diff options
author | Christian Vogeley <christian.vogeley@hotmail.de> | 2013-12-22 14:31:27 +0100 |
---|---|---|
committer | Christian Vogeley <christian.vogeley@hotmail.de> | 2013-12-22 14:31:27 +0100 |
commit | 870df76463a1cc9823b364db0bfb387f3f46664f (patch) | |
tree | a8c7391bfe799703aa0a8f26b9ee788f1204e8be /mod | |
parent | 25a533bd72c34e9775af71c010a39db6caf7b633 (diff) | |
parent | 7e7b5bfa4930493a8feae10b0550e29797956c70 (diff) | |
download | volse-hubzilla-870df76463a1cc9823b364db0bfb387f3f46664f.tar.gz volse-hubzilla-870df76463a1cc9823b364db0bfb387f3f46664f.tar.bz2 volse-hubzilla-870df76463a1cc9823b364db0bfb387f3f46664f.zip |
Merge remote-tracking branch 'upstream/master' into bootstrap
Conflicts:
view/php/theme_init.php
Diffstat (limited to 'mod')
59 files changed, 1745 insertions, 3077 deletions
diff --git a/mod/admin.php b/mod/admin.php index fad03e34a..91dd0b56e 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -234,6 +234,7 @@ function admin_page_site_post(&$a){ $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); $block_public = ((x($_POST,'block_public')) ? True : False); $force_publish = ((x($_POST,'publish_all')) ? True : False); + $no_login_on_homepage = ((x($_POST,'no_login_on_homepage')) ? True : False); $global_directory = ((x($_POST,'directory_submit_url')) ? notags(trim($_POST['directory_submit_url'])) : ''); $no_community_page = !((x($_POST,'no_community_page')) ? True : False); @@ -291,6 +292,7 @@ function admin_page_site_post(&$a){ set_config('system','poll_interval',$poll_interval); set_config('system','maxloadavg',$maxloadavg); set_config('system','sitename',$sitename); + set_config('system','no_login_on_homepage',$no_login_on_homepage); if ($banner=="") { del_config('system','banner'); @@ -423,7 +425,7 @@ function admin_page_site(&$a) { '$baseurl' => $a->get_baseurl(true), // name, label, value, help string, extra data... - '$sitename' => array('sitename', t("Site name"), htmlentities(get_config('system','sitename'), ENT_QUOTES), ""), + '$sitename' => array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''), '$banner' => array('banner', t("Banner/Logo"), $banner, ""), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices), @@ -434,12 +436,13 @@ function admin_page_site(&$a) { '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), '$register_policy' => array('register_policy', t("Register policy"), get_config('system','register_policy'), "", $register_choices), '$access_policy' => array('access_policy', t("Access policy"), get_config('system','access_policy'), "", $access_choices), - '$register_text' => array('register_text', t("Register text"), htmlentities(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), + '$register_text' => array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')), '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")), '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")), '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.")), '$force_publish' => array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")), + '$no_login_on_homepage' => array('no_login_on_homepage', t("No login on Homepage"), get_config('system','no_login_on_homepage'), t("Check to hide the login form from your sites homepage when visitors arrive who are not logged in (e.g. when you put the content of the homepage in via the site channel).")), '$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""), '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""), @@ -474,7 +477,7 @@ function admin_page_hubloc(&$a) { '$title' => t('Administration'), '$page' => t('Server'), '$queues' => $queues, - '$accounts' => $accounts, + //'$accounts' => $accounts, /*$accounts is empty here*/ '$pending' => Array( t('Pending registrations'), $pending), '$plugins' => Array( t('Active plugins'), $a->plugins ) )); @@ -563,7 +566,7 @@ function admin_page_users_post(&$a){ if (x($_POST,'page_users_delete')){ require_once("include/Contact.php"); foreach($users as $uid){ - user_remove($uid); + account_remove($uid,true); } notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) ); } @@ -605,9 +608,9 @@ function admin_page_users(&$a){ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); // delete user require_once("include/Contact.php"); - user_remove($uid); + account_remove($uid,true); - notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL); + notice( sprintf(t("User '%s' deleted"), $account[0]['account_email']) . EOL); }; break; case "block":{ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); @@ -625,7 +628,7 @@ function admin_page_users(&$a){ } /* get pending */ - $pending = q("SELECT * from account where (account_flags & %d ) ", + $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) ", intval(ACCOUNT_PENDING) ); @@ -640,26 +643,39 @@ function admin_page_users(&$a){ // WEe'll still need to link email addresses to admin/users/channels or some such, but this bit doesn't exist yet. // That's where we need to be doing last post/channel flags/etc, not here. - $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_service_class` FROM `account`", - intval($a->pager['start']), - intval($a->pager['itemspage']) - ); - - function _setup_users($e){ - $accounts = Array( - t('Normal Account'), - t('Soapbox Account'), - t('Community/Celebrity Account'), - t('Automatic Friend Account') - ); - $e['page_flags'] = $accounts[$e['page-flags']]; - $e['register_date'] = relative_date($e['register_date']); - $e['login_date'] = relative_date($e['login_date']); - $e['lastitem_date'] = relative_date($e['lastitem_date']); - return $e; - } - $users = array_map("_setup_users", $users); + + $serviceclass = (($_REQUEST['class']) ? " and account_service_class = '" . dbesc($_REQUEST['class']) . "' " : ''); + + + $order = " order by account_email asc "; + if($_REQUEST['order'] === 'expires') + $order = " order by account_expires desc "; + + $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d ) > 0 as `blocked`, " . + "(SELECT GROUP_CONCAT( ch.channel_address SEPARATOR ' ') FROM channel as ch " . + "WHERE ch.channel_account_id = ac.account_id) as `channels` " . + "FROM account as ac where true $serviceclass $order limit %d , %d ", + intval(ACCOUNT_BLOCKED), + intval($a->pager['start']), + intval($a->pager['itemspage']) + ); + +// function _setup_users($e){ +// $accounts = Array( +// t('Normal Account'), +// t('Soapbox Account'), +// t('Community/Celebrity Account'), +// t('Automatic Friend Account') +// ); + +// $e['page_flags'] = $accounts[$e['page-flags']]; +// $e['register_date'] = relative_date($e['register_date']); +// $e['login_date'] = relative_date($e['login_date']); +// $e['lastitem_date'] = relative_date($e['lastitem_date']); +// return $e; +// } +// $users = array_map("_setup_users", $users); $t = get_markup_template("admin_users.tpl"); @@ -677,9 +693,9 @@ function admin_page_users(&$a){ '$delete' => t('Delete'), '$block' => t('Block'), '$unblock' => t('Unblock'), - + '$h_users' => t('Users'), - '$th_users' => array( t('Email'), t('Register date'), t('Last login'), t('Service Class')), + '$th_users' => array( t('ID'), t('Email'), t('All Channels'), t('Register date'), t('Last login'), t('Expires'), t('Service Class')), '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), diff --git a/mod/allfriends.php b/mod/allfriends.php deleted file mode 100644 index bb4df30be..000000000 --- a/mod/allfriends.php +++ /dev/null @@ -1,60 +0,0 @@ -<?php - -require_once('include/socgraph.php'); - -function allfriends_content(&$a) { - - $o = ''; - - if(! local_user()) { - notice( t('Permission denied.') . EOL); - return; - } - - if(argc() > 1) - $cid = intval(argv(1)); - if(! $cid) - return; - - $c = q("select name, url, photo from contact where id = %d and uid = %d limit 1", - intval($cid), - intval(local_user()) - ); - - $a->page['aside'] .= '<div class="vcard">' - . '<div class="fn label">' . $c[0]['name'] . '</div>' - . '<div id="profile-photo-wrapper">' - . '<a href="/contacts/' . $cid . '"><img class="photo" width="175" height="175" - src="' . $c[0]['photo'] . '" alt="' . $c[0]['name'] . '" /></div>' - . '</div>'; - - - if(! count($c)) - return; - - $o .= '<h2>' . sprintf( t('Friends of %s'), $c[0]['name']) . '</h2>'; - - - $r = all_friends(local_user(),$cid); - - if(! count($r)) { - $o .= t('No friends to display.'); - return $o; - } - - $tpl = get_markup_template('common_friends.tpl'); - - foreach($r as $rr) { - - $o .= replace_macros($tpl,array( - '$url' => $rr['url'], - '$name' => $rr['name'], - '$photo' => $rr['photo'], - '$tags' => '' - )); - } - - $o .= cleardiv(); -// $o .= paginate($a); - return $o; -} diff --git a/mod/authtest.php b/mod/authtest.php new file mode 100644 index 000000000..7747ea504 --- /dev/null +++ b/mod/authtest.php @@ -0,0 +1,50 @@ +<?php + +require_once('include/zot.php'); +require_once('mod/magic.php'); + +function authtest_content(&$a) { + + + $auth_success = false; + $o .= '<h3>Magic-Auth Diagnostic</h3>'; + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return $o; + } + + $o .= '<form action="authtest" method="get">'; + $o .= 'Target URL: <input type="text" style="width: 250px;" name="dest" value="' . $_GET['dest'] .'" />'; + $o .= '<input type="submit" name="submit" value="Submit" /></form>'; + + $o .= '<br /><br />'; + + if(x($_GET,'dest')) { + $_REQUEST['test'] = 1; + $x = magic_init($a); + $o .= 'Local Setup returns: ' . print_r($x,true); + + + + if($x['url']) { + $z = z_fetch_url($x['url'] . '&test=1'); + if($z['success']) { + $j = json_decode($z['body'],true); + if(! $j) + $o .= 'json_decode failure from remote site. ' . print_r($z['body'],true); + $o .= 'Remote site responded: ' . print_r($j,true); + if(strpos($j,'Authentication Success')) + $auth_success = true; + } + else { + $o .= 'fetch url failure.' . print_r($z,true); + } + } + + if(! $auth_success) + $o .= 'Authentication Failed!' . EOL; + } + + return str_replace("\n",'<br />',$o); +} diff --git a/mod/blocks.php b/mod/blocks.php index 4604790c3..9a4e0b1ca 100644 --- a/mod/blocks.php +++ b/mod/blocks.php @@ -45,9 +45,9 @@ function blocks_content(&$a) { return; } - if(local_user() && local_user() == $owner) { - $a->set_widget('design',design_tools()); - } +// if(local_user() && local_user() == $owner) { + // $a->set_widget('design',design_tools()); + // } diff --git a/mod/channel.php b/mod/channel.php index e5af91b53..149936dd7 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -1,5 +1,14 @@ <?php +require_once('include/contact_widgets.php'); +require_once('include/items.php'); +require_once("include/bbcode.php"); +require_once('include/security.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); +require_once('include/permissions.php'); + + function channel_init(&$a) { $which = null; @@ -34,46 +43,10 @@ function channel_init(&$a) { } - -function channel_aside(&$a) { - - require_once('include/contact_widgets.php'); - require_once('include/items.php'); - - if(! $a->profile['profile_uid']) - return; - - $channel_display = get_pconfig($a->profile['profile_uid'],'system','channel_format'); - if(! $channel_display) - profile_create_sidebar($a); - - if($channel_display === 'full') - $a->page['template'] = 'full'; - else { - $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat']) : ''); - $a->set_widget('archive',posted_date_widget($a->get_baseurl(true) . '/channel/' . $a->profile['channel_address'],$a->profile['profile_uid'],true)); - $a->set_widget('categories',categories_widget($a->get_baseurl(true) . '/channel/' . $a->profile['channel_address'],$cat)); - } - if(feature_enabled($a->profile['profile_uid'],'tagadelic')) - $a->set_widget('tagcloud',tagblock('search',$a->profile['profile_uid'],50,$a->profile['channel_hash'],ITEM_WALL)); - -} - - function channel_content(&$a, $update = 0, $load = false) { $category = $datequery = $datequery2 = ''; - // if(argc() > 2) { - // for($x = 2; $x < argc(); $x ++) { - // if(is_a_date_arg(argv($x))) { - // if($datequery) - // $datequery2 = escape_tags(argv($x)); - // else - // $datequery = escape_tags(argv($x)); - // } - // } - // } $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); @@ -81,16 +54,6 @@ function channel_content(&$a, $update = 0, $load = false) { return login(); } - - - require_once("include/bbcode.php"); - require_once('include/security.php'); - require_once('include/conversation.php'); - require_once('include/acl_selectors.php'); - require_once('include/items.php'); - require_once('include/permissions.php'); - - $category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : ''); $groups = array(); @@ -131,6 +94,13 @@ function channel_content(&$a, $update = 0, $load = false) { $o .= common_friends_visitor_widget($a->profile['profile_uid']); + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + if($perms['post_wall']) { @@ -140,7 +110,7 @@ function channel_content(&$a, $update = 0, $load = false) { 'default_location' => (($is_owner) ? $a->profile['channel_location'] : ''), 'nickname' => $a->profile['channel_address'], 'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel, false) : ''), + 'acl' => (($is_owner) ? populate_acl($channel_acl) : ''), 'showacl' => (($is_owner) ? 'yes' : ''), 'bang' => '', 'visitor' => (($is_owner || $observer) ? 'block' : 'none'), @@ -195,7 +165,7 @@ function channel_content(&$a, $update = 0, $load = false) { $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); - if($load) { + if($load || ($_COOKIE['jsAvailable'] != 1)) { $r = q("SELECT distinct id AS item_id FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE uid = %d AND item_restrict = 0 @@ -287,9 +257,13 @@ function channel_content(&$a, $update = 0, $load = false) { } - $o .= conversation($a,$items,'channel',$update,'client'); + if($_COOKIE['jsAvailable'] == 1) { + $o .= conversation($a,$items,'channel',$update,'client'); + } else { + $o .= conversation($a,$items,'channel',$update,'traditional'); + } - if(! $update) + if((! $update) || ($_COOKIE['jsAvailable'] != 1)) $o .= alt_pager($a,count($items)); return $o; diff --git a/mod/chanview.php b/mod/chanview.php index f183fbdf1..55f7e95d6 100644 --- a/mod/chanview.php +++ b/mod/chanview.php @@ -38,17 +38,16 @@ function chanview_content(&$a) { ); } if($r) { - $xchan = $r[0]; + $a->poi = $r[0]; } - // Here, let's see if we have an xchan. If we don't, how we proceed is determined by what // info we do have. If it's a URL, we can offer to visit it directly. If it's a webbie or // address, we can and should try to import it. If it's just a hash, we can't continue, but we // probably wouldn't have a hash if we don't already have an xchan for this channel. - if(! $xchan) { + if(! $a->poi) { logger('mod_chanview: fallback'); // This is hackish - construct a zot address from the url if($_REQUEST['url']) { @@ -68,20 +67,20 @@ function chanview_content(&$a) { dbesc($_REQUEST['address']) ); if($r) - $xchan = $r[0]; + $a->poi = $r[0]; } } } - if(! $xchan) { + if(! $a->poi) { notice( t('Channel not found.') . EOL); return; } $url = (($observer) - ? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] - : $xchan['xchan_url'] + ? z_root() . '/magic?f=&dest=' . $a->poi['xchan_url'] . '&addr=' . $a->poi['xchan_addr'] + : $a->poi['xchan_url'] ); // let somebody over-ride the iframed viewport presentation @@ -89,10 +88,6 @@ function chanview_content(&$a) { if(local_user() && get_pconfig(local_user(),'system','chanview_full')) goaway($url); - - if($xchan['xchan_hash']) - $a->set_widget('vcard',vcard_from_xchan($xchan,$observer,'chanview')); - $o = replace_macros(get_markup_template('chanview.tpl'),array( '$url' => $url, '$full' => t('toggle full screen mode') diff --git a/mod/common.php b/mod/common.php index 4afaf37eb..e19a9d3a9 100644 --- a/mod/common.php +++ b/mod/common.php @@ -21,14 +21,6 @@ function common_init(&$a) { } -function common_aside(&$a) { - if(! $a->profile['profile_uid']) - return; - - profile_create_sidebar($a); -} - - function common_content(&$a) { $o = ''; diff --git a/mod/connect.php b/mod/connect.php index 93f994af5..f7748bcaf 100644 --- a/mod/connect.php +++ b/mod/connect.php @@ -23,10 +23,6 @@ function connect_init(&$a) { $a->data['channel'] = $r[0]; profile_load($a,$which,''); - - profile_create_sidebar($a,false); - - } function connect_post(&$a) { diff --git a/mod/connections.php b/mod/connections.php index 1ad9fedbc..2119c69c7 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -6,49 +6,19 @@ require_once('include/contact_selectors.php'); require_once('include/group.php'); require_once('include/contact_widgets.php'); require_once('include/zot.php'); +require_once('include/widgets.php'); function connections_init(&$a) { if(! local_user()) return; - if((argc() == 2) && intval(argv(1))) { - $r = q("SELECT abook.*, xchan.* - FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and abook_id = %d LIMIT 1", - intval(local_user()), - intval(argv(1)) - ); - if($r) { - $a->data['abook'] = $r[0]; - } - } - $channel = $a->get_channel(); if($channel) head_set_icon($channel['xchan_photo_s']); } -function connections_aside(&$a) { - - if (! local_user()) - return; - - if(x($a->data,'abook')) { - $a->set_widget('vcard',vcard_from_xchan($a->data['abook'],$a->get_observer())); - } - else { - $a->set_widget('follow', follow_widget()); - } - - $a->set_widget('collections', group_side('connections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : ''))); - $a->set_widget('findpeople',findpeople_widget()); - -} - - - function connections_post(&$a) { if(! local_user()) @@ -129,10 +99,25 @@ function connections_post(&$a) { } if($new_friend) { + $channel = $a->get_channel(); + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash(local_user(),$default_group); + if($g) + group_add_member(local_user(),'',$a->data['abook_xchan'],$g['id']); + } + + + // Check if settings permit ("post new friend activity" is allowed, and // friends in general or this friend in particular aren't hidden) // and send out a new friend activity // TODO + + // pull in a bit of content if there is any to pull in + proc_run('php','include/onepoll.php',$contact_id); + } // Refresh the structure in memory with the new data @@ -147,6 +132,11 @@ function connections_post(&$a) { $a->data['abook'] = $r[0]; } + if($new_friend) { + $arr = array('channel_id' => local_user(), 'abook' => $a->data['abook']); + call_hooks('accept_follow', $arr); + } + connections_clone($a); return; @@ -178,319 +168,6 @@ function connections_content(&$a) { return login(); } - if(argc() == 3) { - - $contact_id = intval(argv(1)); - if(! $contact_id) - return; - - $cmd = argv(2); - - $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) and not ( abook_flags & %d ) LIMIT 1", - intval($contact_id), - intval(local_user()), - intval(ABOOK_FLAG_SELF), - // allow drop even if pending, just duplicate the self query - intval(($cmd === 'drop') ? ABOOK_FLAG_SELF : ABOOK_FLAG_PENDING) - ); - - if(! count($orig_record)) { - notice( t('Could not access address book record.') . EOL); - goaway($a->get_baseurl(true) . '/connections'); - } - - if($cmd === 'update') { - - // pull feed and consume it, which should subscribe to the hub. - proc_run('php',"include/poller.php","$contact_id"); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - - } - - if($cmd === 'refresh') { - if(! zot_refresh($orig_record[0],get_app()->get_channel())) - notice( t('Refresh failed - channel is currently unavailable.') ); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - if($cmd === 'block') { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_BLOCKED)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_BLOCKED) - ? t('Channel has been unblocked') - : t('Channel has been blocked')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - if($cmd === 'ignore') { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_IGNORED)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_IGNORED) - ? t('Channel has been unignored') - : t('Channel has been ignored')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - if($cmd === 'archive') { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_ARCHIVED)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_ARCHIVED) - ? t('Channel has been unarchived') - : t('Channel has been archived')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - if($cmd === 'hide') { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_HIDDEN)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_HIDDEN) - ? t('Channel has been unhidden') - : t('Channel has been hidden')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - // We'll prevent somebody from unapproving a contact. - - if($cmd === 'approve') { - if($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_PENDING)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) - ? t('Channel has been approved') - : t('Channel has been unapproved')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - } - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - - if($cmd === 'drop') { - - require_once('include/Contact.php'); -// FIXME -// terminate_friendship($a->get_channel(),$orig_record[0]); - - contact_remove(local_user(), $orig_record[0]['abook_id']); -// FIXME - send to clones - info( t('Contact has been removed.') . EOL ); - if(x($_SESSION,'return_url')) - goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']); - goaway($a->get_baseurl(true) . '/contacts'); - - } - } - - if((x($a->data,'abook')) && (is_array($a->data['abook']))) { - - $contact_id = $a->data['abook']['abook_id']; - $contact = $a->data['abook']; - - - $tabs = array( - - array( - 'label' => t('View Profile'), - 'url' => $a->get_baseurl(true) . '/chanview/?f=&cid=' . $contact['abook_id'], - 'sel' => '', - 'title' => sprintf( t('View %s\'s profile'), $contact['xchan_name']), - ), - - array( - 'label' => t('Refresh Permissions'), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/refresh', - 'sel' => '', - 'title' => t('Fetch updated permissions'), - ), - - array( - 'label' => t('Recent Activity'), - 'url' => $a->get_baseurl(true) . '/network/?f=&cid=' . $contact['abook_id'], - 'sel' => '', - 'title' => t('View recent posts and comments'), - ), - - array( - 'label' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? t('Unblock') : t('Block')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/block', - 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? 'active' : ''), - 'title' => t('Block or Unblock this connection'), - ), - - array( - 'label' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? t('Unignore') : t('Ignore')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/ignore', - 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? 'active' : ''), - 'title' => t('Ignore or Unignore this connection'), - ), - array( - 'label' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? t('Unarchive') : t('Archive')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/archive', - 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? 'active' : ''), - 'title' => t('Archive or Unarchive this connection'), - ), - array( - 'label' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? t('Unhide') : t('Hide')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/hide', - 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? 'active' : ''), - 'title' => t('Hide or Unhide this connection'), - ), - - array( - 'label' => t('Delete'), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/drop', - 'sel' => '', - 'title' => t('Delete this connection'), - ), - - ); - - $self = false; - - if(! ($contact['abook_flags'] & ABOOK_FLAG_SELF)) { - $tab_tpl = get_markup_template('common_tabs.tpl'); - $t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); - } - else - $self = true; - - $a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array( - '$baseurl' => $a->get_baseurl(true), - '$editselect' => $editselect - )); - - require_once('include/contact_selectors.php'); - - $tpl = get_markup_template("abook_edit.tpl"); - - if(feature_enabled(local_user(),'affinity')) { - - $slider_tpl = get_markup_template('contact_slider.tpl'); - $slide = replace_macros($slider_tpl,array( - '$me' => t('Me'), - '$val' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 99), - '$intimate' => t('Best Friends'), - '$friends' => t('Friends'), - '$oldfriends' => t('Former Friends'), - '$acquaintances' => t('Acquaintances'), - '$world' => t('Unknown') - )); - } - - $perms = array(); - $channel = $a->get_channel(); - - $global_perms = get_perms(); - $existing = get_all_perms(local_user(),$contact['abook_xchan']); - - $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication')); - - foreach($global_perms as $k => $v) { - $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : ''); - - // For auto permissions (when $self is true) we don't want to look at existing - // permissions because they are enabled for the channel owner - - if((! $self) && ($existing[$k])) - $thisperm = "1"; - - $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4]); - } - - $o .= replace_macros($tpl,array( - - '$header' => (($self) ? t('Automatic Permissions Settings') : sprintf( t('Connections: settings for %s'),$contact['xchan_name'])), - '$addr' => $contact['xchan_addr'], - '$notself' => (($self) ? '' : '1'), - '$self' => (($self) ? '1' : ''), - '$autolbl' => t('When receiving a channel introduction, any permissions provided here will be applied to the new connection automatically and the introduction approved. Leave this page if you do not wish to use this feature.'), - '$viewprof' => t('View Profile'), - '$lbl_slider' => t('Slide to adjust your degree of friendship'), - '$slide' => $slide, - '$tabs' => $t, - '$tab_str' => $tab_str, - '$is_pending' => (($contact['abook_flags'] & ABOOK_FLAG_PENDING) ? 1 : ''), - '$unapproved' => $unapproved, - '$inherited' => t('inherited'), - '$approve' => t('Approve this connection'), - '$noperms' => (((! $self) && (! $contact['abook_my_perms'])) ? t('Connection has no individual permissions!') : ''), - '$noperm_desc' => (((! $self) && (! $contact['abook_my_perms'])) ? t('This may be appropriate based on your <a href="settings">privacy settings</a>, though you may wish to review the "Advanced Permissions".') : ''), - '$submit' => t('Submit'), - '$lbl_vis1' => t('Profile Visibility'), - '$lbl_vis2' => sprintf( t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), - '$lbl_info1' => t('Contact Information / Notes'), - '$infedit' => t('Edit contact notes'), - '$close' => $contact['abook_closeness'], - '$them' => t('Their Settings'), - '$me' => t('My Settings'), - '$perms' => $perms, - '$forum' => t('Forum Members'), - '$soapbox' => t('Soapbox'), - '$full' => t('Full Sharing'), - '$cautious' => t('Cautious Sharing'), - '$follow' => t('Follow Only'), - '$permlbl' => t('Individual Permissions'), - '$permnote' => t('Some permissions may be inherited from your <a href="settings">privacy settings</a>, which have higher priority. Changing those on this page will have no effect.'), - '$advanced' => t('Advanced Permissions'), - '$quick' => t('Quick Links'), - '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'], - '$all_friends' => $all_friends, - '$relation_text' => $relation_text, - '$visit' => sprintf( t('Visit %s\'s profile - %s'),$contact['xchan_name'],$contact['xchan_url']), - '$blockunblock' => t('Block/Unblock contact'), - '$ignorecont' => t('Ignore contact'), - '$lblcrepair' => t("Repair URL settings"), - '$lblrecent' => t('View conversations'), - '$lblsuggest' => $lblsuggest, - '$delete' => t('Delete contact'), - '$poll_interval' => contact_poll_interval($contact['priority'],(! $poll_enabled)), - '$poll_enabled' => $poll_enabled, - '$lastupdtext' => t('Last update:'), - '$lost_contact' => $lost_contact, - '$updpub' => t('Update public posts'), - '$last_update' => $last_update, - '$udnow' => t('Update now'), - '$profile_select' => contact_profile_assign($contact['abook_profile']), - '$multiprofs' => feature_enabled(local_user(),'multi_profiles'), - '$contact_id' => $contact['abook_id'], - '$block_text' => (($contact['blocked']) ? t('Unblock') : t('Block') ), - '$ignore_text' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ), - '$blocked' => (($contact['blocked']) ? t('Currently blocked') : ''), - '$ignored' => (($contact['readonly']) ? t('Currently ignored') : ''), - '$archived' => (($contact['archive']) ? t('Currently archived') : ''), - '$pending' => (($contact['archive']) ? t('Currently pending') : ''), - '$hidden' => array('hidden', t('Hide this contact from others'), ($contact['hidden'] == 1), t('Replies/likes to your public posts <strong>may</strong> still be visible')), - '$photo' => $contact['photo'], - '$name' => $contact['name'], - '$dir_icon' => $dir_icon, - '$alt_text' => $alt_text, - '$sparkle' => $sparkle, - '$url' => $url - - )); - - $arr = array('contact' => $contact,'output' => $o); - - call_hooks('contact_edit', $arr); - - return $arr['output']; - - } - $blocked = false; $hidden = false; $ignored = false; @@ -623,9 +300,10 @@ function connections_content(&$a) { $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - where abook_channel = %d and not (abook_flags & %d) $sql_extra $sql_extra2 ", + where abook_channel = %d and not (abook_flags & %d) and not (xchan_flags & %d ) $sql_extra $sql_extra2 ", intval(local_user()), - intval(ABOOK_FLAG_SELF) + intval(ABOOK_FLAG_SELF), + intval(XCHAN_FLAGS_DELETED) ); if(count($r)) { $a->set_pager_total($r[0]['total']); @@ -633,9 +311,10 @@ function connections_content(&$a) { } $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - WHERE abook_channel = %d and not (abook_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", + WHERE abook_channel = %d and not (abook_flags & %d) and not ( xchan_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", intval(local_user()), intval(ABOOK_FLAG_SELF), + intval(XCHAN_FLAGS_DELETED), intval($a->pager['start']), intval($a->pager['itemspage']) ); @@ -649,7 +328,6 @@ function connections_content(&$a) { $contacts[] = array( 'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']), 'edit_hover' => t('Edit contact'), - 'photo_menu' => contact_photo_menu($rr), 'id' => $rr['abook_id'], 'alt_text' => $alt_text, 'dir_icon' => $dir_icon, @@ -657,7 +335,7 @@ function connections_content(&$a) { 'name' => $rr['xchan_name'], 'username' => $rr['xchan_name'], 'sparkle' => $sparkle, - 'link' => z_root() . '/connections/' . $rr['abook_id'], + 'link' => z_root() . '/connedit/' . $rr['abook_id'], 'url' => $rr['xchan_url'], 'network' => network_to_name($rr['network']), ); diff --git a/mod/connedit.php b/mod/connedit.php new file mode 100644 index 000000000..e2d4b861c --- /dev/null +++ b/mod/connedit.php @@ -0,0 +1,497 @@ +<?php + +require_once('include/Contact.php'); +require_once('include/socgraph.php'); +require_once('include/contact_selectors.php'); +require_once('include/group.php'); +require_once('include/contact_widgets.php'); +require_once('include/zot.php'); +require_once('include/widgets.php'); + +function connedit_init(&$a) { + + if(! local_user()) + return; + + if((argc() == 2) && intval(argv(1))) { + $r = q("SELECT abook.*, xchan.* + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and abook_id = %d LIMIT 1", + intval(local_user()), + intval(argv(1)) + ); + if($r) { + $a->poi = $r[0]; + } + } + + $channel = $a->get_channel(); + if($channel) + head_set_icon($channel['xchan_photo_s']); + +} + +function connedit_post(&$a) { + + if(! local_user()) + return; + + $contact_id = intval(argv(1)); + if(! $contact_id) + return; + + $orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + intval($contact_id), + intval(local_user()) + ); + + if(! $orig_record) { + notice( t('Could not access contact record.') . EOL); + goaway($a->get_baseurl(true) . '/connections'); + return; // NOTREACHED + } + + call_hooks('contact_edit_post', $_POST); + + $profile_id = $_POST['profile-assign']; + if($profile_id) { + $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1", + dbesc($profile_id), + intval(local_user()) + ); + if(! count($r)) { + notice( t('Could not locate selected profile.') . EOL); + return; + } + } + + $hidden = intval($_POST['hidden']); + + $priority = intval($_POST['poll']); + if($priority > 5 || $priority < 0) + $priority = 0; + + $closeness = intval($_POST['closeness']); + if($closeness < 0) + $closeness = 99; + + $abook_my_perms = 0; + + foreach($_POST as $k => $v) { + if(strpos($k,'perms_') === 0) { + $abook_my_perms += $v; + } + } + + $abook_flags = $orig_record[0]['abook_flags']; + $new_friend = false; + + if(($_REQUEST['pending']) && ($abook_flags & ABOOK_FLAG_PENDING)) { + $abook_flags = ( $abook_flags ^ ABOOK_FLAG_PENDING ); + $new_friend = true; + } + + $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d + where abook_id = %d AND abook_channel = %d LIMIT 1", + dbesc($profile_id), + intval($abook_my_perms), + intval($closeness), + intval($abook_flags), + intval($contact_id), + intval(local_user()) + ); + if($r) + info( t('Connection updated.') . EOL); + else + notice( t('Failed to update connection record.') . EOL); + + if($a->poi && $a->poi['abook_my_perms'] != $abook_my_perms + && (! ($a->poi['abook_flags'] & ABOOK_FLAG_SELF))) { + proc_run('php', 'include/notifier.php', 'permission_update', $contact_id); + } + + if($new_friend) { + $channel = $a->get_channel(); + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash(local_user(),$default_group); + if($g) + group_add_member(local_user(),'',$a->poi['abook_xchan'],$g['id']); + } + + + + // Check if settings permit ("post new friend activity" is allowed, and + // friends in general or this friend in particular aren't hidden) + // and send out a new friend activity + // TODO + + // pull in a bit of content if there is any to pull in + proc_run('php','include/onepoll.php',$contact_id); + + } + + // Refresh the structure in memory with the new data + + $r = q("SELECT abook.*, xchan.* + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and abook_id = %d LIMIT 1", + intval(local_user()), + intval($contact_id) + ); + if($r) { + $a->poi = $r[0]; + } + + if($new_friend) { + $arr = array('channel_id' => local_user(), 'abook' => $a->poi); + call_hooks('accept_follow', $arr); + } + + connedit_clone($a); + + return; + +} + +function connedit_clone(&$a) { + + if(! $a->poi) + return; + $clone = $a->poi; + + unset($clone['abook_id']); + unset($clone['abook_account']); + unset($clone['abook_channel']); + + build_sync_packet(0 /* use the current local_user */, array('abook' => array($clone))); +} + + +function connedit_content(&$a) { + + $sort_type = 0; + $o = ''; + + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return login(); + } + + if(argc() == 3) { + + $contact_id = intval(argv(1)); + if(! $contact_id) + return; + + $cmd = argv(2); + + $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) and not ( abook_flags & %d ) LIMIT 1", + intval($contact_id), + intval(local_user()), + intval(ABOOK_FLAG_SELF), + // allow drop even if pending, just duplicate the self query + intval(($cmd === 'drop') ? ABOOK_FLAG_SELF : ABOOK_FLAG_PENDING) + ); + + if(! count($orig_record)) { + notice( t('Could not access address book record.') . EOL); + goaway($a->get_baseurl(true) . '/connections'); + } + + if($cmd === 'update') { + + // pull feed and consume it, which should subscribe to the hub. + proc_run('php',"include/poller.php","$contact_id"); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + + } + + if($cmd === 'refresh') { + if(! zot_refresh($orig_record[0],get_app()->get_channel())) + notice( t('Refresh failed - channel is currently unavailable.') ); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + if($cmd === 'block') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_BLOCKED)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_BLOCKED) + ? t('Channel has been unblocked') + : t('Channel has been blocked')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + if($cmd === 'ignore') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_IGNORED)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_IGNORED) + ? t('Channel has been unignored') + : t('Channel has been ignored')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + if($cmd === 'archive') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_ARCHIVED)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_ARCHIVED) + ? t('Channel has been unarchived') + : t('Channel has been archived')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + if($cmd === 'hide') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_HIDDEN)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_HIDDEN) + ? t('Channel has been unhidden') + : t('Channel has been hidden')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + // We'll prevent somebody from unapproving a contact. + + if($cmd === 'approve') { + if($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_PENDING)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) + ? t('Channel has been approved') + : t('Channel has been unapproved')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + } + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + + if($cmd === 'drop') { + + require_once('include/Contact.php'); +// FIXME +// terminate_friendship($a->get_channel(),$orig_record[0]); + + contact_remove(local_user(), $orig_record[0]['abook_id']); +// FIXME - send to clones + info( t('Contact has been removed.') . EOL ); + if(x($_SESSION,'return_url')) + goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']); + goaway($a->get_baseurl(true) . '/contacts'); + + } + } + + if($a->poi) { + + $contact_id = $a->poi['abook_id']; + $contact = $a->poi; + + + $tabs = array( + + array( + 'label' => t('View Profile'), + 'url' => $a->get_baseurl(true) . '/chanview/?f=&cid=' . $contact['abook_id'], + 'sel' => '', + 'title' => sprintf( t('View %s\'s profile'), $contact['xchan_name']), + ), + + array( + 'label' => t('Refresh Permissions'), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/refresh', + 'sel' => '', + 'title' => t('Fetch updated permissions'), + ), + + array( + 'label' => t('Recent Activity'), + 'url' => $a->get_baseurl(true) . '/network/?f=&cid=' . $contact['abook_id'], + 'sel' => '', + 'title' => t('View recent posts and comments'), + ), + + array( + 'label' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? t('Unblock') : t('Block')), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/block', + 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? 'active' : ''), + 'title' => t('Block or Unblock this connection'), + ), + + array( + 'label' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? t('Unignore') : t('Ignore')), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/ignore', + 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? 'active' : ''), + 'title' => t('Ignore or Unignore this connection'), + ), + array( + 'label' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? t('Unarchive') : t('Archive')), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/archive', + 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? 'active' : ''), + 'title' => t('Archive or Unarchive this connection'), + ), + array( + 'label' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? t('Unhide') : t('Hide')), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/hide', + 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? 'active' : ''), + 'title' => t('Hide or Unhide this connection'), + ), + + array( + 'label' => t('Delete'), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/drop', + 'sel' => '', + 'title' => t('Delete this connection'), + ), + + ); + + $self = false; + + if(! ($contact['abook_flags'] & ABOOK_FLAG_SELF)) { + $tab_tpl = get_markup_template('common_tabs.tpl'); + $t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); + } + else + $self = true; + + $a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array( + '$baseurl' => $a->get_baseurl(true), + '$editselect' => $editselect + )); + + require_once('include/contact_selectors.php'); + + $tpl = get_markup_template("abook_edit.tpl"); + + if(feature_enabled(local_user(),'affinity')) { + + $slider_tpl = get_markup_template('contact_slider.tpl'); + $slide = replace_macros($slider_tpl,array( + '$me' => t('Me'), + '$val' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 99), + '$intimate' => t('Best Friends'), + '$friends' => t('Friends'), + '$oldfriends' => t('Former Friends'), + '$acquaintances' => t('Acquaintances'), + '$world' => t('Unknown') + )); + } + + $perms = array(); + $channel = $a->get_channel(); + + $global_perms = get_perms(); + $existing = get_all_perms(local_user(),$contact['abook_xchan']); + + $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication')); + + foreach($global_perms as $k => $v) { + $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : ''); + + // For auto permissions (when $self is true) we don't want to look at existing + // permissions because they are enabled for the channel owner + + if((! $self) && ($existing[$k])) + $thisperm = "1"; + + $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4]); + } + + $o .= replace_macros($tpl,array( + + '$header' => (($self) ? t('Automatic Permissions Settings') : sprintf( t('Connections: settings for %s'),$contact['xchan_name'])), + '$addr' => $contact['xchan_addr'], + '$notself' => (($self) ? '' : '1'), + '$self' => (($self) ? '1' : ''), + '$autolbl' => t('When receiving a channel introduction, any permissions provided here will be applied to the new connection automatically and the introduction approved. Leave this page if you do not wish to use this feature.'), + '$viewprof' => t('View Profile'), + '$lbl_slider' => t('Slide to adjust your degree of friendship'), + '$slide' => $slide, + '$tabs' => $t, + '$tab_str' => $tab_str, + '$is_pending' => (($contact['abook_flags'] & ABOOK_FLAG_PENDING) ? 1 : ''), + '$unapproved' => $unapproved, + '$inherited' => t('inherited'), + '$approve' => t('Approve this connection'), + '$noperms' => (((! $self) && (! $contact['abook_my_perms'])) ? t('Connection has no individual permissions!') : ''), + '$noperm_desc' => (((! $self) && (! $contact['abook_my_perms'])) ? t('This may be appropriate based on your <a href="settings">privacy settings</a>, though you may wish to review the "Advanced Permissions".') : ''), + '$submit' => t('Submit'), + '$lbl_vis1' => t('Profile Visibility'), + '$lbl_vis2' => sprintf( t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), + '$lbl_info1' => t('Contact Information / Notes'), + '$infedit' => t('Edit contact notes'), + '$close' => $contact['abook_closeness'], + '$them' => t('Their Settings'), + '$me' => t('My Settings'), + '$perms' => $perms, + '$forum' => t('Forum Members'), + '$soapbox' => t('Soapbox'), + '$full' => t('Full Sharing'), + '$cautious' => t('Cautious Sharing'), + '$follow' => t('Follow Only'), + '$permlbl' => t('Individual Permissions'), + '$permnote' => t('Some permissions may be inherited from your channel <a href="settings">privacy settings</a>, which have higher priority. Changing those inherited settings on this page will have no effect.'), + '$advanced' => t('Advanced Permissions'), + '$quick' => t('Quick Links'), + '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'], + '$all_friends' => $all_friends, + '$relation_text' => $relation_text, + '$visit' => sprintf( t('Visit %s\'s profile - %s'),$contact['xchan_name'],$contact['xchan_url']), + '$blockunblock' => t('Block/Unblock contact'), + '$ignorecont' => t('Ignore contact'), + '$lblcrepair' => t("Repair URL settings"), + '$lblrecent' => t('View conversations'), + '$lblsuggest' => $lblsuggest, + '$delete' => t('Delete contact'), + '$poll_interval' => contact_poll_interval($contact['priority'],(! $poll_enabled)), + '$poll_enabled' => $poll_enabled, + '$lastupdtext' => t('Last update:'), + '$lost_contact' => $lost_contact, + '$updpub' => t('Update public posts'), + '$last_update' => relative_date($contact['abook_connected']), + '$udnow' => t('Update now'), + '$profile_select' => contact_profile_assign($contact['abook_profile']), + '$multiprofs' => feature_enabled(local_user(),'multi_profiles'), + '$contact_id' => $contact['abook_id'], + '$block_text' => (($contact['blocked']) ? t('Unblock') : t('Block') ), + '$ignore_text' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ), + '$blocked' => (($contact['blocked']) ? t('Currently blocked') : ''), + '$ignored' => (($contact['readonly']) ? t('Currently ignored') : ''), + '$archived' => (($contact['archive']) ? t('Currently archived') : ''), + '$pending' => (($contact['archive']) ? t('Currently pending') : ''), + '$hidden' => array('hidden', t('Hide this contact from others'), ($contact['hidden'] == 1), t('Replies/likes to your public posts <strong>may</strong> still be visible')), + '$photo' => $contact['photo'], + '$name' => $contact['name'], + '$dir_icon' => $dir_icon, + '$alt_text' => $alt_text, + '$sparkle' => $sparkle, + '$url' => $url + + )); + + $arr = array('contact' => $contact,'output' => $o); + + call_hooks('contact_edit', $arr); + + return $arr['output']; + + } + + +} diff --git a/mod/crepair.php b/mod/crepair.php deleted file mode 100644 index f749fac0e..000000000 --- a/mod/crepair.php +++ /dev/null @@ -1,171 +0,0 @@ -<?php - -function crepair_init(&$a) { - if(! local_user()) - return; - - $contact_id = 0; - - if(($a->argc == 2) && intval($a->argv[1])) { - $contact_id = intval($a->argv[1]); - $r = q("SELECT * FROM `contact` WHERE `uid` = %d and `id` = %d LIMIT 1", - intval(local_user()), - intval($contact_id) - ); - if(! count($r)) { - $contact_id = 0; - } - } - - if(! x($a->page,'aside')) - $a->page['aside'] = ''; - - if($contact_id) { - $a->data['contact'] = $r[0]; - $o .= '<div class="vcard">'; - $o .= '<div class="fn">' . $a->data['contact']['name'] . '</div>'; - $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->data['contact']['photo'] . '" alt="' . $a->data['contact']['name'] . '" /></div>'; - $o .= '</div>'; - $a->page['aside'] .= $o; - - } -} - - -function crepair_post(&$a) { - if(! local_user()) - return; - - $cid = (($a->argc > 1) ? intval($a->argv[1]) : 0); - - if($cid) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), - intval(local_user()) - ); - } - - if(! count($r)) - return; - - $contact = $r[0]; - - $name = ((x($_POST,'name')) ? $_POST['name'] : $contact['name']); - $nick = ((x($_POST,'nick')) ? $_POST['nick'] : ''); - $url = ((x($_POST,'url')) ? $_POST['url'] : ''); - $request = ((x($_POST,'request')) ? $_POST['request'] : ''); - $confirm = ((x($_POST,'confirm')) ? $_POST['confirm'] : ''); - $notify = ((x($_POST,'notify')) ? $_POST['notify'] : ''); - $poll = ((x($_POST,'poll')) ? $_POST['poll'] : ''); - $attag = ((x($_POST,'attag')) ? $_POST['attag'] : ''); - $photo = ((x($_POST,'photo')) ? $_POST['photo'] : ''); - - $r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `url` = '%s', `request` = '%s', `confirm` = '%s', `notify` = '%s', `poll` = '%s', `attag` = '%s' - WHERE `id` = %d AND `uid` = %d LIMIT 1", - dbesc($name), - dbesc($nick), - dbesc($url), - dbesc($request), - dbesc($confirm), - dbesc($notify), - dbesc($poll), - dbesc($attag), - intval($contact['id']), - local_user() - ); - - if($photo) { - logger('mod-crepair: updating photo from ' . $photo); - require_once('include/photo/photo_driver.php'); - - $photos = import_profile_photo($photo,local_user(),$contact['id']); - - $x = q("UPDATE `contact` SET `photo` = '%s', - `thumb` = '%s', - `micro` = '%s', - `name_date` = '%s', - `uri_date` = '%s', - `avatar_date` = '%s' - WHERE `id` = %d LIMIT 1 - ", - dbesc($photos[0]), - dbesc($photos[1]), - dbesc($photos[2]), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($contact['id']) - ); - } - - if($r) - info( t('Contact settings applied.') . EOL); - else - notice( t('Contact update failed.') . EOL); - - - return; -} - - - -function crepair_content(&$a) { - - if(! local_user()) { - notice( t('Permission denied.') . EOL); - return; - } - - $cid = (($a->argc > 1) ? intval($a->argv[1]) : 0); - - if($cid) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), - intval(local_user()) - ); - } - - if(! count($r)) { - notice( t('Contact not found.') . EOL); - return; - } - - $contact = $r[0]; - - $msg1 = t('Repair Contact Settings'); - - $msg2 = t('<strong>WARNING: This is highly advanced</strong> and if you enter incorrect information your communications with this contact may stop working.'); - $msg3 = t('Please use your browser \'Back\' button <strong>now</strong> if you are uncertain what to do on this page.'); - - $o .= '<h2>' . $msg1 . '</h2>'; - - $o .= '<div class="error-message">' . $msg2 . EOL . EOL. $msg3 . '</div>'; - - $o .= EOL . '<a href="contacts/' . $cid . '">' . t('Return to contact editor') . '</a>' . EOL; - - $tpl = get_markup_template('crepair.tpl'); - $o .= replace_macros($tpl, array( - '$label_name' => t('Name'), - '$label_nick' => t('Account Nickname'), - '$label_attag' => t('@Tagname - overrides Name/Nickname'), - '$label_url' => t('Account URL'), - '$label_request' => t('Friend Request URL'), - '$label_confirm' => t('Friend Confirm URL'), - '$label_notify' => t('Notification Endpoint URL'), - '$label_poll' => t('Poll/Feed URL'), - '$label_photo' => t('New photo from this URL'), - '$contact_name' => $contact['name'], - '$contact_nick' => $contact['nick'], - '$contact_id' => $contact['id'], - '$contact_url' => $contact['url'], - '$request' => $contact['request'], - '$confirm' => $contact['confirm'], - '$notify' => $contact['notify'], - '$poll' => $contact['poll'], - '$contact_attag' => $contact['attag'], - '$lbl_submit' => t('Submit') - )); - - return $o; - -} diff --git a/mod/directory.php b/mod/directory.php index 1f22e9bf8..9e4c37fae 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -1,6 +1,7 @@ <?php require_once('include/dir_fns.php'); +require_once('include/widgets.php'); function directory_init(&$a) { @@ -8,24 +9,6 @@ function directory_init(&$a) { } -function directory_aside(&$a) { - - if(local_user()) { - require_once('include/contact_widgets.php'); - $a->set_widget('find_people',findpeople_widget()); - } - - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - return; - } - - $a->set_widget('safe_search',dir_safe_mode()); - - $a->set_widget('dir_sort_order',dir_sort_links()); - -} - - function directory_content(&$a) { if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { @@ -211,7 +194,7 @@ function directory_content(&$a) { } if($j['keywords']) { - $a->set_widget('dirtagblock',dir_tagblock(z_root() . '/directory',$j['keywords'])); + $a->data['directory_keywords'] = $j['keywords']; } // logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA); diff --git a/mod/display.php b/mod/display.php index e95a038ea..65114272a 100644 --- a/mod/display.php +++ b/mod/display.php @@ -40,6 +40,14 @@ function display_content(&$a, $update = 0, $load = false) { $channel = $a->get_channel(); + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + $x = array( 'is_owner' => true, 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), @@ -47,7 +55,7 @@ function display_content(&$a, $update = 0, $load = false) { 'nickname' => $channel['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => populate_acl($channel, false), + 'acl' => populate_acl($channel_acl, false), 'bang' => '', 'visitor' => 'block', 'profile_uid' => local_user(), @@ -131,13 +139,13 @@ function display_content(&$a, $update = 0, $load = false) { $sql_extra = public_permissions_sql(get_observer_hash()); - if($update && $load) { + if(($update && $load) || ($_COOKIE['jsAvailable'] != 1)) { $updateable = false; $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); - if($load) { + if($load || ($_COOKIE['jsAvailable'] != 1)) { $r = null; if(local_user()) { $r = q("SELECT * from item @@ -194,8 +202,11 @@ function display_content(&$a, $update = 0, $load = false) { } - - $o .= conversation($a, $items, 'display', $update, 'client'); + if ($_COOKIE['jsAvailable'] == 1) { + $o .= conversation($a, $items, 'display', $update, 'client'); + } else { + $o .= conversation($a, $items, 'display', $update, 'traditional'); + } if($updateable) { $x = q("UPDATE item SET item_flags = ( item_flags ^ %d ) diff --git a/mod/editblock.php b/mod/editblock.php index 9c691640b..8b5b2d16c 100644 --- a/mod/editblock.php +++ b/mod/editblock.php @@ -132,7 +132,7 @@ function editblock_content(&$a) { '$pvisit' => 'none', '$public' => t('Public post'), '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title']), + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), '$placeholdertitle' => t('Set title'), '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), diff --git a/mod/editlayout.php b/mod/editlayout.php index f8906d981..542bb8357 100644 --- a/mod/editlayout.php +++ b/mod/editlayout.php @@ -117,7 +117,7 @@ function editlayout_content(&$a) { '$pvisit' => 'none', '$public' => t('Public post'), '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title']), + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), '$placeholdertitle' => t('Set title'), '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), diff --git a/mod/editpost.php b/mod/editpost.php index 8e2d2fd60..f012c47cd 100644 --- a/mod/editpost.php +++ b/mod/editpost.php @@ -57,9 +57,9 @@ function editpost_content(&$a) { if($itm[0]['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); if($itm[0]['title']) - $itm[0]['title'] = aes_unencapsulate(json_decode_plus($itm[0]['title']),$key); + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); if($itm[0]['body']) - $itm[0]['body'] = aes_unencapsulate(json_decode_plus($itm[0]['body']),$key); + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); } $tpl = get_markup_template("jot.tpl"); @@ -114,7 +114,7 @@ function editpost_content(&$a) { '$pvisit' => 'none', '$public' => t('Public post'), '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title']), + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), '$placeholdertitle' => t('Set title'), '$category' => $category, '$placeholdercategory' => t('Categories (comma-separated list)'), diff --git a/mod/editwebpage.php b/mod/editwebpage.php index 5a21aa78d..85bd9e918 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -19,6 +19,8 @@ function editwebpage_content(&$a) { $owner = intval($r[0]['channel_id']); //logger('owner: ' . print_r($owner,true)); } + + $is_owner = ((local_user() && local_user() == $owner) ? true : false); $o = ''; @@ -52,6 +54,23 @@ function editwebpage_content(&$a) { ); + if($itm[0]['item_flags'] & ITEM_OBSCURED) { + $key = get_config('system','prvkey'); + if($itm[0]['title']) + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); + if($itm[0]['body']) + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); + } + + $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", + $itm[0]['id'] + ); + if($item_id) + $page_title = $item_id[0]['sid']; + + + + $plaintext = true; if(feature_enabled($itm[0]['uid'],'richtext')) @@ -112,9 +131,14 @@ function editwebpage_content(&$a) { //FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. $rp = '/webpages/' . $which; + $lockstate = $o .= replace_macros($tpl,array( '$return_path' => $rp, + '$webpage' => true, + '$placeholdpagetitle' => t('Page link title'), + '$pagetitle' => $page_title, + '$action' => 'item', '$share' => t('Edit'), '$upload' => t('Upload photo'), @@ -131,20 +155,22 @@ function editwebpage_content(&$a) { '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => $a->get_baseurl(), - '$defloc' => $channel['channel_location'], - '$visitor' => 'none', - '$pvisit' => 'none', + '$defloc' => $itm[0]['location'], + '$visitor' => ($is_owner) ? 'block' : 'none', + '$acl' => populate_acl($itm[0]), + '$showacl' => true, + '$pvisit' => ($is_owner) ? 'block' : 'none', '$public' => t('Public post'), '$jotnets' => $jotnets, '$mimeselect' => $mimeselect, '$layoutselect' => $layoutselect, - '$title' => htmlspecialchars($itm[0]['title']), + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), '$placeholdertitle' => t('Set title'), '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), - '$lockstate' => $lockstate, - '$acl' => '', + 'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'), + '$acl' => populate_acl($itm[0]), '$bang' => '', '$profile_uid' => (intval($owner)), '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), diff --git a/mod/events.php b/mod/events.php index f43a99cba..265c74fce 100755 --- a/mod/events.php +++ b/mod/events.php @@ -1,5 +1,6 @@ <?php +require_once('include/conversation.php'); require_once('include/bbcode.php'); require_once('include/datetime.php'); require_once('include/event.php'); @@ -11,7 +12,7 @@ function events_post(&$a) { return; $event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0); - $cid = ((x($_POST,'cid')) ? intval($_POST['cid']) : 0); + $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : ''); $uid = local_user(); $startyear = intval($_POST['startyear']); $startmonth = intval($_POST['startmonth']); @@ -28,6 +29,11 @@ function events_post(&$a) { $adjust = intval($_POST['adjust']); $nofinish = intval($_POST['nofinish']); + // only allow editing your own events. + + if(($xchan) && ($xchan !== get_observer_hash())) + return; + // The default setting for the `private` field in event_store() is false, so mirror that $private_event = false; @@ -389,11 +395,9 @@ function events_content(&$a) { else $sh_checked = (($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' ); - if($cid) + if($orig_event['event_xchan']) $sh_checked .= ' disabled="disabled" '; - - $tpl = get_markup_template('event_form.tpl'); $sdt = ((x($orig_event)) ? $orig_event['start'] : 'now'); @@ -426,6 +430,15 @@ function events_content(&$a) { require_once('include/acl_selectors.php'); + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + + $o .= replace_macros($tpl,array( '$post' => $a->get_baseurl() . '/events', '$eid' => $eid, @@ -453,8 +466,7 @@ function events_content(&$a) { '$t_orig' => $t_orig, '$sh_text' => t('Share this event'), '$sh_checked' => $sh_checked, -// FIXME - '$acl' => (($cid) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $a->user),false)), + '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults))), '$submit' => t('Submit') )); diff --git a/mod/follow.php b/mod/follow.php index 9f5a8183b..962bb71a7 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -15,7 +15,7 @@ function follow_init(&$a) { $confirm = intval($_REQUEST['confirm']); $result = new_contact($uid,$url,$a->get_channel(),true,$confirm); - + if($result['success'] == false) { if($result['message']) notice($result['message']); @@ -24,7 +24,13 @@ function follow_init(&$a) { info( t('Channel added.') . EOL); - goaway(z_root() . '/connections/' . $result['abook']['abook_id']); + // If we can view their stream, pull in some posts + + if($result['abook']['abook_their_perms'] & PERMS_R_STREAM) + proc_run('php','include/onepoll.php',$result['abook']['abook_id']); + + + goaway(z_root() . '/connedit/' . $result['abook']['abook_id']); } diff --git a/mod/group.php b/mod/group.php index 46386be0d..352484e25 100644 --- a/mod/group.php +++ b/mod/group.php @@ -2,12 +2,6 @@ require_once('include/group.php'); -function group_aside(&$a) { - if(local_user()) { - $a->set_widget('groups_edit',group_side('connections','group',false,(($a->argc > 1) ? intval($a->argv[1]) : 0))); - } -} - function group_post(&$a) { @@ -49,7 +43,7 @@ function group_post(&$a) { $groupname = notags(trim($_POST['groupname'])); $public = intval($_POST['public']); - if((strlen($groupname)) && ($groupname != $group['name'])) { + if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) { $r = q("UPDATE `group` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($groupname), intval($public), @@ -57,7 +51,7 @@ function group_post(&$a) { intval($group['id']) ); if($r) - info( t('Collection name changed.') . EOL ); + info( t('Collection updated.') . EOL ); } goaway(z_root() . '/group/' . argv(1) . '/' . argv(2)); diff --git a/mod/hcard.php b/mod/hcard.php deleted file mode 100644 index ab2fa88a1..000000000 --- a/mod/hcard.php +++ /dev/null @@ -1,53 +0,0 @@ -<?php - -function hcard_init(&$a) { - - $blocked = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); - - if($a->argc > 1) - $which = $a->argv[1]; - else { - notice( t('No profile') . EOL ); - $a->error = 404; - return; - } - - $profile = 0; - if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) { - $which = $a->user['nickname']; - $profile = $a->argv[1]; - } - - profile_load($a,$which,$profile); - - if((x($a->profile,'page-flags')) && ($a->profile['page-flags'] == PAGE_COMMUNITY)) { - $a->page['htmlhead'] .= '<meta name="friendica.community" content="true" />'; - } - if(x($a->profile,'openidserver')) - $a->page['htmlhead'] .= '<link rel="openid.server" href="' . $a->profile['openidserver'] . '" />' . "\r\n"; - if(x($a->profile,'openid')) { - $delegate = ((strstr($a->profile['openid'],'://')) ? $a->profile['openid'] : 'http://' . $a->profile['openid']); - $a->page['htmlhead'] .= '<link rel="openid.delegate" href="' . $delegate . '" />' . "\r\n"; - } - - if(! $blocked) { - $keywords = ((x($a->profile,'keywords')) ? $a->profile['keywords'] : ''); - $keywords = str_replace(array(',',' ',',,'),array(' ',',',','),$keywords); - if(strlen($keywords)) - $a->page['htmlhead'] .= '<meta name="keywords" content="' . $keywords . '" />' . "\r\n" ; - } - - $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/dfrn_poll/' . $which .'" />' . "\r\n" ; - $uri = urlencode('acct:' . $a->profile['nickname'] . '@' . $a->get_hostname() . (($a->path) ? '/' . $a->path : '')); - $a->page['htmlhead'] .= '<link rel="lrdd" type="application/xrd+xml" href="' . $a->get_baseurl() . '/xrd/?uri=' . $uri . '" />' . "\r\n"; - header('Link: <' . $a->get_baseurl() . '/xrd/?uri=' . $uri . '>; rel="lrdd"; type="application/xrd+xml"', false); - - $dfrn_pages = array('request', 'confirm', 'notify', 'poll'); - foreach($dfrn_pages as $dfrn) - $a->page['htmlhead'] .= "<link rel=\"dfrn-{$dfrn}\" href=\"".$a->get_baseurl()."/dfrn_{$dfrn}/{$which}\" />\r\n"; - -} - -function hcard_aside(&$a) { - profile_create_sidebar($a); -} diff --git a/mod/help.php b/mod/help.php index 770a0a8af..cd2dfd87e 100644 --- a/mod/help.php +++ b/mod/help.php @@ -1,5 +1,16 @@ <?php +/** + * You can create local site resources in doc/Site.md and either link to doc/Home.md for the standard resources + * or use our include mechanism to include it on your local page. + * + * #include doc/Home.md; + * + * The syntax is somewhat strict. + * + */ + + if(! function_exists('load_doc_file')) { function load_doc_file($s) { $lang = get_app()->language; @@ -21,13 +32,32 @@ function help_content(&$a) { global $lang; + $doctype = 'markdown'; + require_once('library/markdown.php'); $text = ''; - if($a->argc > 1) { + if(argc() > 1) { $text = load_doc_file('doc/' . $a->argv[1] . '.md'); - $a->page['title'] = t('Help:') . ' ' . str_replace('-',' ',notags($a->argv[1])); + $a->page['title'] = t('Help:') . ' ' . str_replace('-',' ',notags(argv(1))); + } + if(! $text) { + $text = load_doc_file('doc/' . $a->argv[1] . '.bb'); + if($text) + $doctype = 'bbcode'; + $a->page['title'] = t('Help:') . ' ' . str_replace('-',' ',notags(argv(1))); + } + if(! $text) { + $text = load_doc_file('doc/' . $a->argv[1] . '.html'); + if($text) + $doctype = 'html'; + $a->page['title'] = t('Help:') . ' ' . str_replace('-',' ',notags(argv(1))); + } + + if(! $text) { + $text = load_doc_file('doc/Site.md'); + $a->page['title'] = t('Help'); } if(! $text) { $text = load_doc_file('doc/Home.md'); @@ -41,7 +71,26 @@ function help_content(&$a) { '$message' => t('Page not found.' ) )); } - - return Markdown($text); + + $text = preg_replace_callback("/#include (.*?)\;/ism", 'preg_callback_help_include', $text); + + if($doctype === 'html') + return $text; + if($doctype === 'markdown') + return Markdown($text); + if($doctype === 'bbcode') { + require_once('include/bbcode.php'); + return bbcode($text); + } + +} + + +function preg_callback_help_include($matches) { + print_r($matches); + + if($matches[1]) + return str_replace($matches[0],load_doc_file($matches[1]),$matches[0]); } + diff --git a/mod/home.php b/mod/home.php index d17d477c8..05626dcb5 100644 --- a/mod/home.php +++ b/mod/home.php @@ -1,6 +1,9 @@ <?php -if(! function_exists('home_init')) { +require_once('include/items.php'); +require_once('include/conversation.php'); + + function home_init(&$a) { $ret = array(); @@ -20,10 +23,9 @@ function home_init(&$a) { goaway(z_root() . '/new_channel'); } -}} +} -if(! function_exists('home_content')) { function home_content(&$a) { $o = ''; @@ -33,55 +35,62 @@ function home_content(&$a) { if(x($_SESSION,'mobile_theme')) unset($_SESSION['mobile_theme']); -$channel_address = get_config("system", "site_channel" ); + $channel_address = get_config("system", "site_channel" ); if ($channel_address){ -require_once('include/items.php'); -require_once('include/conversation.php'); - - -//We can do better, but until we figure out auto-linkification, let's keep things simple - $page_id = 'home'; - - $u = q("select channel_id from channel where channel_address = '%s' limit 1", - dbesc($channel_address) - ); + // We can do better, but until we figure out auto-linkification, let's keep things simple + + $page_id = 'home'; + + $u = q("select channel_id from channel where channel_address = '%s' limit 1", + dbesc($channel_address) + ); + + if(! $u) { + notice( t('Channel not found.') . EOL); + return; + } + + $r = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and + item_restrict = %d limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_WEBPAGE) + ); + + if(! $r) { + notice( t('Item not found.') . EOL); + return; + } + + xchan_query($r); + $r = fetch_post_tags($r,true); + $a->profile = array('profile_uid' => $u[0]['channel_id']); + $o .= prepare_page($r[0]); + return $o; + } - if(! $u) { - notice( t('Channel not found.') . EOL); - return; + if(get_config('system','projecthome')) { + $o .= file_get_contents('assets/home.html'); + $a->page['template'] = 'full'; + return $o; } - $r = q("select item.* from item left join item_id on item.id = item_id.iid - where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and - item_restrict = %d limit 1", - intval($u[0]['channel_id']), - dbesc($page_id), - intval(ITEM_WEBPAGE) - ); - - if(! $r) { - notice( t('Item not found.') . EOL); - return; + if(file_exists('home.html')) { + $o .= file_get_contents('home.html'); } + else { - xchan_query($r); - $r = fetch_post_tags($r,true); - $a->profile = array('profile_uid' => $u[0]['channel_id']); - $o .= prepare_page($r[0]); + // If there's no site channel or home contents configured, fallback to the old behaviour -} - -// If there's no site channel specified, fallback to the old behaviour - else { $o .= '<h1>' . ((x($a->config,'sitename')) ? sprintf( t("Welcome to %s") ,$a->config['sitename']) : "" ) . '</h1>'; - if(file_exists('home.html')) - $o .= file_get_contents('home.html'); -} - - $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); - - call_hooks("home_content",$o); - return $o; -} + $sitename = get_config('system','sitename'); + if($sitename) + $o .= '<h1>' . sprintf( t("Welcome to %s") ,$sitename) . '</h1>'; + if (! $a->config['system']['no_login_on_homepage']) + $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); + } + call_hooks('home_content',$o); + return $o; } diff --git a/mod/import.php b/mod/import.php index e2e54c0cd..94d41455d 100644 --- a/mod/import.php +++ b/mod/import.php @@ -214,7 +214,7 @@ function import_post(&$a) { dbesc($channel['channel_hash']) ); - $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_photo_date, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", dbesc($channel['channel_hash']), dbesc($channel['channel_guid']), dbesc($channel['channel_guid_sig']), @@ -224,6 +224,8 @@ function import_post(&$a) { dbesc($a->get_baseurl() . "/photo/profile/s/" . $channel['channel_id']), dbesc($channel['channel_address'] . '@' . get_app()->get_hostname()), dbesc(z_root() . '/channel/' . $channel['channel_address']), + dbesc(z_root() . '/follow?f=&url=%s'), + dbesc(z_root() . '/poco/' . $channel['channel_address']), dbesc($channel['channel_name']), dbesc('zot'), dbesc(datetime_convert()), diff --git a/mod/intro.php b/mod/intro.php deleted file mode 100644 index 5b660485a..000000000 --- a/mod/intro.php +++ /dev/null @@ -1,110 +0,0 @@ -<?php - -function intro_post(&$a) { - if(! local_user()) - return; - if(! intval($_REQUEST['contact_id'])) - return; - - $approved = false; - $flags = 0; - if($_REQUEST['submit'] == t('Approve')) { - $approved = true; - } - elseif($_REQUEST['submit'] == t('Block')) { - $flags = ABOOK_FLAG_BLOCKED; - } - elseif($_REQUEST['submit'] == t('Ignore')) { - $flags = ABOOK_FLAG_IGNORED; - } - if(intval($_REQUEST['hidden'])) - $flags |= ABOOK_FLAG_HIDDEN; - - $r = q("update abook set abook_flags = %d where abook_channel = %d and abook_id = %d limit 1", - intval($flags), - intval(local_user()), - intval($_REQUEST['contact_id']) - ); - if($r) - info( t('Connection updated.') . EOL); - else - notice( t('Connection update failed.') . EOL); - - if($approved) - goaway(z_root() . '/connections/' . $_REQUEST['contact_id']); - - -} - -function intro_aside(&$a) { - require_once('include/contact_widgets.php'); - - $a->set_widget('follow', follow_widget()); - -} - - -function intro_content(&$a) { - - if( ! local_user()) { - notice( t('Permission denied.') . EOL); - return; - } - - - $o = replace_macros(get_markup_template('intros_header.tpl'),array( - '$title' => t('Introductions and Connection Requests') - )); - - $r = q("select count(abook_id) as total from abook where abook_channel = %d and (abook_flags & %d) and not (abook_flags & %d) ", - intval(local_user()), - intval(ABOOK_FLAG_PENDING), - intval(ABOOK_FLAG_SELF) - ); - if($r) { - $a->set_pager_total($r[0]['total']); - if(! intval($r[0]['total'])) { - notice( t('No pending introductions.') . EOL); - return $o; - } - } - else { - notice( t('System error. Please try again later.') . EOL); - return $o; - } - - $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and (abook_flags & %d) and not (abook_flags & %d) LIMIT %d, %d", - intval(local_user()), - intval(ABOOK_FLAG_PENDING), - intval(ABOOK_FLAG_SELF), - intval($a->pager['start']), - intval($a->pager['itemspage']) - ); - - if($r) { - - $tpl = get_markup_template("intros.tpl"); - - foreach($r as $rr) { - $o .= replace_macros($tpl,array( - '$uid' => local_user(), - - '$contact_id' => $rr['abook_id'], - '$photo' => ((x($rr,'xchan_photo_l')) ? $rr['xchan_photo_l'] : "images/person-175.jpg"), - '$fullname' => $rr['xchan_name'], - '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['abook_flags'] & ABOOK_FLAG_HIDDEN), ''), - '$activity' => array('activity', t('Post a new friend activity'), (intval(get_pconfig(local_user(),'system','post_newfriend')) ? '1' : 0), t('if applicable')), - '$url' => zid($rr['xchan_url']), - '$approve' => t('Approve'), - '$block' => t('Block'), - '$ignore' => t('Ignore'), - '$discard' => t('Discard') - - )); - } - } - - $o .= paginate($a); - return $o; - -}
\ No newline at end of file diff --git a/mod/item.php b/mod/item.php index b564c7545..7f881d28d 100644 --- a/mod/item.php +++ b/mod/item.php @@ -58,6 +58,12 @@ function item_post(&$a) { // If you are unsure, it is prudent (and important) to leave it unset. $origin = (($api_source && array_key_exists('origin',$_REQUEST)) ? intval($_REQUEST['origin']) : 1); + + // To represent message-ids on other networks - this will create an item_id record + + $namespace = (($api_source && array_key_exists('namespace',$_REQUEST)) ? strip_tags($_REQUEST['namespace']) : ''); + $remote_id = (($api_source && array_key_exists('remote_id',$_REQUEST)) ? strip_tags($_REQUEST['remote_id']) : ''); + $owner_hash = null; $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); @@ -71,6 +77,8 @@ function item_post(&$a) { $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : ''); $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); + $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); + /* Check service class limits */ @@ -190,6 +198,16 @@ function item_post(&$a) { $orig_post = null; + if($namespace && $remote_id) { + // It wasn't an internally generated post - see if we've got an item matching this remote service id + $i = q("select iid from item_id where service = '%s' and sid = '%s' limit 1", + dbesc($namespace), + dbesc($remote_id) + ); + if($i) + $post_id = $i[0]['iid']; + } + if($post_id) { $i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), @@ -255,6 +273,7 @@ function item_post(&$a) { $private = $orig_post['item_private']; $item_flags = $orig_post['item_flags']; $item_restrict = $orig_post['item_restrict']; + $postopts = $orig_post['postopts']; } else { @@ -287,6 +306,7 @@ function item_post(&$a) { $verb = notags(trim($_REQUEST['verb'])); $title = escape_tags(trim($_REQUEST['title'])); $body = $_REQUEST['body']; + $postopts = ''; $private = ( ( strlen($str_group_allow) @@ -604,12 +624,13 @@ function item_post(&$a) { $datarray['item_private'] = $private; $datarray['attach'] = $attachments; $datarray['thr_parent'] = $thr_parent; - $datarray['postopts'] = ''; + $datarray['postopts'] = $postopts; $datarray['item_restrict'] = $item_restrict; $datarray['item_flags'] = $item_flags; $datarray['layout_mid'] = $layout_mid; $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); $datarray['term'] = $post_tags; + $datarray['plink'] = $plink; // preview mode - prepare the body for display and send it via json @@ -774,14 +795,6 @@ function item_post(&$a) { // NOTREACHED } - // update the commented timestamp on the parent - - q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1", - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($parent) - ); - $page_type = ''; if($webpage & ITEM_WEBPAGE) @@ -790,6 +803,10 @@ function item_post(&$a) { $page_type = 'BUILDBLOCK'; elseif($webpage & ITEM_PDL) $page_type = 'PDL'; + elseif($namespace && $remote_id) { + $page_type = $namespace; + $pagetitle = $remote_id; + } if($page_type) { @@ -808,7 +825,7 @@ function item_post(&$a) { } $datarray['id'] = $post_id; - $datarray['plink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id; + $datarray['llink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id; call_hooks('post_local_end', $datarray); @@ -1032,7 +1049,10 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, if(! stristr($image,get_app()->get_baseurl() . '/photo/')) continue; $image_uri = substr($image,strrpos($image,'/') + 1); - $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + if(strpos($image_uri,'-') !== false) + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + if(strpos($image_uri,'.') !== false) + $image_uri = substr($image_uri,0, strpos($image_uri,'.')); if(! strlen($image_uri)) continue; $srch = '<' . $xchan_hash . '>'; diff --git a/mod/layouts.php b/mod/layouts.php index b1f53d4d8..9ed349850 100644 --- a/mod/layouts.php +++ b/mod/layouts.php @@ -43,9 +43,9 @@ function layouts_content(&$a) { return; } - if(local_user() && local_user() == $owner) { - $a->set_widget('design',design_tools()); - } +// if(local_user() && local_user() == $owner) { + // $a->set_widget('design',design_tools()); + // } $tabs = array( array( diff --git a/mod/magic.php b/mod/magic.php index 4794f86a8..aead559a7 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -4,6 +4,7 @@ function magic_init(&$a) { + $ret = array('success' => false, 'url' => '', 'message' => ''); logger('mod_magic: invoked', LOGGER_DEBUG); logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA); @@ -11,61 +12,49 @@ function magic_init(&$a) { $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); $hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : ''); $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); - $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); - - if($hash) { - $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hubloc_hash = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", - dbesc($hash), - intval(HUBLOC_FLAGS_PRIMARY) - ); - } - elseif($addr) { - $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", - dbesc($addr), - intval(HUBLOC_FLAGS_PRIMARY) - ); - } - else { - // See if we know anybody at the dest site that will unlock the door for us - $b = explode('/',$dest); - - if(count($b) >= 2) { - $u = $b[0] . '//' . $b[2]; - - $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hubloc_url = '%s' order by hubloc_id desc limit 5", - dbesc($u) - ); - - if($x) { - // They must have a valid hubloc_addr - while(! strpos($x[0]['hubloc_addr'],'@')) { - array_shift($x); - } - } + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); + $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $parsed = parse_url($dest); + if(! $parsed) { + if($test) { + $ret['message'] .= 'could not parse ' . $dest . EOL; + return($ret); } + goaway($dest); } + $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); + + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", + dbesc($basepath) + ); + if(! $x) { - // Finger them if they've never been seen here before - - if($addr) { - $ret = zot_finger($addr,null); - if($ret['success']) { - $j = json_decode($ret['body'],true); - if($j) - import_xchan($j); - $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", - dbesc($addr), - intval(HUBLOC_FLAGS_PRIMARY) - ); - } + /* + * We have no records for, or prior communications with this hub. + * If an address was supplied, let's finger them to create a hub record. + * Otherwise we'll use the special address '[system]' which will return + * either a system channel or the first available normal channel. We don't + * really care about what channel is returned - we need the hub information + * from that response so that we can create signed auth packets destined + * for that hub. + * + */ + + $ret = zot_finger((($addr) ? $addr : '[system]@' . $parsed['host']),null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + + // Now try again + + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", + dbesc($basepath) + ); } } @@ -73,8 +62,12 @@ function magic_init(&$a) { if($rev) goaway($dest); else { - logger('mod_magic: channel not found.' . print_r($_REQUEST,true)); - notice( t('Channel not found.') . EOL); + logger('mod_magic: no channels found for requested hub.' . print_r($_REQUEST,true)); + if($test) { + $ret['message'] .= 'This site has no previous connections with ' . $basepath . EOL; + return $ret; + } + notice( t('Hub not found.') . EOL); return; } } @@ -91,28 +84,23 @@ function magic_init(&$a) { call_hooks('magic_auth',$arr); $dest = $arr['destination']; - if(! $arr['proceed']) + if(! $arr['proceed']) { + if($test) { + $ret['message'] .= 'cancelled by plugin.' . EOL; + return $ret; + } goaway($dest); + } - if($x[0]['hubloc_url'] === z_root()) { - $webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr'])); - switch($dest) { - case 'channel': - $desturl = z_root() . '/channel/' . $webbie; - break; - case 'photos': - $desturl = z_root() . '/photos/' . $webbie; - break; - case 'profile': - $desturl = z_root() . '/profile/' . $webbie; - break; - default: - $desturl = $dest; - break; - } + if((get_observer_hash()) && ($x[0]['hubloc_url'] === z_root())) { // We are already authenticated on this site and a registered observer. // Just redirect. - goaway($desturl); + if($test) { + $ret['success'] = true; + $ret['message'] .= 'Local site - you are already authenticated.' . EOL; + return $ret; + } + goaway($dest); } if(local_user()) { @@ -124,28 +112,35 @@ function magic_init(&$a) { $channel['token'] = $token; $channel['token_sig'] = $token_sig; - - $recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])); - - $hash = random_string(); - $r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')", dbesc('auth'), intval($channel['channel_id']), dbesc($token), - dbesc($x[0]['hubloc_hash']), + dbesc($x[0]['hubloc_url']), dbesc(datetime_convert()) ); - $target_url = $x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@')) ; + $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname()) + . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION; + logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); - goaway($target_url - . '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname() - . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION); + if($test) { + $ret['success'] = true; + $ret['url'] = $target_url; + $ret['message'] = 'token ' . $token . ' created for channel ' . $channel['channel_id'] . ' for url ' . $x[0]['hubloc_url'] . EOL; + return $ret; + } + + goaway($target_url); + } - if(strpos($dest,'/')) - goaway($dest); - goaway(z_root()); + if($test) { + $ret['message'] = 'Not authenticated or invalid arguments to mod_magic' . EOL; + return $ret; + } + + goaway($dest); + } diff --git a/mod/match.php b/mod/match.php index 23eeb9370..5447f755d 100644 --- a/mod/match.php +++ b/mod/match.php @@ -1,5 +1,9 @@ <?php +// FIXME - this has never been properly ported from Friendica +// It takes keywords from your profile and queries the directory server for +// matching keywords from other profiles. + function match_content(&$a) { @@ -30,10 +34,10 @@ function match_content(&$a) { if($a->pager['page'] != 1) $params['p'] = $a->pager['page']; - if(strlen(get_config('system','directory_submit_url'))) - $x = post_url('http://dir.friendica.com/msearch', $params); - else - $x = post_url($a->get_baseurl() . '/msearch', $params); +// if(strlen(get_config('system','directory_submit_url'))) +// $x = post_url('http://dir.friendica.com/msearch', $params); +// else +// $x = post_url($a->get_baseurl() . '/msearch', $params); $j = json_decode($x); diff --git a/mod/menu.php b/mod/menu.php index 1ec3c7996..47eed6484 100644 --- a/mod/menu.php +++ b/mod/menu.php @@ -42,7 +42,7 @@ function menu_content(&$a) { } - $a->set_widget('design',design_tools()); +// $a->set_widget('design',design_tools()); if(argc() == 1) { diff --git a/mod/message.php b/mod/message.php index f992a6fa1..c14bf2161 100644 --- a/mod/message.php +++ b/mod/message.php @@ -7,198 +7,6 @@ require_once("include/bbcode.php"); require_once('include/Contact.php'); -function message_aside(&$a) { - - if (! local_user()) - return; - - $a->set_widget('msgaside',replace_macros(get_markup_template('message_side.tpl'), array( - '$tabs'=> array(), - - '$check'=>array( - 'label' => t('Check Mail'), - 'url' => $a->get_baseurl(true) . '/message', - 'sel' => (argv(1) == ''), - ), - '$new'=>array( - 'label' => t('New Message'), - 'url' => $a->get_baseurl(true) . '/message/new', - 'sel'=> (argv(1) == 'new'), - ) - - ))); - -} - -function message_post(&$a) { - - if(! local_user()) - return; - - $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : ''); - $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : ''); - $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); - $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : ''); - $rstr = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : ''); - $expires = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : '0000-00-00 00:00:00'); - - // If we have a raw string for a recipient which hasn't been auto-filled, - // it means they probably aren't in our address book, hence we don't know - // if we have permission to send them private messages. - // finger them and find out before we try and send it. - - if(! $recipient) { - $channel = $a->get_channel(); - - $ret = zot_finger($rstr,$channel); - - if(! $ret['success']) { - notice( t('Unable to lookup recipient.') . EOL); - return; - } - $j = json_decode($ret['body'],true); - - logger('message_post: lookup: ' . $url . ' ' . print_r($j,true)); - - if(! ($j['success'] && $j['guid'])) { - notice( t('Unable to communicate with requested channel.')); - return; - } - - $x = import_xchan($j); - - if(! $x['success']) { - notice( t('Cannot verify requested channel.')); - return; - } - - $recipient = $x['hash']; - - $their_perms = 0; - - $global_perms = get_perms(); - - if($j['permissions']['data']) { - $permissions = aes_unencapsulate($j['permissions'],$channel['channel_prvkey']); - if($permissions) - $permissions = json_decode($permissions); - logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA); - } - else - $permissions = $j['permissions']; - - foreach($permissions as $k => $v) { - if($v) { - $their_perms = $their_perms | intval($global_perms[$k][1]); - } - } - - if(! ($their_perms & PERMS_W_MAIL)) { - notice( t('Selected channel has private message restrictions. Send failed.')); - return; - } - } - - if(feature_enabled(local_user(),'richtext')) { - $body = fix_mce_lf($body); - } - - if(! $recipient) { - notice('No recipient found.'); - $a->argc = 2; - $a->argv[1] = 'new'; - return; - } - - // We have a local_user, let send_message use the session channel and save a lookup - - $ret = send_message(0, $recipient, $body, $subject, $replyto, $expires); - - if(! $ret['success']) { - notice($ret['message']); - } - -} - -// Note: the code in 'item_extract_images' and 'item_redir_and_replace_images' -// is identical to the code in include/conversation.php -if(! function_exists('item_extract_images')) { -function item_extract_images($body) { - - $saved_image = array(); - $orig_body = $body; - $new_body = ''; - - $cnt = 0; - $img_start = strpos($orig_body, '[img'); - $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false); - $img_end = ($img_start !== false ? strpos(substr($orig_body, $img_start), '[/img]') : false); - while(($img_st_close !== false) && ($img_end !== false)) { - - $img_st_close++; // make it point to AFTER the closing bracket - $img_end += $img_start; - - if(! strcmp(substr($orig_body, $img_start + $img_st_close, 5), 'data:')) { - // This is an embedded image - - $saved_image[$cnt] = substr($orig_body, $img_start + $img_st_close, $img_end - ($img_start + $img_st_close)); - $new_body = $new_body . substr($orig_body, 0, $img_start) . '[!#saved_image' . $cnt . '#!]'; - - $cnt++; - } - else - $new_body = $new_body . substr($orig_body, 0, $img_end + strlen('[/img]')); - - $orig_body = substr($orig_body, $img_end + strlen('[/img]')); - - if($orig_body === false) // in case the body ends on a closing image tag - $orig_body = ''; - - $img_start = strpos($orig_body, '[img'); - $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false); - $img_end = ($img_start !== false ? strpos(substr($orig_body, $img_start), '[/img]') : false); - } - - $new_body = $new_body . $orig_body; - - return array('body' => $new_body, 'images' => $saved_image); -}} - -if(! function_exists('item_redir_and_replace_images')) { -function item_redir_and_replace_images($body, $images, $cid) { - - $origbody = $body; - $newbody = ''; - - for($i = 0; $i < count($images); $i++) { - $search = '/\[zrl\=(.*?)\]\[!#saved_image' . $i . '#!\]\[\/zrl\]' . '/is'; -//FIXME - $replace = '[zrl=' . z_path() . '/redir/' . $cid - . '?f=1&url=' . '$1' . '][!#saved_image' . $i . '#!][/zrl]' ; - - $img_end = strpos($origbody, '[!#saved_image' . $i . '#!][/url]') + strlen('[!#saved_image' . $i . '#!][/url]'); - $process_part = substr($origbody, 0, $img_end); - $origbody = substr($origbody, $img_end); - - $process_part = preg_replace($search, $replace, $process_part); - $newbody = $newbody . $process_part; - } - $newbody = $newbody . $origbody; - - $cnt = 0; - foreach($images as $image) { - // We're depending on the property of 'foreach' (specified on the PHP website) that - // it loops over the array starting from the first element and going sequentially - // to the last element - $newbody = str_replace('[!#saved_image' . $cnt . '#!]', '[img]' . $image . '[/img]', $newbody); - $cnt++; - } - - return $newbody; -}} - - - function message_content(&$a) { $o = ''; @@ -224,126 +32,15 @@ function message_content(&$a) { '$tab_content' => $tab_content )); - if((argc() == 3) && (argv(1) === 'drop' || argv(1) === 'dropconv')) { - if(! intval(argv(2))) - return; - $cmd = argv(1); - if($cmd === 'drop') { - $r = private_messages_drop(local_user(), argv(2)); - if($r) { - info( t('Message deleted.') . EOL ); - } - goaway($a->get_baseurl(true) . '/message' ); - } - else { - $r = private_messages_drop(local_user(), argv(2), true); - if($r) - info( t('Conversation removed.') . EOL ); - goaway($a->get_baseurl(true) . '/message' ); - } - } - - if((argc() == 3) && (argv(1) === 'recall')) { + if((argc() == 3) && (argv(1) === 'dropconv')) { if(! intval(argv(2))) return; $cmd = argv(1); - $r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d limit 1", - intval(MAIL_RECALLED), - intval(argv(2)), - intval(local_user()) - ); - proc_run('php','include/notifier.php','mail',intval(argv(2))); - - if($r) { - info( t('Message recalled.') . EOL ); - } + $r = private_messages_drop(local_user(), argv(2), true); + if($r) + info( t('Conversation removed.') . EOL ); goaway($a->get_baseurl(true) . '/message' ); - - } - - - if((argc() > 1) && ($a->argv[1] === 'new')) { - - $o .= $header; - - $plaintext = false; - if(intval(get_pconfig(local_user(),'system','plaintext'))) - $plaintext = true; - if(! feature_enabled(local_user(),'richtext')) - $plaintext = true; - - $tpl = get_markup_template('msg-header.tpl'); - - $a->page['htmlhead'] .= replace_macros($tpl, array( - '$baseurl' => $a->get_baseurl(true), - '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), - '$nickname' => $channel['channel_address'], - '$linkurl' => t('Please enter a link URL:'), - '$expireswhen' => t('Expires YYYY-MM-DD HH:MM') - )); - - $preselect = (isset($a->argv[2])?array($a->argv[2]):false); - - - $prename = $preurl = $preid = ''; - - if($preselect) { - $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash - where abook_channel = %d and abook_id = %d limit 1", - intval(local_user()), - intval(argv(2)) - ); - if($r) { - $prename = $r[0]['xchan_name']; - $preurl = $r[0]['xchan_url']; - $preid = $r[0]['abook_id']; - } - } - - $prefill = (($preselect) ? $prename : ''); - - if(! $prefill) { - if(array_key_exists('to',$_REQUEST)) - $prefill = $_REQUEST['to']; - } - - // the ugly select box - - $select = contact_select('messageto','message-to-select', $preselect, 4, true, false, false, 10); - - $tpl = get_markup_template('prv_message.tpl'); - $o .= replace_macros($tpl,array( - '$header' => t('Send Private Message'), - '$to' => t('To:'), - '$showinputs' => 'true', - '$prefill' => $prefill, - '$autocomp' => $autocomp, - '$preid' => $preid, - '$subject' => t('Subject:'), - '$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''), - '$text' => ((x($_REQUEST,'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''), - '$readonly' => '', - '$yourmessage' => t('Your message:'), - '$select' => $select, - '$parent' => '', - '$upload' => t('Upload photo'), - '$attach' => t('Attach file'), - '$insert' => t('Insert web link'), - '$wait' => t('Please wait'), - '$submit' => t('Submit'), - '$defexpire' => '', - '$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'), - '$expires' => t('Set expiration date'), - '$feature_encrypt' => ((feature_enabled(local_user(),'content_encrypt')) ? 'block' : 'none'), - '$encrypt' => t('Encrypt text'), - '$cipher' => $cipher, - - - )); - - return $o; } - if(argc() == 1) { // list messages @@ -382,148 +79,5 @@ function message_content(&$a) { return $o; } - if((argc() > 1) && (intval(argv(1)))) { - - $o .= $header; - - $plaintext = true; - if( local_user() && feature_enabled(local_user(),'richtext') ) - $plaintext = false; - - $messages = private_messages_fetch_conversation(local_user(), argv(1), true); - - if(! $messages) { - info( t('Message not found.') . EOL); - return $o; - } - - $other_channel = null; - if($messages[0]['to_xchan'] === $channel['channel_hash']) - $other_channel = $messages[0]['from']; - else - $other_channel = $messages[0]['to']; - - require_once('include/Contact.php'); - - $a->set_widget('mail_conversant',vcard_from_xchan($other_channel,$get_observer_hash,'mail')); - - - $tpl = get_markup_template('msg-header.tpl'); - - $a->page['htmlhead'] .= replace_macros($tpl, array( - '$nickname' => $channel['channel_addr'], - '$baseurl' => $a->get_baseurl(true), - '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), - '$linkurl' => t('Please enter a link URL:'), - '$expireswhen' => t('Expires YYYY-MM-DD HH:MM') - )); - - - $mails = array(); - $seen = 0; - $unknown = false; - - foreach($messages as $message) { - - $s = $arr = ''; - - if($message['attach']) - $arr = json_decode_plus($message['attach']); - if($arr) { - $s .= '<div class="body-attach">'; - foreach($arr as $r) { - $matches = false; - $icon = ''; - $icontype = substr($r['type'],0,strpos($r['type'],'/')); - - switch($icontype) { - case 'video': - case 'audio': - case 'image': - case 'text': - $icon = '<div class="attachtype icon s22 type-' . $icontype . '"></div>'; - break; - default: - $icon = '<div class="attachtype icon s22 type-unkn"></div>'; - break; - } - - $title = htmlentities($r['title'], ENT_COMPAT,'UTF-8'); - if(! $title) - $title = t('unknown.???'); - $title .= ' ' . $r['length'] . ' ' . t('bytes'); - - $url = $a->get_baseurl() . '/magic?f=&hash=' . $message['from_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; - $s .= '<a href="' . $url . '" title="' . $title . '" class="attachlink" >' . $icon . '</a>'; - } - $s .= '<div class="clear"></div></div>'; - } - - $mails[] = array( - 'id' => $message['id'], - 'from_name' => $message['from']['xchan_name'], - 'from_url' => chanlink_hash($message['from_xchan']), - 'from_photo' => $message['from']['xchan_photo_m'], - 'to_name' => $message['to']['xchan_name'], - 'to_url' => chanlink_hash($message['to_xchan']), - 'to_photo' => $message['to']['xchan_photo_m'], - 'subject' => $message['title'], - 'body' => smilies(bbcode($message['body']) . $s), - 'delete' => t('Delete message'), - 'recall' => t('Recall message'), - 'can_recall' => (($channel['channel_hash'] == $message['from_xchan']) ? true : false), - 'is_recalled' => (($message['mail_flags'] & MAIL_RECALLED) ? t('Message has been recalled.') : ''), - 'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A'), - ); - - $seen = $message['seen']; - - } - - $recp = (($message['from_xchan'] === $channel['channel_hash']) ? 'to' : 'from'); - -// FIXME - move this HTML to template - - $select = $message[$recp]['xchan_name'] . '<input type="hidden" name="messageto" value="' . $message[$recp]['xchan_hash'] . '" />'; - $parent = '<input type="hidden" name="replyto" value="' . $message['parent_mid'] . '" />'; - - $tpl = get_markup_template('mail_display.tpl'); - $o = replace_macros($tpl, array( - '$prvmsg_header' => t('Private Conversation'), - '$thread_id' => $a->argv[1], - '$thread_subject' => $message['title'], - '$thread_seen' => $seen, - '$delete' => t('Delete conversation'), - '$canreply' => (($unknown) ? false : '1'), - '$unknown_text' => t("No secure communications available. You <strong>may</strong> be able to respond from the sender's profile page."), - '$mails' => $mails, - - // reply - '$header' => t('Send Reply'), - '$to' => t('To:'), - '$showinputs' => '', - '$subject' => t('Subject:'), - '$subjtxt' => $message['title'], - '$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ', - '$yourmessage' => t('Your message:'), - '$text' => '', - '$select' => $select, - '$parent' => $parent, - '$upload' => t('Upload photo'), - '$attach' => t('Attach file'), - '$insert' => t('Insert web link'), - '$submit' => t('Submit'), - '$wait' => t('Please wait'), - '$defexpire' => '', - '$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'), - '$expires' => t('Set expiration date'), - '$feature_encrypt' => ((feature_enabled(local_user(),'content_encrypt')) ? 'block' : 'none'), - '$encrypt' => t('Encrypt text'), - '$cipher' => $cipher, - - )); - - return $o; - } } diff --git a/mod/mitem.php b/mod/mitem.php index 6a5785114..e0aa1b87a 100644 --- a/mod/mitem.php +++ b/mod/mitem.php @@ -1,6 +1,7 @@ <?php require_once('include/menu.php'); +require_once('include/acl_selectors.php'); function mitem_init(&$a) { if(! local_user()) @@ -25,6 +26,9 @@ function mitem_post(&$a) { if(! $a->data['menu']) return; + + $channel = $a->get_channel(); + $_REQUEST['mitem_channel_id'] = local_user(); $_REQUEST['menu_id'] = $a->data['menu']['menu_id']; @@ -34,29 +38,6 @@ function mitem_post(&$a) { if($_REQUEST['newwin']) $_REQUEST['mitem_flags'] |= MENU_ITEM_NEWWIN; -// FIXME!!!! - - if ((! $_REQUEST['contact_allow']) - && (! $_REQUEST['group_allow']) - && (! $_REQUEST['contact_deny']) - && (! $_REQUEST['group_deny'])) { - $str_group_allow = $channel['channel_allow_gid']; - $str_contact_allow = $channel['channel_allow_cid']; - $str_group_deny = $channel['channel_deny_gid']; - $str_contact_deny = $channel['channel_deny_cid']; - } - else { - - // use the posted permissions - - $str_group_allow = perms2str($_REQUEST['group_allow']); - $str_contact_allow = perms2str($_REQUEST['contact_allow']); - $str_group_deny = perms2str($_REQUEST['group_deny']); - $str_contact_deny = perms2str($_REQUEST['contact_deny']); - } - - - $mitem_id = ((argc() > 2) ? intval(argv(2)) : 0); if($mitem_id) { @@ -98,11 +79,10 @@ function mitem_content(&$a) { return ''; } - $a->set_widget('design',design_tools()); - + $channel = $a->get_channel(); $m = menu_fetch($a->data['menu']['menu_name'],local_user(), get_observer_hash()); - $a->set_widget('menu_preview',menu_render($m)); + $a->data['menu_item'] = $m; if(argc() == 2) { @@ -135,11 +115,24 @@ function mitem_content(&$a) { if(argc() > 2) { + + + if(argv(2) === 'new') { + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + $o = replace_macros(get_markup_template('mitemedit.tpl'), array( '$header' => t('New Menu Element'), '$menu_id' => $a->data['menu']['menu_id'], + '$permissions' => t('Menu Item Permissions'), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($perm_defaults), '$mitem_desc' => array('mitem_desc', t('Link text'), '', '','*'), '$mitem_link' => array('mitem_link', t('URL of link'), '', '', '*'), '$usezid' => array('usezid', t('Use Red magic-auth if available'), true, ''), @@ -180,6 +173,9 @@ function mitem_content(&$a) { $o = replace_macros(get_markup_template('mitemedit.tpl'), array( '$header' => t('Edit Menu Element'), '$menu_id' => $a->data['menu']['menu_id'], + '$permissions' => t('Menu Item Permissions'), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($mitem), '$mitem_id' => intval(argv(2)), '$mitem_desc' => array('mitem_desc', t('Link text'), $mitem['mitem_desc'], '','*'), '$mitem_link' => array('mitem_link', t('URL of link'), $mitem['mitem_link'], '', '*'), diff --git a/mod/network.php b/mod/network.php index 81b38a5ae..072f718ec 100644 --- a/mod/network.php +++ b/mod/network.php @@ -1,6 +1,11 @@ <?php require_once('include/items.php'); +require_once('include/group.php'); +require_once('include/contact_widgets.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + function network_init(&$a) { if(! local_user()) { @@ -11,101 +16,25 @@ function network_init(&$a) { $channel = $a->get_channel(); $a->profile_uid = local_user(); head_set_icon($channel['xchan_photo_s']); - - $is_a_date_query = false; - - if($a->argc > 1) { - for($x = 1; $x < $a->argc; $x ++) { - if(is_a_date_arg($a->argv[$x])) { - $is_a_date_query = true; - break; - } - } - } - - // convert query string to array and remove first element (wich is friendica args) - $query_array = array(); - parse_str($a->query_string, $query_array); - array_shift($query_array); - - // fetch last used tab and redirect if needed - $sel_tabs = network_query_get_sel_tab($a); - $last_sel_tabs = get_pconfig(local_user(), 'network.view','tab.selected'); - if (is_array($last_sel_tabs)){ - $tab_urls = array( - '/network?f=&order=comment',//all - '/network?f=&order=post', //postord - '/network?f=&conv=1', //conv - '/network/new', //new - '/network?f=&star=1', //starred - '/network?f=&spam=1', //spam - ); - - // redirect if current selected tab is 'no_active' and - // last selected tab is _not_ 'all_active'. - // and this isn't a date query - - if ($sel_tabs[0] == 'active' && $last_sel_tabs[0]!='active' && (! $is_a_date_query)) { - $k = array_search('active', $last_sel_tabs); - - // merge tab querystring with request querystring - $dest_qa = array(); - list($dest_url,$dest_qs) = explode("?", $tab_urls[$k]); - parse_str( $dest_qs, $dest_qa); - $dest_qa = array_merge($query_array, $dest_qa); - $dest_qs = build_querystring($dest_qa); - - // groups filter is in form of "network/nnn". Add it to $dest_url, if it's possible - if ($a->argc==2 && is_numeric($a->argv[1]) && strpos($dest_url, "/",1)===false){ - $dest_url .= "/".$a->argv[1]; - } - -// goaway($a->get_baseurl() . $dest_url."?".$dest_qs); - } - } - - - require_once('include/group.php'); - require_once('include/contact_widgets.php'); - require_once('include/items.php'); - if(! x($a->page,'aside')) - $a->page['aside'] = ''; +} - $search = ((x($_GET,'search')) ? $_GET['search'] : ''); - +function network_content(&$a, $update = 0, $load = false) { - if(x($_GET,'save') && $search) { - $r = q("select * from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - if(! count($r)) { - q("insert into `term` ( `uid`,`type`,`term` ) values ( %d, %d, '%s') ", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - } - } - if(x($_GET,'remove')) { - q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); + if(! local_user()) { + $_SESSION['return_url'] = $a->query_string; + return login(false); } - $a->page['aside'] .= group_side('network','network',true,$group_id); - $a->page['aside'] .= posted_date_widget($a->get_baseurl() . '/network',local_user(),false); + $arr = array('query' => $a->query_string); - $a->page['aside'] .= saved_searches($search); - $a->page['aside'] .= fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : '')); + call_hooks('network_content_init', $arr); + $channel = $a->get_channel(); + $search = (($_GET['search']) ? $_GET['search'] : ''); if($search) { if(strpos($search,'@') === 0) { $r = q("select abook_id from abook left join xchan on abook_xchan = xchan_hash where xchan_name = '%s' and abook_channel = %d limit 1", @@ -122,145 +51,7 @@ function network_init(&$a) { } } - $group_id = ((x($_GET,'gid')) ? intval($_GET['gid']) : 0); - - - - -} - -function saved_searches($search) { - - if(! feature_enabled(local_user(),'savedsearch')) - return ''; - - $a = get_app(); - - $srchurl = '/network?f=' - . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '') - . ((x($_GET,'star')) ? '&star=' . $_GET['star'] : '') - . ((x($_GET,'conv')) ? '&conv=' . $_GET['conv'] : '') - . ((x($_GET,'cmin')) ? '&cmin=' . $_GET['cmin'] : '') - . ((x($_GET,'cmax')) ? '&cmax=' . $_GET['cmax'] : '') - . ((x($_GET,'file')) ? '&file=' . $_GET['file'] : ''); - ; - - $o = ''; - - $r = q("select `tid`,`term` from `term` WHERE `uid` = %d and `type` = %d ", - intval(local_user()), - intval(TERM_SAVEDSEARCH) - ); - - $saved = array(); - - if(count($r)) { - foreach($r as $rr) { - $saved[] = array( - 'id' => $rr['tid'], - 'term' => $rr['term'], - 'displayterm' => htmlspecialchars($rr['term']), - 'encodedterm' => urlencode($rr['term']), - 'delete' => t('Remove term'), - 'selected' => ($search==$rr['term']), - ); - } - } - - - $tpl = get_markup_template("saved_searches_aside.tpl"); - $o = replace_macros($tpl, array( - '$title' => t('Saved Searches'), - '$add' => t('add'), - '$searchbox' => search('','netsearch-box',$srchurl,true), - '$saved' => $saved, - )); - - return $o; - -} - -/** - * Return selected tab from query - * - * urls -> returns - * '/network' => $no_active = 'active' - * '/network?f=&order=comment' => $comment_active = 'active' - * '/network?f=&order=post' => $postord_active = 'active' - * '/network?f=&conv=1', => $conv_active = 'active' - * '/network/new', => $new_active = 'active' - * '/network?f=&star=1', => $starred_active = 'active' - * '/network?f=&spam=1', => $spam_active = 'active' - * - * @return Array ( $no_active, $comment_active, $postord_active, $conv_active, $new_active, $starred_active, $spam_active ); - */ -function network_query_get_sel_tab($a) { - $no_active=''; - $starred_active = ''; - $new_active = ''; - $all_active = ''; - $search_active = ''; - $conv_active = ''; - $spam_active = ''; - $postord_active = ''; - - if(x($_GET,'new')) { - $new_active = 'active'; - } - - if(x($_GET,'search')) { - $search_active = 'active'; - } - - if(x($_GET,'star')) { - $starred_active = 'active'; - } - - if(x($_GET,'conv')) { - $conv_active = 'active'; - } - - if(x($_GET,'spam')) { - $spam_active = 'active'; - } - - - if (($new_active == '') - && ($starred_active == '') - && ($conv_active == '') - && ($search_active == '') - && ($spam_active == '')) { - $no_active = 'active'; - } - - if ($no_active=='active' && x($_GET,'order')) { - switch($_GET['order']){ - case 'post': $postord_active = 'active'; $no_active=''; break; - case 'comment' : $all_active = 'active'; $no_active=''; break; - } - } - - return array($no_active, $all_active, $postord_active, $conv_active, $new_active, $starred_active, $spam_active); -} - - -function network_content(&$a, $update = 0, $load = false) { - - require_once('include/conversation.php'); - - if(! local_user()) { - $_SESSION['return_url'] = $a->query_string; - return login(false); - } - - - - $arr = array('query' => $a->query_string); - - call_hooks('network_content_init', $arr); - - $channel = $a->get_channel(); $datequery = $datequery2 = ''; @@ -278,84 +69,28 @@ function network_content(&$a, $update = 0, $load = false) { $_GET['order'] = 'post'; if($gid) { + $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1", + intval($gid), + intval(local_user()) + ); + if(! $r) { + if($update) + killme(); + notice( t('No such group') . EOL ); + goaway($a->get_baseurl(true) . '/network'); + // NOTREACHED + } + $group = $gid; - $def_acl = array('allow_gid' => '<' . $group . '>'); + $group_hash = $r[0]['hash']; + $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); } $o = ''; - // item filter tabs - // TODO: fix this logic, reduce duplication - //$a->page['content'] .= '<div class="tabs-wrapper">'; - list($no_active, $all_active, $postord_active, $conv_active, $new_active, $starred_active, $spam_active) = network_query_get_sel_tab($a); - // if no tabs are selected, defaults to comments - if ($no_active=='active') $all_active='active'; - //echo "<pre>"; var_dump($no_active, $all_active, $postord_active, $conv_active, $new_active, $starred_active, $bookmarked_active, $spam_active); killme(); - - $cmd = (($datequery) ? '' : $a->cmd); - $len_naked_cmd = strlen(str_replace('/new','',$cmd)); - - // tabs - $tabs = array( - array( - 'label' => t('Commented Order'), - 'url'=>$a->get_baseurl(true) . '/' . $cmd . '?f=&order=comment' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), - 'sel'=>$all_active, - 'title'=> t('Sort by Comment Date'), - ), - array( - 'label' => t('Posted Order'), - 'url'=>$a->get_baseurl(true) . '/' . $cmd . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), - 'sel'=>$postord_active, - 'title' => t('Sort by Post Date'), - ), - - array( - 'label' => t('Personal'), - 'url' => $a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1', - 'sel' => $conv_active, - 'title' => t('Posts that mention or involve you'), - ), - array( - 'label' => t('New'), - 'url' => $a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&new=1', - 'sel' => $new_active, - 'title' => t('Activity Stream - by date'), - ), - - ); - - if(feature_enabled(local_user(),'star_posts')) - $tabs[] = array( - 'label' => t('Starred'), - 'url'=>$a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1', - 'sel'=>$starred_active, - 'title' => t('Favourite Posts'), - ); - - // Not yet implemented - - if(feature_enabled(local_user(),'spam_filter')) - $tabs[] = array( - 'label' => t('Spam'), - 'url'=>$a->get_baseurl(true) . '/network?f=&spam=1', - 'sel'=> $spam_active, - 'title' => t('Posts flagged as SPAM'), - ); - - - - - // save selected tab, but only if not in search or file mode -// if(!x($_GET,'search') && !x($_GET,'file')) { -// set_pconfig( local_user(), 'network.view','tab.selected',array($all_active, $postord_active, $conv_active, $new_active, $starred_active, $bookmarked_active, $spam_active) ); -// } - - $contact_id = $a->cid; - - require_once('include/acl_selectors.php'); + // if no tabs are selected, defaults to comments $cid = ((x($_GET,'cid')) ? intval($_GET['cid']) : 0); $star = ((x($_GET,'star')) ? intval($_GET['star']) : 0); @@ -376,40 +111,21 @@ function network_content(&$a, $update = 0, $load = false) { if(! $update) { + $o .= network_tabs(); - if(feature_enabled(local_user(),'affinity')) { - $tpl = get_markup_template('main_slider.tpl'); - $x = replace_macros($tpl,array( - '$val' => intval($cmin) . ';' . intval($cmax), - '$refresh' => t('Refresh'), - '$me' => t('Me'), - '$intimate' => t('Best Friends'), - '$friends' => t('Friends'), - '$coworkers' => t('Co-workers'), - '$oldfriends' => t('Former Friends'), - '$acquaintances' => t('Acquaintances'), - '$world' => t('Everybody') - )); - $arr = array('html' => $x); - call_hooks('main_slider',$arr); - $o .= $arr['html']; - } - - $arr = array('tabs' => $tabs); - call_hooks('network_tabs', $arr); - - $o .= replace_macros(get_markup_template('common_tabs.tpl'), array('$tabs'=> $arr['tabs'])); - - // --- end item filter tabs - - $search = (($_GET['search']) ? $_GET['search'] : ''); // search terms header if($search) - $o .= '<h2>' . t('Search Results For:') . ' ' . htmlspecialchars($search) . '</h2>'; + $o .= '<h2>' . t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>'; nav_set_selected('network'); - $celeb = false; + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + $x = array( 'is_owner' => true, @@ -417,8 +133,7 @@ function network_content(&$a, $update = 0, $load = false) { 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), -// FIXME - 'acl' => populate_acl((($group || $cid || $nets) ? $def_acl : $channel), $celeb), + 'acl' => populate_acl((($group || $cid) ? $def_acl : $channel_acl)), 'bang' => (($group || $cid) ? '!' : ''), 'visitor' => 'block', 'profile_uid' => local_user() @@ -443,18 +158,6 @@ function network_content(&$a, $update = 0, $load = false) { $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; if($group) { - $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1", - intval($group), - intval(local_user()) - ); - if(! $r) { - if($update) - killme(); - notice( t('No such group') . EOL ); - goaway($a->get_baseurl(true) . '/network'); - // NOTREACHED - } - $contact_str = ''; $contacts = group_get_members($group); if($contacts) { @@ -466,10 +169,16 @@ function network_content(&$a, $update = 0, $load = false) { } else { $contact_str = ' 0 '; - info( t('Group is empty')); + info( t('Collection is empty')); } - $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str)) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; + $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; + + $x = group_rec_byhash(local_user(), $group_hash); + + if($x) + $o = '<h2>' . t('Collection: ') . $x['name'] . '</h2>' . $o; + } @@ -512,7 +221,7 @@ function network_content(&$a, $update = 0, $load = false) { . "'; var profile_page = " . $a->pager['page'] . ";</script>"; -logger('Search: ' . $search); + $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( '$baseurl' => z_root(), @@ -734,7 +443,7 @@ logger('Search: ' . $search); $o .= alt_pager($a,count($items)); if($load) { - logger('mod_network: load: ' . count($items) . ' items', LOGGER_DATA); +// logger('mod_network: load: ' . count($items) . ' items', LOGGER_DATA); profiler($start,$first,'network parents'); profiler($first,$second,'network children'); diff --git a/mod/nogroup.php b/mod/nogroup.php deleted file mode 100644 index 31ccaadbf..000000000 --- a/mod/nogroup.php +++ /dev/null @@ -1,65 +0,0 @@ -<?php - -require_once('include/Contact.php'); -require_once('include/socgraph.php'); -require_once('include/contact_selectors.php'); - -function nogroup_init(&$a) { - - if(! local_user()) - return; - - require_once('include/group.php'); - require_once('include/contact_widgets.php'); - - if(! x($a->page,'aside')) - $a->page['aside'] = ''; - - $a->page['aside'] .= group_side('contacts','group',false,0,$contact_id); -} - - -function nogroup_content(&$a) { - - if(! local_user()) { - notice( t('Permission denied.') . EOL); - return ''; - } - - require_once('include/Contact.php'); - $r = contacts_not_grouped(local_user()); - if(count($r)) { - $a->set_pager_total($r[0]['total']); - } - $r = contacts_not_grouped(local_user(),$a->pager['start'],$a->pager['itemspage']); - if(count($r)) { - foreach($r as $rr) { - - - $contacts[] = array( - 'img_hover' => sprintf( t('Visit %s\'s profile [%s]'),$rr['name'],$rr['url']), - 'edit_hover' => t('Edit contact'), - 'photo_menu' => contact_photo_menu($rr), - 'id' => $rr['id'], - 'alt_text' => $alt_text, - 'dir_icon' => $dir_icon, - 'thumb' => $rr['thumb'], - 'name' => $rr['name'], - 'username' => $rr['name'], - 'sparkle' => $sparkle, - 'itemurl' => $rr['url'], - 'link' => $url, - 'network' => network_to_name($rr['network']), - ); - } - } - $tpl = get_markup_template("nogroup-template.tpl"); - $o .= replace_macros($tpl,array( - '$header' => t('Contacts who are not members of a group'), - '$contacts' => $contacts, - '$paginate' => paginate($a), - )); - - return $o; - -} diff --git a/mod/notes.php b/mod/notes.php new file mode 100644 index 000000000..468b4ef26 --- /dev/null +++ b/mod/notes.php @@ -0,0 +1,16 @@ +<?php /** @file */ + +function notes_init(&$a) { + if(! local_user()) + return; + logger('mod_notes: ' . print_r($_REQUEST,true)); + + $ret = array('success' => true); + if($_REQUEST['note_text'] || $_REQUEST['note_text'] == '') { + $body = escape_tags($_REQUEST['note_text']); + set_pconfig(local_user(),'notes','text',$body); + } + logger('notes saved.'); + json_return_and_die($ret); + +} diff --git a/mod/notifications.php b/mod/notifications.php index 397ed272b..f327c2fe2 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -71,245 +71,6 @@ function notifications_content(&$a) { $o = ''; - $tabs = array( - array( - 'label' => t('System'), - 'url'=>$a->get_baseurl(true) . '/notifications/system', - 'sel'=> (($a->argv[1] == 'system') ? 'active' : ''), - ), -// array( -// 'label' => t('Network'), -// 'url'=>$a->get_baseurl(true) . '/notifications/network', -// 'sel'=> (($a->argv[1] == 'network') ? 'active' : ''), -// ), - array( - 'label' => t('Personal'), - 'url'=>$a->get_baseurl(true) . '/notifications/personal', - 'sel'=> (($a->argv[1] == 'personal') ? 'active' : ''), - ), -// array( -// 'label' => t('Home'), -// 'url' => $a->get_baseurl(true) . '/notifications/home', -// 'sel'=> (($a->argv[1] == 'home') ? 'active' : ''), -// ), - array( - 'label' => t('Introductions'), - 'url' => $a->get_baseurl(true) . '/connections/pending', - 'sel'=> (($a->argv[1] == 'intros') ? 'active' : ''), - ), - array( - 'label' => t('Messages'), - 'url' => $a->get_baseurl(true) . '/message', - 'sel'=> '', - ), - ); - - $o = ""; - -//Disabled - - if( (($a->argc > 1) && ($a->argv[1] == 'intros')) || (($a->argc == 1))) { - nav_set_selected('introductions'); - if(($a->argc > 2) && ($a->argv[2] == 'all')) - $sql_extra = ''; - else - $sql_extra = " AND `ignore` = 0 "; - - $notif_tpl = get_markup_template('notifications.tpl'); - - $notif_content .= '<a href="' . ((strlen($sql_extra)) ? 'notifications/intros/all' : 'notifications/intros' ) . '" id="notifications-show-hide-link" >' - . ((strlen($sql_extra)) ? t('Show Ignored Requests') : t('Hide Ignored Requests')) . '</a></div>' . "\r\n"; - - $r = q("SELECT COUNT(*) AS `total` FROM `intro` - WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ", - intval($_SESSION['uid']) - ); - if($r && count($r)) { - $a->set_pager_total($r[0]['total']); - $a->set_pager_itemspage(20); - } - - $r = q("SELECT `intro`.`id` AS `intro_id`, `intro`.*, `contact`.*, `fcontact`.`name` AS `fname`,`fcontact`.`url` AS `furl`,`fcontact`.`photo` AS `fphoto`,`fcontact`.`request` AS `frequest` - FROM `intro` LEFT JOIN `contact` ON `contact`.`id` = `intro`.`contact-id` LEFT JOIN `fcontact` ON `intro`.`fid` = `fcontact`.`id` - WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ", - intval($_SESSION['uid'])); - - if(($r !== false) && (count($r))) { - - $sugg = get_markup_template('suggestions.tpl'); - $tpl = get_markup_template("intros.tpl"); - - foreach($r as $rr) { - if($rr['fid']) { - - $return_addr = bin2hex($a->user['nickname'] . '@' . $a->get_hostname() . (($a->path) ? '/' . $a->path : '')); - $notif_content .= replace_macros($sugg,array( - '$str_notifytype' => t('Notification type: '), - '$notify_type' => t('Friend Suggestion'), - '$intro_id' => $rr['intro_id'], - '$madeby' => sprintf( t('suggested by %s'),$rr['name']), - '$contact_id' => $rr['contact-id'], - '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/person-175.jpg"), - '$fullname' => $rr['fname'], - '$url' => zid($rr['furl']), - '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''), - '$activity' => array('activity', t('Post a new friend activity'), (intval(get_pconfig(local_user(),'system','post_newfriend')) ? '1' : 0), t('if applicable')), - - '$knowyou' => $knowyou, - '$approve' => t('Approve'), - '$note' => $rr['note'], - '$request' => $rr['frequest'] . '?addr=' . $return_addr, - '$ignore' => t('Ignore'), - '$discard' => t('Discard') - - )); - - continue; - - } - $friend_selected = (($rr['network'] !== NETWORK_OSTATUS) ? ' checked="checked" ' : ' disabled '); - $fan_selected = (($rr['network'] === NETWORK_OSTATUS) ? ' checked="checked" disabled ' : ''); - $dfrn_tpl = get_markup_template('netfriend.tpl'); - - $knowyou = ''; - $dfrn_text = ''; - - if($rr['network'] === NETWORK_DFRN || $rr['network'] === NETWORK_DIASPORA) { - if($rr['network'] === NETWORK_DFRN) - $knowyou = t('Claims to be known to you: ') . (($rr['knowyou']) ? t('yes') : t('no')); - else - $knowyou = ''; - $dfrn_text = replace_macros($dfrn_tpl,array( - '$intro_id' => $rr['intro_id'], - '$friend_selected' => $friend_selected, - '$fan_selected' => $fan_selected, - '$approve_as' => t('Approve as: '), - '$as_friend' => t('Friend'), - '$as_fan' => (($rr['network'] == NETWORK_DIASPORA) ? t('Sharer') : t('Fan/Admirer')) - )); - } - - $notif_content .= replace_macros($tpl,array( - '$str_notifytype' => t('Notification type: '), - '$notify_type' => (($rr['network'] !== NETWORK_OSTATUS) ? t('Friend/Connect Request') : t('New Follower')), - '$dfrn_text' => $dfrn_text, - '$dfrn_id' => $rr['issued_id'], - '$uid' => $_SESSION['uid'], - '$intro_id' => $rr['intro_id'], - '$contact_id' => $rr['contact-id'], - '$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/person-175.jpg"), - '$fullname' => $rr['name'], - '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''), - '$activity' => array('activity', t('Post a new friend activity'), (intval(get_pconfig(local_user(),'system','post_newfriend')) ? '1' : 0), t('if applicable')), - '$url' => zid($rr['url']), - '$knowyou' => $knowyou, - '$approve' => t('Approve'), - '$note' => $rr['note'], - '$ignore' => t('Ignore'), - '$discard' => t('Discard') - - )); - } - } - else - info( t('No introductions.') . EOL); - - $o .= replace_macros($notif_tpl,array( - '$notif_header' => t('Notifications'), - '$tabs' => $tabs, - '$notif_content' => $notif_content, - )); - - $o .= paginate($a); - return $o; - - } - - elseif (($a->argc > 1) && ($a->argv[1] == 'network')) { - - $notif_tpl = get_markup_template('notifications.tpl'); - - $r = q("SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, - `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` as `object`, - `pitem`.`author-name` as `pname`, `pitem`.`author-link` as `plink` - FROM `item` INNER JOIN `item` as `pitem` ON `pitem`.`id`=`item`.`parent` - WHERE `item`.`unseen` = 1 AND `item`.`visible` = 1 AND - `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0 ORDER BY `item`.`created` DESC" , - intval(local_user()) - ); - - $tpl_item_likes = get_markup_template('notifications_likes_item.tpl'); - $tpl_item_dislikes = get_markup_template('notifications_dislikes_item.tpl'); - $tpl_item_friends = get_markup_template('notifications_friends_item.tpl'); - $tpl_item_comments = get_markup_template('notifications_comments_item.tpl'); - $tpl_item_posts = get_markup_template('notifications_posts_item.tpl'); - - $notif_content = ''; - - if (count($r) > 0) { - - foreach ($r as $it) { - switch($it['verb']){ - case ACTIVITY_LIKE: - $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - break; - - case ACTIVITY_DISLIKE: - $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - break; - - case ACTIVITY_FRIEND: - - $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - $obj = parse_xml_string($xmlhead.$it['object']); - $it['fname'] = $obj->title; - - $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), - '$item_when' => relative_date($it['created']) - )); - break; - - default: - $item_text = (($it['id'] == $it['parent']) - ? sprintf( t("%s created a new post"), $it['author-name']) - : sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname'])); - $tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments); - - $notif_content .= replace_macros($tpl,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => $item_text, - '$item_when' => relative_date($it['created']) - )); - } - } - - } else { - - $notif_content = t('No more network notifications.'); - } - - $o .= replace_macros($notif_tpl,array( - '$notif_header' => t('Network Notifications'), - '$tabs' => $tabs, - '$notif_content' => $notif_content, - )); - - } else if (($a->argc > 1) && ($a->argv[1] == 'system')) { - $notif_tpl = get_markup_template('notifications.tpl'); $not_tpl = get_markup_template('notify.tpl'); @@ -334,183 +95,8 @@ function notifications_content(&$a) { $o .= replace_macros($notif_tpl,array( '$notif_header' => t('System Notifications'), - '$tabs' => $tabs, - '$notif_content' => $notif_content, - )); - - } else if (($a->argc > 1) && ($a->argv[1] == 'personal')) { - - $notif_tpl = get_markup_template('notifications.tpl'); - - $myurl = $a->get_baseurl(true) . '/channel/'. $a->user['nickname']; - $myurl = substr($myurl,strpos($myurl,'://')+3); - $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); - $diasp_url = str_replace('/channel/','/u/',$myurl); - $sql_extra .= sprintf(" AND ( `item`.`author-link` regexp '%s' or `item`.`tag` regexp '%s' or `item`.`tag` regexp '%s' ) ", - dbesc($myurl . '$'), - dbesc($myurl . '\\]'), - dbesc($diasp_url . '\\]') - ); - - - $r = q("SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, - `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` as `object`, - `pitem`.`author-name` as `pname`, `pitem`.`author-link` as `plink` - FROM `item` INNER JOIN `item` as `pitem` ON `pitem`.`id`=`item`.`parent` - WHERE `item`.`unseen` = 1 AND `item`.`visible` = 1 - $sql_extra - AND `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0 ORDER BY `item`.`created` DESC" , - intval(local_user()) - ); - - $tpl_item_likes = get_markup_template('notifications_likes_item.tpl'); - $tpl_item_dislikes = get_markup_template('notifications_dislikes_item.tpl'); - $tpl_item_friends = get_markup_template('notifications_friends_item.tpl'); - $tpl_item_comments = get_markup_template('notifications_comments_item.tpl'); - $tpl_item_posts = get_markup_template('notifications_posts_item.tpl'); - - $notif_content = ''; - - if (count($r) > 0) { - - foreach ($r as $it) { - switch($it['verb']){ - case ACTIVITY_LIKE: - $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - break; - - case ACTIVITY_DISLIKE: - $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - break; - - case ACTIVITY_FRIEND: - - $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - $obj = parse_xml_string($xmlhead.$it['object']); - $it['fname'] = $obj->title; - - $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), - '$item_when' => relative_date($it['created']) - )); - break; - - default: - $item_text = (($it['id'] == $it['parent']) - ? sprintf( t("%s created a new post"), $it['author-name']) - : sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname'])); - $tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments); - - $notif_content .= replace_macros($tpl,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => $item_text, - '$item_when' => relative_date($it['created']) - )); - } - } - - } else { - - $notif_content = t('No more personal notifications.'); - } - - $o .= replace_macros($notif_tpl,array( - '$notif_header' => t('Personal Notifications'), - '$tabs' => $tabs, - '$notif_content' => $notif_content, - )); - - - } else if (($a->argc > 1) && ($a->argv[1] == 'home')) { - - $notif_tpl = get_markup_template('notifications.tpl'); - - $r = q("SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, - `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` as `object`, - `pitem`.`author-name` as `pname`, `pitem`.`author-link` as `plink` - FROM `item` INNER JOIN `item` as `pitem` ON `pitem`.`id`=`item`.`parent` - WHERE `item`.`unseen` = 1 AND `item`.`visible` = 1 AND - `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 1 ORDER BY `item`.`created` DESC", - intval(local_user()) - ); - - $tpl_item_likes = get_markup_template('notifications_likes_item.tpl'); - $tpl_item_dislikes = get_markup_template('notifications_dislikes_item.tpl'); - $tpl_item_friends = get_markup_template('notifications_friends_item.tpl'); - $tpl_item_comments = get_markup_template('notifications_comments_item.tpl'); - - $notif_content = ''; - - if (count($r) > 0) { - - foreach ($r as $it) { - switch($it['verb']){ - case ACTIVITY_LIKE: - $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - - break; - case ACTIVITY_DISLIKE: - $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - - break; - case ACTIVITY_FRIEND: - - $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - $obj = parse_xml_string($xmlhead.$it['object']); - $it['fname'] = $obj->title; - - $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), - '$item_when' => relative_date($it['created']) - )); - - break; - default: - $notif_content .= replace_macros($tpl_item_comments,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - } - } - - } else { - $notif_content = t('No more home notifications.'); - } - - $o .= replace_macros($notif_tpl,array( - '$notif_header' => t('Home Notifications'), - '$tabs' => $tabs, '$notif_content' => $notif_content, )); - } - $o .= paginate($a); return $o; } diff --git a/mod/photo.php b/mod/photo.php index 3e86b02ba..6f047bea1 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -24,7 +24,7 @@ function photo_init(&$a) { $observer_xchan = get_observer_hash(); - $default = 'images/person-175.jpg'; + $default = get_default_profile_photo(); if(isset($type)) { @@ -38,11 +38,11 @@ function photo_init(&$a) { case 'm': $resolution = 5; - $default = 'images/person-80.jpg'; + $default = get_default_profile_photo(80); break; case 's': $resolution = 6; - $default = 'images/person-48.jpg'; + $default = get_default_profile_photo(48); break; case 'l': default: @@ -135,15 +135,15 @@ function photo_init(&$a) { switch($resolution) { case 4: - $data = file_get_contents('images/person-175.jpg'); + $data = file_get_contents(get_default_profile_photo()); $mimetype = 'image/jpeg'; break; case 5: - $data = file_get_contents('images/person-80.jpg'); + $data = file_get_contents(get_default_profile_photo(80)); $mimetype = 'image/jpeg'; break; case 6: - $data = file_get_contents('images/person-48.jpg'); + $data = file_get_contents(get_default_profile_photo(48)); $mimetype = 'image/jpeg'; break; default: diff --git a/mod/photos.php b/mod/photos.php index 43c74851a..63806896b 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -19,6 +19,9 @@ function photos_init(&$a) { if(argc() > 1) { $nick = argv(1); + + profile_load($a,$nick); + $channelx = channelx_by_nick($nick); if(! $channelx) @@ -31,16 +34,7 @@ function photos_init(&$a) { $observer_xchan = (($observer) ? $observer['xchan_hash'] : ''); - $a->data['perms'] = get_all_perms($channelx[0]['channel_id'],$observer_xchan); - - - - $a->set_widget('vcard',vcard_from_xchan($a->data['channel'],$observer)); head_set_icon($a->data['channel']['xchan_photo_s']); - if($a->data['perms']['view_photos']) { - $a->data['albums'] = photos_albums_list($a->data['channel'],$observer); - $a->set_widget('photo_albums',photos_album_widget($a->data['channel'],$observer,$a->data['albums'])); - } $a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "'; var profile_uid = " . (($a->data['channel']) ? $a->data['channel']['channel_id'] : 0) . "; </script>" ; @@ -596,6 +590,8 @@ function photos_content(&$a) { // Parse arguments // + $can_comment = perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'post_comments'); + if(argc() > 3) { $datatype = argv(2); $datum = argv(3); @@ -699,8 +695,19 @@ function photos_content(&$a) { $usage_message = sprintf( t('You have used %1$.2f Mbytes of photo storage.'), $r[0]['total'] / 1024000 ); } + if($_is_owner) { + $channel = $a->get_channel(); + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + } + $albumselect_e = $albumselect; - $aclselect_e = (($_is_owner) ? populate_acl($a->get_channel(), false) : ''); + $aclselect_e = (($_is_owner) ? populate_acl($channel_acl) : ''); $tpl = get_markup_template('photos_upload.tpl'); $o .= replace_macros($tpl,array( @@ -1052,7 +1059,7 @@ function photos_content(&$a) { $likebuttons = ''; - if($can_post || $a->data['perms']['post_comments']) { + if($can_post || $can_comment) { $likebuttons = replace_macros($like_tpl,array( '$id' => $link_item['id'], '$likethis' => t("I like this \x28toggle\x29"), @@ -1064,7 +1071,7 @@ function photos_content(&$a) { $comments = ''; if(! count($r)) { - if($can_post || $a->data['perms']['post_comments']) { + if($can_post || $can_comment) { $comments .= replace_macros($cmnt_tpl,array( '$return_path' => '', '$mode' => 'photos', @@ -1152,7 +1159,7 @@ function photos_content(&$a) { } - if($can_post || $a->data['perms']['post_comments']) { + if($can_post || $can_comment) { $comments .= replace_macros($cmnt_tpl,array( '$return_path' => '', '$jsreload' => $return_url, diff --git a/mod/ping.php b/mod/ping.php index 414f06e53..a0938cb15 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -151,7 +151,7 @@ function ping_init(&$a) { foreach($t as $zz) { // $msg = sprintf( t('sent you a private message.'), $zz['xchan_name']); $notifs[] = array( - 'notify_link' => $a->get_baseurl() . '/message/' . $zz['id'], + 'notify_link' => $a->get_baseurl() . '/mail/' . $zz['id'], 'name' => $zz['xchan_name'], 'url' => $zz['xchan_url'], 'photo' => $zz['xchan_photo_s'], diff --git a/mod/post.php b/mod/post.php index 92d810356..7f495140e 100644 --- a/mod/post.php +++ b/mod/post.php @@ -14,152 +14,435 @@ function post_init(&$a) { // Here we will pick out the magic auth params which arrive // as a get request, and the only communications to arrive this way. - if(argc() > 1) { - - $webbie = argv(1); - - if(array_key_exists('auth',$_REQUEST)) { - logger('mod_zot: auth request received.'); - $address = $_REQUEST['auth']; - $dest = $_REQUEST['dest']; - $sec = $_REQUEST['sec']; - $version = $_REQUEST['version']; - - switch($dest) { - case 'channel': - $desturl = z_root() . '/channel/' . $webbie; - break; - case 'photos': - $desturl = z_root() . '/photos/' . $webbie; - break; - case 'profile': - $desturl = z_root() . '/profile/' . $webbie; - break; - default: - $desturl = $dest; - break; - } - $c = q("select * from channel where channel_address = '%s' limit 1", - dbesc($webbie) - ); - if(! $c) { - logger('mod_zot: auth: unable to find channel ' . $webbie); - // They'll get a notice when they hit the page, we don't need two of them. - goaway($desturl); +/** + * Magic Auth + * ========== + * + * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), + * a redirection is made via $mysite/magic to the zot endpoint of the remote site ($remotesite) with special GET parameters. + * + * The endpoint is typically https://$remotesite/post - or whatever was specified as the callback url in prior communications + * (we will bootstrap an address and fetch a zot info packet if possible where no prior communications exist) + * + * Four GET parameters are supplied: + * + ** auth => the urlencoded webbie (channel@host.domain) of the channel requesting access + ** dest => the desired destination URL (urlencoded) + ** sec => a random string which is also stored on $mysite for use during the verification phase. + ** version => the zot revision + * + * When this packet is received, an "auth-check" zot message is sent to $mysite. + * (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post) + * If no information has been recorded about the requesting identity a zot information packet will be retrieved before + * continuing. + * + * The sender of this packet is an arbitrary/random site channel. The recipients will be a single recipient corresponding + * to the guid and guid_sig we have associated with the requesting auth identity + * + * + * { + * "type":"auth_check", + * "sender":{ + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TApz...", + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j..." + * }, + * "recipients":{ + * { + * "guid":"ZHSqb...", + * "guid_sig":"JsAAXi..." + * } + * } + * "callback":"\/post", + * "version":1, + * "secret":"1eaa661", + * "secret_sig":"eKV968b1..." + * } + * + * + * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see + * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the + * destination channel's private key and base64url encoded. If everything checks out, a json packet is returned: + * + * { + * "success":1, + * "confirm":"q0Ysovd1u..." + * "service_class":(optional) + * } + * + * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the + * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. + * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful + * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. + * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is + * a string whose contents are not defined by protocol. Example: "basic" or "gold". + * + * + * + */ + + if(array_key_exists('auth',$_REQUEST)) { + + $ret = array('success' => false, 'message' => ''); + + logger('mod_zot: auth request received.'); + $address = $_REQUEST['auth']; + $desturl = $_REQUEST['dest']; + $sec = $_REQUEST['sec']; + $version = $_REQUEST['version']; + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); + + // They are authenticating ultimately to the site and not to a particular channel. + // Any channel will do, providing it's currently active. We just need to have an + // identity to attach to the packet we send back. So find one. + + $c = q("select * from channel where not ( channel_pageflags & %d ) limit 1", + intval(PAGE_REMOVED) + ); + + if(! $c) { + // nobody here + logger('mod_zot: auth: unable to find a response channel'); + if($test) { + $ret['message'] .= 'no local channels found.' . EOL; + json_return_and_die($ret); } - // Try and find a hubloc for the person attempting to auth - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", - dbesc($address) - ); + goaway($desturl); + } - if(! $x) { - // finger them if they can't be found. - $ret = zot_finger($addr,null); - if($ret['success']) { - $j = json_decode($ret['body'],true); - if($j) - import_xchan($j); - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", - dbesc($address) - ); - } + // Try and find a hubloc for the person attempting to auth + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + dbesc($address) + ); + + if(! $x) { + // finger them if they can't be found. + $ret = zot_finger($address,null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + dbesc($address) + ); } - if(! $x) { - logger('mod_zot: auth: unable to finger ' . $addr); - goaway($desturl); + } + if(! $x) { + logger('mod_zot: auth: unable to finger ' . $address); + + if($test) { + $ret['message'] .= 'no hubloc found for ' . $address . ' and probing failed.' . EOL; + json_return_and_die($ret); } - logger('mod_zot: auth request received from ' . $x[0]['xchan_addr'] . ' for ' . $webbie); + goaway($desturl); + } + + logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] ); - // check credentials and access + // check credentials and access - // If they are already authenticated and haven't changed credentials, - // we can save an expensive network round trip and improve performance. + // If they are already authenticated and haven't changed credentials, + // we can save an expensive network round trip and improve performance. - $remote = remote_user(); - $result = null; + $remote = remote_user(); + $result = null; + $remote_service_class = ''; + $remote_hub = $x[0]['hubloc_url']; - $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote)) ? true : false); + // Also check that they are coming from the same site as they authenticated with originally. - if(! $already_authed) { - // Auth packets MUST use ultra top-secret hush-hush mode - $p = zot_build_packet($c[0],$type = 'auth_check', - array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), - $x[0]['hubloc_sitekey'], $sec); - $result = zot_zot($x[0]['hubloc_callback'],$p); - if(! $result['success']) { - logger('mod_zot: auth_check callback failed.'); - goaway($desturl); - } - $j = json_decode($result['body'],true); + $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + + $j = array(); + + if(! $already_authed) { + + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key + // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender + // which can be verified + + $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); + if($test) { + $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL; + $ret['message'] .= 'packet contents: ' . $p . EOL; } - if($already_authed || $j['success']) { - if($j['success']) { - // legit response, but we do need to check that this wasn't answered by a man-in-middle - if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { - logger('mod_zot: auth: final confirmation failed.'); - goaway($desturl); - } + $result = zot_zot($x[0]['hubloc_callback'],$p); + + + if(! $result['success']) { + logger('mod_zot: auth_check callback failed.'); + if($test) { + $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; + json_return_and_die($ret); } - // everything is good... maybe - if(local_user()) { - // tell them to logout if they're logged in locally as anything but the target remote account - // in which case just shut up because they don't need to be doing this at all. + goaway($desturl); + } + $j = json_decode($result['body'],true); + if(! $j) { + logger('mod_zot: auth_check json data malformed.'); + if($test) { + $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; + json_return_and_die($ret); + } + } + } - if($a->channel['channel_hash'] != $x[0]['xchan_hash']) { - logger('mod_zot: auth: already authenticated locally as somebody else.'); - notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); + if($test) { + $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; + } + + if($already_authed || $j['success']) { + if($j['success']) { + // legit response, but we do need to check that this wasn't answered by a man-in-middle + if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { + logger('mod_zot: auth: final confirmation failed.'); + if($test) { + $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true); + json_return_and_die($ret); } + goaway($desturl); } - // log them in - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $x[0]['xchan_hash']; - $_SESSION['my_address'] = $address; - $arr = array('xchan' => $x[0], 'url' => $desturl, 'channel_address' => $webbie); - call_hooks('magic_auth_success',$arr); - $a->set_observer($x[0]); - require_once('include/security.php'); - $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); - info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); - logger('mod_zot: auth success from ' . $x[0]['xchan_addr'] . ' for ' . $webbie); - - } else { - logger('mod_zot: still not authenticated: ' . $x[0]['xchan_addr']); - q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_addr = '%s'", - intval(HUBLOC_RECEIVE_ERROR), - $x[0][xchan_addr] - ); + if(array_key_exists('service_class',$j)) + $remote_service_class = $j['service_class']; } + // everything is good... maybe + if(local_user()) { + + // tell them to logout if they're logged in locally as anything but the target remote account + // in which case just shut up because they don't need to be doing this at all. + + if($a->channel['channel_hash'] != $x[0]['xchan_hash']) { + logger('mod_zot: auth: already authenticated locally as somebody else.'); + notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); + if($test) { + $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; + json_return_and_die($ret); + } -// FIXME - we really want to save the return_url in the session before we visit rmagic. -// This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again. -// But z_root() probably isn't where you really want to go. + } + goaway($desturl); + } + // log them in - if(strstr($desturl,z_root() . '/rmagic')) - goaway(z_root()); + if($test) { + $ret['success'] = true; + $ret['message'] .= 'Authentication Success!' . EOL; + json_return_and_die($ret); + } - goaway($desturl); + + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $x[0]['xchan_hash']; + $_SESSION['my_address'] = $address; + $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_hub'] = $remote_hub; + + $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); + call_hooks('magic_auth_success',$arr); + $a->set_observer($x[0]); + require_once('include/security.php'); + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); + logger('mod_zot: auth success from ' . $x[0]['xchan_addr']); + + } else { + if($test) { + $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + json_return_and_dir($ret); + } + + logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); + q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", + intval(HUBLOC_RECEIVE_ERROR), + intval($x[0]['hubloc_id']) + ); } - logger('mod_zot: invalid args: ' . print_r($a->argv,true)); - killme(); - } + // FIXME - we really want to save the return_url in the session before we visit rmagic. + // This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again. + // But z_root() probably isn't where you really want to go. + + if($test) { + $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + json_return_and_dir($ret); + } + + if(strstr($desturl,z_root() . '/rmagic')) + goaway(z_root()); + goaway($desturl); + } return; } - +/** + * @function post_post(&$a) + * zot communications and messaging + * + * Sender HTTP posts to this endpoint ($site/post typically) with 'data' parameter set to json zot message packet. + * This packet is optionally encrypted, which we will discover if the json has an 'iv' element. + * $contents => array( 'alg' => 'aes256cbc', 'iv' => initialisation vector, 'key' => decryption key, 'data' => encrypted data); + * $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded. + * Currently only 'aes256cbc' is used, but this is extensible should that algorithm prove inadequate. + * + * Once decrypted, one will find the normal json_encoded zot message packet. + * + * Defined packet types are: notify, purge, refresh, auth_check, ping, and pickup + * + * Standard packet: (used by notify, purge, refresh, and auth_check) + * + * { + * "type": "notify", + * "sender":{ + * "guid":"kgVFf_1...", + * "guid_sig":"PT9-TApzp...", + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j5...", + * }, + * "recipients": { optional recipient array }, + * "callback":"\/post", + * "version":1, + * "secret":"1eaa...", + * "secret_sig": "df89025470fac8..." + * } + * + * Signature fields are all signed with the sender channel private key and base64url encoded. + * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private + * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates + * a public message or visible to all potential listeners on this site. + * + * "pickup" packet: + * The pickup packet is sent in response to a notify packet from another site + * + * { + * "type":"pickup", + * "url":"http:\/\/example.com", + * "callback":"http:\/\/example.com\/post", + * "callback_sig":"teE1_fLI...", + * "secret":"1eaa...", + * "secret_sig":"O7nB4_..." + * } + * + * In the pickup packet, the sig fields correspond to the respective data element signed with this site's system + * private key and then base64url encoded. + * The "secret" is the same as the original secret from the notify packet. + * + * If verification is successful, a json structure is returned + * containing a success indicator and an array of type 'pickup'. + * Each pickup element contains the original notify request and a message field whose contents are + * dependent on the message type + * + * This JSON array is AES encapsulated using the site public key of the site that sent the initial zot pickup packet. + * Using the above example, this would be example.com. + * + * + * { + * "success":1, + * "pickup":{ + * "notify":{ + * "type":"notify", + * "sender":{ + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TApz...", + * "url":"http:\/\/z.podunk.edu", + * "url_sig":"T8Bp7j5D..." + * }, + * "callback":"\/post", + * "version":1, + * "secret":"1eaa661..." + * }, + * "message":{ + * "type":"activity", + * "message_id":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "message_top":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "message_parent":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "created":"2012-11-20 04:04:16", + * "edited":"2012-11-20 04:04:16", + * "title":"", + * "body":"Hi Nickordo", + * "app":"", + * "verb":"post", + * "object_type":"", + * "target_type":"", + * "permalink":"", + * "location":"", + * "longlat":"", + * "owner":{ + * "name":"Indigo", + * "address":"indigo@podunk.edu", + * "url":"http:\/\/podunk.edu", + * "photo":{ + * "mimetype":"image\/jpeg", + * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" + * }, + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TAp...", + * }, + * "author":{ + * "name":"Indigo", + * "address":"indigo@podunk.edu", + * "url":"http:\/\/podunk.edu", + * "photo":{ + * "mimetype":"image\/jpeg", + * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" + * }, + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TAp..." + * } + * } + * } + *} + * + * Currently defined message types are 'activity', 'mail', 'profile' and 'channel_sync', which each have + * different content schemas. + * + * Ping packet: + * A ping packet does not require any parameters except the type. It may or may not be encrypted. + * + * { + * "type": "ping" + * } + * + * On receipt of a ping packet a ping response will be returned: + * + * { + * "success" : 1, + * "site" { + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j5...", + * "sitekey": "-----BEGIN PUBLIC KEY----- + * MIICIjANBgkqhkiG9w0BAQE..." + * } + * } + * + * The ping packet can be used to verify that a site has not been re-installed, and to + * initiate corrective action if it has. The url_sig is signed with the site private key + * and base64url encoded - and this should verify with the enclosed sitekey. Failure to + * verify indicates the site is corrupt or otherwise unable to communicate using zot. + * This return packet is not otherwise verified, so should be compared with other + * results obtained from this site which were verified prior to taking action. For instance + * if you have one verified result with this signature and key, and other records for this + * url which have different signatures and keys, it indicates that the site was re-installed + * and corrective action may commence (remove or mark invalid any entries with different + * signatures). + * If you have no records which match this url_sig and key - no corrective action should + * be taken as this packet may have been returned by an imposter. + * + */ function post_post(&$a) { logger('mod_zot: ' . print_r($_REQUEST,true), LOGGER_DEBUG); + $encrypted_packet = false; $ret = array('success' => false); $data = json_decode($_REQUEST['data'],true); @@ -172,17 +455,10 @@ function post_post(&$a) { */ if(array_key_exists('iv',$data)) { - $data = aes_unencapsulate($data,get_config('system','prvkey')); + $encrypted_packet = true; + $data = crypto_unencapsulate($data,get_config('system','prvkey')); logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA); - -// susceptible to Bleichenbacher's attack -// if(! $data) { -// $ret['message'] = 'Decryption failed.'; -// json_return_and_die($ret); -// } - $data = json_decode($data,true); - } if(! $data) { @@ -265,6 +541,7 @@ function post_post(&$a) { if((! $forgery) && (! $secret_fail)) break; } + if($forgery) { $ret['message'] = 'possible site forgery'; logger('mod_zot: pickup: ' . $ret['message']); @@ -312,13 +589,16 @@ function post_post(&$a) { ); } } - $encrypted = aes_encapsulate(json_encode($ret),$sitekey); + + $encrypted = crypto_encapsulate(json_encode($ret),$sitekey); json_return_and_die($encrypted); /** pickup: end */ } + + /** * All other message types require us to verify the sender. This is a generic check, so we * will do it once here and bail if anything goes wrong. @@ -355,12 +635,121 @@ function post_post(&$a) { intval($hub['hubloc_id']) ); + /** + * This hub has now been proven to be valid. + * Any hub with the same URL and a different sitekey cannot be valid. + * Get rid of them (mark them deleted). There's a good chance they were re-installs. + * + */ + + q("update hubloc set hubloc_flags = ( hubloc_flags | %d ) where hubloc_url = '%s' and hubloc_sitekey != '%s' ", + intval(HUBLOC_FLAGS_DELETED), + dbesc($hub['hubloc_url']), + dbesc($hub['hubloc_sitekey']) + ); // TODO: check which hub is primary and take action if mismatched if(array_key_exists('recipients',$data)) $recipients = $data['recipients']; + + if($msgtype === 'auth_check') { + + /** + * Requestor visits /magic/?dest=somewhere on their own site with a browser + * magic redirects them to $destsite/post [with auth args....] + * $destsite sends an auth_check packet to originator site + * The auth_check packet is handled here by the originator's site + * - the browser session is still waiting + * inside $destsite/post for everything to verify + * If everything checks out we'll return a token to $destsite + * and then $destsite will verify the token, authenticate the browser + * session and then redirect to the original destination. + * If authentication fails, the redirection to the original destination + * will still take place but without authentication. + */ + logger('mod_zot: auth_check', LOGGER_DEBUG); + + if(! $encrypted_packet) { + logger('mod_zot: auth_check packet was not encrypted.'); + $ret['message'] .= 'no packet encryption' . EOL; + json_return_and_die($ret); + } + + $arr = $data['sender']; + $sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); + + // garbage collect any old unused notifications + q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE"); + + $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", + dbesc($sender_hash) + ); + + // We created a unique hash in mod/magic.php when we invoked remote auth, and stored it in + // the verify table. It is now coming back to us as 'secret' and is signed by a channel at the other end. + // First verify their signature. We will have obtained a zot-info packet from them as part of the sender + // verification. + + if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { + logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); + $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; + json_return_and_die($ret); + } + + // There should be exactly one recipient, the original auth requestor + + $ret['message'] .= 'recipients ' . print_r($recipients,true) . EOL; + + if($data['recipients']) { + + $arr = $data['recipients'][0]; + $recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); + $c = q("select channel_id, channel_account_id, channel_prvkey from channel where channel_hash = '%s' limit 1", + dbesc($recip_hash) + ); + if(! $c) { + logger('mod_zot: auth_check: recipient channel not found.'); + $ret['message'] .= 'recipient not found.' . EOL; + json_return_and_die($ret); + } + + $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); + + // This additionally checks for forged sites since we already stored the expected result in meta + // and we've already verified that this is them via zot_gethub() and that their key signed our token + + $z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' and meta = '%s' limit 1", + intval($c[0]['channel_id']), + dbesc($data['secret']), + dbesc($data['sender']['url']) + ); + if(! $z) { + logger('mod_zot: auth_check: verification key not found.'); + $ret['message'] .= 'verification key not found' . EOL; + json_return_and_die($ret); + } + $r = q("delete from verify where id = %d limit 1", + intval($z[0]['id']) + ); + + $u = q("select account_service_class from account where account_id = %d limit 1", + intval($c[0]['channel_account_id']) + ); + + logger('mod_zot: auth_check: success', LOGGER_DEBUG); + $ret['success'] = true; + $ret['confirm'] = $confirm; + if($u && $u[0]['account_service_class']) + $ret['service_class'] = $u[0]['account_service_class']; + json_return_and_die($ret); + + } + json_return_and_die($ret); + } + + if($msgtype === 'purge') { if($recipients) { // basically this means "unfriend" @@ -451,66 +840,6 @@ function post_post(&$a) { } - if($msgtype === 'auth_check') { - logger('mod_zot: auth_check'); - $arr = $data['sender']; - $sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); - - // garbage collect any old unused notifications - q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE"); - - $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", - dbesc($sender_hash) - ); - // We created a unique hash in mod/magic.php when we invoked remote auth, and stored it in - // the verify table. It is now coming back to us as 'secret' and is signed by the other site. - // First verify their signature. - - if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { - logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); - json_return_and_die($ret); - } - - // There should be exactly one recipient - if($data['recipients']) { - - $arr = $data['recipients'][0]; - $recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); - $c = q("select channel_id, channel_prvkey from channel where channel_hash = '%s' limit 1", - dbesc($recip_hash) - ); - if(! $c) { - logger('mod_zot: auth_check: recipient channel not found.'); - json_return_and_die($ret); - } - - $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); - - // This additionally checks for forged senders since we already stored the expected result in meta - // and we've already verified that this is them via zot_gethub() and that their key signed our token - - $z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' and meta = '%s' limit 1", - intval($c[0]['channel_id']), - dbesc($data['secret']), - dbesc($sender_hash) - ); - if(! $z) { - logger('mod_zot: auth_check: verification key not found.'); - json_return_and_die($ret); - } - $r = q("delete from verify where id = %d limit 1", - intval($z[0]['id']) - ); - - logger('mod_zot: auth_check: success', LOGGER_DEBUG); - $ret['success'] = true; - $ret['confirm'] = $confirm; - json_return_and_die($ret); - - } - json_return_and_die($ret); - } - // catchall json_return_and_die($ret); diff --git a/mod/probe.php b/mod/probe.php index bd792d52e..e2dd4ef77 100644 --- a/mod/probe.php +++ b/mod/probe.php @@ -26,7 +26,7 @@ function probe_content(&$a) { $j = json_decode($res['body'],true); } if($j && $j['permissions'] && $j['permissions']['iv']) - $j['permissions'] = json_decode(aes_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); + $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); $o .= str_replace("\n",'<br />',print_r($j,true)); $o .= '</pre>'; } diff --git a/mod/profile.php b/mod/profile.php index d59602ba0..fca7c8f9f 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -1,4 +1,12 @@ -<?php +<?php /** @file */ + +require_once('include/contact_widgets.php'); +require_once('include/items.php'); +require_once("include/bbcode.php"); +require_once('include/security.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + function profile_init(&$a) { @@ -35,79 +43,32 @@ function profile_init(&$a) { $a->profile = $x[0]; } } -// $channel_display = get_pconfig($a->profile['profile_uid'],'system','channel_format'); -// if(! $channel_display) - profile_load($a,$which,$profile); - - -} + profile_load($a,$which,$profile); -function profile_aside(&$a) { - - require_once('include/contact_widgets.php'); - require_once('include/items.php'); - - profile_create_sidebar($a); } - function profile_content(&$a, $update = 0) { if(get_config('system','block_public') && (! get_account_id()) && (! remote_user())) { return login(); } - - require_once("include/bbcode.php"); - require_once('include/security.php'); - require_once('include/conversation.php'); - require_once('include/acl_selectors.php'); - require_once('include/items.php'); - $groups = array(); $tab = 'profile'; $o = ''; - - $contact = null; - $remote_contact = false; - - $contact_id = 0; - - if(is_array($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $a->profile['profile_uid']) { - $contact_id = $v['cid']; - break; - } - } - } - - if($contact_id) { - $groups = init_groups_visitor($contact_id); - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($a->profile['profile_uid']) - ); - if(count($r)) { - $contact = $r[0]; - $remote_contact = true; - } + if(! (perm_is_allowed($a->profile['profile_uid'],get_observer_hash(), 'view_profile'))) { + notice( t('Access to this profile has been restricted.') . EOL); + return; } - if(! $remote_contact) { - if(local_user()) { - $contact_id = $_SESSION['cid']; - $contact = $a->contact; - } - } $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false); - if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) { + if($a->profile['hidewall'] && (! $is_owner) && (! remote_user())) { notice( t('Access to this profile has been restricted.') . EOL); return; } @@ -116,7 +77,6 @@ function profile_content(&$a, $update = 0) { $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); - require_once('include/profile_advanced.php'); $o .= advanced_profile($a); call_hooks('profile_advanced',$o); return $o; diff --git a/mod/profile_photo.php b/mod/profile_photo.php index f8eda43cf..876e3a931 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -14,16 +14,6 @@ function profile_photo_init(&$a) { } -function profile_photo_aside(&$a) { - - if(! local_user()) { - return; - } - - profile_create_sidebar($a); -} - - function profile_photo_post(&$a) { if(! local_user()) { @@ -42,7 +32,7 @@ function profile_photo_post(&$a) { intval($_REQUEST['profile']), intval(local_user()) ); - if(count($r) && (! intval($r[0]['is_default']))) + if(($r) && (! intval($r[0]['is_default']))) $is_default_profile = 0; } @@ -119,7 +109,7 @@ function profile_photo_post(&$a) { dbesc($base_image['resource_id']), intval(local_user()) ); - $r = q("UPDATE photo SET ( photo_flags ^ %d ) WHERE (photo_flags & %d ) + $r = q("UPDATE photo SET photo_flags = ( photo_flags ^ %d ) WHERE ( photo_flags & %d ) AND resource_id != '%s' AND `uid` = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), @@ -236,7 +226,7 @@ function profile_photo_content(&$a) { // unset any existing profile photos $r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d", intval(local_user())); - $r = q("UPDATE photo SET (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d", + $r = q("UPDATE photo SET photo_flags = (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), intval(local_user())); diff --git a/mod/profiles.php b/mod/profiles.php index 173d97138..4625a8805 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -146,17 +146,6 @@ function profiles_init(&$a) { } } -function profiles_aside(&$a) { - - if(! local_user()) { - return; - } - - if((argc() > 1) && (intval(argv(1)))) { - profile_create_sidebar($a); - } -} - function profiles_post(&$a) { if(! local_user()) { diff --git a/mod/profperm.php b/mod/profperm.php index 8054851e8..b31dfc128 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -13,15 +13,6 @@ function profperm_init(&$a) { } -function profperm_aside(&$a) { - - if(! local_user()) - return; - - profile_create_sidebar($a); -} - - function profperm_content(&$a) { if(! local_user()) { diff --git a/mod/qsearch.php b/mod/qsearch.php deleted file mode 100644 index c35e253b6..000000000 --- a/mod/qsearch.php +++ /dev/null @@ -1,50 +0,0 @@ -<?php - -function qsearch_init(&$a) { - - if(! local_user()) - killme(); - - $limit = (get_config('system','qsearch_limit') ? intval(get_config('system','qsearch_limit')) : 100); - - $search = ((x($_GET,'s')) ? notags(trim(urldecode($_GET['s']))) : ''); - - if(! strlen($search)) - killme(); - - - if($search) - $search = dbesc($search); - - $results = array(); - - $r = q("SELECT * FROM `group` WHERE `name` REGEXP '$search' AND `deleted` = 0 AND `uid` = %d LIMIT 0, %d ", - intval(local_user()), - intval($limit) - ); - - if(count($r)) { - - foreach($r as $rr) - $results[] = array( 0, (int) $rr['id'], $rr['name'], '', ''); - } - - $sql_extra = ((strlen($search)) ? " AND (`name` REGEXP '$search' OR `nick` REGEXP '$search') " : ""); - - - $r = q("SELECT * FROM `contact` WHERE `uid` = %d $sql_extra ORDER BY `name` ASC LIMIT 0, %d ", - intval(local_user()), - intval($limit) - ); - - - if(count($r)) { - - foreach($r as $rr) - $results[] = array( (int) $rr['id'], 0, $rr['name'],$rr['url'],$rr['photo']); - } - - echo json_encode((object) $results); - killme(); -} - diff --git a/mod/redir.php b/mod/redir.php deleted file mode 100644 index 113f6c200..000000000 --- a/mod/redir.php +++ /dev/null @@ -1,60 +0,0 @@ -<?php - -function redir_init(&$a) { - - $url = ((x($_GET,'url')) ? $_GET['url'] : ''); - - // traditional DFRN - - if(local_user() && $a->argc > 1 && intval($a->argv[1])) { - - $cid = $a->argv[1]; - - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), - intval(local_user()) - ); - - if((! count($r)) || ($r[0]['network'] !== NETWORK_DFRN)) - goaway(z_root()); - - $dfrn_id = $orig_id = (($r[0]['issued_id']) ? $r[0]['issued_id'] : $r[0]['dfrn_id']); - - if($r[0]['duplex'] && $r[0]['issued_id']) { - $orig_id = $r[0]['issued_id']; - $dfrn_id = '1:' . $orig_id; - } - if($r[0]['duplex'] && $r[0]['dfrn_id']) { - $orig_id = $r[0]['dfrn_id']; - $dfrn_id = '0:' . $orig_id; - } - - $sec = random_string(); - - q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`) - VALUES( %d, %s, '%s', '%s', %d )", - intval(local_user()), - intval($cid), - dbesc($dfrn_id), - dbesc($sec), - intval(time() + 45) - ); - - logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); - $dest = (($url) ? '&destination_url=' . $url : ''); - goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id - . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest ); - } - - if(local_user()) - $handle = $a->user['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3); - if(remote_user()) - $handle = $_SESSION['handle']; - - if($url) { - $url = str_replace('{zid}','&zid=' . $handle,$url); - goaway($url); - } - - goaway(z_root()); -} diff --git a/mod/register.php b/mod/register.php index bc1603f25..2040732ff 100644 --- a/mod/register.php +++ b/mod/register.php @@ -7,6 +7,14 @@ function register_init(&$a) { $result = null; $cmd = ((argc() > 1) ? argv(1) : ''); + // Provide a stored request for somebody desiring a connection + // when they first need to register someplace. Once they've + // created a channel, we'll try to revive the connection request + // and process it. + + if($_REQUEST['connect']) + $_SESSION['connect'] = $_REQUEST['connect']; + switch($cmd) { case 'invite_check.json': $result = check_account_invite($_REQUEST['invite_code']); diff --git a/mod/search.php b/mod/search.php index 539241268..32c8ca38e 100644 --- a/mod/search.php +++ b/mod/search.php @@ -1,76 +1,8 @@ <?php -function search_saved_searches() { - - if(! feature_enabled(local_user(),'savedsearch')) - return ''; - - $o = ''; - - $r = q("select `tid`,`term` from `term` WHERE `uid` = %d and type = %d", - intval(local_user()), - intval(TERM_SAVEDSEARCH) - ); - - if(count($r)) { - $o .= '<div id="saved-search-list" class="widget">'; - $o .= '<h3>' . t('Saved Searches') . '</h3>' . "\r\n"; - $o .= '<ul id="saved-search-ul">' . "\r\n"; - foreach($r as $rr) { - $o .= '<li class="saved-search-li clear"><a href="search/?f=&remove=1&search=' . $rr['term'] . '" class="icon drophide savedsearchdrop" title="' . t('Remove term') . '" onclick="return confirmDelete();" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a> <a href="search/?f=&search=' . $rr['term'] . '" class="savedsearchterm" >' . htmlspecialchars($rr['term']) . '</a></li>' . "\r\n"; - } - $o .= '</ul><div class="clear"></div></div>' . "\r\n"; - } - - return $o; - -} - - function search_init(&$a) { - - $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); - - if(local_user()) { - if(x($_GET,'save') && $search) { - $r = q("select `tid` from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - if(! count($r)) { - q("insert into `term` ( `uid`,`type`,`term` ) values ( %d, %d, '%s') ", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - } - } - if(x($_GET,'remove') && $search) { - q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - } - - $a->page['aside'] .= search_saved_searches(); - - } - else { - unset($_SESSION['theme']); - unset($_SESSION['mobile_theme']); - } - - - -} - - - -function search_post(&$a) { - if(x($_POST,'search')) - $a->data['search'] = $_POST['search']; + if(x($_REQUEST,'search')) + $a->data['search'] = $_REQUEST['search']; } @@ -133,10 +65,7 @@ function search_content(&$a,$update = 0, $load = false) { ); } else { - if (get_config('system','use_fulltext_engine')) - $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search))); - else - $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); + $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); } // Here is the way permissions work in the search module... @@ -144,9 +73,6 @@ function search_content(&$a,$update = 0, $load = false) { // OR your own posts if you are a logged in member // No items will be shown if the member has a blocked profile wall. - - - if((! $update) && (! $load)) { // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, @@ -186,6 +112,8 @@ function search_content(&$a,$update = 0, $load = false) { $pub_sql = public_permissions_sql(get_observer_hash()); if(($update) && ($load)) { + $itemspage = get_pconfig(local_user(),'system','itemspage'); + $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); if($load) { @@ -221,63 +149,19 @@ function search_content(&$a,$update = 0, $load = false) { } if($r) { - -// $parents_str = ids_to_querystr($r,'item_id'); - -// $items = q("SELECT `item`.*, `item`.`id` AS `item_id` -// FROM `item` -// WHERE item_restrict = 0 -// $sql_extra and parent in ( $parents_str ) " -// ); - xchan_query($r); $items = fetch_post_tags($r,true); -// $items = conv_sort($items,'created'); - } else { $items = array(); } -//logger('mod_search: items ' . count($items)); - -// $r = q("SELECT distinct(`item`.`mid`), `item`.*, `item`.`id` AS `item_id`, -// `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`, -// `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, -// `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`, -// `user`.`nickname` -// FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` -// LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` -// WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 -// AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) -// OR `item`.`uid` = %d ) -// AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 -// $sql_extra -// group by `item`.`mid` -// ORDER BY `received` DESC LIMIT %d , %d ", -// intval(local_user()), -// intval($a->pager['start']), -// intval($a->pager['itemspage']) - -// ); - - -// $a = fetch_post_tags($a,true); - -// if(! $items) {// -// info( t('No results.') . EOL); -// return $o; -// } - - if($tag) - $o .= '<h2>Items tagged with: ' . htmlspecialchars($search) . '</h2>'; + $o .= '<h2>Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>'; else - $o .= '<h2>Search results for: ' . htmlspecialchars($search) . '</h2>'; + $o .= '<h2>Search results for: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>'; $o .= conversation($a,$items,'search',$update,'client'); -// $o .= alt_pager($a,count($r)); - return $o; } diff --git a/mod/settings.php b/mod/settings.php index 4e122607b..5aa018cc2 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -16,14 +16,10 @@ function get_theme_config_file($theme){ } function settings_init(&$a) { - $a->profile_uid = local_user(); -} - - -function settings_aside(&$a) { + if(! local_user()) + return; -if (! local_user()) - return; + $a->profile_uid = local_user(); // default is channel settings in the absence of other arguments @@ -33,105 +29,7 @@ if (! local_user()) $a->argv[] = 'channel'; } - $channel = $a->get_channel(); - - $abook_self_id = 0; - - // Retrieve the 'self' address book entry for use in the auto-permissions link - if(local_user()) { - $abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d ) limit 1", - intval(local_user()), - intval(ABOOK_FLAG_SELF) - ); - if($abk) - $abook_self_id = $abk[0]['abook_id']; - } - - - $tabs = array( - array( - 'label' => t('Account settings'), - 'url' => $a->get_baseurl(true).'/settings/account', - 'selected' => ((argv(1) === 'account') ? 'active' : ''), - ), - - array( - 'label' => t('Channel settings'), - 'url' => $a->get_baseurl(true).'/settings/channel', - 'selected' => ((argv(1) === 'channel') ? 'active' : ''), - ), - - array( - 'label' => t('Additional features'), - 'url' => $a->get_baseurl(true).'/settings/features', - 'selected' => ((argv(1) === 'features') ? 'active' : ''), - ), - - array( - 'label' => t('Feature settings'), - 'url' => $a->get_baseurl(true).'/settings/featured', - 'selected' => ((argv(1) === 'featured') ? 'active' : ''), - ), - - array( - 'label' => t('Display settings'), - 'url' => $a->get_baseurl(true).'/settings/display', - 'selected' => ((argv(1) === 'display') ? 'active' : ''), - ), - - array( - 'label' => t('Connected apps'), - 'url' => $a->get_baseurl(true) . '/settings/oauth', - 'selected' => ((argv(1) === 'oauth') ? 'active' : ''), - ), - - array( - 'label' => t('Export channel'), - 'url' => $a->get_baseurl(true) . '/uexport/basic', - 'selected' => '' - ), - -// array( -// 'label' => t('Export account'), -// 'url' => $a->get_baseurl(true) . '/uexport/complete', -// 'selected' => '' -// ), - - array( - 'label' => t('Automatic Permissions (Advanced)'), - 'url' => $a->get_baseurl(true) . '/connections/' . $abook_self_id, - 'selected' => '' - ), - - - ); - - if(feature_enabled(local_user(),'premium_channel')) { - $tabs[] = array( - 'label' => t('Premium Channel Settings'), - 'url' => $a->get_baseurl(true) . '/connect/' . $channel['channel_address'], - 'selected' => '' - ); - - } - - if(feature_enabled(local_user(),'channel_sources')) { - $tabs[] = array( - 'label' => t('Channel Sources'), - 'url' => $a->get_baseurl(true) . '/sources', - 'selected' => '' - ); - - } - - - $tabtpl = get_markup_template("generic_links_widget.tpl"); - $a->page['aside'] = replace_macros($tabtpl, array( - '$title' => t('Settings'), - '$class' => 'settings-widget', - '$items' => $tabs, - )); } @@ -141,6 +39,8 @@ function settings_post(&$a) { if(! local_user()) return; +// logger('mod_settings: ' . print_r($_REQUEST,true)); + if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) return; @@ -319,8 +219,8 @@ function settings_post(&$a) { } $email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : ''); + $account = $a->get_account(); if($email != $account['account_email']) { - $account = $a->get_account(); if(! valid_email($email)) $errs[] = t('Not valid email.'); $adm = trim(get_config('system','admin_email')); @@ -357,7 +257,7 @@ function settings_post(&$a) { $openid = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); $maxreq = ((x($_POST,'maxreq')) ? intval($_POST['maxreq']) : 0); $expire = ((x($_POST,'expire')) ? intval($_POST['expire']) : 0); - $def_gid = ((x($_POST,'group-selection')) ? intval($_POST['group-selection']) : 0); + $def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : ''); $expire_items = ((x($_POST,'expire_items')) ? intval($_POST['expire_items']) : 0); @@ -489,11 +389,6 @@ function settings_post(&$a) { $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); - set_pconfig(local_user(),'expire','items', $expire_items); - set_pconfig(local_user(),'expire','notes', $expire_notes); - set_pconfig(local_user(),'expire','starred', $expire_starred); - set_pconfig(local_user(),'expire','photos', $expire_photos); - set_pconfig(local_user(),'expire','network_only', $expire_network_only); set_pconfig(local_user(),'system','use_browser_location',$allow_location); set_pconfig(local_user(),'system','suggestme', $suggestme); set_pconfig(local_user(),'system','post_newfriend', $post_newfriend); @@ -502,50 +397,7 @@ function settings_post(&$a) { set_pconfig(local_user(),'system','blocktags',$blocktags); -/* - if($page_flags == PAGE_PRVGROUP) { - $hidewall = 1; - if((! $str_contact_allow) && (! $str_group_allow) && (! $str_contact_deny) && (! $str_group_deny)) { - if($def_gid) { - info( t('Private forum has no privacy permissions. Using default privacy group.'). EOL); - $str_group_allow = '<' . $def_gid . '>'; - } - else { - notice( t('Private forum has no privacy permissions and no default privacy group.') . EOL); - } - } - } - -*/ - -/* - $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d LIMIT 1", - dbesc($username), - dbesc($email), - dbesc($openid), - dbesc($timezone), - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), - intval($notify), - intval($page_flags), - dbesc($defloc), - intval($allow_location), - intval($maxreq), - intval($expire), - dbesc($openidserver), - intval($def_gid), - intval($blockwall), - intval($hidewall), - intval($blocktags), - intval($unkmail), - intval($cntunkmail), - intval(local_user()) - ); -*/ - - $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d where channel_id = %d limit 1", + $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d, channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d limit 1", dbesc($username), intval($pageflags), dbesc($timezone), @@ -554,6 +406,7 @@ function settings_post(&$a) { intval($unkmail), intval($maxreq), intval($expire), + dbesc($def_group), intval($arr['channel_r_stream']), intval($arr['channel_r_profile']), intval($arr['channel_r_photos']), @@ -571,6 +424,10 @@ function settings_post(&$a) { intval($arr['channel_r_pages']), intval($arr['channel_w_pages']), intval($arr['channel_a_republish']), + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), intval(local_user()) ); @@ -1029,23 +886,16 @@ function settings_content(&$a) { $celeb = false; - $expire_arr = array( - 'days' => array('expire', t("Automatically expire posts after this many days:"), $expire, t('If empty, posts will not expire. Expired posts will be deleted')), - 'advanced' => t('Advanced expiration settings'), - 'label' => t('Advanced Expiration'), - 'items' => array('expire_items', t("Expire posts:"), $expire_items, '', array(t('No'),t('Yes'))), - - 'starred' => array('expire_starred', t("Expire starred posts:"), $expire_starred, '', array(t('No'),t('Yes'))), - 'photos' => array('expire_photos', t("Expire photos:"), $expire_photos, '', array(t('No'),t('Yes'))), - 'network_only' => array('expire_network_only', t("Only expire posts by others:"), $expire_network_only, '', array(t('No'),t('Yes'))), - ); - - - + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); require_once('include/group.php'); - $group_select = mini_group_select(local_user(),$a->user['def_gid']); + $group_select = mini_group_select(local_user(),$channel['channel_default_group']); $o .= replace_macros($stpl,array( '$ptitle' => t('Channel Settings'), @@ -1078,14 +928,12 @@ function settings_content(&$a) { '$maxreq' => array('maxreq', t('Maximum Friend Requests/Day:'), intval($channel['channel_max_friend_req']) , t('May reduce spam activity')), '$permissions' => t('Default Post Permissions'), '$permdesc' => t("\x28click to open/close\x29"), - '$aclselect' => populate_acl($a->user,$celeb), + '$aclselect' => populate_acl($perm_defaults), '$suggestme' => $suggestme, '$group_select' => $group_select, - '$expire' => $expire_arr, - '$profile_in_dir' => $profile_in_dir, '$hide_friends' => $hide_friends, '$hide_wall' => $hide_wall, diff --git a/mod/setup.php b/mod/setup.php index 429be43af..245508683 100755 --- a/mod/setup.php +++ b/mod/setup.php @@ -543,7 +543,7 @@ function check_htaccess(&$checks) { function manual_config(&$a) { - $data = htmlentities($a->data['txt']); + $data = htmlspecialchars($a->data['txt'],ENT_COMPAT,'UTF-8'); $o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.'); $o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>"; return $o; @@ -577,6 +577,8 @@ function load_database($db) { function what_next() { $a = get_app(); + // install the standard theme + set_config('system','allowed_themes','redbasic'); $baseurl = $a->get_baseurl(); return t('<h1>What next</h1>') diff --git a/mod/siteinfo.php b/mod/siteinfo.php index a64b5df20..9f65f59e4 100644 --- a/mod/siteinfo.php +++ b/mod/siteinfo.php @@ -27,8 +27,14 @@ function siteinfo_init(&$a) { $visible_plugins[] = $rr['name']; } + if(@is_dir('.git') && function_exists('shell_exec')) + $commit = @shell_exec('git log -1 --format="%h"'); + if(! isset($commit) || strlen($commit) > 16) + $commit = ''; + $data = Array( 'version' => RED_VERSION, + 'commit' => $commit, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['system']['register_policy']], @@ -47,11 +53,16 @@ function siteinfo_init(&$a) { function siteinfo_content(&$a) { - if(! get_config('system','hidden_version_siteinfo')) + if(! get_config('system','hidden_version_siteinfo')) { $version = sprintf( t('Version %s'), RED_VERSION ); - else - $version = ""; - + if(@is_dir('.git') && function_exists('shell_exec')) + $commit = @shell_exec('git log -1 --format="%h"'); + if(! isset($commit) || strlen($commit) > 16) + $commit = ''; + } + else { + $version = $commit = ''; + } $visible_plugins = array(); if(is_array($a->plugins) && count($a->plugins)) { $r = q("select * from addon where hidden = 0"); @@ -81,6 +92,7 @@ function siteinfo_content(&$a) { '$title' => t('Red'), '$description' => t('This is a hub of the Red Matrix - a global cooperative network of decentralised privacy enhanced websites.'), '$version' => $version, + '$commit' => $commit, '$web_location' => t('Running at web location') . ' ' . z_root(), '$visit' => t('Please visit <a href="http://getzot.com">GetZot.com</a> to learn more about the Red Matrix.'), '$bug_text' => t('Bug reports and issues: please visit'), diff --git a/mod/sources.php b/mod/sources.php index 125184d47..87bab60df 100644 --- a/mod/sources.php +++ b/mod/sources.php @@ -9,11 +9,25 @@ function sources_post(&$a) { $source = intval($_REQUEST['source']); $xchan = $_REQUEST['xchan']; + $abook = intval($_REQUEST['abook']); $words = $_REQUEST['words']; $frequency = $_REQUEST['frequency']; $channel = $a->get_channel(); + if($abook) { + $r = q("select abook_xchan from abook where abook_id = %d and abook_channel = %d limit 1", + intval($abook), + intval(local_user()) + ); + if($r) + $xchan = $r[0]['abook_xchan']; + } + + if(! $xchan) { + notice ( t('Failed to create source. No channel selected.') . EOL); + return; + } if(! $source) { $r = q("insert into source ( src_channel_id, src_channel_xchan, src_xchan, src_patt ) @@ -92,6 +106,12 @@ function sources_content(&$a) { intval(argv(1)), intval(local_user()) ); + if($r) { + $x = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($r[0]['src_xchan']), + intval(local_user()) + ); + } if(! $r) { notice( t('Source not found.') . EOL); return ''; @@ -106,6 +126,7 @@ function sources_content(&$a) { '$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'), '$words' => array( 'words', t('Only import content with these words (one per line)'),$r[0]['src_patt'],t('Leave blank to import all public content')), '$xchan' => $r[0]['src_xchan'], + '$abook' => $x[0]['abook_id'], '$name' => array( 'name', t('Channel Name'), $r[0]['xchan_name'], ''), '$submit' => t('Submit') )); diff --git a/mod/suggest.php b/mod/suggest.php index f891ebefc..8a6b50b22 100644 --- a/mod/suggest.php +++ b/mod/suggest.php @@ -2,6 +2,7 @@ require_once('include/socgraph.php'); require_once('include/contact_widgets.php'); +require_once('include/widgets.php'); function suggest_init(&$a) { @@ -18,13 +19,6 @@ function suggest_init(&$a) { } -function suggest_aside(&$a) { - - $a->set_widget('follow', follow_widget()); - $a->set_widget('findpeople', findpeople_widget()); -} - - function suggest_content(&$a) { $o = ''; @@ -50,6 +44,7 @@ function suggest_content(&$a) { $arr[] = array( 'url' => chanlink_url($rr['xchan_url']), + 'profile' => $rr['xchan_url'], 'name' => $rr['xchan_name'], 'photo' => $rr['xchan_photo_m'], 'ignlnk' => $a->get_baseurl() . '/suggest?ignore=' . $rr['xchan_hash'], diff --git a/mod/toggle_safesearch.php b/mod/toggle_safesearch.php index 5fb18f694..3c800c4f3 100644 --- a/mod/toggle_safesearch.php +++ b/mod/toggle_safesearch.php @@ -3,6 +3,8 @@ function toggle_safesearch_init(&$a) { $observer = get_observer_hash(); +if (! $observer) + return; if($observer) $safe_mode = get_xconfig($observer,'directory','safe_mode'); diff --git a/mod/viewconnections.php b/mod/viewconnections.php index 9c85d63b6..4f6f81d82 100644 --- a/mod/viewconnections.php +++ b/mod/viewconnections.php @@ -11,17 +11,6 @@ function viewconnections_init(&$a) { profile_load($a,argv(1)); } - -function viewconnections_aside(&$a) { - - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - return; - } - - profile_create_sidebar($a); -} - - function viewconnections_content(&$a) { if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { @@ -41,14 +30,11 @@ function viewconnections_content(&$a) { - $r = q("SELECT COUNT(abook_id) as total FROM abook WHERE abook_channel = %d AND abook_flags = 0 ", - intval($a->profile['uid']) - ); - if($r) - $a->set_pager_total($r[0]['total']); - - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_flags = 0 order by xchan_name LIMIT %d , %d ", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_flags = 0 and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", intval($a->profile['uid']), + intval(XCHAN_FLAGS_HIDDEN), + intval(XCHAN_FLAGS_ORPHAN), + intval(XCHAN_FLAGS_DELETED), intval($a->pager['start']), intval($a->pager['itemspage']) ); diff --git a/mod/webpages.php b/mod/webpages.php index 5257bc91d..7e1b32f36 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -41,9 +41,9 @@ function webpages_content(&$a) { return; } - if(local_user() && local_user() == $owner) { - $a->set_widget('design',design_tools()); - } +// if(local_user() && local_user() == $owner) { +// $a->set_widget('design',design_tools()); +// } $mimetype = get_config('system','page_mimetype'); @@ -60,13 +60,30 @@ function webpages_content(&$a) { require_once ('include/conversation.php'); require_once('include/acl_selectors.php'); + + if(local_user() && local_user() == $a->profile_uid) { + $channel = $a->get_channel(); + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + } + else + $channel_acl = array(); + + + + + $x = array( 'webpage' => ITEM_WEBPAGE, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), 'bang' => (($group || $cid) ? '!' : ''), - 'acl' => ((local_user() && local_user() == $owner) ? populate_acl($a->get_channel()) : ''), + 'acl' => ((local_user() && local_user() == $owner) ? populate_acl($channel_acl) : ''), 'visitor' => 'block', 'profile_uid' => intval($owner), 'mimetype' => $mimetype, diff --git a/mod/zfinger.php b/mod/zfinger.php index 59cef5549..aad8e224d 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -52,10 +52,33 @@ function zfinger_init(&$a) { ); } elseif(strlen($zaddr)) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash - where channel_address = '%s' limit 1", - dbesc($zaddr) - ); + if(strpos($zaddr,'[system]') === false) { /* normal address lookup */ + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", + dbesc($zaddr), + dbesc($zaddr) + ); + } + + else { + + /** + * The special address '[system]' will return a system channel if one has been defined, + * Or the first valid channel we find if there are no system channels. + * + * This is used by magic-auth if we have no prior communications with this site - and + * returns an identity on this site which we can use to create a valid hub record so that + * we can exchange signed messages. The precise identity is irrelevant. It's the hub + * information that we really need at the other end - and this will return it. + * + */ + + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where (( channel_pageflags & %d ) or not ( channel_pageflags & %d )) order by channel_id limit 1", + intval(PAGE_SYSTEM), + intval(PAGE_REMOVED) + ); + } } else { $ret['message'] = 'Invalid request'; @@ -164,7 +187,7 @@ function zfinger_init(&$a) { $ret['locations'] = array(); - $x = zot_get_hubloc(array($e['channel_hash'])); + $x = zot_get_hublocs($e['channel_hash']); if($x && count($x)) { foreach($x as $hub) { if(! ($hub['hubloc_flags'] & HUBLOC_FLAGS_UNVERIFIED)) { @@ -251,6 +274,7 @@ function zfinger_init(&$a) { $ret['site']['location'] = get_config('system','site_location'); } + call_hooks('zot_finger',$ret); json_return_and_die($ret); } diff --git a/mod/zotfeed.php b/mod/zotfeed.php index 2ca049563..6d84a5a1e 100644 --- a/mod/zotfeed.php +++ b/mod/zotfeed.php @@ -21,7 +21,7 @@ function zotfeed_init(&$a) { $channel_address = ((argc() > 1) ? argv(1) : ''); if($channel_address) { - $r = q("select channel_id from channel where channel_address = '%s' limit 1", + $r = q("select channel_id, channel_name from channel where channel_address = '%s' limit 1", dbesc(argv(1)) ); } @@ -30,6 +30,8 @@ function zotfeed_init(&$a) { json_return_and_die($result); } + logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); + $result['messages'] = zot_feed($r[0]['channel_id'],$observer['xchan_hash'],$mindate); $result['success'] = true; json_return_and_die($result); |