diff options
Diffstat (limited to 'Zotlabs/Module')
58 files changed, 1006 insertions, 426 deletions
diff --git a/Zotlabs/Module/Achievements.php b/Zotlabs/Module/Achievements.php index 8ddefb3e5..1529448d3 100644 --- a/Zotlabs/Module/Achievements.php +++ b/Zotlabs/Module/Achievements.php @@ -18,7 +18,7 @@ class Achievements extends \Zotlabs\Web\Controller { $profile = 0; $profile = argv(1); - profile_load($a,$which,$profile); + profile_load($which,$profile); $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which) diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 2bc4ba62d..76a001fdd 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -1,7 +1,18 @@ <?php namespace Zotlabs\Module; -/* ACL selector json backend */ +/* + * ACL selector json backend + * This module provides JSON lists of connections and local/remote channels + * (xchans) to populate various tools such as the ACL (AccessControlList) popup + * and various auto-complete functions (such as email recipients, search, and + * mention targets. + * There are two primary output structural formats. One for the ACL widget and + * the other for auto-completion. + * Many of the behaviour variations are triggered on the use of single character keys + * however this functionality has grown in an ad-hoc manner and has gotten quite messy over time. + */ + require_once("include/acl_selectors.php"); require_once("include/group.php"); @@ -10,40 +21,63 @@ class Acl extends \Zotlabs\Web\Controller { function init(){ - // logger('mod_acl: ' . print_r($_REQUEST,true)); - - $start = (x($_REQUEST,'start')?$_REQUEST['start']:0); - $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); - $search = (x($_REQUEST,'search')?$_REQUEST['search']:""); - $type = (x($_REQUEST,'type')?$_REQUEST['type']:""); - $noforums = (x($_REQUEST,'n') ? $_REQUEST['n'] : false); + // logger('mod_acl: ' . print_r($_REQUEST,true)); - // List of channels whose connections to also suggest, e.g. currently viewed channel or channels mentioned in a post + $start = (x($_REQUEST,'start') ? $_REQUEST['start'] : 0); + $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 500); + $search = (x($_REQUEST,'search') ? $_REQUEST['search'] : ''); + $type = (x($_REQUEST,'type') ? $_REQUEST['type'] : ''); + $noforums = (x($_REQUEST,'n') ? $_REQUEST['n'] : false); + + + // $type = + // '' => standard ACL request + // 'g' => Groups only ACL request + // 'c' => Connections only ACL request or editor (textarea) mention request + // $_REQUEST['search'] contains ACL search text. + + + // $type = + // 'm' => autocomplete private mail recipient (checks post_mail permission) + // 'a' => autocomplete connections (mod_connections, mod_poke, mod_sources, mod_photos) + // 'x' => nav search bar autocomplete (match any xchan) + // $_REQUEST['query'] contains autocomplete search text. + + // List of channels whose connections to also suggest, + // e.g. currently viewed channel or channels mentioned in a post + $extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array()); - // For use with jquery.autocomplete for private mail completion + // The different autocomplete libraries use different names for the search text + // parameter. Internaly we'll use $search to represent the search text no matter + // what request variable it was attached to. - if(x($_REQUEST,'query') && strlen($_REQUEST['query'])) { - if(! $type) - $type = 'm'; + if(array_key_exists('query',$_REQUEST)) { $search = $_REQUEST['query']; } - if(!(local_channel())) - if(!($type == 'x' || $type == 'c')) - killme(); + if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) + killme(); - if ($search != "") { + if($search) { $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; - // This horrible mess is needed because position also returns 0 if nothing is found. W/ould be MUCH easier if it instead returned a very large value - // Otherwise we could just order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)). - $order_extra2 = "CASE WHEN xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) ." then POSITION('".dbesc($search)."' IN xchan_name) else position('".dbesc($search)."' IN xchan_addr) end, "; + // This horrible mess is needed because position also returns 0 if nothing is found. + // Would be MUCH easier if it instead returned a very large value + // Otherwise we could just + // order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)). + + $order_extra2 = "CASE WHEN xchan_name LIKE " + . protect_sprintf( "'%" . dbesc($search) . "%'" ) + . " then POSITION('" . dbesc($search) + . "' IN xchan_name) else position('" . dbesc($search) . "' IN xchan_addr) end, "; + $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' ); $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; - } else { + } + else { $sql_extra = $sql_extra2 = $sql_extra3 = ""; } @@ -51,7 +85,7 @@ class Acl extends \Zotlabs\Web\Controller { $groups = array(); $contacts = array(); - if ($type=='' || $type=='g'){ + if($type == '' || $type == 'g') { $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname` FROM `groups`,`group_member` @@ -82,7 +116,7 @@ class Acl extends \Zotlabs\Web\Controller { } } - if ($type=='' || $type=='c') { + if($type == '' || $type == 'c') { $extra_channels_sql = ''; // Only include channels who allow the observer to view their permissions foreach($extra_channels as $channel) { @@ -96,13 +130,40 @@ class Acl extends \Zotlabs\Web\Controller { if(local_channel()) { if($extra_channels_sql != '') $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; + + $r2 = null; + + $r1 = q("select * from atoken where atoken_uid = %d", + intval(local_channel()) + ); + if($r1) { + require_once('include/security.php'); + $r2 = array(); + foreach($r1 as $rr) { + $x = atoken_xchan($rr); + $r2[] = [ + 'id' => 'a' . $rr['atoken_id'] , + 'hash' => $x['xchan_hash'], + 'name' => $x['xchan_name'], + 'micro' => $x['xchan_photo_m'], + 'url' => z_root(), + 'nick' => $x['xchan_addr'], + 'abook_their_perms' => 0, + 'abook_flags' => 0, + 'abook_self' => 0 + ]; + } + } + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) ); - + if($r2) + $r = array_merge($r2,$r); + } else { // Visitors $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self @@ -161,7 +222,7 @@ class Acl extends \Zotlabs\Web\Controller { } elseif($type == 'm') { - $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + $r = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) and xchan_deleted = 0 @@ -171,7 +232,7 @@ class Acl extends \Zotlabs\Web\Controller { intval(PERMS_W_MAIL) ); } - elseif(($type == 'a') || ($type == 'p')) { + elseif($type == 'a') { $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d @@ -296,7 +357,7 @@ class Acl extends \Zotlabs\Web\Controller { $url = $directory['url'] . '/dirsearch'; } - $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); + $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100); if($url) { $query = $url . '?f=' ; $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : ''); diff --git a/Zotlabs/Module/Block.php b/Zotlabs/Module/Block.php index 062befdb5..e671730f6 100644 --- a/Zotlabs/Module/Block.php +++ b/Zotlabs/Module/Block.php @@ -12,7 +12,7 @@ class Block extends \Zotlabs\Web\Controller { $which = argv(1); $profile = 0; - profile_load($a,$which,$profile); + profile_load($which,$profile); if(\App::$profile['profile_uid']) head_set_icon(\App::$profile['thumb']); @@ -52,8 +52,8 @@ class Block extends \Zotlabs\Web\Controller { require_once('include/security.php'); $sql_options = item_permissions_sql($u[0]['channel_id']); - $r = q("select item.* from item left join item_id on item.id = item_id.iid - where item.uid = %d and sid = '%s' and service = 'BUILDBLOCK' and + $r = q("select item.* from item left join iconfig on item.id = iconfig.iid + where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and iconfig.k = 'BUILDBLOCK' and item_type = %d $sql_options $revision limit 1", intval($u[0]['channel_id']), dbesc($page_id), @@ -64,8 +64,8 @@ class Block extends \Zotlabs\Web\Controller { // Check again with no permissions clause to see if it is a permissions issue - $x = q("select item.* from item left join item_id on item.id = item_id.iid - where item.uid = %d and sid = '%s' and service = 'BUILDBLOCK' and + $x = q("select item.* from item left join iconfig on item.id = iconfig.iid + where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and iconfig.k = 'BUILDBLOCK' and item_type = %d $revision limit 1", intval($u[0]['channel_id']), dbesc($page_id), diff --git a/Zotlabs/Module/Blocks.php b/Zotlabs/Module/Blocks.php index 32650a090..e6a97794d 100644 --- a/Zotlabs/Module/Blocks.php +++ b/Zotlabs/Module/Blocks.php @@ -22,12 +22,12 @@ class Blocks extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } - function get() { + function get() { if(! \App::$profile) { notice( t('Requested profile is not available.') . EOL ); @@ -111,8 +111,11 @@ class Blocks extends \Zotlabs\Web\Controller { $editor = status_editor($a,$x); - $r = q("select iid, sid, mid, title, body, mimetype, created, edited from item_id left join item on item_id.iid = item.id - where item_id.uid = %d and service = 'BUILDBLOCK' and item_type = %d order by item.created desc", + + $r = q("select iconfig.iid, iconfig.k, iconfig.v, mid, title, body, mimetype, created, edited from iconfig + left join item on iconfig.iid = item.id + where uid = %d and iconfig.cat = 'system' and iconfig.k = 'BUILDBLOCK' + and item_type = %d order by item.created desc", intval($owner), intval(ITEM_TYPE_BLOCK) ); @@ -129,12 +132,12 @@ class Blocks extends \Zotlabs\Web\Controller { 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], - 'pagetitle' => $rr['sid'], + 'pagetitle' => $rr['v'], 'mid' => $rr['mid'] ); $pages[$rr['iid']][] = array( 'url' => $rr['iid'], - 'name' => $rr['sid'], + 'name' => $rr['v'], 'title' => $rr['title'], 'created' => $rr['created'], 'edited' => $rr['edited'], diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index 1da42684d..fd4169e68 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -20,7 +20,7 @@ class Cal extends \Zotlabs\Web\Controller { if(argc() > 1) { $nick = argv(1); - profile_load($a,$nick); + profile_load($nick); $channelx = channelx_by_nick($nick); diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 29bfcbc3c..c74802ec5 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -9,7 +9,6 @@ require_once('include/security.php'); require_once('include/conversation.php'); require_once('include/acl_selectors.php'); require_once('include/permissions.php'); -require_once('include/PermissionDescription.php'); class Channel extends \Zotlabs\Web\Controller { @@ -48,7 +47,7 @@ class Channel extends \Zotlabs\Web\Controller { // Run profile_load() here to make sure the theme is set before // we start loading content - profile_load($a,$which,$profile); + profile_load($which,$profile); } @@ -133,7 +132,7 @@ class Channel extends \Zotlabs\Web\Controller { 'default_location' => (($is_owner) ? \App::$profile['channel_location'] : ''), 'nickname' => \App::$profile['channel_address'], 'lockstate' => (((strlen(\App::$profile['channel_allow_cid'])) || (strlen(\App::$profile['channel_allow_gid'])) || (strlen(\App::$profile['channel_deny_cid'])) || (strlen(\App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl,true, \PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''), + 'acl' => (($is_owner) ? populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''), 'showacl' => (($is_owner) ? 'yes' : ''), 'bang' => '', 'visitor' => (($is_owner || $observer) ? true : false), diff --git a/Zotlabs/Module/Chat.php b/Zotlabs/Module/Chat.php index 026e8369a..ff55a9319 100644 --- a/Zotlabs/Module/Chat.php +++ b/Zotlabs/Module/Chat.php @@ -39,7 +39,7 @@ class Chat extends \Zotlabs\Web\Controller { // Run profile_load() here to make sure the theme is set before // we start loading content - profile_load($a,$which,$profile); + profile_load($which,$profile); } diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index b691475ce..68d84e070 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -13,6 +13,9 @@ use \Zotlabs\Storage; // composer autoloader for SabreDAV require_once('vendor/autoload.php'); +require_once('include/attach.php'); + + /** * @brief Fires up the SabreDAV server. * @@ -23,7 +26,6 @@ require_once('vendor/autoload.php'); class Cloud extends \Zotlabs\Web\Controller { function init() { - require_once('include/reddav.php'); if (! is_dir('store')) os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false); @@ -37,7 +39,7 @@ class Cloud extends \Zotlabs\Web\Controller { \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n"; if ($which) - profile_load($a, $which, $profile); + profile_load( $which, $profile); $auth = new \Zotlabs\Storage\BasicAuth(); @@ -79,17 +81,6 @@ class Cloud extends \Zotlabs\Web\Controller { $is_readable = false; - if($_SERVER['REQUEST_METHOD'] === 'GET') { - try { - $x = RedFileData('/' . \App::$cmd, $auth); - } - catch(\Exception $e) { - if($e instanceof Sabre\DAV\Exception\Forbidden) { - http_status_exit(401, 'Permission denied.'); - } - } - } - // provide a directory view for the cloud in Hubzilla $browser = new \Zotlabs\Storage\Browser($auth); $auth->setBrowserPlugin($browser); diff --git a/Zotlabs/Module/Common.php b/Zotlabs/Module/Common.php index 1c428d256..2f3c57267 100644 --- a/Zotlabs/Module/Common.php +++ b/Zotlabs/Module/Common.php @@ -21,7 +21,7 @@ class Common extends \Zotlabs\Web\Controller { ); if($x) - profile_load($a,$x[0]['channel_address'],0); + profile_load($x[0]['channel_address'],0); } diff --git a/Zotlabs/Module/Connect.php b/Zotlabs/Module/Connect.php index f68e0baac..962c05cce 100644 --- a/Zotlabs/Module/Connect.php +++ b/Zotlabs/Module/Connect.php @@ -26,7 +26,7 @@ class Connect extends \Zotlabs\Web\Controller { if($r) \App::$data['channel'] = $r[0]; - profile_load($a,$which,''); + profile_load($which,''); } function post() { diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 4f700e2e7..7db4950b1 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -16,14 +16,14 @@ require_once('include/zot.php'); require_once('include/widgets.php'); require_once('include/photos.php'); -/* @brief Initialize the connection-editor - * - * - */ - class Connedit extends \Zotlabs\Web\Controller { + /* @brief Initialize the connection-editor + * + * + */ + function init() { if(! local_channel()) @@ -51,7 +51,7 @@ class Connedit extends \Zotlabs\Web\Controller { * */ - function post() { + function post() { if(! local_channel()) return; @@ -219,7 +219,7 @@ class Connedit extends \Zotlabs\Web\Controller { //Update profile photo permissions logger('A new profile was assigned - updating profile photos'); - profile_photo_set_profile_perms($profile_id); + profile_photo_set_profile_perms(local_channel(),$profile_id); } @@ -345,7 +345,7 @@ class Connedit extends \Zotlabs\Web\Controller { unset($clone['abook_account']); unset($clone['abook_channel']); - $abconfig = load_abconfig($channel['channel_hash'],$clone['abook_xchan']); + $abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']); if($abconfig) $clone['abconfig'] = $abconfig; @@ -357,7 +357,7 @@ class Connedit extends \Zotlabs\Web\Controller { * */ - function get() { + function get() { $sort_type = 0; $o = ''; @@ -418,7 +418,13 @@ class Connedit extends \Zotlabs\Web\Controller { goaway(z_root() . '/connedit/' . $contact_id); } - + if($cmd === 'resetphoto') { + q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s' limit 1", + dbesc($orig_record[0]['xchan_hash']) + ); + $cmd = 'refresh'; + } + if($cmd === 'refresh') { if($orig_record[0]['xchan_network'] === 'zot') { if(! zot_refresh($orig_record[0],\App::get_channel())) diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index a72c3389f..886958b37 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -29,7 +29,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { } $channel = \App::get_channel(); - profile_load($a,$channel['channel_address']); + profile_load($channel['channel_address']); } @@ -40,7 +40,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { * */ - function post() { + function post() { if(! local_channel()) { return; @@ -50,7 +50,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo'); - if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { + if((array_key_exists('cropfinal',$_POST)) && ($_POST['cropfinal'] == 1)) { // phase 2 - we have finished cropping @@ -271,7 +271,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { */ - function get() { + function get() { if(! local_channel()) { notice( t('Permission denied.') . EOL ); diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 2fddabe19..aaf69844c 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -14,6 +14,7 @@ use \Zotlabs\Storage; // composer autoloader for SabreDAV require_once('vendor/autoload.php'); +require_once('include/attach.php'); /** * @brief Fires up the SabreDAV server. @@ -44,60 +45,16 @@ class Dav extends \Zotlabs\Web\Controller { } } - require_once('include/reddav.php'); - if (! is_dir('store')) os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false); - $which = null; if (argc() > 1) - $which = argv(1); - - $profile = 0; - - \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n"; - - if ($which) - profile_load($a, $which, $profile); + profile_load(argv(1),0); - - $auth = new \Zotlabs\Storage\BasicAuth(); - $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV'); + $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV'); -// $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function($userName,$password) { -// if(account_verify_password($userName,$password)) -// return true; -// return false; -// }); - -// $ob_hash = get_observer_hash(); - -// if ($ob_hash) { -// if (local_channel()) { -// $channel = \App::get_channel(); -// $auth->setCurrentUser($channel['channel_address']); -// $auth->channel_id = $channel['channel_id']; -// $auth->channel_hash = $channel['channel_hash']; -// $auth->channel_account_id = $channel['channel_account_id']; -// if($channel['channel_timezone']) -// $auth->setTimezone($channel['channel_timezone']); -// } -// $auth->observer = $ob_hash; -// } - -// if ($_GET['davguest']) -// $_SESSION['davguest'] = true; - -// $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']); -// $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']); -// $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']); -// -// $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']); -// $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']); -// $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']); - $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth); // A SabreDAV server-object @@ -114,48 +71,13 @@ class Dav extends \Zotlabs\Web\Controller { $server->addPlugin($lockPlugin); - // The next section of code allows us to bypass prompting for http-auth if a - // FILE is being accessed anonymously and permissions allow this. This way - // one can create hotlinks to public media files in their cloud and anonymous - // viewers won't get asked to login. - // If a DIRECTORY is accessed or there are permission issues accessing the - // file and we aren't previously authenticated via zot, prompt for HTTP-auth. - // This will be the default case for mounting a DAV directory. - // In order to avoid prompting for passwords for viewing a DIRECTORY, add - // the URL query parameter 'davguest=1'. - -// $isapublic_file = false; -// $davguest = ((x($_SESSION, 'davguest')) ? true : false); - -// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { -// try { -// $x = RedFileData('/' . \App::$cmd, $auth); -// if($x instanceof \Zotlabs\Storage\File) -// $isapublic_file = true; -// } -// catch (Exception $e) { -// $isapublic_file = false; -// } -// } - -// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { -// try { -// $auth->Authenticate($server, t('$Projectname channel')); -// } -// catch (Exception $e) { -// logger('mod_cloud: auth exception' . $e->getMessage()); -// http_status_exit($e->getHTTPCode(), $e->getMessage()); -// } -// } - - // require_once('Zotlabs/Storage/Browser.php'); // provide a directory view for the cloud in Hubzilla $browser = new \Zotlabs\Storage\Browser($auth); $auth->setBrowserPlugin($browser); // Experimental QuotaPlugin - // require_once('Zotlabs/Storage/QuotaPlugin.php'); - // $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth)); + // require_once('Zotlabs/Storage/QuotaPlugin.php'); + // $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth)); // All we need to do now, is to fire up the server $server->exec(); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index c1a0d84bc..d1d4edc7d 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -106,12 +106,13 @@ class Display extends \Zotlabs\Web\Controller { $x = q("select * from channel where channel_id = %d limit 1", intval($target_item['uid']) ); - $y = q("select * from item_id where uid = %d and service = 'WEBPAGE' and iid = %d limit 1", + $y = q("select * from iconfig left join item on iconfig.iid = item.id + where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item.id = %d limit 1", intval($target_item['uid']), intval($target_item['id']) ); if($x && $y) { - goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['sid']); + goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['v']); } else { notice( t('Page not found.') . EOL); diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index e8709c952..d2933b464 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -16,7 +16,24 @@ class Dreport extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $mid = ((argc() > 1) ? argv(1) : ''); - + + if($mid === 'push') { + $table = 'push'; + $mid = ((argc() > 2) ? argv(2) : ''); + if($mid) { + $i = q("select id from item where mid = '%s' and author_xchan = '%s' and uid = %d", + dbesc($mid), + dbesc($channel['channel_hash']), + intval($channel['channel_id']) + ); + if($i) { + \Zotlabs\Daemon\Master::Summon([ 'Notifier', 'edit_post', $i[0]['id'] ]); + } + } + sleep(3); + goaway(z_root() . '/dreport/' . urlencode($mid)); + } + if($mid === 'mail') { $table = 'mail'; $mid = ((argc() > 2) ? argv(2) : ''); @@ -59,11 +76,7 @@ class Dreport extends \Zotlabs\Web\Controller { notice( t('no results') . EOL); return; } - - $o .= '<div class="generic-content-wrapper-styled">'; - $o .= '<h2>' . sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...' . '</h2>'; - $o .= '<table>'; - + for($x = 0; $x < count($r); $x++ ) { $r[$x]['name'] = escape_tags(substr($r[$x]['dreport_recip'],strpos($r[$x]['dreport_recip'],' '))); @@ -119,13 +132,25 @@ class Dreport extends \Zotlabs\Web\Controller { } usort($r,'self::dreport_gravity_sort'); - - + + $entries = array(); foreach($r as $rr) { - $o .= '<tr><td width="40%">' . $rr['name'] . '</td><td width="20%">' . escape_tags($rr['dreport_result']) . '</td><td width="20%">' . escape_tags($rr['dreport_time']) . '</td></tr>'; + $entries[] = [ + 'name' => $rr['name'], + 'result' => escape_tags($rr['dreport_result']), + 'time' => escape_tags(datetime_convert('UTC',date_default_timezone_get(),$rr['dreport_time'])) + ]; } - $o .= '</table>'; - $o .= '</div>'; + + $o = replace_macros(get_markup_template('dreport.tpl'), array( + '$title' => sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...', + '$table' => $table, + '$mid' => urlencode($mid), + '$options' => t('Options'), + '$push' => t('Redeliver'), + '$entries' => $entries + )); + return $o; diff --git a/Zotlabs/Module/Editblock.php b/Zotlabs/Module/Editblock.php index fb86557f2..6a9fa5f2d 100644 --- a/Zotlabs/Module/Editblock.php +++ b/Zotlabs/Module/Editblock.php @@ -21,7 +21,7 @@ class Editblock extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } @@ -85,11 +85,11 @@ class Editblock extends \Zotlabs\Web\Controller { intval($owner) ); if($itm) { - $item_id = q("select * from item_id where service = 'BUILDBLOCK' and iid = %d limit 1", + $item_id = q("select * from iconfig where cat = 'system' and k = 'BUILDBLOCK' and iid = %d limit 1", intval($itm[0]['id']) ); if($item_id) - $block_title = $item_id[0]['sid']; + $block_title = $item_id[0]['v']; } else { notice( t('Item not found') . EOL); diff --git a/Zotlabs/Module/Editlayout.php b/Zotlabs/Module/Editlayout.php index 5028882d2..26732dc77 100644 --- a/Zotlabs/Module/Editlayout.php +++ b/Zotlabs/Module/Editlayout.php @@ -21,7 +21,7 @@ class Editlayout extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } @@ -96,11 +96,12 @@ class Editlayout extends \Zotlabs\Web\Controller { intval($owner) ); - $item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", + $item_id = q("select * from iconfig where cat = 'system' and k = 'PDL' and iid = %d limit 1", intval($itm[0]['id']) ); if($item_id) - $layout_title = $item_id[0]['sid']; + $layout_title = $item_id[0]['v']; + $rp = 'layouts/' . $which; diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php index 1b5c320a0..be4803a07 100644 --- a/Zotlabs/Module/Editwebpage.php +++ b/Zotlabs/Module/Editwebpage.php @@ -4,7 +4,6 @@ namespace Zotlabs\Module; require_once('include/channel.php'); require_once('include/acl_selectors.php'); require_once('include/conversation.php'); -require_once('include/PermissionDescription.php'); class Editwebpage extends \Zotlabs\Web\Controller { @@ -23,7 +22,7 @@ class Editwebpage extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } @@ -114,11 +113,11 @@ class Editwebpage extends \Zotlabs\Web\Controller { $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); } - $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", + $item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1", intval($itm[0]['id']) ); if($item_id) - $page_title = $item_id[0]['sid']; + $page_title = $item_id[0]['v']; $mimetype = $itm[0]['mimetype']; @@ -151,7 +150,7 @@ class Editwebpage extends \Zotlabs\Web\Controller { 'body' => undo_post_tagging($itm[0]['body']), 'post_id' => $post_id, 'visitor' => ($is_owner) ? true : false, - 'acl' => populate_acl($itm[0],false,\PermissionDescription::fromGlobalPermission('view_pages')), + 'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')), 'showacl' => ($is_owner) ? true : false, 'mimetype' => $mimetype, 'mimeselect' => true, diff --git a/Zotlabs/Module/Embedphotos.php b/Zotlabs/Module/Embedphotos.php new file mode 100644 index 000000000..0dac873c5 --- /dev/null +++ b/Zotlabs/Module/Embedphotos.php @@ -0,0 +1,180 @@ +<?php +namespace Zotlabs\Module; + +/** + * + * This is the POST destination for the embedphotos button + * + */ + + +class Embedphotos extends \Zotlabs\Web\Controller { + + function get() { + + } + + function post() { + + if (argc() > 1 && argv(1) === 'album') { + // API: /embedphotos/album + $name = (x($_POST,'name') ? $_POST['name'] : null ); + if (!$name) { + json_return_and_die(array('errormsg' => 'Error retrieving album', 'status' => false)); + } + $album = $this->embedphotos_widget_album(array('channel' => \App::get_channel(), 'album' => $name)); + json_return_and_die(array('status' => true, 'content' => $album)); + + } + if (argc() > 1 && argv(1) === 'albumlist') { + // API: /embedphotos/albumlist + $album_list = $this->embedphotos_album_list($a); + json_return_and_die(array('status' => true, 'albumlist' => $album_list)); + + } + if (argc() > 1 && argv(1) === 'photolink') { + // API: /embedphotos/photolink + $href = (x($_POST,'href') ? $_POST['href'] : null ); + if (!$href) { + json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false)); + } + $resource_id = array_pop(explode("/", $href)); + $r = q("SELECT obj from item where resource_type = 'photo' and resource_id = '%s' limit 1", + dbesc($resource_id) + ); + if(!$r) { + json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false)); + } + $obj = json_decode($r[0]['obj'], true); + if(x($obj,'body')) { + $photolink = $obj['body']; + } elseif (x($obj,'bbcode')) { + $photolink = $obj['bbcode']; + } else { + json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false)); + } + json_return_and_die(array('status' => true, 'photolink' => $photolink)); + + } + } + + +/** + * Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from + * the input array as in widget_item() + * @param type $name + * @return string + */ +function embedphotos_widget_album($args) { + + $channel_id = 0; + if(array_key_exists('channel',$args)) + $channel = $args['channel']; + $channel_id = intval($channel['channel_id']); + if(! $channel_id) + $channel_id = \App::$profile_uid; + if(! $channel_id) + return ''; + $owner_uid = $channel_id; + require_once('include/security.php'); + $sql_extra = permissions_sql($channel_id); + + if(! perm_is_allowed($channel_id,get_observer_hash(),'view_storage')) + return ''; + + if($args['album']) + $album = $args['album']; + if($args['title']) + $title = $args['title']; + + /** + * This may return incorrect permissions if you have multiple directories of the same name. + * It is a limitation of the photo table using a name for a photo album instead of a folder hash + */ + + if($album) { + $x = q("select hash from attach where filename = '%s' and uid = %d limit 1", + dbesc($album), + intval($owner_uid) + ); + if($x) { + $y = attach_can_view_folder($owner_uid,get_observer_hash(),$x[0]['hash']); + if(! $y) + return ''; + } + } + + $order = 'DESC'; + + $r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.imgscale, p.description, p.created FROM photo p INNER JOIN + (SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) $sql_extra GROUP BY resource_id) ph + ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale) + ORDER BY created $order", + intval($owner_uid), + dbesc($album), + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE) + ); + + $photos = array(); + if(count($r)) { + $twist = 'rotright'; + foreach($r as $rr) { + + if($twist == 'rotright') + $twist = 'rotleft'; + else + $twist = 'rotright'; + + $ext = $phototypes[$rr['mimetype']]; + + $imgalt_e = $rr['filename']; + $desc_e = $rr['description']; + + $imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id'] + . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '')); + + $photos[] = array( + 'id' => $rr['id'], + 'twist' => ' ' . $twist . rand(2,4), + 'link' => $imagelink, + 'title' => t('View Photo'), + 'src' => z_root() . '/photo/' . $rr['resource_id'] . '-' . $rr['imgscale'] . '.' .$ext, + 'alt' => $imgalt_e, + 'desc'=> $desc_e, + 'ext' => $ext, + 'hash'=> $rr['resource_id'], + 'unknown' => t('Unknown') + ); + } + } + + $tpl = get_markup_template('photo_album.tpl'); + $o .= replace_macros($tpl, array( + '$photos' => $photos, + '$album' => (($title) ? $title : $album), + '$album_id' => rand(), + '$album_edit' => array(t('Edit Album'), $album_edit), + '$can_post' => false, + '$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$profile['channel_address'] . '/upload/' . bin2hex($album)), + '$order' => false, + '$upload_form' => $upload_form, + '$no_fullscreen_btn' => true + )); + + return $o; +} + + +function embedphotos_album_list($a) { + $o = ''; + require_once('include/photos.php'); + $p = photos_albums_list(\App::get_channel(), \App::get_observer()); + if ($p['success']) { + return $p['albums']; + } else { + return null; + } +} + +} diff --git a/Zotlabs/Module/Events.php b/Zotlabs/Module/Events.php index 3f3f9fb4c..def5c437b 100644 --- a/Zotlabs/Module/Events.php +++ b/Zotlabs/Module/Events.php @@ -6,7 +6,6 @@ require_once('include/bbcode.php'); require_once('include/datetime.php'); require_once('include/event.php'); require_once('include/items.php'); -require_once('include/PermissionDescription.php'); class Events extends \Zotlabs\Web\Controller { @@ -471,7 +470,7 @@ class Events extends \Zotlabs\Web\Controller { '$permissions' => t('Permission settings'), // populating the acl dialog was a permission description from view_stream because Cal.php, which // displays events, says "since we don't currently have an event permission - use the stream permission" - '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults), false, \PermissionDescription::fromGlobalPermission('view_stream'))), + '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults), false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'))), '$submit' => t('Submit'), '$advanced' => t('Advanced Options') @@ -668,8 +667,10 @@ class Events extends \Zotlabs\Web\Controller { '$export' => array(z_root()."/events/$y/$m/export",t('Export'),'',''), '$calendar' => cal($y,$m,$links, ' eventcal'), '$events' => $events, - '$upload' => t('Import'), - '$submit' => t('Submit'), + '$view_label' => t('View'), + '$month' => t('Month'), + '$week' => t('Week'), + '$day' => t('Day'), '$prev' => t('Previous'), '$next' => t('Next'), '$today' => t('Today'), diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index 2861f31be..c3ef22e32 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -6,7 +6,6 @@ namespace Zotlabs\Module; */ require_once('include/attach.php'); -require_once('include/PermissionDescription.php'); /** @@ -134,7 +133,7 @@ class Filestorage extends \Zotlabs\Web\Controller { $cloudpath = get_cloudpath($f) . (intval($f['is_dir']) ? '?f=&davguest=1' : ''); $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); - $aclselect_e = populate_acl($f, false, \PermissionDescription::fromGlobalPermission('view_storage')); + $aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')); $is_a_dir = (intval($f['is_dir']) ? true : false); $lockstate = (($f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid']) ? 'lock' : 'unlock'); diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index 1df382a89..3641330c9 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -43,7 +43,7 @@ class Follow extends \Zotlabs\Web\Controller { unset($clone['abook_account']); unset($clone['abook_channel']); - $abconfig = load_abconfig($channel['channel_hash'],$clone['abook_xchan']); + $abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']); if($abconfig) $clone['abconfig'] = $abconfig; diff --git a/Zotlabs/Module/Hcard.php b/Zotlabs/Module/Hcard.php index 2636e676b..93c8d3ece 100644 --- a/Zotlabs/Module/Hcard.php +++ b/Zotlabs/Module/Hcard.php @@ -40,7 +40,7 @@ class Hcard extends \Zotlabs\Web\Controller { } } - profile_load($a,$which,$profile); + profile_load($which,$profile); } diff --git a/Zotlabs/Module/Home.php b/Zotlabs/Module/Home.php index f3ba96fdd..79449c3b2 100644 --- a/Zotlabs/Module/Home.php +++ b/Zotlabs/Module/Home.php @@ -28,6 +28,19 @@ class Home extends \Zotlabs\Web\Controller { goaway($dest); } + + if(remote_channel() && (! $splash) && $_SESSION['atoken']) { + $r = q("select * from atoken where atoken_id = %d", + intval($_SESSION['atoken']) + ); + if($r) { + $x = channelx_by_n($r[0]['atoken_uid']); + if($x) { + goaway(z_root() . '/channel/' . $x['channel_address']); + } + } + } + if(get_account_id() && ! $splash) { goaway(z_root() . '/new_channel'); diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php index 6a94b57f5..e053bf99c 100644 --- a/Zotlabs/Module/Id.php +++ b/Zotlabs/Module/Id.php @@ -57,7 +57,7 @@ class Id extends \Zotlabs\Web\Controller { $profile = ''; $channel = \App::get_channel(); - profile_load($a,$which,$profile); + profile_load($which,$profile); $op = new MysqlProvider; $op->server(); diff --git a/Zotlabs/Module/Impel.php b/Zotlabs/Module/Impel.php index e326f7818..735c311d0 100644 --- a/Zotlabs/Module/Impel.php +++ b/Zotlabs/Module/Impel.php @@ -137,9 +137,7 @@ class Impel extends \Zotlabs\Web\Controller { require_once('library/urlify/URLify.php'); $pagetitle = strtolower(\URLify::transliterate($j['pagetitle'])); } - - - + // Verify ability to use html or php!!! $execflag = false; @@ -154,21 +152,14 @@ class Impel extends \Zotlabs\Web\Controller { } } - $remote_id = 0; - - $z = q("select * from item_id where sid = '%s' and service = '%s' and uid = %d limit 1", - dbesc($pagetitle), - dbesc($namespace), - intval(local_channel()) - ); - $i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1", dbesc($arr['mid']), intval(local_channel()) ); + + \Zotlabs\Lib\IConfig::Set($arr,'system',$namespace,(($pagetitle) ? $pagetitle : substr($arr['mid'],0,16)),true); - if($z && $i) { - $remote_id = $z[0]['id']; + if($i) { $arr['id'] = $i[0]['id']; // don't update if it has the same timestamp as the original if($arr['edited'] > $i[0]['edited']) @@ -182,12 +173,12 @@ class Impel extends \Zotlabs\Web\Controller { intval(local_channel()) ); } - $x = item_store($arr,$execflag); + else + $x = item_store($arr,$execflag); } - if($x['success']) { + if($x && $x['success']) { $item_id = $x['item_id']; - update_remote_id($channel,$item_id,$arr['item_type'],$pagetitle,$namespace,$remote_id,$arr['mid']); } } @@ -199,7 +190,8 @@ class Impel extends \Zotlabs\Web\Controller { notice( sprintf( t('%s element installation failed'), $installed_type)); } - //??? should perhaps return ret? + //??? should perhaps return ret? + json_return_and_die(true); } diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 122e27e90..e34f5e49e 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -131,6 +131,8 @@ class Import extends \Zotlabs\Web\Controller { // import channel + $relocate = ((array_key_exists('relocate',$data)) ? $data['relocate'] : null); + if(array_key_exists('channel',$data)) { if($completed < 1) { @@ -387,8 +389,7 @@ class Import extends \Zotlabs\Web\Controller { if($abconfig) { // @fixme does not handle sync of del_abconfig foreach($abconfig as $abc) { - if($abc['chan'] === $channel['channel_hash']) - set_abconfig($abc['chan'],$abc['xchan'],$abc['cat'],$abc['k'],$abc['v']); + set_abconfig($channel['channel_id'],$abc['xchan'],$abc['cat'],$abc['k'],$abc['v']); } } @@ -475,7 +476,7 @@ class Import extends \Zotlabs\Web\Controller { import_events($channel,$data['event']); if(is_array($data['event_item'])) - import_items($channel,$data['event_item']); + import_items($channel,$data['event_item'],false,$relocate); if(is_array($data['menu'])) import_menus($channel,$data['menu']); @@ -486,7 +487,7 @@ class Import extends \Zotlabs\Web\Controller { $saved_notification_flags = notifications_off($channel['channel_id']); if($import_posts && array_key_exists('item',$data) && $data['item']) - import_items($channel,$data['item']); + import_items($channel,$data['item'],false,$relocate); notifications_on($channel['channel_id'],$saved_notification_flags); diff --git a/Zotlabs/Module/Import_items.php b/Zotlabs/Module/Import_items.php index a862836c5..f20cbfe7e 100644 --- a/Zotlabs/Module/Import_items.php +++ b/Zotlabs/Module/Import_items.php @@ -78,6 +78,8 @@ class Import_items extends \Zotlabs\Web\Controller { // logger('import: data: ' . print_r($data,true)); // print_r($data); + if(! is_array($data)) + return; if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) { $v1 = substr($data['compatibility']['database'],-4); @@ -92,7 +94,7 @@ class Import_items extends \Zotlabs\Web\Controller { if(array_key_exists('item',$data) && $data['item']) { - import_items($channel,$data['item']); + import_items($channel,$data['item'],false,((array_key_exists('relocate',$data)) ? $data['relocate'] : null)); } if(array_key_exists('item_id',$data) && $data['item_id']) { @@ -106,7 +108,7 @@ class Import_items extends \Zotlabs\Web\Controller { - function get() { + function get() { if(! local_channel()) { notice( t('Permission denied') . EOL); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 2601feb0a..b54099d74 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -1,4 +1,5 @@ <?php + namespace Zotlabs\Module; /** @@ -92,7 +93,7 @@ class Item extends \Zotlabs\Web\Controller { $origin = (($api_source && array_key_exists('origin',$_REQUEST)) ? intval($_REQUEST['origin']) : 1); - // To represent message-ids on other networks - this will create an item_id record + // To represent message-ids on other networks - this will create an iconfig record $namespace = (($api_source && array_key_exists('namespace',$_REQUEST)) ? strip_tags($_REQUEST['namespace']) : ''); $remote_id = (($api_source && array_key_exists('remote_id',$_REQUEST)) ? strip_tags($_REQUEST['remote_id']) : ''); @@ -182,7 +183,9 @@ class Item extends \Zotlabs\Web\Controller { } // can_comment_on_post() needs info from the following xchan_query - xchan_query($r); + // This may be from the discover tab which means we need to correct the effective uid + + xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel())); $parent_item = $r[0]; $parent = $r[0]['id']; @@ -229,7 +232,7 @@ class Item extends \Zotlabs\Web\Controller { if($namespace && $remote_id) { // It wasn't an internally generated post - see if we've got an item matching this remote service id - $i = q("select iid from item_id where service = '%s' and sid = '%s' limit 1", + $i = q("select iid from iconfig where cat = 'system' and k = '%s' and v = '%s' limit 1", dbesc($namespace), dbesc($remote_id) ); @@ -534,7 +537,7 @@ class Item extends \Zotlabs\Web\Controller { } /** - * fix naked links by passing through a callback to see if this is a red site + * fix naked links by passing through a callback to see if this is a hubzilla site * (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both. * First protect any url inside certain bbcode tags so we don't double link it. */ @@ -833,21 +836,23 @@ class Item extends \Zotlabs\Web\Controller { if($orig_post) $datarray['edit'] = true; + // suppress duplicates, *unless* you're editing an existing post. This could get picked up + // as a duplicate if you're editing it very soon after posting it initially and you edited + // some attribute besides the content, such as title or categories. + if(feature_enabled($profile_uid,'suppress_duplicates') && (! $orig_post)) { - $z = q("select created from item where uid = %d and body = '%s'", + $z = q("select created from item where uid = %d and created > %s - INTERVAL %s and body = '%s' limit 1", intval($profile_uid), + db_utcnow(), + db_quoteinterval('2 MINUTE'), dbesc($body) ); if($z) { - foreach($z as $zz) { - if($zz['created'] > datetime_convert('UTC','UTC', 'now - 2 minutes')) { - $datarray['cancel'] = 1; - notice( t('Duplicate post suppressed.') . EOL); - logger('Duplicate post. Faking plugin cancel.'); - } - } + $datarray['cancel'] = 1; + notice( t('Duplicate post suppressed.') . EOL); + logger('Duplicate post. Faking plugin cancel.'); } } @@ -880,13 +885,21 @@ class Item extends \Zotlabs\Web\Controller { } } + if($webpage) { + Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage), + (($pagetitle) ? $pagetitle : substr($datarray['mid'],0,16)),true); + } + elseif($namespace) { + Zlib\IConfig::Set($datarray,'system', $namespace, + (($remote_id) ? $remote_id : substr($datarray['mid'],0,16)),true); + } + + if($orig_post) { $datarray['id'] = $post_id; - item_store_update($datarray,$execflag); - - update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid); - + $x = item_store_update($datarray,$execflag); + if(! $parent) { $r = q("select * from item where id = %d", intval($post_id) @@ -894,10 +907,7 @@ class Item extends \Zotlabs\Web\Controller { if($r) { xchan_query($r); $sync_item = fetch_post_tags($r); - $rid = q("select * from item_id where iid = %d", - intval($post_id) - ); - build_sync_packet($uid,array('item' => array(encode_item($sync_item[0],true)),'item_id' => $rid)); + build_sync_packet($profile_uid,array('item' => array(encode_item($sync_item[0],true)))); } } if(! $nopush) @@ -978,10 +988,7 @@ class Item extends \Zotlabs\Web\Controller { goaway(z_root() . "/" . $return_path ); // NOTREACHED } - - - update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid); - + if(($parent) && ($parent != $post_id)) { // Store the comment signature information in case we need to relay to Diaspora //$ditem = $datarray; @@ -995,10 +1002,7 @@ class Item extends \Zotlabs\Web\Controller { if($r) { xchan_query($r); $sync_item = fetch_post_tags($r); - $rid = q("select * from item_id where iid = %d", - intval($post_id) - ); - build_sync_packet($uid,array('item' => array(encode_item($sync_item[0],true)),'item_id' => $rid)); + build_sync_packet($profile_uid,array('item' => array(encode_item($sync_item[0],true)))); } } @@ -1012,11 +1016,6 @@ class Item extends \Zotlabs\Web\Controller { logger('post_complete'); - - - - - // figure out how to return, depending on from whence we came if($api_source) diff --git a/Zotlabs/Module/Layouts.php b/Zotlabs/Module/Layouts.php index 9b9fc22f3..c07f65ce1 100644 --- a/Zotlabs/Module/Layouts.php +++ b/Zotlabs/Module/Layouts.php @@ -21,7 +21,7 @@ class Layouts extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } @@ -90,13 +90,14 @@ class Layouts extends \Zotlabs\Web\Controller { return; } - //This feature is not exposed in redbasic ui since it is not clear why one would want to - //download a json encoded pdl file - we dont have a possibility to import it. - //Use the buildin share/install feature instead. + // This feature is not exposed in redbasic ui since it is not clear why one would want to + // download a json encoded pdl file - we dont have a possibility to import it. + // Use the buildin share/install feature instead. + if((argc() > 3) && (argv(2) === 'share') && (argv(3))) { - $r = q("select sid, service, mimetype, title, body from item_id - left join item on item.id = item_id.iid - where item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", + $r = q("select iconfig.v, iconfig.k, mimetype, title, body from iconfig + left join item on item.id = iconfig.iid + where uid = %d and mid = '%s' and iconfig.cat = 'system' and iconfig.k = 'PDL' order by iconfig.v asc", intval($owner), dbesc(argv(3)) ); @@ -141,8 +142,9 @@ class Layouts extends \Zotlabs\Web\Controller { $editor = status_editor($a,$x); - $r = q("select iid, sid, mid, title, body, mimetype, created, edited, item_type from item_id left join item on item_id.iid = item.id - where item_id.uid = %d and service = 'PDL' and item_type = %d order by item.created desc", + $r = q("select iconfig.iid, iconfig.v, mid, title, body, mimetype, created, edited, item_type from iconfig + left join item on iconfig.iid = item.id + where uid = %d and iconfig.cat = 'system' and iconfig.k = 'PDL' and item_type = %d order by item.created desc", intval($owner), intval(ITEM_TYPE_PDL) ); @@ -164,7 +166,7 @@ class Layouts extends \Zotlabs\Web\Controller { ); $pages[$rr['iid']][] = array( 'url' => $rr['iid'], - 'title' => $rr['sid'], + 'title' => $rr['v'], 'descr' => $rr['title'], 'mid' => $rr['mid'], 'created' => $rr['created'], diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php index 4776e1c56..d86a3c1d8 100644 --- a/Zotlabs/Module/Lockview.php +++ b/Zotlabs/Module/Lockview.php @@ -1,17 +1,31 @@ <?php namespace Zotlabs\Module; - +require_once('include/security.php'); class Lockview extends \Zotlabs\Web\Controller { function get() { + + $atokens = array(); + + if(local_channel()) { + $at = q("select * from atoken where atoken_uid = %d", + intval(local_channel()) + ); + if($at) { + foreach($at as $t) { + $atokens[] = atoken_xchan($t); + } + } + } $type = ((argc() > 1) ? argv(1) : 0); if (is_numeric($type)) { $item_id = intval($type); $type='item'; - } else { + } + else { $item_id = ((argc() > 2) ? intval(argv(2)) : 0); } @@ -98,6 +112,13 @@ class Lockview extends \Zotlabs\Web\Controller { if($r) foreach($r as $rr) $l[] = '<li>' . $rr['xchan_name'] . '</li>'; + if($atokens) { + foreach($atokens as $at) { + if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) { + $l[] = '<li>' . $at['xchan_name'] . '</li>'; + } + } + } } if(count($deny_groups)) { $r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); @@ -110,6 +131,16 @@ class Lockview extends \Zotlabs\Web\Controller { if($r) foreach($r as $rr) $l[] = '<li><strike>' . $rr['xchan_name'] . '</strike></li>'; + + if($atokens) { + foreach($atokens as $at) { + if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) { + $l[] = '<li><strike>' . $at['xchan_name'] . '</strike></li>'; + } + } + } + + } echo $o . implode($l); diff --git a/Zotlabs/Module/Login.php b/Zotlabs/Module/Login.php index ff75e5268..ae35b922f 100644 --- a/Zotlabs/Module/Login.php +++ b/Zotlabs/Module/Login.php @@ -7,6 +7,9 @@ class Login extends \Zotlabs\Web\Controller { function get() { if(local_channel()) goaway(z_root()); + if(remote_channel() && $_SESSION['atoken']) + goaway(z_root()); + return login((\App::$config['system']['register_policy'] == REGISTER_CLOSED) ? false : true); } diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 87ed326e2..3b88cd8d6 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -6,8 +6,6 @@ require_once('include/group.php'); require_once('include/contact_widgets.php'); require_once('include/conversation.php'); require_once('include/acl_selectors.php'); -require_once('include/PermissionDescription.php'); - class Network extends \Zotlabs\Web\Controller { @@ -171,7 +169,7 @@ class Network extends \Zotlabs\Web\Controller { 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], 'lockstate' => (($private_editing || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => populate_acl((($private_editing) ? $def_acl : $channel_acl), true, \PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), + 'acl' => populate_acl((($private_editing) ? $def_acl : $channel_acl), true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), 'bang' => (($private_editing) ? '!' : ''), 'visitor' => true, 'profile_uid' => local_channel(), diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index 30d7c83c6..26883b6e2 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -62,7 +62,7 @@ class New_channel extends \Zotlabs\Web\Controller { } - function post() { + function post() { $arr = $_POST; @@ -96,7 +96,7 @@ class New_channel extends \Zotlabs\Web\Controller { } - function get() { + function get() { $acc = \App::get_account(); @@ -125,9 +125,9 @@ class New_channel extends \Zotlabs\Web\Controller { } } - $name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"')); + $name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'), "*"); $nickhub = '@' . \App::get_hostname(); - $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub)); + $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub), "*"); $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : "" ); $role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/roles" target="_blank">' . t('Read more about roles') . '</a>',get_roles()); diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php index 7a6e4a81f..8cbc6d2fd 100644 --- a/Zotlabs/Module/Openid.php +++ b/Zotlabs/Module/Openid.php @@ -48,7 +48,7 @@ class Openid extends \Zotlabs\Web\Controller { $_SESSION['uid'] = $r[0]['channel_id']; $_SESSION['account_id'] = $r[0]['channel_account_id']; $_SESSION['authenticated'] = true; - authenticate_success($record,true,true,true,true); + authenticate_success($record,$r[0],true,true,true,true); goaway(z_root()); } } diff --git a/Zotlabs/Module/Page.php b/Zotlabs/Module/Page.php index 14273614c..6ef285dd0 100644 --- a/Zotlabs/Module/Page.php +++ b/Zotlabs/Module/Page.php @@ -13,7 +13,7 @@ class Page extends \Zotlabs\Web\Controller { $which = argv(1); $profile = 0; - profile_load($a,$which,$profile); + profile_load($which,$profile); @@ -65,9 +65,10 @@ class Page extends \Zotlabs\Web\Controller { require_once('include/security.php'); $sql_options = item_permissions_sql($u[0]['channel_id']); - $r = q("select item.* from item left join item_id on item.id = item_id.iid - where item.uid = %d and sid = '%s' and item.item_delayed = 0 and (( service = 'WEBPAGE' and item_type = %d ) - OR ( service = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", + $r = q("select item.* from item left join iconfig on item.id = iconfig.iid + where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 + and (( iconfig.k = 'WEBPAGE' and item_type = %d ) + OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_TYPE_WEBPAGE), @@ -77,9 +78,9 @@ class Page extends \Zotlabs\Web\Controller { // Check again with no permissions clause to see if it is a permissions issue - $x = q("select item.* from item left join item_id on item.id = item_id.iid - where item.uid = %d and sid = '%s' and item.item_delayed = 0 and service = 'WEBPAGE' and - item_type = %d $revision limit 1", + $x = q("select item.* from item left join iconfig on item.id = iconfig.iid + where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 + and iconfig.k = 'WEBPAGE' and item_type = %d $revision limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_TYPE_WEBPAGE) @@ -119,11 +120,8 @@ class Page extends \Zotlabs\Web\Controller { \App::$data['webpage'] = $r; } - - - - - function get() { + + function get() { $r = \App::$data['webpage']; if(! $r) diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 92c9ac3c0..66aaec49f 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -2,6 +2,7 @@ namespace Zotlabs\Module; require_once('include/security.php'); +require_once('include/attach.php'); require_once('include/photo/photo_driver.php'); @@ -10,6 +11,8 @@ class Photo extends \Zotlabs\Web\Controller { function init() { $prvcachecontrol = false; + $streaming = null; + $channel = null; switch(argc()) { case 4: @@ -62,7 +65,7 @@ class Photo extends \Zotlabs\Web\Controller { intval($uid), intval(PHOTO_PROFILE) ); - if(count($r)) { + if($r) { $data = dbunescbin($r[0]['content']); $mimetype = $r[0]['mimetype']; } @@ -79,7 +82,7 @@ class Photo extends \Zotlabs\Web\Controller { * Other photos */ - /* Check for a cookie to indicate display pixel density, in order to detect high-resolution + /* Check for a cookie to indicate display pixel density, in order to detect high-resolution displays. This procedure was derived from the "Retina Images" by Jeremey Worboys, used in accordance with the Creative Commons Attribution 3.0 Unported License. Project link: https://github.com/Retina-Images/Retina-Images @@ -131,6 +134,8 @@ class Photo extends \Zotlabs\Web\Controller { $sql_extra = permissions_sql($r[0]['uid']); + $channel = channelx_by_n($r[0]['uid']); + // Now we'll see if we can access the photo $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1", @@ -141,8 +146,9 @@ class Photo extends \Zotlabs\Web\Controller { if($r && $allowed) { $data = dbunescbin($r[0]['content']); $mimetype = $r[0]['mimetype']; - if(intval($r[0]['os_storage'])) - $data = file_get_contents($data); + if(intval($r[0]['os_storage'])) { + $streaming = $data; + } } else { @@ -242,7 +248,25 @@ class Photo extends \Zotlabs\Web\Controller { header("Cache-Control: max-age=" . $cache); } - echo $data; + + // If it's a file resource, stream it. + + if($streaming && $channel) { + if(strpos($streaming,'store') !== false) + $istream = fopen($streaming,'rb'); + else + $istream = fopen('store/' . $channel['channel_address'] . '/' . $streaming,'rb'); + $ostream = fopen('php://output','wb'); + if($istream && $ostream) { + pipe_streams($istream,$ostream); + fclose($istream); + fclose($ostream); + } + } + else { + echo $data; + } + killme(); // NOTREACHED } diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 1bdc23897..1eeab1461 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -9,8 +9,6 @@ require_once('include/bbcode.php'); require_once('include/security.php'); require_once('include/attach.php'); require_once('include/text.php'); -require_once('include/PermissionDescription.php'); - class Photos extends \Zotlabs\Web\Controller { @@ -27,7 +25,7 @@ class Photos extends \Zotlabs\Web\Controller { if(argc() > 1) { $nick = argv(1); - profile_load($a,$nick); + profile_load($nick); $channelx = channelx_by_nick($nick); @@ -633,7 +631,7 @@ class Photos extends \Zotlabs\Web\Controller { $lockstate = (($acl->is_private()) ? 'lock' : 'unlock'); } - $aclselect = (($_is_owner) ? populate_acl($channel_acl,false, \PermissionDescription::fromGlobalPermission('view_storage')) : ''); + $aclselect = (($_is_owner) ? populate_acl($channel_acl,false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : ''); // this is wrong but is to work around an issue with js_upload wherein it chokes if these variables // don't exist. They really should be set to a parseable representation of the channel's default permissions @@ -1023,7 +1021,7 @@ class Photos extends \Zotlabs\Web\Controller { if($can_post) { $album_e = $ph[0]['album']; $caption_e = $ph[0]['description']; - $aclselect_e = (($_is_owner) ? populate_acl($ph[0], true, \PermissionDescription::fromGlobalPermission('view_storage')) : ''); + $aclselect_e = (($_is_owner) ? populate_acl($ph[0], true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : ''); $albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer'])); $_SESSION['album_return'] = bin2hex($ph[0]['album']); diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index 5cbf45daa..e01c3b49a 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -173,7 +173,7 @@ class Ping extends \Zotlabs\Web\Controller { ); break; case 'all_events': - $r = q("update event set `dimissed` = 1 where `dismissed` = 0 and uid = %d AND dtstart < '%s' AND dtstart > '%s' ", + $r = q("update event set `dismissed` = 1 where `dismissed` = 0 and uid = %d AND dtstart < '%s' AND dtstart > '%s' ", intval(local_channel()), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) diff --git a/Zotlabs/Module/Profile.php b/Zotlabs/Module/Profile.php index 8bf358bc8..9e868db92 100644 --- a/Zotlabs/Module/Profile.php +++ b/Zotlabs/Module/Profile.php @@ -48,7 +48,7 @@ class Profile extends \Zotlabs\Web\Controller { } } - profile_load($a,$which,$profile); + profile_load($which,$profile); } diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index bb332f4ab..f459f7deb 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -23,19 +23,18 @@ class Profile_photo extends \Zotlabs\Web\Controller { /* @brief Initalize the profile-photo edit view * - * @param $a Current application * @return void * */ - function init() { + function init() { if(! local_channel()) { return; } $channel = \App::get_channel(); - profile_load($a,$channel['channel_address']); + profile_load($channel['channel_address']); } @@ -46,7 +45,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { * */ - function post() { + function post() { if(! local_channel()) { return; @@ -54,8 +53,23 @@ class Profile_photo extends \Zotlabs\Web\Controller { check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); - if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { + if((array_key_exists('cropfinal',$_POST)) && (intval($_POST['cropfinal']) == 1)) { + + // phase 2 - we have finished cropping + + if(argc() != 2) { + notice( t('Image uploaded but image cropping failed.') . EOL ); + return; + } + + $image_id = argv(1); + if(substr($image_id,-2,1) == '-') { + $scale = substr($image_id,-1,1); + $image_id = substr($image_id,0,-2); + } + + // unless proven otherwise $is_default_profile = 1; @@ -70,34 +84,17 @@ class Profile_photo extends \Zotlabs\Web\Controller { $is_default_profile = 0; } } - - - - // phase 2 - we have finished cropping - - if(argc() != 2) { - notice( t('Image uploaded but image cropping failed.') . EOL ); - return; - } - - $image_id = argv(1); - - if(substr($image_id,-2,1) == '-') { - $scale = substr($image_id,-1,1); - $image_id = substr($image_id,0,-2); - } - + $srcX = $_POST['xstart']; $srcY = $_POST['ystart']; $srcW = $_POST['xfinal'] - $srcX; $srcH = $_POST['yfinal'] - $srcY; - + $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND imgscale = %d LIMIT 1", dbesc($image_id), dbesc(local_channel()), intval($scale)); - if($r) { $base_image = $r[0]; @@ -110,30 +107,38 @@ class Profile_photo extends \Zotlabs\Web\Controller { $aid = get_account_id(); - $p = array('aid' => $aid, 'uid' => local_channel(), 'resource_id' => $base_image['resource_id'], - 'filename' => $base_image['filename'], 'album' => t('Profile Photos')); + $p = [ + 'aid' => $aid, + 'uid' => local_channel(), + 'resource_id' => $base_image['resource_id'], + 'filename' => $base_image['filename'], + 'album' => t('Profile Photos') + ]; - $p['imgscale'] = 4; + $p['imgscale'] = PHOTO_RES_PROFILE_300; $p['photo_usage'] = (($is_default_profile) ? PHOTO_PROFILE : PHOTO_NORMAL); $r1 = $im->save($p); $im->scaleImage(80); - $p['imgscale'] = 5; + $p['imgscale'] = PHOTO_RES_PROFILE_80; $r2 = $im->save($p); $im->scaleImage(48); - $p['imgscale'] = 6; + $p['imgscale'] = PHOTO_RES_PROFILE_48; $r3 = $im->save($p); if($r1 === false || $r2 === false || $r3 === false) { // if one failed, delete them all so we can start over. notice( t('Image resize failed.') . EOL ); - $x = q("delete from photo where resource_id = '%s' and uid = %d and imgscale >= 4 ", + $x = q("delete from photo where resource_id = '%s' and uid = %d and imgscale in ( %d, %d, %d ) ", dbesc($base_image['resource_id']), - local_channel() + local_channel(), + intval(PHOTO_RES_PROFILE_300), + intval(PHOTO_RES_PROFILE_80), + intval(PHOTO_RES_PROFILE_48) ); return; } @@ -175,6 +180,8 @@ class Profile_photo extends \Zotlabs\Web\Controller { dbesc(datetime_convert()), dbesc($channel['xchan_hash']) ); + // Similarly, tell the nav bar to bypass the cache and update the avater image. + $_SESSION['reload_avatar'] = true; info( t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL); @@ -183,10 +190,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { // Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures' - profile_photo_set_profile_perms($_REQUEST['profile']); - - - + profile_photo_set_profile_perms(local_channel(),$_REQUEST['profile']); } else notice( t('Unable to process image') . EOL); @@ -196,7 +200,9 @@ class Profile_photo extends \Zotlabs\Web\Controller { return; // NOTREACHED } - + // A new photo was uploaded. Store it and save some important details + // in App::$data for use in the cropping function + $hash = photo_new_resource(); $smallest = 0; @@ -220,7 +226,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { $os_storage = false; foreach($i as $ii) { - if(intval($ii['imgscale']) < 2) { + if(intval($ii['imgscale']) < PHOTO_RES_640) { $smallest = intval($ii['imgscale']); $os_storage = intval($ii['os_storage']); $imagedata = $ii['content']; @@ -238,7 +244,10 @@ class Profile_photo extends \Zotlabs\Web\Controller { } return $this->profile_photo_crop_ui_head($a, $ph, $hash, $smallest); - + + // This will "fall through" to the get() method, and since + // App::$data['imagecrop'] is set, it will proceed to cropping + // rather than present the upload form } @@ -269,11 +278,19 @@ class Profile_photo extends \Zotlabs\Web\Controller { notice( t('Permission denied.') . EOL ); return; }; - - // check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); - + $resource_id = argv(2); + // When using an existing photo, we don't have a dialogue to offer a choice of profiles, + // so it gets attached to the default + + $p = q("select id from profile where is_default = 1 and uid = %d", + intval(local_channel()) + ); + if($p) { + $_REQUEST['profile'] = $p[0]['id']; + } + $r = q("SELECT id, album, imgscale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY imgscale ASC", intval(local_channel()), @@ -285,11 +302,11 @@ class Profile_photo extends \Zotlabs\Web\Controller { } $havescale = false; foreach($r as $rr) { - if($rr['imgscale'] == 5) + if($rr['imgscale'] == PHOTO_RES_PROFILE_80) $havescale = true; } - // set an already loaded photo as profile photo + // set an already loaded and cropped photo as profile photo if(($r[0]['album'] == t('Profile Photos')) && ($havescale)) { // unset any existing profile photos @@ -310,7 +327,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { dbesc($channel['xchan_hash']) ); - profile_photo_set_profile_perms(); //Reset default photo permissions to public + profile_photo_set_profile_perms(local_channel()); // Reset default photo permissions to public \Zotlabs\Daemon\Master::Summon(array('Directory',local_channel())); goaway(z_root() . '/profiles'); } @@ -342,7 +359,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { if($i) { $hash = $i[0]['resource_id']; foreach($i as $ii) { - if(intval($ii['imgscale']) < 2) { + if(intval($ii['imgscale']) < PHOTO_RES_640) { $smallest = intval($ii['imgscale']); } } @@ -350,9 +367,14 @@ class Profile_photo extends \Zotlabs\Web\Controller { } $this->profile_photo_crop_ui_head($a, $ph, $hash, $smallest); + + // falls through with App::$data['imagecrop'] set so we go straight to the cropping section } - $profiles = q("select id, profile_name as name, is_default from profile where uid = %d", + + // present an upload form + + $profiles = q("select id, profile_name as name, is_default from profile where uid = %d order by id asc", intval(local_channel()) ); @@ -379,6 +401,9 @@ class Profile_photo extends \Zotlabs\Web\Controller { return $o; } else { + + // present a cropping form + $filename = \App::$data['imagecrop'] . '-' . \App::$data['imagecrop_resolution']; $resolution = \App::$data['imagecrop_resolution']; $tpl = get_markup_template("cropbody.tpl"); @@ -416,13 +441,13 @@ class Profile_photo extends \Zotlabs\Web\Controller { if($max_length > 0) $ph->scaleImage($max_length); - $width = $ph->getWidth(); - $height = $ph->getHeight(); + \App::$data['width'] = $ph->getWidth(); + \App::$data['height'] = $ph->getHeight(); - if($width < 500 || $height < 500) { + if(\App::$data['width'] < 500 || \App::$data['height'] < 500) { $ph->scaleImageUp(400); - $width = $ph->getWidth(); - $height = $ph->getHeight(); + \App::$data['width'] = $ph->getWidth(); + \App::$data['height'] = $ph->getHeight(); } diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index 06e5cfd7b..899c79b15 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -193,7 +193,7 @@ class Profiles extends \Zotlabs\Web\Controller { $chan = \App::get_channel(); - profile_load($a,$chan['channel_address'],$r[0]['id']); + profile_load($chan['channel_address'],$r[0]['id']); } } @@ -584,7 +584,7 @@ class Profiles extends \Zotlabs\Web\Controller { if($is_default) { // reload the info for the sidebar widget - why does this not work? - profile_load($a,$channel['channel_address']); + profile_load($channel['channel_address']); \Zotlabs\Daemon\Master::Summon(array('Directory',local_channel())); } } diff --git a/Zotlabs/Module/Profperm.php b/Zotlabs/Module/Profperm.php index 33e9d1ece..b1da147c1 100644 --- a/Zotlabs/Module/Profperm.php +++ b/Zotlabs/Module/Profperm.php @@ -17,7 +17,7 @@ class Profperm extends \Zotlabs\Web\Controller { $profile = \App::$argv[1]; - profile_load($a,$which,$profile); + profile_load($which,$profile); } @@ -97,7 +97,7 @@ class Profperm extends \Zotlabs\Web\Controller { //Time to update the permissions on the profile-pictures as well - profile_photo_set_profile_perms($profile['id']); + profile_photo_set_profile_perms(local_channel(),$profile['id']); $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", intval(local_channel()), diff --git a/Zotlabs/Module/README.md b/Zotlabs/Module/README.md new file mode 100644 index 000000000..3b870dd7b --- /dev/null +++ b/Zotlabs/Module/README.md @@ -0,0 +1,80 @@ +Zotlabs/Module +============== + + +This directory contains controller modules for handling web requests. The +lowercase class name indicates the head of the URL path which this module +handles. There are other methods of attaching (routing) URL paths to +controllers, but this is the primary method used in this project. + +Module controllers MUST reside in this directory and namespace to be +autoloaded (unless other specific routing methods are employed). They +typically use and extend the class definition in Zotlabs/Web/Controller +as a template. + +Template: + + <?php + + namespace Zotlabs\Web; + + + class Controller { + + function init() {} + function post() {} + function get() {} + + } + + +Typical Module declaration for the '/foo' URL route: + + + <?php + namespace Zotlabs\Module; + + class Foo extends \Zotlabs\Web\Controller { + + function init() { + // init() handler goes here + } + + function post() { + // post handler goes here + } + + function get() { + return 'Hello world.' . EOL; + } + + } + +This model provides callbacks for public functions named init(), post(), +and get(). init() is always called. post() is called if $_POST variables +are present, and get() is called if none of the prior functions terminated +the handler. The get() method typically retuns a string which represents +the contents of the content region of the resulting page. Modules which emit +json, xml or other machine-readable formats typically emit their contents +inside the init() function and call 'killme()' to terminate the Module. + +Modules are passed the URL path as argc,argv arguments. For a path such as + + https://mysite.something/foo/bar/baz + +The app will typically invoke the Module class 'Foo' and pass it + + $x = argc(); // $x = 3 + + $x = argv(0); // $x = 'foo' + $x = argv(1); // $x = 'bar' + $x = argv(2); // $x = 'baz' + +These are handled in a similar fashion to their counterparts in the Unix shell +or C/C++ languages. Do not confuse the argc(),argv() functions with the +global variables $argc,$argv which are passed to command line programs. These +are handled separately by command line and Zotlabs/Daemon class functions. + + + +
\ No newline at end of file diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 7cd1ee501..45123b88d 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -146,7 +146,7 @@ class Register extends \Zotlabs\Web\Controller { goaway(z_root()); } - authenticate_success($result['account'],true,false,true); + authenticate_success($result['account'],null,true,false,true); $new_channel = false; $next_page = 'new_channel'; @@ -259,7 +259,8 @@ class Register extends \Zotlabs\Web\Controller { '$email' => $email, '$pass1' => $password, '$pass2' => $password2, - '$submit' => ((UNO || $auto_create || $registration_is) ? t('Register') : t('Proceed to create your first channel')) + '$submit' => t('Register'), + '$verify_note' => t('This site may require email verification after submitting this form. If you are returned to a login page, please check your email for instructions.') )); return $o; diff --git a/Zotlabs/Module/Removeaccount.php b/Zotlabs/Module/Removeaccount.php index 39e06bb7f..9fac7838e 100644 --- a/Zotlabs/Module/Removeaccount.php +++ b/Zotlabs/Module/Removeaccount.php @@ -25,7 +25,8 @@ class Removeaccount extends \Zotlabs\Web\Controller { $account = \App::get_account(); $account_id = get_account_id(); - if(! account_verify_password($account['account_email'],$_POST['qxz_password'])) + $x = account_verify_password($account['account_email'],$_POST['qxz_password']); + if(! ($x && $x['account'])) return; if($account['account_password_changed'] != NULL_DATE) { diff --git a/Zotlabs/Module/Removeme.php b/Zotlabs/Module/Removeme.php index e611d8112..bc18fe0f8 100644 --- a/Zotlabs/Module/Removeme.php +++ b/Zotlabs/Module/Removeme.php @@ -24,7 +24,9 @@ class Removeme extends \Zotlabs\Web\Controller { $account = \App::get_account(); - if(! account_verify_password($account['account_email'],$_POST['qxz_password'])) + + $x = account_verify_password($account['account_email'],$_POST['qxz_password']); + if(! ($x && $x['account'])) return; if($account['account_password_changed'] != NULL_DATE) { diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 26b0c46a6..04536e54e 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -2,7 +2,6 @@ namespace Zotlabs\Module; - class Rmagic extends \Zotlabs\Web\Controller { function init() { diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index 1396f2a55..9e3043d10 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -7,7 +7,6 @@ require_once('include/items.php'); require_once('include/taxonomy.php'); require_once('include/conversation.php'); require_once('include/zot.php'); -require_once('include/PermissionDescription.php'); /** * remote post @@ -116,7 +115,7 @@ class Rpost extends \Zotlabs\Web\Controller { 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], 'lockstate' => (($acl->is_private()) ? 'lock' : 'unlock'), - 'acl' => populate_acl($channel_acl, true, \PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), + 'acl' => populate_acl($channel_acl, true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), 'bang' => '', 'visitor' => true, 'profile_uid' => local_channel(), diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 875004fae..b1258e049 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -2,8 +2,6 @@ namespace Zotlabs\Module; /** @file */ require_once('include/zot.php'); -require_once('include/PermissionDescription.php'); - class Settings extends \Zotlabs\Web\Controller { @@ -30,7 +28,7 @@ class Settings extends \Zotlabs\Web\Controller { } - function post() { + function post() { if(! local_channel()) return; @@ -119,6 +117,60 @@ class Settings extends \Zotlabs\Web\Controller { build_sync_packet(); return; } + + + if((argc() > 1) && (argv(1) == 'tokens')) { + check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens'); + $token_errs = 0; + if(array_key_exists('token',$_POST)) { + $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0); + $name = trim(escape_tags($_POST['name'])); + $token = trim($_POST['token']); + if((! $name) || (! $token)) + $token_errs ++; + if(trim($_POST['expires'])) + $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']); + else + $expires = NULL_DATE; + $max_atokens = service_class_fetch(local_channel(),'access_tokens'); + if($max_atokens) { + $r = q("select count(atoken_id) as total where atoken_uid = %d", + intval(local_channel()) + ); + if($r && intval($r[0]['total']) >= $max_tokens) { + notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL); + return; + } + } + } + if($token_errs) { + notice( t('Name and Password are required.') . EOL); + return; + } + if($atoken_id) { + $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s' + where atoken_id = %d and atoken_uid = %d", + dbesc($name), + dbesc($token), + dbesc($expires), + intval($atoken_id), + intval($channel['channel_id']) + ); + } + else { + $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires ) + values ( %d, %d, '%s', '%s', '%s' ) ", + intval($channel['channel_account_id']), + intval($channel['channel_id']), + dbesc($name), + dbesc($token), + dbesc($expires) + ); + } + + info( t('Token saved.') . EOL); + return; + } @@ -708,6 +760,53 @@ class Settings extends \Zotlabs\Web\Controller { )); return $o; } + + if((argc() > 1) && (argv(1) === 'tokens')) { + $atoken = null; + if(argc() > 2) { + $id = argv(2); + + $atoken = q("select * from atoken where atoken_id = %d and atoken_uid = %d", + intval($id), + intval(local_channel()) + ); + + if($atoken) + $atoken = $atoken[0]; + + if($atoken && argc() > 3 && argv(3) === 'drop') { + $r = q("delete from atoken where atoken_id = %d", + intval($id) + ); + } + } + $t = q("select * from atoken where atoken_uid = %d", + intval(local_channel()) + ); + + $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access the private content.'); + + $desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:'); + + $tpl = get_markup_template("settings_tokens.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_tokens"), + '$title' => t('Guest Access Tokens'), + '$desc' => $desc, + '$desc2' => $desc2, + '$tokens' => $t, + '$atoken' => $atoken, + '$url1' => z_root() . '/channel/' . $channel['channel_address'], + '$url2' => z_root() . '/photos/' . $channel['channel_address'], + '$name' => array('name', t('Login Name') . ' <span class="required">*</span>', (($atoken) ? $atoken['atoken_name'] : ''),''), + '$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : autoname(8)), ''), + '$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] != NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''), + '$submit' => t('Submit') + )); + return $o; + } + + @@ -1066,7 +1165,7 @@ class Settings extends \Zotlabs\Web\Controller { '$maxreq' => array('maxreq', t('Maximum Friend Requests/Day:'), intval($channel['channel_max_friend_req']) , t('May reduce spam activity')), '$permissions' => t('Default Post and Publish Permissions'), '$permdesc' => t("\x28click to open/close\x29"), - '$aclselect' => populate_acl($perm_defaults, false, \PermissionDescription::fromDescription(t('Use my default audience setting for the type of object published'))), + '$aclselect' => populate_acl($perm_defaults, false, \Zotlabs\Lib\PermissionDescription::fromDescription(t('Use my default audience setting for the type of object published'))), '$suggestme' => $suggestme, '$group_select' => $group_select, '$role' => array('permissions_role' , t('Channel permissions category:'), $permissions_role, '', get_roles()), diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index c4878e217..802f0c216 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -493,7 +493,6 @@ class Setup extends \Zotlabs\Web\Controller { $this->check_add($ck_funcs, t('OpenSSL PHP module'), true, true); $this->check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true); $this->check_add($ck_funcs, t('mb_string PHP module'), true, true); - $this->check_add($ck_funcs, t('mcrypt PHP module'), true, true); $this->check_add($ck_funcs, t('xml PHP module'), true, true); if(function_exists('apache_get_modules')){ @@ -530,10 +529,6 @@ class Setup extends \Zotlabs\Web\Controller { $ck_funcs[4]['status'] = false; $ck_funcs[4]['help'] = t('Error: mb_string PHP module required but not installed.'); } - if(! function_exists('mcrypt_encrypt')) { - $ck_funcs[5]['status'] = false; - $ck_funcs[5]['help'] = t('Error: mcrypt PHP module required but not installed.'); - } if(! extension_loaded('xml')) { $ck_funcs[6]['status'] = false; $ck_funcs[6]['help'] = t('Error: xml PHP module required for DAV but not installed.'); @@ -596,7 +591,7 @@ class Setup extends \Zotlabs\Web\Controller { if(! is_writable('store')) { $status = false; - $help = t('Red uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL; + $help = t('This software uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL; $help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL; } @@ -639,6 +634,9 @@ class Setup extends \Zotlabs\Web\Controller { $help .= t('If your certificate is not recognized, members of other sites (who may themselves have valid certificates) will get a warning message on their own site complaining about security issues.') . EOL; $help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL; $help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL; + + $help .= t('If you are confident that the certificate is valid and signed by a trusted authority, check to see if you have failed to install an intermediate cert. These are not normally required by browsers, but are required for server-to-server communications.') . EOL; + $this->check_add($checks, t('SSL certificate validation'), false, true, $help); } @@ -695,6 +693,7 @@ class Setup extends \Zotlabs\Web\Controller { // install the standard theme set_config('system', 'allowed_themes', 'redbasic'); + // Set a lenient list of ciphers if using openssl. Other ssl engines // (e.g. NSS used in RedHat) require different syntax, so hopefully // the default curl cipher list will work for most sites. If not, @@ -704,7 +703,9 @@ class Setup extends \Zotlabs\Web\Controller { // z_fetch_url() is also used to import shared links and other content // so in theory most any cipher could show up and we should do our best // to make the content available rather than tell folks that there's a - // weird SSL error which they can't do anything about. + // weird SSL error which they can't do anything about. This does not affect + // the SSL server, but is only a client negotiation to find something workable. + // Hence it will not make your system susceptible to POODL or other nasties. $x = curl_version(); if(stristr($x['ssl_version'],'openssl')) diff --git a/Zotlabs/Module/Siteinfo.php b/Zotlabs/Module/Siteinfo.php index f6b34d0c8..a15e2896d 100644 --- a/Zotlabs/Module/Siteinfo.php +++ b/Zotlabs/Module/Siteinfo.php @@ -27,27 +27,11 @@ class Siteinfo extends \Zotlabs\Web\Controller { else { $version = $commit = ''; } - $visible_plugins = array(); - if(is_array(\App::$plugins) && count(\App::$plugins)) { - $r = q("select * from addon where hidden = 0"); - if(count($r)) - foreach($r as $rr) - $visible_plugins[] = $rr['aname']; - } - $plugins_list = ''; - if(count($visible_plugins)) { - $plugins_text = t('Installed plugins/addons/apps:'); - $sorted = $visible_plugins; - $s = ''; - sort($sorted); - foreach($sorted as $p) { - if(strlen($p)) { - if(strlen($s)) $s .= ', '; - $s .= $p; - } - } - $plugins_list .= $s; - } + + $plugins_list = implode(', ',visible_plugin_list()); + + if($plugins_list) + $plugins_text = t('Installed plugins/addons/apps:'); else $plugins_text = t('No installed plugins/addons/apps'); diff --git a/Zotlabs/Module/Starred.php b/Zotlabs/Module/Starred.php index 73a2dc808..4f1d99ec6 100644 --- a/Zotlabs/Module/Starred.php +++ b/Zotlabs/Module/Starred.php @@ -30,7 +30,20 @@ class Starred extends \Zotlabs\Web\Controller { intval(local_channel()), intval($message_id) ); - + + $r = q("select * from item where id = %d", + intval($message_id) + ); + if($r) { + xchan_query($r); + $sync_item = fetch_post_tags($r); + build_sync_packet(local_channel(),[ + 'item' => [ + encode_item($sync_item[0],true) + ] + ]); + } + header('Content-type: application/json'); echo json_encode(array('result' => $item_starred)); killme(); diff --git a/Zotlabs/Module/Tagger.php b/Zotlabs/Module/Tagger.php index 0a46cf56d..25f518d53 100644 --- a/Zotlabs/Module/Tagger.php +++ b/Zotlabs/Module/Tagger.php @@ -129,9 +129,14 @@ class Tagger extends \Zotlabs\Web\Controller { store_item_tag($item['uid'],$item['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$term,$tagid); $ret = post_activity_item($arr); - - if($ret['success']) - \Zotlabs\Daemon\Master::Summon(array('Notifier','tag',$ret['activity']['id'])); + + if($ret['success']) { + build_sync_packet(local_channel(), + [ + 'item' => [ encode_item($ret['activity'],true) ] + ] + ); + } killme(); diff --git a/Zotlabs/Module/Uexport.php b/Zotlabs/Module/Uexport.php index d48f96d76..f36d77174 100644 --- a/Zotlabs/Module/Uexport.php +++ b/Zotlabs/Module/Uexport.php @@ -44,7 +44,7 @@ class Uexport extends \Zotlabs\Web\Controller { } } - function get() { + function get() { $y = datetime_convert('UTC',date_default_timezone_get(),'now','Y'); diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index ea478f92a..4364d482a 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -10,8 +10,11 @@ class Viewconnections extends \Zotlabs\Web\Controller { if(observer_prohibited()) { return; } - if(argc() > 1) - profile_load($a,argv(1)); + + if(argc() > 1) { + profile_load(argv(1)); + } + } function get() { diff --git a/Zotlabs/Module/Webpages.php b/Zotlabs/Module/Webpages.php index bb8d454c8..cc0a01cce 100644 --- a/Zotlabs/Module/Webpages.php +++ b/Zotlabs/Module/Webpages.php @@ -4,7 +4,6 @@ namespace Zotlabs\Module; require_once('include/channel.php'); require_once('include/conversation.php'); require_once('include/acl_selectors.php'); -require_once('include/PermissionDescription.php'); class Webpages extends \Zotlabs\Web\Controller { @@ -23,12 +22,12 @@ class Webpages extends \Zotlabs\Web\Controller { else return; - profile_load($a,$which); + profile_load($which); } - function get() { + function get() { if(! \App::$profile) { notice( t('Requested profile is not available.') . EOL ); @@ -105,7 +104,7 @@ class Webpages extends \Zotlabs\Web\Controller { 'is_owner' => true, 'nickname' => \App::$profile['channel_address'], 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl,false, \PermissionDescription::fromGlobalPermission('view_pages')) : ''), + 'acl' => (($is_owner) ? populate_acl($channel_acl,false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''), 'showacl' => (($is_owner) ? true : false), 'visitor' => true, 'hide_location' => true, @@ -138,11 +137,19 @@ class Webpages extends \Zotlabs\Web\Controller { $sql_extra = item_permissions_sql($owner); - $r = q("select * from item_id left join item on item_id.iid = item.id - where item_id.uid = %d and service = 'WEBPAGE' and item_type = %d $sql_extra order by item.created desc", + + $r = q("select * from iconfig left join item on iconfig.iid = item.id + where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item_type = %d + $sql_extra order by item.created desc", intval($owner), intval(ITEM_TYPE_WEBPAGE) ); + +// $r = q("select * from item_id left join item on item_id.iid = item.id +// where item_id.uid = %d and service = 'WEBPAGE' and item_type = %d $sql_extra order by item.created desc", +// intval($owner), +// intval(ITEM_TYPE_WEBPAGE) +// ); $pages = null; @@ -160,13 +167,13 @@ class Webpages extends \Zotlabs\Web\Controller { 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], - 'pagetitle' => $rr['sid'], + 'pagetitle' => $rr['v'], 'mid' => $rr['mid'], 'layout_mid' => $rr['layout_mid'] ); $pages[$rr['iid']][] = array( 'url' => $rr['iid'], - 'pagetitle' => $rr['sid'], + 'pagetitle' => $rr['v'], 'title' => $rr['title'], 'created' => datetime_convert('UTC',date_default_timezone_get(),$rr['created']), 'edited' => datetime_convert('UTC',date_default_timezone_get(),$rr['edited']), diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 1e6446904..55a52ea6d 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -1,6 +1,6 @@ -<?php +<?php /** @file */ -namespace Zotlabs\Module;/** @file */ +namespace Zotlabs\Module; class Wiki extends \Zotlabs\Web\Controller { @@ -20,11 +20,28 @@ class Wiki extends \Zotlabs\Web\Controller { notice(t('You must be logged in to see this page.') . EOL); goaway('/login'); } + profile_load($nick); + } function get() { + + if(observer_prohibited(true)) { + return login(); + } + + if(! feature_enabled(\App::$profile_uid,'wiki')) { + notice( t('Not found') . EOL); + return; + } + + $tab = 'wiki'; + + require_once('include/wiki.php'); require_once('include/acl_selectors.php'); + require_once('include/conversation.php'); + // TODO: Combine the interface configuration into a unified object // Something like $interface = array('new_page_button' => false, 'new_wiki_button' => false, ...) $wiki_owner = false; @@ -72,8 +89,11 @@ class Wiki extends \Zotlabs\Web\Controller { switch (argc()) { case 2: // Configure page template - $wikiheader = t('Wiki Sandbox'); - $content = '"# Wiki Sandbox\n\nContent you **edit** and **preview** here *will not be saved*."'; + $wikiheaderName = t('Wiki'); + $wikiheaderPage = t('Sandbox'); + require_once('library/markdown.php'); + $content = t('"# Wiki Sandbox\n\nContent you **edit** and **preview** here *will not be saved*."'); + $renderedContent = Markdown(json_decode($content)); $hide_editor = false; $showPageControls = false; $showNewWikiButton = $wiki_owner; @@ -113,13 +133,18 @@ class Wiki extends \Zotlabs\Web\Controller { } else { $wiki_editor = true; } - $wikiheader = urldecode($wikiUrlName) . ': ' . urldecode($pageUrlName); // show wiki name and page + $wikiheaderName = urldecode($wikiUrlName); + $wikiheaderPage = urldecode($pageUrlName); $p = wiki_get_page_content(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if(!$p['success']) { notice('Error retrieving page content' . EOL); goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName); } - $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); + $content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"'); + // Render the Markdown-formatted page content in HTML + require_once('library/markdown.php'); + $html = wiki_generate_toc(purify_html(Markdown(json_decode($content)))); + $renderedContent = wiki_convert_links($html,argv(0).'/'.argv(1).'/'.$wikiUrlName); $hide_editor = false; $showPageControls = $wiki_editor; $showNewWikiButton = $wiki_owner; @@ -131,11 +156,25 @@ class Wiki extends \Zotlabs\Web\Controller { default: // Strip the extraneous URL components goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName.'/'.$pageUrlName); } - // Render the Markdown-formatted page content in HTML - require_once('library/markdown.php'); + $wikiModalID = random_string(3); + $wikiModal = replace_macros( + get_markup_template('generic_modal.tpl'), array( + '$id' => $wikiModalID, + '$title' => t('Revision Comparison'), + '$ok' => t('Revert'), + '$cancel' => t('Cancel') + ) + ); + + $is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false); + + $o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); + + $o .= replace_macros(get_markup_template('wiki.tpl'),array( - '$wikiheader' => $wikiheader, + '$wikiheaderName' => $wikiheaderName, + '$wikiheaderPage' => $wikiheaderPage, '$hideEditor' => $hide_editor, '$showPageControls' => $showPageControls, '$showNewWikiButton'=> $showNewWikiButton, @@ -149,11 +188,25 @@ class Wiki extends \Zotlabs\Web\Controller { '$acl' => $x['acl'], '$bang' => $x['bang'], '$content' => $content, - '$renderedContent' => Markdown(json_decode($content)), + '$renderedContent' => $renderedContent, '$wikiName' => array('wikiName', t('Enter the name of your new wiki:'), '', ''), '$pageName' => array('pageName', t('Enter the name of the new page:'), '', ''), + '$pageRename' => array('pageRename', t('Enter the new name:'), '', ''), '$commitMsg' => array('commitMsg', '', '', '', '', 'placeholder="(optional) Enter a custom message when saving the page..."'), - '$pageHistory' => $pageHistory['history'] + '$pageHistory' => $pageHistory['history'], + '$wikiModal' => $wikiModal, + '$wikiModalID' => $wikiModalID, + '$commit' => 'HEAD', + '$embedPhotos' => t('Embed image from photo albums'), + '$embedPhotosModalTitle' => t('Embed an image from your albums'), + '$embedPhotosModalCancel' => t('Cancel'), + '$embedPhotosModalOK' => t('OK'), + '$modalchooseimages' => t('Choose images to embed'), + '$modalchoosealbum' => t('Choose an album'), + '$modaldiffalbum' => t('Choose a different album...'), + '$modalerrorlist' => t('Error getting album list'), + '$modalerrorlink' => t('Error getting photo link'), + '$modalerroralbum' => t('Error getting album'), )); head_add_js('library/ace/ace.js'); // Ace Code Editor return $o; @@ -166,8 +219,12 @@ class Wiki extends \Zotlabs\Web\Controller { // Render mardown-formatted text in HTML for preview if((argc() > 2) && (argv(2) === 'preview')) { $content = $_POST['content']; + $resource_id = $_POST['resource_id']; require_once('library/markdown.php'); - $html = purify_html(Markdown($content)); + $html = wiki_generate_toc(purify_html(Markdown($content))); + $w = wiki_get_wiki($resource_id); + $wikiURL = argv(0).'/'.argv(1).'/'.$w['urlName']; + $html = wiki_convert_links($html,$wikiURL); json_return_and_die(array('html' => $html, 'success' => true)); } @@ -185,6 +242,7 @@ class Wiki extends \Zotlabs\Web\Controller { } $wiki = array(); // Generate new wiki info from input name + $wiki['postVisible'] = ((intval($_POST['postVisible']) === 0) ? 0 : 1); $wiki['rawName'] = $_POST['wikiName']; $wiki['htmlName'] = escape_tags($_POST['wikiName']); $wiki['urlName'] = urlencode($_POST['wikiName']); @@ -218,20 +276,7 @@ class Wiki extends \Zotlabs\Web\Controller { if (local_channel() !== intval($channel['channel_id'])) { logger('Wiki delete permission denied.' . EOL); json_return_and_die(array('message' => 'Wiki delete permission denied.', 'success' => false)); - } else { - /* - $channel = get_channel_by_nick($nick); - $observer_hash = get_observer_hash(); - // Figure out who the page owner is. - $perms = get_all_perms(intval($channel['channel_id']), $observer_hash); - // TODO: Create a new permission setting for wiki analogous to webpages. Until - // then, use webpage permissions - if (!$perms['write_pages']) { - logger('Wiki delete permission denied.' . EOL); - json_return_and_die(array('success' => false)); - } - */ - } + } $resource_id = $_POST['resource_id']; $deleted = wiki_delete_wiki($resource_id); if ($deleted['success']) { @@ -377,7 +422,7 @@ class Wiki extends \Zotlabs\Web\Controller { if($deleted['success']) { $ob = \App::get_observer(); $commit = wiki_git_commit(array( - 'commit_msg' => 'Deleted ' . $pageHtmlName, + 'commit_msg' => 'Deleted ' . $pageUrlName, 'resource_id' => $resource_id, 'observer' => $ob, 'files' => null @@ -408,7 +453,7 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('success' => false)); } } - $reverted = wiki_revert_page(array('commitHash' => $commitHash, 'observer' => \App::get_observer(), 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); + $reverted = wiki_revert_page(array('commitHash' => $commitHash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($reverted['success']) { json_return_and_die(array('content' => $reverted['content'], 'message' => '', 'success' => true)); } else { @@ -416,6 +461,73 @@ class Wiki extends \Zotlabs\Web\Controller { } } + // Compare page revisions + if ((argc() === 4) && (argv(2) === 'compare') && (argv(3) === 'page')) { + $resource_id = $_POST['resource_id']; + $pageUrlName = $_POST['name']; + $compareCommit = $_POST['compareCommit']; + $currentCommit = $_POST['currentCommit']; + // Determine if observer has permission to revert pages + $nick = argv(1); + $channel = get_channel_by_nick($nick); + if (local_channel() !== intval($channel['channel_id'])) { + $observer_hash = get_observer_hash(); + $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); + if(!$perms['read']) { + logger('Wiki read permission denied.' . EOL); + json_return_and_die(array('success' => false)); + } + } + $compare = wiki_compare_page(array('currentCommit' => $currentCommit, 'compareCommit' => $compareCommit, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); + if($compare['success']) { + $diffHTML = '<table class="text-center" width="100%"><tr><td class="lead" width="50%">Current Revision</td><td class="lead" width="50%">Selected Revision</td></tr></table>' . $compare['diff']; + json_return_and_die(array('diff' => $diffHTML, 'message' => '', 'success' => true)); + } else { + json_return_and_die(array('diff' => '', 'message' => 'Error comparing page', 'success' => false)); + } + } + + // Rename a page + if ((argc() === 4) && (argv(2) === 'rename') && (argv(3) === 'page')) { + $resource_id = $_POST['resource_id']; + $pageUrlName = $_POST['oldName']; + $pageNewName = $_POST['newName']; + if ($pageUrlName === 'Home') { + json_return_and_die(array('message' => 'Cannot rename Home','success' => false)); + } + if(urlencode(escape_tags($pageNewName)) === '') { + json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false)); + } + // Determine if observer has permission to rename pages + $nick = argv(1); + $channel = get_channel_by_nick($nick); + if (local_channel() !== intval($channel['channel_id'])) { + $observer_hash = get_observer_hash(); + $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); + } + } + $renamed = wiki_rename_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'pageNewName' => $pageNewName)); + if($renamed['success']) { + $ob = \App::get_observer(); + $commit = wiki_git_commit(array( + 'commit_msg' => 'Renamed ' . urldecode($pageUrlName) . ' to ' . $renamed['page']['htmlName'], + 'resource_id' => $resource_id, + 'observer' => $ob, + 'files' => array($pageUrlName . '.md', $renamed['page']['fileName']), + 'all' => true + )); + if($commit['success']) { + json_return_and_die(array('name' => $renamed['page'], 'message' => 'Wiki git repo commit made', 'success' => true)); + } else { + json_return_and_die(array('message' => 'Error making git commit','success' => false)); + } + } else { + json_return_and_die(array('message' => 'Error renaming page', 'success' => false)); + } + } //notice('You must be authenticated.'); json_return_and_die(array('message' => 'You must be authenticated.', 'success' => false)); |