diff options
| author | habeascodice <habeascodice@federated.social> | 2014-11-17 08:30:26 -0800 |
|---|---|---|
| committer | habeascodice <habeascodice@federated.social> | 2014-11-17 08:30:26 -0800 |
| commit | 540b7af2c12666047710dd8f5e0c54d23ae8872c (patch) | |
| tree | ea90f72d9d308f6cb061a528c1f8494106e70087 /mod | |
| parent | 80eb84e843cdca51bbf4ebda180f4de41351b9c4 (diff) | |
| parent | ee38bebbd6a641eb953eacf493c085053442d972 (diff) | |
| download | volse-hubzilla-540b7af2c12666047710dd8f5e0c54d23ae8872c.tar.gz volse-hubzilla-540b7af2c12666047710dd8f5e0c54d23ae8872c.tar.bz2 volse-hubzilla-540b7af2c12666047710dd8f5e0c54d23ae8872c.zip | |
Merge branch 'master' of https://github.com/habeascodice/red
Diffstat (limited to 'mod')
62 files changed, 1825 insertions, 1401 deletions
diff --git a/mod/acl.php b/mod/acl.php index 5658a05c5..797a3633b 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -11,7 +11,7 @@ function acl_init(&$a){ $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); $search = (x($_REQUEST,'search')?$_REQUEST['search']:""); $type = (x($_REQUEST,'type')?$_REQUEST['type']:""); - + $noforums = (x($_REQUEST,'n') ? $_REQUEST['n'] : false); // For use with jquery.autocomplete for private mail completion @@ -49,7 +49,7 @@ function acl_init(&$a){ if ($type=='' || $type=='c'){ $r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2" , + WHERE abook_channel = %d AND not ( abook_flags & %d )>0 and not (xchan_flags & %d )>0 $sql_extra2" , intval(local_user()), intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED), intval(XCHAN_FLAGS_DELETED) @@ -59,7 +59,7 @@ function acl_init(&$a){ if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_user(),'system','taganyone'))) { if(((! $r) || (! $r[0]['total'])) && $type == 'c') { $r = q("SELECT COUNT(xchan_hash) AS c FROM xchan - WHERE not (xchan_flags & %d ) $sql_extra2" , + WHERE not (xchan_flags & %d )>0 $sql_extra2" , intval(XCHAN_FLAGS_DELETED) ); $contact_count = (int)$r[0]['c']; @@ -75,8 +75,8 @@ function acl_init(&$a){ $r = q("SELECT count(xchan_hash) as c FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) - and not ( xchan_flags & %d ) + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) + and not ( xchan_flags & %d )>0 $sql_extra2 ", intval(local_user()), intval(PERMS_W_MAIL), @@ -87,12 +87,12 @@ function acl_init(&$a){ $contact_count = (int)$r[0]['c']; } - elseif ($type == 'a') { + elseif (($type == 'a')||($type == 'p')) { // autocomplete for Contacts $r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and not ( xchan_flags & %d ) $sql_extra2" , + WHERE abook_channel = %d and not ( xchan_flags & %d )>0 $sql_extra2" , intval(local_user()), intval(XCHAN_FLAGS_DELETED) ); @@ -110,17 +110,18 @@ function acl_init(&$a){ if ($type=='' || $type=='g'){ $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`name`, - GROUP_CONCAT(DISTINCT `group_member`.`xchan` SEPARATOR ',') as uids + %s as uids FROM `groups`,`group_member` WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d AND `group_member`.`gid`=`groups`.`id` $sql_extra GROUP BY `groups`.`id` ORDER BY `groups`.`name` - LIMIT %d,%d", + LIMIT %d OFFSET %d", + db_concat('group_member.xchan', ','), intval(local_user()), - intval($start), - intval($count) + intval($count), + intval($start) ); foreach($r as $g){ @@ -140,7 +141,7 @@ function acl_init(&$a){ if ($type=='' || $type=='c') { $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" , + WHERE abook_channel = %d AND not ( abook_flags & %d )>0 and not (xchan_flags & %d )>0 $sql_extra2 order by xchan_name asc" , intval(local_user()), intval(ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED), intval(XCHAN_FLAGS_DELETED) @@ -149,7 +150,7 @@ function acl_init(&$a){ if((! $r) && $type == 'c') { $r = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags FROM xchan - WHERE not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" , + WHERE not (xchan_flags & %d )>0 $sql_extra2 order by xchan_name asc" , intval(XCHAN_FLAGS_DELETED) ); } @@ -159,8 +160,8 @@ function acl_init(&$a){ $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) - and not (xchan_flags & %d) + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) + and not (xchan_flags & %d)>0 $sql_extra3 ORDER BY `xchan_name` ASC ", intval(local_user()), @@ -168,10 +169,10 @@ function acl_init(&$a){ intval(XCHAN_FLAGS_DELETED) ); } - elseif($type == 'a') { + elseif(($type == 'a') || ($type == 'p')) { $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d - and not (xchan_flags & %d) + and not (xchan_flags & %d)>0 $sql_extra3 ORDER BY xchan_name ASC ", intval(local_user()), @@ -204,7 +205,7 @@ function acl_init(&$a){ $r = array(); - if($type == 'm' || $type == 'a') { + if($type == 'm' || $type == 'a' || $type == 'p') { $x = array(); $x['query'] = $search; $x['photos'] = array(); @@ -216,7 +217,7 @@ function acl_init(&$a){ $x['photos'][] = $g['micro']; $x['links'][] = $g['url']; $x['suggestions'][] = $g['name']; - $x['data'][] = $g['id']; + $x['data'][] = (($type === 'p') ? '@' . str_replace(' ','_',$g['name']) : $g['id']); } } echo json_encode($x); @@ -230,7 +231,7 @@ function acl_init(&$a){ if(strpos($g['hash'],'/')) continue; - if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c') { + if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", diff --git a/mod/admin.php b/mod/admin.php index 06f44c89b..0e580960a 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -238,7 +238,6 @@ function admin_page_site_post(&$a){ $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); - $theme_accessibility = ((x($_POST,'theme_accessibility')) ? notags(trim($_POST['theme_accessibility'])) : ''); // $site_channel = ((x($_POST,'site_channel')) ? notags(trim($_POST['site_channel'])) : ''); $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); @@ -298,12 +297,6 @@ function admin_page_site_post(&$a){ } else { set_config('system','mobile_theme', $theme_mobile); } - if ( $theme_accessibility === '---' ) { - del_config('system','accessibility_theme'); - } else { - set_config('system','accessibility_theme', $theme_accessibility); - } - // set_config('system','site_channel', $site_channel); set_config('system','maximagesize', $maximagesize); @@ -357,27 +350,32 @@ function admin_page_site(&$a) { } /* Installed themes */ - $theme_choices = array(); - $theme_choices_mobile = array(); - $theme_choices_mobile["---"] = t("No special theme for mobile devices"); - $theme_choices_accessibility = array(); - $theme_choices_accessibility["---"] =t("No special theme for accessibility"); - $files = glob('view/theme/*'); - if($files) { - foreach($files as $file) { - $f = basename($file); - $theme_name = ((file_exists($file . '/experimental')) ? sprintf("%s - Experimental", $f) : $f); - if (file_exists($file . '/mobile')) { - $theme_choices_mobile[$f] = $theme_name; - } - if (file_exists($file . '/accessibility')) { - $theme_choices_accessibility[$f] = $theme_name; + $theme_choices_mobile["---"] = t("Default"); + $theme_choices = array(); + $files = glob('view/theme/*'); + if($files) { + foreach($files as $file) { + $vars = ''; + $f = basename($file); + if (file_exists($file . '/library')) + continue; + if (file_exists($file . '/mobile')) + $vars = t('mobile'); + if (file_exists($file . '/experimental')) + $vars .= t('experimental'); + if (file_exists($file . '/unsupported')) + $vars .= t('unsupported'); + if ($vars) { + $theme_choices[$f] = $f . ' (' . $vars . ')'; + $theme_choices_mobile[$f] = $f . ' (' . $vars . ')'; } - $theme_choices[$f] = $theme_name; - } - } - - + else { + $theme_choices[$f] = $f; + $theme_choices_mobile[$f] = $f; + } + } + } + /* Banner */ $banner = get_config('system','banner'); if($banner == false) @@ -425,7 +423,6 @@ function admin_page_site(&$a) { '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices), '$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile), - '$theme_accessibility' => array('theme_accessibility', t("Accessibility system theme"), get_config('system','accessibility_theme'), t("Accessibility theme"), $theme_choices_accessibility), // '$site_channel' => array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")), '$diaspora_enabled' => array('diaspora_enabled',t('Enable Diaspora Protocol'), get_config('system','diaspora_enabled'), t('Communicate with Diaspora and Friendica - experimental')), '$feed_contacts' => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')), @@ -594,7 +591,7 @@ function admin_page_users_post(&$a){ if (x($_POST,'page_users_block')){ foreach($users as $uid){ - q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d limit 1", + q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d", intval(ACCOUNT_BLOCKED), intval( $uid ) ); @@ -650,7 +647,7 @@ function admin_page_users(&$a){ }; break; case "block":{ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); - q("UPDATE account SET account_flags = ( account_flags ^ %d ) where account_id = %d", + q("UPDATE account SET account_flags = ( account_flags & ~%d ) where account_id = %d", intval(ACCOUNT_BLOCKED), intval( $uid ) ); @@ -664,13 +661,13 @@ function admin_page_users(&$a){ } /* get pending */ - $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) ", + $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d )>0 ", intval(ACCOUNT_PENDING) ); /* get users */ - $total = q("SELECT count(*) as total FROM account where 1"); + $total = q("SELECT count(*) as total FROM account"); if(count($total)) { $a->set_pager_total($total[0]['total']); $a->set_pager_itemspage(100); @@ -690,14 +687,15 @@ function admin_page_users(&$a){ if($_REQUEST['order'] === 'created') $order = " order by account_created desc "; - $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d ) > 0 as `blocked`, " . - "(SELECT GROUP_CONCAT( ch.channel_address SEPARATOR ' ') FROM channel as ch " . - "WHERE ch.channel_account_id = ac.account_id and not (ch.channel_pageflags & %d )) as `channels` " . - "FROM account as ac where true $serviceclass $order limit %d , %d ", + $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d )>0 as `blocked`, " . + "(SELECT %s FROM channel as ch " . + "WHERE ch.channel_account_id = ac.account_id and not (ch.channel_pageflags & %d )>0) as `channels` " . + "FROM account as ac where true $serviceclass $order limit %d offset %d ", intval(ACCOUNT_BLOCKED), + db_concat('ch.channel_address', ' '), intval(PAGE_REMOVED), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); // function _setup_users($e){ @@ -764,7 +762,7 @@ function admin_page_channels_post(&$a){ if (x($_POST,'page_channels_block')){ foreach($channels as $uid){ - q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d", + q("UPDATE channel SET channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d", intval(PAGE_CENSORED), intval( $uid ) ); @@ -812,7 +810,7 @@ function admin_page_channels(&$a){ case "block":{ check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't'); - q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d", + q("UPDATE channel SET channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d", intval(PAGE_CENSORED), intval( $uid ) ); @@ -828,7 +826,7 @@ function admin_page_channels(&$a){ /* get channels */ - $total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)", + $total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)>0", intval(PAGE_REMOVED) ); if($total) { @@ -838,10 +836,10 @@ function admin_page_channels(&$a){ $order = " order by channel_name asc "; - $channels = q("SELECT * from channel where not ( channel_pageflags & %d ) $order limit %d , %d ", + $channels = q("SELECT * from channel where not ( channel_pageflags & %d )>0 $order limit %d offset %d ", intval(PAGE_REMOVED), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); if($channels) { @@ -1295,7 +1293,7 @@ readable."); function admin_page_profs_post(&$a) { if($_REQUEST['id']) { - $r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d limit 1", + $r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d", dbesc($_REQUEST['field_name']), dbesc($_REQUEST['field_type']), dbesc($_REQUEST['field_desc']), @@ -1323,7 +1321,7 @@ function admin_page_profs_post(&$a) { function admin_page_profs(&$a) { if((argc() > 3) && argv(2) == 'drop' && intval(argv(3))) { - $r = q("delete from profdef where id = %d limit 1", + $r = q("delete from profdef where id = %d", intval(argv(3)) ); // remove from allowed fields diff --git a/mod/blocks.php b/mod/blocks.php index 3f2bef116..6237a645b 100644 --- a/mod/blocks.php +++ b/mod/blocks.php @@ -1,108 +1,140 @@ <?php -function blocks_content(&$a) { +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); +function blocks_init(&$a) { + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } if(argc() > 1) $which = argv(1); - else { + else + return; + + profile_load($a,$which); + +} + + +function blocks_content(&$a) { + + if(! $a->profile) { notice( t('Requested profile is not available.') . EOL ); $a->error = 404; return; } - profile_load($a,$which,0); + $which = argv(1); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); - // Figure out who the page owner is. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); - } + $channel = $a->get_channel(); - // Block design features from visitors + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } - if((! local_user()) || (local_user() != $owner)) { - notice( t('Permission denied.') . EOL); - return; + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } } + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + $perms = get_all_perms($owner,$ob_hash); + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } -// Get the observer, check their permissions - $observer = $a->get_observer(); - $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + // Block design features from visitors - $perms = get_all_perms($owner,$ob_hash); + if((! $uid) || ($uid != $owner)) { + notice( t('Permission denied.') . EOL); + return; + } - if(! $perms['write_pages']) { - notice( t('Permission denied.') . EOL); - return; - } + if(feature_enabled($owner,'expert')) { + $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); + if(! $mimetype) + $mimetype = 'choose'; + } + else { + $mimetype = 'text/bbcode'; + } -// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages -// Nickname is set to the observers xchan, and profile_uid to the owners. -// This lets you post pages at other people's channels. -require_once ('include/conversation.php'); - $x = array( - 'webpage' => ITEM_BUILDBLOCK, - 'is_owner' => true, - 'nickname' => $a->profile['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'bang' => (($group || $cid) ? '!' : ''), - 'showacl' => false, - 'visitor' => true, - 'mimetype' => 'choose', - 'ptlabel' => t('Block Name'), - 'profile_uid' => intval($owner), - ); - if($_REQUEST['title']) - $x['title'] = $_REQUEST['title']; - if($_REQUEST['body']) - $x['body'] = $_REQUEST['body']; - if($_REQUEST['pagetitle']) - $x['pagetitle'] = $_REQUEST['pagetitle']; + $x = array( + 'webpage' => ITEM_BUILDBLOCK, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'showacl' => false, + 'visitor' => true, + 'mimetype' => $mimetype, + 'ptlabel' => t('Block Name'), + 'profile_uid' => intval($owner), + ); + if($_REQUEST['title']) + $x['title'] = $_REQUEST['title']; + if($_REQUEST['body']) + $x['body'] = $_REQUEST['body']; + if($_REQUEST['pagetitle']) + $x['pagetitle'] = $_REQUEST['pagetitle']; - $o .= status_editor($a,$x); - //Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. -//TODO - this should be replaced with pagelist_widget + $o .= status_editor($a,$x); -$r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", - intval($owner) -); + $r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", + intval($owner) + ); - $pages = null; + $pages = null; - if($r) { - $pages = array(); - foreach($r as $rr) { - $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); - } - } + if($r) { + $pages = array(); + foreach($r as $rr) { + $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); + } + } + //Build the base URL for edit links + $url = z_root() . '/editblock/' . $which; -//Build the base URL for edit links - $url = z_root() . "/editblock/" . $which; -// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). - return $o . replace_macros(get_markup_template("blocklist.tpl"), array( + $o .= replace_macros(get_markup_template('blocklist.tpl'), array( '$baseurl' => $url, '$edit' => t('Edit'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1', - - )); + )); - + return $o; } diff --git a/mod/channel.php b/mod/channel.php index 395160d2c..8d6b2a169 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -64,7 +64,7 @@ function channel_content(&$a, $update = 0, $load = false) { if($update) { // Ensure we've got a profile owner if updating. - $a->profile['profile_uid'] = $update; + $a->profile['profile_uid'] = $a->profile_uid = $update; } else { if($a->profile['profile_uid'] == local_user()) { @@ -141,17 +141,17 @@ function channel_content(&$a, $update = 0, $load = false) { if(($update) && (! $load)) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0 - AND (item_flags & %d) AND (item_flags & %d) $sql_extra limit 1", + AND (item_flags & %d)>0 AND (item_flags & %d)>0 $sql_extra limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_UNSEEN) ); } else { - $r = q("SELECT distinct parent AS `item_id` from item + $r = q("SELECT distinct parent AS `item_id`, created from item left join abook on item.author_xchan = abook.abook_xchan WHERE uid = %d AND item_restrict = 0 - AND (item_flags & %d) AND ( item_flags & %d ) + AND (item_flags & %d)>0 AND ( item_flags & %d )>0 AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) $sql_extra ORDER BY created DESC", @@ -179,12 +179,12 @@ function channel_content(&$a, $update = 0, $load = false) { $itemspage = get_pconfig(local_user(),'system','itemspage'); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); - $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); if($load || ($_COOKIE['jsAvailable'] != 1)) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0 - AND (item_flags & %d) $sql_extra limit 1", + AND (item_flags & %d)>0 $sql_extra limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL) @@ -194,10 +194,10 @@ function channel_content(&$a, $update = 0, $load = false) { } } else { - $r = q("SELECT distinct id AS item_id FROM item + $r = q("SELECT distinct id AS item_id, created FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE uid = %d AND item_restrict = 0 - AND (item_flags & %d) and (item_flags & %d) + AND (item_flags & %d)>0 and (item_flags & %d)>0 AND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) $sql_extra $sql_extra2 ORDER BY created DESC $pager_sql ", @@ -283,8 +283,8 @@ function channel_content(&$a, $update = 0, $load = false) { if($is_owner) { - $r = q("UPDATE item SET item_flags = (item_flags ^ %d) - WHERE (item_flags & %d) AND (item_flags & %d) AND uid = %d ", + $r = q("UPDATE item SET item_flags = (item_flags & ~%d) + WHERE (item_flags & %d)>0 AND (item_flags & %d)>0 AND uid = %d ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(ITEM_WALL), diff --git a/mod/chatsvc.php b/mod/chatsvc.php index 43aa3d3c0..44225e6dd 100644 --- a/mod/chatsvc.php +++ b/mod/chatsvc.php @@ -73,7 +73,7 @@ function chatsvc_content(&$a) { intval($a->data['chat']['uid']) ); - $r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s' limit 1", + $r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", dbesc($status), dbesc(datetime_convert()), intval($room_id), @@ -141,7 +141,7 @@ function chatsvc_content(&$a) { } } - $r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s' limit 1", + $r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", dbesc(datetime_convert()), intval($a->data['chat']['room_id']), dbesc(get_observer_hash()), diff --git a/mod/connect.php b/mod/connect.php index f7748bcaf..5b1f258ad 100644 --- a/mod/connect.php +++ b/mod/connect.php @@ -38,7 +38,7 @@ function connect_post(&$a) { $text = escape_tags($_POST['text']); if($has_premium != $premium) { - $r = q("update channel set channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d limit 1", + $r = q("update channel set channel_pageflags = ( channel_pageflags & ~%d ) where channel_id = %d", intval(PAGE_PREMIUM), intval(local_user()) ); diff --git a/mod/connections.php b/mod/connections.php index 0dfcfebf1..70e28913a 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -81,7 +81,7 @@ function connections_post(&$a) { } $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d - where abook_id = %d AND abook_channel = %d LIMIT 1", + where abook_id = %d AND abook_channel = %d", dbesc($profile_id), intval($abook_my_perms), intval($closeness), @@ -213,7 +213,7 @@ function connections_content(&$a) { nav_set_selected('intros'); break; case 'ifpending': - $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", + $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)", intval(local_user()), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), @@ -250,13 +250,13 @@ function connections_content(&$a) { } - $sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " ) " : ""); + $sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " )>0 " : ""); if(argv(1) === 'pending') - $sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " ) "; + $sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " )>0 "; } else { - $sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " ) "; + $sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " )>0 "; $unblocked = true; } @@ -342,7 +342,7 @@ function connections_content(&$a) { } $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) $sql_extra $sql_extra2 ", + where abook_channel = %d and not (abook_flags & %d)>0 and not (xchan_flags & %d )>0 $sql_extra $sql_extra2 ", intval(local_user()), intval(ABOOK_FLAG_SELF), intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) @@ -353,12 +353,12 @@ function connections_content(&$a) { } $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - WHERE abook_channel = %d and not (abook_flags & %d) and not ( xchan_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", + WHERE abook_channel = %d and not (abook_flags & %d)>0 and not ( xchan_flags & %d)>0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ", intval(local_user()), intval(ABOOK_FLAG_SELF), intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); $contacts = array(); diff --git a/mod/connedit.php b/mod/connedit.php index 7ad719738..917e2c73b 100644 --- a/mod/connedit.php +++ b/mod/connedit.php @@ -68,6 +68,14 @@ function connedit_post(&$a) { call_hooks('contact_edit_post', $_POST); + if($orig_record[0]['abook_flags'] & ABOOK_FLAG_SELF) { + $autoperms = intval($_POST['autoperms']); + } + else { + $autoperms = null; + } + + $profile_id = $_POST['profile_assign']; if($profile_id) { $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1", @@ -109,7 +117,7 @@ function connedit_post(&$a) { } $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d - where abook_id = %d AND abook_channel = %d LIMIT 1", + where abook_id = %d AND abook_channel = %d", dbesc($profile_id), intval($abook_my_perms), intval($closeness), @@ -121,7 +129,7 @@ function connedit_post(&$a) { if($orig_record[0]['abook_profile'] != $profile_id) { //Update profile photo permissions - logger('As a new profile was assigned updating profile photos'); + logger('A new profile was assigned - updating profile photos'); require_once('mod/profile_photo.php'); profile_photo_set_profile_perms($profile_id); @@ -208,6 +216,10 @@ function connedit_post(&$a) { $arr = array('channel_id' => local_user(), 'abook' => $a->poi); call_hooks('accept_follow', $arr); } +dbg(1); + if(! is_null($autoperms)) + set_pconfig(local_user(),'system','autoperms',(($autoperms) ? $abook_my_perms : 0)); +dbg(0); connedit_clone($a); @@ -261,6 +273,8 @@ function connedit_content(&$a) { $x = get_role_perms($role); if($x['perms_accept']) $my_perms = $x['perms_accept']; + else + $my_perms = get_channel_default_perms(local_user()); } if($my_perms) { $o .= "<script>function connectDefaultShare() { @@ -286,7 +300,7 @@ function connedit_content(&$a) { $cmd = argv(2); $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) LIMIT 1", + WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d )>0 LIMIT 1", intval($contact_id), intval(local_user()), intval(ABOOK_FLAG_SELF) @@ -516,16 +530,17 @@ function connedit_content(&$a) { if((! $self) && ($existing[$k])) $thisperm = "1"; - $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4]); + $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC || $self) ? '' : '1'), $v[4]); } $o .= replace_macros($tpl,array( - '$header' => (($self) ? t('Automatic Permissions Settings') : sprintf( t('Connections: settings for %s'),$contact['xchan_name'])), + '$header' => (($self) ? t('Connection Default Permissions') : sprintf( t('Connections: settings for %s'),$contact['xchan_name'])), + '$autoperms' => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_user(),'system','autoperms')) ? 1 : 0), ''), '$addr' => $contact['xchan_addr'], '$notself' => (($self) ? '' : '1'), '$self' => (($self) ? '1' : ''), - '$autolbl' => t('When receiving a channel introduction, any permissions provided here will be applied to the new connection automatically and the introduction approved. Leave this page if you do not wish to use this feature.'), + '$autolbl' => t('Apply the permissions indicated on this page to all new connections.'), '$viewprof' => t('View Profile'), '$lbl_slider' => t('Slide to adjust your degree of friendship'), '$slide' => $slide, diff --git a/mod/contactgroup.php b/mod/contactgroup.php index cac02a65d..4515c4c4c 100644 --- a/mod/contactgroup.php +++ b/mod/contactgroup.php @@ -9,7 +9,7 @@ function contactgroup_content(&$a) { } if((argc() > 2) && (intval(argv(1))) && (argv(2))) { - $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1", + $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1", dbesc(base64url_decode(argv(2))), intval(local_user()), intval(ABOOK_FLAG_SELF) diff --git a/mod/delegate.php b/mod/delegate.php index e582b9387..c78898b7f 100644 --- a/mod/delegate.php +++ b/mod/delegate.php @@ -42,7 +42,7 @@ function delegate_content(&$a) { if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) goaway($a->get_baseurl() . '/delegate'); - q("delete from manage where uid = %d and mid = %d limit 1", + q("delete from manage where uid = %d and mid = %d", intval($a->argv[2]), intval(local_user()) ); diff --git a/mod/directory.php b/mod/directory.php index 3d7632ec0..d4a4c383a 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -2,7 +2,7 @@ require_once('include/dir_fns.php'); require_once('include/widgets.php'); - +require_once('include/bbcode.php'); function directory_init(&$a) { $a->set_pager_itemspage(60); @@ -42,7 +42,8 @@ function directory_content(&$a) { else $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); - $advanced = ((x($_REQUEST,'query')) ? notags(trim($_REQUEST['query'])) : ''); + if(strpos($search,'=') && local_user() && get_pconfig(local_user(),'feature','expert')) + $advanced = $search; $keywords = (($_GET['keywords']) ? $_GET['keywords'] : ''); @@ -122,6 +123,10 @@ function directory_content(&$a) { $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); $connect_link = ((local_user()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); + // Checking status is disabled ATM until someone checks the performance impact more carefully + //$online = remote_online_status($rr['address']); + $online = ''; + if(in_array($rr['hash'],$contacts)) $connect_link = ''; @@ -142,8 +147,6 @@ function directory_content(&$a) { if(($years = age($rr['birthday'],'UTC','')) != 0) $details .= '<br />' . t('Age: ') . $years ; } - if(strlen($rr['gender'])) - $details .= '<br />' . t('Gender: ') . $rr['gender']; $page_type = ''; @@ -155,18 +158,53 @@ function directory_content(&$a) { || (x($profile,'country') == 1)) $location = t('Location:'); - $gender = ((x($profile,'gender') == 1) ? t('Gender:') : False); + $gender = ((x($profile,'gender') == 1) ? t('Gender: ') . $profile['gender']: False); - $marital = ((x($profile,'marital') == 1) ? t('Status:') : False); + $marital = ((x($profile,'marital') == 1) ? t('Status: ') . $profile['marital']: False); - $homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False); - - $about = ((x($profile,'about') == 1) ? t('About:') : False); + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage: ') : False); + $homepageurl = ((x($profile,'homepage') == 1) ? $profile['homepage'] : ''); + + $hometown = ((x($profile,'hometown') == 1) ? t('Hometown: ') . $profile['hometown'] : False); + + $about = ((x($profile,'about') == 1) ? t('About: ') . bbcode($profile['about']) : False); + + $keywords = ((x($profile,'keywords')) ? $profile['keywords'] : ''); + + $out = ''; + + if($keywords) { + $keywords = str_replace(',',' ', $keywords); + $keywords = str_replace(' ',' ', $keywords); + $karr = explode(' ', $keywords); + + if($karr) { + if(local_user()) { + $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", + intval(local_user()) + ); + if($r) { + $keywords = str_replace(',',' ', $r[0]['keywords']); + $keywords = str_replace(' ',' ', $keywords); + $marr = explode(' ', $keywords); + } + } + foreach($karr as $k) { + if(strlen($out)) + $out .= ', '; + if($marr && in_arrayi($k,$marr)) + $out .= '<strong>' . $k . '</strong>'; + else + $out .= $k; + } + } + } $entry = array( 'id' => ++$t, 'profile_link' => $profile_link, + 'public_forum' => $rr['public_forum'], 'photo' => $rr['photo'], 'hash' => $rr['hash'], 'alttext' => $rr['name'] . ' ' . $rr['address'], @@ -174,14 +212,21 @@ function directory_content(&$a) { 'details' => $pdesc . $details, 'profile' => $profile, 'address' => $rr['address'], + 'nickname' => substr($rr['address'],0,strpos($rr['address'],'@')), 'location' => $location, 'gender' => $gender, 'pdesc' => $pdesc, 'marital' => $marital, 'homepage' => $homepage, + 'homepageurl' => linkify($homepageurl), + 'hometown' => $hometown, 'about' => $about, 'conn_label' => t('Connect'), + 'forum_label' => t('Public Forum:'), 'connect' => $connect_link, + 'online' => $online, + 'kw' => (($out) ? t('Keywords: ') : ''), + 'keywords' => $out, ); $arr = array('contact' => $rr, 'entry' => $entry); diff --git a/mod/dirprofile.php b/mod/dirprofile.php deleted file mode 100644 index e9b12ada7..000000000 --- a/mod/dirprofile.php +++ /dev/null @@ -1,184 +0,0 @@ -<?php - -require_once('include/dir_fns.php'); -require_once('include/bbcode.php'); - -function dirprofile_init(&$a) { - - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - notice( t('Public access denied.') . EOL); - return; - } - - $hash = $_REQUEST['hash']; - if(! $hash) - return ''; - - $o = ''; - - $dirmode = intval(get_config('system','directory_mode')); - - if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { - $url = z_root() . '/dirsearch'; - } - if(! $url) { - $directory = find_upstream_directory($dirmode); - $url = $directory['url'] . '/dirsearch'; - } - logger('mod_directory: URL = ' . $url, LOGGER_DEBUG); - - $contacts = array(); - - if(local_user()) { - $x = q("select abook_xchan from abook where abook_channel = %d", - intval(local_user()) - ); - if($x) { - foreach($x as $xx) - $contacts[] = $xx['abook_xchan']; - } - } - - - - if($url) { - - $query = $url . '?f=&hash=' . $hash; - - $x = z_fetch_url($query); - logger('dirprofile: return from upstream: ' . print_r($x,true), LOGGER_DATA); - - if($x['success']) { - $t = 0; - $j = json_decode($x['body'],true); - if($j) { - - if($j['results']) { - - $entries = array(); - - $photo = 'thumb'; - - foreach($j['results'] as $rr) { - - $profile_link = chanlink_url($rr['url']); - - $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); - - $qrlink = zid($rr['url']); - $connect_link = ((local_user()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); - - $online = remote_online_status($rr['address']); - - - if(in_array($rr['hash'],$contacts)) - $connect_link = ''; - - $details = ''; - if(strlen($rr['locale'])) - $details .= $rr['locale']; - if(strlen($rr['region'])) { - if(strlen($rr['locale'])) - $details .= ', '; - $details .= $rr['region']; - } - if(strlen($rr['country'])) { - if(strlen($details)) - $details .= ', '; - $details .= $rr['country']; - } - if(strlen($rr['birthday'])) { - if(($years = age($rr['birthday'],'UTC','')) != 0) - $details .= '<br />' . t('Age: ') . $years ; - } - if(strlen($rr['gender'])) - $details .= '<br />' . t('Gender: ') . $rr['gender']; - - $page_type = ''; - - $profile = $rr; - - if ((x($profile,'locale') == 1) - || (x($profile,'region') == 1) - || (x($profile,'postcode') == 1) - || (x($profile,'country') == 1)) - $location = t('Location:'); - - - $marital = ((x($profile,'marital') == 1) ? t('Status: ') . $profile['marital'] : False); - $sexual = ((x($profile,'sexual') == 1) ? t('Sexual Preference: ') . $profile['sexual'] : False); - - $homepage = ((x($profile,'homepage') == 1) ? t('Homepage: ') . linkify($profile['homepage']) : False); - $hometown = ((x($profile,'hometown') == 1) ? t('Hometown: ') . $profile['hometown'] : False); - - $about = ((x($profile,'about') == 1) ? t('About: ') . bbcode($profile['about']) : False); - - $keywords = ((x($profile,'keywords')) ? $profile['keywords'] : ''); - if($keywords) { - $keywords = str_replace(',',' ', $keywords); - $keywords = str_replace(' ',' ', $keywords); - $karr = explode(' ', $keywords); - $out = ''; - if($karr) { - if(local_user()) { - $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", - intval(local_user()) - ); - if($r) { - $keywords = str_replace(',',' ', $r[0]['keywords']); - $keywords = str_replace(' ',' ', $keywords); - $marr = explode(' ', $keywords); - } - } - foreach($karr as $k) { - if(strlen($out)) - $out .= ', '; - if($marr && in_arrayi($k,$marr)) - $out .= '<strong>' . $k . '</strong>'; - else - $out .= $k; - } - } - - } - $entry = replace_macros(get_markup_template('direntry_large.tpl'), array( - '$id' => ++$t, - '$profile_link' => $profile_link, - '$qrlink' => $qrlink, - '$photo' => $rr['photo_l'], - '$alttext' => $rr['name'] . ' ' . $rr['address'], - '$name' => $rr['name'], - '$online' => (($online) ? t('Online Now') : ''), - '$details' => $pdesc . $details, - '$profile' => $profile, - '$address' => $rr['address'], - '$location' => $location, - '$gender' => $gender, - '$pdesc' => $pdesc, - '$marital' => $marital, - '$homepage' => $homepage, - '$hometown' => $hometown, - '$about' => $about, - '$kw' => (($out) ? t('Keywords: ') : ''), - '$keywords' => $out, - '$conn_label' => t('Connect'), - '$connect' => $connect_link, - )); - - - echo $entry; - killme(); - - } - } - else { - info( t("Not found.") . EOL); - } - } - } - } - - - - -}
\ No newline at end of file diff --git a/mod/dirsearch.php b/mod/dirsearch.php index d8f611e6a..dea34c566 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -151,16 +151,16 @@ function dirsearch_content(&$a) { } - $safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) " : ''); + $safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " )>0 " : ''); if($safe < 0) - $safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) "; + $safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " )>0 "; if($limit) $qlimit = " LIMIT $limit "; else { $qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage); if($return_total) { - $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and not ( xchan_flags & %d) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql ", + $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and not ( xchan_flags & %d)>0 and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 $safesql ", intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_DELETED) @@ -205,7 +205,7 @@ function dirsearch_content(&$a) { json_return_and_die($spkt); } else { - $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and xchan_network = 'zot' and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ", + $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and xchan_network = 'zot' and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 and not ( xchan_flags & %d )>0 $safesql $order $qlimit ", intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_DELETED) @@ -226,6 +226,8 @@ function dirsearch_content(&$a) { $entry['name'] = $rr['xchan_name']; $entry['hash'] = $rr['xchan_hash']; + $entry['public_forum'] = (($rr['xchan_flags'] & XCHAN_FLAGS_PUBFORUM) ? true : false); + $entry['url'] = $rr['xchan_url']; $entry['photo_l'] = $rr['xchan_photo_l']; $entry['photo'] = $rr['xchan_photo_m']; diff --git a/mod/display.php b/mod/display.php index be06c1e82..ece406543 100644 --- a/mod/display.php +++ b/mod/display.php @@ -149,7 +149,7 @@ function display_content(&$a, $update = 0, $load = false) { $updateable = false; - $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']),intval($a->pager['start'])); if($load || ($_COOKIE['jsAvailable'] != 1)) { $r = null; @@ -189,7 +189,7 @@ function display_content(&$a, $update = 0, $load = false) { and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR owner_xchan = '%s') $sql_extra ) - group by mid limit 1", + limit 1", dbesc($target_item['parent_mid']), dbesc($sys['xchan_hash']) ); @@ -228,8 +228,8 @@ function display_content(&$a, $update = 0, $load = false) { } if($updateable) { - $x = q("UPDATE item SET item_flags = ( item_flags ^ %d ) - WHERE (item_flags & %d) AND uid = %d and parent = %d ", + $x = q("UPDATE item SET item_flags = ( item_flags & ~%d ) + WHERE (item_flags & %d)>0 AND uid = %d and parent = %d ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(local_user()), diff --git a/mod/editblock.php b/mod/editblock.php index 3b6ce4bbf..c58a93410 100644 --- a/mod/editblock.php +++ b/mod/editblock.php @@ -1,50 +1,92 @@ <?php +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); -function editblock_content(&$a) { +function editblock_init(&$a) { + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } - if(argc() < 2) { - notice( t('Item not found') . EOL); + if(argc() > 1) + $which = argv(1); + else return; - } - $channel = get_channel_by_nick(argv(1)); + profile_load($a,$which); - if($c) { - $owner = intval($channel['channel_id']); - } +} - $o = ''; +function editblock_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } - // Figure out which post we're editing - $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + $which = argv(1); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); - if(! ($post_id && $channel)) { - notice( t('Item not found') . EOL); - return; + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } } - // Now we've got a post and an owner, let's find out if we're allowed to edit it + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'write_pages')) { + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { notice( t('Permission denied.') . EOL); return; } + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; - // We've already figured out which item we want and whose copy we need, so we don't need anything fancy here + // Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! ($post_id && $owner)) { + notice( t('Item not found') . EOL); + return; + } + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), - intval($channel['channel_id']) + intval($owner) ); if($itm) { $item_id = q("select * from item_id where service = 'BUILDBLOCK' and iid = %d limit 1", - $itm[0]['id'] + intval($itm[0]['id']) ); if($item_id) $block_title = $item_id[0]['sid']; @@ -57,10 +99,6 @@ function editblock_content(&$a) { $plaintext = true; - // You may or may not be a local user. -// if(local_user() && feature_enabled(local_user(),'richtext')) -// $plaintext = false; - $mimeselect = ''; $mimetype = $itm[0]['mimetype']; @@ -79,11 +117,11 @@ function editblock_content(&$a) { $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( - '$baseurl' => $a->get_baseurl(), - '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), - '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), - '$geotag' => '', - '$nickname' => $channel['channel_address'], + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => '', + '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete block?') )); @@ -96,79 +134,70 @@ function editblock_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); - - // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. - //So, send folk to the webpage list. - $rp = 'blocks/' . $channel['channel_address']; $o .= replace_macros($tpl,array( - '$return_path' => $rp, - '$action' => 'item', - '$webpage' => ITEM_BUILDBLOCK, - '$share' => t('Edit'), - '$upload' => t('Upload photo'), - '$attach' => t('Attach file'), - '$weblink' => t('Insert web link'), - '$youtube' => t('Insert YouTube video'), - '$video' => t('Insert Vorbis [.ogg] video'), - '$audio' => t('Insert Vorbis [.ogg] audio'), - '$setloc' => t('Set your location'), - '$noloc' => t('Clear browser location'), - '$wait' => t('Please wait'), - '$permset' => t('Permission settings'), - '$ptyp' => $itm[0]['type'], - '$mimeselect' => $mimeselect, - '$content' => undo_post_tagging($itm[0]['body']), - '$post_id' => $post_id, - '$baseurl' => $a->get_baseurl(), - '$defloc' => $channel['channel_location'], - '$visitor' => false, - '$public' => t('Public post'), - '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), - '$placeholdertitle' => t('Set title'), - '$pagetitle' => $block_title, - '$category' => '', + '$return_path' => $rp, + '$action' => 'item', + '$webpage' => ITEM_BUILDBLOCK, + '$share' => t('Edit'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$mimeselect' => $mimeselect, + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Set title'), + '$pagetitle' => $block_title, + '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), - '$emtitle' => t('Example: bob@example.com, mary@example.com'), - '$lockstate' => $lockstate, - '$acl' => '', - '$bang' => '', - '$profile_uid' => (intval($channel['channel_id'])), - '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), - '$jotplugins' => $jotplugins, - '$sourceapp' => $itm[0]['app'], - '$defexpire' => '', - '$feature_expire' => false, - '$expires' => t('Set expiration date'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($channel['channel_id'])), + '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''), + '$jotplugins' => $jotplugins, + '$sourceapp' => $itm[0]['app'], + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), )); - $ob = get_observer_hash(); - - if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob)) + if(($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) $o .= '<br /><br /><a class="block-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Block') . '</a><br />'; $x = array( - 'type' => 'block', - 'title' => $itm[0]['title'], - 'body' => $itm[0]['body'], - 'term' => $itm[0]['term'], - 'created' => $itm[0]['created'], - 'edited' => $itm[0]['edited'], - 'mimetype' => $itm[0]['mimetype'], + 'type' => 'block', + 'title' => $itm[0]['title'], + 'body' => $itm[0]['body'], + 'term' => $itm[0]['term'], + 'created' => $itm[0]['created'], + 'edited' => $itm[0]['edited'], + 'mimetype' => $itm[0]['mimetype'], 'pagetitle' => $page_title, - 'mid' => $itm[0]['mid'] + 'mid' => $itm[0]['mid'] ); $o .= EOL . EOL . t('Share') . EOL . '<textarea onclick="this.select();" class="shareable_element_text" >[element]' . base64url_encode(json_encode($x)) . '[/element]</textarea>' . EOL . EOL; - return $o; } diff --git a/mod/editlayout.php b/mod/editlayout.php index 89cae2b0c..94e2e628c 100644 --- a/mod/editlayout.php +++ b/mod/editlayout.php @@ -1,34 +1,76 @@ <?php -// What is this here for? I think it's cruft, but comment out for now in case it's here for a reason -// require_once('acl_selectors.php'); +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); + +function editlayout_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} function editlayout_content(&$a) { -// We first need to figure out who owns the webpage, grab it from an argument - $which = argv(1); -// $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $which = argv(1); + + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) ); - if($r) { - $owner = intval($r[0]['channel_id']); - //logger('owner: ' . print_r($owner,true)); - } + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - - - if((local_user()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; - } + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + $is_owner = (($uid && $uid == $owner) ? true : false); $o = ''; -// Figure out which post we're editing + // Figure out which post we're editing $post_id = ((argc() > 2) ? intval(argv(2)) : 0); @@ -37,48 +79,41 @@ function editlayout_content(&$a) { return; } -// Now we've got a post and an owner, let's find out if we're allowed to edit it + // Now we've got a post and an owner, let's find out if we're allowed to edit it - $observer = $a->get_observer(); - $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - $perms = get_all_perms($owner,$ob_hash); - - if(! $perms['write_pages']) { - notice( t('Permission denied.') . EOL); - return; - } + $perms = get_all_perms($owner,$ob_hash); + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } -// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here - $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", - intval($post_id), - intval($owner) - ); + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", + intval($post_id), + intval($owner) + ); $item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", - $itm[0]['id'] + intval($itm[0]['id']) ); if($item_id) $layout_title = $item_id[0]['sid']; $plaintext = true; -// You may or may not be a local user. This won't work, -// if(feature_enabled(local_user(),'richtext')) -// $plaintext = false; $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit Layout') )); - $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( - '$baseurl' => $a->get_baseurl(), - '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), - '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), - '$geotag' => $geotag, - '$nickname' => $a->user['nickname'], + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => $geotag, + '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete layout?') )); @@ -91,71 +126,68 @@ function editlayout_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - $channel = $a->get_channel(); - - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); -//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. + // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD + // instead of loading a sensible page. So, send folk to the webpage list. $rp = '/layouts/' . $which; $o .= replace_macros($tpl,array( - '$return_path' => $rp, - '$action' => 'item', - '$webpage' => ITEM_PDL, - '$share' => t('Edit'), - '$upload' => t('Upload photo'), - '$attach' => t('Attach file'), - '$weblink' => t('Insert web link'), - '$youtube' => t('Insert YouTube video'), - '$video' => t('Insert Vorbis [.ogg] video'), - '$audio' => t('Insert Vorbis [.ogg] audio'), - '$setloc' => t('Set your location'), - '$noloc' => t('Clear browser location'), - '$wait' => t('Please wait'), - '$permset' => t('Permission settings'), - '$ptyp' => $itm[0]['type'], - '$content' => undo_post_tagging($itm[0]['body']), - '$post_id' => $post_id, - '$baseurl' => $a->get_baseurl(), - '$defloc' => $channel['channel_location'], - '$visitor' => false, - '$public' => t('Public post'), - '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), - '$placeholdertitle' => t('Set title'), - '$pagetitle' => $layout_title, - '$category' => '', + '$return_path' => $rp, + '$action' => 'item', + '$webpage' => ITEM_PDL, + '$share' => t('Edit'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Set title'), + '$pagetitle' => $layout_title, + '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), - '$emtitle' => t('Example: bob@example.com, mary@example.com'), - '$lockstate' => $lockstate, - '$acl' => '', - '$bang' => '', - '$profile_uid' => (intval($owner)), - '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), - '$jotplugins' => $jotplugins, - '$sourceapp' => t($a->sourcename), - '$defexpire' => '', - '$feature_expire' => false, - '$expires' => t('Set expiration date'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($owner)), + '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''), + '$jotplugins' => $jotplugins, + '$sourceapp' => t($a->sourcename), + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), )); - $ob = get_observer_hash(); - if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob)) + if(($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) $o .= '<br /><br /><a class="layout-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Layout') . '</a><br />'; $x = array( - 'type' => 'layout', - 'title' => $itm[0]['title'], - 'body' => $itm[0]['body'], - 'term' => $itm[0]['term'], - 'created' => $itm[0]['created'], - 'edited' => $itm[0]['edited'], - 'mimetype' => $itm[0]['mimetype'], + 'type' => 'layout', + 'title' => $itm[0]['title'], + 'body' => $itm[0]['body'], + 'term' => $itm[0]['term'], + 'created' => $itm[0]['created'], + 'edited' => $itm[0]['edited'], + 'mimetype' => $itm[0]['mimetype'], 'pagetitle' => $page_title, - 'mid' => $itm[0]['mid'] + 'mid' => $itm[0]['mid'] ); $o .= EOL . EOL . t('Share') . EOL . '<textarea onclick="this.select();" class="shareable_element_text" >[element]' . base64url_encode(json_encode($x)) . '[/element]</textarea>' . EOL . EOL; diff --git a/mod/editwebpage.php b/mod/editwebpage.php index 41b5bb3e7..2acb3bd84 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -1,26 +1,71 @@ <?php -// Required for setting permissions. (FIXME) +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); + +function editwebpage_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} -require_once('acl_selectors.php'); function editwebpage_content(&$a) { - // We first need to figure out who owns the webpage, grab it from an argument + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } $which = argv(1); - // $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. - - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); - //logger('owner: ' . print_r($owner,true)); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } } - $is_owner = ((local_user() && local_user() == $owner) ? true : false); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = (($uid && $uid == $owner) ? true : false); $o = ''; @@ -33,9 +78,6 @@ function editwebpage_content(&$a) { return; } - // Now we've got a post and an owner, let's find out if we're allowed to edit it - - $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); $perms = get_all_perms($owner,$ob_hash); @@ -45,14 +87,13 @@ function editwebpage_content(&$a) { return; } + // We've already figured out which item we want and whose copy we need, + // so we don't need anything fancy here - - // We've already figured out which item we want and whose copy we need, so we don't need anything fancy here $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner) - ); - + ); if($itm[0]['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); @@ -63,23 +104,17 @@ function editwebpage_content(&$a) { } $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", - $itm[0]['id'] + intval($itm[0]['id']) ); if($item_id) $page_title = $item_id[0]['sid']; - - - $plaintext = true; -// if(feature_enabled($itm[0]['uid'],'richtext')) -// $plaintext = false; - $mimetype = $itm[0]['mimetype']; if($mimetype === 'application/x-php') { - if((! local_user()) || (local_user() != $itm[0]['uid'])) { + if((! $uid) || ($uid != $itm[0]['uid'])) { notice( t('Permission denied.') . EOL); return; } @@ -101,7 +136,6 @@ function editwebpage_content(&$a) { else $layoutselect = layout_select($itm[0]['uid'],$itm[0]['layout_mid']); - $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit Webpage') )); @@ -112,7 +146,7 @@ function editwebpage_content(&$a) { '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), '$geotag' => $geotag, - '$nickname' => $a->user['nickname'], + '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete webpage?') )); @@ -124,12 +158,9 @@ function editwebpage_content(&$a) { call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); - - $channel = $a->get_channel(); - - //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); -//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. + // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD + // instead of loading a sensible page. So, send folk to the webpage list. $rp = 'webpages/' . $which; @@ -171,18 +202,16 @@ function editwebpage_content(&$a) { 'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'), '$bang' => '', '$profile_uid' => (intval($owner)), - '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), + '$preview' => ((feature_enabled($uid,'preview')) ? t('Preview') : ''), '$jotplugins' => $jotplugins, - '$sourceapp' => t($a->sourcename), + '$sourceapp' => $a->sourcename, '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'), )); - $ob = get_observer_hash(); - - if(($itm[0]['author_xchan'] === $ob) || ($itm[0]['owner_xchan'] === $ob)) + if(($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) $o .= '<br /><br /><a class="page-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Webpage') . '</a><br />'; diff --git a/mod/events.php b/mod/events.php index c80d1dd39..009afbcb8 100755 --- a/mod/events.php +++ b/mod/events.php @@ -12,24 +12,14 @@ function events_post(&$a) { return; $event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0); + $event_hash = ((x($_POST,'event_hash')) ? $_POST['event_hash'] : ''); + $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : ''); $uid = local_user(); $start_text = escape_tags($_REQUEST['start_text']); $finish_text = escape_tags($_REQUEST['finish_text']); - $startyear = intval($_POST['startyear']); - $startmonth = intval($_POST['startmonth']); - $startday = intval($_POST['startday']); - $starthour = intval($_POST['starthour']); - $startminute = intval($_POST['startminute']); - - $finishyear = intval($_POST['finishyear']); - $finishmonth = intval($_POST['finishmonth']); - $finishday = intval($_POST['finishday']); - $finishhour = intval($_POST['finishhour']); - $finishminute = intval($_POST['finishminute']); - $adjust = intval($_POST['adjust']); $nofinish = intval($_POST['nofinish']); @@ -79,17 +69,22 @@ function events_post(&$a) { // and we'll waste a bunch of time responding to it. Time that // could've been spent doing something else. - if(strcmp($finish,$start) < 0) - $finish = $start; $summary = escape_tags(trim($_POST['summary'])); $desc = escape_tags(trim($_POST['desc'])); $location = escape_tags(trim($_POST['location'])); $type = 'event'; + $action = ($event_hash == '') ? 'new' : "event/" . $event_hash; + $onerror_url = $a->get_baseurl() . "/events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish"; + if(strcmp($finish,$start) < 0 && !$nofinish) { + notice( t('Event can not end before it has started.') . EOL); + goaway($onerror_url); + } + if((! $summary) || (! $start)) { notice( t('Event title and start time are required.') . EOL); - goaway($a->get_baseurl() . '/events/new'); + goaway($onerror_url); } $share = ((intval($_POST['share'])) ? intval($_POST['share']) : 0); @@ -204,14 +199,14 @@ function events_content(&$a) { nav_set_selected('all_events'); if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { - $r = q("update event set ignore = 1 where id = %d and uid = %d limit 1", + $r = q("update event set ignore = 1 where id = %d and uid = %d", intval(argv(2)), intval(local_user()) ); } if((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) { - $r = q("update event set ignore = 0 where id = %d and uid = %d limit 1", + $r = q("update event set ignore = 0 where id = %d and uid = %d", intval(argv(2)), intval(local_user()) ); @@ -335,8 +330,8 @@ function events_content(&$a) { $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan from event left join item on event_hash = resource_id where resource_type = 'event' and event.uid = %d and event.ignore = %d - AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' ) - OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish ) AND `start` <= '%s' )) ", + AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' ) + OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' )) ", intval(local_user()), intval($ignored), dbesc($start), @@ -460,6 +455,19 @@ function events_content(&$a) { $channel = $a->get_channel(); + // Passed parameters overrides anything found in the DB + if($mode === 'edit' || $mode === 'new') { + if(!x($orig_event)) $orig_event = array(); + // In case of an error the browser is redirected back here, with these parameters filled in with the previous values + if(x($_REQUEST,'nofinish')) $orig_event['nofinish'] = $_REQUEST['nofinish']; + if(x($_REQUEST,'adjust')) $orig_event['adjust'] = $_REQUEST['adjust']; + if(x($_REQUEST,'summary')) $orig_event['summary'] = $_REQUEST['summary']; + if(x($_REQUEST,'description')) $orig_event['description'] = $_REQUEST['description']; + if(x($_REQUEST,'location')) $orig_event['location'] = $_REQUEST['location']; + if(x($_REQUEST,'start')) $orig_event['start'] = $_REQUEST['start']; + if(x($_REQUEST,'finish')) $orig_event['finish'] = $_REQUEST['finish']; + } + if($mode === 'edit' || $mode === 'new') { $n_checked = ((x($orig_event) && $orig_event['nofinish']) ? ' checked="checked" ' : ''); @@ -530,11 +538,6 @@ function events_content(&$a) { } } - - - $dateformat = datesel_format($f); - $timeformat = t('hour:minute'); - require_once('include/acl_selectors.php'); $perm_defaults = array( @@ -552,26 +555,23 @@ function events_content(&$a) { '$eid' => $eid, '$xchan' => $event_xchan, '$mid' => $mid, + '$event_hash' => $event_id, '$title' => t('Event details'), - '$format_desc' => sprintf( t('Format is %s %s.'),$dateformat,$timeformat), '$desc' => t('Starting date and Title are required.'), '$catsenabled' => $catsenabled, '$placeholdercategory' => t('Categories (comma-separated list)'), '$category' => $category, '$s_text' => t('Event Starts:') . ' <span class="required" title="' . t('Required') . '">*</span>', - '$bootstrap' => 1, '$stext' => $stext, '$ftext' => $ftext, '$ModalCANCEL' => t('Cancel'), '$ModalOK' => t('OK'), - '$s_dsel' => datesel($f,'start',$syear+5,$syear,false,$syear,$smonth,$sday), - '$s_tsel' => timesel('start',$shour,$sminute), + '$s_dsel' => datetimesel($f,mktime(),mktime(0,0,0,0,0,$syear+5),mktime($shour,$sminute,$ssecond,$smonth,$sday,$syear),'start_text'), '$n_text' => t('Finish date/time is not known or not relevant'), '$n_checked' => $n_checked, '$f_text' => t('Event Finishes:'), - '$f_dsel' => datesel($f,'finish',$fyear+5,$fyear,false,$fyear,$fmonth,$fday), - '$f_tsel' => timesel('finish',$fhour,$fminute), + '$f_dsel' => datetimesel($f,mktime(),mktime(0,0,0,0,0,$fyear+5),mktime($fhour,$fminute,$fsecond,$fmonth,$fday,$fyear),'finish_text',true,true,'start_text'), '$a_text' => t('Adjust for viewer timezone'), '$a_checked' => $a_checked, '$d_text' => t('Description:'), @@ -582,6 +582,7 @@ function events_content(&$a) { '$t_orig' => $t_orig, '$sh_text' => t('Share this event'), '$sh_checked' => $sh_checked, + '$permissions' => t('Permissions'), '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults),false)), '$submit' => t('Submit') diff --git a/mod/feed.php b/mod/feed.php index 776f9787f..3b622fc17 100644 --- a/mod/feed.php +++ b/mod/feed.php @@ -12,6 +12,9 @@ function feed_init(&$a) { $params['type'] = ((stristr(argv(0),'json')) ? 'json' : 'xml'); $params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0); $params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0); + $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0); + $params['records'] = ((x($params,'records')) ? intval($params['records']) : 40); + $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc'); $channel = ''; if(argc() > 1) { diff --git a/mod/filer.php b/mod/filer.php index 3340fc999..9a409177c 100644 --- a/mod/filer.php +++ b/mod/filer.php @@ -27,7 +27,7 @@ function filer_content(&$a) { intval(local_user()) ); if($r) { - $x = q("update item set item_flags = ( item_flags | %d ) where id = %d and uid = %d limit 1", + $x = q("update item set item_flags = ( item_flags | %d ) where id = %d and uid = %d", intval(ITEM_RETAINED), intval($r[0]['parent']), intval(local_user()) diff --git a/mod/filerm.php b/mod/filerm.php index a37e80b31..900cfe60b 100644 --- a/mod/filerm.php +++ b/mod/filerm.php @@ -18,7 +18,7 @@ function filerm_content(&$a) { logger('filerm: tag ' . $term . ' item ' . $item_id); if($item_id && strlen($term)) { - $r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s' limit 1", + $r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s'", intval(local_user()), intval(($category) ? TERM_CATEGORY : TERM_FILE), intval($item_id), diff --git a/mod/fsuggest.php b/mod/fsuggest.php index 8b6f077d3..2f4f9606b 100644 --- a/mod/fsuggest.php +++ b/mod/fsuggest.php @@ -52,7 +52,7 @@ function fsuggest_post(&$a) { ); if(count($r)) { $fsuggest_id = $r[0]['id']; - q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", + q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($note), intval($fsuggest_id), intval(local_user()) diff --git a/mod/group.php b/mod/group.php index 9b90b1a1a..f67623a83 100644 --- a/mod/group.php +++ b/mod/group.php @@ -44,7 +44,7 @@ function group_post(&$a) { $public = intval($_POST['public']); if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) { - $r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d LIMIT 1", + $r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d", dbesc($groupname), intval($public), intval(local_user()), @@ -117,7 +117,7 @@ function group_content(&$a) { check_form_security_token_ForbiddenOnErr('group_member_change', 't'); - $r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (xchan_flags & %d) and not (abook_flags & %d) and not (abook_flags & %d) limit 1", + $r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (xchan_flags & %d)>0 and not (abook_flags & %d)>0 and not (abook_flags & %d)>0 limit 1", dbesc(base64url_decode(argv(2))), intval(local_user()), intval(XCHAN_FLAGS_DELETED), @@ -211,7 +211,7 @@ function group_content(&$a) { group_rmv_member(local_user(),$group['name'],$member['xchan_hash']); } - $r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND not (abook_flags & %d) and not (xchan_flags & %d) and not (abook_flags & %d) order by xchan_name asc", + $r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND not (abook_flags & %d)>0 and not (xchan_flags & %d)>0 and not (abook_flags & %d)>0 order by xchan_name asc", intval(local_user()), intval(ABOOK_FLAG_BLOCKED), intval(XCHAN_FLAGS_DELETED), diff --git a/mod/help.php b/mod/help.php index 81ecd6ba9..4823f1c07 100644 --- a/mod/help.php +++ b/mod/help.php @@ -34,8 +34,6 @@ function help_content(&$a) { $doctype = 'markdown'; - require_once('library/markdown.php'); - $text = ''; if(argc() > 1) { @@ -73,17 +71,22 @@ function help_content(&$a) { )); } - $text = preg_replace_callback("/#include (.*?)\;/ism", 'preg_callback_help_include', $text); - if($doctype === 'html') $content = $text; - if($doctype === 'markdown') + if($doctype === 'markdown') { + require_once('library/markdown.php'); + # escape #include tags + $text = preg_replace('/#include/ism', '%%include', $text); $content = Markdown($text); + $content = preg_replace('/%%include/ism', '#include', $content); + } if($doctype === 'bbcode') { require_once('include/bbcode.php'); $content = bbcode($text); } + $content = preg_replace_callback("/#include (.*?)\;/ism", 'preg_callback_help_include', $content); + return replace_macros(get_markup_template("help.tpl"), array( '$content' => $content )); @@ -93,8 +96,17 @@ function help_content(&$a) { function preg_callback_help_include($matches) { - if($matches[1]) - return str_replace($matches[0],load_doc_file($matches[1]),$matches[0]); + if($matches[1]) { + $include = str_replace($matches[0],load_doc_file($matches[1]),$matches[0]); + if(preg_match('/\.bb$/', $matches[1])) { + require_once('include/bbcode.php'); + $include = bbcode($include); + } elseif(preg_match('/\.md$/', $matches[1])) { + require_once('library/markdown.php'); + $include = Markdown($include); + } + return $include; + } } diff --git a/mod/import.php b/mod/import.php index 44dfcc38d..6cb3767a6 100644 --- a/mod/import.php +++ b/mod/import.php @@ -215,7 +215,7 @@ function import_post(&$a) { // reset the original primary hubloc if it is being seized if($seize) - $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where (hubloc_flags & %d) and hubloc_hash = '%s' and hubloc_url != '%s' ", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where (hubloc_flags & %d)>0 and hubloc_hash = '%s' and hubloc_url != '%s' ", intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY), dbesc($channel['channel_hash']), @@ -228,7 +228,7 @@ function import_post(&$a) { // replace our existing xchan if we're seizing control - $r = q("delete from xchan where xchan_hash = '%s' limit 1", + $r = q("delete from xchan where xchan_hash = '%s'", dbesc($channel['channel_hash']) ); @@ -278,7 +278,7 @@ function import_post(&$a) { $photodate = $xchan['xchan_photo_date']; $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), diff --git a/mod/item.php b/mod/item.php index ac15e50e8..94ff32750 100644 --- a/mod/item.php +++ b/mod/item.php @@ -32,8 +32,17 @@ function item_post(&$a) { require_once('include/security.php'); $uid = local_user(); - $channel = null; + $observer = null; + + $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); + require_once('include/identity.php'); + $sys = get_sys_channel(); + if($sys && $profile_uid && ($sys['channel_id'] == $profile_uid) && is_site_admin()) { + $uid = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } if(x($_REQUEST,'dropitems')) { require_once('include/items.php'); @@ -70,14 +79,13 @@ function item_post(&$a) { $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); $created = ((x($_REQUEST,'created')) ? datetime_convert('UTC','UTC',$_REQUEST['created']) : datetime_convert()); - $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''); $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : ''); $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : ''); $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); - $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : ''); + $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : ''); $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); @@ -87,8 +95,8 @@ function item_post(&$a) { /* * Check service class limits */ - if (local_user() && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) { - $ret = item_check_service_class(local_user(),x($_REQUEST,'webpage')); + if ($uid && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) { + $ret = item_check_service_class($uid,x($_REQUEST,'webpage')); if (!$ret['success']) { notice( t($ret['message']) . EOL) ; if(x($_REQUEST,'return')) @@ -112,6 +120,7 @@ function item_post(&$a) { $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0); $parent_mid = ((x($_REQUEST,'parent_mid')) ? trim($_REQUEST['parent_mid']) : ''); + $route = ''; $parent_item = null; $parent_contact = null; $thr_parent = ''; @@ -128,11 +137,11 @@ function item_post(&$a) { intval($parent) ); } - elseif($parent_mid && local_user()) { + elseif($parent_mid && $uid) { // This is coming from an API source, and we are logged in $r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_mid), - intval(local_user()) + intval($uid) ); } // if this isn't the real parent of the conversation, find it @@ -163,12 +172,12 @@ function item_post(&$a) { $thr_parent = $parent_mid; + $route = $parent_item['route']; } - - $observer = $a->get_observer(); - + if(! $observer) + $observer = $a->get_observer(); if($parent) { logger('mod_item: item_post parent=' . $parent); @@ -221,7 +230,7 @@ function item_post(&$a) { if(! $channel) { - if(local_user() && local_user() == $profile_uid) { + if($uid && $uid == $profile_uid) { $channel = $a->get_channel(); } else { @@ -257,8 +266,25 @@ function item_post(&$a) { killme(); } + $walltowall = false; + $walltowall_comment = false; + if($observer) { logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG); + + // wall-to-wall detection. + // For top-level posts, if the author and owner are different it's a wall-to-wall + // For comments, We need to additionally look at the parent and see if it's a wall post that originated locally. + + if($observer['xchan_name'] != $owner_xchan['xchan_name']) { + if($parent_item && ($parent_item['item_flags'] & (ITEM_WALL|ITEM_ORIGIN)) == (ITEM_WALL|ITEM_ORIGIN)) { + $walltowall_comment = true; + $walltowall = true; + } + if(! $parent) { + $walltowall = true; + } + } } $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true)); @@ -329,6 +355,15 @@ function item_post(&$a) { $str_group_deny = $channel['channel_deny_gid']; $str_contact_deny = $channel['channel_deny_cid']; } + elseif($walltowall) { + + // use the channel owner's default permissions + + $str_group_allow = $channel['channel_allow_gid']; + $str_contact_allow = $channel['channel_allow_cid']; + $str_group_deny = $channel['channel_deny_gid']; + $str_contact_deny = $channel['channel_deny_cid']; + } else { // use the posted permissions @@ -418,7 +453,7 @@ function item_post(&$a) { intval($profile_uid) ); if($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) { - if(local_user() && (get_account_id() == $z[0]['account_id'])) { + if($uid && (get_account_id() == $z[0]['account_id'])) { $execflag = true; } else { @@ -433,7 +468,7 @@ function item_post(&$a) { if($mimetype === 'text/bbcode') { - if(local_user() && local_user() == $profile_uid && feature_enabled(local_user(),'markdown')) { + if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) { require_once('include/bb2diaspora.php'); $body = diaspora2bb(escape_tags($body),true); } @@ -566,11 +601,18 @@ function item_post(&$a) { if($fullnametagged) continue; - $success = handle_tag($a, $body, $access_tag, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag); + $success = handle_tag($a, $body, $access_tag, $str_tags, ($uid) ? $uid : $profile_uid , $tag); logger('handle_tag: ' . print_r($success,tue), LOGGER_DATA); if(($access_tag) && (! $parent_item)) { logger('access_tag: ' . $tag . ' ' . print_r($access_tag,true), LOGGER_DATA); - if ($first_access_tag) { + if ($first_access_tag && (! get_pconfig($profile_uid,'system','no_private_mention_acl_override'))) { + + // This is a tough call, hence configurable. The issue is that one can type in a @!privacy mention + // and also have a default ACL (perhaps from viewing a collection) and could be suprised that the + // privacy mention wasn't the only recipient. So the default is to wipe out the existing ACL if a + // private mention is found. This can be over-ridden if you wish private mentions to be in + // addition to the current ACL settings. + $str_contact_allow = ''; $str_group_allow = ''; $first_access_tag = false; @@ -720,6 +762,7 @@ function item_post(&$a) { $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); $datarray['term'] = $post_tags; $datarray['plink'] = $plink; + $datarray['route'] = $route; // preview mode - prepare the body for display and send it via json @@ -761,7 +804,7 @@ function item_post(&$a) { $datarray['body'] = z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']); - if(local_user()) { + if($uid) { if($channel['channel_hash'] === $datarray['author_xchan']) { $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey'])); $datarray['item_flags'] = $datarray['item_flags'] | ITEM_VERIFIED; @@ -844,7 +887,7 @@ function item_post(&$a) { // They will show up as people comment on them. if($parent_item['item_restrict'] & ITEM_HIDDEN) { - $r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d LIMIT 1", + $r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d", intval($parent_item['item_restrict'] - ITEM_HIDDEN), intval($parent_item['id']) ); @@ -859,10 +902,9 @@ function item_post(&$a) { if($parent) { // Store the comment signature information in case we need to relay to Diaspora -//FIXME $ditem = $datarray; $ditem['author'] = $observer; - store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id); + store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id, (($walltowall_comment) ? 1 : 0)); } update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid); @@ -1137,6 +1179,8 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { // $r is set if we found something + $channel = get_app()->get_channel(); + if($r) { $profile = $r[0]['xchan_url']; $newname = $r[0]['xchan_name']; @@ -1156,9 +1200,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { if(local_user() && local_user() == $profile_uid) { require_once('include/group.php'); $grp = group_byname($profile_uid,$name); + if($grp) { $g = q("select hash from groups where id = %d and visible = 1 limit 1", - intval($grp[0]['id']) + intval($grp) ); if($g && $exclusive) { $access_tag .= 'gid:' . $g[0]['hash']; @@ -1172,6 +1217,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { } } + if(($exclusive) && (! $access_tag)) { + $access_tag .= 'cid:' . $channel['channel_hash']; + } + // if there is an url for this channel if(isset($profile)) { @@ -1252,7 +1301,7 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, $private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false); $r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d - WHERE id = %d AND uid = %d limit 1", + WHERE id = %d AND uid = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), @@ -1302,7 +1351,7 @@ function item_check_service_class($channel_id,$iswebpage) { if ($iswebpage) { $r = q("select count(i.id) as total from item i right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) - and i.parent=i.id and (i.item_restrict & %d) and not (i.item_restrict & %d) and i.uid= %d ", + and i.parent=i.id and (i.item_restrict & %d)>0 and not (i.item_restrict & %d)>0 and i.uid= %d ", intval(ITEM_WEBPAGE), intval(ITEM_DELETED), intval($channel_id) diff --git a/mod/layouts.php b/mod/layouts.php index 2d14212cf..aaf5db0ef 100644 --- a/mod/layouts.php +++ b/mod/layouts.php @@ -1,36 +1,82 @@ <?php -function layouts_content(&$a) { +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + +function layouts_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } if(argc() > 1) $which = argv(1); - else { + else + return; + + profile_load($a,$which); + +} + + +function layouts_content(&$a) { + + if(! $a->profile) { notice( t('Requested profile is not available.') . EOL ); $a->error = 404; return; } - profile_load($a,$which,0); + $which = argv(1); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); - // Figure out who the page owner is. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; } // Block design features from visitors - if((! local_user()) || (local_user() != $owner)) { + if((! $uid) || ($uid != $owner)) { notice( t('Permission denied.') . EOL); return; } // Get the observer, check their permissions - $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); $perms = get_all_perms($owner,$ob_hash); @@ -41,7 +87,9 @@ function layouts_content(&$a) { } if((argc() > 3) && (argv(2) === 'share') && (argv(3))) { - $r = q("select sid, service, mimetype, title, body from item_id left join item on item.id = item_id.iid where item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", + $r = q("select sid, service, mimetype, title, body from item_id + left join item on item.id = item_id.iid + where item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", intval($owner), dbesc(argv(3)) ); @@ -63,7 +111,6 @@ function layouts_content(&$a) { 'id' => 'layout-help-tab', )); - $o .= replace_macros(get_markup_template('common_tabs.tpl'),array('$tabs' => $tabs)); @@ -71,18 +118,16 @@ function layouts_content(&$a) { // Nickname is set to the observers xchan, and profile_uid to the owners. // This lets you post pages at other people's channels. - require_once ('include/conversation.php'); - $x = array( - 'webpage' => ITEM_PDL, - 'is_owner' => true, - 'nickname' => $a->profile['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'bang' => (($group || $cid) ? '!' : ''), - 'showacl' => false, - 'visitor' => false, - 'nopreview' => 1, - 'ptlabel' => t('Layout Name'), + 'webpage' => ITEM_PDL, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'showacl' => false, + 'visitor' => false, + 'nopreview' => 1, + 'ptlabel' => t('Layout Name'), 'profile_uid' => intval($owner), ); @@ -96,10 +141,8 @@ function layouts_content(&$a) { $o .= status_editor($a,$x); - // Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. - // TODO - this should be replaced with pagelist_widget - - $r = q("select iid, sid, mid from item_id left join item on item.id = item_id.iid where item_id.uid = %d and service = 'PDL' order by sid asc", + $r = q("select iid, sid, mid from item_id left join item on item.id = item_id.iid + where item_id.uid = %d and service = 'PDL' order by sid asc", intval($owner) ); @@ -108,24 +151,28 @@ function layouts_content(&$a) { if($r) { $pages = array(); foreach($r as $rr) { - $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid'], 'mid' => $rr['mid']); + $pages[$rr['iid']][] = array( + 'url' => $rr['iid'], + 'title' => $rr['sid'], + 'mid' => $rr['mid'] + ); } } - //Build the base URL for edit links - $url = z_root() . "/editlayout/" . $which; + $url = z_root() . '/editlayout/' . $which; - return $o . replace_macros(get_markup_template("layoutlist.tpl"), array( + $o .= replace_macros(get_markup_template('layoutlist.tpl'), array( '$baseurl' => $url, - '$edit' => t('Edit'), - '$share' => t('Share'), - '$pages' => $pages, + '$edit' => t('Edit'), + '$share' => t('Share'), + '$pages' => $pages, '$channel' => $which, - '$view' => t('View'), + '$view' => t('View'), '$preview' => '1', )); + return $o; } diff --git a/mod/like.php b/mod/like.php index 916faf230..b56611197 100755 --- a/mod/like.php +++ b/mod/like.php @@ -209,13 +209,17 @@ function like_content(&$a) { } else { + // this is used to like an item or comment + $item_id = ((argc() == 2) ? notags(trim(argv(1))) : 0); logger('like: verb ' . $verb . ' item ' . $item_id, LOGGER_DEBUG); + // get the item. Allow linked photos (which are normally hidden) to be liked - $r = q("SELECT * FROM item WHERE id = %d and item_restrict = 0 LIMIT 1", - dbesc($item_id) + $r = q("SELECT * FROM item WHERE id = %d and (item_restrict = 0 or item_restrict = %d) LIMIT 1", + intval($item_id), + intval(ITEM_HIDDEN) ); if(! $item_id || (! $r)) { @@ -272,7 +276,7 @@ function like_content(&$a) { // Already liked/disliked it, delete it - $r = q("UPDATE item SET item_restrict = ( item_restrict ^ %d ), changed = '%s' WHERE id = %d LIMIT 1", + $r = q("UPDATE item SET item_restrict = ( item_restrict & ~%d ), changed = '%s' WHERE id = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), intval($like_item['id']) @@ -325,6 +329,15 @@ function like_content(&$a) { if($item['item_flags'] & ITEM_WALL) $item_flags |= ITEM_WALL; + // if this was a linked photo and was hidden, unhide it. + + if($item['item_restrict'] & ITEM_HIDDEN) { + $r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d", + intval(ITEM_HIDDEN), + intval($item['id']) + ); + } + } if($verb === 'like') diff --git a/mod/locs.php b/mod/locs.php index 95aa7a579..b1169fcca 100644 --- a/mod/locs.php +++ b/mod/locs.php @@ -1,34 +1,6 @@ <?php /** @file */ -/** - Placeholder file at present. This is going to involve a bit of work. - - This file will deal with the deletion of channels and management of hublocs. - - We need to provide the following functionality: - - - Delete my account and all channels from the entire network - - - Delete my account and all channels from this server - - - Delete a channel from the entire network - - - Delete a channel from this server - - - List all hub locations for this channel - - - Remove this/some hub location from this channel - - - promote this/some hub location to primary - - - Remove hub location 'xyz' from this channel, (this should possibly only be allowed if that hub has been down for a period of time) - - - Some of these actions should probably require email verification - -*/ - - function locs_post(&$a) { if(! local_user()) @@ -47,12 +19,12 @@ function locs_post(&$a) { notice( t('Location not found.') . EOL); return; } - $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where (hubloc_flags & %d) and hubloc_hash = '%s' ", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where (hubloc_flags & %d)>0 and hubloc_hash = '%s' ", intval(HUBLOC_FLAGS_PRIMARY), intval(HUBLOC_FLAGS_PRIMARY), dbesc($channel['channel_hash']) ); - $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s' limit 1", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s'", intval(HUBLOC_FLAGS_PRIMARY), intval($hubloc_id), dbesc($channel['channel_hash']) @@ -78,7 +50,7 @@ function locs_post(&$a) { notice( t('Primary location cannot be removed.') . EOL); return; } - $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s' limit 1", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & %d) where hubloc_id = %d and hubloc_hash = '%s'", intval(HUBLOC_FLAGS_DELETED), intval($hubloc_id), dbesc($channel['channel_hash']) @@ -87,4 +59,46 @@ function locs_post(&$a) { return; } } +} + + + +function locs_content(&$a) { + + + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return; + } + + $channel = $a->get_channel(); + + $r = q("select * from hubloc where hubloc_hash = '%s'", + dbesc($channel['channel_hash']) + ); + + if(! $r) { + notice( t('No locations found.') . EOL); + return; + } + + + for($x = 0; $x < count($r); $x ++) { + $r[$x]['primary'] = (($r[$x]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) ? true : false); + $r[$x]['deleted'] = (($r[$x]['hubloc_flags'] & HUBLOC_FLAGS_DELETED) ? true : false); + } + + + + $o = replace_macros(get_markup_template('locmanage.tpl'), array( + '$header' => t('Manage Channel Locations'), + '$loc' => t('Location (address)'), + '$mkprm' => t('Primary Location'), + '$drop' => t('Drop location'), + '$submit' => t('Submit'), + '$hubs' => $r + )); + + return $o; }
\ No newline at end of file diff --git a/mod/lostpass.php b/mod/lostpass.php index dd7c7a7d5..3269128f1 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -21,7 +21,7 @@ function lostpass_post(&$a) { $hash = random_string(); - $r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d LIMIT 1", + $r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d", dbesc($hash), intval($aid) ); @@ -73,7 +73,7 @@ function lostpass_content(&$a) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $new_password); - $r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d limit 1", + $r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d", dbesc($salt), dbesc($password_encoded), intval($aid) diff --git a/mod/mail.php b/mod/mail.php index f4897149a..dacb181c5 100644 --- a/mod/mail.php +++ b/mod/mail.php @@ -141,7 +141,7 @@ function mail_content(&$a) { if(! intval(argv(2))) return; $cmd = argv(1); - $r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d limit 1", + $r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d", intval(MAIL_RECALLED), intval(argv(2)), intval(local_user()) diff --git a/mod/manage.php b/mod/manage.php index 1920967e6..00c6db7f0 100644 --- a/mod/manage.php +++ b/mod/manage.php @@ -17,7 +17,7 @@ function manage_content(&$a) { intval(get_account_id()) ); if($r) { - q("update account set account_default_channel = %d where account_id = %d limit 1", + q("update account set account_default_channel = %d where account_id = %d", intval($change_channel), intval(get_account_id()) ); @@ -36,7 +36,7 @@ function manage_content(&$a) { $channels = null; if(local_user()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED) ); @@ -55,7 +55,7 @@ function manage_content(&$a) { $c = q("SELECT id, item_restrict, item_flags FROM item - WHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", + WHERE (item_restrict = %d) and ( item_flags & %d )>0 and uid = %d", intval(ITEM_VISIBLE), intval(ITEM_UNSEEN), intval($channels[$x]['channel_id']) @@ -71,7 +71,7 @@ function manage_content(&$a) { } - $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", + $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)", intval($channels[$x]['channel_id']), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), @@ -82,7 +82,7 @@ function manage_content(&$a) { $channels[$x]['intros'] = intval($intr[0]['total']); - $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", + $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d)>0 and from_xchan != '%s' ", intval($channels[$x]['channel_id']), intval(MAIL_SEEN), dbesc($channels[$x]['channel_hash']) @@ -127,7 +127,7 @@ function manage_content(&$a) { } } - $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )", + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0", intval(get_account_id()), intval(PAGE_REMOVED) ); diff --git a/mod/menu.php b/mod/menu.php index a2d0c2385..92923e1ff 100644 --- a/mod/menu.php +++ b/mod/menu.php @@ -1,13 +1,23 @@ <?php require_once('include/menu.php'); +require_once('include/identity.php'); function menu_post(&$a) { - if(! local_user()) + $uid = local_user(); + + if(array_key_exists('sys',$_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $a->is_sys = true; + } + + if(! $uid) return; - $_REQUEST['menu_channel_id'] = local_user(); + $_REQUEST['menu_channel_id'] = $uid; + if($_REQUEST['menu_bookmark']) $_REQUEST['menu_flags'] |= MENU_BOOKMARK; if($_REQUEST['menu_system']) @@ -19,7 +29,7 @@ function menu_post(&$a) { $r = menu_edit($_REQUEST); if($r) { info( t('Menu updated.') . EOL); - goaway(z_root() . '/mitem/' . $menu_id); + goaway(z_root() . '/mitem/' . $menu_id . (($a->is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to update menu.'). EOL); @@ -28,7 +38,7 @@ function menu_post(&$a) { $r = menu_create($_REQUEST); if($r) { info( t('Menu created.') . EOL); - goaway(z_root() . '/mitem/' . $r); + goaway(z_root() . '/mitem/' . $r . (($a->is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to create menu.'). EOL); @@ -40,36 +50,42 @@ function menu_post(&$a) { function menu_content(&$a) { - if(! local_user()) { + $uid = local_user(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + } + + if(! $uid) { notice( t('Permission denied.') . EOL); return ''; } -// $a->set_widget('design',design_tools()); - - if(argc() == 1) { // list menus - $x = menu_list(local_user()); - - $o = replace_macros(get_markup_template('menulist.tpl'),array( - '$title' => t('Manage Menus'), - '$menus' => $x, - '$edit' => t('Edit'), - '$drop' => t('Drop'), - '$new' => t('New'), - '$hintnew' => t('Create a new menu'), - '$hintdrop' => t('Delete this menu'), - '$hintcontent' => t('Edit menu contents'), - '$hintedit' => t('Edit this menu') - )); - - return $o; - - + $x = menu_list($uid); + if($x) { + for($y = 0; $y < count($x); $y ++) { + $x[$y]['bookmark'] = (($x[$y]['menu_flags'] & MENU_BOOKMARK) ? true : false); + } + } + $o = replace_macros(get_markup_template('menulist.tpl'),array( + '$title' => t('Manage Menus'), + '$menus' => $x, + '$edit' => t('Edit'), + '$drop' => t('Drop'), + '$new' => t('New'), + '$bmark' => t('Bookmarks allowed'), + '$hintnew' => t('Create a new menu'), + '$hintdrop' => t('Delete this menu'), + '$hintcontent' => t('Edit menu contents'), + '$hintedit' => t('Edit this menu') + )); + return $o; } @@ -87,19 +103,19 @@ function menu_content(&$a) { } elseif(intval(argv(1))) { - $m = menu_fetch_id(intval(argv(1)),local_user()); + $m = menu_fetch_id(intval(argv(1)),$uid); if(! $m) { notice( t('Menu not found.') . EOL); return ''; } if(argc() == 3 && argv(2) == 'drop') { - $r = menu_delete_id(intval(argv(1)),local_user()); + $r = menu_delete_id(intval(argv(1)),$uid); if($r) info( t('Menu deleted.') . EOL); else notice( t('Menu could not be deleted.'). EOL); - goaway(z_root() . '/menu'); + goaway(z_root() . '/menu' . (($a->is_sys) ? '?f=&sys=1' : '')); } else { $o = replace_macros(get_markup_template('menuedit.tpl'), array( diff --git a/mod/mitem.php b/mod/mitem.php index 3240bb68b..7098d7489 100644 --- a/mod/mitem.php +++ b/mod/mitem.php @@ -4,12 +4,22 @@ require_once('include/menu.php'); require_once('include/acl_selectors.php'); function mitem_init(&$a) { - if(! local_user()) + + $uid = local_user(); + + if(array_key_exists('sys',$_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $a->is_sys = true; + } + + if(! $uid) return; + if(argc() < 2) return; - $m = menu_fetch_id(intval(argv(1)),local_user()); + $m = menu_fetch_id(intval(argv(1)),$uid); if(! $m) { notice( t('Menu not found.') . EOL); return ''; @@ -20,8 +30,18 @@ function mitem_init(&$a) { function mitem_post(&$a) { - if(! local_user()) + $uid = local_user(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + } + + if(! $uid) { return; + } + + if(! $a->data['menu']) return; @@ -29,7 +49,7 @@ function mitem_post(&$a) { $channel = $a->get_channel(); - $_REQUEST['mitem_channel_id'] = local_user(); + $_REQUEST['mitem_channel_id'] = $uid; $_REQUEST['menu_id'] = $a->data['menu']['menu_id']; $_REQUEST['mitem_flags'] = 0; @@ -42,20 +62,20 @@ function mitem_post(&$a) { $mitem_id = ((argc() > 2) ? intval(argv(2)) : 0); if($mitem_id) { $_REQUEST['mitem_id'] = $mitem_id; - $r = menu_edit_item($_REQUEST['menu_id'],local_user(),$_REQUEST); + $r = menu_edit_item($_REQUEST['menu_id'],$uid,$_REQUEST); if($r) { info( t('Menu element updated.') . EOL); - goaway(z_root() . '/mitem/' . $_REQUEST['menu_id']); + goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . (($a->is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to update menu element.') . EOL); } else { - $r = menu_add_item($_REQUEST['menu_id'],local_user(),$_REQUEST); + $r = menu_add_item($_REQUEST['menu_id'],$uid,$_REQUEST); if($r) { info( t('Menu element added.') . EOL); - goaway(z_root() . '/mitem/' . $_REQUEST['menu_id']); + goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . (($a->is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to add menu element.') . EOL); @@ -69,7 +89,20 @@ function mitem_post(&$a) { function mitem_content(&$a) { - if(! local_user()) { + $uid = local_user(); + $channel = $a->get_channel(); + $observer = $a->get_observer(); + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $channel = $sys; + $ob_hash = $sys['xchan_hash']; + } + + if(! $uid) { notice( t('Permission denied.') . EOL); return ''; } @@ -79,67 +112,61 @@ function mitem_content(&$a) { return ''; } - $channel = $a->get_channel(); - - $m = menu_fetch($a->data['menu']['menu_name'],local_user(), get_observer_hash()); + $m = menu_fetch($a->data['menu']['menu_name'],$uid,$ob_hash); $a->data['menu_item'] = $m; if(argc() == 2) { $r = q("select * from menu_item where mitem_menu_id = %d and mitem_channel_id = %d order by mitem_order asc, mitem_desc asc", intval($a->data['menu']['menu_id']), - local_user() + intval($uid) ); $o .= replace_macros(get_markup_template('mitemlist.tpl'),array( - '$title' => t('Manage Menu Elements'), + '$title' => t('Manage Menu Elements'), '$menuname' => $a->data['menu']['menu_name'], '$menudesc' => $a->data['menu']['menu_desc'], - '$edmenu' => t('Edit menu'), - '$menu_id' => $a->data['menu']['menu_id'], - '$mlist' => $r, - '$edit' => t('Edit element'), - '$drop' => t('Drop element'), - '$new' => t('New element'), + '$edmenu' => t('Edit menu'), + '$menu_id' => $a->data['menu']['menu_id'], + '$mlist' => $r, + '$edit' => t('Edit element'), + '$drop' => t('Drop element'), + '$new' => t('New element'), '$hintmenu' => t('Edit this menu container'), - '$hintnew' => t('Add menu element'), + '$hintnew' => t('Add menu element'), '$hintdrop' => t('Delete this menu item'), '$hintedit' => t('Edit this menu item') - )); - - + )); + return $o; - } if(argc() > 2) { - - if(argv(2) === 'new') { $perm_defaults = array( 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] ); $o = replace_macros(get_markup_template('mitemedit.tpl'), array( - '$header' => t('New Menu Element'), - '$menu_id' => $a->data['menu']['menu_id'], + '$header' => t('New Menu Element'), + '$menu_id' => $a->data['menu']['menu_id'], '$permissions' => t('Menu Item Permissions'), - '$permdesc' => t("\x28click to open/close\x29"), - '$aclselect' => populate_acl($perm_defaults,false), - '$mitem_desc' => array('mitem_desc', t('Link text'), '', '','*'), - '$mitem_link' => array('mitem_link', t('URL of link'), '', '', '*'), - '$usezid' => array('usezid', t('Use Red magic-auth if available'), true, ''), - '$newwin' => array('newwin', t('Open link in new window'), false,''), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($perm_defaults,false), + '$mitem_desc' => array('mitem_desc', t('Link text'), '', '','*'), + '$mitem_link' => array('mitem_link', t('URL of link'), '', '', '*'), + '$usezid' => array('usezid', t('Use RedMatrix magic-auth if available'), true, ''), + '$newwin' => array('newwin', t('Open link in new window'), false,''), // permissions go here '$mitem_order' => array('mitem_order', t('Order in list'),'0',t('Higher numbers will sink to bottom of listing')), - '$submit' => t('Create') + '$submit' => t('Create') )); return $o; } @@ -148,23 +175,23 @@ function mitem_content(&$a) { elseif(intval(argv(2))) { $m = q("select * from menu_item where mitem_id = %d and mitem_channel_id = %d limit 1", intval(argv(2)), - intval(local_user()) + intval($uid) ); if(! $m) { notice( t('Menu item not found.') . EOL); - goaway(z_root() . '/menu'); + goaway(z_root() . '/menu'. (($a->is_sys) ? '?f=&sys=1' : '')); } $mitem = $m[0]; if(argc() == 4 && argv(3) == 'drop') { - $r = menu_del_item($mitem['mitem_menu_id'], local_user(),intval(argv(2))); + $r = menu_del_item($mitem['mitem_menu_id'], $uid, intval(argv(2))); if($r) info( t('Menu item deleted.') . EOL); else notice( t('Menu item could not be deleted.'). EOL); - goaway(z_root() . '/mitem/' . $mitem['mitem_menu_id']); + goaway(z_root() . '/mitem/' . $mitem['mitem_menu_id'] . (($a->is_sys) ? '?f=&sys=1' : '')); } else { @@ -179,7 +206,7 @@ function mitem_content(&$a) { '$mitem_id' => intval(argv(2)), '$mitem_desc' => array('mitem_desc', t('Link text'), $mitem['mitem_desc'], '','*'), '$mitem_link' => array('mitem_link', t('URL of link'), $mitem['mitem_link'], '', '*'), - '$usezid' => array('usezid', t('Use Red magic-auth if available'), (($mitem['mitem_flags'] & MENU_ITEM_ZID) ? 1 : 0), ''), + '$usezid' => array('usezid', t('Use RedMatrix magic-auth if available'), (($mitem['mitem_flags'] & MENU_ITEM_ZID) ? 1 : 0), ''), '$newwin' => array('newwin', t('Open link in new window'), (($mitem['mitem_flags'] & MENU_ITEM_NEWWIN) ? 1 : 0),''), // permissions go here '$mitem_order' => array('mitem_order', t('Order in list'),$mitem['mitem_order'],t('Higher numbers will sink to bottom of listing')), @@ -188,10 +215,5 @@ function mitem_content(&$a) { return $o; } } - } - - - - } diff --git a/mod/network.php b/mod/network.php index 0bad366d4..da020c389 100644 --- a/mod/network.php +++ b/mod/network.php @@ -150,12 +150,12 @@ function network_content(&$a, $update = 0, $load = false) { $sql_options = (($star) - ? " and (item_flags & " . intval(ITEM_STARRED) . ")" + ? " and (item_flags & " . intval(ITEM_STARRED) . ")>0" : ''); $sql_nets = ''; - $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; + $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 $sql_options ) "; if($group) { $contact_str = ''; @@ -184,7 +184,7 @@ function network_content(&$a, $update = 0, $load = false) { elseif($cid) { - $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1", + $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1", intval($cid), intval(local_user()) ); @@ -264,7 +264,7 @@ function network_content(&$a, $update = 0, $load = false) { } if($conv) { - $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d ))) ", + $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ", dbesc(protect_sprintf($channel['channel_hash'])), intval(ITEM_MENTIONSME) ); @@ -279,7 +279,7 @@ function network_content(&$a, $update = 0, $load = false) { else { $itemspage = get_pconfig(local_user(),'system','itemspage'); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); - $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); } @@ -314,7 +314,7 @@ function network_content(&$a, $update = 0, $load = false) { $uids = " and item.uid = " . local_user() . " "; } - $simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''); + $simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " )>0 " : ''); // This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day // or three and look at your matrix page - after opening up your browser. The first page loads just as it @@ -336,7 +336,7 @@ function network_content(&$a, $update = 0, $load = false) { if($nouveau && $load) { // "New Item View" - show all items unthreaded in reverse created date order - $items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item` + $items = q("SELECT `item`.*, `item`.`id` AS `item_id`, received FROM `item` WHERE true $uids AND item_restrict = 0 $simple_update $sql_extra $sql_nets @@ -364,13 +364,13 @@ function network_content(&$a, $update = 0, $load = false) { // Fetch a page full of parent items for this page - $r = q("SELECT distinct item.id AS item_id FROM item + $r = q("SELECT distinct item.id AS item_id, $ordering FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE true $uids AND item.item_restrict = 0 AND item.parent = item.id and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) $sql_extra3 $sql_extra $sql_nets - ORDER BY item.$ordering DESC $pager_sql ", + ORDER BY $ordering DESC $pager_sql ", intval(ABOOK_FLAG_BLOCKED) ); @@ -417,8 +417,8 @@ function network_content(&$a, $update = 0, $load = false) { } if(($update_unseen) && (! $firehose)) - $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d) - WHERE (item_flags & %d) AND `uid` = %d $update_unseen ", + $r = q("UPDATE `item` SET item_flags = ( item_flags & ~%d) + WHERE (item_flags & %d)>0 AND `uid` = %d $update_unseen ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(local_user()) diff --git a/mod/notifications.php b/mod/notifications.php index 09f89e88a..5507ee7e2 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -33,7 +33,7 @@ function notifications_post(&$a) { $fid = $r[0]['fid']; if($_POST['submit'] == t('Discard')) { - $r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", + $r = q("DELETE FROM `intro` WHERE `id` = %d", intval($intro_id) ); if(! $fid) { @@ -41,7 +41,7 @@ function notifications_post(&$a) { // The check for blocked and pending is in case the friendship was already approved // and we just want to get rid of the now pointless notification - $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1 LIMIT 1", + $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1", intval($contact_id), intval(local_user()) ); @@ -49,7 +49,7 @@ function notifications_post(&$a) { goaway($a->get_baseurl(true) . '/notifications/intros'); } if($_POST['submit'] == t('Ignore')) { - $r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1", + $r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d", intval($intro_id)); goaway($a->get_baseurl(true) . '/notifications/intros'); } diff --git a/mod/openid.php b/mod/openid.php index ce7fe22ba..9752db440 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -159,7 +159,7 @@ function openid_content(&$a) { $photos = import_profile_photo($pphoto,$url); if($photos) { $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', - xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", + xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), @@ -11,7 +11,7 @@ function p_init(&$a) { $mid = str_replace('.xml','',argv(1)); - $r = q("select * from item where mid = '%s' and (item_flags & %d) and item_private = 0 limit 1", + $r = q("select * from item where mid = '%s' and (item_flags & %d)>0 and item_private = 0 limit 1", dbesc($mid), intval(ITEM_WALL) ); diff --git a/mod/page.php b/mod/page.php index b3f53a227..e8f17ebda 100644 --- a/mod/page.php +++ b/mod/page.php @@ -14,13 +14,11 @@ function page_init(&$a) { if($a->profile['profile_uid']) head_set_icon($a->profile['thumb']); -} - + // load the item here in the init function because we need to extract + // the page layout and initialise the correct theme. -function page_content(&$a) { - $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); @@ -97,11 +95,27 @@ function page_content(&$a) { } } + $a->data['webpage'] = $r; + + + +} + + + + +function page_content(&$a) { + + $r = $a->data['webpage']; + if(! $r) + return; // logger('layout: ' . print_r($a->layout,true)); // Use of widgets should be determined by Comanche, but we don't have it on system pages yet, so... + // I recommend we now get rid of this bit - it's quite a hack to work around... - mike + if ($perms['write_pages']) { $chan = $a->channel['channel_id']; $who = $channel_address; diff --git a/mod/photo.php b/mod/photo.php index 0329fe0a8..8cb82e8ff 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -66,7 +66,7 @@ function photo_init(&$a) { intval($uid) ); if(count($r)) { - $data = $r[0]['data']; + $data = dbunescbin($r[0]['data']); $mimetype = $r[0]['type']; } if(! isset($data)) { @@ -140,7 +140,7 @@ function photo_init(&$a) { ); if($r && $allowed) { - $data = $r[0]['data']; + $data = dbunescbin($r[0]['data']); $mimetype = $r[0]['type']; } else { diff --git a/mod/photos.php b/mod/photos.php index 2b859b7f1..95fa162c9 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -196,7 +196,7 @@ function photos_post(&$a) { } } - goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); } if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) { @@ -206,6 +206,7 @@ function photos_post(&$a) { $rawtags = ((x($_POST,'newtag')) ? notags(trim($_POST['newtag'])) : ''); $item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0); $albname = ((x($_POST,'albname')) ? notags(trim($_POST['albname'])) : ''); + $adult = ((x($_POST,'adult')) ? intval($_POST['adult']) : 0); $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); @@ -226,7 +227,7 @@ function photos_post(&$a) { intval($page_owner_uid) ); if(count($r)) { - $ph = photo_factory($r[0]['data'], $r[0]['type']); + $ph = photo_factory(dbunescbin($r[0]['data']), $r[0]['type']); if($ph->is_valid()) { $rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 ); $ph->rotate($rotate_deg); @@ -234,8 +235,8 @@ function photos_post(&$a) { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", - dbesc($ph->imageString()), + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", + dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), @@ -247,8 +248,8 @@ function photos_post(&$a) { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1 limit 1", - dbesc($ph->imageString()), + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", + dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), @@ -261,8 +262,8 @@ function photos_post(&$a) { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2 limit 1", - dbesc($ph->imageString()), + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", + dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), @@ -273,13 +274,11 @@ function photos_post(&$a) { } } - $p = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `uid` = %d and ( photo_flags = %d or photo_flags = %d ) ORDER BY `scale` DESC", + $p = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", dbesc($resource_id), - intval($page_owner_uid), - intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE) + intval($page_owner_uid) ); - if(count($p)) { + if($p) { $ext = $phototypes[$p[0]['type']]; $r = q("UPDATE `photo` SET `description` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", @@ -296,6 +295,14 @@ function photos_post(&$a) { $item_private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false); + $old_adult = (($p[0]['photo_flags'] & PHOTO_ADULT) ? 1 : 0); + if($old_adult != $adult) { + $r = q("update photo set photo_flags = ( photo_flags ^ %d) where resource_id = '%s' and uid = %d", + intval(PHOTO_ADULT), + dbesc($resource_id), + intval($page_owner_uid) + ); + } /* Don't make the item visible if the only change was the album name */ @@ -313,15 +320,17 @@ function photos_post(&$a) { intval($item_id), intval($page_owner_uid) ); - } - if($r) { - $old_tag = $r[0]['tag']; - $old_inform = $r[0]['inform']; + + if($r) { + $old_tag = $r[0]['tag']; + $old_inform = $r[0]['inform']; + } } + // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d - where id = %d limit 1", + where id = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), @@ -380,6 +389,7 @@ function photos_post(&$a) { if($success['replaced']) { $tagged[] = $tag; + $post_tags[] = array( 'uid' => $a->profile['profile_uid'], 'type' => $success['termtype'], @@ -397,8 +407,14 @@ function photos_post(&$a) { ); if($r) { + $r = fetch_post_tags($r,true); $datarray = $r[0]; - $datarray['term'] = $post_tags; + if($post_tags) { + if((! array_key_exists('term',$datarray)) || (! is_array($datarray['term']))) + $datarray['term'] = $post_tags; + else + $datarray['term'] = array_merge($datarray['term'],$post_tags); + } item_store_update($datarray,$execflag); } @@ -420,8 +436,11 @@ function photos_post(&$a) { if(! $r['success']) { notice($r['message'] . EOL); } - - goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + if($_REQUEST['newalbum']) + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum'])); + else + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC',date_default_timezone_get(),'now', 'Y'))); } @@ -431,20 +450,17 @@ function photos_content(&$a) { // URLs: // photos/name - // photos/name/upload - // photos/name/upload/xxxxx (xxxxx is album name) - // photos/name/album/xxxxx - // photos/name/album/xxxxx/edit + // photos/name/album/xxxxx (xxxxx is album name) // photos/name/image/xxxxx - // photos/name/image/xxxxx/edit if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { notice( t('Public access denied.') . EOL); return; } - - + + $unsafe = ((array_key_exists('unsafe',$_REQUEST) && $_REQUEST['unsafe']) ? 1 : 0); + require_once('include/bbcode.php'); require_once('include/security.php'); require_once('include/conversation.php'); @@ -468,11 +484,9 @@ function photos_content(&$a) { if(argc() > 3) { $datatype = argv(2); $datum = argv(3); - } - elseif((argc() > 2) && (argv(2) === 'upload')) - $datatype = 'upload'; - else + } else { $datatype = 'summary'; + } if(argc() > 4) $cmd = argv(4); @@ -495,7 +509,6 @@ function photos_content(&$a) { $can_post = perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_photos'); $can_view = perm_is_allowed($owner_uid,$observer['xchan_hash'],'view_photos'); - if(! $can_view) { notice( t('Access to this item is restricted.') . EOL); return; @@ -513,42 +526,11 @@ function photos_content(&$a) { $_is_owner = (local_user() && (local_user() == $owner_uid)); $o .= profile_tabs($a,$_is_owner, $a->data['channel']['channel_address']); - // - // dispatch request - // - /** * Display upload form */ - if($datatype === 'upload') { - if(! ($can_post)) { - notice( t('Permission denied.')); - return; - } - - - - if(array_key_exists('albums', $a->data)) - $albums = get_app()->data['albums']; - else - $albums = photos_albums_list($a->data['channel'],$a->data['observer']); - - - $selname = (($datum) ? hex2bin($datum) : ''); - $albumselect = '<select id="photos-upload-album-select" name="album" size="4">'; - - $albumselect .= '<option value="" ' . ((! $selname) ? ' selected="selected" ' : '') . '> </option>'; - if(count($albums['albums'])) { - foreach($albums['albums'] as $album) { - if(! $album['text']) - continue; - $selected = (($selname === $album['text']) ? ' selected="selected" ' : ''); - $albumselect .= '<option value="' . $album['text'] . '"' . $selected . '>' . $album['text'] . '</option>'; - } - } - - $albumselect .= '</select>'; + if( $can_post) { $uploader = ''; @@ -556,12 +538,8 @@ function photos_content(&$a) { 'addon_text' => $uploader, 'default_upload' => true); - call_hooks('photo_upload_form',$ret); - $default_upload = '<input id="photos-upload-choose" type="file" name="userfile" /> <div class="photos-upload-submit-wrapper" > - <input type="submit" name="submit" value="' . t('Submit') . '" id="photos-upload-submit" /> </div>'; - /* Show space usage */ $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", @@ -571,10 +549,10 @@ function photos_content(&$a) { $limit = service_class_fetch($a->data['channel']['channel_id'],'photo_upload_limit'); if($limit !== false) { - $usage_message = sprintf( t("You have used %1$.2f Mbytes of %2$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000 ); + $usage_message = sprintf( t("%1$.2f MB of %2$.2f MB photo storage used."), $r[0]['total'] / 1024000, $limit / 1024000 ); } else { - $usage_message = sprintf( t('You have used %1$.2f Mbytes of photo storage.'), $r[0]['total'] / 1024000 ); + $usage_message = sprintf( t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000 ); } if($_is_owner) { @@ -586,38 +564,51 @@ function photos_content(&$a) { 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid'] ); - } - $albumselect_e = $albumselect; + $lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'); + } + $aclselect_e = (($_is_owner) ? populate_acl($channel_acl,false) : ''); + $selname = (($datum) ? hex2bin($datum) : ''); + + $albums = ((array_key_exists('albums', $a->data)) ? $a->data['albums'] : photos_albums_list($a->data['channel'],$a->data['observer'])); + $tpl = get_markup_template('photos_upload.tpl'); - $o .= replace_macros($tpl,array( + $upload_form = replace_macros($tpl,array( '$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['channel']['channel_address'], - '$newalbum' => t('New album name: '), - '$existalbumtext' => t('or existing album name: '), + '$newalbum_label' => t('Enter a new album name'), + '$newalbum_placeholder' => t('or select an existing one (doubleclick)'), '$nosharetext' => t('Do not show a status post for this upload'), - '$albumselect' => $albumselect_e, + '$albums' => $albums['albums'], + '$selname' => $selname, '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, + '$lockstate' => $lockstate, '$uploader' => $ret['addon_text'], - '$default' => (($ret['default_upload']) ? $default_upload : ''), - '$uploadurl' => $ret['post_url'] + '$default' => (($ret['default_upload']) ? true : false), + '$uploadurl' => $ret['post_url'], + '$submit' => t('Submit') )); - return $o; } + // + // dispatch request + // + /* * Display a single photo album */ if($datatype === 'album') { + + if((strlen($datum) & 1) || (! ctype_xdigit($datum))) { notice( t('Album name could not be decoded') . EOL); logger('mod_photos: illegal album encoding: ' . $datum); @@ -627,15 +618,17 @@ function photos_content(&$a) { $album = hex2bin($datum); $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' - AND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY `resource_id`", + AND `scale` <= 4 and ((photo_flags = %d) or (photo_flags & %d )) $sql_extra GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE) + intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE) ); if(count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(60); + } else { + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']); } if($_GET['order'] === 'posted') @@ -643,43 +636,41 @@ function photos_content(&$a) { else $order = 'DESC'; - $r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s' - AND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY `resource_id` ORDER BY `created` $order LIMIT %d , %d", + + $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN + (SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY resource_id) ph + ON (p.resource_id = ph.resource_id AND p.scale = ph.scale) + ORDER BY created $order LIMIT %d OFFSET %d", intval($owner_uid), dbesc($album), intvaL(PHOTO_NORMAL), - intval(PHOTO_PROFILE), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE), + intval($a->pager['itemspage']), + intval($a->pager['start']) ); - if($cmd === 'edit') { - if(($album !== t('Profile Photos')) && ($album !== 'Profile Photos') && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) { - if($can_post) { - if($a->get_template_engine() === 'internal') { - $album_e = template_escape($album); - } - else { - $album_e = $album; - } - - $edit_tpl = get_markup_template('album_edit.tpl'); - $o .= replace_macros($edit_tpl,array( - '$nametext' => t('New album name: '), - '$nickname' => $a->data['channel']['channel_address'], - '$album' => $album_e, - '$hexalbum' => bin2hex($album), - '$submit' => t('Submit'), - '$dropsubmit' => t('Delete Album') - )); + //edit album name + $album_edit = null; + if(($album !== t('Profile Photos')) && ($album !== 'Profile Photos') && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) { + if($can_post) { + if($a->get_template_engine() === 'internal') { + $album_e = template_escape($album); } - } - } - else { - if(($album !== t('Profile Photos')) && ($album !== 'Profile Photos') && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) { - if($can_post) { - $edit = array(t('Edit Album'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '/edit'); - } + else { + $album_e = $album; + } + $albums = ((array_key_exists('albums', $a->data)) ? $a->data['albums'] : photos_albums_list($a->data['channel'],$a->data['observer'])); + $edit_tpl = get_markup_template('album_edit.tpl'); + $album_edit = replace_macros($edit_tpl,array( + '$nametext' => t('Enter a new album name'), + '$name_placeholder' => t('or select an existing one (doubleclick)'), + '$nickname' => $a->data['channel']['channel_address'], + '$album' => $album_e, + '$albums' => $albums['albums'], + '$hexalbum' => bin2hex($album), + '$submit' => t('Submit'), + '$dropsubmit' => t('Delete Album') + )); } } @@ -719,6 +710,7 @@ function photos_content(&$a) { 'desc'=> $desc_e, 'ext' => $ext, 'hash'=> $rr['resource_id'], + 'unknown' => t('Unknown') ); } } @@ -741,10 +733,12 @@ function photos_content(&$a) { $o .= replace_macros($tpl, array( '$photos' => $photos, '$album' => $album, + '$album_edit' => array(t('Edit Album'), $album_edit), '$can_post' => $can_post, '$upload' => array(t('Upload'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload/' . bin2hex($album)), '$order' => $order, - '$edit' => $edit + '$upload_form' => $upload_form, + '$usage' => $usage_message )); } @@ -770,25 +764,18 @@ function photos_content(&$a) { // fetch image, item containing image, then comments $ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' - and (photo_flags = %d or photo_flags = %d ) $sql_extra ORDER BY `scale` ASC ", + $sql_extra ORDER BY `scale` ASC ", intval($owner_uid), - dbesc($datum), - intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE) - + dbesc($datum) ); if(! $ph) { /* Check again - this time without specifying permissions */ - $ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' - and ( photo_flags = %d or photo_flags = %d ) - LIMIT 1", + $ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' LIMIT 1", intval($owner_uid), - dbesc($datum), - intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE) + dbesc($datum) ); if($ph) notice( t('Permission denied. Access to this item may be restricted.') . EOL); @@ -809,11 +796,9 @@ function photos_content(&$a) { $prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 - and ( photo_flags = %d or photo_flags = %d ) $sql_extra ORDER BY `created` $order ", + $sql_extra ORDER BY `created` $order ", dbesc($ph[0]['album']), - intval($owner_uid), - intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE) + intval($owner_uid) ); if(count($prvnxt)) { @@ -855,16 +840,14 @@ function photos_content(&$a) { $tools = array( 'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource_id'], t('Use as profile photo')), ); - - // lock - $lock = ( ( ($ph[0]['uid'] == local_user()) && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) - || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ) - ? t('Private Message') - : Null); - - } + // lockstate + $lockstate = ( ( (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) + || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ) + ? array('lock', t('Private Photo')) + : array('unlock', Null)); + $a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n"; if($prevlink) $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n"; @@ -873,7 +856,7 @@ function photos_content(&$a) { $a->page['htmlhead'] .= '});</script>'; if($prevlink) - $prevlink = array($prevlink, '<i class="icon-backward photo-icons""></i>') ; + $prevlink = array($prevlink, t('Previous')); $photo = array( 'href' => $a->get_baseurl() . '/photo/' . $hires['resource_id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], @@ -882,7 +865,7 @@ function photos_content(&$a) { ); if($nextlink) - $nextlink = array($nextlink, '<i class="icon-forward photo-icons"></i>'); + $nextlink = array($nextlink, t('Next')); // Do we have an item for this photo? @@ -912,23 +895,21 @@ function photos_content(&$a) { $r = conv_sort($r,'commented'); } - - $tags = array(); if($link_item['term']) { $cnt = 0; - foreach($link_item['term'] as $t) + foreach($link_item['term'] as $t) { $tags[$cnt] = array(0 => format_term_for_display($t)); if($can_post && ($ph[0]['uid'] == $owner_uid)) { - $tags[$cnt][1] = 'tagrm?f=&item=' . $link_item['id']; + $tags[$cnt][1] = 'tagrm/drop/' . $link_item['id'] . '/' . bin2hex($t['term']); //?f=&item=' . $link_item['id']; $tags[$cnt][2] = t('Remove'); } $cnt ++; + } } - if((local_user()) && (local_user() == $link_item['uid'])) { - q("UPDATE `item` SET item_flags = (item_flags ^ %d) WHERE parent = %d and uid = %d and (item_flags & %d)", + q("UPDATE `item` SET item_flags = (item_flags & ~%d) WHERE parent = %d and uid = %d and (item_flags & %d)>0", intval(ITEM_UNSEEN), intval($link_item['parent']), intval(local_user()), @@ -945,23 +926,22 @@ function photos_content(&$a) { $edit = null; if($can_post) { - if(array_key_exists('albums', $a->data)) - $albums = get_app()->data['albums']; - else - $albums = photos_albums_list($a->data['channel'],$a->data['observer']); - $album_e = $ph[0]['album']; $caption_e = $ph[0]['description']; $aclselect_e = populate_acl($ph[0]); + $albums = ((array_key_exists('albums', $a->data)) ? $a->data['albums'] : photos_albums_list($a->data['channel'],$a->data['observer'])); + + $_SESSION['album_return'] = bin2hex($ph[0]['album']); $edit = array( 'edit' => t('Edit photo'), - 'id' => $ph[0]['id'], + 'id' => $link_item['id'], 'rotatecw' => t('Rotate CW (right)'), 'rotateccw' => t('Rotate CCW (left)'), 'albums' => $albums['albums'], 'album' => $album_e, - 'newalbum' => t('New album name'), + 'newalbum_label' => t('Enter a new album name'), + 'newalbum_placeholder' => t('or select an existing one (doubleclick)'), 'nickname' => $a->data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], 'capt_label' => t('Caption'), @@ -969,8 +949,10 @@ function photos_content(&$a) { 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), 'aclselect' => $aclselect_e, - 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), + 'lockstate' => $lockstate[0], + 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), 'item_id' => ((count($linked_items)) ? $link_item['id'] : 0), + 'adult' => array('adult',t('Flag as adult in album view'), (($ph[0]['photo_flags'] & PHOTO_ADULT) ? 1 : 0),''), 'submit' => t('Submit'), 'delete' => t('Delete Photo') ); @@ -1025,7 +1007,7 @@ function photos_content(&$a) { $like = ''; $dislike = ''; - // display comments + if($r) { foreach($r as $item) { @@ -1033,10 +1015,33 @@ function photos_content(&$a) { like_puller($a,$item,$dlike,'dislike'); } - $like = ((isset($alike[$link_item['id']])) ? format_like($alike[$link_item['id']],$alike[$link_item['id'] . '-l'],'like',$link_item['id']) : ''); - $dislike = ((isset($dlike[$link_item['id']])) ? format_like($dlike[$link_item['id']],$dlike[$link_item['id'] . '-l'],'dislike',$link_item['id']) : ''); + $like_count = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid']] : ''); + $like_list = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid'] . '-l'] : ''); + if (count($like_list) > MAX_LIKERS) { + $like_list_part = array_slice($like_list, 0, MAX_LIKERS); + array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>'); + } else { + $like_list_part = ''; + } + $like_button_label = tt('Like','Likes',$like_count,'noun'); + + //if (feature_enabled($conv->get_profile_owner(),'dislike')) { + $dislike_count = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid']] : ''); + $dislike_list = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid'] . '-l'] : ''); + $dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun'); + if (count($dislike_list) > MAX_LIKERS) { + $dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS); + array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>'); + } else { + $dislike_list_part = ''; + } + //} + + $like = ((isset($alike[$link_item['mid']])) ? format_like($alike[$link_item['mid']],$alike[$link_item['mid'] . '-l'],'like',$link_item['mid']) : ''); + $dislike = ((isset($dlike[$link_item['mid']])) ? format_like($dlike[$link_item['mid']],$dlike[$link_item['mid'] . '-l'],'dislike',$link_item['mid']) : ''); + // display comments foreach($r as $item) { $comment = ''; @@ -1114,20 +1119,33 @@ function photos_content(&$a) { $photo_tpl = get_markup_template('photo_view.tpl'); $o .= replace_macros($photo_tpl, array( - '$id' => $ph[0]['id'], + '$id' => $link_item['id'], //$ph[0]['id'], '$album' => $album_e, '$tools' => $tools, - '$lock' => $lock, + '$lock' => $lockstate[1], '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['description'], + '$filename' => $ph[0]['filename'], + '$unknown' => t('Unknown'), '$tag_hdr' => t('In This Photo:'), '$tags' => $tags, '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dislike_e, + '$like_count' => $like_count, + '$like_list' => $like_list, + '$like_list_part' => $like_list_part, + '$like_button_label' => $like_button_label, + '$like_modal_title' => t('Likes','noun'), + '$dislike_modal_title' => t('Dislikes','noun'), + '$dislike_count' => $dislike_count, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_count : ''), + '$dislike_list' => $dislike_list, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list : ''), + '$dislike_list_part' => $dislike_list_part, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list_part : ''), + '$dislike_button_label' => $dislike_button_label, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_button_label : ''), + '$modal_dismiss' => t('Close'), '$comments' => $comments, '$commentbox' => $commentbox, '$paginate' => $paginate, @@ -1142,29 +1160,30 @@ function photos_content(&$a) { //$o = ''; $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' - and ( photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY `resource_id`", + and ((photo_flags = %d) or (photo_flags & %d)) $sql_extra GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc( t('Contact Photos')), intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE) + intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE) ); if(count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(60); } - - $r = q("SELECT `resource_id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo` - WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' - and ( photo_flags = %d or photo_flags = %d ) - $sql_extra GROUP BY `resource_id` ORDER BY `created` DESC LIMIT %d , %d", + + $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN + (SELECT resource_id, max(scale) scale FROM photo + WHERE uid=%d AND album != '%s' AND album != '%s' + AND (photo_flags = %d or photo_flags = %d ) group by resource_id) ph + ON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc( t('Contact Photos')), intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval(($unsafe) ? (PHOTO_PROFILE|PHOTO_ADULT) : PHOTO_PROFILE), + intval($a->pager['itemspage']), + intval($a->pager['start']) ); @@ -1225,6 +1244,8 @@ function photos_content(&$a) { '$can_post' => $can_post, '$upload' => array(t('Upload'), $a->get_baseurl().'/photos/'.$a->data['channel']['channel_address'].'/upload'), '$photos' => $photos, + '$upload_form' => $upload_form, + '$usage' => $usage_message )); } diff --git a/mod/ping.php b/mod/ping.php index 49475de66..d7b9e3d2e 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -41,6 +41,19 @@ function ping_init(&$a) { header("content-type: application/json"); + $vnotify = false; + + if(local_user()) { + $vnotify = get_pconfig(local_user(),'system','vnotify'); + $evdays = intval(get_pconfig(local_user(),'system','evdays')); + } + + // if unset show all visual notification types + if($vnotify === false) + $vnotify = (-1); + if($evdays < 1) + $evdays = 3; + /** * If you have several windows open to this site and switch to a different channel * in one of them, the others may get into a confused state showing you a page or options @@ -71,6 +84,11 @@ function ping_init(&$a) { } unset($_SESSION['sysmsg_info']); } + if(! ($vnotify & VNOTIFY_INFO)) + $result['info'] = array(); + if(! ($vnotify & VNOTIFY_ALERT)) + $result['notice'] = array(); + if($a->install) { echo json_encode($result); @@ -89,7 +107,7 @@ function ping_init(&$a) { $basic_presence = false; if($r) { $basic_presence = true; - q("update chatpresence set cp_last = '%s' where cp_id = %d limit 1", + q("update chatpresence set cp_last = '%s' where cp_id = %d", dbesc(datetime_convert()), intval($r[0]['cp_id']) ); @@ -110,7 +128,9 @@ function ping_init(&$a) { * and shouldn't count as online anymore. We allow an expection for bots. */ - q("delete from chatpresence where cp_last < UTC_TIMESTAMP() - INTERVAL 3 MINUTE and cp_client != 'auto' "); + q("delete from chatpresence where cp_last < %s - INTERVAL %s and cp_client != 'auto' ", + db_utcnow(), db_quoteinterval('3 MINUTE') + ); if((! local_user()) || ($result['invalid'])) { echo json_encode($result); @@ -130,14 +150,14 @@ function ping_init(&$a) { if(x($_REQUEST, 'markRead') && local_user()) { switch($_REQUEST['markRead']) { case 'network': - $r = q("update item set item_flags = ( item_flags ^ %d ) where (item_flags & %d) and uid = %d", + $r = q("update item set item_flags = ( item_flags & ~%d ) where (item_flags & %d)>0 and uid = %d", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(local_user()) ); break; case 'home': - $r = q("update item set item_flags = ( item_flags ^ %d ) where (item_flags & %d) and (item_flags & %d) and uid = %d", + $r = q("update item set item_flags = ( item_flags & ~%d ) where (item_flags & %d)>0 and (item_flags & %d) and uid = %d", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(ITEM_WALL), @@ -145,7 +165,7 @@ function ping_init(&$a) { ); break; case 'messages': - $r = q("update mail set mail_flags = ( mail_flags ^ %d ) where channel_id = %d and not (mail_flags & %d)", + $r = q("update mail set mail_flags = ( mail_flags | %d ) where channel_id = %d and not (mail_flags & %d)>0", intval(MAIL_SEEN), intval(local_user()), intval(MAIL_SEEN) @@ -179,17 +199,17 @@ function ping_init(&$a) { ); if($t && intval($t[0]['total']) > 49) { $z = q("select * from notify where uid = %d - and seen = 0 order by date desc limit 0, 50", + and seen = 0 order by date desc limit 50", intval(local_user()) ); } else { $z1 = q("select * from notify where uid = %d - and seen = 0 order by date desc limit 0, 50", + and seen = 0 order by date desc limit 50", intval(local_user()) ); $z2 = q("select * from notify where uid = %d - and seen = 1 order by date desc limit 0, %d", + and seen = 1 order by date desc limit %d", intval(local_user()), intval(50 - intval($t[0]['total'])) ); @@ -204,7 +224,7 @@ function ping_init(&$a) { 'url' => $zz['url'], 'photo' => $zz['photo'], 'when' => relative_date($zz['date']), - 'class' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'), + 'hclass' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'), 'message' => strip_tags(bbcode($zz['msg'])) ); } @@ -217,8 +237,8 @@ function ping_init(&$a) { if(argc() > 1 && argv(1) === 'messages') { $channel = $a->get_channel(); $t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan - where channel_id = %d and not ( mail_flags & %d ) and not (mail_flags & %d ) - and from_xchan != '%s' order by created desc limit 0,50", + where channel_id = %d and not ( mail_flags & %d )>0 and not (mail_flags & %d )>0 + and from_xchan != '%s' order by created desc limit 50", intval(local_user()), intval(MAIL_SEEN), intval(MAIL_DELETED), @@ -233,7 +253,7 @@ function ping_init(&$a) { 'url' => $zz['xchan_url'], 'photo' => $zz['xchan_photo_s'], 'when' => relative_date($zz['created']), - 'class' => (($zz['mail_flags'] & MAIL_SEEN) ? 'notify-seen' : 'notify-unseen'), + 'hclass' => (($zz['mail_flags'] & MAIL_SEEN) ? 'notify-seen' : 'notify-unseen'), 'message' => t('sent you a private message'), ); } @@ -247,7 +267,7 @@ function ping_init(&$a) { $result = array(); $r = q("SELECT * FROM item - WHERE item_restrict = %d and ( item_flags & %d ) and uid = %d", + WHERE item_restrict = %d and ( item_flags & %d )>0 and uid = %d", intval(ITEM_VISIBLE), intval(ITEM_UNSEEN), intval(local_user()) @@ -269,7 +289,7 @@ function ping_init(&$a) { if(argc() > 1 && (argv(1) === 'intros')) { $result = array(); - $r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", + $r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)", intval(local_user()), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), @@ -284,7 +304,7 @@ function ping_init(&$a) { 'url' => $rr['xchan_url'], 'photo' => $rr['xchan_photo_s'], 'when' => relative_date($rr['abook_created']), - 'class' => ('notify-unseen'), + 'hclass' => ('notify-unseen'), 'message' => t('added your channel') ); } @@ -303,7 +323,7 @@ function ping_init(&$a) { WHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0 ORDER BY `start` DESC ", intval(local_user()), - dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) ); @@ -325,7 +345,7 @@ function ping_init(&$a) { 'url' => $rr['xchan_url'], 'photo' => $rr['xchan_photo_s'], 'when' => $when, - 'class' => ('notify-unseen'), + 'hclass' => ('notify-unseen'), 'message' => t('posted an event') ); } @@ -341,101 +361,125 @@ function ping_init(&$a) { * Normal ping - just the counts, no detail */ - $t = q("select count(*) as total from notify where uid = %d and seen = 0", - intval(local_user()) - ); - if($t) - $result['notify'] = intval($t[0]['total']); + if($vnotify & VNOTIFY_SYSTEM) { + $t = q("select count(*) as total from notify where uid = %d and seen = 0", + intval(local_user()) + ); + if($t) + $result['notify'] = intval($t[0]['total']); + } $t1 = dba_timer(); - $r = q("SELECT id, item_restrict, item_flags FROM item - WHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", - intval(ITEM_VISIBLE), - intval(ITEM_UNSEEN), - intval(local_user()) - ); + if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) { + $r = q("SELECT id, item_restrict, item_flags FROM item + WHERE (item_restrict = %d) and ( item_flags & %d )>0 and uid = %d", + intval(ITEM_VISIBLE), + intval(ITEM_UNSEEN), + intval(local_user()) + ); - if(count($r)) { - $arr = array('items' => $r); - call_hooks('network_ping', $arr); + if($r) { + $arr = array('items' => $r); + call_hooks('network_ping', $arr); - foreach ($r as $it) { - if($it['item_flags'] & ITEM_WALL) - $result['home'] ++; - else - $result['network'] ++; + foreach ($r as $it) { + if($it['item_flags'] & ITEM_WALL) + $result['home'] ++; + else + $result['network'] ++; + } } } + if(! ($vnotify & VNOTIFY_NETWORK)) + $result['network'] = 0; + if(! ($vnotify & VNOTIFY_CHANNEL)) + $result['home'] = 0; + $t2 = dba_timer(); - $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", - intval(local_user()), - intval(ABOOK_FLAG_PENDING), - intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), - intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) - ); + if($vnotify & VNOTIFY_INTRO) { + $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)", + intval(local_user()), + intval(ABOOK_FLAG_PENDING), + intval(ABOOK_FLAG_SELF|ABOOK_FLAG_IGNORED), + intval(XCHAN_FLAGS_DELETED|XCHAN_FLAGS_ORPHAN) + ); - $t3 = dba_timer(); + $t3 = dba_timer(); - if($intr) - $result['intros'] = intval($intr[0]['total']); + if($intr) + $result['intros'] = intval($intr[0]['total']); + } $t4 = dba_timer(); $channel = get_app()->get_channel(); - $mails = q("SELECT count(id) as total from mail - WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", - intval(local_user()), - intval(MAIL_SEEN), - dbesc($channel['channel_hash']) - ); - if($mails) - $result['mail'] = intval($mails[0]['total']); - - if ($a->config['system']['register_policy'] == REGISTER_APPROVE && is_site_admin()) { - $regs = q("SELECT count(account_id) as total from account where (account_flags & %d)", - intval(ACCOUNT_PENDING) + if($vnotify & VNOTIFY_MAIL) { + $mails = q("SELECT count(id) as total from mail + WHERE channel_id = %d AND not (mail_flags & %d)>0 and from_xchan != '%s' ", + intval(local_user()), + intval(MAIL_SEEN), + dbesc($channel['channel_hash']) ); - if($regs) - $result['register'] = intval($regs[0]['total']); + if($mails) + $result['mail'] = intval($mails[0]['total']); + } + + if($vnotify & VNOTIFY_REGISTER) { + if ($a->config['system']['register_policy'] == REGISTER_APPROVE && is_site_admin()) { + $regs = q("SELECT count(account_id) as total from account where (account_flags & %d)>0", + intval(ACCOUNT_PENDING) + ); + if($regs) + $result['register'] = intval($regs[0]['total']); + } } $t5 = dba_timer(); - $events = q("SELECT type, start, adjust FROM `event` - WHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0 - ORDER BY `start` ASC ", - intval(local_user()), - dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')), - dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) - ); - - if($events) { - $result['all_events'] = count($events); - - if($result['all_events']) { - $str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d'); - foreach($events as $x) { - $bd = false; - if($x['type'] === 'birthday') { - $result['birthdays'] ++; - $bd = true; - } - else { - $result['events'] ++; - } - if(datetime_convert('UTC', ((intval($x['adjust'])) ? date_default_timezone_get() : 'UTC'), $x['start'], 'Y-m-d') === $str_now) { - $result['all_events_today'] ++; - if($bd) - $result['birthdays_today'] ++; - else - $result['events_today'] ++; + if($vnotify & (VNOTIFY_EVENT|VNOTIFY_EVENTTODAY|VNOTIFY_BIRTHDAY)) { + $events = q("SELECT type, start, adjust FROM `event` + WHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0 + ORDER BY `start` ASC ", + intval(local_user()), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) + ); + + if($events) { + $result['all_events'] = count($events); + + if($result['all_events']) { + $str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d'); + foreach($events as $x) { + $bd = false; + if($x['type'] === 'birthday') { + $result['birthdays'] ++; + $bd = true; + } + else { + $result['events'] ++; + } + if(datetime_convert('UTC', ((intval($x['adjust'])) ? date_default_timezone_get() : 'UTC'), $x['start'], 'Y-m-d') === $str_now) { + $result['all_events_today'] ++; + if($bd) + $result['birthdays_today'] ++; + else + $result['events_today'] ++; + } } } } } + if(! ($vnotify & VNOTIFY_EVENT)) + $result['all_events'] = $result['events'] = 0; + if(! ($vnotify & VNOTIFY_EVENTTODAY)) + $result['all_events_today'] = $result['events_today'] = 0; + if(! ($vnotify & VNOTIFY_BIRTHDAY)) + $result['birthdays'] = 0; + $x = json_encode($result); diff --git a/mod/poco.php b/mod/poco.php index c1696e4cd..fc01fc565 100644 --- a/mod/poco.php +++ b/mod/poco.php @@ -15,7 +15,7 @@ function poco_init(&$a) { $user = notags(trim(argv(1))); } if(! x($user)) { - $c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1"); + $c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = '1'"); if(! $c) { logger('mod_poco: system mode. No candidates.', LOGGER_DEBUG); http_status_exit(404); @@ -60,7 +60,7 @@ function poco_init(&$a) { } if($justme) - $sql_extra = " and ( abook_flags & " . ABOOK_FLAG_SELF . " ) "; + $sql_extra = " and ( abook_flags & " . ABOOK_FLAG_SELF . " )>0 "; else $sql_extra = " and abook_flags = 0 "; @@ -69,14 +69,14 @@ function poco_init(&$a) { if($system_mode) { $r = q("SELECT count(*) as `total` from abook where ( abook_flags & " . ABOOK_FLAG_SELF . - " ) and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) "); + " )>0 and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) "); } else { $r = q("SELECT count(*) as `total` from abook where abook_channel = %d $sql_extra ", intval($channel_id) ); - $c = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " ) and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d", + $c = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " )>0 and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d", intval($channel_id) ); } @@ -93,17 +93,17 @@ function poco_init(&$a) { if($system_mode) { $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where ( abook_flags & " . ABOOK_FLAG_SELF . - " ) and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) limit %d, %d ", - intval($startIndex), - intval($itemsPerPage) + " )>0 and abook_channel in (select uid from pconfig where cat = 'system' and k = 'suggestme' and v = 1) limit %d offset %d ", + intval($itemsPerPage), + intval($startIndex) ); } else { $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d - $sql_extra LIMIT %d, %d", + $sql_extra LIMIT %d OFFSET %d", intval($channel_id), - intval($startIndex), - intval($itemsPerPage) + intval($itemsPerPage), + intval($startIndex) ); } diff --git a/mod/post.php b/mod/post.php index d62233ca1..47e460f1e 100644 --- a/mod/post.php +++ b/mod/post.php @@ -98,7 +98,7 @@ function post_init(&$a) { // Any channel will do, providing it's currently active. We just need to have an // identity to attach to the packet we send back. So find one. - $c = q("select * from channel where not ( channel_pageflags & %d ) limit 1", + $c = q("select * from channel where not ( channel_pageflags & %d )>0 limit 1", intval(PAGE_REMOVED) ); @@ -507,6 +507,7 @@ function post_post(&$a) { json_return_and_die($ret); } + if($msgtype === 'pickup') { /** @@ -597,11 +598,24 @@ function post_post(&$a) { $ret['success'] = true; $ret['pickup'] = array(); foreach($r as $rr) { - $ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => json_decode($rr['outq_msg'],true)); + if($rr['outq_msg']) { + $x = json_decode($rr['outq_msg'],true); - $x = q("delete from outq where outq_hash = '%s' limit 1", - dbesc($rr['outq_hash']) - ); + if(! $x) + continue; + + if(array_key_exists('message_list',$x)) { + foreach($x['message_list'] as $xx) { + $ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => $xx); + } + } + else + $ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => $x); + + $x = q("delete from outq where outq_hash = '%s'", + dbesc($rr['outq_hash']) + ); + } } } @@ -645,7 +659,7 @@ function post_post(&$a) { // Update our DB to show when we last communicated successfully with this hub // This will allow us to prune dead hubs from using up resources - $r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d limit 1", + $r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d", dbesc(datetime_convert()), intval($hub['hubloc_id']) ); @@ -653,17 +667,17 @@ function post_post(&$a) { // a dead hub came back to life - reset any tombstones we might have if($hub['hubloc_status'] & HUBLOC_OFFLINE) { - q("update hubloc set hubloc_status = (hubloc_status ^ %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_status = (hubloc_status & ~%d) where hubloc_id = %d", intval(HUBLOC_OFFLINE), intval($hub['hubloc_id']) ); if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) { - q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where hubloc_id = %d", intval(HUBLOC_FLAGS_ORPHANCHECK), intval($hub['hubloc_id']) ); } - q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", + q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN), dbesc($hub['hubloc_hash']) @@ -718,7 +732,9 @@ function post_post(&$a) { $sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); // garbage collect any old unused notifications - q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE"); + q("delete from verify where type = 'auth' and created < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('10 MINUTE') + ); $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($sender_hash) @@ -767,7 +783,7 @@ function post_post(&$a) { $ret['message'] .= 'verification key not found' . EOL; json_return_and_die($ret); } - $r = q("delete from verify where id = %d limit 1", + $r = q("delete from verify where id = %d", intval($z[0]['id']) ); @@ -796,6 +812,12 @@ function post_post(&$a) { json_return_and_die($ret); } + if($msgtype === 'request') { + // request a particular post/conversation by message_id + $x = zot_process_message_request($data); + json_return_and_die($x); + } + if($msgtype === 'purge') { if($recipients) { diff --git a/mod/profile_photo.php b/mod/profile_photo.php index aad9c9d16..24439d404 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -173,7 +173,7 @@ function profile_photo_post(&$a) { dbesc($base_image['resource_id']), intval(local_user()) ); - $r = q("UPDATE photo SET photo_flags = ( photo_flags ^ %d ) WHERE ( photo_flags & %d ) + $r = q("UPDATE photo SET photo_flags = ( photo_flags & ~%d ) WHERE ( photo_flags & %d )>0 AND resource_id != '%s' AND `uid` = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), @@ -182,7 +182,7 @@ function profile_photo_post(&$a) { ); } else { - $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d limit 1", + $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d", dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-4'), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-5'), intval($_REQUEST['profile']), @@ -196,7 +196,7 @@ function profile_photo_post(&$a) { $channel = $a->get_channel(); $r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc($im->getType()), dbesc(datetime_convert()), dbesc($channel['xchan_hash']) @@ -302,7 +302,7 @@ function profile_photo_content(&$a) { // unset any existing profile photos $r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d", intval(local_user())); - $r = q("UPDATE photo SET photo_flags = (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d", + $r = q("UPDATE photo SET photo_flags = (photo_flags & ~%d ) WHERE (photo_flags & %d )>0 AND uid = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), intval(local_user())); @@ -320,7 +320,7 @@ function profile_photo_content(&$a) { ); $r = q("UPDATE xchan set xchan_photo_date = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($channel['xchan_hash']) ); diff --git a/mod/profiles.php b/mod/profiles.php index 5d0416e9a..910c48743 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -30,7 +30,7 @@ function profiles_init(&$a) { dbesc($profile_guid), intval(local_user()) ); - $r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d", intval(argv(2)), intval(local_user()) ); @@ -233,41 +233,29 @@ function profiles_post(&$a) { return; } - if($_POST['dob']) { - $year = substr($_POST['dob'],0,4); - $month = substr($_POST['dob'],5,2); - $day = substr($_POST['dob'],8,2); - } - - $year = intval($_POST['year']); - if($year < 1900 || $year > 2100 || $year < 0) - $year = 0; - $month = intval($_POST['month']); - if(($month > 12) || ($month < 0)) - $month = 0; - $mtab = array(0,31,29,31,30,31,30,31,31,30,31,30,31); - $day = intval($_POST['day']); - if(($day > $mtab[$month]) || ($day < 0)) - $day = 0; - -// if($year && (! ($month && $day))) { -// $month = 1; $day = 1; -// } + $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; // FIXME: Needs to be validated? + $y = substr($dob,0,4); + if((! ctype_digit($y)) || ($y < 1900)) + $ignore_year = true; + else + $ignore_year = false; - $dob = '0000-00-00'; - $dob = sprintf('%04d-%02d-%02d',$year,$month,$day); - + if($dob != '0000-00-00') { + if(strpos($dob,'0000-') === 0) { + $ignore_year = true; + $dob = substr($dob,5); + } + $dob = datetime_convert('UTC','UTC',(($ignore_year) ? '1900-' . $dob : $dob),(($ignore_year) ? 'm-d' : 'Y-m-d')); + if($ignore_year) + $dob = '0000-' . $dob; + } $name = escape_tags(trim($_POST['name'])); if($orig[0]['name'] != $name) $namechanged = true; - - - - $pdesc = escape_tags(trim($_POST['pdesc'])); $gender = escape_tags(trim($_POST['gender'])); $address = escape_tags(trim($_POST['address'])); @@ -366,7 +354,7 @@ function profiles_post(&$a) { dbesc($zz['field_name']) ); if($w) { - q("update profext set v = '%s' where id = %d limit 1", + q("update profext set v = '%s' where id = %d", dbesc(escape_tags(trim($_POST[$zz['field_name']]))), intval($w[0]['id']) ); @@ -481,7 +469,7 @@ function profiles_post(&$a) { `work` = '%s', `education` = '%s', `hide_friends` = %d - WHERE `id` = %d AND `uid` = %d LIMIT 1", + WHERE `id` = %d AND `uid` = %d", dbesc($profile_name), dbesc($name), dbesc($pdesc), @@ -534,7 +522,7 @@ function profiles_post(&$a) { $channel = $a->get_channel(); if($namechanged && $is_default) { - $r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s' limit 1", + $r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'", dbesc($name), dbesc(datetime_convert()), dbesc($channel['xchan_hash']) @@ -542,6 +530,8 @@ function profiles_post(&$a) { } if($is_default) { + // reload the info for the sidebar widget - why does this not work? + profile_load($a,$channel['channel_address']); proc_run('php','include/directory.php',local_user()); } } @@ -654,7 +644,7 @@ logger('extra_fields: ' . print_r($extra_fields,true)); '$lbl_fullname' => t('Your Full Name:'), '$lbl_title' => t('Title/Description:'), '$lbl_gender' => t('Your Gender:'), - '$lbl_bd' => sprintf( t("Birthday \x28%s\x29:"),datesel_format($f)), + '$lbl_bd' => t("Birthday :"), '$lbl_address' => t('Street Address:'), '$lbl_city' => t('Locality/City:'), '$lbl_zip' => t('Postal/Zip Code:'), diff --git a/mod/profperm.php b/mod/profperm.php index 197062936..55dc8cc77 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -75,13 +75,13 @@ function profperm_content(&$a) { if($change) { if(in_array($change,$ingroup)) { - q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d", intval($change), intval(local_user()) ); } else { - q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d", dbesc($profile['profile_guid']), intval($change), intval(local_user()) diff --git a/mod/receive.php b/mod/receive.php index 4071b169b..b7d27d40f 100644 --- a/mod/receive.php +++ b/mod/receive.php @@ -31,7 +31,7 @@ function receive_post(&$a) { // Diaspora sites *may* provide a truncated guid. - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d )>0 LIMIT 1", dbesc($guid . '%'), intval(PAGE_REMOVED) ); diff --git a/mod/register.php b/mod/register.php index 0cf1364b5..70bdcf350 100644 --- a/mod/register.php +++ b/mod/register.php @@ -37,7 +37,9 @@ function register_post(&$a) { $max_dailies = intval(get_config('system','max_daily_registrations')); if($max_dailies) { - $r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day"); + $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 day') + ); if($r && $r[0]['total'] >= $max_dailies) { notice( t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL); return; @@ -100,7 +102,7 @@ function register_post(&$a) { $invite_code = ((x($_POST,'invite_code')) ? notags(trim($_POST['invite_code'])) : ''); if($using_invites && $invite_code) { - q("delete * from register where hash = '%s' limit 1", dbesc($invite_code)); + q("delete * from register where hash = '%s'", dbesc($invite_code)); set_pconfig($result['account']['account_id'],'system','invites_remaining',$num_invites); } @@ -164,7 +166,9 @@ function register_content(&$a) { $max_dailies = intval(get_config('system','max_daily_registrations')); if($max_dailies) { - $r = q("select count(account_id) as total from account where account_created > UTC_TIMESTAMP() - INTERVAL 1 day"); + $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 day') + ); if($r && $r[0]['total'] >= $max_dailies) { logger('max daily registrations exceeded.'); notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL); diff --git a/mod/search.php b/mod/search.php index 15ac71376..612ceb4bc 100644 --- a/mod/search.php +++ b/mod/search.php @@ -68,7 +68,8 @@ function search_content(&$a,$update = 0, $load = false) { ); } else { - $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); + $regstr = db_getfunc('REGEXP'); + $sql_extra = sprintf(" AND `item`.`body` $regstr '%s' ", dbesc(protect_sprintf(preg_quote($search)))); } // Here is the way permissions work in the search module... @@ -123,7 +124,7 @@ function search_content(&$a,$update = 0, $load = false) { if(($update) && ($load)) { $itemspage = get_pconfig(local_user(),'system','itemspage'); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); - $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); // in case somebody turned off public access to sys channel content with permissions @@ -132,29 +133,36 @@ function search_content(&$a,$update = 0, $load = false) { if($load) { $r = null; - + + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $prefix = 'distinct on (created, mid)'; + $suffix = 'ORDER BY created DESC, mid'; + } else { + $prefix = 'distinct'; + $suffix = 'group by mid ORDER BY created DESC'; + } if(local_user()) { - $r = q("SELECT distinct mid, item.id as item_id, item.* from item + $r = q("SELECT $prefix mid, item.id as item_id, item.* from item WHERE item_restrict = 0 AND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) OR ( `item`.`uid` = %d )) OR item.owner_xchan = '%s' ) $sql_extra - group by mid ORDER BY created DESC $pager_sql ", + $suffix $pager_sql ", intval(local_user()), dbesc($sys['xchan_hash']) ); } if($r === null) { - $r = q("SELECT distinct mid, item.id as item_id, item.* from item - WHERE item_restrict = 0 - AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' - AND `item`.`deny_gid` = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - $pub_sql ) OR owner_xchan = '%s') - $sql_extra - group by mid ORDER BY created DESC $pager_sql", + $r = q("SELECT $prefix mid, item.id as item_id, item.* from item + WHERE item_restrict = 0 + AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' + AND `item`.`deny_gid` = '' AND item_private = 0 ) + and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + $pub_sql ) OR owner_xchan = '%s') + $sql_extra + $suffix $pager_sql", dbesc($sys['xchan_hash']) - ); + ); } } else { diff --git a/mod/settings.php b/mod/settings.php index 876216871..396bb2972 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -39,7 +39,9 @@ function settings_post(&$a) { if(! local_user()) return; - // logger('mod_settings: ' . print_r($_REQUEST,true)); + $channel = $a->get_channel(); + + logger('mod_settings: ' . print_r($_REQUEST,true)); if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) return; @@ -152,14 +154,11 @@ function settings_post(&$a) { set_pconfig(local_user(),'system','mobile_theme',$mobile_theme); } -// $chanview_full = ((x($_POST,'chanview_full')) ? intval($_POST['chanview_full']) : 0); set_pconfig(local_user(),'system','user_scalable',$user_scalable); set_pconfig(local_user(),'system','update_interval', $browser_update); set_pconfig(local_user(),'system','itemspage', $itemspage); set_pconfig(local_user(),'system','no_smilies',$nosmile); set_pconfig(local_user(),'system','title_tosource',$title_tosource); -// set_pconfig(local_user(),'system','chanview_full',$chanview_full); - if ($theme == $a->channel['channel_theme']){ // call theme_post only if theme has not been changed @@ -169,7 +168,7 @@ function settings_post(&$a) { } } - $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d LIMIT 1", + $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", dbesc($theme), intval(local_user()) ); @@ -206,7 +205,7 @@ function settings_post(&$a) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $newpass); $r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s' - where account_id = %d limit 1", + where account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), @@ -236,7 +235,7 @@ function settings_post(&$a) { $email = $a->user['email']; } if(! $errs) { - $r = q("update account set account_email = '%s' where account_id = %d limit 1", + $r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id']) ); @@ -257,14 +256,111 @@ function settings_post(&$a) { call_hooks('settings_post', $_POST); - + $set_perms = ''; + + $role = ((x($_POST,'permissions_role')) ? notags(trim($_POST['permissions_role'])) : ''); + $oldrole = get_pconfig(local_user(),'system','permissions_role'); + + if(($role != $oldrole) || ($role === 'custom')) { + + if($role === 'custom') { + $hide_presence = (((x($_POST,'hide_presence')) && (intval($_POST['hide_presence']) == 1)) ? 1: 0); + $publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); + $def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : ''); + $r = q("update channel set channel_default_group = '%s' where channel_id = %d", + dbesc($def_group), + intval(local_user()) + ); + + $global_perms = get_perms(); + + foreach($global_perms as $k => $v) { + $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' '; + } + + $str_group_allow = perms2str($_POST['group_allow']); + $str_contact_allow = perms2str($_POST['contact_allow']); + $str_group_deny = perms2str($_POST['group_deny']); + $str_contact_deny = perms2str($_POST['contact_deny']); + $r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' + where channel_id = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval(local_user()) + ); + } + else { + $role_permissions = get_role_perms($_POST['permissions_role']); + if(! $role_permissions) { + notice('Permissions category could not be found.'); + return; + } + $hide_presence = 1 - (intval($role_permissions['online'])); + if($role_permissions['default_collection']) { + $r = q("select hash from groups where uid = %d and name = '%s' limit 1", + intval(local_user()), + dbesc( t('Friends') ) + ); + if(! $r) { + require_once('include/group.php'); + group_add(local_user(), t('Friends')); + group_add_member(local_user(),t('Friends'),$channel['channel_hash']); + $r = q("select hash from groups where uid = %d and name = '%s' limit 1", + intval(local_user()), + dbesc( t('Friends') ) + ); + } + if($r) { + q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", + dbesc($r[0]['hash']), + dbesc('<' . $r[0]['hash'] . '>'), + intval(local_user()) + ); + } + else { + notice( sprintf('Default privacy collection \'%s\' not found. Please create and re-submit permission change.', t('Friends')) . EOL); + return; + } + } + // no default collection + else { + q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', + channel_deny_cid = '' where channel_id = %d", + intval(local_user()) + ); + } + + $r = q("update abook set abook_my_perms = %d where abook_channel = %d and (abook_flags & %d)>0", + intval(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0), + intval(local_user()), + intval(ABOOK_FLAG_SELF) + ); + set_pconfig(local_user(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0)); + + foreach($role_permissions as $p => $v) { + if(strpos($p,'channel_') !== false) { + $set_perms .= ', ' . $p . ' = ' . intval($v) . ' '; + } + if($p === 'directory_publish') { + $publish = intval($v); + } + } + } + + set_pconfig(local_user(),'system','hide_online_status',$hide_presence); + set_pconfig(local_user(),'system','permissions_role',$role); + } + $username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : ''); $timezone = ((x($_POST,'timezone')) ? notags(trim($_POST['timezone'])) : ''); $defloc = ((x($_POST,'defloc')) ? notags(trim($_POST['defloc'])) : ''); $openid = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); $maxreq = ((x($_POST,'maxreq')) ? intval($_POST['maxreq']) : 0); $expire = ((x($_POST,'expire')) ? intval($_POST['expire']) : 0); - $def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : ''); + $evdays = ((x($_POST,'evdays')) ? intval($_POST['evdays']) : 3); + $channel_menu = ((x($_POST['channel_menu'])) ? htmlspecialchars_decode(trim($_POST['channel_menu']),ENT_QUOTES) : ''); $expire_items = ((x($_POST,'expire_items')) ? intval($_POST['expire_items']) : 0); @@ -273,17 +369,13 @@ function settings_post(&$a) { $expire_network_only = ((x($_POST,'expire_network_only'))? intval($_POST['expire_network_only']) : 0); $allow_location = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0); - $hide_presence = (((x($_POST,'hide_presence')) && (intval($_POST['hide_presence']) == 1)) ? 1: 0); - $publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); - $page_flags = (((x($_POST,'page-flags')) && (intval($_POST['page-flags']))) ? intval($_POST['page-flags']) : 0); - $blockwall = (((x($_POST,'blockwall')) && (intval($_POST['blockwall']) == 1)) ? 0: 1); // this setting is inverted! + $blocktags = (((x($_POST,'blocktags')) && (intval($_POST['blocktags']) == 1)) ? 0: 1); // this setting is inverted! $unkmail = (((x($_POST,'unkmail')) && (intval($_POST['unkmail']) == 1)) ? 1: 0); $cntunkmail = ((x($_POST,'cntunkmail')) ? intval($_POST['cntunkmail']) : 0); $suggestme = ((x($_POST,'suggestme')) ? intval($_POST['suggestme']) : 0); - $hide_friends = (($_POST['hide_friends'] == 1) ? 1: 0); - $hidewall = (($_POST['hidewall'] == 1) ? 1: 0); + $post_newfriend = (($_POST['post_newfriend'] == 1) ? 1: 0); $post_joingroup = (($_POST['post_joingroup'] == 1) ? 1: 0); $post_profilechange = (($_POST['post_profilechange'] == 1) ? 1: 0); @@ -295,63 +387,6 @@ function settings_post(&$a) { if($adult != $existing_adult) $pageflags = ($pageflags ^ PAGE_ADULT); - $arr = array(); - $arr['channel_r_stream'] = (($_POST['view_stream']) ? $_POST['view_stream'] : 0); - $arr['channel_r_profile'] = (($_POST['view_profile']) ? $_POST['view_profile'] : 0); - $arr['channel_r_photos'] = (($_POST['view_photos']) ? $_POST['view_photos'] : 0); - $arr['channel_r_abook'] = (($_POST['view_contacts']) ? $_POST['view_contacts'] : 0); - $arr['channel_w_stream'] = (($_POST['send_stream']) ? $_POST['send_stream'] : 0); - $arr['channel_w_wall'] = (($_POST['post_wall']) ? $_POST['post_wall'] : 0); - $arr['channel_w_tagwall'] = (($_POST['tag_deliver']) ? $_POST['tag_deliver'] : 0); - $arr['channel_w_comment'] = (($_POST['post_comments']) ? $_POST['post_comments'] : 0); - $arr['channel_w_mail'] = (($_POST['post_mail']) ? $_POST['post_mail'] : 0); - $arr['channel_w_photos'] = (($_POST['post_photos']) ? $_POST['post_photos'] : 0); - $arr['channel_w_chat'] = (($_POST['chat']) ? $_POST['chat'] : 0); - $arr['channel_a_delegate'] = (($_POST['delegate']) ? $_POST['delegate'] : 0); - $arr['channel_r_storage'] = (($_POST['view_storage']) ? $_POST['view_storage'] : 0); - $arr['channel_w_storage'] = (($_POST['write_storage']) ? $_POST['write_storage'] : 0); - $arr['channel_r_pages'] = (($_POST['view_pages']) ? $_POST['view_pages'] : 0); - $arr['channel_w_pages'] = (($_POST['write_pages']) ? $_POST['write_pages'] : 0); - $arr['channel_a_republish'] = (($_POST['republish']) ? $_POST['republish'] : 0); - $arr['channel_w_like'] = (($_POST['post_like']) ? $_POST['post_like'] : 0); - - $defperms = 0; - if(x($_POST['def_view_stream'])) - $defperms += $_POST['def_view_stream']; - if(x($_POST['def_view_profile'])) - $defperms += $_POST['def_view_profile']; - if(x($_POST['def_view_photos'])) - $defperms += $_POST['def_view_photos']; - if(x($_POST['def_view_contacts'])) - $defperms += $_POST['def_view_contacts']; - if(x($_POST['def_send_stream'])) - $defperms += $_POST['def_send_stream']; - if(x($_POST['def_post_wall'])) - $defperms += $_POST['def_post_wall']; - if(x($_POST['def_tag_deliver'])) - $defperms += $_POST['def_tag_deliver']; - if(x($_POST['def_post_comments'])) - $defperms += $_POST['def_post_comments']; - if(x($_POST['def_post_mail'])) - $defperms += $_POST['def_post_mail']; - if(x($_POST['def_post_photos'])) - $defperms += $_POST['def_post_photos']; - if(x($_POST['def_chat'])) - $defperms += $_POST['def_chat']; - if(x($_POST['def_delegate'])) - $defperms += $_POST['def_delegate']; - if(x($_POST['def_view_storage'])) - $defperms += $_POST['def_view_storage']; - if(x($_POST['def_write_storage'])) - $defperms += $_POST['def_write_storage']; - if(x($_POST['def_view_pages'])) - $defperms += $_POST['def_view_pages']; - if(x($_POST['def_write_pages'])) - $defperms += $_POST['def_write_pages']; - if(x($_POST['def_republish'])) - $defperms += $_POST['def_republish']; - if(x($_POST['def_post_like'])) - $defperms += $_POST['def_post_like']; $notify = 0; @@ -373,6 +408,31 @@ function settings_post(&$a) { $notify += intval($_POST['notify8']); + $vnotify = 0; + + if(x($_POST,'vnotify1')) + $vnotify += intval($_POST['vnotify1']); + if(x($_POST,'vnotify2')) + $vnotify += intval($_POST['vnotify2']); + if(x($_POST,'vnotify3')) + $vnotify += intval($_POST['vnotify3']); + if(x($_POST,'vnotify4')) + $vnotify += intval($_POST['vnotify4']); + if(x($_POST,'vnotify5')) + $vnotify += intval($_POST['vnotify5']); + if(x($_POST,'vnotify6')) + $vnotify += intval($_POST['vnotify6']); + if(x($_POST,'vnotify7')) + $vnotify += intval($_POST['vnotify7']); + if(x($_POST,'vnotify8')) + $vnotify += intval($_POST['vnotify8']); + if(x($_POST,'vnotify9')) + $vnotify += intval($_POST['vnotify9']); + if(x($_POST,'vnotify10')) + $vnotify += intval($_POST['vnotify10']); + if(x($_POST,'vnotify11')) + $vnotify += intval($_POST['vnotify11']); + $channel = $a->get_channel(); $err = ''; @@ -389,27 +449,22 @@ function settings_post(&$a) { } } - if($timezone != $channel['channel_timezone']) { if(strlen($timezone)) date_default_timezone_set($timezone); } - $str_group_allow = perms2str($_POST['group_allow']); - $str_contact_allow = perms2str($_POST['contact_allow']); - $str_group_deny = perms2str($_POST['group_deny']); - $str_contact_deny = perms2str($_POST['contact_deny']); - set_pconfig(local_user(),'system','use_browser_location',$allow_location); set_pconfig(local_user(),'system','suggestme', $suggestme); set_pconfig(local_user(),'system','post_newfriend', $post_newfriend); set_pconfig(local_user(),'system','post_joingroup', $post_joingroup); set_pconfig(local_user(),'system','post_profilechange', $post_profilechange); set_pconfig(local_user(),'system','blocktags',$blocktags); - set_pconfig(local_user(),'system','hide_online_status',$hide_presence); set_pconfig(local_user(),'system','channel_menu',$channel_menu); + set_pconfig(local_user(),'system','vnotify',$vnotify); + set_pconfig(local_user(),'system','evdays',$evdays); - $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d, channel_w_like = %d, channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d limit 1", + $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d", dbesc($username), intval($pageflags), dbesc($timezone), @@ -418,45 +473,20 @@ function settings_post(&$a) { intval($unkmail), intval($maxreq), intval($expire), - dbesc($def_group), - intval($arr['channel_r_stream']), - intval($arr['channel_r_profile']), - intval($arr['channel_r_photos']), - intval($arr['channel_r_abook']), - intval($arr['channel_w_stream']), - intval($arr['channel_w_wall']), - intval($arr['channel_w_tagwall']), - intval($arr['channel_w_comment']), - intval($arr['channel_w_mail']), - intval($arr['channel_w_photos']), - intval($arr['channel_w_chat']), - intval($arr['channel_a_delegate']), - intval($arr['channel_r_storage']), - intval($arr['channel_w_storage']), - intval($arr['channel_r_pages']), - intval($arr['channel_w_pages']), - intval($arr['channel_a_republish']), - intval($arr['channel_w_like']), - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), intval(local_user()) ); if($r) info( t('Settings updated.') . EOL); - $r = q("UPDATE `profile` - SET `publish` = %d, - `hide_friends` = %d - WHERE `is_default` = 1 AND `uid` = %d LIMIT 1", - intval($publish), - intval($hide_friends), - intval(local_user()) - ); + if(! is_null($publish)) { + $r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", + intval($publish), + intval(local_user()) + ); + } if($name_change) { - $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash']) @@ -786,8 +816,6 @@ function settings_content(&$a) { require_once('include/permissions.php'); - - $p = q("SELECT * FROM `profile` WHERE `is_default` = 1 AND `uid` = %d LIMIT 1", intval(local_user()) ); @@ -840,9 +868,8 @@ function settings_content(&$a) { $expire = $channel['channel_expire_days']; $adult_flag = intval($channel['channel_pageflags'] & PAGE_ADULT); - $blockwall = $a->user['blockwall']; - $unkmail = $a->user['unkmail']; - $cntunkmail = $a->user['cntunkmail']; +// $unkmail = $a->user['unkmail']; +// $cntunkmail = $a->user['cntunkmail']; $hide_presence = intval(get_pconfig(local_user(), 'system','hide_online_status')); @@ -880,8 +907,6 @@ function settings_content(&$a) { $timezone = date_default_timezone_get(); - - $opt_tpl = get_markup_template("field_yesno.tpl"); if(get_config('system','publish_all')) { $profile_in_dir = '<input type="hidden" name="profile_in_directory" value="1" />'; @@ -935,9 +960,15 @@ function settings_content(&$a) { } } + $evdays = get_pconfig(local_user(),'system','evdays'); + if(! $evdays) + $evdays = 3; $permissions_role = get_pconfig(local_user(),'system','permissions_role'); $permissions_set = (($permissions_role && $permissions_role != 'custom') ? true : false); + $vnotify = get_pconfig(local_user(),'system','vnotify'); + if($vnotify === false) + $vnotify = (-1); $o .= replace_macros($stpl,array( '$ptitle' => t('Channel Settings'), @@ -980,9 +1011,10 @@ function settings_content(&$a) { '$permdesc' => t("\x28click to open/close\x29"), '$aclselect' => populate_acl($perm_defaults,false), '$suggestme' => $suggestme, - '$group_select' => $group_select, + '$role_lbl' => t('Channel permissions category:'), + '$role_select' => role_selector($permissions_role), '$profile_in_dir' => $profile_in_dir, '$hide_friends' => $hide_friends, @@ -1006,7 +1038,23 @@ function settings_content(&$a) { '$notify7' => array('notify7', t('You are tagged in a post'), ($notify & NOTIFY_TAGSELF), NOTIFY_TAGSELF, ''), '$notify8' => array('notify8', t('You are poked/prodded/etc. in a post'), ($notify & NOTIFY_POKE), NOTIFY_POKE, ''), - + + '$lbl_vnot' => t('Show visual notifications including:'), + + '$vnotify1' => array('vnotify1', t('Unseen matrix activity'), ($vnotify & VNOTIFY_NETWORK), VNOTIFY_NETWORK, ''), + '$vnotify2' => array('vnotify2', t('Unseen channel activity'), ($vnotify & VNOTIFY_CHANNEL), VNOTIFY_CHANNEL, ''), + '$vnotify3' => array('vnotify3', t('Unseen private messages'), ($vnotify & VNOTIFY_MAIL), VNOTIFY_MAIL, t('Recommended')), + '$vnotify4' => array('vnotify4', t('Upcoming events'), ($vnotify & VNOTIFY_EVENT), VNOTIFY_EVENT, ''), + '$vnotify5' => array('vnotify5', t('Events today'), ($vnotify & VNOTIFY_EVENTTODAY), VNOTIFY_EVENTTODAY, ''), + '$vnotify6' => array('vnotify6', t('Upcoming birthdays'), ($vnotify & VNOTIFY_BIRTHDAY), VNOTIFY_BIRTHDAY, t('Not available in all themes')), + '$vnotify7' => array('vnotify7', t('System (personal) notifications'), ($vnotify & VNOTIFY_SYSTEM), VNOTIFY_SYSTEM, ''), + '$vnotify8' => array('vnotify8', t('System info messages'), ($vnotify & VNOTIFY_INFO), VNOTIFY_INFO, t('Recommended')), + '$vnotify9' => array('vnotify9', t('System critical alerts'), ($vnotify & VNOTIFY_ALERT), VNOTIFY_ALERT, t('Recommended')), + '$vnotify10' => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended')), + '$vnotify11' => array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, ''), + + '$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')), + '$h_advn' => t('Advanced Account/Page Type Settings'), '$h_descadvn' => t('Change the behaviour of this account for special situations'), '$pagetype' => $pagetype, diff --git a/mod/setup.php b/mod/setup.php index a8f3a1f47..044def15a 100755 --- a/mod/setup.php +++ b/mod/setup.php @@ -50,16 +50,18 @@ function setup_post(&$a) { $dbuser = trim($_POST['dbuser']); $dbpass = trim($_POST['dbpass']); $dbdata = trim($_POST['dbdata']); + $dbtype = intval(trim($_POST['dbtype'])); $phpath = trim($_POST['phpath']); $adminmail = trim($_POST['adminmail']); $siteurl = trim($_POST['siteurl']); require_once('include/dba/dba_driver.php'); unset($db); - $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true); + $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); if(! $db->connected) { echo "Database Connect failed: " . $db->error; killme(); + $a->data['db_conn_failed']=true; } /*if(get_db_errno()) { unset($db); @@ -80,9 +82,9 @@ function setup_post(&$a) { return; } }*/ - if(get_db_errno()) { - $a->data['db_conn_failed']=true; - } + //if(get_db_errno()) { + + //} return; break; @@ -93,6 +95,7 @@ function setup_post(&$a) { $dbuser = notags(trim($_POST['dbuser'])); $dbpass = notags(trim($_POST['dbpass'])); $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); $phpath = notags(trim($_POST['phpath'])); $timezone = notags(trim($_POST['timezone'])); $adminmail = notags(trim($_POST['adminmail'])); @@ -109,7 +112,7 @@ function setup_post(&$a) { } // connect to db - $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true); + $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); if(! $db->connected) { echo 'CRITICAL: DB not connected.'; @@ -123,6 +126,7 @@ function setup_post(&$a) { '$dbuser' => $dbuser, '$dbpass' => $dbpass, '$dbdata' => $dbdata, + '$dbtype' => $dbtype, '$timezone' => $timezone, '$siteurl' => $siteurl, '$site_id' => random_string(), @@ -187,7 +191,7 @@ function setup_content(&$a) { } if(x($a->data,'db_failed')) { - $txt = t('You may need to import the file "install/database.sql" manually using phpmyadmin or mysql.') . EOL; + $txt = t('You may need to import the file "install/schema_xxx.sql" manually using a database client.') . EOL; $txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ; $txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ; $db_return_text .= $txt; @@ -273,6 +277,7 @@ function setup_content(&$a) { $dbport = intval(notags(trim($_POST['dbport']))); $dbpass = notags(trim($_POST['dbpass'])); $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); $phpath = notags(trim($_POST['phpath'])); $adminmail = notags(trim($_POST['adminmail'])); $siteurl = notags(trim($_POST['siteurl'])); @@ -293,6 +298,7 @@ function setup_content(&$a) { '$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''), '$dbpass' => array('dbpass', t('Database Login Password'), $dbpass, ''), '$dbdata' => array('dbdata', t('Database Name'), $dbdata, ''), + '$dbtype' => array('dbtype', t('Database Type'), $dbtype, '', array( 0=>'MySQL', 1=>'PostgreSQL' )), '$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')), '$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')), @@ -316,6 +322,7 @@ function setup_content(&$a) { $dbuser = notags(trim($_POST['dbuser'])); $dbpass = notags(trim($_POST['dbpass'])); $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); $phpath = notags(trim($_POST['phpath'])); $adminmail = notags(trim($_POST['adminmail'])); @@ -335,6 +342,7 @@ function setup_content(&$a) { '$dbpass' => $dbpass, '$dbdata' => $dbdata, '$phpath' => $phpath, + '$dbtype' => $dbtype, '$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')), @@ -440,7 +448,7 @@ function check_funcs(&$checks) { check_add($ck_funcs, t('libCurl PHP module'), true, true, ""); check_add($ck_funcs, t('GD graphics PHP module'), true, true, ""); check_add($ck_funcs, t('OpenSSL PHP module'), true, true, ""); - check_add($ck_funcs, t('mysqli PHP module'), true, true, ""); + check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true, ""); check_add($ck_funcs, t('mb_string PHP module'), true, true, ""); check_add($ck_funcs, t('mcrypt PHP module'), true, true, ""); @@ -471,9 +479,9 @@ function check_funcs(&$checks) { $ck_funcs[2]['status']= false; $ck_funcs[2]['help']= t('Error: openssl PHP module required but not installed.'); } - if(! function_exists('mysqli_connect')){ + if(! function_exists('mysqli_connect') && !function_exists('pg_connect')){ $ck_funcs[3]['status']= false; - $ck_funcs[3]['help']= t('Error: mysqli PHP module required but not installed.'); + $ck_funcs[3]['help']= t('Error: mysqli or postgres PHP module required but neither are installed.'); } if(! function_exists('mb_strlen')){ $ck_funcs[4]['status']= false; @@ -579,7 +587,7 @@ function check_htaccess(&$checks) { if ((! $test['success']) || ($test['body'] != "ok")) { $status = false; - $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'); + $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true)); } check_add($checks, t('Url rewrite is working'), $status, true, $help); } else { @@ -607,8 +615,8 @@ function load_database_rem($v, $i){ function load_database($db) { - - $str = file_get_contents('install/database.sql'); + file_put_contents('debug-foo.log', 'Loading schema: '.$db->get_install_script()); + $str = file_get_contents($db->get_install_script()); $arr = explode(';',$str); $errors = false; foreach($arr as $a) { diff --git a/mod/siteinfo.php b/mod/siteinfo.php index a58f17c53..12598cc12 100644 --- a/mod/siteinfo.php +++ b/mod/siteinfo.php @@ -8,7 +8,7 @@ function siteinfo_init(&$a) { $sql_extra = ''; - $r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 ) and account_default_channel = channel_id"); + $r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 )>0 and account_default_channel = channel_id"); if($r) { diff --git a/mod/sources.php b/mod/sources.php index f4b36508f..73d78bbbf 100644 --- a/mod/sources.php +++ b/mod/sources.php @@ -47,7 +47,7 @@ function sources_post(&$a) { goaway(z_root() . '/sources'); } else { - $r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d limit 1", + $r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d", dbesc($xchan), dbesc($words), intval(local_user()), @@ -150,7 +150,7 @@ function sources_content(&$a) { notice( t('Source not found.') . EOL); return ''; } - $r = q("delete from source where src_id = %d and src_channel_id = %d limit 1", + $r = q("delete from source where src_id = %d and src_channel_id = %d", intval(argv(1)), intval(local_user()) ); diff --git a/mod/starred.php b/mod/starred.php index ca7621b0f..05b45bea3 100644 --- a/mod/starred.php +++ b/mod/starred.php @@ -21,7 +21,7 @@ function starred_init(&$a) { $item_flags = ( $r[0]['item_flags'] ^ ITEM_STARRED ); - $r = q("UPDATE item SET item_flags = %d WHERE uid = %d and id = %d LIMIT 1", + $r = q("UPDATE item SET item_flags = %d WHERE uid = %d and id = %d", intval($item_flags), intval(local_user()), intval($message_id) diff --git a/mod/subthread.php b/mod/subthread.php index 5ef0615b1..f0f54f4a6 100755 --- a/mod/subthread.php +++ b/mod/subthread.php @@ -228,7 +228,7 @@ EOT; $post_id = $post['item_id']; if(! $item['visible']) { - $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d", intval($item['id']), intval($owner_uid) ); diff --git a/mod/tagrm.php b/mod/tagrm.php index 957cf0d71..38787cb0b 100644 --- a/mod/tagrm.php +++ b/mod/tagrm.php @@ -19,24 +19,27 @@ function tagrm_post(&$a) { intval(local_user()) ); - if(! count($r)) + if(! $r) goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - $arr = explode(',', $r[0]['tag']); - for($x = 0; $x < count($arr); $x ++) { - if($arr[$x] === $tag) { - unset($arr[$x]); - break; + $r = fetch_post_tags($r,true); + + $item = $r[0]; + $new_tags = array(); + + if($item['term']) { + for($x = 0; $x < count($item['term']); $x ++) { + if($item['term'][$x]['term'] !== hex2bin($tag)) + $new_tags[] = $item['term'][$x]; } } - $tag_str = implode(',',$arr); + if($new_tags) + $item['term'] = $new_tags; + else + unset($item['term']); - q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", - dbesc($tag_str), - intval($item), - intval(local_user()) - ); + item_store_update($item); info( t('Tag removed') . EOL ); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); @@ -49,51 +52,90 @@ function tagrm_post(&$a) { function tagrm_content(&$a) { - $o = ''; - if(! local_user()) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); // NOTREACHED } - $item = (($a->argc > 1) ? intval($a->argv[1]) : 0); - if(! $item) { + // remove tag on the fly if item and tag are provided + if((argc() == 4) && (argv(1) === 'drop') && intval(argv(2))) { + + $item = intval(argv(2)); + $tag = argv(3); + + $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($item), + intval(local_user()) + ); + + if(! $r) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $r = fetch_post_tags($r,true); + + $item = $r[0]; + + $new_tags = array(); + + if($item['term']) { + for($x = 0; $x < count($item['term']); $x ++) { + if($item['term'][$x]['term'] !== hex2bin($tag)) + $new_tags[] = $item['term'][$x]; + } + } + + if($new_tags) + $item['term'] = $new_tags; + else + unset($item['term']); + + item_store_update($item); + + info( t('Tag removed') . EOL ); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - // NOTREACHED + } + //if we got only the item print a list of tags to select + if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) { - $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($item), - intval(local_user()) - ); + $o = ''; - if(! count($r)) - goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + $item = intval(argv(2)); - $arr = explode(',', $r[0]['tag']); + $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($item), + intval(local_user()) + ); - if(! count($arr)) - goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + if(! $r) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - $o .= '<h3>' . t('Remove Item Tag') . '</h3>'; + $r = fetch_post_tags($r,true); - $o .= '<p id="tag-remove-desc">' . t('Select a tag to remove: ') . '</p>'; + if(! count($r[0]['term'])) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - $o .= '<form id="tagrm" action="tagrm" method="post" >'; - $o .= '<input type="hidden" name="item" value="' . $item . '" />'; - $o .= '<ul>'; + $o .= '<h3>' . t('Remove Item Tag') . '</h3>'; + $o .= '<p id="tag-remove-desc">' . t('Select a tag to remove: ') . '</p>'; - foreach($arr as $x) { - $o .= '<li><input type="checkbox" name="tag" value="' . bin2hex($x) . '" >' . bbcode($x) . '</input></li>'; - } + $o .= '<form id="tagrm" action="tagrm" method="post" >'; + $o .= '<input type="hidden" name="item" value="' . $item . '" />'; + $o .= '<ul>'; - $o .= '</ul>'; - $o .= '<input id="tagrm-submit" type="submit" name="submit" value="' . t('Remove') .'" />'; - $o .= '<input id="tagrm-cancel" type="submit" name="submit" value="' . t('Cancel') .'" />'; - $o .= '</form>'; - return $o; + foreach($r[0]['term'] as $x) { + $o .= '<li><input type="checkbox" name="tag" value="' . bin2hex($x['term']) . '" >' . bbcode($x['term']) . '</input></li>'; + } + + $o .= '</ul>'; + $o .= '<input id="tagrm-submit" type="submit" name="submit" value="' . t('Remove') .'" />'; + $o .= '<input id="tagrm-cancel" type="submit" name="submit" value="' . t('Cancel') .'" />'; + $o .= '</form>'; + + return $o; + + } } diff --git a/mod/thing.php b/mod/thing.php index c12976f22..f53a6ab7b 100644 --- a/mod/thing.php +++ b/mod/thing.php @@ -85,7 +85,7 @@ function thing_init(&$a) { else $local_photo = $orig_record['imgurl']; - $r = q("update term set term = '%s', url = '%s', imgurl = '%s' where term_hash = '%s' and uid = %d limit 1", + $r = q("update term set term = '%s', url = '%s', imgurl = '%s' where term_hash = '%s' and uid = %d", dbesc($name), dbesc(($url) ? $url : z_root() . '/thing/' . $term_hash), dbesc($local_photo), @@ -301,12 +301,12 @@ function thing_content(&$a) { } - $x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d limit 1", + $x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d", dbesc($thing_hash), intval(TERM_OBJ_THING), intval(local_user()) ); - $x = q("delete from term where term_hash = '%s' and uid = %d limit 1", + $x = q("delete from term where term_hash = '%s' and uid = %d", dbesc($thing_hash), intval(local_user()) ); diff --git a/mod/viewconnections.php b/mod/viewconnections.php index 40ce28efe..40d26c823 100644 --- a/mod/viewconnections.php +++ b/mod/viewconnections.php @@ -37,7 +37,7 @@ function viewconnections_content(&$a) { $xchan_flags = $xchan_flags | XCHAN_FLAGS_HIDDEN; } - $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d ) and not ( xchan_flags & %d ) ", + $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d )>0 and not ( xchan_flags & %d )>0 ", intval($a->profile['uid']), intval($abook_flags), intval($xchan_flags) @@ -46,12 +46,12 @@ function viewconnections_content(&$a) { $a->set_pager_total($r[0]['total']); } - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not ( abook_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not ( abook_flags & %d )>0 and not ( xchan_flags & %d )>0 order by xchan_name LIMIT %d OFFSET %d ", intval($a->profile['uid']), intval($abook_flags), intval($xchan_flags), - intval($a->pager['start']), - intval($a->pager['itemspage']) + intval($a->pager['itemspage']), + intval($a->pager['start']) ); if(! $r) { diff --git a/mod/webpages.php b/mod/webpages.php index a5cfd00e6..baddebec8 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -1,37 +1,64 @@ <?php -function webpages_content(&$a) { +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + +function webpages_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } if(argc() > 1) $which = argv(1); - else { + else + return; + + profile_load($a,$which); + +} + + +function webpages_content(&$a) { + + if(! $a->profile) { notice( t('Requested profile is not available.') . EOL ); $a->error = 404; return; } - $profile = 0; - $channel = $a->get_channel(); - - if((local_user()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; - $profile = argv(1); - } + $which = argv(1); - profile_load($a,$which,$profile); + $uid = local_user(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + $channel = $a->get_channel(); - // Figure out who the page owner is. - $r = q("select channel_id from channel where channel_address = '%s'", - dbesc($which) - ); - if($r) { - $owner = intval($r[0]['channel_id']); + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } } - // Get the observer, check their permissions + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } - $observer = $a->get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); $perms = get_all_perms($owner,$ob_hash); @@ -41,11 +68,6 @@ function webpages_content(&$a) { return; } -// if(local_user() && local_user() == $owner) { -// $a->set_widget('design',design_tools()); -// } - - if(feature_enabled($owner,'expert')) { $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); if(! $mimetype) @@ -60,14 +82,16 @@ function webpages_content(&$a) { $layout = 'choose'; -// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages -// Nickname is set to the observers xchan, and profile_uid to the owners. This lets you post pages at other people's channels. - require_once ('include/conversation.php'); - require_once('include/acl_selectors.php'); + // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages + // Nickname is set to the observers xchan, and profile_uid to the owner's. + // This lets you post pages at other people's channels. + - if(local_user() && local_user() == $a->profile_uid) { + if((! $channel) && ($uid) && ($uid == $a->profile_uid)) { $channel = $a->get_channel(); + } + if($channel) { $channel_acl = array( 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], @@ -78,21 +102,20 @@ function webpages_content(&$a) { else $channel_acl = array(); - require_once('include/conversation.php'); - $o = profile_tabs($a,true); + $o = profile_tabs($a,true); $x = array( - 'webpage' => ITEM_WEBPAGE, - 'is_owner' => true, - 'nickname' => $a->profile['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'bang' => (($group || $cid) ? '!' : ''), - 'acl' => ((local_user() && local_user() == $owner) ? populate_acl($channel_acl,false) : ''), - 'visitor' => true, + 'webpage' => ITEM_WEBPAGE, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'acl' => (($uid && $uid == $owner) ? populate_acl($channel_acl,false) : ''), + 'visitor' => true, 'profile_uid' => intval($owner), - 'mimetype' => $mimetype, - 'layout' => $layout, + 'mimetype' => $mimetype, + 'layout' => $layout, ); if($_REQUEST['title']) @@ -104,10 +127,12 @@ function webpages_content(&$a) { $o .= status_editor($a,$x); - // Get a list of webpages. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. + // Get a list of webpages. We can't display all them because endless scroll makes that unusable, + // so just list titles and an edit link. //TODO - this should be replaced with pagelist_widget - $r = q("select * from item_id left join item on item_id.iid = item.id where item_id.uid = %d and service = 'WEBPAGE' order by item.created desc", + $r = q("select * from item_id left join item on item_id.iid = item.id + where item_id.uid = %d and service = 'WEBPAGE' order by item.created desc", intval($owner) ); @@ -117,30 +142,36 @@ function webpages_content(&$a) { $pages = array(); foreach($r as $rr) { unobscure($rr); - $pages[$rr['iid']][] = array('url' => $rr['iid'],'pagetitle' => $rr['sid'],'title' => $rr['title'],'created' => datetime_convert('UTC',date_default_timezone_get(),$rr['created']),'edited' => datetime_convert('UTC',date_default_timezone_get(),$rr['edited'])); + $pages[$rr['iid']][] = array( + 'url' => $rr['iid'], + 'pagetitle' => $rr['sid'], + 'title' => $rr['title'], + 'created' => datetime_convert('UTC',date_default_timezone_get(),$rr['created']), + 'edited' => datetime_convert('UTC',date_default_timezone_get(),$rr['edited']) + ); } } -//Build the base URL for edit links - $url = z_root() . "/editwebpage/" . $which; -// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). - return $o . replace_macros(get_markup_template("webpagelist.tpl"), array( - '$listtitle' => t('Webpages'), - '$baseurl' => $url, - '$edit' => t('Edit'), - '$pages' => $pages, - '$channel' => $which, - '$view' => t('View'), - '$preview' => t('Preview'), - '$actions_txt' => t('Actions'), + //Build the base URL for edit links + $url = z_root() . '/editwebpage/' . $which; + + $o .= replace_macros(get_markup_template('webpagelist.tpl'), array( + '$listtitle' => t('Webpages'), + '$baseurl' => $url, + '$edit' => t('Edit'), + '$pages' => $pages, + '$channel' => $which, + '$view' => t('View'), + '$preview' => t('Preview'), + '$actions_txt' => t('Actions'), '$pagelink_txt' => t('Page Link'), - '$title_txt' => t('Title'), - '$created_txt' => t('Created'), - '$edited_txt' => t('Edited') + '$title_txt' => t('Title'), + '$created_txt' => t('Created'), + '$edited_txt' => t('Edited') -)); + )); - $o .= '</div>'; + return $o; } diff --git a/mod/zfinger.php b/mod/zfinger.php index 666f141ec..6f4febc6f 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -74,12 +74,12 @@ function zfinger_init(&$a) { */ $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash - where ( channel_pageflags & %d ) order by channel_id limit 1", + where ( channel_pageflags & %d )>0 order by channel_id limit 1", intval(PAGE_SYSTEM) ); if(! $r) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash - where not ( channel_pageflags & %d ) order by channel_id limit 1", + where not ( channel_pageflags & %d )>0 order by channel_id limit 1", intval(PAGE_REMOVED) ); } @@ -108,6 +108,21 @@ function zfinger_init(&$a) { if($deleted || $censored) $searchable = false; + $public_forum = false; + + $role = get_pconfig($e['channel_id'],'system','permissions_role'); + if($role === 'forum') { + $public_forum = true; + } + else { + // check if it has characteristics of a public forum based on custom permissions. + $t = q("select abook_my_perms from abook where abook_channel = %d and (abook_flags & %d)>0 limit 1", + intval($e['channel_id']), + intval(ABOOK_FLAG_SELF) + ); + if($t && ($t[0]['abook_my_perms'] & PERMS_W_TAGWALL)) + $public_forum = true; + } // This is for birthdays and keywords, but must check access permissions @@ -174,6 +189,7 @@ function zfinger_init(&$a) { $ret['target_sig'] = $zsig; $ret['searchable'] = $searchable; $ret['adult_content'] = $adult_channel; + $ret['public_forum'] = $public_forum; if($deleted) $ret['deleted'] = $deleted; diff --git a/mod/zotfeed.php b/mod/zotfeed.php index 480e886cd..9ad93c1d4 100644 --- a/mod/zotfeed.php +++ b/mod/zotfeed.php @@ -21,7 +21,7 @@ function zotfeed_init(&$a) { $channel_address = ((argc() > 1) ? argv(1) : ''); if($channel_address) { - $r = q("select channel_id, channel_name from channel where channel_address = '%s' and not (channel_pageflags & %d) limit 1", + $r = q("select channel_id, channel_name from channel where channel_address = '%s' and not (channel_pageflags & %d)>0 limit 1", dbesc(argv(1)), intval(PAGE_REMOVED) ); @@ -38,7 +38,7 @@ function zotfeed_init(&$a) { logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); - $result['messages'] = zot_feed($r[0]['channel_id'],$observer['xchan_hash'],$mindate); + $result['messages'] = zot_feed($r[0]['channel_id'],$observer['xchan_hash'],array('mindate' => $mindate)); $result['success'] = true; json_return_and_die($result); |