Merge pull request #3 from friendica/master

Align to main project HEAD

12 files changed, 216 insertions, 58 deletions

diff --git a/mod/cloud.php b/mod/cloud.php
new file mode 100644
index 000000000..cdd926444
--- /dev/null
+++ b/mod/cloud.php
@@ -0,0 +1,107 @@
+<?php
+
+	// This module is currently !!!HIGHLY EXPERIMENTAL!!!
+	// You should think twice before running this on a production server
+	// as security mechanisms are not yet implemented and those that
+	// are implemented probably don't work.
+
+	// DAV mounts will probably fail if you don't use SSL, because some platforms refuse to send
+	// basic auth over non-encrypted connections.
+	// One could use digest auth - but then one has to calculate the A1 digest and store it for
+	// all acounts. We aren't doing that. We have a stored password already. We don't need another
+	// one. The login unfortunately is the channel nickname (webbie) as we have no way of passing 
+	// the destination channel to DAV. You should be able to login with your account credentials 
+	// and be directed to your default channel. 
+
+	// This interface does not yet support Red stored files. Consider any content in your "store" 
+	// directory to be throw-away until advised otherwise.
+
+
+
+	use Sabre\DAV;
+
+    require_once('vendor/autoload.php');
+
+
+	// workaround for HTTP-auth in CGI mode
+	if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
+	 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
+		if(strlen($userpass)) {
+		 	list($name, $password) = explode(':', $userpass);
+			$_SERVER['PHP_AUTH_USER'] = $name;
+			$_SERVER['PHP_AUTH_PW'] = $password;
+		}
+	}
+
+	if(x($_SERVER,'HTTP_AUTHORIZATION')) {
+	 	$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
+		if(strlen($userpass)) {
+		 	list($name, $password) = explode(':', $userpass);
+			$_SERVER['PHP_AUTH_USER'] = $name;
+			$_SERVER['PHP_AUTH_PW'] = $password;
+		}
+	}
+
+
+
+class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
+
+    protected function validateUserPass($username, $password) {
+		require_once('include/auth.php');
+		$record = account_verify_password($email,$pass);
+		if($record && $record['account_default_channel']) {
+			$r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1",
+				intval($record['account_id']),
+				intval($record['account_default_channel'])
+			);
+			if($r) {
+				$this->currentUser = $r[0]['channel_address'];
+				return true;
+			}
+		}
+		$r = q("select channel_account_id from channel where channel_address = '%s' limit 1",
+			dbesc($username)
+		);
+		if($r) {
+			$x = q("select * from account where account_id = %d limit 1",
+				intval($r[0]['channel_account_id'])
+			);
+			if($x) {
+			    foreach($x as $record) {
+			        if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+            		&& (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) {
+			            logger('(DAV) RedBasicAuth: password verified for ' . $username);
+            			return true;
+        			}
+    			}
+			}
+		}
+	    logger('(DAV) RedBasicAuth: password failed for ' . $username);
+    	return false;
+	}
+}
+
+
+function cloud_init() {
+
+	if(! get_config('system','enable_cloud'))
+		killme();
+
+	$rootDirectory = new DAV\FS\Directory('store');
+	$server = new DAV\Server($rootDirectory);
+	$lockBackend = new DAV\Locks\Backend\File('store/data/locks');
+	$lockPlugin = new DAV\Locks\Plugin($lockBackend);
+
+	$server->addPlugin($lockPlugin);
+
+	$auth = new RedBasicAuth();
+
+	$auth->Authenticate($server,'Red Matrix');
+
+
+	// All we need to do now, is to fire up the server
+	$server->exec();
+
+	exit;
+
+}
\ No newline at end of file
diff --git a/mod/connections.php b/mod/connections.php
index 95fc18174..bcb78f138 100644
--- a/mod/connections.php
+++ b/mod/connections.php
@@ -422,6 +422,7 @@ function connections_content(&$a) {
 			'$tab_str'        => $tab_str,
 			'$is_pending'     => (($contact['abook_flags'] & ABOOK_FLAG_PENDING) ? 1 : ''),
 			'$unapproved'     => $unapproved,
+			'$inherited'      => t('inherited'),
 			'$approve'        => t('Approve this connection'),
 			'$noperms'        => (((! $self) && (! $contact['abook_my_perms'])) ? t('Connection has no individual permissions!') : ''),
 			'$noperm_desc'    => (((! $self) && (! $contact['abook_my_perms'])) ? t('This may be appropriate based on your <a href="settings">privacy settings</a>, though you may wish to review the "Advanced Permissions".') : ''),
@@ -440,7 +441,7 @@ function connections_content(&$a) {
 			'$cautious'       => t('Cautious Sharing'),
 			'$follow'         => t('Follow Only'),
 			'$permlbl'        => t('Individual Permissions'),
-			'$permnote'       => t('Individual permissions are only enabled for <a href="settings">privacy settings</a> which are set to "Only those you specifically allow". Otherwise they are controlled by your privacy settings.'),
+			'$permnote'       => t('Some permissions may be inherited from your <a href="settings">privacy settings</a>, which have higher priority. Changing those on this page will have no effect.'),
 			'$advanced'       => t('Advanced Permissions'),
 			'$quick'          => t('Quick Links'),
 			'$common_link'    => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'],
diff --git a/mod/directory.php b/mod/directory.php
index 195ca993e..13855cff7 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -14,6 +14,8 @@ function directory_aside(&$a) {
 		require_once('include/contact_widgets.php');
 		$a->set_widget('find_people',findpeople_widget());
 	}
+	$a->set_widget('dir_sort_order',dir_sort_links());
+
 }
 
 
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 14307f274..115bc2235 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -132,7 +132,7 @@ function dirsearch_content(&$a) {
 
 
 	if($sort_order == 'date')
-		$order = ""; // Not currently implemented
+		$order = " order by xchan_name_date desc ";
 	elseif($sort_order == 'reverse')
 		$order = " order by xchan_name desc ";
 	else	
@@ -159,10 +159,12 @@ function dirsearch_content(&$a) {
 		json_return_and_die($spkt);
 	}
 	else {
-		$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ",
+
+		$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ",
 			intval(XCHAN_FLAGS_HIDDEN),
 			intval(XCHAN_FLAGS_ORPHAN)
 		);
+
 	}
 
 	$ret['page'] = $page + 1;
diff --git a/mod/display.php b/mod/display.php
index c9f6595c6..d91d14d01 100644
--- a/mod/display.php
+++ b/mod/display.php
@@ -35,6 +35,29 @@ function display_content(&$a, $update = 0, $load = false) {
 
 	$observer_is_owner = false;
 
+
+	if(local_user() && (! $update)) {
+
+		$channel = $a->get_channel();
+
+		$x = array(
+			'is_owner' => true,
+			'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
+			'default_location' => $channel['channel_location'],
+			'nickname' => $channel['channel_address'],
+			'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
+
+			'acl' => populate_acl($channel, false),
+			'bang' => '',
+			'visitor' => 'block',
+			'profile_uid' => local_user(),
+			'return_path' => 'channel/' . $channel['channel_address']
+		);
+
+		$o .= status_editor($a,$x);
+
+	}
+
 	// This page can be viewed by anybody so the query could be complicated
 	// First we'll see if there is a copy of the item which is owned by us - if we're logged in locally.
 	// If that fails (or we aren't logged in locally), 
@@ -166,6 +189,8 @@ function display_content(&$a, $update = 0, $load = false) {
 		);
 	}
 
+	$o .= '<div id="content-complete"></div>';
+
 	return $o;
 
 
diff --git a/mod/item.php b/mod/item.php
index 48a22bd3c..218e9c174 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -161,7 +161,6 @@ function item_post(&$a) {
 
 	$observer = $a->get_observer();
 
-
 	if($parent) {
 		logger('mod_item: item_post parent=' . $parent);
 		$can_comment = false;
@@ -386,9 +385,10 @@ function item_post(&$a) {
 			$body = fix_mce_lf($body);
 		}
 
-		// If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it. 
+		// If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it, if our pconfig is set.
+
 
-		if((! $parent) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) {
+		if((! $parent) && (get_pconfig($profile_uid,'system','tagifonlyrecip')) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) {
 			$x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
 				dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)),
 				intval($profile_uid)
@@ -529,7 +529,7 @@ function item_post(&$a) {
 				'type'  => TERM_CATEGORY,
 				'otype' => TERM_OBJ_POST,
 				'term'  => trim($cat),
-				'url'   => ''
+				'url'   => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat))
 			); 				
 		}
 	}
@@ -605,6 +605,7 @@ function item_post(&$a) {
 	$datarray['item_flags']     = $item_flags;
 	$datarray['layout_mid']     = $layout_mid;
 	$datarray['comment_policy'] = map_scope($channel['channel_w_comment']); 
+	$datarray['term']           = $post_tags;
 
 	// preview mode - prepare the body for display and send it via json
 
@@ -685,21 +686,6 @@ function item_post(&$a) {
 	if($post_id) {
 		logger('mod_item: saved item ' . $post_id);
 
-		if(count($post_tags)) {
-			foreach($post_tags as $tag) {
-				if(strlen(trim($tag['term']))) {
-					q("insert into term (uid,oid,otype,type,term,url) values (%d,%d,%d,%d,'%s','%s')",
-						intval($tag['uid']),
-						intval($post_id),
-						intval($tag['otype']),
-						intval($tag['type']),
-						dbesc(trim($tag['term'])),
-						dbesc(trim($tag['url']))
-					);
-				}
-			}
-		}
-
 		if($parent) {
 
 			$r = q("UPDATE `item` SET `changed` = '%s' WHERE `parent` = %d ",
@@ -894,7 +880,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
 			$url = 'http://getzot.com';
 			$newtag = '#[zrl=' . $url . ']' . $basetag . '[/zrl]';
 			$body = str_replace($tag,$newtag,$body);
-			$replace = true;
+			$replaced = true;
 		}
 		else {
 			//base tag has the tags name only
diff --git a/mod/message.php b/mod/message.php
index 652481579..1b4c6ae26 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -233,6 +233,24 @@ function message_content(&$a) {
 		}		
 	}
 
+	if((argc() == 3) && (argv(1) === 'recall')) {
+		if(! intval(argv(2)))
+			return;
+		$cmd = argv(1);
+		$r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d limit 1",
+			intval(MAIL_RECALLED),
+			intval(argv(2)),
+			intval(local_user())
+		);
+		proc_run('php','include/notifier.php','mail',intval(argv(2)));
+
+		if($r) {
+				info( t('Message recalled.') . EOL );
+		}
+		goaway($a->get_baseurl(true) . '/message' );
+
+	}
+
 
 	if((argc() > 1) && ($a->argv[1] === 'new')) {
 		
@@ -360,6 +378,16 @@ function message_content(&$a) {
 			return $o;
 		}
 
+		$other_channel = null;
+		if($messages[0]['to_xchan'] === $channel['channel_hash'])
+			$other_channel = $messages[0]['from'];
+		else
+			$other_channel = $messages[0]['to'];
+
+		require_once('include/Contact.php');
+
+		$a->set_widget('mail_conversant',vcard_from_xchan($other_channel,$get_observer_hash,'mail'));
+
 
 		$tpl = get_markup_template('msg-header.tpl');
 	
@@ -422,6 +450,9 @@ function message_content(&$a) {
 				'subject' => $message['title'],
 				'body' => smilies(bbcode($message['body']) . $s),
 				'delete' => t('Delete message'),
+				'recall' => t('Recall message'),
+				'can_recall' => (($channel['channel_hash'] == $message['from_xchan']) ? true : false),
+				'is_recalled' => (($message['mail_flags'] & MAIL_RECALLED) ? t('Message has been recalled.') : ''),
 				'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A'),
 			);
 				
@@ -440,6 +471,7 @@ function message_content(&$a) {
 
 		$tpl = get_markup_template('mail_display.tpl');
 		$o = replace_macros($tpl, array(
+			'$prvmsg_header' => t('Private Conversation'),
 			'$thread_id' => $a->argv[1],
 			'$thread_subject' => $message['title'],
 			'$thread_seen' => $seen,
diff --git a/mod/oexchange.php b/mod/oexchange.php
index 63b48751c..27c8b388d 100644
--- a/mod/oexchange.php
+++ b/mod/oexchange.php
@@ -15,6 +15,21 @@ function oexchange_init(&$a) {
 function oexchange_content(&$a) {
 
 	if(! local_user()) {
+		if(remote_user()) {
+			$observer = $a->get_observer();
+			if($observer && $observer['xchan_url']) {
+				$parsed = @parse_url($observer['xchan_url']);
+				if(! $parsed) {
+					notice( t('Unable to find your hub.') . EOL);
+					return;
+				}
+				$url = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '');
+				$url .= '/oexchange';
+				$result = z_post_url($url,$_REQUEST);
+				json_return_and_die($result);
+			}
+		}
+
 		return login(false);
 	}
 
diff --git a/mod/photos.php b/mod/photos.php
index f751d7d4f..075d01cf2 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -616,36 +616,28 @@ function photos_content(&$a) {
 
 	$can_post       = false;
 	$visitor        = 0;
-	$contact        = null;
-	$remote_contact = false;
-	$contact_id     = 0;
+
 
 	$owner_uid = $a->data['channel']['channel_id'];
 	$owner_aid = $a->data['channel']['channel_account_id'];
 
-	$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
+	$observer = $a->get_observer();
 
-	if((local_user()) && (local_user() == $owner_uid))
-		$can_post = true;
+	$can_post = perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_photos');
+	$can_view = perm_is_allowed($owner_uid,$observer['xchan_hash'],'view_photos');
 
-// FIXME
-	if(! $remote_contact) {
-		if(local_user()) {
-			$contact_id = $_SESSION['cid'];
-			$contact = $a->contact;
-		}
-	}
 
-	if($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (! $remote_contact)) {
+	if(! $can_view) {
 		notice( t('Access to this item is restricted.') . EOL);
 		return;
 	}
 
-	$sql_extra = permissions_sql($owner_uid,$remote_contact,$groups);
+	$sql_extra = permissions_sql($owner_uid);
 
 	$o = "";
 
 	// tabs
+
 	$_is_owner = (local_user() && (local_user() == $owner_uid));
 	$o .= profile_tabs($a,$_is_owner, $a->data['channel']['channel_address']);	
 
@@ -708,7 +700,7 @@ function photos_content(&$a) {
  		}
 
 		$albumselect_e = $albumselect;
-		$aclselect_e = (($visitor) ? '' : populate_acl($a->user, $celeb));
+		$aclselect_e = (($_is_owner) ? populate_acl($a->get_channel(), false) : '');
 
 		$tpl = get_markup_template('photos_upload.tpl');
 		$o .= replace_macros($tpl,array(
@@ -963,16 +955,12 @@ function photos_content(&$a) {
 			
 		}
 
-		if(! $can_post) {
-			$a->page['htmlhead'] .= '<script>
-				$(document).keydown(function(event) {' . "\n";
-
-			if($prevlink)
-				$a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n";
-			if($nextlink)
-				$a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n";
-			$a->page['htmlhead'] .= '});</script>';
-		}
+		$a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n";
+		if($prevlink)
+			$a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n";
+		if($nextlink)
+			$a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n";
+		$a->page['htmlhead'] .= '});</script>';
 
 		if($prevlink)
 			$prevlink = array($prevlink, '<i class="icon-backward photo-icons""></i>') ;
@@ -1085,9 +1073,9 @@ function photos_content(&$a) {
 						'$id' => $link_item['id'],
 						'$parent' => $link_item['id'],
 						'$profile_uid' =>  $owner_uid,
-						'$mylink' => $contact['url'],
+						'$mylink' => $observer['xchan_url'],
 						'$mytitle' => t('This is you'),
-						'$myphoto' => $contact['thumb'],
+						'$myphoto' => $observer['xchan_photo_s'],
 						'$comment' => t('Comment'),
 						'$submit' => t('Submit'),
 						'$preview' => t('Preview'),
@@ -1137,7 +1125,7 @@ function photos_content(&$a) {
 
 					$drop = '';
 
-					if(($item['contact-id'] == $contact_id) || ($item['uid'] == local_user()))
+					if($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan'])
 						$drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete')));
 
 
@@ -1171,9 +1159,9 @@ function photos_content(&$a) {
 						'$id' => $link_item['id'],
 						'$parent' => $link_item['id'],
 						'$profile_uid' =>  $owner_uid,
-						'$mylink' => $contact['url'],
+						'$mylink' => $observer['xchan_url'],
 						'$mytitle' => t('This is you'),
-						'$myphoto' => $contact['thumb'],
+						'$myphoto' => $observer['xchan_photo_s'],
 						'$comment' => t('Comment'),
 						'$submit' => t('Submit'),
 						'$ww' => ''
diff --git a/mod/setup.php b/mod/setup.php
index 97bdba34e..b825b5e0d 100755
--- a/mod/setup.php
+++ b/mod/setup.php
@@ -453,8 +453,8 @@ function check_funcs(&$checks) {
 		$ck_funcs[4]['help']= t('Error: mb_string PHP module required but not installed.');
 	}
 	if(! function_exists('mcrypt_encrypt')){
-		$ck_funcs[4]['status']= false;
-		$ck_funcs[4]['help']= t('Error: mcrypt PHP module required but not installed.');
+		$ck_funcs[5]['status']= false;
+		$ck_funcs[5]['help']= t('Error: mcrypt PHP module required but not installed.');
 	}
 	
 	$checks = array_merge($checks, $ck_funcs);
diff --git a/mod/view.php b/mod/view.php
index 9e5eff962..d4381743c 100644
--- a/mod/view.php
+++ b/mod/view.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * load view/theme/$current_theme/style.php with friendica contex
+ * load view/theme/$current_theme/style.php with Red context
  */
  
 function view_init($a){
diff --git a/mod/webpages.php b/mod/webpages.php
index 04c2e07c5..2c5728531 100644
--- a/mod/webpages.php
+++ b/mod/webpages.php
@@ -99,7 +99,7 @@ $r = q("select * from item_id where uid = %d and service = 'WEBPAGE' order by si
 		'$pages' => $pages,
 		'$channel' => $which,
 		'$view' => t('View'),
-		'$preview' => '1',
+		'$preview' => t('Preview'),
 	
         ));