1", intval($contact_id), intval(local_user()), intval(ABOOK_FLAG_SELF) @@ -504,6 +504,7 @@ function connedit_content(&$a) { $slider_tpl = get_markup_template('contact_slider.tpl'); $slide = replace_macros($slider_tpl,array( '$me' => t('Me'), + '$min' => 1, '$val' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 99), '$intimate' => t('Best Friends'), '$friends' => t('Friends'), diff --git a/mod/contactgroup.php b/mod/contactgroup.php index cac02a65d..4515c4c4c 100644 --- a/mod/contactgroup.php +++ b/mod/contactgroup.php @@ -9,7 +9,7 @@ function contactgroup_content(&$a) { } if((argc() > 2) && (intval(argv(1))) && (argv(2))) { - $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1", + $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1", dbesc(base64url_decode(argv(2))), intval(local_user()), intval(ABOOK_FLAG_SELF) diff --git a/mod/delegate.php b/mod/delegate.php index e582b9387..c78898b7f 100644 --- a/mod/delegate.php +++ b/mod/delegate.php @@ -42,7 +42,7 @@ function delegate_content(&$a) { if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) goaway($a->get_baseurl() . '/delegate'); - q("delete from manage where uid = %d and mid = %d limit 1", + q("delete from manage where uid = %d and mid = %d", intval($a->argv[2]), intval(local_user()) ); diff --git a/mod/directory.php b/mod/directory.php index 3d7632ec0..c06a14d9e 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -2,7 +2,7 @@ require_once('include/dir_fns.php'); require_once('include/widgets.php'); - +require_once('include/bbcode.php'); function directory_init(&$a) { $a->set_pager_itemspage(60); @@ -31,8 +31,9 @@ function directory_content(&$a) { if(x($_REQUEST,'safe')) $safe_mode = (intval($_REQUEST['safe'])); - - + $pubforums = null; + if(array_key_exists('pubforums',$_REQUEST)) + $pubforums = intval($_REQUEST['pubforums']); $o = ''; nav_set_selected('directory'); @@ -42,7 +43,8 @@ function directory_content(&$a) { else $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); - $advanced = ((x($_REQUEST,'query')) ? notags(trim($_REQUEST['query'])) : ''); + if(strpos($search,'=') && local_user() && get_pconfig(local_user(),'feature','expert')) + $advanced = $search; $keywords = (($_GET['keywords']) ? $_GET['keywords'] : ''); @@ -91,11 +93,21 @@ function directory_content(&$a) { $query .= '&keywords=' . urlencode($keywords); if($advanced) $query .= '&query=' . urlencode($advanced); + if(! is_null($pubforums)) + $query .= '&pubforums=' . intval($pubforums); + + if(! is_null($pubforums)) + $query .= '&pubforums=' . intval($pubforums); $sort_order = ((x($_REQUEST,'order')) ? $_REQUEST['order'] : ''); + if($pubforums) + $sort_order = 'normal'; + if($sort_order) $query .= '&order=' . urlencode($sort_order); + + if($a->pager['page'] != 1) $query .= '&p=' . $a->pager['page']; @@ -122,6 +134,10 @@ function directory_content(&$a) { $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); $connect_link = ((local_user()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); + // Checking status is disabled ATM until someone checks the performance impact more carefully + //$online = remote_online_status($rr['address']); + $online = ''; + if(in_array($rr['hash'],$contacts)) $connect_link = ''; @@ -142,8 +158,6 @@ function directory_content(&$a) { if(($years = age($rr['birthday'],'UTC','')) != 0) $details .= '<br />' . t('Age: ') . $years ; } - if(strlen($rr['gender'])) - $details .= '<br />' . t('Gender: ') . $rr['gender']; $page_type = ''; @@ -155,18 +169,53 @@ function directory_content(&$a) { || (x($profile,'country') == 1)) $location = t('Location:'); - $gender = ((x($profile,'gender') == 1) ? t('Gender:') : False); + $gender = ((x($profile,'gender') == 1) ? t('Gender: ') . $profile['gender']: False); - $marital = ((x($profile,'marital') == 1) ? t('Status:') : False); + $marital = ((x($profile,'marital') == 1) ? t('Status: ') . $profile['marital']: False); - $homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False); - - $about = ((x($profile,'about') == 1) ? t('About:') : False); + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage: ') : False); + $homepageurl = ((x($profile,'homepage') == 1) ? $profile['homepage'] : ''); + + $hometown = ((x($profile,'hometown') == 1) ? t('Hometown: ') . $profile['hometown'] : False); + + $about = ((x($profile,'about') == 1) ? t('About: ') . bbcode($profile['about']) : False); + + $keywords = ((x($profile,'keywords')) ? $profile['keywords'] : ''); + + $out = ''; + + if($keywords) { + $keywords = str_replace(',',' ', $keywords); + $keywords = str_replace(' ',' ', $keywords); + $karr = explode(' ', $keywords); + + if($karr) { + if(local_user()) { + $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", + intval(local_user()) + ); + if($r) { + $keywords = str_replace(',',' ', $r[0]['keywords']); + $keywords = str_replace(' ',' ', $keywords); + $marr = explode(' ', $keywords); + } + } + foreach($karr as $k) { + if(strlen($out)) + $out .= ', '; + if($marr && in_arrayi($k,$marr)) + $out .= '<strong>' . $k . '</strong>'; + else + $out .= $k; + } + } + } $entry = array( 'id' => ++$t, 'profile_link' => $profile_link, + 'public_forum' => $rr['public_forum'], 'photo' => $rr['photo'], 'hash' => $rr['hash'], 'alttext' => $rr['name'] . ' ' . $rr['address'], @@ -174,14 +223,21 @@ function directory_content(&$a) { 'details' => $pdesc . $details, 'profile' => $profile, 'address' => $rr['address'], + 'nickname' => substr($rr['address'],0,strpos($rr['address'],'@')), 'location' => $location, 'gender' => $gender, 'pdesc' => $pdesc, 'marital' => $marital, 'homepage' => $homepage, + 'homepageurl' => linkify($homepageurl), + 'hometown' => $hometown, 'about' => $about, 'conn_label' => t('Connect'), + 'forum_label' => t('Public Forum:'), 'connect' => $connect_link, + 'online' => $online, + 'kw' => (($out) ? t('Keywords: ') : ''), + 'keywords' => $out, ); $arr = array('contact' => $rr, 'entry' => $entry); diff --git a/mod/dirprofile.php b/mod/dirprofile.php deleted file mode 100644 index e9b12ada7..000000000 --- a/mod/dirprofile.php +++ /dev/null @@ -1,184 +0,0 @@ -<?php - -require_once('include/dir_fns.php'); -require_once('include/bbcode.php'); - -function dirprofile_init(&$a) { - - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - notice( t('Public access denied.') . EOL); - return; - } - - $hash = $_REQUEST['hash']; - if(! $hash) - return ''; - - $o = ''; - - $dirmode = intval(get_config('system','directory_mode')); - - if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { - $url = z_root() . '/dirsearch'; - } - if(! $url) { - $directory = find_upstream_directory($dirmode); - $url = $directory['url'] . '/dirsearch'; - } - logger('mod_directory: URL = ' . $url, LOGGER_DEBUG); - - $contacts = array(); - - if(local_user()) { - $x = q("select abook_xchan from abook where abook_channel = %d", - intval(local_user()) - ); - if($x) { - foreach($x as $xx) - $contacts[] = $xx['abook_xchan']; - } - } - - - - if($url) { - - $query = $url . '?f=&hash=' . $hash; - - $x = z_fetch_url($query); - logger('dirprofile: return from upstream: ' . print_r($x,true), LOGGER_DATA); - - if($x['success']) { - $t = 0; - $j = json_decode($x['body'],true); - if($j) { - - if($j['results']) { - - $entries = array(); - - $photo = 'thumb'; - - foreach($j['results'] as $rr) { - - $profile_link = chanlink_url($rr['url']); - - $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); - - $qrlink = zid($rr['url']); - $connect_link = ((local_user()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); - - $online = remote_online_status($rr['address']); - - - if(in_array($rr['hash'],$contacts)) - $connect_link = ''; - - $details = ''; - if(strlen($rr['locale'])) - $details .= $rr['locale']; - if(strlen($rr['region'])) { - if(strlen($rr['locale'])) - $details .= ', '; - $details .= $rr['region']; - } - if(strlen($rr['country'])) { - if(strlen($details)) - $details .= ', '; - $details .= $rr['country']; - } - if(strlen($rr['birthday'])) { - if(($years = age($rr['birthday'],'UTC','')) != 0) - $details .= '<br />' . t('Age: ') . $years ; - } - if(strlen($rr['gender'])) - $details .= '<br />' . t('Gender: ') . $rr['gender']; - - $page_type = ''; - - $profile = $rr; - - if ((x($profile,'locale') == 1) - || (x($profile,'region') == 1) - || (x($profile,'postcode') == 1) - || (x($profile,'country') == 1)) - $location = t('Location:'); - - - $marital = ((x($profile,'marital') == 1) ? t('Status: ') . $profile['marital'] : False); - $sexual = ((x($profile,'sexual') == 1) ? t('Sexual Preference: ') . $profile['sexual'] : False); - - $homepage = ((x($profile,'homepage') == 1) ? t('Homepage: ') . linkify($profile['homepage']) : False); - $hometown = ((x($profile,'hometown') == 1) ? t('Hometown: ') . $profile['hometown'] : False); - - $about = ((x($profile,'about') == 1) ? t('About: ') . bbcode($profile['about']) : False); - - $keywords = ((x($profile,'keywords')) ? $profile['keywords'] : ''); - if($keywords) { - $keywords = str_replace(',',' ', $keywords); - $keywords = str_replace(' ',' ', $keywords); - $karr = explode(' ', $keywords); - $out = ''; - if($karr) { - if(local_user()) { - $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", - intval(local_user()) - ); - if($r) { - $keywords = str_replace(',',' ', $r[0]['keywords']); - $keywords = str_replace(' ',' ', $keywords); - $marr = explode(' ', $keywords); - } - } - foreach($karr as $k) { - if(strlen($out)) - $out .= ', '; - if($marr && in_arrayi($k,$marr)) - $out .= '<strong>' . $k . '</strong>'; - else - $out .= $k; - } - } - - } - $entry = replace_macros(get_markup_template('direntry_large.tpl'), array( - '$id' => ++$t, - '$profile_link' => $profile_link, - '$qrlink' => $qrlink, - '$photo' => $rr['photo_l'], - '$alttext' => $rr['name'] . ' ' . $rr['address'], - '$name' => $rr['name'], - '$online' => (($online) ? t('Online Now') : ''), - '$details' => $pdesc . $details, - '$profile' => $profile, - '$address' => $rr['address'], - '$location' => $location, - '$gender' => $gender, - '$pdesc' => $pdesc, - '$marital' => $marital, - '$homepage' => $homepage, - '$hometown' => $hometown, - '$about' => $about, - '$kw' => (($out) ? t('Keywords: ') : ''), - '$keywords' => $out, - '$conn_label' => t('Connect'), - '$connect' => $connect_link, - )); - - - echo $entry; - killme(); - - } - } - else { - info( t("Not found.") . EOL); - } - } - } - } - - - - -}
\ No newline at end of file diff --git a/mod/dirsearch.php b/mod/dirsearch.php index d8f611e6a..1ecf33393 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -64,6 +64,9 @@ function dirsearch_content(&$a) { $agege = ((x($_REQUEST,'agege')) ? intval($_REQUEST['agege']) : 0 ); $agele = ((x($_REQUEST,'agele')) ? intval($_REQUEST['agele']) : 0 ); $kw = ((x($_REQUEST,'kw')) ? intval($_REQUEST['kw']) : 0 ); + $forums = ((array_key_exists('pubforums',$_REQUEST)) ? intval($_REQUEST['pubforums']) : null); + + // by default use a safe search $safe = ((x($_REQUEST,'safe'))); // ? intval($_REQUEST['safe']) : 1 ); @@ -108,6 +111,10 @@ function dirsearch_content(&$a) { if($keywords) $sql_extra .= dir_query_build($joiner,'xprof_keywords',$keywords); + if(! is_null($forums)) + $sql_extra .= dir_flag_build($joiner,'xprof_flags',XCHAN_FLAGS_PUBFORUM, $forums); + + // we only support an age range currently. You must set both agege // (greater than or equal) and agele (less than or equal) @@ -151,16 +158,16 @@ function dirsearch_content(&$a) { } - $safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) " : ''); + $safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " )>0 " : ''); if($safe < 0) - $safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) "; + $safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " )>0 "; if($limit) $qlimit = " LIMIT $limit "; else { $qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage); if($return_total) { - $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and not ( xchan_flags & %d) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql ", + $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and not ( xchan_flags & %d)>0 and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 $safesql ", intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_DELETED) @@ -179,7 +186,6 @@ function dirsearch_content(&$a) { else $order = " order by xchan_name_date desc "; - if($sync) { $spkt = array('transactions' => array()); $r = q("select * from updates where ud_date >= '%s' and ud_guid != '' order by ud_date desc", @@ -205,7 +211,7 @@ function dirsearch_content(&$a) { json_return_and_die($spkt); } else { - $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and xchan_network = 'zot' and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ", + $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and xchan_network = 'zot' and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 $safesql $order $qlimit ", intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_DELETED) @@ -226,6 +232,8 @@ function dirsearch_content(&$a) { $entry['name'] = $rr['xchan_name']; $entry['hash'] = $rr['xchan_hash']; + $entry['public_forum'] = (($rr['xchan_flags'] & XCHAN_FLAGS_PUBFORUM) ? true : false); + $entry['url'] = $rr['xchan_url']; $entry['photo_l'] = $rr['xchan_photo_l']; $entry['photo'] = $rr['xchan_photo_m']; @@ -271,6 +279,11 @@ function dir_query_build($joiner,$field,$s) { return $ret; } +function dir_flag_build($joiner,$field,$bit,$s) { + return dbesc($joiner) . " ( " . dbesc('xchan_flags') . " & " . intval($bit) . " ) " . ((intval($s)) ? '>' : '=' ) . " 0 "; +} + + function dir_parse_query($s) { $ret = array(); @@ -280,35 +293,44 @@ function dir_parse_query($s) { if($all) { foreach($all as $q) { - if($q === 'and') { - $curr['logic'] = 'and'; - continue; - } - if($q === 'or') { - $curr['logic'] = 'or'; - continue; - } - if($q === 'not') { - $curr['logic'] .= ' not'; - continue; - } - if(strpos($q,'=')) { - if(! isset($curr['logic'])) + if($quoted_string === false) { + if($q === 'and') { + $curr['logic'] = 'and'; + continue; + } + if($q === 'or') { $curr['logic'] = 'or'; - $curr['field'] = trim(substr($q,0,strpos($q,'='))); - $curr['value'] = trim(substr($q,strpos($q,'=')+1)); - if(strpos($curr['value'],'"') !== false) { - $quoted_string = true; - $curr['value'] = substr($curr['value'],strpos($curr['value'],'"')+1); + continue; } - else { - $ret[] = $curr; - $curr = array(); - $continue; + if($q === 'not') { + $curr['logic'] .= ' not'; + continue; + } + if(strpos($q,'=')) { + if(! isset($curr['logic'])) + $curr['logic'] = 'or'; + $curr['field'] = trim(substr($q,0,strpos($q,'='))); + $curr['value'] = trim(substr($q,strpos($q,'=')+1)); + if($curr['value'][0] == '"' && $curr['value'][strlen($curr['value'])-1] != '"') { + $quoted_string = true; + $curr['value'] = substr($curr['value'],1); + continue; + } + elseif($curr['value'][0] == '"' && $curr['value'][strlen($curr['value'])-1] == '"') { + $curr['value'] = substr($curr['value'],1,strlen($curr['value'])-2); + $ret[] = $curr; + $curr = array(); + continue; + } + else { + $ret[] = $curr; + $curr = array(); + continue; + } } } - elseif($quoted_string) { - if(strpos($q,'"') !== false) { + else { + if($q[strlen($q)-1] == '"') { $curr['value'] .= ' ' . str_replace('"','',trim($q)); $ret[] = $curr; $curr = array(); diff --git a/mod/display.php b/mod/display.php index be06c1e82..ece406543 100644 --- a/mod/display.php +++ b/mod/display.php @@ -149,7 +149,7 @@ function display_content(&$a, $update = 0, $load = false) { $updateable = false; - $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']),intval($a->pager['start'])); if($load || ($_COOKIE['jsAvailable'] != 1)) { $r = null; @@ -189,7 +189,7 @@ function display_content(&$a, $update = 0, $load = false) { and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR owner_xchan = '%s') $sql_extra ) - group by mid limit 1", + limit 1", dbesc($target_item['parent_mid']), dbesc($sys['xchan_hash']) ); @@ -228,8 +228,8 @@ function display_content(&$a, $update = 0, $load = false) { } if($updateable) { - $x = q("UPDATE item SET item_flags = ( item_flags ^ %d ) - WHERE (item_flags & %d) AND uid = %d and parent = %d ", + $x = q("UPDATE item SET item_flags = ( item_flags & ~%d ) + WHERE (item_flags & %d)>0 AND uid = %d and parent = %d ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(local_user()), diff --git a/mod/editblock.php b/mod/editblock.php index 3b6ce4bbf..c58a93410 100644 --- a/mod/editblock.php +++ b/mod/editblock.php @@ -1,50 +1,92 @@ <?php +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); -function editblock_content(&$a) { +function editblock_init(&$a) { + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } - if(argc() < 2) { - notice( t('Item not found') . EOL); + if(argc() > 1) + $which = argv(1); + else return; - } - $channel = get_channel_by_nick(argv(1)); + profile_load($a,$which); - if($c) { - $owner = intval($channel['channel_id']); - } +} - $o = ''; +function editblock_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } - // Figure out which post we're editing - $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + $which = argv(1); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); - if(! ($post_id && $channel)) { - notice( t('Item not found') . EOL); - return; + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } } - // Now we've got a post and an owner, let's find out if we're allowed to edit it + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'write_pages')) { + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { notice( t('Permission denied.') . EOL); return; } + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; - // We've already figured out which item we want and whose copy we need, so we don't need anything fancy here + // Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! ($post_id && $owner)) { + notice( t('Item not found') . EOL); + return; + } + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), - intval($channel['channel_id']) + intval($owner) ); if($itm) { $item_id = q("select * from item_id where service = 'BUILDBLOCK' and iid = %d limit 1", - $itm[0]['id'] + intval($itm[0]['id']) ); if($item_id) $block_title = $item_id[0]['sid']; @@ -57,10 +99,6 @@ function editblock_content(&$a) { $plaintext = true; - // You may or may not be a local user. -// if(local_user() && feature_enabled(local_user(),'richtext')) -// $plaintext = false; - $mimeselect = ''; $mimetype = $itm[0]['mimetype']; @@ -79,11 +117,11 @@ function editblock_content(&$a) { $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( - '$baseurl' => $a->get_baseurl(), - '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), - '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), - '$geotag' => '', - '$nickname' => $channel['channel_address'], + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => '', + '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete block?') )); @@ -96,79 +134,70 @@ function editblock_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); - - // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. - //So, send folk to the webpage list. - $rp = 'blocks/' . $channel['channel_address']; $o .= replace_macros($tpl,array( - '$return_path' => $rp, - '$action' => 'item', - '$webpage' => ITEM_BUILDBLOCK, - '$share' => t('Edit'), - '$upload' => t('Upload photo'), - '$attach' => t('Attach file'), - '$weblink' => t('Insert web link'), - '$youtube' => t('Insert YouTube video'), - '$video' => t('Insert Vorbis [.ogg] video'), - '$audio' => t('Insert Vorbis [.ogg] audio'), - '$setloc' => t('Set your location'), - '$noloc' => t('Clear browser location'), - '$wait' => t('Please wait'), - '$permset' => t('Permission settings'), - '$ptyp' => $itm[0]['type'], - '$mimeselect' => $mimeselect, - '$content' => undo_post_tagging($itm[0]['body']), - '$post_id' => $post_id, - '$baseurl' => $a->get_baseurl(), - '$defloc' => $channel['channel_location'], - '$visitor' => false, - '$public' => t('Public post'), - '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), - '$placeholdertitle' => t('Set title'), - '$pagetitle' => $block_title, - '$category' => '', + '$return_path' => $rp, + '$action' => 'item', + '$webpage' => ITEM_BUILDBLOCK, + '$share' => t('Edit'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$mimeselect' => $mimeselect, + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Set title'), + '$pagetitle' => $block_title, + '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), - '$emtitle' => t('Example: bob@example.com, mary@example.com'), - '$lockstate' => $lockstate, - '$acl' => '', - '$bang' => '', - '$profile_uid' => (intval($channel['channel_id'])), - '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), - '$jotplugins' => $jotplugins, - '$sourceapp' => $itm[0]['app'], - '$defexpire' => '', - '$feature_expire' => false, - '$expires' => t('Set expiration date'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($channel['channel_id'])), + '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''), + '$jotplugins' => $jotplugins, + '$sourceapp' => $itm[0]['app'], + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), )); - $ob = get_observer_hash(); - - if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob)) + if(($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) $o .= '<br /><br /><a class="block-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Block') . '</a><br />'; $x = array( - 'type' => 'block', - 'title' => $itm[0]['title'], - 'body' => $itm[0]['body'], - 'term' => $itm[0]['term'], - 'created' => $itm[0]['created'], - 'edited' => $itm[0]['edited'], - 'mimetype' => $itm[0]['mimetype'], + 'type' => 'block', + 'title' => $itm[0]['title'], + 'body' => $itm[0]['body'], + 'term' => $itm[0]['term'], + 'created' => $itm[0]['created'], + 'edited' => $itm[0]['edited'], + 'mimetype' => $itm[0]['mimetype'], 'pagetitle' => $page_title, - 'mid' => $itm[0]['mid'] + 'mid' => $itm[0]['mid'] ); $o .= EOL . EOL . t('Share') . EOL . '<textarea onclick="this.select();" class="shareable_element_text" >[element]' . base64url_encode(json_encode($x)) . '[/element]</textarea>' . EOL . EOL; - return $o; } diff --git a/mod/editlayout.php b/mod/editlayout.php index 89cae2b0c..94e2e628c 100644 --- a/mod/editlayout.php +++ b/mod/editlayout.php @@ -1,34 +1,76 @@ <?php -// What is this here for? I think it's cruft, but comment out for now in case it's here for a reason -// require_once('acl_selectors.php'); +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); + +function editlayout_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} function editlayout_content(&$a) { -// We first need to figure out who owns the webpage, grab it from an argument - $which = argv(1); -// $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $which = argv(1); + + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) ); - if($r) { - $owner = intval($r[0]['channel_id']); - //logger('owner: ' . print_r($owner,true)); - } + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - - - if((local_user()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; - } + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + $is_owner = (($uid && $uid == $owner) ? true : false); $o = ''; -// Figure out which post we're editing + // Figure out which post we're editing $post_id = ((argc() > 2) ? intval(argv(2)) : 0); @@ -37,48 +79,41 @@ function editlayout_content(&$a) { return; } -// Now we've got a post and an owner, let's find out if we're allowed to edit it + // Now we've got a post and an owner, let's find out if we're allowed to edit it - $observer = $a->get_observer(); - $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - $perms = get_all_perms($owner,$ob_hash); - - if(! $perms['write_pages']) { - notice( t('Permission denied.') . EOL); - return; - } + $perms = get_all_perms($owner,$ob_hash); + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } -// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here - $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", - intval($post_id), - intval($owner) - ); + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", + intval($post_id), + intval($owner) + ); $item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", - $itm[0]['id'] + intval($itm[0]['id']) ); if($item_id) $layout_title = $item_id[0]['sid']; $plaintext = true; -// You may or may not be a local user. This won't work, -// if(feature_enabled(local_user(),'richtext')) -// $plaintext = false; $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit Layout') )); - $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( - '$baseurl' => $a->get_baseurl(), - '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), - '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), - '$geotag' => $geotag, - '$nickname' => $a->user['nickname'], + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => $geotag, + '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete layout?') )); @@ -91,71 +126,68 @@ function editlayout_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - $channel = $a->get_channel(); - - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); -//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. + // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD + // instead of loading a sensible page. So, send folk to the webpage list. $rp = '/layouts/' . $which; $o .= replace_macros($tpl,array( - '$return_path' => $rp, - '$action' => 'item', - '$webpage' => ITEM_PDL, - '$share' => t('Edit'), - '$upload' => t('Upload photo'), - '$attach' => t('Attach file'), - '$weblink' => t('Insert web link'), - '$youtube' => t('Insert YouTube video'), - '$video' => t('Insert Vorbis [.ogg] video'), - '$audio' => t('Insert Vorbis [.ogg] audio'), - '$setloc' => t('Set your location'), - '$noloc' => t('Clear browser location'), - '$wait' => t('Please wait'), - '$permset' => t('Permission settings'), - '$ptyp' => $itm[0]['type'], - '$content' => undo_post_tagging($itm[0]['body']), - '$post_id' => $post_id, - '$baseurl' => $a->get_baseurl(), - '$defloc' => $channel['channel_location'], - '$visitor' => false, - '$public' => t('Public post'), - '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), - '$placeholdertitle' => t('Set title'), - '$pagetitle' => $layout_title, - '$category' => '', + '$return_path' => $rp, + '$action' => 'item', + '$webpage' => ITEM_PDL, + '$share' => t('Edit'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Set title'), + '$pagetitle' => $layout_title, + '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), - '$emtitle' => t('Example: bob@example.com, mary@example.com'), - '$lockstate' => $lockstate, - '$acl' => '', - '$bang' => '', - '$profile_uid' => (intval($owner)), - '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), - '$jotplugins' => $jotplugins, - '$sourceapp' => t($a->sourcename), - '$defexpire' => '', - '$feature_expire' => false, - '$expires' => t('Set expiration date'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($owner)), + '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''), + '$jotplugins' => $jotplugins, + '$sourceapp' => t($a->sourcename), + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), )); - $ob = get_observer_hash(); - if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob)) + if(($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) $o .= '<br /><br /><a class="layout-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Layout') . '</a><br />'; $x = array( - 'type' => 'layout', - 'title' => $itm[0]['title'], - 'body' => $itm[0]['body'], - 'term' => $itm[0]['term'], - 'created' => $itm[0]['created'], - 'edited' => $itm[0]['edited'], - 'mimetype' => $itm[0]['mimetype'], + 'type' => 'layout', + 'title' => $itm[0]['title'], + 'body' => $itm[0]['body'], + 'term' => $itm[0]['term'], + 'created' => $itm[0]['created'], + 'edited' => $itm[0]['edited'], + 'mimetype' => $itm[0]['mimetype'], 'pagetitle' => $page_title, - 'mid' => $itm[0]['mid'] + 'mid' => $itm[0]['mid'] ); $o .= EOL . EOL . t('Share') . EOL . '<textarea onclick="this.select();" class="shareable_element_text" >[element]' . base64url_encode(json_encode($x)) . '[/element]</textarea>' . EOL . EOL; diff --git a/mod/editwebpage.php b/mod/editwebpage.php index 41b5bb3e7..2acb3bd84 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -1,26 +1,71 @@ <?php -// Required for setting permissions. (FIXME) +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); + +function editwebpage_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} -require_once('acl_selectors.php'); function editwebpage_content(&$a) { - // We first need to figure out who owns the webpage, grab it from an argument + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } $which = argv(1); - // $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. - - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); - //logger('owner: ' . print_r($owner,true)); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } } - $is_owner = ((local_user() && local_user() == $owner) ? true : false); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = (($uid && $uid == $owner) ? true : false); $o = ''; @@ -33,9 +78,6 @@ function editwebpage_content(&$a) { return; } - // Now we've got a post and an owner, let's find out if we're allowed to edit it - - $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); $perms = get_all_perms($owner,$ob_hash); @@ -45,14 +87,13 @@ function editwebpage_content(&$a) { return; } + // We've already figured out which item we want and whose copy we need, + // so we don't need anything fancy here - - // We've already figured out which item we want and whose copy we need, so we don't need anything fancy here $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner) - ); - + ); if($itm[0]['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); @@ -63,23 +104,17 @@ function editwebpage_content(&$a) { } $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", - $itm[0]['id'] + intval($itm[0]['id']) ); if($item_id) $page_title = $item_id[0]['sid']; - - - $plaintext = true; -// if(feature_enabled($itm[0]['uid'],'richtext')) -// $plaintext = false; - $mimetype = $itm[0]['mimetype']; if($mimetype === 'application/x-php') { - if((! local_user()) || (local_user() != $itm[0]['uid'])) { + if((! $uid) || ($uid != $itm[0]['uid'])) { notice( t('Permission denied.') . EOL); return; } @@ -101,7 +136,6 @@ function editwebpage_content(&$a) { else $layoutselect = layout_select($itm[0]['uid'],$itm[0]['layout_mid']); - $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit Webpage') )); @@ -112,7 +146,7 @@ function editwebpage_content(&$a) { '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), '$geotag' => $geotag, - '$nickname' => $a->user['nickname'], + '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete webpage?') )); @@ -124,12 +158,9 @@ function editwebpage_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - - $channel = $a->get_channel(); - - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); -//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. + // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD + // instead of loading a sensible page. So, send folk to the webpage list. $rp = 'webpages/' . $which; @@ -171,18 +202,16 @@ function editwebpage_content(&$a) { 'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'), '$bang' => '', '$profile_uid' => (intval($owner)), - '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), + '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''), '$jotplugins' => $jotplugins, - '$sourceapp' => t($a->sourcename), + '$sourceapp' => $a->sourcename, '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'), )); - $ob = get_observer_hash(); - - if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob)) + if(($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) $o .= '<br /><br /><a class="page-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Webpage') . '</a><br />'; diff --git a/mod/events.php b/mod/events.php index 513899308..e016311d5 100755 --- a/mod/events.php +++ b/mod/events.php @@ -199,14 +199,14 @@ function events_content(&$a) { nav_set_selected('all_events'); if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { - $r = q("update event set ignore = 1 where id = %d and uid = %d limit 1", + $r = q("update event set ignore = 1 where id = %d and uid = %d", intval(argv(2)), intval(local_user()) ); } if((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) { - $r = q("update event set ignore = 0 where id = %d and uid = %d limit 1", + $r = q("update event set ignore = 0 where id = %d and uid = %d", intval(argv(2)), intval(local_user()) ); @@ -268,13 +268,18 @@ function events_content(&$a) { if($mode == 'view') { - $thisyear = datetime_convert('UTC',date_default_timezone_get(),'now','Y'); - $thismonth = datetime_convert('UTC',date_default_timezone_get(),'now','m'); + $thisyear = datetime_convert('UTC',date_default_timezone_get(),'now','Y'); + $thismonth = datetime_convert('UTC',date_default_timezone_get(),'now','m'); if(! $y) $y = intval($thisyear); if(! $m) $m = intval($thismonth); + $export = false; + if(argc() === 4 && argv(3) === 'export') + $export = true; + + // Put some limits on dates. The PHP date functions don't seem to do so well before 1900. // An upper limit was chosen to keep search engines from exploring links millions of years in the future. @@ -330,8 +335,8 @@ function events_content(&$a) { $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan from event left join item on event_hash = resource_id where resource_type = 'event' and event.uid = %d and event.ignore = %d - AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' ) - OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' )) ", + AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' ) + OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' )) ", intval(local_user()), intval($ignored), dbesc($start), @@ -413,6 +418,12 @@ function events_content(&$a) { } } + if($export) { + header('Content-type: text/calendar'); + echo ical_wrapper($r); + killme(); + } + if ($a->argv[1] === 'json'){ echo json_encode($events); killme(); } @@ -432,6 +443,7 @@ function events_content(&$a) { '$new_event'=> array($a->get_baseurl().'/events/new',t('Create New Event'),'',''), '$previus' => array($a->get_baseurl()."/events/$prevyear/$prevmonth",t('Previous'),'',''), '$next' => array($a->get_baseurl()."/events/$nextyear/$nextmonth",t('Next'),'',''), + '$export' => array($a->get_baseurl()."/events/$y/$m/export",t('Export'),'',''), '$calendar' => cal($y,$m,$links, ' eventcal'), '$events' => $events, @@ -549,7 +561,6 @@ function events_content(&$a) { $tpl = get_markup_template('event_form.tpl'); - $o .= replace_macros($tpl,array( '$post' => $a->get_baseurl() . '/events', '$eid' => $eid, @@ -567,11 +578,11 @@ function events_content(&$a) { '$ftext' => $ftext, '$ModalCANCEL' => t('Cancel'), '$ModalOK' => t('OK'), - '$s_dsel' => datetimesel($f,mktime(),mktime(0,0,0,0,0,$syear+5),mktime($shour,$sminute,$ssecond,$smonth,$sday,$syear),'start_text'), + '$s_dsel' => datetimesel($f,new DateTime(),DateTime::createFromFormat('Y',$syear+5),DateTime::createFromFormat('Y-m-d H:i',"$syear-$smonth-$sday $shour:$sminute"),'start_text'), '$n_text' => t('Finish date/time is not known or not relevant'), '$n_checked' => $n_checked, '$f_text' => t('Event Finishes:'), - '$f_dsel' => datetimesel($f,mktime(),mktime(0,0,0,0,0,$fyear+5),mktime($fhour,$fminute,$fsecond,$fmonth,$fday,$fyear),'finish_text',true,true,'start_text'), + '$f_dsel' => datetimesel($f,new DateTime(),DateTime::createFromFormat('Y',$fyear+5),DateTime::createFromFormat('Y-m-d H:i',"$fyear-$fmonth-$fday $fhour:$fminute"),'finish_text',true,true,'start_text'), '$a_text' => t('Adjust for viewer timezone'), '$a_checked' => $a_checked, '$d_text' => t('Description:'), diff --git a/mod/filer.php b/mod/filer.php index 3340fc999..9a409177c 100644 --- a/mod/filer.php +++ b/mod/filer.php @@ -27,7 +27,7 @@ function filer_content(&$a) { intval(local_user()) ); if($r) { - $x = q("update item set item_flags = ( item_flags | %d ) where id = %d and uid = %d limit 1", + $x = q("update item set item_flags = ( item_flags | %d ) where id = %d and uid = %d", intval(ITEM_RETAINED), intval($r[0]['parent']), intval(local_user()) diff --git a/mod/filerm.php b/mod/filerm.php index a37e80b31..900cfe60b 100644 --- a/mod/filerm.php +++ b/mod/filerm.php @@ -18,7 +18,7 @@ function filerm_content(&$a) { logger('filerm: tag ' . $term . ' item ' . $item_id); if($item_id && strlen($term)) { - $r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s' limit 1", + $r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s'", intval(local_user()), intval(($category) ? TERM_CATEGORY : TERM_FILE), intval($item_id), diff --git a/mod/fsuggest.php b/mod/fsuggest.php index 8b6f077d3..2f4f9606b 100644 --- a/mod/fsuggest.php +++ b/mod/fsuggest.php @@ -52,7 +52,7 @@ function fsuggest_post(&$a) { ); if(count($r)) { $fsuggest_id = $r[0]['id']; - q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", + q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($note), intval($fsuggest_id), intval(local_user()) diff --git a/mod/group.php b/mod/group.php index 9b90b1a1a..f67623a83 100644 --- a/mod/group.php +++ b/mod/group.php @@ -44,7 +44,7 @@ function group_post(&$a) { $public = intval($_POST['public']); if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) { - $r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d LIMIT 1", + $r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d", dbesc($groupname), intval($public), intval(local_user()), @@ -117,7 +117,7 @@ function group_content(&$a) { check_form_security_token_ForbiddenOnErr('group_member_change', 't'); - $r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (xchan_flags & %d) and not (abook_flags & %d) and not (abook_flags & %d) limit 1", + $r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (xchan_flags & %d)>0 and not (abook_flags & %d)>0 and not (abook_flags & %d)>0 limit 1", dbesc(base64url_decode(argv(2))), intval(local_user()), intval(XCHAN_FLAGS_DELETED), @@ -211,7 +211,7 @@ function group_content(&$a) { group_rmv_member(local_user(),$group['name'],$member['xchan_hash']); } - $r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND not (abook_flags & %d) and not (xchan_flags & %d) and not (abook_flags & %d) order by xchan_name asc", + $r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND not (abook_flags & %d)>0 and not (xchan_flags & %d)>0 and not (abook_flags & %d)>0 order by xchan_name asc", intval(local_user()), intval(ABOOK_FLAG_BLOCKED), intval(XCHAN_FLAGS_DELETED), diff --git a/mod/help.php b/mod/help.php index 4823f1c07..a3dafcc9b 100644 --- a/mod/help.php +++ b/mod/help.php @@ -98,7 +98,7 @@ function preg_callback_help_include($matches) { if($matches[1]) { $include = str_replace($matches[0],load_doc_file($matches[1]),$matches[0]); - if(preg_match('/\.bb$/', $matches[1])) { + if(preg_match('/\.bb$/', $matches[1]) || preg_match('/\.txt$/', $matches[1])) { require_once('include/bbcode.php'); $include = bbcode($include); } elseif(preg_match('/\.md$/', $matches[1])) { diff --git a/mod/home.php b/mod/home.php index 576213e06..b1b8e3fd0 100644 --- a/mod/home.php +++ b/mod/home.php @@ -9,9 +9,10 @@ function home_init(&$a) { $ret = array(); call_hooks('home_init',$ret); - $channel = $a->get_channel(); + $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); - if(local_user() && $channel && $channel['xchan_url']) { + $channel = $a->get_channel(); + if(local_user() && $channel && $channel['xchan_url'] && ! $splash) { $dest = $channel['channel_startpage']; if(! $dest) $dest = get_pconfig(local_user(),'system','startpage'); @@ -23,14 +24,14 @@ function home_init(&$a) { goaway($dest); } - if(get_account_id()) { + if(get_account_id() && ! $splash) { goaway(z_root() . '/new_channel'); } } -function home_content(&$a) { +function home_content(&$a, $update = 0, $load = false) { $o = ''; @@ -39,6 +40,7 @@ function home_content(&$a) { if(x($_SESSION,'mobile_theme')) unset($_SESSION['mobile_theme']); + $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); if(get_config('system','projecthome')) { $o .= file_get_contents('assets/home.html'); @@ -48,20 +50,21 @@ function home_content(&$a) { } -// Deprecated - $channel_address = get_config("system", "site_channel" ); - -// See if the sys channel set a homepage - if (! $channel_address) { - $u = get_sys_channel(); - if ($u) { - $u = array($u); - // change to channel_id when below deprecated and skip the $u=... - $channel_address = $u[0]['channel_address']; - } - } + // Deprecated + $channel_address = get_config("system", "site_channel" ); + + // See if the sys channel set a homepage + if (! $channel_address) { + require_once('include/identity.php'); + $u = get_sys_channel(); + if ($u) { + $u = array($u); + // change to channel_id when below deprecated and skip the $u=... + $channel_address = $u[0]['channel_address']; + } + } - if ($channel_address){ + if($channel_address) { $page_id = 'home'; @@ -78,31 +81,159 @@ function home_content(&$a) { ); if($r) { - xchan_query($r); - $r = fetch_post_tags($r,true); - $a->profile = array('profile_uid' => $u[0]['channel_id']); - $o .= prepare_page($r[0]); - return $o; + xchan_query($r); + $r = fetch_post_tags($r,true); + $a->profile = array('profile_uid' => $u[0]['channel_id']); + $a->profile_uid = $u[0]['channel_id']; + $o .= prepare_page($r[0]); + return $o; } - } -// Nope, we didn't find an item. Let's see if there's any html + // Nope, we didn't find an item. Let's see if there's any html if(file_exists('home.html')) { $o .= file_get_contents('home.html'); } else { - - // If there's nothing special happening, just spit out a login box - $sitename = get_config('system','sitename'); if($sitename) $o .= '<h1>' . sprintf( t("Welcome to %s") ,$sitename) . '</h1>'; - if (! $a->config['system']['no_login_on_homepage']) - $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); + + if(intval(get_config('system','block_public')) && (! local_user()) && (! remote_user())) { + // If there's nothing special happening, just spit out a login box + + if (! $a->config['system']['no_login_on_homepage']) + $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); + return $o; + } + else { + + if(! $update) { + + $maxheight = get_config('system','home_divmore_height'); + if(! $maxheight) + $maxheight = 75; + + $o .= '<div id="live-home"></div>' . "\r\n"; + $o .= "<script> var profile_uid = " . ((intval(local_user())) ? local_user() : (-1)) + . "; var profile_page = " . $a->pager['page'] + . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; + + $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + '$baseurl' => z_root(), + '$pgtype' => 'home', + '$uid' => ((local_user()) ? local_user() : '0'), + '$gid' => '0', + '$cid' => '0', + '$cmin' => '0', + '$cmax' => '99', + '$star' => '0', + '$liked' => '0', + '$conv' => '0', + '$spam' => '0', + '$fh' => '1', + '$nouveau' => '0', + '$wall' => '0', + '$list' => '0', + '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), + '$search' => '', + '$order' => 'comment', + '$file' => '', + '$cats' => '', + '$dend' => '', + '$mid' => '', + '$dbegin' => '' + )); + } + + if($update && ! $load) { + // only setup pagination on initial page view + $pager_sql = ''; + } + else { + $a->set_pager_itemspage(20); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); + } + + require_once('include/identity.php'); + $sys = get_sys_channel(); + $uids = " and item.uid = " . intval($sys['channel_id']) . " "; + $a->data['firehose'] = intval($sys['channel_id']); + + $page_mode = 'list'; + + $simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) > 0 " : ''); + + if($update && $_SESSION['loadtime']) + $simple_update .= " and item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' "; + if($load) + $simple_update = ''; + + //logger('update: ' . $update . ' load: ' . $load); + + if($update) { + + $ordering = "commented"; + + if($load) { + + $_SESSION['loadtime'] = datetime_convert(); + + // Fetch a page full of parent items for this page + + $r = q("SELECT distinct item.id AS item_id, $ordering FROM item + left join abook on item.author_xchan = abook.abook_xchan + WHERE true $uids AND item.item_restrict = 0 + AND item.parent = item.id + and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets + ORDER BY $ordering DESC $pager_sql ", + intval(ABOOK_FLAG_BLOCKED) + ); + + } + + // Then fetch all the children of the parents that are on this page + $parents_str = ''; + $update_unseen = ''; + + if($r) { + + $parents_str = ids_to_querystr($r,'item_id'); + + $items = q("SELECT item.*, item.id AS item_id FROM item + WHERE true $uids AND item.item_restrict = 0 + AND item.parent IN ( %s ) + $sql_extra ", + dbesc($parents_str) + ); + + xchan_query($items,true,(-1)); + $items = fetch_post_tags($items,true); + $items = conv_sort($items,$ordering); + } + else { + $items = array(); + } + + } + + // fake it + $mode = ('network'); + + $o .= conversation($a,$items,$mode,$update,$page_mode); + + if(($items) && (! $update)) + $o .= alt_pager($a,count($items)); + + return $o; + + } + call_hooks('home_content',$o); + return $o; } - - call_hooks('home_content',$o); - return $o; -} + + return $o; + +}
\ No newline at end of file diff --git a/mod/import.php b/mod/import.php index 44dfcc38d..6cb3767a6 100644 --- a/mod/import.php +++ b/mod/import.php @@ -215,7 +215,7 @@ function import_post(&$a) { // reset the original primary hubloc if it is being seized if($seize) - $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where (hubloc_flags & %d) and hubloc_hash = '%s' and hubloc_url != '%s' ", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where (hubloc_flags & %d)>0 and hubloc_hash = '%s' and hubloc_url != '%s' ", intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY), dbesc($channel['channel_hash']), @@ -228,7 +228,7 @@ function import_post(&$a) { // replace our existing xchan if we're seizing control - $r = q("delete from xchan where xchan_hash = '%s' limit 1", + $r = q("delete from xchan where xchan_hash = '%s'", dbesc($channel['channel_hash']) ); @@ -278,7 +278,7 @@ function import_post(&$a) { $photodate = $xchan['xchan_photo_date']; $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), diff --git a/mod/item.php b/mod/item.php index e7d886b00..94ff32750 100644 --- a/mod/item.php +++ b/mod/item.php @@ -32,8 +32,17 @@ function item_post(&$a) { require_once('include/security.php'); $uid = local_user(); - $channel = null; + $observer = null; + + $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); + require_once('include/identity.php'); + $sys = get_sys_channel(); + if($sys && $profile_uid && ($sys['channel_id'] == $profile_uid) && is_site_admin()) { + $uid = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } if(x($_REQUEST,'dropitems')) { require_once('include/items.php'); @@ -70,7 +79,6 @@ function item_post(&$a) { $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); $created = ((x($_REQUEST,'created')) ? datetime_convert('UTC','UTC',$_REQUEST['created']) : datetime_convert()); - $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''); $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : ''); @@ -87,8 +95,8 @@ function item_post(&$a) { /* * Check service class limits */ - if (local_user() && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) { - $ret = item_check_service_class(local_user(),x($_REQUEST,'webpage')); + if ($uid && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) { + $ret = item_check_service_class($uid,x($_REQUEST,'webpage')); if (!$ret['success']) { notice( t($ret['message']) . EOL) ; if(x($_REQUEST,'return')) @@ -129,11 +137,11 @@ function item_post(&$a) { intval($parent) ); } - elseif($parent_mid && local_user()) { + elseif($parent_mid && $uid) { // This is coming from an API source, and we are logged in $r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_mid), - intval(local_user()) + intval($uid) ); } // if this isn't the real parent of the conversation, find it @@ -168,9 +176,8 @@ function item_post(&$a) { } - - $observer = $a->get_observer(); - + if(! $observer) + $observer = $a->get_observer(); if($parent) { logger('mod_item: item_post parent=' . $parent); @@ -223,7 +230,7 @@ function item_post(&$a) { if(! $channel) { - if(local_user() && local_user() == $profile_uid) { + if($uid && $uid == $profile_uid) { $channel = $a->get_channel(); } else { @@ -446,7 +453,7 @@ function item_post(&$a) { intval($profile_uid) ); if($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) { - if(local_user() && (get_account_id() == $z[0]['account_id'])) { + if($uid && (get_account_id() == $z[0]['account_id'])) { $execflag = true; } else { @@ -461,7 +468,7 @@ function item_post(&$a) { if($mimetype === 'text/bbcode') { - if(local_user() && local_user() == $profile_uid && feature_enabled(local_user(),'markdown')) { + if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) { require_once('include/bb2diaspora.php'); $body = diaspora2bb(escape_tags($body),true); } @@ -594,7 +601,7 @@ function item_post(&$a) { if($fullnametagged) continue; - $success = handle_tag($a, $body, $access_tag, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag); + $success = handle_tag($a, $body, $access_tag, $str_tags, ($uid) ? $uid : $profile_uid , $tag); logger('handle_tag: ' . print_r($success,tue), LOGGER_DATA); if(($access_tag) && (! $parent_item)) { logger('access_tag: ' . $tag . ' ' . print_r($access_tag,true), LOGGER_DATA); @@ -797,7 +804,7 @@ function item_post(&$a) { $datarray['body'] = z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']); - if(local_user()) { + if($uid) { if($channel['channel_hash'] === $datarray['author_xchan']) { $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey'])); $datarray['item_flags'] = $datarray['item_flags'] | ITEM_VERIFIED; @@ -880,7 +887,7 @@ function item_post(&$a) { // They will show up as people comment on them. if($parent_item['item_restrict'] & ITEM_HIDDEN) { - $r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d LIMIT 1", + $r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d", intval($parent_item['item_restrict'] - ITEM_HIDDEN), intval($parent_item['id']) ); @@ -1294,7 +1301,7 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, $private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false); $r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d - WHERE id = %d AND uid = %d limit 1", + WHERE id = %d AND uid = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), @@ -1344,7 +1351,7 @@ function item_check_service_class($channel_id,$iswebpage) { if ($iswebpage) { $r = q("select count(i.id) as total from item i right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) - and i.parent=i.id and (i.item_restrict & %d) and not (i.item_restrict & %d) and i.uid= %d ", + and i.parent=i.id and (i.item_restrict & %d)>0 and not (i.item_restrict & %d)>0 and i.uid= %d ", intval(ITEM_WEBPAGE), intval(ITEM_DELETED), intval($channel_id) diff --git a/mod/layouts.php b/mod/layouts.php index 2d14212cf..aaf5db0ef 100644 --- a/mod/layouts.php +++ b/mod/layouts.php @@ -1,36 +1,82 @@ <?php -function layouts_content(&$a) { +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + +function layouts_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } if(argc() > 1) $which = argv(1); - else { + else + return; + + profile_load($a,$which); + +} + + +function layouts_content(&$a) { + + if(! $a->profile) { notice( t('Requested profile is not available.') . EOL ); $a->error = 404; return; } - profile_load($a,$which,0); + $which = argv(1); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); - // Figure out who the page owner is. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; } // Block design features from visitors - if((! local_user()) || (local_user() != $owner)) { + if((! $uid) || ($uid != $owner)) { notice( t('Permission denied.') . EOL); return; } // Get the observer, check their permissions - $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); $perms = get_all_perms($owner,$ob_hash); @@ -41,7 +87,9 @@ function layouts_content(&$a) { } if((argc() > 3) && (argv(2) === 'share') && (argv(3))) { - $r = q("select sid, service, mimetype, title, body from item_id left join item on item.id = item_id.iid where item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", + $r = q("select sid, service, mimetype, title, body from item_id + left join item on item.id = item_id.iid + where item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", intval($owner), dbesc(argv(3)) ); @@ -63,7 +111,6 @@ function layouts_content(&$a) { 'id' => 'layout-help-tab', )); - $o .= replace_macros(get_markup_template('common_tabs.tpl'),array('$tabs' => $tabs)); @@ -71,18 +118,16 @@ function layouts_content(&$a) { // Nickname is set to the observers xchan, and profile_uid to the owners. // This lets you post pages at other people's channels. - require_once ('include/conversation.php'); - $x = array( - 'webpage' => ITEM_PDL, - 'is_owner' => true, - 'nickname' => $a->profile['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'bang' => (($group || $cid) ? '!' : ''), - 'showacl' => false, - 'visitor' => false, - 'nopreview' => 1, - 'ptlabel' => t('Layout Name'), + 'webpage' => ITEM_PDL, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'showacl' => false, + 'visitor' => false, + 'nopreview' => 1, + 'ptlabel' => t('Layout Name'), 'profile_uid' => intval($owner), ); @@ -96,10 +141,8 @@ function layouts_content(&$a) { $o .= status_editor($a,$x); - // Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. - // TODO - this should be replaced with pagelist_widget - - $r = q("select iid, sid, mid from item_id left join item on item.id = item_id.iid where item_id.uid = %d and service = 'PDL' order by sid asc", + $r = q("select iid, sid, mid from item_id left join item on item.id = item_id.iid + where item_id.uid = %d and service = 'PDL' order by sid asc", intval($owner) ); @@ -108,24 +151,28 @@ function layouts_content(&$a) { if($r) { $pages = array(); foreach($r as $rr) { - $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid'], 'mid' => $rr['mid']); + $pages[$rr['iid']][] = array( + 'url' => $rr['iid'], + 'title' => $rr['sid'], + 'mid' => $rr['mid'] + ); } } - //Build the base URL for edit links - $url = z_root() . "/editlayout/" . $which; + $url = z_root() . '/editlayout/' . $which; - return $o . replace_macros(get_markup_template("layoutlist.tpl"), array( + $o .= replace_macros(get_markup_template('layoutlist.tpl'), array( '$baseurl' => $url, - '$edit' => t('Edit'), - '$share' => t('Share'), - '$pages' => $pages, + '$edit' => t('Edit'), + '$share' => t('Share'), + '$pages' => $pages, '$channel' => $which, - '$view' => t('View'), + '$view' => t('View'), '$preview' => '1', )); + return $o; } diff --git a/mod/like.php b/mod/like.php index f4fd33787..04a2b43cd 100755 --- a/mod/like.php +++ b/mod/like.php @@ -263,26 +263,18 @@ function like_content(&$a) { else killme(); - - $r = q("SELECT * FROM item WHERE verb = '%s' AND item_restrict = 0 + $r = q("SELECT id FROM item WHERE verb = '%s' AND item_restrict = 0 AND author_xchan = '%s' AND ( parent = %d OR thr_parent = '%s') LIMIT 1", dbesc($activity), dbesc($observer['xchan_hash']), intval($item_id), dbesc($item['mid']) ); - if($r) { - $like_item = $r[0]; - - // Already liked/disliked it, delete it - $r = q("UPDATE item SET item_restrict = ( item_restrict ^ %d ), changed = '%s' WHERE id = %d LIMIT 1", - intval(ITEM_DELETED), - dbesc(datetime_convert()), - intval($like_item['id']) - ); - - proc_run('php',"include/notifier.php","like",$like_item['id']); + if($r) { + // already liked it. Drop that item. + require_once('include/items.php'); + drop_item($r[0]['id'],false,DROPITEM_PHASE1); return; } @@ -332,7 +324,7 @@ function like_content(&$a) { // if this was a linked photo and was hidden, unhide it. if($item['item_restrict'] & ITEM_HIDDEN) { - $r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d limit 1", + $r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d", intval(ITEM_HIDDEN), intval($item['id']) ); diff --git a/mod/locs.php b/mod/locs.php index b707f6bd9..b1169fcca 100644 --- a/mod/locs.php +++ b/mod/locs.php @@ -19,12 +19,12 @@ function locs_post(&$a) { notice( t('Location not found.') . EOL); return; } - $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where (hubloc_flags & %d) and hubloc_hash = '%s' ", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where (hubloc_flags & %d)>0 and hubloc_hash = '%s' ", intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY), dbesc($channel['channel_hash']) ); - $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s' limit 1", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s'", intval(HUBLOC_FLAGS_PRIMARY), intval($hubloc_id), dbesc($channel['channel_hash']) @@ -50,7 +50,7 @@ function locs_post(&$a) { notice( t('Primary location cannot be removed.') . EOL); return; } - $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s' limit 1", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s'", intval(HUBLOC_FLAGS_DELETED), intval($hubloc_id), dbesc($channel['channel_hash']) diff --git a/mod/lostpass.php b/mod/lostpass.php index dd7c7a7d5..3269128f1 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -21,7 +21,7 @@ function lostpass_post(&$a) { $hash = random_string(); - $r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d LIMIT 1", + $r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d", dbesc($hash), intval($aid) ); @@ -73,7 +73,7 @@ function lostpass_content(&$a) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $new_password); - $r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d limit 1", + $r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d", dbesc($salt), dbesc($password_encoded), intval($aid) diff --git a/mod/mail.php b/mod/mail.php index f4897149a..6c778b956 100644 --- a/mod/mail.php +++ b/mod/mail.php @@ -113,6 +113,7 @@ function mail_content(&$a) { } $channel = $a->get_channel(); + head_set_icon($channel['xchan_photo_s']); $cipher = get_pconfig(local_user(),'system','default_cipher'); @@ -141,7 +142,7 @@ function mail_content(&$a) { if(! intval(argv(2))) return; $cmd = argv(1); - $r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d limit 1", + $r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d", intval(MAIL_RECALLED), intval(argv(2)), intval(local_user()) @@ -163,13 +164,16 @@ function mail_content(&$a) { $tpl = get_markup_template('msg-header.tpl'); - $a->page['htmlhead'] .= replace_macros($tpl, array( + $header = replace_macros($tpl, array( '$baseurl' => $a->get_baseurl(true), '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), '$nickname' => $channel['channel_address'], '$linkurl' => t('Please enter a link URL:'), '$expireswhen' => t('Expires YYYY-MM-DD HH:MM') )); + + $a->page['htmlhead'] .= $header; + $preselect = (isset($a->argv[2])?array($a->argv[2]):false); $prename = $preurl = $preid = ''; @@ -276,7 +280,7 @@ function mail_content(&$a) { $tpl = get_markup_template('msg-header.tpl'); $a->page['htmlhead'] .= replace_macros($tpl, array( - '$nickname' => $channel['channel_addr'], + '$nickname' => $channel['channel_address'], '$baseurl' => $a->get_baseurl(true), '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), '$linkurl' => t('Please enter a link URL:'), diff --git a/mod/manage.php b/mod/manage.php index 1920967e6..00c6db7f0 100644 --- a/mod/manage.php +++ b/mod/manage.php @@ -17,7 +17,7 @@ function manage_content(&$a) { intval(get_account_id()) ); if($r) { - q("update account set account_default_channel = %d where account_id = %d limit 1", + q("update account set account_default_channel = %d where account_id = %d", intval($change_channel), intval(get_account_id()) ); @@ -36,7 +36,7 @@ function manage_content(&$a) { $channels = null; if(local_user()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED) ); @@ -55,7 +55,7 @@ function manage_content(&$a) { $c = q("SELECT id, item_restrict, item_flags FROM item - WHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", + WHERE (item_restrict = %d) and ( item_flags & %d )>0 and uid = %d", intval(ITEM_VISIBLE), intval(ITEM_UNSEEN), intval($channels[$x]['channel_id']) @@ -71,7 +71,7 @@ function manage_content(&$a) { } - $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", + $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)", intval($channels[$x]['channel_id']), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), @@ -82,7 +82,7 @@ function manage_content(&$a) { $channels[$x]['intros'] = intval($intr[0]['total']); - $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", + $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d)>0 and from_xchan != '%s' ", intval($channels[$x]['channel_id']), intval(MAIL_SEEN), dbesc($channels[$x]['channel_hash']) @@ -127,7 +127,7 @@ function manage_content(&$a) { } } - $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )", + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0", intval(get_account_id()), intval(PAGE_REMOVED) ); diff --git a/mod/menu.php b/mod/menu.php index a2d0c2385..92923e1ff 100644 --- a/mod/menu.php +++ b/mod/menu.php @@ -1,13 +1,23 @@ <?php require_once('include/menu.php'); +require_once('include/identity.php'); function menu_post(&$a) { - if(! local_user()) + $uid = local_user(); + + if(array_key_exists('sys',$_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $a->is_sys = true; + } + + if(! $uid) return; - $_REQUEST['menu_channel_id'] = local_user(); + $_REQUEST['menu_channel_id'] = $uid; + if($_REQUEST['menu_bookmark']) $_REQUEST['menu_flags'] |= MENU_BOOKMARK; if($_REQUEST['menu_system']) @@ -19,7 +29,7 @@ function menu_post(&$a) { $r = menu_edit($_REQUEST); if($r) { info( t('Menu updated.') . EOL); - goaway(z_root() . '/mitem/' . $menu_id); + goaway(z_root() . '/mitem/' . $menu_id . (($a->is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to update menu.'). EOL); @@ -28,7 +38,7 @@ function menu_post(&$a) { $r = menu_create($_REQUEST); if($r) { info( t('Menu created.') . EOL); - goaway(z_root() . '/mitem/' . $r); + goaway(z_root() . '/mitem/' . $r . (($a->is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to create menu.'). EOL); @@ -40,36 +50,42 @@ function menu_post(&$a) { function menu_content(&$a) { - if(! local_user()) { + $uid = local_user(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + } + + if(! $uid) { notice( t('Permission denied.') . EOL); return ''; } -// $a->set_widget('design',design_tools()); - - if(argc() == 1) { // list menus - $x = menu_list(local_user()); - - $o = replace_macros(get_markup_template('menulist.tpl'),array( - '$title' => t('Manage Menus'), - '$menus' => $x, - '$edit' => t('Edit'), - '$drop' => t('Drop'), - '$new' => t('New'), - '$hintnew' => t('Create a new menu'), - '$hintdrop' => t('Delete this menu'), - '$hintcontent' => t('Edit menu contents'), - '$hintedit' => t('Edit this menu') - )); - - return $o; - - + $x = menu_list($uid); + if($x) { + for($y = 0; $y < count($x); $y ++) { + $x[$y]['bookmark'] = (($x[$y]['menu_flags'] & MENU_BOOKMARK) ? true : false); + } + } + $o = replace_macros(get_markup_template('menulist.tpl'),array( + '$title' => t('Manage Menus'), + '$menus' => $x, + '$edit' => t('Edit'), + '$drop' => t('Drop'), + '$new' => t('New'), + '$bmark' => t('Bookmarks allowed'), + '$hintnew' => t('Create a new menu'), + '$hintdrop' => t('Delete this menu'), + '$hintcontent' => t('Edit menu contents'), + '$hintedit' => t('Edit this menu') + )); + return $o; } @@ -87,19 +103,19 @@ function menu_content(&$a) { } elseif(intval(argv(1))) { - $m = menu_fetch_id(intval(argv(1)),local_user()); + $m = menu_fetch_id(intval(argv(1)),$uid); if(! $m) { notice( t('Menu not found.') . EOL); return ''; } if(argc() == 3 && argv(2) == 'drop') { - $r = menu_delete_id(intval(argv(1)),local_user()); + $r = menu_delete_id(intval(argv(1)),$uid); if($r) info( t('Menu deleted.') . EOL); else notice( t('Menu could not be deleted.'). EOL); - goaway(z_root() . '/menu'); + goaway(z_root() . '/menu' . (($a->is_sys) ? '?f=&sys=1' : '')); } else { $o = replace_macros(get_markup_template('menuedit.tpl'), array( diff --git a/mod/mitem.php b/mod/mitem.php index 3240bb68b..7098d7489 100644 --- a/mod/mitem.php +++ b/mod/mitem.php @@ -4,12 +4,22 @@ require_once('include/menu.php'); require_once('include/acl_selectors.php'); function mitem_init(&$a) { - if(! local_user()) + + $uid = local_user(); + + if(array_key_exists('sys',$_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $a->is_sys = true; + } + + if(! $uid) return; + if(argc() < 2) return; - $m = menu_fetch_id(intval(argv(1)),local_user()); + $m = menu_fetch_id(intval(argv(1)),$uid); if(! $m) { notice( t('Menu not found.') . EOL); return ''; @@ -20,8 +30,18 @@ function mitem_init(&$a) { function mitem_post(&$a) { - if(! local_user()) + $uid = local_user(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + } + + if(! $uid) { return; + } + + if(! $a->data['menu']) return; @@ -29,7 +49,7 @@ function mitem_post(&$a) { $channel = $a->get_channel(); - $_REQUEST['mitem_channel_id'] = local_user(); + $_REQUEST['mitem_channel_id'] = $uid; $_REQUEST['menu_id'] = $a->data['menu']['menu_id']; $_REQUEST['mitem_flags'] = 0; @@ -42,20 +62,20 @@ function mitem_post(&$a) { $mitem_id = ((argc() > 2) ? intval(argv(2)) : 0); if($mitem_id) { $_REQUEST['mitem_id'] = $mitem_id; - $r = menu_edit_item($_REQUEST['menu_id'],local_user(),$_REQUEST); + $r = menu_edit_item($_REQUEST['menu_id'],$uid,$_REQUEST); if($r) { info( t('Menu element updated.') . EOL); - goaway(z_root() . '/mitem/' . $_REQUEST['menu_id']); + goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . (($a->is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to update menu element.') . EOL); } else { - $r = menu_add_item($_REQUEST['menu_id'],local_user(),$_REQUEST); + $r = menu_add_item($_REQUEST['menu_id'],$uid,$_REQUEST); if($r) { info( t('Menu element added.') . EOL); - goaway(z_root() . '/mitem/' . $_REQUEST['menu_id']); + goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . (($a->is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to add menu element.') . EOL); @@ -69,7 +89,20 @@ function mitem_post(&$a) { function mitem_content(&$a) { - if(! local_user()) { + $uid = local_user(); + $channel = $a->get_channel(); + $observer = $a->get_observer(); + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $channel = $sys; + $ob_hash = $sys['xchan_hash']; + } + + if(! $uid) { notice( t('Permission denied.') . EOL); return ''; } @@ -79,67 +112,61 @@ function mitem_content(&$a) { return ''; } - $channel = $a->get_channel(); - - $m = menu_fetch($a->data['menu']['menu_name'],local_user(), get_observer_hash()); + $m = menu_fetch($a->data['menu']['menu_name'],$uid,$ob_hash); $a->data['menu_item'] = $m; if(argc() == 2) { $r = q("select * from menu_item where mitem_menu_id = %d and mitem_channel_id = %d order by mitem_order asc, mitem_desc asc", intval($a->data['menu']['menu_id']), - local_user() + intval($uid) ); $o .= replace_macros(get_markup_template('mitemlist.tpl'),array( - '$title' => t('Manage Menu Elements'), + '$title' => t('Manage Menu Elements'), '$menuname' => $a->data['menu']['menu_name'], '$menudesc' => $a->data['menu']['menu_desc'], - '$edmenu' => t('Edit menu'), - '$menu_id' => $a->data['menu']['menu_id'], - '$mlist' => $r, - '$edit' => t('Edit element'), - '$drop' => t('Drop element'), - '$new' => t('New element'), + '$edmenu' => t('Edit menu'), + '$menu_id' => $a->data['menu']['menu_id'], + '$mlist' => $r, + '$edit' => t('Edit element'), + '$drop' => t('Drop element'), + '$new' => t('New element'), '$hintmenu' => t('Edit this menu container'), - '$hintnew' => t('Add menu element'), + '$hintnew' => t('Add menu element'), '$hintdrop' => t('Delete this menu item'), '$hintedit' => t('Edit this menu item') - )); - - + )); + return $o; - } if(argc() > 2) { - - if(argv(2) === 'new') { $perm_defaults = array( 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] ); $o = replace_macros(get_markup_template('mitemedit.tpl'), array( - '$header' => t('New Menu Element'), - '$menu_id' => $a->data['menu']['menu_id'], + '$header' => t('New Menu Element'), + '$menu_id' => $a->data['menu']['menu_id'], '$permissions' => t('Menu Item Permissions'), - '$permdesc' => t("\x28click to open/close\x29"), - '$aclselect' => populate_acl($perm_defaults,false), - '$mitem_desc' => array('mitem_desc', t('Link text'), '', '','*'), - '$mitem_link' => array('mitem_link', t('URL of link'), '', '', '*'), - '$usezid' => array('usezid', t('Use Red magic-auth if available'), true, ''), - '$newwin' => array('newwin', t('Open link in new window'), false,''), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($perm_defaults,false), + '$mitem_desc' => array('mitem_desc', t('Link text'), '', '','*'), + '$mitem_link' => array('mitem_link', t('URL of link'), '', '', '*'), + '$usezid' => array('usezid', t('Use RedMatrix magic-auth if available'), true, ''), + '$newwin' => array('newwin', t('Open link in new window'), false,''), // permissions go here '$mitem_order' => array('mitem_order', t('Order in list'),'0',t('Higher numbers will sink to bottom of listing')), - '$submit' => t('Create') + '$submit' => t('Create') )); return $o; } @@ -148,23 +175,23 @@ function mitem_content(&$a) { elseif(intval(argv(2))) { $m = q("select * from menu_item where mitem_id = %d and mitem_channel_id = %d limit 1", intval(argv(2)), - intval(local_user()) + intval($uid) ); if(! $m) { notice( t('Menu item not found.') . EOL); - goaway(z_root() . '/menu'); + goaway(z_root() . '/menu'. (($a->is_sys) ? '?f=&sys=1' : '')); } $mitem = $m[0]; if(argc() == 4 && argv(3) == 'drop') { - $r = menu_del_item($mitem['mitem_menu_id'], local_user(),intval(argv(2))); + $r = menu_del_item($mitem['mitem_menu_id'], $uid, intval(argv(2))); if($r) info( t('Menu item deleted.') . EOL); else notice( t('Menu item could not be deleted.'). EOL); - goaway(z_root() . '/mitem/' . $mitem['mitem_menu_id']); + goaway(z_root() . '/mitem/' . $mitem['mitem_menu_id'] . (($a->is_sys) ? '?f=&sys=1' : '')); } else { @@ -179,7 +206,7 @@ function mitem_content(&$a) { '$mitem_id' => intval(argv(2)), '$mitem_desc' => array('mitem_desc', t('Link text'), $mitem['mitem_desc'], '','*'), '$mitem_link' => array('mitem_link', t('URL of link'), $mitem['mitem_link'], '', '*'), - '$usezid' => array('usezid', t('Use Red magic-auth if available'), (($mitem['mitem_flags'] & MENU_ITEM_ZID) ? 1 : 0), ''), + '$usezid' => array('usezid', t('Use RedMatrix magic-auth if available'), (($mitem['mitem_flags'] & MENU_ITEM_ZID) ? 1 : 0), ''), '$newwin' => array('newwin', t('Open link in new window'), (($mitem['mitem_flags'] & MENU_ITEM_NEWWIN) ? 1 : 0),''), // permissions go here '$mitem_order' => array('mitem_order', t('Order in list'),$mitem['mitem_order'],t('Higher numbers will sink to bottom of listing')), @@ -188,10 +215,5 @@ function mitem_content(&$a) { return $o; } } - } - - - - } diff --git a/mod/network.php b/mod/network.php index 0bad366d4..522622f03 100644 --- a/mod/network.php +++ b/mod/network.php @@ -24,7 +24,7 @@ function network_content(&$a, $update = 0, $load = false) { if(! local_user()) { $_SESSION['return_url'] = $a->query_string; - return login(false); + return login(false); } @@ -52,28 +52,30 @@ function network_content(&$a, $update = 0, $load = false) { } - $datequery = $datequery2 = ''; $group = 0; - $nouveau = false; + $nouveau = false; - $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); + $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); - $nouveau = ((x($_GET,'new')) ? intval($_GET['new']) : 0); - $gid = ((x($_GET,'gid')) ? intval($_GET['gid']) : 0); + $nouveau = ((x($_GET,'new')) ? intval($_GET['new']) : 0); + $gid = ((x($_GET,'gid')) ? intval($_GET['gid']) : 0); if($datequery) $_GET['order'] = 'post'; + + // filter by collection (e.g. group) + if($gid) { - $r = q("SELECT * FROM `groups` WHERE id = %d AND uid = %d LIMIT 1", - intval($gid), - intval(local_user()) - ); - if(! $r) { + $r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1", + intval($gid), + intval(local_user()) + ); + if(! $r) { if($update) killme(); notice( t('No such group') . EOL ); @@ -81,27 +83,26 @@ function network_content(&$a, $update = 0, $load = false) { // NOTREACHED } - $group = $gid; + $group = $gid; $group_hash = $r[0]['hash']; - $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); + $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); } $o = ''; - // if no tabs are selected, defaults to comments - $cid = ((x($_GET,'cid')) ? intval($_GET['cid']) : 0); - $star = ((x($_GET,'star')) ? intval($_GET['star']) : 0); - $order = ((x($_GET,'order')) ? notags($_GET['order']) : 'comment'); - $liked = ((x($_GET,'liked')) ? intval($_GET['liked']) : 0); - $conv = ((x($_GET,'conv')) ? intval($_GET['conv']) : 0); - $spam = ((x($_GET,'spam')) ? intval($_GET['spam']) : 0); - $cmin = ((x($_GET,'cmin')) ? intval($_GET['cmin']) : 0); - $cmax = ((x($_GET,'cmax')) ? intval($_GET['cmax']) : 99); - $firehose = ((x($_GET,'fh')) ? intval($_GET['fh']) : 0); - $file = ((x($_GET,'file')) ? $_GET['file'] : ''); + $cid = ((x($_GET,'cid')) ? intval($_GET['cid']) : 0); + $star = ((x($_GET,'star')) ? intval($_GET['star']) : 0); + $order = ((x($_GET,'order')) ? notags($_GET['order']) : 'comment'); + $liked = ((x($_GET,'liked')) ? intval($_GET['liked']) : 0); + $conv = ((x($_GET,'conv')) ? intval($_GET['conv']) : 0); + $spam = ((x($_GET,'spam')) ? intval($_GET['spam']) : 0); + $cmin = ((x($_GET,'cmin')) ? intval($_GET['cmin']) : 0); + $cmax = ((x($_GET,'cmax')) ? intval($_GET['cmax']) : 99); + $firehose = ((x($_GET,'fh')) ? intval($_GET['fh']) : 0); + $file = ((x($_GET,'file')) ? $_GET['file'] : ''); if(x($_GET,'search') || x($_GET,'file')) @@ -122,21 +123,21 @@ function network_content(&$a, $update = 0, $load = false) { $channel_acl = array( 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] ); $x = array( - 'is_owner' => true, - 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), + 'is_owner' => true, + 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), 'default_location' => $channel['channel_location'], - 'nickname' => $channel['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => populate_acl((($group || $cid) ? $def_acl : $channel_acl)), - 'bang' => (($group || $cid) ? '!' : ''), - 'visitor' => true, - 'profile_uid' => local_user() + 'nickname' => $channel['channel_address'], + 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'acl' => populate_acl((($group || $cid) ? $def_acl : $channel_acl)), + 'bang' => (($group || $cid) ? '!' : ''), + 'visitor' => true, + 'profile_uid' => local_user() ); $o .= status_editor($a,$x); @@ -146,33 +147,33 @@ function network_content(&$a, $update = 0, $load = false) { // We don't have to deal with ACL's on this page. You're looking at everything // that belongs to you, hence you can see all of it. We will filter by group if - // desired. + // desired. + - - $sql_options = (($star) - ? " and (item_flags & " . intval(ITEM_STARRED) . ")" + $sql_options = (($star) + ? " and (item_flags & " . intval(ITEM_STARRED) . ") > 0" : ''); $sql_nets = ''; - $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; + $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 $sql_options ) "; if($group) { $contact_str = ''; - $contacts = group_get_members($group); - if($contacts) { + $contacts = group_get_members($group); + if($contacts) { foreach($contacts as $c) { if($contact_str) $contact_str .= ','; - $contact_str .= "'" . $c['xchan'] . "'"; + $contact_str .= "'" . $c['xchan'] . "'"; } - } - else { - $contact_str = ' 0 '; + } + else { + $contact_str = ' 0 '; info( t('Collection is empty')); - } + } - $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; + $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; $x = group_rec_byhash(local_user(), $group_hash); @@ -180,60 +181,67 @@ function network_content(&$a, $update = 0, $load = false) { $o = '<h2>' . t('Collection: ') . $x['name'] . '</h2>' . $o; - } + } elseif($cid) { - $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1", + $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") > 0 limit 1", intval($cid), intval(local_user()) - ); - if($r) { - $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_user()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) and item_restrict = 0 ) "; + ); + if($r) { + $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_user()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) and item_restrict = 0 ) "; $o = '<h2>' . t('Connection: ') . $r[0]['xchan_name'] . '</h2>' . $o; - } - else { + } + else { notice( t('Invalid connection.') . EOL); goaway($a->get_baseurl(true) . '/network'); - } + } } if(! $update) { // The special div is needed for liveUpdate to kick in for this page. - // We only launch liveUpdate if you aren't filtering in some incompatible + // We only launch liveUpdate if you aren't filtering in some incompatible // way and also you aren't writing a comment (discovered in javascript). if($gid || $cid || $cmin || ($cmax != 99) || $star || $liked || $conv || $spam || $nouveau || $list) - $firehose = 0; + $firehose = 0; + + $maxheight = get_pconfig(local_user(),'system','network_divmore_height'); + if(! $maxheight) + $maxheight = 400; + $o .= '<div id="live-network"></div>' . "\r\n"; - $o .= "<script> var profile_uid = " . $_SESSION['uid'] . "; var profile_page = " . $a->pager['page'] . ";</script>"; + $o .= "<script> var profile_uid = " . local_user() + . "; var profile_page = " . $a->pager['page'] + . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( '$baseurl' => z_root(), - '$pgtype' => 'network', - '$uid' => ((local_user()) ? local_user() : '0'), - '$gid' => (($gid) ? $gid : '0'), - '$cid' => (($cid) ? $cid : '0'), - '$cmin' => (($cmin) ? $cmin : '0'), - '$cmax' => (($cmax) ? $cmax : '0'), - '$star' => (($star) ? $star : '0'), - '$liked' => (($liked) ? $liked : '0'), - '$conv' => (($conv) ? $conv : '0'), - '$spam' => (($spam) ? $spam : '0'), - '$fh' => (($firehose) ? $firehose : '0'), + '$pgtype' => 'network', + '$uid' => ((local_user()) ? local_user() : '0'), + '$gid' => (($gid) ? $gid : '0'), + '$cid' => (($cid) ? $cid : '0'), + '$cmin' => (($cmin) ? $cmin : '0'), + '$cmax' => (($cmax) ? $cmax : '0'), + '$star' => (($star) ? $star : '0'), + '$liked' => (($liked) ? $liked : '0'), + '$conv' => (($conv) ? $conv : '0'), + '$spam' => (($spam) ? $spam : '0'), + '$fh' => (($firehose) ? $firehose : '0'), '$nouveau' => (($nouveau) ? $nouveau : '0'), - '$wall' => '0', - '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), - '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), - '$search' => (($search) ? $search : ''), - '$order' => $order, - '$file' => $file, - '$cats' => '', - '$dend' => $datequery, - '$mid' => '', - '$dbegin' => $datequery2 + '$wall' => '0', + '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), + '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), + '$search' => (($search) ? $search : ''), + '$order' => $order, + '$file' => $file, + '$cats' => '', + '$dend' => $datequery, + '$mid' => '', + '$dbegin' => $datequery2 )); } @@ -246,17 +254,19 @@ function network_content(&$a, $update = 0, $load = false) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2)))); } - $sql_extra2 = (($nouveau) ? '' : " AND `item`.`parent` = `item`.`id` "); + $sql_extra2 = (($nouveau) ? '' : " AND item.parent = item.id "); $sql_extra3 = (($nouveau) ? '' : $sql_extra3); if(x($_GET,'search')) { $search = escape_tags($_GET['search']); - if(strpos($search,'#') === 0) + if(strpos($search,'#') === 0) { $sql_extra .= term_query('item',substr($search,1),TERM_HASHTAG); - else - $sql_extra .= sprintf(" AND `item`.`body` like '%s' ", + } + else { + $sql_extra .= sprintf(" AND item.body like '%s' ", dbesc(protect_sprintf('%' . $search . '%')) ); + } } if(strlen($file)) { @@ -264,7 +274,7 @@ function network_content(&$a, $update = 0, $load = false) { } if($conv) { - $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d ))) ", + $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d ) > 0)) ", dbesc(protect_sprintf($channel['channel_hash'])), intval(ITEM_MENTIONSME) ); @@ -279,7 +289,7 @@ function network_content(&$a, $update = 0, $load = false) { else { $itemspage = get_pconfig(local_user(),'system','itemspage'); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); - $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); } @@ -287,7 +297,7 @@ function network_content(&$a, $update = 0, $load = false) { // Not everybody who shows up in the network stream will be in your address book. // By default those that aren't are assumed to have closeness = 99; but this isn't - // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in + // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in // the stream with a NULL address book entry. $sql_nets .= " AND "; @@ -314,33 +324,38 @@ function network_content(&$a, $update = 0, $load = false) { $uids = " and item.uid = " . local_user() . " "; } - $simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''); + if(get_pconfig(local_user(),'system','network_list_mode')) + $page_mode = 'list'; + else + $page_mode = 'client'; + + $simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) > 0 " : ''); // This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day - // or three and look at your matrix page - after opening up your browser. The first page loads just as it - // should. All of a sudden a few seconds later, page 2 will get inserted at the beginning of the page + // or three and look at your matrix page - after opening up your browser. The first page loads just as it + // should. All of a sudden a few seconds later, page 2 will get inserted at the beginning of the page // (before the page 1 content). The update code is actually doing just what it's supposed // to, it's fetching posts that have the ITEM_UNSEEN bit set. But the reason that page 2 content is being - // returned in an UPDATE is because you hadn't gotten that far yet - you're still on page 1 and everything + // returned in an UPDATE is because you hadn't gotten that far yet - you're still on page 1 and everything // that we loaded for page 1 is now marked as seen. But the stuff on page 2 hasn't been. So... it's being - // treated as "new fresh" content because it is unseen. We need to distinguish it somehow from content + // treated as "new fresh" content because it is unseen. We need to distinguish it somehow from content // which "arrived as you were reading page 1". We're going to do this // by storing in your session the current UTC time whenever you LOAD a network page, and only UPDATE items // which are both ITEM_UNSEEN and have "changed" since that time. Cross fingers... - if($update && $_SESSION['loadtime']) - $simple_update .= " and item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' "; + if($update && $_SESSION['loadtime']) + $simple_update .= " and item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' "; if($load) $simple_update = ''; if($nouveau && $load) { // "New Item View" - show all items unthreaded in reverse created date order - $items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item` - WHERE true $uids AND item_restrict = 0 + $items = q("SELECT item.*, item.id AS item_id, received FROM item + WHERE true $uids AND item_restrict = 0 $simple_update $sql_extra $sql_nets - ORDER BY `item`.`received` DESC $pager_sql " + ORDER BY item.received DESC $pager_sql " ); require_once('include/items.php'); @@ -354,9 +369,9 @@ function network_content(&$a, $update = 0, $load = false) { // Normal conversation view if($order === 'post') - $ordering = "`created`"; + $ordering = "created"; else - $ordering = "`commented`"; + $ordering = "commented"; if($load) { @@ -364,19 +379,19 @@ function network_content(&$a, $update = 0, $load = false) { // Fetch a page full of parent items for this page - $r = q("SELECT distinct item.id AS item_id FROM item + $r = q("SELECT distinct item.id AS item_id, $ordering FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE true $uids AND item.item_restrict = 0 AND item.parent = item.id and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) $sql_extra3 $sql_extra $sql_nets - ORDER BY item.$ordering DESC $pager_sql ", + ORDER BY $ordering DESC $pager_sql ", intval(ABOOK_FLAG_BLOCKED) ); } else { - if(! $firehose) { + if(! $firehose) { // update $r = q("SELECT item.parent AS item_id FROM item left join abook on item.author_xchan = abook.abook_xchan @@ -396,9 +411,9 @@ function network_content(&$a, $update = 0, $load = false) { $parents_str = ids_to_querystr($r,'item_id'); - $items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item` - WHERE true $uids AND `item`.`item_restrict` = 0 - AND `item`.`parent` IN ( %s ) + $items = q("SELECT item.*, item.id AS item_id FROM item + WHERE true $uids AND item.item_restrict = 0 + AND item.parent IN ( %s ) $sql_extra ", dbesc($parents_str) ); @@ -406,19 +421,35 @@ function network_content(&$a, $update = 0, $load = false) { xchan_query($items,true,(($firehose) ? local_user() : 0)); $items = fetch_post_tags($items,true); $items = conv_sort($items,$ordering); - } + } else { $items = array(); } - if($parents_str) - $update_unseen = ' AND parent IN ( ' . dbesc($parents_str) . ' )'; + if($page_mode === 'list') { + /** + * in "list mode", only mark the parent item and any like activities as "seen". + * We won't distinguish between comment likes and post likes. The important thing + * is that the number of unseen comments will be accurate. The SQL to separate the + * comment likes could also get somewhat hairy. + */ + + if($parents_str) { + $update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )"; + $update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) "; + } + } + else { + if($parents_str) { + $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )"; + } + } } if(($update_unseen) && (! $firehose)) - $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d) - WHERE (item_flags & %d) AND `uid` = %d $update_unseen ", + $r = q("UPDATE item SET item_flags = ( item_flags & ~%d) + WHERE (item_flags & %d) > 0 AND uid = %d $update_unseen ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(local_user()) @@ -426,10 +457,11 @@ function network_content(&$a, $update = 0, $load = false) { $mode = (($nouveau) ? 'network-new' : 'network'); - $o .= conversation($a,$items,$mode,$update,'client'); - if(($items) && (! $update)) - $o .= alt_pager($a,count($items)); + $o .= conversation($a,$items,$mode,$update,$page_mode); + + if(($items) && (! $update)) + $o .= alt_pager($a,count($items)); return $o; } diff --git a/mod/notifications.php b/mod/notifications.php index 09f89e88a..5507ee7e2 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -33,7 +33,7 @@ function notifications_post(&$a) { $fid = $r[0]['fid']; if($_POST['submit'] == t('Discard')) { - $r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", + $r = q("DELETE FROM `intro` WHERE `id` = %d", intval($intro_id) ); if(! $fid) { @@ -41,7 +41,7 @@ function notifications_post(&$a) { // The check for blocked and pending is in case the friendship was already approved // and we just want to get rid of the now pointless notification - $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1 LIMIT 1", + $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1", intval($contact_id), intval(local_user()) ); @@ -49,7 +49,7 @@ function notifications_post(&$a) { goaway($a->get_baseurl(true) . '/notifications/intros'); } if($_POST['submit'] == t('Ignore')) { - $r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1", + $r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d", intval($intro_id)); goaway($a->get_baseurl(true) . '/notifications/intros'); } diff --git a/mod/openid.php b/mod/openid.php index ce7fe22ba..9752db440 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -159,7 +159,7 @@ function openid_content(&$a) { $photos = import_profile_photo($pphoto,$url); if($photos) { $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', - xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", + xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), @@ -11,7 +11,7 @@ function p_init(&$a) { $mid = str_replace('.xml','',argv(1)); - $r = q("select * from item where mid = '%s' and (item_flags & %d) and item_private = 0 limit 1", + $r = q("select * from item where mid = '%s' and (item_flags & %d)>0 and item_private = 0 limit 1", dbesc($mid), intval(ITEM_WALL) ); diff --git a/mod/photo.php b/mod/photo.php index 0329fe0a8..8cb82e8ff 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -66,7 +66,7 @@ function photo_init(&$a) { intval($uid) ); if(count($r)) { - $data = $r[0]['data']; + $data = dbunescbin($r[0]['data']); $mimetype = $r[0]['type']; } if(! isset($data)) { @@ -140,7 +140,7 @@ function photo_init(&$a) { ); if($r && $allowed) { - $data = $r[0]['data']; + $data = dbunescbin($r[0]['data']); $mimetype = $r[0]['type']; } else { diff --git a/mod/photos.php b/mod/photos.php index 0a3d6c704..7a9229cc4 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -227,7 +227,7 @@ function photos_post(&$a) { intval($page_owner_uid) ); if(count($r)) { - $ph = photo_factory($r[0]['data'], $r[0]['type']); + $ph = photo_factory(dbunescbin($r[0]['data']), $r[0]['type']); if($ph->is_valid()) { $rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 ); $ph->rotate($rotate_deg); @@ -235,8 +235,8 @@ function photos_post(&$a) { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", - dbesc($ph->imageString()), + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", + dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), @@ -248,8 +248,8 @@ function photos_post(&$a) { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1 limit 1", - dbesc($ph->imageString()), + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", + dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), @@ -262,8 +262,8 @@ function photos_post(&$a) { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2 limit 1", - dbesc($ph->imageString()), + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", + dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), @@ -274,11 +274,9 @@ function photos_post(&$a) { } } - $p = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `uid` = %d and ((photo_flags = %d) or (photo_flags & %d )) ORDER BY `scale` DESC", + $p = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", dbesc($resource_id), - intval($page_owner_uid), - intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE) + intval($page_owner_uid) ); if($p) { $ext = $phototypes[$p[0]['type']]; @@ -322,16 +320,17 @@ function photos_post(&$a) { intval($item_id), intval($page_owner_uid) ); - } - if($r) { - $old_tag = $r[0]['tag']; - $old_inform = $r[0]['inform']; + + if($r) { + $old_tag = $r[0]['tag']; + $old_inform = $r[0]['inform']; + } } // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d - where id = %d limit 1", + where id = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), @@ -619,7 +618,7 @@ function photos_content(&$a) { $album = hex2bin($datum); $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' - AND `scale` <= 4 and ((photo_flags = %d) or (photo_flags & %d )) $sql_extra GROUP BY `resource_id`", + AND `scale` <= 4 and ((photo_flags = %d) or (photo_flags & %d ) > 0) $sql_extra GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), @@ -637,14 +636,17 @@ function photos_content(&$a) { else $order = 'DESC'; - $r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s' - AND `scale` <= 4 and ((photo_flags = %d) or (photo_flags & %d )) $sql_extra GROUP BY `resource_id` ORDER BY `created` $order LIMIT %d , %d", + + $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN + (SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY resource_id) ph + ON (p.resource_id = ph.resource_id AND p.scale = ph.scale) + ORDER BY created $order LIMIT %d OFFSET %d", intval($owner_uid), dbesc($album), intvaL(PHOTO_NORMAL), intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); //edit album name @@ -840,11 +842,11 @@ function photos_content(&$a) { ); } - // lock - $lock = ( ( (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) + // lockstate + $lockstate = ( ( (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ) - ? t('Private Photo') - : Null); + ? array('lock', t('Private Photo')) + : array('unlock', Null)); $a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n"; if($prevlink) @@ -907,7 +909,7 @@ function photos_content(&$a) { } if((local_user()) && (local_user() == $link_item['uid'])) { - q("UPDATE `item` SET item_flags = (item_flags ^ %d) WHERE parent = %d and uid = %d and (item_flags & %d)", + q("UPDATE `item` SET item_flags = (item_flags & ~%d) WHERE parent = %d and uid = %d and (item_flags & %d)>0", intval(ITEM_UNSEEN), intval($link_item['parent']), intval(local_user()), @@ -947,8 +949,10 @@ function photos_content(&$a) { 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), 'aclselect' => $aclselect_e, + 'lockstate' => $lockstate[0], 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), 'item_id' => ((count($linked_items)) ? $link_item['id'] : 0), + 'adult_enabled' => feature_enabled($owner_uid,'adult_photo_flagging'), 'adult' => array('adult',t('Flag as adult in album view'), (($ph[0]['photo_flags'] & PHOTO_ADULT) ? 1 : 0),''), 'submit' => t('Submit'), 'delete' => t('Delete Photo') @@ -1119,7 +1123,7 @@ function photos_content(&$a) { '$id' => $link_item['id'], //$ph[0]['id'], '$album' => $album_e, '$tools' => $tools, - '$lock' => $lock, + '$lock' => $lockstate[1], '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, @@ -1157,7 +1161,7 @@ function photos_content(&$a) { //$o = ''; $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' - and ((photo_flags = %d) or (photo_flags & %d)) $sql_extra GROUP BY `resource_id`", + and ((photo_flags = %d) or (photo_flags & %d) > 0) $sql_extra GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc( t('Contact Photos')), @@ -1168,18 +1172,19 @@ function photos_content(&$a) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(60); } - - $r = q("SELECT `resource_id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo` - WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' - and ( (photo_flags = %d) or (photo_flags & %d )) - $sql_extra GROUP BY `resource_id` ORDER BY `created` DESC LIMIT %d , %d", + + $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN + (SELECT resource_id, max(scale) scale FROM photo + WHERE uid=%d AND album != '%s' AND album != '%s' + AND (photo_flags = %d or ( photo_flags & %d ) > 0 ) $sql_extra group by resource_id) ph + ON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc( t('Contact Photos')), intval(PHOTO_NORMAL), intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); diff --git a/mod/ping.php b/mod/ping.php index 98584cb14..ef8afd91c 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -107,7 +107,7 @@ function ping_init(&$a) { $basic_presence = false; if($r) { $basic_presence = true; - q("update chatpresence set cp_last = '%s' where cp_id = %d limit 1", + q("update chatpresence set cp_last = '%s' where cp_id = %d", dbesc(datetime_convert()), intval($r[0]['cp_id']) ); @@ -128,7 +128,9 @@ function ping_init(&$a) { * and shouldn't count as online anymore. We allow an expection for bots. */ - q("delete from chatpresence where cp_last < UTC_TIMESTAMP() - INTERVAL 3 MINUTE and cp_client != 'auto' "); + q("delete from chatpresence where cp_last < %s - INTERVAL %s and cp_client != 'auto' ", + db_utcnow(), db_quoteinterval('3 MINUTE') + ); if((! local_user()) || ($result['invalid'])) { echo json_encode($result); @@ -148,14 +150,14 @@ function ping_init(&$a) { if(x($_REQUEST, 'markRead') && local_user()) { switch($_REQUEST['markRead']) { case 'network': - $r = q("update item set item_flags = ( item_flags ^ %d ) where (item_flags & %d) and uid = %d", + $r = q("update item set item_flags = ( item_flags & ~%d ) where (item_flags & %d) > 0 and uid = %d", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(local_user()) ); break; case 'home': - $r = q("update item set item_flags = ( item_flags ^ %d ) where (item_flags & %d) and (item_flags & %d) and uid = %d", + $r = q("update item set item_flags = ( item_flags & ~%d ) where (item_flags & %d) > 0 and (item_flags & %d) > 0 and uid = %d", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(ITEM_WALL), @@ -163,7 +165,7 @@ function ping_init(&$a) { ); break; case 'messages': - $r = q("update mail set mail_flags = ( mail_flags ^ %d ) where channel_id = %d and not (mail_flags & %d)", + $r = q("update mail set mail_flags = ( mail_flags | %d ) where channel_id = %d and not (mail_flags & %d) > 0", intval(MAIL_SEEN), intval(local_user()), intval(MAIL_SEEN) @@ -184,6 +186,14 @@ function ping_init(&$a) { } } + if(x($_REQUEST, 'markItemRead') && local_user()) { + $r = q("update item set item_flags = ( item_flags & ~%d ) where parent = %d and uid = %d", + intval(ITEM_UNSEEN), + intval($_REQUEST['markItemRead']), + intval(local_user()) + ); + } + /** @@ -197,17 +207,17 @@ function ping_init(&$a) { ); if($t && intval($t[0]['total']) > 49) { $z = q("select * from notify where uid = %d - and seen = 0 order by date desc limit 0, 50", + and seen = 0 order by date desc limit 50", intval(local_user()) ); } else { $z1 = q("select * from notify where uid = %d - and seen = 0 order by date desc limit 0, 50", + and seen = 0 order by date desc limit 50", intval(local_user()) ); $z2 = q("select * from notify where uid = %d - and seen = 1 order by date desc limit 0, %d", + and seen = 1 order by date desc limit %d", intval(local_user()), intval(50 - intval($t[0]['total'])) ); @@ -222,7 +232,7 @@ function ping_init(&$a) { 'url' => $zz['url'], 'photo' => $zz['photo'], 'when' => relative_date($zz['date']), - 'class' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'), + 'hclass' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'), 'message' => strip_tags(bbcode($zz['msg'])) ); } @@ -235,8 +245,8 @@ function ping_init(&$a) { if(argc() > 1 && argv(1) === 'messages') { $channel = $a->get_channel(); $t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan - where channel_id = %d and not ( mail_flags & %d ) and not (mail_flags & %d ) - and from_xchan != '%s' order by created desc limit 0,50", + where channel_id = %d and not ( mail_flags & %d ) > 0 and not (mail_flags & %d ) > 0 + and from_xchan != '%s' order by created desc limit 50", intval(local_user()), intval(MAIL_SEEN), intval(MAIL_DELETED), @@ -251,7 +261,7 @@ function ping_init(&$a) { 'url' => $zz['xchan_url'], 'photo' => $zz['xchan_photo_s'], 'when' => relative_date($zz['created']), - 'class' => (($zz['mail_flags'] & MAIL_SEEN) ? 'notify-seen' : 'notify-unseen'), + 'hclass' => (($zz['mail_flags'] & MAIL_SEEN) ? 'notify-seen' : 'notify-unseen'), 'message' => t('sent you a private message'), ); } @@ -265,7 +275,7 @@ function ping_init(&$a) { $result = array(); $r = q("SELECT * FROM item - WHERE item_restrict = %d and ( item_flags & %d ) and uid = %d", + WHERE item_restrict = %d and ( item_flags & %d ) > 0 and uid = %d", intval(ITEM_VISIBLE), intval(ITEM_UNSEEN), intval(local_user()) @@ -287,7 +297,7 @@ function ping_init(&$a) { if(argc() > 1 && (argv(1) === 'intros')) { $result = array(); - $r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", + $r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) > 0 and not ((abook_flags & %d) > 0 or (xchan_flags & %d) > 0)", intval(local_user()), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), @@ -302,7 +312,7 @@ function ping_init(&$a) { 'url' => $rr['xchan_url'], 'photo' => $rr['xchan_photo_s'], 'when' => relative_date($rr['abook_created']), - 'class' => ('notify-unseen'), + 'hclass' => ('notify-unseen'), 'message' => t('added your channel') ); } @@ -343,7 +353,7 @@ function ping_init(&$a) { 'url' => $rr['xchan_url'], 'photo' => $rr['xchan_photo_s'], 'when' => $when, - 'class' => ('notify-unseen'), + 'hclass' => ('notify-unseen'), 'message' => t('posted an event') ); } @@ -371,7 +381,7 @@ function ping_init(&$a) { if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) { $r = q("SELECT id, item_restrict, item_flags FROM item - WHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", + WHERE (item_restrict = %d) and ( item_flags & %d ) > 0 and uid = %d", intval(ITEM_VISIBLE), intval(ITEM_UNSEEN), intval(local_user()) @@ -398,7 +408,7 @@ function ping_init(&$a) { $t2 = dba_timer(); if($vnotify & VNOTIFY_INTRO) { - $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", + $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) > 0 and not ((abook_flags & %d) > 0 or (xchan_flags & %d) > 0)", intval(local_user()), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), @@ -416,7 +426,7 @@ function ping_init(&$a) { if($vnotify & VNOTIFY_MAIL) { $mails = q("SELECT count(id) as total from mail - WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", + WHERE channel_id = %d AND not (mail_flags & %d) > 0 and from_xchan != '%s' ", intval(local_user()), intval(MAIL_SEEN), dbesc($channel['channel_hash']) @@ -427,7 +437,7 @@ function ping_init(&$a) { if($vnotify & VNOTIFY_REGISTER) { if ($a->config['system']['register_policy'] == REGISTER_APPROVE && is_site_admin()) { - $regs = q("SELECT count(account_id) as total from account where (account_flags & %d)", + $regs = q("SELECT count(account_id) as total from account where (account_flags & %d) > 0", intval(ACCOUNT_PENDING) ); if($regs) diff --git a/mod/poco.php b/mod/poco.php index c1696e4cd..3f932e92f 100644 --- a/mod/poco.php +++ b/mod/poco.php @@ -15,7 +15,7 @@ function poco_init(&$a) { $user = notags(trim(argv(1))); } if(! x($user)) { - $c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1"); + $c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = '1'"); if(! $c) { logger('mod_poco: system mode. No candidates.', LOGGER_DEBUG); http_status_exit(404); @@ -60,7 +60,7 @@ function poco_init(&$a) { } if($justme) - $sql_extra = " and ( abook_flags & " . ABOOK_FLAG_SELF . " ) "; + $sql_extra = " and ( abook_flags & " . ABOOK_FLAG_SELF . " )>0 "; else $sql_extra = " and abook_flags = 0 "; @@ -69,14 +69,14 @@ function poco_init(&$a) { if($system_mode) { $r = q("SELECT count(*) as `total` from abook where ( abook_flags & " . ABOOK_FLAG_SELF . - " ) and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) "); + " )>0 and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = '1') "); } else { $r = q("SELECT count(*) as `total` from abook where abook_channel = %d $sql_extra ", intval($channel_id) ); - $c = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " ) and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d", + $c = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " )>0 and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d", intval($channel_id) ); } @@ -93,17 +93,17 @@ function poco_init(&$a) { if($system_mode) { $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where ( abook_flags & " . ABOOK_FLAG_SELF . - " ) and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) limit %d, %d ", - intval($startIndex), - intval($itemsPerPage) + " )>0 and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = '1') limit %d offset %d ", + intval($itemsPerPage), + intval($startIndex) ); } else { $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d - $sql_extra LIMIT %d, %d", + $sql_extra LIMIT %d OFFSET %d", intval($channel_id), - intval($startIndex), - intval($itemsPerPage) + intval($itemsPerPage), + intval($startIndex) ); } diff --git a/mod/post.php b/mod/post.php index c21af83e4..9e818a7e2 100644 --- a/mod/post.php +++ b/mod/post.php @@ -98,7 +98,7 @@ function post_init(&$a) { // Any channel will do, providing it's currently active. We just need to have an // identity to attach to the packet we send back. So find one. - $c = q("select * from channel where not ( channel_pageflags & %d ) limit 1", + $c = q("select * from channel where not ( channel_pageflags & %d )>0 limit 1", intval(PAGE_REMOVED) ); @@ -612,7 +612,7 @@ function post_post(&$a) { else $ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => $x); - $x = q("delete from outq where outq_hash = '%s' limit 1", + $x = q("delete from outq where outq_hash = '%s'", dbesc($rr['outq_hash']) ); } @@ -659,7 +659,7 @@ function post_post(&$a) { // Update our DB to show when we last communicated successfully with this hub // This will allow us to prune dead hubs from using up resources - $r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d limit 1", + $r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d", dbesc(datetime_convert()), intval($hub['hubloc_id']) ); @@ -667,17 +667,17 @@ function post_post(&$a) { // a dead hub came back to life - reset any tombstones we might have if($hub['hubloc_status'] & HUBLOC_OFFLINE) { - q("update hubloc set hubloc_status = (hubloc_status ^ %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_status = (hubloc_status & ~%d) where hubloc_id = %d", intval(HUBLOC_OFFLINE), intval($hub['hubloc_id']) ); if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) { - q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where hubloc_id = %d", intval(HUBLOC_FLAGS_ORPHANCHECK), intval($hub['hubloc_id']) ); } - q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", + q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN), dbesc($hub['hubloc_hash']) @@ -732,7 +732,9 @@ function post_post(&$a) { $sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); // garbage collect any old unused notifications - q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE"); + q("delete from verify where type = 'auth' and created < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('10 MINUTE') + ); $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($sender_hash) @@ -781,7 +783,7 @@ function post_post(&$a) { $ret['message'] .= 'verification key not found' . EOL; json_return_and_die($ret); } - $r = q("delete from verify where id = %d limit 1", + $r = q("delete from verify where id = %d", intval($z[0]['id']) ); @@ -796,6 +798,7 @@ function post_post(&$a) { $ret['service_class'] = $u[0]['account_service_class']; // Set "do not track" flag if this site or this channel's profile is restricted + // in some way if(intval(get_config('system','block_public'))) $ret['DNT'] = true; @@ -803,6 +806,8 @@ function post_post(&$a) { $ret['DNT'] = true; if(get_pconfig($c[0]['channel_id'],'system','do_not_track')) $ret['DNT'] = true; + if(get_pconfig($c[0]['channel_id'],'system','hide_online_status')) + $ret['DNT'] = true; json_return_and_die($ret); diff --git a/mod/profile_photo.php b/mod/profile_photo.php index aad9c9d16..e9dad6f51 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -33,7 +33,7 @@ function profile_photo_set_profile_perms($profileid = '') { if (intval($profile['is_default']) != 1) { $r0 = q("SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1", intval(local_user()) ); - $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. + $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%d' ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid'])); $allowcid = "<" . $r0[0]['channel_hash'] . ">"; foreach ($r1 as $entry) { @@ -173,7 +173,7 @@ function profile_photo_post(&$a) { dbesc($base_image['resource_id']), intval(local_user()) ); - $r = q("UPDATE photo SET photo_flags = ( photo_flags ^ %d ) WHERE ( photo_flags & %d ) + $r = q("UPDATE photo SET photo_flags = ( photo_flags & ~%d ) WHERE ( photo_flags & %d )>0 AND resource_id != '%s' AND `uid` = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), @@ -182,7 +182,7 @@ function profile_photo_post(&$a) { ); } else { - $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d limit 1", + $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d", dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-4'), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-5'), intval($_REQUEST['profile']), @@ -196,7 +196,7 @@ function profile_photo_post(&$a) { $channel = $a->get_channel(); $r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc($im->getType()), dbesc(datetime_convert()), dbesc($channel['xchan_hash']) @@ -302,7 +302,7 @@ function profile_photo_content(&$a) { // unset any existing profile photos $r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d", intval(local_user())); - $r = q("UPDATE photo SET photo_flags = (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d", + $r = q("UPDATE photo SET photo_flags = (photo_flags & ~%d ) WHERE (photo_flags & %d )>0 AND uid = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), intval(local_user())); @@ -320,7 +320,7 @@ function profile_photo_content(&$a) { ); $r = q("UPDATE xchan set xchan_photo_date = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($channel['xchan_hash']) ); diff --git a/mod/profiles.php b/mod/profiles.php index 14f24c5cf..910c48743 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -30,7 +30,7 @@ function profiles_init(&$a) { dbesc($profile_guid), intval(local_user()) ); - $r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d", intval(argv(2)), intval(local_user()) ); @@ -234,6 +234,22 @@ function profiles_post(&$a) { } $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; // FIXME: Needs to be validated? + + $y = substr($dob,0,4); + if((! ctype_digit($y)) || ($y < 1900)) + $ignore_year = true; + else + $ignore_year = false; + + if($dob != '0000-00-00') { + if(strpos($dob,'0000-') === 0) { + $ignore_year = true; + $dob = substr($dob,5); + } + $dob = datetime_convert('UTC','UTC',(($ignore_year) ? '1900-' . $dob : $dob),(($ignore_year) ? 'm-d' : 'Y-m-d')); + if($ignore_year) + $dob = '0000-' . $dob; + } $name = escape_tags(trim($_POST['name'])); @@ -338,7 +354,7 @@ function profiles_post(&$a) { dbesc($zz['field_name']) ); if($w) { - q("update profext set v = '%s' where id = %d limit 1", + q("update profext set v = '%s' where id = %d", dbesc(escape_tags(trim($_POST[$zz['field_name']]))), intval($w[0]['id']) ); @@ -453,7 +469,7 @@ function profiles_post(&$a) { `work` = '%s', `education` = '%s', `hide_friends` = %d - WHERE `id` = %d AND `uid` = %d LIMIT 1", + WHERE `id` = %d AND `uid` = %d", dbesc($profile_name), dbesc($name), dbesc($pdesc), @@ -506,7 +522,7 @@ function profiles_post(&$a) { $channel = $a->get_channel(); if($namechanged && $is_default) { - $r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s' limit 1", + $r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'", dbesc($name), dbesc(datetime_convert()), dbesc($channel['xchan_hash']) @@ -514,6 +530,8 @@ function profiles_post(&$a) { } if($is_default) { + // reload the info for the sidebar widget - why does this not work? + profile_load($a,$channel['channel_address']); proc_run('php','include/directory.php',local_user()); } } diff --git a/mod/profperm.php b/mod/profperm.php index 197062936..55dc8cc77 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -75,13 +75,13 @@ function profperm_content(&$a) { if($change) { if(in_array($change,$ingroup)) { - q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d", intval($change), intval(local_user()) ); } else { - q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d", dbesc($profile['profile_guid']), intval($change), intval(local_user()) diff --git a/mod/receive.php b/mod/receive.php index 4071b169b..b7d27d40f 100644 --- a/mod/receive.php +++ b/mod/receive.php @@ -31,7 +31,7 @@ function receive_post(&$a) { // Diaspora sites *may* provide a truncated guid. - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d )>0 LIMIT 1", dbesc($guid . '%'), intval(PAGE_REMOVED) ); diff --git a/mod/register.php b/mod/register.php index 0cf1364b5..70bdcf350 100644 --- a/mod/register.php +++ b/mod/register.php @@ -37,7 +37,9 @@ function register_post(&$a) { $max_dailies = intval(get_config('system','max_daily_registrations')); if($max_dailies) { - $r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day"); + $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 day') + ); if($r && $r[0]['total'] >= $max_dailies) { notice( t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL); return; @@ -100,7 +102,7 @@ function register_post(&$a) { $invite_code = ((x($_POST,'invite_code')) ? notags(trim($_POST['invite_code'])) : ''); if($using_invites && $invite_code) { - q("delete * from register where hash = '%s' limit 1", dbesc($invite_code)); + q("delete * from register where hash = '%s'", dbesc($invite_code)); set_pconfig($result['account']['account_id'],'system','invites_remaining',$num_invites); } @@ -164,7 +166,9 @@ function register_content(&$a) { $max_dailies = intval(get_config('system','max_daily_registrations')); if($max_dailies) { - $r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day"); + $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 day') + ); if($r && $r[0]['total'] >= $max_dailies) { logger('max daily registrations exceeded.'); notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL); diff --git a/mod/search.php b/mod/search.php index 15ac71376..612ceb4bc 100644 --- a/mod/search.php +++ b/mod/search.php @@ -68,7 +68,8 @@ function search_content(&$a,$update = 0, $load = false) { ); } else { - $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); + $regstr = db_getfunc('REGEXP'); + $sql_extra = sprintf(" AND `item`.`body` $regstr '%s' ", dbesc(protect_sprintf(preg_quote($search)))); } // Here is the way permissions work in the search module... @@ -123,7 +124,7 @@ function search_content(&$a,$update = 0, $load = false) { if(($update) && ($load)) { $itemspage = get_pconfig(local_user(),'system','itemspage'); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); - $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); // in case somebody turned off public access to sys channel content with permissions @@ -132,29 +133,36 @@ function search_content(&$a,$update = 0, $load = false) { if($load) { $r = null; - + + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $prefix = 'distinct on (created, mid)'; + $suffix = 'ORDER BY created DESC, mid'; + } else { + $prefix = 'distinct'; + $suffix = 'group by mid ORDER BY created DESC'; + } if(local_user()) { - $r = q("SELECT distinct mid, item.id as item_id, item.* from item + $r = q("SELECT $prefix mid, item.id as item_id, item.* from item WHERE item_restrict = 0 AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) OR ( `item`.`uid` = %d )) OR item.owner_xchan = '%s' ) $sql_extra - group by mid ORDER BY created DESC $pager_sql ", + $suffix $pager_sql ", intval(local_user()), dbesc($sys['xchan_hash']) ); } if($r === null) { - $r = q("SELECT distinct mid, item.id as item_id, item.* from item - WHERE item_restrict = 0 - AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' - AND `item`.`deny_gid` = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - $pub_sql ) OR owner_xchan = '%s') - $sql_extra - group by mid ORDER BY created DESC $pager_sql", + $r = q("SELECT $prefix mid, item.id as item_id, item.* from item + WHERE item_restrict = 0 + AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' + AND `item`.`deny_gid` = '' AND item_private = 0 ) + and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + $pub_sql ) OR owner_xchan = '%s') + $sql_extra + $suffix $pager_sql", dbesc($sys['xchan_hash']) - ); + ); } } else { diff --git a/mod/settings.php b/mod/settings.php index 309be0797..1643387ea 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -140,6 +140,16 @@ function settings_post(&$a) { $user_scalable = ((x($_POST,'user_scalable')) ? intval($_POST['user_scalable']) : 0); $nosmile = ((x($_POST,'nosmile')) ? intval($_POST['nosmile']) : 0); $title_tosource = ((x($_POST,'title_tosource')) ? intval($_POST['title_tosource']) : 0); + $channel_list_mode = ((x($_POST,'channel_list_mode')) ? intval($_POST['channel_list_mode']) : 0); + $network_list_mode = ((x($_POST,'network_list_mode')) ? intval($_POST['network_list_mode']) : 0); + + $channel_divmore_height = ((x($_POST,'channel_divmore_height')) ? intval($_POST['channel_divmore_height']) : 400); + if($channel_divmore_height < 50) + $channel_divmore_height = 50; + $network_divmore_height = ((x($_POST,'network_divmore_height')) ? intval($_POST['network_divmore_height']) : 400); + if($network_divmore_height < 50) + $network_divmore_height = 50; + $browser_update = ((x($_POST,'browser_update')) ? intval($_POST['browser_update']) : 0); $browser_update = $browser_update * 1000; if($browser_update < 10000) @@ -159,6 +169,10 @@ function settings_post(&$a) { set_pconfig(local_user(),'system','itemspage', $itemspage); set_pconfig(local_user(),'system','no_smilies',$nosmile); set_pconfig(local_user(),'system','title_tosource',$title_tosource); + set_pconfig(local_user(),'system','channel_list_mode', $channel_list_mode); + set_pconfig(local_user(),'system','network_list_mode', $network_list_mode); + set_pconfig(local_user(),'system','channel_divmore_height', $channel_divmore_height); + set_pconfig(local_user(),'system','network_divmore_height', $network_divmore_height); if ($theme == $a->channel['channel_theme']){ // call theme_post only if theme has not been changed @@ -168,7 +182,7 @@ function settings_post(&$a) { } } - $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d LIMIT 1", + $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", dbesc($theme), intval(local_user()) ); @@ -205,7 +219,7 @@ function settings_post(&$a) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $newpass); $r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s' - where account_id = %d limit 1", + where account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), @@ -235,7 +249,7 @@ function settings_post(&$a) { $email = $a->user['email']; } if(! $errs) { - $r = q("update account set account_email = '%s' where account_id = %d limit 1", + $r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id']) ); @@ -267,7 +281,7 @@ function settings_post(&$a) { $hide_presence = (((x($_POST,'hide_presence')) && (intval($_POST['hide_presence']) == 1)) ? 1: 0); $publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); $def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : ''); - $r = q("update channel set channel_default_group = '%s' where channel_id = %d limit 1", + $r = q("update channel set channel_default_group = '%s' where channel_id = %d", dbesc($def_group), intval(local_user()) ); @@ -283,7 +297,7 @@ function settings_post(&$a) { $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' - where channel_id = %d limit 1", + where channel_id = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), @@ -313,7 +327,7 @@ function settings_post(&$a) { ); } if($r) { - q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d limit 1", + q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval(local_user()) @@ -327,12 +341,12 @@ function settings_post(&$a) { // no default collection else { q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', - channel_deny_cid = '' where channel_id = %d limit 1", + channel_deny_cid = '' where channel_id = %d", intval(local_user()) ); } - $r = q("update abook set abook_my_perms = %d where abook_channel = %d and (abook_flags & %d) limit 1", + $r = q("update abook set abook_my_perms = %d where abook_channel = %d and (abook_flags & %d)>0", intval(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0), intval(local_user()), intval(ABOOK_FLAG_SELF) @@ -464,7 +478,7 @@ function settings_post(&$a) { set_pconfig(local_user(),'system','vnotify',$vnotify); set_pconfig(local_user(),'system','evdays',$evdays); - $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d limit 1", + $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d", dbesc($username), intval($pageflags), dbesc($timezone), @@ -479,14 +493,14 @@ function settings_post(&$a) { info( t('Settings updated.') . EOL); if(! is_null($publish)) { - $r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d LIMIT 1", + $r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", intval($publish), intval(local_user()) ); } if($name_change) { - $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash']) @@ -722,6 +736,7 @@ function settings_content(&$a) { /* * DISPLAY SETTINGS */ + if((argc() > 1) && (argv(1) === 'display')) { $default_theme = get_config('system','theme'); if(! $default_theme) @@ -748,13 +763,18 @@ function settings_content(&$a) { $is_experimental = file_exists('view/theme/' . $th . '/experimental'); $unsupported = file_exists('view/theme/' . $th . '/unsupported'); $is_mobile = file_exists('view/theme/' . $th . '/mobile'); + $is_library = file_exists('view/theme/'. $th . '/library'); + if (!$is_experimental or ($is_experimental && (get_config('experimentals','exp_themes')==1 or get_config('experimentals','exp_themes')===false))){ $theme_name = (($is_experimental) ? sprintf(t('%s - (Experimental)'), $f) : $f); - if($is_mobile) { - $mobile_themes[$f]=$theme_name; - } - else { - $themes[$f]=$theme_name; + + if (! $is_library) { + if($is_mobile) { + $themes[$f]=$theme_name . ' (' . t('mobile') . ')'; + } + else { + $themes[$f]=$theme_name; + } } } } @@ -792,7 +812,7 @@ function settings_content(&$a) { '$uid' => local_user(), '$theme' => array('theme', t('Display Theme:'), $theme_selected, '', $themes, 'preview'), - '$mobile_theme' => array('mobile_theme', t('Mobile Theme:'), $mobile_theme_selected, '', $mobile_themes, ''), + '$mobile_theme' => array('mobile_theme', t('Mobile Theme:'), $mobile_theme_selected, '', $themes, ''), '$user_scalable' => array('user_scalable', t("Enable user zoom on mobile devices"), $user_scalable, ''), '$ajaxint' => array('browser_update', t("Update browser every xx seconds"), $browser_update, t('Minimum of 10 seconds, no maximum')), '$itemspage' => array('itemspage', t("Maximum number of conversations to load at any time:"), $itemspage, t('Maximum of 100 items')), @@ -801,6 +821,12 @@ function settings_content(&$a) { '$layout_editor' => t('System Page Layout Editor - (advanced)'), '$theme_config' => $theme_config, '$expert' => feature_enabled(local_user(),'expert'), + '$channel_list_mode' => array('channel_list_mode', t('Use blog/list mode on channel page'), get_pconfig(local_user(),'system','channel_list_mode'), t('(comments displayed separately)')), + '$network_list_mode' => array('network_list_mode', t('Use blog/list mode on matrix page'), get_pconfig(local_user(),'system','network_list_mode'), t('(comments displayed separately)')), + '$channel_divmore_height' => array('channel_divmore_height', t('Channel page max height of content (in pixels)'), ((get_pconfig(local_user(),'system','channel_divmore_height')) ? get_pconfig(local_user(),'system','channel_divmore_height') : 400), t('click to expand content exceeding this height')), + '$network_divmore_height' => array('network_divmore_height', t('Matrix page max height of content (in pixels)'), ((get_pconfig(local_user(),'system','network_divmore_height')) ? get_pconfig(local_user(),'system','network_divmore_height') : 400) , t('click to expand content exceeding this height')), + + )); return $o; diff --git a/mod/setup.php b/mod/setup.php index a8f3a1f47..044def15a 100755 --- a/mod/setup.php +++ b/mod/setup.php @@ -50,16 +50,18 @@ function setup_post(&$a) { $dbuser = trim($_POST['dbuser']); $dbpass = trim($_POST['dbpass']); $dbdata = trim($_POST['dbdata']); + $dbtype = intval(trim($_POST['dbtype'])); $phpath = trim($_POST['phpath']); $adminmail = trim($_POST['adminmail']); $siteurl = trim($_POST['siteurl']); require_once('include/dba/dba_driver.php'); unset($db); - $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true); + $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); if(! $db->connected) { echo "Database Connect failed: " . $db->error; killme(); + $a->data['db_conn_failed']=true; } /*if(get_db_errno()) { unset($db); @@ -80,9 +82,9 @@ function setup_post(&$a) { return; } }*/ - if(get_db_errno()) { - $a->data['db_conn_failed']=true; - } + //if(get_db_errno()) { + + //} return; break; @@ -93,6 +95,7 @@ function setup_post(&$a) { $dbuser = notags(trim($_POST['dbuser'])); $dbpass = notags(trim($_POST['dbpass'])); $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); $phpath = notags(trim($_POST['phpath'])); $timezone = notags(trim($_POST['timezone'])); $adminmail = notags(trim($_POST['adminmail'])); @@ -109,7 +112,7 @@ function setup_post(&$a) { } // connect to db - $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true); + $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); if(! $db->connected) { echo 'CRITICAL: DB not connected.'; @@ -123,6 +126,7 @@ function setup_post(&$a) { '$dbuser' => $dbuser, '$dbpass' => $dbpass, '$dbdata' => $dbdata, + '$dbtype' => $dbtype, '$timezone' => $timezone, '$siteurl' => $siteurl, '$site_id' => random_string(), @@ -187,7 +191,7 @@ function setup_content(&$a) { } if(x($a->data,'db_failed')) { - $txt = t('You may need to import the file "install/database.sql" manually using phpmyadmin or mysql.') . EOL; + $txt = t('You may need to import the file "install/schema_xxx.sql" manually using a database client.') . EOL; $txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ; $txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ; $db_return_text .= $txt; @@ -273,6 +277,7 @@ function setup_content(&$a) { $dbport = intval(notags(trim($_POST['dbport']))); $dbpass = notags(trim($_POST['dbpass'])); $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); $phpath = notags(trim($_POST['phpath'])); $adminmail = notags(trim($_POST['adminmail'])); $siteurl = notags(trim($_POST['siteurl'])); @@ -293,6 +298,7 @@ function setup_content(&$a) { '$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''), '$dbpass' => array('dbpass', t('Database Login Password'), $dbpass, ''), '$dbdata' => array('dbdata', t('Database Name'), $dbdata, ''), + '$dbtype' => array('dbtype', t('Database Type'), $dbtype, '', array( 0=>'MySQL', 1=>'PostgreSQL' )), '$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')), '$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')), @@ -316,6 +322,7 @@ function setup_content(&$a) { $dbuser = notags(trim($_POST['dbuser'])); $dbpass = notags(trim($_POST['dbpass'])); $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); $phpath = notags(trim($_POST['phpath'])); $adminmail = notags(trim($_POST['adminmail'])); @@ -335,6 +342,7 @@ function setup_content(&$a) { '$dbpass' => $dbpass, '$dbdata' => $dbdata, '$phpath' => $phpath, + '$dbtype' => $dbtype, '$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')), @@ -440,7 +448,7 @@ function check_funcs(&$checks) { check_add($ck_funcs, t('libCurl PHP module'), true, true, ""); check_add($ck_funcs, t('GD graphics PHP module'), true, true, ""); check_add($ck_funcs, t('OpenSSL PHP module'), true, true, ""); - check_add($ck_funcs, t('mysqli PHP module'), true, true, ""); + check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true, ""); check_add($ck_funcs, t('mb_string PHP module'), true, true, ""); check_add($ck_funcs, t('mcrypt PHP module'), true, true, ""); @@ -471,9 +479,9 @@ function check_funcs(&$checks) { $ck_funcs[2]['status']= false; $ck_funcs[2]['help']= t('Error: openssl PHP module required but not installed.'); } - if(! function_exists('mysqli_connect')){ + if(! function_exists('mysqli_connect') && !function_exists('pg_connect')){ $ck_funcs[3]['status']= false; - $ck_funcs[3]['help']= t('Error: mysqli PHP module required but not installed.'); + $ck_funcs[3]['help']= t('Error: mysqli or postgres PHP module required but neither are installed.'); } if(! function_exists('mb_strlen')){ $ck_funcs[4]['status']= false; @@ -579,7 +587,7 @@ function check_htaccess(&$checks) { if ((! $test['success']) || ($test['body'] != "ok")) { $status = false; - $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'); + $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true)); } check_add($checks, t('Url rewrite is working'), $status, true, $help); } else { @@ -607,8 +615,8 @@ function load_database_rem($v, $i){ function load_database($db) { - - $str = file_get_contents('install/database.sql'); + file_put_contents('debug-foo.log', 'Loading schema: '.$db->get_install_script()); + $str = file_get_contents($db->get_install_script()); $arr = explode(';',$str); $errors = false; foreach($arr as $a) { diff --git a/mod/siteinfo.php b/mod/siteinfo.php index a58f17c53..03e578467 100644 --- a/mod/siteinfo.php +++ b/mod/siteinfo.php @@ -1,14 +1,15 @@ <?php function siteinfo_init(&$a) { - + global $db; + if ($a->argv[1]=="json"){ $register_policy = Array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN'); $directory_mode = Array('DIRECTORY_MODE_NORMAL', 'DIRECTORY_MODE_SECONDARY','DIRECTORY_MODE_PRIMARY', 'DIRECTORY_MODE_STANDALONE'); $sql_extra = ''; - $r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 ) and account_default_channel = channel_id"); + $r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 )>0 and account_default_channel = channel_id"); if($r) { @@ -71,6 +72,7 @@ function siteinfo_init(&$a) { 'admin' => $admin, 'site_name' => (($site_name) ? $site_name : ''), 'platform' => RED_PLATFORM, + 'dbdriver' => $db->getdriver(), 'info' => (($site_info) ? $site_info : ''), 'channels_total' => $channels_total_stat, 'channels_active_halfyear' => $channels_active_halfyear_stat, diff --git a/mod/sources.php b/mod/sources.php index f4b36508f..73d78bbbf 100644 --- a/mod/sources.php +++ b/mod/sources.php @@ -47,7 +47,7 @@ function sources_post(&$a) { goaway(z_root() . '/sources'); } else { - $r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d limit 1", + $r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d", dbesc($xchan), dbesc($words), intval(local_user()), @@ -150,7 +150,7 @@ function sources_content(&$a) { notice( t('Source not found.') . EOL); return ''; } - $r = q("delete from source where src_id = %d and src_channel_id = %d limit 1", + $r = q("delete from source where src_id = %d and src_channel_id = %d", intval(argv(1)), intval(local_user()) ); diff --git a/mod/sslify.php b/mod/sslify.php index ed06d87c1..f37a8e23e 100644 --- a/mod/sslify.php +++ b/mod/sslify.php @@ -3,7 +3,7 @@ function sslify_init(&$a) { $x = z_fetch_url($_REQUEST['url']); if($x['success']) { - $h = explode("\n",$x['headers']); + $h = explode("\n",$x['header']); foreach ($h as $l) { list($k,$v) = array_map("trim", explode(":", trim($l), 2)); $hdrs[$k] = $v; diff --git a/mod/starred.php b/mod/starred.php index ca7621b0f..05b45bea3 100644 --- a/mod/starred.php +++ b/mod/starred.php @@ -21,7 +21,7 @@ function starred_init(&$a) { $item_flags = ( $r[0]['item_flags'] ^ ITEM_STARRED ); - $r = q("UPDATE item SET item_flags = %d WHERE uid = %d and id = %d LIMIT 1", + $r = q("UPDATE item SET item_flags = %d WHERE uid = %d and id = %d", intval($item_flags), intval(local_user()), intval($message_id) diff --git a/mod/subthread.php b/mod/subthread.php index 5ef0615b1..f0f54f4a6 100755 --- a/mod/subthread.php +++ b/mod/subthread.php @@ -228,7 +228,7 @@ EOT; $post_id = $post['item_id']; if(! $item['visible']) { - $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d", intval($item['id']), intval($owner_uid) ); diff --git a/mod/thing.php b/mod/thing.php index c12976f22..f53a6ab7b 100644 --- a/mod/thing.php +++ b/mod/thing.php @@ -85,7 +85,7 @@ function thing_init(&$a) { else $local_photo = $orig_record['imgurl']; - $r = q("update term set term = '%s', url = '%s', imgurl = '%s' where term_hash = '%s' and uid = %d limit 1", + $r = q("update term set term = '%s', url = '%s', imgurl = '%s' where term_hash = '%s' and uid = %d", dbesc($name), dbesc(($url) ? $url : z_root() . '/thing/' . $term_hash), dbesc($local_photo), @@ -301,12 +301,12 @@ function thing_content(&$a) { } - $x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d limit 1", + $x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d", dbesc($thing_hash), intval(TERM_OBJ_THING), intval(local_user()) ); - $x = q("delete from term where term_hash = '%s' and uid = %d limit 1", + $x = q("delete from term where term_hash = '%s' and uid = %d", dbesc($thing_hash), intval(local_user()) ); diff --git a/mod/update_home.php b/mod/update_home.php new file mode 100644 index 000000000..c139682e1 --- /dev/null +++ b/mod/update_home.php @@ -0,0 +1,38 @@ +<?php + +// See update_profile.php for documentation + +require_once('mod/home.php'); + +function update_home_content(&$a) { + + $profile_uid = ((intval($_GET['p'])) ? intval($_GET['p']) : (-1)); + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body>\r\n"; + echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '<div>' : '<section>'); + + $text = home_content($a,$profile_uid, $load); + $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; + $replace = "<img\${1} dst=\"\${2}\""; + $text = preg_replace($pattern, $replace, $text); + + if(! $load) { + $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; + $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; + $text = preg_replace($pattern, $replace, $text); + } + + echo str_replace("\t",' ',$text); + echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; +// logger('update_home: ' . $text); + killme(); + +}
\ No newline at end of file diff --git a/mod/viewconnections.php b/mod/viewconnections.php index 40ce28efe..40d26c823 100644 --- a/mod/viewconnections.php +++ b/mod/viewconnections.php @@ -37,7 +37,7 @@ function viewconnections_content(&$a) { $xchan_flags = $xchan_flags | XCHAN_FLAGS_HIDDEN; } - $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d ) and not ( xchan_flags & %d ) ", + $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d )>0 and not ( xchan_flags & %d )>0 ", intval($a->profile['uid']), intval($abook_flags), intval($xchan_flags) @@ -46,12 +46,12 @@ function viewconnections_content(&$a) { $a->set_pager_total($r[0]['total']); } - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not ( abook_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not ( abook_flags & %d )>0 and not ( xchan_flags & %d )>0 order by xchan_name LIMIT %d OFFSET %d ", intval($a->profile['uid']), intval($abook_flags), intval($xchan_flags), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); if(! $r) { diff --git a/mod/wall_upload.php b/mod/wall_upload.php index f83f4f7cf..7ed1859a8 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -8,6 +8,7 @@ require_once('include/photos.php'); function wall_upload_post(&$a) { + $using_api = ((x($_FILES,'media')) ? true : false); if($using_api) { @@ -43,10 +44,6 @@ function wall_upload_post(&$a) { killme(); } - $m = $ret['body']; - - - if($using_api) return("\n\n" . $ret['body'] . "\n\n"); else diff --git a/mod/webpages.php b/mod/webpages.php index a5cfd00e6..baddebec8 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -1,37 +1,64 @@ <?php -function webpages_content(&$a) { +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + +function webpages_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } if(argc() > 1) $which = argv(1); - else { + else + return; + + profile_load($a,$which); + +} + + +function webpages_content(&$a) { + + if(! $a->profile) { notice( t('Requested profile is not available.') . EOL ); $a->error = 404; return; } - $profile = 0; - $channel = $a->get_channel(); - - if((local_user()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; - $profile = argv(1); - } + $which = argv(1); - profile_load($a,$which,$profile); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + $channel = $a->get_channel(); - // Figure out who the page owner is. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } } - // Get the observer, check their permissions + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } - $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); $perms = get_all_perms($owner,$ob_hash); @@ -41,11 +68,6 @@ function webpages_content(&$a) { return; } -// if(local_user() && local_user() == $owner) { -// $a->set_widget('design',design_tools()); -// } - - if(feature_enabled($owner,'expert')) { $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); if(! $mimetype) @@ -60,14 +82,16 @@ function webpages_content(&$a) { $layout = 'choose'; -// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages -// Nickname is set to the observers xchan, and profile_uid to the owners. This lets you post pages at other people's channels. - require_once ('include/conversation.php'); - require_once('include/acl_selectors.php'); + // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages + // Nickname is set to the observers xchan, and profile_uid to the owner's. + // This lets you post pages at other people's channels. + - if(local_user() && local_user() == $a->profile_uid) { + if((! $channel) && ($uid) && ($uid == $a->profile_uid)) { $channel = $a->get_channel(); + } + if($channel) { $channel_acl = array( 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], @@ -78,21 +102,20 @@ function webpages_content(&$a) { else $channel_acl = array(); - require_once('include/conversation.php'); - $o = profile_tabs($a,true); + $o = profile_tabs($a,true); $x = array( - 'webpage' => ITEM_WEBPAGE, - 'is_owner' => true, - 'nickname' => $a->profile['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'bang' => (($group || $cid) ? '!' : ''), - 'acl' => ((local_user() && local_user() == $owner) ? populate_acl($channel_acl,false) : ''), - 'visitor' => true, + 'webpage' => ITEM_WEBPAGE, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'acl' => (($uid && $uid == $owner) ? populate_acl($channel_acl,false) : ''), + 'visitor' => true, 'profile_uid' => intval($owner), - 'mimetype' => $mimetype, - 'layout' => $layout, + 'mimetype' => $mimetype, + 'layout' => $layout, ); if($_REQUEST['title']) @@ -104,10 +127,12 @@ function webpages_content(&$a) { $o .= status_editor($a,$x); - // Get a list of webpages. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. + // Get a list of webpages. We can't display all them because endless scroll makes that unusable, + // so just list titles and an edit link. //TODO - this should be replaced with pagelist_widget - $r = q("select * from item_id left join item on item_id.iid = item.id where item_id.uid = %d and service = 'WEBPAGE' order by item.created desc", + $r = q("select * from item_id left join item on item_id.iid = item.id + where item_id.uid = %d and service = 'WEBPAGE' order by item.created desc", intval($owner) ); @@ -117,30 +142,36 @@ function webpages_content(&$a) { $pages = array(); foreach($r as $rr) { unobscure($rr); - $pages[$rr['iid']][] = array('url' => $rr['iid'],'pagetitle' => $rr['sid'],'title' => $rr['title'],'created' => datetime_convert('UTC',date_default_timezone_get(),$rr['created']),'edited' => datetime_convert('UTC',date_default_timezone_get(),$rr['edited'])); + $pages[$rr['iid']][] = array( + 'url' => $rr['iid'], + 'pagetitle' => $rr['sid'], + 'title' => $rr['title'], + 'created' => datetime_convert('UTC',date_default_timezone_get(),$rr['created']), + 'edited' => datetime_convert('UTC',date_default_timezone_get(),$rr['edited']) + ); } } -//Build the base URL for edit links - $url = z_root() . "/editwebpage/" . $which; -// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). - return $o . replace_macros(get_markup_template("webpagelist.tpl"), array( - '$listtitle' => t('Webpages'), - '$baseurl' => $url, - '$edit' => t('Edit'), - '$pages' => $pages, - '$channel' => $which, - '$view' => t('View'), - '$preview' => t('Preview'), - '$actions_txt' => t('Actions'), + //Build the base URL for edit links + $url = z_root() . '/editwebpage/' . $which; + + $o .= replace_macros(get_markup_template('webpagelist.tpl'), array( + '$listtitle' => t('Webpages'), + '$baseurl' => $url, + '$edit' => t('Edit'), + '$pages' => $pages, + '$channel' => $which, + '$view' => t('View'), + '$preview' => t('Preview'), + '$actions_txt' => t('Actions'), '$pagelink_txt' => t('Page Link'), - '$title_txt' => t('Title'), - '$created_txt' => t('Created'), - '$edited_txt' => t('Edited') + '$title_txt' => t('Title'), + '$created_txt' => t('Created'), + '$edited_txt' => t('Edited') -)); + )); - $o .= '</div>'; + return $o; } diff --git a/mod/xchan.php b/mod/xchan.php index 714603f6e..69fbdb77d 100644 --- a/mod/xchan.php +++ b/mod/xchan.php @@ -3,16 +3,15 @@ function xchan_content(&$a) { - - $o .= '<h3>Xchan Lookup</h3>'; + $o = '<h3>' . t('Xchan Lookup') . '</h3>'; $o .= '<form action="xchan" method="get">'; - $o .= 'Lookup xchan beginning with (or webbie): <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" />'; - $o .= '<input type="submit" name="submit" value="Submit" /></form>'; - - $o .= '<br /><br />'; + $o .= t('Lookup xchan beginning with (or webbie): '); + $o .= '<input type="text" style="width:250px;" name="addr" value="' . $_GET['addr'] .'">'; + $o .= '<input type="submit" name="submit" value="' . t('Submit') .'"></form>'; + $o .= '<br><br>'; - if(x($_GET,'addr')) { + if(x($_GET, 'addr')) { $addr = trim($_GET['addr']); $r = q("select * from xchan where xchan_hash like '%s%%' or xchan_addr = '%s' group by xchan_hash", @@ -22,15 +21,15 @@ function xchan_content(&$a) { if($r) { foreach($r as $rr) { - $o .= str_replace(array("\n"," "),array("<br/>"," "),print_r($rr,true)) . EOL; + $o .= str_replace(array("\n", " "), array("<br>", " "), print_r($rr, true)) . EOL; $s = q("select * from hubloc where hubloc_hash like '%s'", dbesc($r[0]['xchan_hash']) ); if($s) { - foreach($s as $rr) - $o .= str_replace(array("\n"," "),array("<br/>"," "),print_r($rr,true)) . EOL; + foreach($s as $rrr) + $o .= str_replace(array("\n", " "), array("<br>", " "), print_r($rrr, true)) . EOL; } } } diff --git a/mod/zfinger.php b/mod/zfinger.php index 666f141ec..6f4febc6f 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -74,12 +74,12 @@ function zfinger_init(&$a) { */ $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash - where ( channel_pageflags & %d ) order by channel_id limit 1", + where ( channel_pageflags & %d )>0 order by channel_id limit 1", intval(PAGE_SYSTEM) ); if(! $r) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash - where not ( channel_pageflags & %d ) order by channel_id limit 1", + where not ( channel_pageflags & %d )>0 order by channel_id limit 1", intval(PAGE_REMOVED) ); } @@ -108,6 +108,21 @@ function zfinger_init(&$a) { if($deleted || $censored) $searchable = false; + $public_forum = false; + + $role = get_pconfig($e['channel_id'],'system','permissions_role'); + if($role === 'forum') { + $public_forum = true; + } + else { + // check if it has characteristics of a public forum based on custom permissions. + $t = q("select abook_my_perms from abook where abook_channel = %d and (abook_flags & %d)>0 limit 1", + intval($e['channel_id']), + intval(ABOOK_FLAG_SELF) + ); + if($t && ($t[0]['abook_my_perms'] & PERMS_W_TAGWALL)) + $public_forum = true; + } // This is for birthdays and keywords, but must check access permissions @@ -174,6 +189,7 @@ function zfinger_init(&$a) { $ret['target_sig'] = $zsig; $ret['searchable'] = $searchable; $ret['adult_content'] = $adult_channel; + $ret['public_forum'] = $public_forum; if($deleted) $ret['deleted'] = $deleted; diff --git a/mod/zotfeed.php b/mod/zotfeed.php index c730e4162..9ad93c1d4 100644 --- a/mod/zotfeed.php +++ b/mod/zotfeed.php @@ -21,7 +21,7 @@ function zotfeed_init(&$a) { $channel_address = ((argc() > 1) ? argv(1) : ''); if($channel_address) { - $r = q("select channel_id, channel_name from channel where channel_address = '%s' and not (channel_pageflags & %d) limit 1", + $r = q("select channel_id, channel_name from channel where channel_address = '%s' and not (channel_pageflags & %d)>0 limit 1", dbesc(argv(1)), intval(PAGE_REMOVED) ); |