diff options
Diffstat (limited to 'Zotlabs/Module')
107 files changed, 4389 insertions, 1440 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 6f5b0ddf9..9c5f6653b 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -19,9 +19,9 @@ require_once("include/group.php"); class Acl extends \Zotlabs\Web\Controller { - function init(){ + function init() { - // logger('mod_acl: ' . print_r($_REQUEST,true)); + logger('mod_acl: ' . print_r($_REQUEST,true)); $start = (x($_REQUEST,'start') ? $_REQUEST['start'] : 0); $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 500); @@ -33,6 +33,7 @@ class Acl extends \Zotlabs\Web\Controller { // $type = // '' => standard ACL request // 'g' => Groups only ACL request + // 'f' => forums only ACL request // 'c' => Connections only ACL request or editor (textarea) mention request // $_REQUEST['search'] contains ACL search text. @@ -49,19 +50,19 @@ class Acl extends \Zotlabs\Web\Controller { $extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array()); // The different autocomplete libraries use different names for the search text - // parameter. Internaly we'll use $search to represent the search text no matter + // parameter. Internally we'll use $search to represent the search text no matter // what request variable it was attached to. if(array_key_exists('query',$_REQUEST)) { $search = $_REQUEST['query']; } - if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) + if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ]))) killme(); $permitted = []; - if(in_array($type, [ 'm', 'a', 'c' ])) { + if(in_array($type, [ 'm', 'a', 'c', 'f' ])) { // These queries require permission checking. We'll create a simple array of xchan_hash for those with // the requisite permissions which we can check against. @@ -104,6 +105,8 @@ class Acl extends \Zotlabs\Web\Controller { if($type == '' || $type == 'g') { + // virtual groups based on private profile viewing ability + $r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d", intval(local_channel()) ); @@ -121,6 +124,8 @@ class Acl extends \Zotlabs\Web\Controller { } } + // Normal privacy groups + $r = q("SELECT groups.id, groups.hash, groups.gname FROM groups, group_member WHERE groups.deleted = 0 AND groups.uid = %d @@ -150,26 +155,35 @@ class Acl extends \Zotlabs\Web\Controller { } } - if($type == '' || $type == 'c') { + if($type == '' || $type == 'c' || $type === 'f') { + $extra_channels_sql = ''; - // Only include channels who allow the observer to view their permissions - foreach($extra_channels as $channel) { - if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) - $extra_channels_sql .= "," . intval($channel); + + // Only include channels who allow the observer to view their connections + if($extra_channels) { + foreach($extra_channels as $channel) { + if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) { + if($extra_channel_sql) + $extra_channels_sql .= ','; + $extra_channels_sql .= intval($channel); + } + } } - $extra_channels_sql = substr($extra_channels_sql,1); // Remove initial comma - // Getting info from the abook is better for local users because it contains info about permissions if(local_channel()) { if($extra_channels_sql != '') $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; + + // Add atokens belonging to the local channel @TODO restrict by search + $r2 = null; $r1 = q("select * from atoken where atoken_uid = %d", intval(local_channel()) ); + if($r1) { require_once('include/security.php'); $r2 = array(); @@ -189,6 +203,7 @@ class Acl extends \Zotlabs\Web\Controller { } } + // add connections $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash @@ -293,7 +308,7 @@ class Acl extends \Zotlabs\Web\Controller { $contacts[] = array( "photo" => $g['photo'], "name" => $g['name'], - "nick" => $g['address'], + "nick" => $g['address'] ); } } @@ -310,18 +325,24 @@ class Acl extends \Zotlabs\Web\Controller { $r = array(); if($r) { - foreach($r as $g){ + foreach($r as $g) { - // remove RSS feeds from ACLs - they are inaccessible - if(strpos($g['hash'],'/') && $type != 'a') + if(($g['network'] === 'rss') && ($type != 'a')) continue; - - if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) { + + $g['hash'] = urlencode($g['hash']); + + if(! $g['nick']) { + $t = explode(' ',strtolower($g['name'])); + $g['nick'] = $t[0] . '@'; + } + + if(in_array($g['hash'],$permitted) && in_array($type, [ 'c', 'f' ]) && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", - "name" => $g['name'] . '+', - "id" => $g['id'] . '+', + "name" => $g['name'] . (($type === 'f') ? '' : '+'), + "id" => $g['id'] . (($type === 'f') ? '' : '+'), "xid" => $g['hash'], "link" => $g['nick'], "nick" => substr($g['nick'],0,strpos($g['nick'],'@')), @@ -330,18 +351,20 @@ class Acl extends \Zotlabs\Web\Controller { "label" => t('network') ); } - $contacts[] = array( - "type" => "c", - "photo" => $g['micro'], - "name" => $g['name'], - "id" => $g['id'], - "xid" => $g['hash'], - "link" => $g['nick'], - "nick" => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : t('RSS')), - "self" => (intval($g['abook_self']) ? 'abook-self' : ''), - "taggable" => '', - "label" => '', - ); + if($type !== 'f') { + $contacts[] = array( + "type" => "c", + "photo" => $g['micro'], + "name" => $g['name'], + "id" => $g['id'], + "xid" => $g['hash'], + "link" => $g['nick'], + "nick" => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']), + "self" => (intval($g['abook_self']) ? 'abook-self' : ''), + "taggable" => '', + "label" => '', + ); + } } } @@ -398,10 +421,12 @@ class Acl extends \Zotlabs\Web\Controller { $directory = find_upstream_directory($dirmode); $url = $directory['url'] . '/dirsearch'; } + + $token = get_config('system','realm_token'); $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100); if($url) { - $query = $url . '?f=' ; + $query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : ''); $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : ''); $x = z_fetch_url($query); diff --git a/Zotlabs/Module/Admin.php b/Zotlabs/Module/Admin.php index 536d85dde..30f3dfa48 100644 --- a/Zotlabs/Module/Admin.php +++ b/Zotlabs/Module/Admin.php @@ -52,6 +52,8 @@ class Admin extends \Zotlabs\Web\Controller { * Page content */ + nav_set_selected('Admin'); + $o = ''; if(argc() > 1) { @@ -91,10 +93,10 @@ class Admin extends \Zotlabs\Web\Controller { intval(ACCOUNT_BLOCKED) ); if ($r) { - $accounts['total'] = array('label' => t('# Accounts'), 'val' => $r[0]['total']); - $accounts['blocked'] = array('label' => t('# blocked accounts'), 'val' => $r[0]['blocked']); - $accounts['expired'] = array('label' => t('# expired accounts'), 'val' => $r[0]['expired']); - $accounts['expiring'] = array('label' => t('# expiring accounts'), 'val' => $r[0]['expiring']); + $accounts['total'] = array('label' => t('Accounts'), 'val' => $r[0]['total']); + $accounts['blocked'] = array('label' => t('Blocked accounts'), 'val' => $r[0]['blocked']); + $accounts['expired'] = array('label' => t('Expired accounts'), 'val' => $r[0]['expired']); + $accounts['expiring'] = array('label' => t('Expiring accounts'), 'val' => $r[0]['expiring']); } // pending registrations @@ -105,9 +107,9 @@ class Admin extends \Zotlabs\Web\Controller { $channels = array(); $r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0"); if ($r) { - $channels['total'] = array('label' => t('# Channels'), 'val' => $r[0]['total']); - $channels['main'] = array('label' => t('# primary'), 'val' => $r[0]['main']); - $channels['clones'] = array('label' => t('# clones'), 'val' => $r[0]['clones']); + $channels['total'] = array('label' => t('Channels'), 'val' => $r[0]['total']); + $channels['main'] = array('label' => t('Primary'), 'val' => $r[0]['main']); + $channels['clones'] = array('label' => t('Clones'), 'val' => $r[0]['clones']); } // We can do better, but this is a quick queue status @@ -118,14 +120,11 @@ class Admin extends \Zotlabs\Web\Controller { // If no plugins active return 0, otherwise list of plugin names $plugins = (count(\App::$plugins) == 0) ? count(\App::$plugins) : \App::$plugins; + if(is_array($plugins)) + sort($plugins); + // Could be extended to provide also other alerts to the admin $alertmsg = ''; - // annoy admin about upcoming unsupported PHP version - if (version_compare(PHP_VERSION, '5.4', '<')) { - $alertmsg = 'Your PHP version ' . PHP_VERSION . ' will not be supported with the next major release of $Projectname. You are strongly urged to upgrade to a current version.' - . '<br>PHP 5.3 has reached its <a href="http://php.net/eol.php" class="alert-link">End of Life (EOL)</a> in August 2014.' - . ' A list about current PHP versions can be found <a href="http://php.net/supported-versions.php" class="alert-link">here</a>.'; - } $vmaster = get_repository_version('master'); $vdev = get_repository_version('dev'); diff --git a/Zotlabs/Module/Admin/Plugins.php b/Zotlabs/Module/Admin/Plugins.php index 527e96496..feb29e9d6 100644 --- a/Zotlabs/Module/Admin/Plugins.php +++ b/Zotlabs/Module/Admin/Plugins.php @@ -3,10 +3,14 @@ namespace Zotlabs\Module\Admin; use \Zotlabs\Storage\GitRepo as GitRepo; +use \Michelf\MarkdownExtra; class Plugins { - + /** + * @brief + * + */ function post() { if(argc() > 2 && is_file("addon/" . argv(2) . "/" . argv(2) . ".php")) { @@ -15,16 +19,15 @@ class Plugins { $func = argv(2) . '_plugin_admin_post'; $func($a); } - - goaway(z_root() . '/admin/plugins/' . argv(2) ); + goaway(z_root() . '/admin/plugins/' . argv(2) ); } elseif(argc() > 2) { switch(argv(2)) { case 'updaterepo': if (array_key_exists('repoName', $_REQUEST)) { $repoName = $_REQUEST['repoName']; - } + } else { json_return_and_die(array('message' => 'No repo name provided.', 'success' => false)); } @@ -101,16 +104,15 @@ class Plugins { logger('Repo directory not writable to web server: ' . $repoDir); json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false)); } - // TODO: remove directory and unlink /addon/files + /// @TODO remove directory and unlink /addon/files if (rrmdir($repoDir)) { json_return_and_die(array('message' => 'Repo deleted.', 'success' => true)); } else { json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false)); } case 'installrepo': - require_once('library/markdown.php'); if (array_key_exists('repoURL', $_REQUEST)) { - require_once('library/PHPGit.autoload.php'); // Load PHPGit dependencies + require_once('library/PHPGit.autoload.php'); // Load PHPGit dependencies $repoURL = $_REQUEST['repoURL']; $extendDir = 'store/[data]/git/sys/extend'; $addonDir = $extendDir . '/addon'; @@ -170,9 +172,8 @@ class Plugins { json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true)); } case 'addrepo': - require_once('library/markdown.php'); if (array_key_exists('repoURL', $_REQUEST)) { - require_once('library/PHPGit.autoload.php'); // Load PHPGit dependencies + require_once('library/PHPGit.autoload.php'); // Load PHPGit dependencies $repoURL = $_REQUEST['repoURL']; $extendDir = 'store/[data]/git/sys/extend'; $addonDir = $extendDir . '/addon'; @@ -225,7 +226,7 @@ class Plugins { $repo['readme'] = $repo['manifest'] = null; foreach ($git->git->tree('master') as $object) { if ($object['type'] == 'blob' && (strtolower($object['file']) === 'readme.md' || strtolower($object['file']) === 'readme')) { - $repo['readme'] = Markdown($git->git->cat->blob($object['hash'])); + $repo['readme'] = MarkdownExtra::defaultTransform($git->git->cat->blob($object['hash'])); } else if ($object['type'] == 'blob' && strtolower($object['file']) === 'manifest.json') { $repo['manifest'] = $git->git->cat->blob($object['hash']); } @@ -241,7 +242,11 @@ class Plugins { } } - + /** + * @brief Plugins admin page. + * + * @return string with parsed HTML + */ function get() { /* @@ -254,13 +259,13 @@ class Plugins { notice( t("Item not found.") ); return ''; } - + $enabled = in_array($plugin,\App::$plugins); $info = get_plugin_info($plugin); $x = check_plugin_versions($info); - + // disable plugins which are installed but incompatible versions - + if($enabled && ! $x) { $enabled = false; $idz = array_search($plugin, \App::$plugins); @@ -271,7 +276,7 @@ class Plugins { } } $info['disabled'] = 1-intval($x); - + if (x($_GET,"a") && $_GET['a']=="t"){ check_form_security_token_redirectOnErr('/admin/plugins', 'admin_plugins', 't'); $pinstalled = false; @@ -297,9 +302,9 @@ class Plugins { } goaway(z_root() . '/admin/plugins' ); } + // display plugin details - require_once('library/markdown.php'); - + if (in_array($plugin, \App::$plugins)){ $status = 'on'; $action = t('Disable'); @@ -307,21 +312,21 @@ class Plugins { $status = 'off'; $action = t('Enable'); } - + $readme = null; if (is_file("addon/$plugin/README.md")){ $readme = file_get_contents("addon/$plugin/README.md"); - $readme = Markdown($readme); + $readme = MarkdownExtra::defaultTransform($readme); } else if (is_file("addon/$plugin/README")){ $readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>"; } - + $admin_form = ''; - + $r = q("select * from addon where plugin_admin = 1 and aname = '%s' limit 1", dbesc($plugin) ); - + if($r) { @require_once("addon/$plugin/$plugin.php"); if(function_exists($plugin.'_plugin_admin')) { @@ -329,8 +334,8 @@ class Plugins { $func($a, $admin_form); } } - - + + $t = get_markup_template('admin_plugins_details.tpl'); return replace_macros($t, array( '$title' => t('Administration'), @@ -338,7 +343,7 @@ class Plugins { '$toggle' => t('Toggle'), '$settings' => t('Settings'), '$baseurl' => z_root(), - + '$plugin' => $plugin, '$status' => $status, '$action' => $action, @@ -351,17 +356,17 @@ class Plugins { '$str_serverroles' => t('Compatible Server Roles: '), '$str_requires' => t('Requires: '), '$disabled' => t('Disabled - version incompatibility'), - + '$admin_form' => $admin_form, '$function' => 'plugins', '$screenshot' => '', '$readme' => $readme, - + '$form_security_token' => get_form_security_token('admin_plugins'), )); } - - + + /* * List plugins */ @@ -374,9 +379,9 @@ class Plugins { $info = get_plugin_info($id); $enabled = in_array($id,\App::$plugins); $x = check_plugin_versions($info); - + // disable plugins which are installed but incompatible versions - + if($enabled && ! $x) { $enabled = false; $idz = array_search($id, \App::$plugins); @@ -387,19 +392,19 @@ class Plugins { } } $info['disabled'] = 1-intval($x); - + $plugins[] = array( $id, (($enabled)?"on":"off") , $info); } } } - + usort($plugins,'self::plugin_sort'); $allowManageRepos = false; if(is_writable('extend/addon') && is_writable('store/[data]')) { $allowManageRepos = true; - } - + } + $admin_plugins_add_repo_form= replace_macros( get_markup_template('admin_plugins_addrepo.tpl'), array( '$post' => 'admin/plugins/addrepo', @@ -418,14 +423,14 @@ class Plugins { '$cancel' => t('Cancel') ) ); - + $reponames = $this->listAddonRepos(); $addonrepos = []; foreach($reponames as $repo) { $addonrepos[] = array('name' => $repo, 'description' => ''); - // TODO: Parse repo info to provide more information about repos + /// @TODO Parse repo info to provide more information about repos } - + $t = get_markup_template('admin_plugins.tpl'); return replace_macros($t, array( '$title' => t('Administration'), @@ -471,5 +476,4 @@ class Plugins { return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name']))); } - }
\ No newline at end of file diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 829ca71e4..4946e3433 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -17,7 +17,6 @@ class Site { check_form_security_token_redirectOnErr('/admin/site', 'admin_site'); $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); - $server_role = ((x($_POST,'server_role')) ? notags(trim($_POST['server_role'])) : 'standard'); $banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false); @@ -48,6 +47,10 @@ class Site { $no_community_page = !((x($_POST,'no_community_page')) ? True : False); $default_expire_days = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0); + $reply_address = ((array_key_exists('reply_address',$_POST) && trim($_POST['reply_address'])) ? trim($_POST['reply_address']) : 'noreply@' . \App::get_hostname()); + $from_email = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname()); + $from_email_name = ((array_key_exists('from_email_name',$_POST) && trim($_POST['from_email_name'])) ? trim($_POST['from_email_name']) : \Zotlabs\Lib\System::get_site_name()); + $verifyssl = ((x($_POST,'verifyssl')) ? True : False); $proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : ''); $proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : ''); @@ -64,7 +67,6 @@ class Site { if(array_key_exists('techlevel', $_POST)) $techlevel = intval($_POST['techlevel']); - set_config('system', 'server_role', $server_role); set_config('system', 'feed_contacts', $feed_contacts); set_config('system', 'delivery_interval', $delivery_interval); set_config('system', 'delivery_batch_count', $delivery_batch_count); @@ -77,8 +79,15 @@ class Site { set_config('system', 'enable_context_help', $enable_context_help); set_config('system', 'verify_email', $verify_email); set_config('system', 'default_expire_days', $default_expire_days); + set_config('system', 'reply_address', $reply_address); + set_config('system', 'from_email', $from_email); + set_config('system', 'from_email_name' , $from_email_name); + + set_config('system', 'techlevel_lock', $techlevel_lock); + + if(! is_null($techlevel)) set_config('system', 'techlevel', $techlevel); @@ -163,6 +172,14 @@ class Site { foreach($files as $file) { $vars = ''; $f = basename($file); + + $info = get_theme_info($f); + $compatible = check_plugin_versions($info); + if(!$compatible) { + $theme_choices[$f] = $theme_choices_mobile[$f] = sprintf(t('%s - (Incompatible)'), $f); + continue; + } + if (file_exists($file . '/library')) continue; if (file_exists($file . '/mobile')) @@ -189,7 +206,7 @@ class Site { // directory server should not be set or settable unless we are a directory client if($dirmode == DIRECTORY_MODE_NORMAL) { - $x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s'", + $x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s' and site_dead = 0", intval(DIRECTORY_MODE_SECONDARY), intval(DIRECTORY_MODE_PRIMARY), dbesc($realm) @@ -235,12 +252,6 @@ class Site { // now invert the logic for the setting. $discover_tab = (1 - $discover_tab); - $server_roles = [ - 'basic' => t('Basic/Minimal Social Networking'), - 'standard' => t('Standard Configuration (default)'), - 'pro' => t('Professional') - ]; - $techlevels = [ '0' => t('Beginner/Basic'), '1' => t('Novice - not skilled but willing to learn'), @@ -267,8 +278,6 @@ class Site { // name, label, value, help string, extra data... '$sitename' => array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''), - '$server_role' => array('server_role', t("Server Configuration/Role"), get_config('system','server_role'),'',$server_roles), - '$techlevel' => [ 'techlevel', t('Site default technical skill level'), get_config('system','techlevel'), t('Used to provide a member experience matched to technical comfort level'), $techlevels ], '$techlock' => [ 'techlock', t('Lock the technical skill level setting'), get_config('system','techlevel_lock'), t('Members can set their own technical comfort level by default') ], @@ -296,6 +305,10 @@ class Site { '$login_on_homepage' => array('login_on_homepage', t("Login on Homepage"),((intval($homelogin) || $homelogin === false) ? 1 : '') , t("Present a login box to visitors on the home page if no other content has been configured.")), '$enable_context_help' => array('enable_context_help', t("Enable context help"),((intval($enable_context_help) === 1 || $enable_context_help === false) ? 1 : 0) , t("Display contextual help for the current page when the help button is pressed.")), + '$reply_address' => [ 'reply_address', t('Reply-to email address for system generated email.'), get_config('system','reply_address','noreply@' . \App::get_hostname()),'' ], + '$from_email' => [ 'from_email', t('Sender (From) email address for system generated email.'), get_config('system','from_email','Administrator@' . \App::get_hostname()),'' ], + '$from_email_name' => [ 'from_email_name', t('Name of email sender for system generated email.'), get_config('system','from_email_name',\Zotlabs\Lib\System::get_site_name()),'' ], + '$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null), '$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""), @@ -310,4 +323,4 @@ class Site { )); } -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Admin/Themes.php b/Zotlabs/Module/Admin/Themes.php index 63a9a1670..8e72a1318 100644 --- a/Zotlabs/Module/Admin/Themes.php +++ b/Zotlabs/Module/Admin/Themes.php @@ -2,38 +2,41 @@ namespace Zotlabs\Module\Admin; +use \Michelf\MarkdownExtra; +/** + * @brief Admin area theme settings. + */ class Themes { + /** + * @brief + * + */ function post() { $theme = argv(2); if (is_file("view/theme/$theme/php/config.php")){ require_once("view/theme/$theme/php/config.php"); - // fixme add parent theme if derived - if (function_exists("theme_admin_post")){ + /// @FIXME add parent theme if derived + if (function_exists('theme_admin_post')){ theme_admin_post($a); } } info(t('Theme settings updated.')); - if(is_ajax()) + if(is_ajax()) return; - + goaway(z_root() . '/admin/themes/' . $theme ); } - - - /** * @brief Themes admin page. * - * @return string + * @return string with parsed HTML */ - function get(){ - $allowed_themes_str = get_config('system', 'allowed_themes'); $allowed_themes_raw = explode(',', $allowed_themes_str); $allowed_themes = array(); @@ -41,7 +44,7 @@ class Themes { foreach($allowed_themes_raw as $x) if(strlen(trim($x))) $allowed_themes[] = trim($x); - + $themes = array(); $files = glob('view/theme/*'); if($files) { @@ -53,56 +56,55 @@ class Themes { $themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed); } } - + if(! count($themes)) { notice( t('No themes found.')); return ''; } - + /* * Single theme */ - + if (\App::$argc == 3){ $theme = \App::$argv[2]; if(! is_dir("view/theme/$theme")){ notice( t("Item not found.") ); return ''; } - + if (x($_GET,"a") && $_GET['a']=="t"){ check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't'); - + // Toggle theme status - + $this->toggle_theme($themes, $theme, $result); $s = $this->rebuild_theme_table($themes); if($result) info( sprintf('Theme %s enabled.', $theme)); else info( sprintf('Theme %s disabled.', $theme)); - + set_config('system', 'allowed_themes', $s); goaway(z_root() . '/admin/themes' ); } - + // display theme details - require_once('library/markdown.php'); - + if ($this->theme_status($themes,$theme)) { $status="on"; $action= t("Disable"); } else { $status="off"; $action= t("Enable"); } - + $readme=Null; if (is_file("view/theme/$theme/README.md")){ $readme = file_get_contents("view/theme/$theme/README.md"); - $readme = Markdown($readme); + $readme = MarkdownExtra::defaultTransform($readme); } else if (is_file("view/theme/$theme/README")){ - $readme = "<pre>". file_get_contents("view/theme/$theme/README") ."</pre>"; + $readme = '<pre>'. file_get_contents("view/theme/$theme/README") .'</pre>'; } - + $admin_form = ''; if (is_file("view/theme/$theme/php/config.php")){ require_once("view/theme/$theme/php/config.php"); @@ -110,11 +112,11 @@ class Themes { $admin_form = theme_admin($a); } } - + $screenshot = array( get_theme_screenshot($theme), t('Screenshot')); if(! stristr($screenshot[0],$theme)) $screenshot = null; - + $t = get_markup_template('admin_plugins_details.tpl'); return replace_macros($t, array( '$title' => t('Administration'), @@ -122,7 +124,7 @@ class Themes { '$toggle' => t('Toggle'), '$settings' => t('Settings'), '$baseurl' => z_root(), - + '$plugin' => $theme, '$status' => $status, '$action' => $action, @@ -133,22 +135,22 @@ class Themes { '$str_maintainer' => t('Maintainer: '), '$screenshot' => $screenshot, '$readme' => $readme, - + '$form_security_token' => get_form_security_token('admin_themes'), )); } - + /* * List themes */ - + $xthemes = array(); if($themes) { foreach($themes as $th) { $xthemes[] = array($th['name'],(($th['allowed']) ? "on" : "off"), get_theme_info($th['name'])); } } - + $t = get_markup_template('admin_plugins.tpl'); return replace_macros($t, array( '$title' => t('Administration'), @@ -162,13 +164,14 @@ class Themes { '$form_security_token' => get_form_security_token('admin_themes'), )); } - /** - * @param array $themes - * @param string $th - * @param int $result + * @brief Toggle a theme. + * + * @param array &$themes + * @param[in] string $th + * @param[out] int &$result */ function toggle_theme(&$themes, $th, &$result) { for($x = 0; $x < count($themes); $x ++) { @@ -184,7 +187,7 @@ class Themes { } } } - + /** * @param array $themes * @param string $th @@ -203,8 +206,7 @@ class Themes { } return 0; } - - + /** * @param array $themes * @return string @@ -222,12 +224,5 @@ class Themes { } return $o; } - - - - - - - -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Appman.php b/Zotlabs/Module/Appman.php index 270301d34..5c0667357 100644 --- a/Zotlabs/Module/Appman.php +++ b/Zotlabs/Module/Appman.php @@ -36,8 +36,9 @@ class Appman extends \Zotlabs\Web\Controller { if(Zlib\Apps::app_installed(local_channel(),$arr)) info( t('App installed.') . EOL); - - return; + + goaway(z_root() . '/apps'); + return; //not reached } @@ -83,6 +84,20 @@ class Appman extends \Zotlabs\Web\Controller { } $channel = \App::get_channel(); + + if(argc() > 2) { + if(argv(2) === 'moveup') { + Zlib\Apps::moveup(local_channel(),argv(1)); + } + if(argv(2) === 'movedown') { + Zlib\Apps::movedown(local_channel(),argv(1)); + } + goaway(z_root() . '/apporder'); + } + + + + $app = null; $embed = null; if($_REQUEST['appid']) { diff --git a/Zotlabs/Module/Apporder.php b/Zotlabs/Module/Apporder.php new file mode 100644 index 000000000..1097a01eb --- /dev/null +++ b/Zotlabs/Module/Apporder.php @@ -0,0 +1,40 @@ +<?php + +namespace Zotlabs\Module; + +use \Zotlabs\Lib as Zlib; + +class Apporder extends \Zotlabs\Web\Controller { + + function post() { + + } + + function get() { + $syslist = array(); + $list = Zlib\Apps::app_list(local_channel(), false, 'nav_featured_app'); + if($list) { + foreach($list as $li) { + $syslist[] = Zlib\Apps::app_encode($li); + } + } + Zlib\Apps::translate_system_apps($syslist); + + usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare'); + + $syslist = Zlib\Apps::app_order(local_channel(),$syslist); + + foreach($syslist as $app) { + $nav_apps[] = Zlib\Apps::app_render($app,'nav-order'); + + } + + return replace_macros(get_markup_template('apporder.tpl'), + [ + '$header' => t('Change Order of Navigation Apps'), + '$desc' => t('Use arrows to move the corresponding app up or down in the display list'), + '$nav_apps' => $nav_apps + ] + ); + } +} diff --git a/Zotlabs/Module/Apps.php b/Zotlabs/Module/Apps.php index 2df6d675f..261615997 100644 --- a/Zotlabs/Module/Apps.php +++ b/Zotlabs/Module/Apps.php @@ -41,9 +41,12 @@ class Apps extends \Zotlabs\Web\Controller { return replace_macros(get_markup_template('myapps.tpl'), array( '$sitename' => get_config('system','sitename'), - '$cat' => ((array_key_exists('cat',$_GET) && $_GET['cat']) ? ' - ' . escape_tags($_GET['cat']) : ''), + '$cat' => ((array_key_exists('cat',$_GET) && $_GET['cat']) ? escape_tags($_GET['cat']) : ''), '$title' => t('Apps'), '$apps' => $apps, + '$authed' => ((local_channel()) ? true : false), + '$manage' => t('Manage apps'), + '$create' => (($mode == 'edit') ? t('Create new app') : '') )); } diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 94f46978a..490d5edd0 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller { $unsafe_types = array('text/html','text/css','application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types)) { + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) { header('Content-type: text/plain'); } else { diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php new file mode 100644 index 000000000..06f66c456 --- /dev/null +++ b/Zotlabs/Module/Authorize.php @@ -0,0 +1,71 @@ +<?php + +namespace Zotlabs\Module; + + +class Authorize extends \Zotlabs\Web\Controller { + + + function get() { + + + // workaround for HTTP-auth in CGI mode + if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + if (x($_SERVER, 'HTTP_AUTHORIZATION')) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + + + + require_once('include/oauth2.php'); + + $request = \OAuth2\Request::createFromGlobals(); + $response = new \OAuth2\Response(); + + // validate the authorize request + if (! $oauth2_server->validateAuthorizeRequest($request, $response)) { + $response->send(); + killme(); + } + + // display an authorization form + if (empty($_POST)) { + + return ' +<form method="post"> + <label>Do You Authorize TestClient?</label><br /> + <input type="submit" name="authorized" value="yes"> + <input type="submit" name="authorized" value="no"> +</form>'; + } + + // print the authorization code if the user has authorized your client + $is_authorized = ($_POST['authorized'] === 'yes'); + $oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized); + if ($is_authorized) { + // this is only here so that you get to see your code in the cURL request. Otherwise, + // we'd redirect back to the client + $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); + echo("SUCCESS! Authorization Code: $code"); + + } + + $response->send(); + killme(); + } + +}
\ No newline at end of file diff --git a/Zotlabs/Module/Block.php b/Zotlabs/Module/Block.php index e671730f6..d0fed44fe 100644 --- a/Zotlabs/Module/Block.php +++ b/Zotlabs/Module/Block.php @@ -3,8 +3,6 @@ namespace Zotlabs\Module; require_once('include/items.php'); require_once('include/conversation.php'); -require_once('include/page_widgets.php'); - class Block extends \Zotlabs\Web\Controller { diff --git a/Zotlabs/Module/Bookmarks.php b/Zotlabs/Module/Bookmarks.php index 733bfd4e3..e62f5ce96 100644 --- a/Zotlabs/Module/Bookmarks.php +++ b/Zotlabs/Module/Bookmarks.php @@ -7,6 +7,9 @@ class Bookmarks extends \Zotlabs\Web\Controller { function init() { if(! local_channel()) return; + + nav_set_selected(t('View Bookmarks')); + $item_id = intval($_REQUEST['item']); $burl = trim($_REQUEST['burl']); @@ -68,7 +71,8 @@ class Bookmarks extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - $o = profile_tabs($a,true,$channel['channel_address']); + //$o = profile_tabs($a,true,$channel['channel_address']); + $o = ''; $o .= '<div class="generic-content-wrapper-styled">'; diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index b982d19a8..41676ce02 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -86,7 +86,8 @@ class Cal extends \Zotlabs\Web\Controller { $o = ''; - $tabs = profile_tabs($a, True, $channel['channel_address']); + //$tabs = profile_tabs($a, True, $channel['channel_address']); + $tabs = ''; $mode = 'view'; $y = 0; diff --git a/Zotlabs/Module/Card_edit.php b/Zotlabs/Module/Card_edit.php new file mode 100644 index 000000000..7cc563fd2 --- /dev/null +++ b/Zotlabs/Module/Card_edit.php @@ -0,0 +1,138 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/channel.php'); +require_once('include/acl_selectors.php'); +require_once('include/conversation.php'); + +class Card_edit extends \Zotlabs\Web\Controller { + + + function get() { + + // Figure out which post we're editing + $post_id = ((argc() > 1) ? intval(argv(1)) : 0); + + if(! $post_id) { + notice( t('Item not found') . EOL); + return; + } + + $itm = q("SELECT * FROM item WHERE id = %d and item_type = %d LIMIT 1", + intval($post_id), + intval(ITEM_TYPE_CARD) + ); + if($itm) { + $item_id = q("select * from iconfig where cat = 'system' and k = 'CARD' and iid = %d limit 1", + intval($itm[0]['id']) + ); + if($item_id) + $card_title = $item_id[0]['v']; + } + else { + notice( t('Item not found') . EOL); + return; + } + + $owner = $itm[0]['uid']; + $uid = local_channel(); + + $observer = \App::get_observer(); + + $channel = channelx_by_n($owner); + if(! $channel) { + notice( t('Channel not found.') . EOL); + return; + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; + + + + $category = ''; + $catsenabled = ((feature_enabled($owner,'categories')) ? 'categories' : ''); + + if ($catsenabled){ + $itm = fetch_post_tags($itm); + + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); + + foreach ($cats as $cat) { + if (strlen($category)) + $category .= ', '; + $category .= $cat['term']; + } + } + + if($itm[0]['attach']) { + $j = json_decode($itm[0]['attach'],true); + if($j) { + foreach($j as $jj) { + $itm[0]['body'] .= "\n" . '[attachment]' . basename($jj['href']) . ',' . $jj['revision'] . '[/attachment]' . "\n"; + } + } + } + + + $mimetype = $itm[0]['mimetype']; + + $content = $itm[0]['body']; + + + + $rp = 'cards/' . $channel['channel_address']; + + $x = array( + 'nickname' => $channel['channel_address'], + 'bbco_autocomplete'=> 'bbcode', + 'return_path' => $rp, + 'webpage' => ITEM_TYPE_CARD, + 'button' => t('Edit'), + 'writefiles' => perm_is_allowed($owner, get_observer_hash(), 'write_pages'), + 'weblink' => t('Insert web link'), + 'hide_voting' => false, + 'hide_future' => false, + 'hide_location' => false, + 'hide_expire' => false, + 'showacl' => true, + 'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')), + 'permissions' => $itm[0], + 'lockstate' => (($itm[0]['allow_cid'] || $itm[0]['allow_gid'] || $itm[0]['deny_cid'] || $itm[0]['deny_gid']) ? 'lock' : 'unlock'), + 'ptyp' => $itm[0]['type'], + 'mimeselect' => false, + 'mimetype' => $itm[0]['mimetype'], + 'body' => undo_post_tagging($content), + 'post_id' => $post_id, + 'visitor' => true, + 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'placeholdertitle' => t('Title (optional)'), + 'pagetitle' => $card_title, + 'profile_uid' => (intval($channel['channel_id'])), + 'catsenabled' => $catsenabled, + 'category' => $category, + 'bbcode' => (($mimetype == 'text/bbcode') ? true : false) + ); + + $editor = status_editor($a, $x); + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit Card'), + '$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false), + '$id' => $itm[0]['id'], + '$editor' => $editor + )); + + return $o; + + } + +} diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php new file mode 100644 index 000000000..22c5d673c --- /dev/null +++ b/Zotlabs/Module/Cards.php @@ -0,0 +1,187 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/channel.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + + +class Cards extends \Zotlabs\Web\Controller { + + function init() { + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($which); + + } + + function get($update = 0, $load = false) { + + if(observer_prohibited(true)) { + return login(); + } + + if(! \App::$profile) { + notice( t('Requested profile is not available.') . EOL ); + \App::$error = 404; + return; + } + + if(! feature_enabled(\App::$profile_uid,'cards')) { + return; + } + + nav_set_selected(t('Cards')); + + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); + + + $category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : ''); + + if($category) { + $sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY)); + } + + + $which = argv(1); + + $selected_card = ((argc() > 2) ? argv(2) : ''); + + $_SESSION['return_url'] = \App::$query_string; + + $uid = local_channel(); + $owner = \App::$profile_uid; + $observer = \App::get_observer(); + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'view_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = ($uid && $uid == $owner); + + $channel = channelx_by_n($owner); + + if($channel) { + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + } + else { + $channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ]; + } + + + + if(perm_is_allowed($owner,$ob_hash,'write_pages')) { + + $x = [ + 'webpage' => ITEM_TYPE_CARD, + 'is_owner' => true, + 'content_label' => t('Add Card'), + 'button' => t('Create'), + 'nickname' => $channel['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] + || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'acl' => (($is_owner) ? populate_acl($channel_acl, false, + \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''), + 'permissions' => $channel_acl, + 'showacl' => (($is_owner) ? true : false), + 'visitor' => true, + 'hide_location' => false, + 'hide_voting' => false, + 'profile_uid' => intval($owner), + 'mimetype' => 'text/bbcode', + 'mimeselect' => false, + 'layoutselect' => false, + 'expanded' => false, + 'novoting' => false, + 'catsenabled' => feature_enabled($owner,'categories'), + 'bbco_autocomplete' => 'bbcode', + 'bbcode' => true + ]; + + if($_REQUEST['title']) + $x['title'] = $_REQUEST['title']; + if($_REQUEST['body']) + $x['body'] = $_REQUEST['body']; + $editor = status_editor($a,$x); + + } + else { + $editor = ''; + } + + + $sql_extra = item_permissions_sql($owner); + + if($selected_card) { + $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1", + dbesc($selected_card) + ); + if($r) { + $sql_extra .= "and item.id = " . intval($r[0]['iid']) . " "; + } + } + + $r = q("select * from item + where item.uid = %d and item_type = %d + $sql_extra order by item.created desc", + intval($owner), + intval(ITEM_TYPE_CARD) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 "; + + if($r) { + + $parents_str = ids_to_querystr($r,'id'); + + $items = q("SELECT item.*, item.id AS item_id + FROM item + WHERE item.uid = %d $item_normal + AND item.parent IN ( %s ) + $sql_extra $sql_extra2 ", + intval(\App::$profile['profile_uid']), + dbesc($parents_str) + ); + if($items) { + xchan_query($items); + $items = fetch_post_tags($items, true); + $items = conv_sort($items,'updated'); + } + else + $items = []; + } + + $mode = 'cards'; + + $content = conversation($items,$mode,false,'traditional'); + + $o = replace_macros(get_markup_template('cards.tpl'), [ + '$title' => t('Cards'), + '$editor' => $editor, + '$content' => $content, + '$pager' => alt_pager($a,count($items)) + ]); + + return $o; + } + +} diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php new file mode 100644 index 000000000..abaec26a6 --- /dev/null +++ b/Zotlabs/Module/Cdav.php @@ -0,0 +1,1259 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/event.php'); + +require_once('include/auth.php'); +require_once('include/security.php'); + +class Cdav extends \Zotlabs\Web\Controller { + + function init() { + + $record = null; + $channel_login = false; + + if((argv(1) !== 'calendar') && (argv(1) !== 'addressbook')) { + + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + + /* Basic authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') { + $userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + break; + } + + /* Signature authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + continue; + } + + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + if($sigblock) { + $keyId = $sigblock['keyId']; + if($keyId) { + $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + dbesc($keyId) + ); + if($r) { + $c = channelx_by_hash($r[0]['hubloc_hash']); + if($c) { + $a = q("select * from account where account_id = %d limit 1", + intval($c['channel_account_id']) + ); + if($a) { + $record = [ 'channel' => $c, 'account' => $a[0] ]; + $channel_login = $c['channel_id']; + } + } + } + if(! $record) + continue; + + if($record) { + $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); + if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { + $record = null; + } + if($record['account']) { + authenticate_success($record['account']); + if($channel_login) { + change_channel($channel_login); + } + } + break; + } + } + } + } + } + + + /** + * This server combines both CardDAV and CalDAV functionality into a single + * server. It is assumed that the server runs at the root of a HTTP domain (be + * that a domainname-based vhost or a specific TCP port. + * + * This example also assumes that you're using SQLite and the database has + * already been setup (along with the database tables). + * + * You may choose to use MySQL instead, just change the PDO connection + * statement. + */ + + /** + * UTC or GMT is easy to work with, and usually recommended for any + * application. + */ + date_default_timezone_set('UTC'); + + /** + * Make sure this setting is turned on and reflect the root url for your WebDAV + * server. + * + * This can be for example the root / or a complete path to your server script. + */ + + $baseUri = '/cdav/'; + + /** + * Database + * + */ + + $pdo = \DBA::$dba->db; + + // Autoloader + require_once 'vendor/autoload.php'; + + /** + * The backends. Yes we do really need all of them. + * + * This allows any developer to subclass just any of them and hook into their + * own backend systems. + */ + + $auth = new \Zotlabs\Storage\BasicAuth(); + $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'CalDAV/CardDAV'); + + if (local_channel()) { + logger('loggedin'); + $channel = \App::get_channel(); + $auth->setCurrentUser($channel['channel_address']); + $auth->channel_id = $channel['channel_id']; + $auth->channel_hash = $channel['channel_hash']; + $auth->channel_account_id = $channel['channel_account_id']; + if($channel['channel_timezone']) + $auth->setTimezone($channel['channel_timezone']); + $auth->observer = $channel['channel_hash']; + + $principalUri = 'principals/' . $channel['channel_address']; + if(!cdav_principal($principalUri)) { + $this->activate($pdo, $channel); + if(!cdav_principal($principalUri)) { + return; + } + } + + } + + + $principalBackend = new \Sabre\DAVACL\PrincipalBackend\PDO($pdo); + $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo); + $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); + + /** + * The directory tree + * + * Basically this is an array which contains the 'top-level' directories in the + * WebDAV server. + */ + + $nodes = [ + // /principals + new \Sabre\CalDAV\Principal\Collection($principalBackend), + // /calendars + new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend), + // /addressbook + new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend), + ]; + + // The object tree needs in turn to be passed to the server class + + $server = new \Sabre\DAV\Server($nodes); + + if(isset($baseUri)) + $server->setBaseUri($baseUri); + + // Plugins + $server->addPlugin(new \Sabre\DAV\Auth\Plugin($auth)); + //$server->addPlugin(new \Sabre\DAV\Browser\Plugin()); + $server->addPlugin(new \Sabre\DAV\Sync\Plugin()); + $server->addPlugin(new \Sabre\DAV\Sharing\Plugin()); + $server->addPlugin(new \Sabre\DAVACL\Plugin()); + + // CalDAV plugins + $server->addPlugin(new \Sabre\CalDAV\Plugin()); + $server->addPlugin(new \Sabre\CalDAV\SharingPlugin()); + //$server->addPlugin(new \Sabre\CalDAV\Schedule\Plugin()); + $server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin()); + + // CardDAV plugins + $server->addPlugin(new \Sabre\CardDAV\Plugin()); + $server->addPlugin(new \Sabre\CardDAV\VCFExportPlugin()); + + // And off we go! + $server->exec(); + + killme(); + + } + + } + + function post() { + if(! local_channel()) + return; + + $channel = \App::get_channel(); + $principalUri = 'principals/' . $channel['channel_address']; + + if(!cdav_principal($principalUri)) + return; + + $pdo = \DBA::$dba->db; + + require_once 'vendor/autoload.php'; + + if(argc() == 2 && argv(1) === 'calendar') { + + $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); + $calendars = $caldavBackend->getCalendarsForUser($principalUri); + + //create new calendar + if($_REQUEST['{DAV:}displayname'] && $_REQUEST['create']) { + do { + $duplicate = false; + $calendarUri = random_string(40); + + $r = q("SELECT uri FROM calendarinstances WHERE principaluri = '%s' AND uri = '%s' LIMIT 1", + dbesc($principalUri), + dbesc($calendarUri) + ); + + if (count($r)) + $duplicate = true; + } while ($duplicate == true); + + $properties = [ + '{DAV:}displayname' => $_REQUEST['{DAV:}displayname'], + '{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color'], + '{urn:ietf:params:xml:ns:caldav}calendar-description' => $channel['channel_name'] + ]; + + $id = $caldavBackend->createCalendar($principalUri, $calendarUri, $properties); + + // set new calendar to be visible + set_pconfig(local_channel(), 'cdav_calendar' , $id[0], 1); + } + + //create new calendar object via ajax request + if($_REQUEST['submit'] === 'create_event' && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) { + + $id = explode(':', $_REQUEST['target']); + + if(!cdav_perms($id[0],$calendars,true)) + return; + + $title = $_REQUEST['title']; + $dtstart = new \DateTime($_REQUEST['dtstart']); + if($_REQUEST['dtend']) + $dtend = new \DateTime($_REQUEST['dtend']); + $description = $_REQUEST['description']; + $location = $_REQUEST['location']; + + do { + $duplicate = false; + $objectUri = random_string(40) . '.ics'; + + $r = q("SELECT uri FROM calendarobjects WHERE calendarid = %s AND uri = '%s' LIMIT 1", + intval($id[0]), + dbesc($objectUri) + ); + + if (count($r)) + $duplicate = true; + } while ($duplicate == true); + + + $vcalendar = new \Sabre\VObject\Component\VCalendar([ + 'VEVENT' => [ + 'SUMMARY' => $title, + 'DTSTART' => $dtstart + ] + ]); + if($dtend) + $vcalendar->VEVENT->add('DTEND', $dtend); + if($description) + $vcalendar->VEVENT->add('DESCRIPTION', $description); + if($location) + $vcalendar->VEVENT->add('LOCATION', $location); + + $calendarData = $vcalendar->serialize(); + + $caldavBackend->createCalendarObject($id, $objectUri, $calendarData); + + killme(); + } + + //edit calendar name and color + if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && $_REQUEST['id']) { + + $id = explode(':', $_REQUEST['id']); + + if(! cdav_perms($id[0],$calendars)) + return; + + $mutations = [ + '{DAV:}displayname' => $_REQUEST['{DAV:}displayname'], + '{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color'] + ]; + + $patch = new \Sabre\DAV\PropPatch($mutations); + + $caldavBackend->updateCalendar($id, $patch); + + $patch->commit(); + + } + + //edit calendar object via ajax request + if($_REQUEST['submit'] === 'update_event' && $_REQUEST['uri'] && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) { + + $id = explode(':', $_REQUEST['target']); + + if(!cdav_perms($id[0],$calendars,true)) + return; + + $uri = $_REQUEST['uri']; + $title = $_REQUEST['title']; + $dtstart = new \DateTime($_REQUEST['dtstart']); + $dtend = $_REQUEST['dtend'] ? new \DateTime($_REQUEST['dtend']) : ''; + $description = $_REQUEST['description']; + $location = $_REQUEST['location']; + + $object = $caldavBackend->getCalendarObject($id, $uri); + + $vcalendar = \Sabre\VObject\Reader::read($object['calendardata']); + + if($title) + $vcalendar->VEVENT->SUMMARY = $title; + if($dtstart) + $vcalendar->VEVENT->DTSTART = $dtstart; + if($dtend) + $vcalendar->VEVENT->DTEND = $dtend; + else + unset($vcalendar->VEVENT->DTEND); + if($description) + $vcalendar->VEVENT->DESCRIPTION = $description; + if($location) + $vcalendar->VEVENT->LOCATION = $location; + + $calendarData = $vcalendar->serialize(); + + $caldavBackend->updateCalendarObject($id, $uri, $calendarData); + + killme(); + } + + //delete calendar object via ajax request + if($_REQUEST['delete'] && $_REQUEST['uri'] && $_REQUEST['target']) { + + $id = explode(':', $_REQUEST['target']); + + if(!cdav_perms($id[0],$calendars,true)) + return; + + $uri = $_REQUEST['uri']; + + $caldavBackend->deleteCalendarObject($id, $uri); + + killme(); + } + + //edit calendar object date/timeme via ajax request (drag and drop) + if($_REQUEST['update'] && $_REQUEST['id'] && $_REQUEST['uri']) { + + $id = [$_REQUEST['id'][0], $_REQUEST['id'][1]]; + + if(!cdav_perms($id[0],$calendars,true)) + return; + + $uri = $_REQUEST['uri']; + $dtstart = new \DateTime($_REQUEST['dtstart']); + $dtend = $_REQUEST['dtend'] ? new \DateTime($_REQUEST['dtend']) : ''; + + $object = $caldavBackend->getCalendarObject($id, $uri); + + $vcalendar = \Sabre\VObject\Reader::read($object['calendardata']); + + if($dtstart) { + $vcalendar->VEVENT->DTSTART = $dtstart; + } + if($dtend) { + $vcalendar->VEVENT->DTEND = $dtend; + } + else { + unset($vcalendar->VEVENT->DTEND); + } + + $calendarData = $vcalendar->serialize(); + + $caldavBackend->updateCalendarObject($id, $uri, $calendarData); + + killme(); + } + + //share a calendar - this only works on local system (with channels on the same server) + if($_REQUEST['sharee'] && $_REQUEST['share']) { + + $id = [intval($_REQUEST['calendarid']), intval($_REQUEST['instanceid'])]; + + if(! cdav_perms($id[0],$calendars)) + return; + + $hash = $_REQUEST['sharee']; + + $sharee_arr = channelx_by_hash($hash); + + $sharee = new \Sabre\DAV\Xml\Element\Sharee(); + + $sharee->href = 'mailto:' . $sharee_arr['xchan_addr']; + $sharee->principal = 'principals/' . $sharee_arr['channel_address']; + $sharee->access = intval($_REQUEST['access']); + $sharee->properties = ['{DAV:}displayname' => $channel['channel_name']]; + + $caldavBackend->updateInvites($id, [$sharee]); + } + } + + if(argc() >= 2 && argv(1) === 'addressbook') { + + $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo); + $addressbooks = $carddavBackend->getAddressBooksForUser($principalUri); + + //create new addressbook + if($_REQUEST['{DAV:}displayname'] && $_REQUEST['create']) { + do { + $duplicate = false; + $addressbookUri = random_string(20); + + $r = q("SELECT uri FROM addressbooks WHERE principaluri = '%s' AND uri = '%s' LIMIT 1", + dbesc($principalUri), + dbesc($addressbookUri) + ); + + if (count($r)) + $duplicate = true; + } while ($duplicate == true); + + $properties = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname']]; + + $carddavBackend->createAddressBook($principalUri, $addressbookUri, $properties); + } + + //edit addressbook + if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && intval($_REQUEST['id'])) { + + $id = $_REQUEST['id']; + + if(! cdav_perms($id,$addressbooks)) + return; + + $mutations = [ + '{DAV:}displayname' => $_REQUEST['{DAV:}displayname'] + ]; + + $patch = new \Sabre\DAV\PropPatch($mutations); + + $carddavBackend->updateAddressBook($id, $patch); + + $patch->commit(); + } + + //create addressbook card + if($_REQUEST['create'] && $_REQUEST['target'] && $_REQUEST['fn']) { + $id = $_REQUEST['target']; + + do { + $duplicate = false; + $uri = random_string(40) . '.vcf'; + + $r = q("SELECT uri FROM cards WHERE addressbookid = %s AND uri = '%s' LIMIT 1", + intval($id), + dbesc($uri) + ); + + if (count($r)) + $duplicate = true; + } while ($duplicate == true); + + //TODO: this mostly duplictes the procedure in update addressbook card. should move this part to a function to avoid duplication + $fn = $_REQUEST['fn']; + + $vcard = new \Sabre\VObject\Component\VCard([ + 'FN' => $fn, + 'N' => array_reverse(explode(' ', $fn)) + ]); + + $org = $_REQUEST['org']; + if($org) { + $vcard->ORG = $org; + } + + $title = $_REQUEST['title']; + if($title) { + $vcard->TITLE = $title; + } + + $tel = $_REQUEST['tel']; + $tel_type = $_REQUEST['tel_type']; + if($tel) { + $i = 0; + foreach($tel as $item) { + if($item) { + $vcard->add('TEL', $item, ['type' => $tel_type[$i]]); + } + $i++; + } + } + + $email = $_REQUEST['email']; + $email_type = $_REQUEST['email_type']; + if($email) { + $i = 0; + foreach($email as $item) { + if($item) { + $vcard->add('EMAIL', $item, ['type' => $email_type[$i]]); + } + $i++; + } + } + + $impp = $_REQUEST['impp']; + $impp_type = $_REQUEST['impp_type']; + if($impp) { + $i = 0; + foreach($impp as $item) { + if($item) { + $vcard->add('IMPP', $item, ['type' => $impp_type[$i]]); + } + $i++; + } + } + + $url = $_REQUEST['url']; + $url_type = $_REQUEST['url_type']; + if($url) { + $i = 0; + foreach($url as $item) { + if($item) { + $vcard->add('URL', $item, ['type' => $url_type[$i]]); + } + $i++; + } + } + + $adr = $_REQUEST['adr']; + $adr_type = $_REQUEST['adr_type']; + + if($adr) { + $i = 0; + foreach($adr as $item) { + if($item) { + $vcard->add('ADR', $item, ['type' => $adr_type[$i]]); + } + $i++; + } + } + + $note = $_REQUEST['note']; + if($note) { + $vcard->NOTE = $note; + } + + $cardData = $vcard->serialize(); + + $carddavBackend->createCard($id, $uri, $cardData); + + } + + //edit addressbook card + if($_REQUEST['update'] && $_REQUEST['uri'] && $_REQUEST['target']) { + + $id = $_REQUEST['target']; + + if(!cdav_perms($id,$addressbooks)) + return; + + $uri = $_REQUEST['uri']; + + $object = $carddavBackend->getCard($id, $uri); + $vcard = \Sabre\VObject\Reader::read($object['carddata']); + + $fn = $_REQUEST['fn']; + if($fn) { + $vcard->FN = $fn; + $vcard->N = array_reverse(explode(' ', $fn)); + } + + $org = $_REQUEST['org']; + if($org) { + $vcard->ORG = $org; + } + else { + unset($vcard->ORG); + } + + $title = $_REQUEST['title']; + if($title) { + $vcard->TITLE = $title; + } + else { + unset($vcard->TITLE); + } + + $tel = $_REQUEST['tel']; + $tel_type = $_REQUEST['tel_type']; + if($tel) { + $i = 0; + unset($vcard->TEL); + foreach($tel as $item) { + if($item) { + $vcard->add('TEL', $item, ['type' => $tel_type[$i]]); + } + $i++; + } + } + else { + unset($vcard->TEL); + } + + $email = $_REQUEST['email']; + $email_type = $_REQUEST['email_type']; + if($email) { + $i = 0; + unset($vcard->EMAIL); + foreach($email as $item) { + if($item) { + $vcard->add('EMAIL', $item, ['type' => $email_type[$i]]); + } + $i++; + } + } + else { + unset($vcard->EMAIL); + } + + $impp = $_REQUEST['impp']; + $impp_type = $_REQUEST['impp_type']; + if($impp) { + $i = 0; + unset($vcard->IMPP); + foreach($impp as $item) { + if($item) { + $vcard->add('IMPP', $item, ['type' => $impp_type[$i]]); + } + $i++; + } + } + else { + unset($vcard->IMPP); + } + + $url = $_REQUEST['url']; + $url_type = $_REQUEST['url_type']; + if($url) { + $i = 0; + unset($vcard->URL); + foreach($url as $item) { + if($item) { + $vcard->add('URL', $item, ['type' => $url_type[$i]]); + } + $i++; + } + } + else { + unset($vcard->URL); + } + + $adr = $_REQUEST['adr']; + $adr_type = $_REQUEST['adr_type']; + if($adr) { + $i = 0; + unset($vcard->ADR); + foreach($adr as $item) { + if($item) { + $vcard->add('ADR', $item, ['type' => $adr_type[$i]]); + } + $i++; + } + } + else { + unset($vcard->ADR); + } + + $note = $_REQUEST['note']; + if($note) { + $vcard->NOTE = $note; + } + else { + unset($vcard->NOTE); + } + + $cardData = $vcard->serialize(); + + $carddavBackend->updateCard($id, $uri, $cardData); + } + + //delete addressbook card + if($_REQUEST['delete'] && $_REQUEST['uri'] && $_REQUEST['target']) { + + $id = $_REQUEST['target']; + + if(!cdav_perms($id,$addressbooks)) + return; + + $uri = $_REQUEST['uri']; + + $carddavBackend->deleteCard($id, $uri); + } + } + + //Import calendar or addressbook + if(($_FILES) && array_key_exists('userfile',$_FILES) && intval($_FILES['userfile']['size']) && $_REQUEST['target']) { + + $src = @file_get_contents($_FILES['userfile']['tmp_name']); + + if($src) { + + if($_REQUEST['c_upload']) { + $id = explode(':', $_REQUEST['target']); + $ext = 'ics'; + $table = 'calendarobjects'; + $column = 'calendarid'; + $objects = new \Sabre\VObject\Splitter\ICalendar($src); + $profile = \Sabre\VObject\Node::PROFILE_CALDAV; + $backend = new \Sabre\CalDAV\Backend\PDO($pdo); + } + + if($_REQUEST['a_upload']) { + $id[] = intval($_REQUEST['target']); + $ext = 'vcf'; + $table = 'cards'; + $column = 'addressbookid'; + $objects = new \Sabre\VObject\Splitter\VCard($src); + $profile = \Sabre\VObject\Node::PROFILE_CARDDAV; + $backend = new \Sabre\CardDAV\Backend\PDO($pdo); + } + + while ($object = $objects->getNext()) { + + if($_REQUEST['a_upload']) { + $object = $object->convert(\Sabre\VObject\Document::VCARD40); + } + + $ret = $object->validate($profile & \Sabre\VObject\Node::REPAIR); + + //level 3 Means that the document is invalid, + //level 2 means a warning. A warning means it's valid but it could cause interopability issues, + //level 1 means that there was a problem earlier, but the problem was automatically repaired. + + if($ret[0]['level'] < 3) { + do { + $duplicate = false; + $objectUri = random_string(40) . '.' . $ext; + + $r = q("SELECT uri FROM $table WHERE $column = %d AND uri = '%s' LIMIT 1", + dbesc($id[0]), + dbesc($objectUri) + ); + + if (count($r)) + $duplicate = true; + } while ($duplicate == true); + + if($_REQUEST['c_upload']) { + $backend->createCalendarObject($id, $objectUri, $object->serialize()); + } + + if($_REQUEST['a_upload']) { + $backend->createCard($id[0], $objectUri, $object->serialize()); + } + } + else { + if($_REQUEST['c_upload']) { + notice( '<strong>' . t('INVALID EVENT DISMISSED!') . '</strong>' . EOL . + '<strong>' . t('Summary: ') . '</strong>' . (($object->VEVENT->SUMMARY) ? $object->VEVENT->SUMMARY : t('Unknown')) . EOL . + '<strong>' . t('Date: ') . '</strong>' . (($object->VEVENT->DTSTART) ? $object->VEVENT->DTSTART : t('Unknown')) . EOL . + '<strong>' . t('Reason: ') . '</strong>' . $ret[0]['message'] . EOL + ); + } + + if($_REQUEST['a_upload']) { + notice( '<strong>' . t('INVALID CARD DISMISSED!') . '</strong>' . EOL . + '<strong>' . t('Name: ') . '</strong>' . (($object->FN) ? $object->FN : t('Unknown')) . EOL . + '<strong>' . t('Reason: ') . '</strong>' . $ret[0]['message'] . EOL + ); + } + } + } + } + @unlink($src); + } + } + + function get() { + + if(!local_channel()) + return; + + $channel = \App::get_channel(); + $principalUri = 'principals/' . $channel['channel_address']; + + $pdo = \DBA::$dba->db; + + require_once 'vendor/autoload.php'; + + head_add_css('cdav.css'); + + if(!cdav_principal($principalUri)) { + $this->activate($pdo, $channel); + if(!cdav_principal($principalUri)) { + return; + } + } + + if(argv(1) === 'calendar') { + nav_set_selected(t('CalDAV')); + $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); + $calendars = $caldavBackend->getCalendarsForUser($principalUri); + } + + //Display calendar(s) here + if(argc() == 2 && argv(1) === 'calendar') { + + head_add_css('/library/fullcalendar/fullcalendar.css'); + head_add_css('cdav_calendar.css'); + + head_add_js('/library/moment/moment.min.js', 1); + head_add_js('/library/fullcalendar/fullcalendar.min.js', 1); + head_add_js('/library/fullcalendar/locale-all.js', 1); + + foreach($calendars as $calendar) { + $editable = (($calendar['share-access'] == 2) ? 'false' : 'true'); // false/true must be string since we're passing it to javascript + $color = (($calendar['{http://apple.com/ns/ical/}calendar-color']) ? $calendar['{http://apple.com/ns/ical/}calendar-color'] : '#3a87ad'); + $sharer = (($calendar['share-access'] == 3) ? $calendar['{urn:ietf:params:xml:ns:caldav}calendar-description'] : ''); + $switch = get_pconfig(local_channel(), 'cdav_calendar', $calendar['id'][0]); + if($switch) { + $sources .= '{ + url: \'/cdav/calendar/json/' . $calendar['id'][0] . '/' . $calendar['id'][1] . '\', + color: \'' . $color . '\' + }, '; + } + + if($calendar['share-access'] != 2) { + $writable_calendars[] = [ + 'displayname' => $calendar['{DAV:}displayname'], + 'sharer' => $sharer, + 'id' => $calendar['id'] + ]; + } + } + + $sources = rtrim($sources, ', '); + + $first_day = get_pconfig(local_channel(),'system','cal_first_day'); + $first_day = (($first_day) ? $first_day : 0); + + $title = ['title', t('Event title')]; + $dtstart = ['dtstart', t('Start date and time'), '', t('Example: YYYY-MM-DD HH:mm')]; + $dtend = ['dtend', t('End date and time'), '', t('Example: YYYY-MM-DD HH:mm')]; + $description = ['description', t('Description')]; + $location = ['location', t('Location')]; + + $o .= replace_macros(get_markup_template('cdav_calendar.tpl'), [ + '$sources' => $sources, + '$color' => $color, + '$lang' => \App::$language, + '$first_day' => $first_day, + '$prev' => t('Previous'), + '$next' => t('Next'), + '$today' => t('Today'), + '$month' => t('Month'), + '$week' => t('Week'), + '$day' => t('Day'), + '$list_month' => t('List month'), + '$list_week' => t('List week'), + '$list_day' => t('List day'), + '$title' => $title, + '$writable_calendars' => $writable_calendars, + '$dtstart' => $dtstart, + '$dtend' => $dtend, + '$description' => $description, + '$location' => $location, + '$more' => t('More'), + '$less' => t('Less'), + '$calendar_select_label' => t('Select calendar'), + '$delete' => t('Delete'), + '$delete_all' => t('Delete all'), + '$cancel' => t('Cancel'), + '$recurrence_warning' => t('Sorry! Editing of recurrent events is not yet implemented.') + ]); + + return $o; + + } + + //Provide json data for calendar + if(argc() == 5 && argv(1) === 'calendar' && argv(2) === 'json' && intval(argv(3)) && intval(argv(4))) { + + $id = [argv(3), argv(4)]; + + if(! cdav_perms($id[0],$calendars)) + killme(); + + if (x($_GET,'start')) + $start = new \DateTime($_GET['start']); + if (x($_GET,'end')) + $end = new \DateTime($_GET['end']); + + $filters['name'] = 'VCALENDAR'; + $filters['prop-filters'][0]['name'] = 'VEVENT'; + $filters['comp-filters'][0]['name'] = 'VEVENT'; + $filters['comp-filters'][0]['time-range']['start'] = $start; + $filters['comp-filters'][0]['time-range']['end'] = $end; + + $uris = $caldavBackend->calendarQuery($id, $filters); + if($uris) { + + $objects = $caldavBackend->getMultipleCalendarObjects($id, $uris); + + foreach($objects as $object) { + + $vcalendar = \Sabre\VObject\Reader::read($object['calendardata']); + + if(isset($vcalendar->VEVENT->RRULE)) + $vcalendar = $vcalendar->expand($start, $end); + + foreach($vcalendar->VEVENT as $vevent) { + $title = (string)$vevent->SUMMARY; + $dtstart = (string)$vevent->DTSTART; + $dtend = (string)$vevent->DTEND; + $description = (string)$vevent->DESCRIPTION; + $location = (string)$vevent->LOCATION; + + $rw = ((cdav_perms($id[0],$calendars,true)) ? true : false); + $recurrent = ((isset($vevent->{'RECURRENCE-ID'})) ? true : false); + + $editable = $rw ? true : false; + + if($recurrent) + $editable = false; + + $allDay = false; + + // allDay event rules + if(!strpos($dtstart, 'T') && !strpos($dtend, 'T')) + $allDay = true; + if(strpos($dtstart, 'T000000') && strpos($dtend, 'T000000')) + $allDay = true; + + $events[] = [ + 'calendar_id' => $id, + 'uri' => $object['uri'], + 'title' => $title, + 'start' => $dtstart, + 'end' => $dtend, + 'description' => $description, + 'location' => $location, + 'allDay' => $allDay, + 'editable' => $editable, + 'recurrent' => $recurrent, + 'rw' => $rw + ]; + } + } + json_return_and_die($events); + } + else { + killme(); + } + } + + //enable/disable calendars + if(argc() == 5 && argv(1) === 'calendar' && argv(2) === 'switch' && intval(argv(3)) && (argv(4) == 1 || argv(4) == 0)) { + $id = argv(3); + + if(! cdav_perms($id,$calendars)) + killme(); + + set_pconfig(local_channel(), 'cdav_calendar' , argv(3), argv(4)); + killme(); + } + + //drop calendar + if(argc() == 5 && argv(1) === 'calendar' && argv(2) === 'drop' && intval(argv(3)) && intval(argv(4))) { + $id = [argv(3), argv(4)]; + + if(! cdav_perms($id[0],$calendars)) + killme(); + + $caldavBackend->deleteCalendar($id); + killme(); + } + + //drop sharee + if(argc() == 6 && argv(1) === 'calendar' && argv(2) === 'dropsharee' && intval(argv(3)) && intval(argv(4))) { + + $id = [argv(3), argv(4)]; + $hash = argv(5); + + if(! cdav_perms($id[0],$calendars)) + killme(); + + $sharee_arr = channelx_by_hash($hash); + + $sharee = new \Sabre\DAV\Xml\Element\Sharee(); + + $sharee->href = 'mailto:' . $sharee_arr['xchan_addr']; + $sharee->principal = 'principals/' . $sharee_arr['channel_address']; + $sharee->access = 4; + $caldavBackend->updateInvites($id, [$sharee]); + + killme(); + } + + + if(argv(1) === 'addressbook') { + nav_set_selected(t('CardDAV')); + $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo); + $addressbooks = $carddavBackend->getAddressBooksForUser($principalUri); + } + + //Display Adressbook here + if(argc() == 3 && argv(1) === 'addressbook' && intval(argv(2))) { + + $id = argv(2); + + $displayname = cdav_perms($id,$addressbooks); + + if(!$displayname) + return; + + head_add_css('cdav_addressbook.css'); + + $o = ''; + + $sabrecards = $carddavBackend->getCards($id); + foreach($sabrecards as $sabrecard) { + $uris[] = $sabrecard['uri']; + } + + if($uris) { + $objects = $carddavBackend->getMultipleCards($id, $uris); + + foreach($objects as $object) { + $vcard = \Sabre\VObject\Reader::read($object['carddata']); + + $photo = ''; + if($vcard->PHOTO) { + $photo_value = strtolower($vcard->PHOTO->getValueType()); // binary or uri + if($photo_value === 'binary') { + $photo_type = strtolower($vcard->PHOTO['TYPE']); // mime jpeg, png or gif + $photo = 'data:image/' . $photo_type . ';base64,' . base64_encode((string)$vcard->PHOTO); + } + else { + $url = parse_url((string)$vcard->PHOTO); + $photo = 'data:' . $url['path']; + } + } + + $fn = ''; + if($vcard->FN) { + $fn = (string)$vcard->FN; + } + + $org = ''; + if($vcard->ORG) { + $org = (string)$vcard->ORG; + } + + $title = ''; + if($vcard->TITLE) { + $title = (string)$vcard->TITLE; + } + + $tels = []; + if($vcard->TEL) { + foreach($vcard->TEL as $tel) { + $type = (($tel['TYPE']) ? translate_type((string)$tel['TYPE']) : ''); + $tels[] = [ + 'type' => $type, + 'nr' => (string)$tel + ]; + } + } + + $emails = []; + if($vcard->EMAIL) { + foreach($vcard->EMAIL as $email) { + $type = (($email['TYPE']) ? translate_type((string)$email['TYPE']) : ''); + $emails[] = [ + 'type' => $type, + 'address' => (string)$email + ]; + } + } + + $impps = []; + if($vcard->IMPP) { + foreach($vcard->IMPP as $impp) { + $type = (($impp['TYPE']) ? translate_type((string)$impp['TYPE']) : ''); + $impps[] = [ + 'type' => $type, + 'address' => (string)$impp + ]; + } + } + + $urls = []; + if($vcard->URL) { + foreach($vcard->URL as $url) { + $type = (($url['TYPE']) ? translate_type((string)$url['TYPE']) : ''); + $urls[] = [ + 'type' => $type, + 'address' => (string)$url + ]; + } + } + + $adrs = []; + if($vcard->ADR) { + foreach($vcard->ADR as $adr) { + $type = (($adr['TYPE']) ? translate_type((string)$adr['TYPE']) : ''); + $adrs[] = [ + 'type' => $type, + 'address' => $adr->getParts() + ]; + } + } + + $note = ''; + if($vcard->NOTE) { + $note = (string)$vcard->NOTE; + } + + $cards[] = [ + 'id' => $object['id'], + 'uri' => $object['uri'], + + 'photo' => $photo, + 'fn' => $fn, + 'org' => $org, + 'title' => $title, + 'tels' => $tels, + 'emails' => $emails, + 'impps' => $impps, + 'urls' => $urls, + 'adrs' => $adrs, + 'note' => $note + ]; + } + + usort($cards, function($a, $b) { return strcasecmp($a['fn'], $b['fn']); }); + } + + $o .= replace_macros(get_markup_template('cdav_addressbook.tpl'), [ + '$id' => $id, + '$cards' => $cards, + '$displayname' => $displayname, + '$name_label' => t('Name'), + '$org_label' => t('Organisation'), + '$title_label' => t('Title'), + '$tel_label' => t('Phone'), + '$email_label' => t('Email'), + '$impp_label' => t('Instant messenger'), + '$url_label' => t('Website'), + '$adr_label' => t('Address'), + '$note_label' => t('Note'), + '$mobile' => t('Mobile'), + '$home' => t('Home'), + '$work' => t('Work'), + '$other' => t('Other'), + '$add_card' => t('Add Contact'), + '$add_field' => t('Add Field'), + '$create' => t('Create'), + '$update' => t('Update'), + '$delete' => t('Delete'), + '$cancel' => t('Cancel'), + '$po_box' => t('P.O. Box'), + '$extra' => t('Additional'), + '$street' => t('Street'), + '$locality' => t('Locality'), + '$region' => t('Region'), + '$zip_code' => t('ZIP Code'), + '$country' => t('Country') + ]); + + return $o; + } + + //delete addressbook + if(argc() > 3 && argv(1) === 'addressbook' && argv(2) === 'drop' && intval(argv(3))) { + $id = argv(3); + + if(! cdav_perms($id,$addressbooks)) + return; + + $carddavBackend->deleteAddressBook($id); + killme(); + } + + } + + function activate($pdo, $channel) { + + if(! $channel) + return; + + $uri = 'principals/' . $channel['channel_address']; + + + $r = q("select * from principals where uri = '%s' limit 1", + dbesc($uri) + ); + if($r) { + $r = q("update principals set email = '%s', displayname = '%s' where uri = '%s' ", + dbesc($channel['xchan_addr']), + dbesc($channel['channel_name']), + dbesc($uri) + ); + } + else { + $r = q("insert into principals ( uri, email, displayname ) values('%s','%s','%s') ", + dbesc($uri), + dbesc($channel['xchan_addr']), + dbesc($channel['channel_name']) + ); + + //create default calendar + $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); + $properties = [ + '{DAV:}displayname' => t('Default Calendar'), + '{http://apple.com/ns/ical/}calendar-color' => '#3a87ad', + '{urn:ietf:params:xml:ns:caldav}calendar-description' => $channel['channel_name'] + ]; + + $id = $caldavBackend->createCalendar($uri, 'default', $properties); + set_pconfig(local_channel(), 'cdav_calendar' , $id[0], 1); + + //create default addressbook + $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo); + $properties = ['{DAV:}displayname' => t('Default Addressbook')]; + $carddavBackend->createAddressBook($uri, $default, $properties); + + } + } + + +} diff --git a/Zotlabs/Module/Changeaddr.php b/Zotlabs/Module/Changeaddr.php new file mode 100644 index 000000000..5cd236394 --- /dev/null +++ b/Zotlabs/Module/Changeaddr.php @@ -0,0 +1,88 @@ +<?php +namespace Zotlabs\Module; + + +class Changeaddr extends \Zotlabs\Web\Controller { + + function post() { + + if(! local_channel()) + return; + + if($_SESSION['delegate']) + return; + + if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password'])))) + return; + + if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify'])))) + return; + + if($_POST['verify'] !== $_SESSION['remove_account_verify']) + return; + + + $account = \App::get_account(); + $channel = \App::get_channel(); + + $x = account_verify_password($account['account_email'],$_POST['qxz_password']); + if(! ($x && $x['account'])) + return; + + if($account['account_password_changed'] > NULL_DATE) { + $d1 = datetime_convert('UTC','UTC','now - 48 hours'); + if($account['account_password_changed'] > d1) { + notice( t('Channel name changes are not allowed within 48 hours of changing the account password.') . EOL); + return; + } + } + + $new_address = trim($_POST['newname']); + + if($new_address === $channel['channel_address']) + return; + + if($new_address === 'sys') { + notice( t('Reserved nickname. Please choose another.') . EOL); + return; + } + + if(check_webbie(array($new_address)) !== $new_address) { + notice( t('Nickname has unsupported characters or is already being used on this site.') . EOL); + return $ret; + } + + channel_change_address($channel,$new_address); + + goaway(z_root() . '/changeaddr'); + + } + + + function get() { + + if(! local_channel()) + goaway(z_root()); + + $channel = \App::get_channel(); + + $hash = random_string(); + + $_SESSION['remove_account_verify'] = $hash; + + $tpl = get_markup_template('channel_rename.tpl'); + $o .= replace_macros($tpl, array( + '$basedir' => z_root(), + '$hash' => $hash, + '$title' => t('Change channel nickname/address'), + '$desc' => array(t('WARNING: '), t('Any/all connections on other networks will be lost!')), + '$passwd' => t('Please enter your password for verification:'), + '$newname' => array('newname', t('New channel address'),$channel['channel_address'], ''), + '$submit' => t('Rename Channel') + )); + + return $o; + + } + +} diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 45da92184..8550c69cd 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -41,12 +41,20 @@ class Channel extends \Zotlabs\Web\Controller { $profile = argv(1); } - \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Posts and comments') . '" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n" ; - \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Only posts') . '" href="' . z_root() . '/feed/' . $which . '?top=1" />' . "\r\n" ; + head_add_link( [ + 'rel' => 'alternate', + 'type' => 'application/atom+xml', + 'title' => t('Posts and comments'), + 'href' => z_root() . '/feed/' . $which + ]); + + head_add_link( [ + 'rel' => 'alternate', + 'type' => 'application/atom+xml', + 'title' => t('Only posts'), + 'href' => z_root() . '/feed/' . $which . '?f=&top=1' + ]); - // Not yet ready for prime time - // \App::$page['htmlhead'] .= '<link rel="openid.server" href="' . z_root() . '/id/' . $which .'?f=" />' . "\r\n" ; - // \App::$page['htmlhead'] .= '<link rel="openid.delegate" href="' . z_root() . '/channel/' . $which .'" />' . "\r\n" ; // Run profile_load() here to make sure the theme is set before // we start loading content @@ -86,7 +94,7 @@ class Channel extends \Zotlabs\Web\Controller { } else { if(\App::$profile['profile_uid'] == local_channel()) { - nav_set_selected('home'); + nav_set_selected(t('Channel Home')); } } @@ -113,9 +121,9 @@ class Channel extends \Zotlabs\Web\Controller { $static = channel_manual_conv_update(\App::$profile['profile_uid']); - $o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); + //$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); - $o .= common_friends_visitor_widget(\App::$profile['profile_uid']); + // $o .= common_friends_visitor_widget(\App::$profile['profile_uid']); if($channel && $is_owner) { $channel_acl = array( @@ -161,6 +169,7 @@ class Channel extends \Zotlabs\Web\Controller { */ $item_normal = item_normal(); + $item_normal_update = item_normal_update(); $sql_extra = item_permissions_sql(\App::$profile['profile_uid']); if(get_pconfig(\App::$profile['profile_uid'],'system','channel_list_mode') && (! $mid)) @@ -172,7 +181,12 @@ class Channel extends \Zotlabs\Web\Controller { $simple_update = (($update) ? " AND item_unseen = 1 " : ''); - \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n"; + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); if($update && $_SESSION['loadtime']) $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; @@ -180,12 +194,12 @@ class Channel extends \Zotlabs\Web\Controller { $simple_update = ''; if($static && $simple_update) - $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; + $simple_update .= " and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; if(($update) && (! $load)) { if($mid) { - $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal + $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal_update AND item_wall = 1 $simple_update $sql_extra limit 1", dbesc($mid . '%'), intval(\App::$profile['profile_uid']) @@ -195,7 +209,7 @@ class Channel extends \Zotlabs\Web\Controller { else { $r = q("SELECT distinct parent AS item_id, created from item left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) - WHERE uid = %d $item_normal + WHERE uid = %d $item_normal_update AND item_wall = 1 $simple_update AND (abook.abook_blocked = 0 or abook.abook_flags is null) $sql_extra @@ -209,10 +223,10 @@ class Channel extends \Zotlabs\Web\Controller { else { if(x($category)) { - $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY)); + $sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY)); } if(x($hashtags)) { - $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG)); + $sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG)); } if($datequery) { @@ -228,9 +242,9 @@ class Channel extends \Zotlabs\Web\Controller { if($load || ($checkjs->disabled())) { if($mid) { - $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $item_normal + $r = q("SELECT distinct parent AS item_id from item where mid like '%s' and uid = %d $item_normal AND item_wall = 1 $sql_extra limit 1", - dbesc($mid), + dbesc($mid . '%'), intval(\App::$profile['profile_uid']) ); if (! $r) { @@ -313,11 +327,12 @@ class Channel extends \Zotlabs\Web\Controller { '$static' => $static, '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1), '$search' => '', + '$xchan' => '', '$order' => '', '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$file' => '', - '$cats' => (($category) ? $category : ''), - '$tags' => (($hashtags) ? $hashtags : ''), + '$cats' => (($category) ? urlencode($category) : ''), + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), '$mid' => $mid, '$verb' => '', '$dend' => $datequery, @@ -349,17 +364,21 @@ class Channel extends \Zotlabs\Web\Controller { } if($is_owner && $update_unseen) { - $r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen", - intval(local_channel()) - ); + $x = [ 'channel_id' => local_channel(), 'update' => 'unset' ]; + call_hooks('update_unseen',$x); + if($x['update'] === 'unset' || intval($x['update'])) { + $r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen", + intval(local_channel()) + ); + } } if($checkjs->disabled()) { - $o .= conversation($a,$items,'channel',$update,'traditional'); + $o .= conversation($items,'channel',$update,'traditional'); } else { - $o .= conversation($a,$items,'channel',$update,$page_mode); + $o .= conversation($items,'channel',$update,$page_mode); } if((! $update) || ($checkjs->disabled())) { diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index 01ee74d5a..24ab9b022 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -102,27 +102,32 @@ class Chanview extends \Zotlabs\Web\Controller { } $is_zot = false; + $connected = false; if (\App::$poi) { $url = \App::$poi['xchan_url']; if(\App::$poi['xchan_network'] === 'zot') { $is_zot = true; } + if(local_channel()) { + $c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s' limit 1", + intval(local_channel()), + dbesc(\App::$poi['xchan_hash']) + ); + if($c) + $connected = true; + } } - + // We will load the chanview template if it's a foreign network, // just so that we can provide a connect button along with a profile // photo. Chances are we can't load the remote profile into an iframe // because of cross-domain security headers. So provide a link to // the remote profile. - + // If we are already connected, just go to the profile. // Zot channels will usually have a connect link. - // If it isn't zot, 'pro' members won't be able to use the connect - // button as it is a foreign network so just send them to the remote - // profile. - - if($is_zot || \Zotlabs\Lib\System::get_server_role() === 'pro') { + if($is_zot || $connected) { if($is_zot && $observer) { $url = zid($url); } diff --git a/Zotlabs/Module/Chat.php b/Zotlabs/Module/Chat.php index 2c0e7a155..138ca1cb5 100644 --- a/Zotlabs/Module/Chat.php +++ b/Zotlabs/Module/Chat.php @@ -33,9 +33,7 @@ class Chat extends \Zotlabs\Web\Controller { $which = $channel['channel_address']; $profile = argv(1); } - - \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which .'" />' . "\r\n" ; - + // Run profile_load() here to make sure the theme is set before // we start loading content @@ -91,9 +89,11 @@ class Chat extends \Zotlabs\Web\Controller { function get() { - if(local_channel()) + if(local_channel()) { $channel = \App::get_channel(); - + nav_set_selected(t('My Chatrooms')); + } + $ob = \App::get_observer(); $observer = get_observer_hash(); if(! $observer) { @@ -212,7 +212,8 @@ class Chat extends \Zotlabs\Web\Controller { require_once('include/conversation.php'); - $o = profile_tabs($a,((local_channel() && local_channel() == \App::$profile['profile_uid']) ? true : false),\App::$profile['channel_address']); + //$o = profile_tabs($a,((local_channel() && local_channel() == \App::$profile['profile_uid']) ? true : false),\App::$profile['channel_address']); + $o = ''; if(! feature_enabled(\App::$profile['profile_uid'],'ajaxchat')) { notice( t('Feature disabled.') . EOL); diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index 1fda8e32b..75191a279 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -37,8 +37,6 @@ class Cloud extends \Zotlabs\Web\Controller { $profile = 0; - \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n"; - if ($which) profile_load( $which, $profile); @@ -59,16 +57,12 @@ class Cloud extends \Zotlabs\Web\Controller { $auth->observer = $ob_hash; } - if ($_GET['davguest']) - $_SESSION['davguest'] = true; $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']); $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']); - $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']); $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']); $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']); - $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']); $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth); @@ -92,12 +86,13 @@ class Cloud extends \Zotlabs\Web\Controller { // require_once('\Zotlabs\Storage/QuotaPlugin.php'); // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth)); - ob_start(); +// ob_start(); // All we need to do now, is to fire up the server $server->exec(); - ob_end_flush(); - +// ob_end_flush(); + if($browser->build_page) + construct_page(); killme(); } diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 950be660d..6ad1e9528 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -5,10 +5,6 @@ namespace Zotlabs\Module; require_once('include/socgraph.php'); require_once('include/selectors.php'); require_once('include/group.php'); -require_once('include/contact_widgets.php'); -require_once('include/zot.php'); -require_once('include/widgets.php'); - class Connections extends \Zotlabs\Web\Controller { @@ -23,7 +19,7 @@ class Connections extends \Zotlabs\Web\Controller { } - function get() { + function get() { $sort_type = 0; $o = ''; @@ -33,6 +29,8 @@ class Connections extends \Zotlabs\Web\Controller { notice( t('Permission denied.') . EOL); return login(); } + + nav_set_selected(t('Connections')); $blocked = false; $hidden = false; @@ -67,15 +65,14 @@ class Connections extends \Zotlabs\Web\Controller { $hidden = true; break; case 'archived': - $search_flags = " and abook_archived = 1 "; - $head = t('Archived'); + $search_flags = " and ( abook_archived = 1 OR abook_not_here = 1) "; + $head = t('Archived/Unreachable'); $archived = true; break; case 'pending': $search_flags = " and abook_pending = 1 "; $head = t('New'); $pending = true; - nav_set_selected('intros'); break; case 'ifpending': $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ", @@ -85,7 +82,6 @@ class Connections extends \Zotlabs\Web\Controller { $search_flags = " and abook_pending = 1 "; $head = t('New'); $pending = true; - nav_set_selected('intros'); \App::$argv[1] = 'pending'; } else { @@ -95,7 +91,6 @@ class Connections extends \Zotlabs\Web\Controller { \App::$argc = 1; unset(\App::$argv[1]); } - nav_set_selected('intros'); break; // case 'unconnected': // $search_flags = " and abook_unconnected = 1 "; @@ -172,10 +167,10 @@ class Connections extends \Zotlabs\Web\Controller { ), 'archived' => array( - 'label' => t('Archived'), + 'label' => t('Archived/Unreachable'), 'url' => z_root() . '/connections/archived', 'sel' => ($archived) ? 'active' : '', - 'title' => t('Only show archived connections'), + 'title' => t('Only show archived/unreachable connections'), ), 'hidden' => array( @@ -247,7 +242,8 @@ class Connections extends \Zotlabs\Web\Controller { ((intval($rr['abook_archived'])) ? t('Archived') : ''), ((intval($rr['abook_hidden'])) ? t('Hidden') : ''), ((intval($rr['abook_ignored'])) ? t('Ignored') : ''), - ((intval($rr['abook_blocked'])) ? t('Blocked') : '') + ((intval($rr['abook_blocked'])) ? t('Blocked') : ''), + ((intval($rr['abook_not_here'])) ? t('Not connected at this location') : '') ); foreach($status as $str) { @@ -261,15 +257,16 @@ class Connections extends \Zotlabs\Web\Controller { $contacts[] = array( 'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']), 'edit_hover' => t('Edit connection'), + 'edit' => t('Edit'), 'delete_hover' => t('Delete connection'), 'id' => $rr['abook_id'], 'thumb' => $rr['xchan_photo_m'], 'name' => $rr['xchan_name'], - 'classes' => (intval($rr['abook_archived']) ? 'archived' : ''), + 'classes' => ((intval($rr['abook_archived']) || intval($rr['abook_not_here'])) ? 'archived' : ''), 'link' => z_root() . '/connedit/' . $rr['abook_id'], 'deletelink' => z_root() . '/connedit/' . intval($rr['abook_id']) . '/drop', 'delete' => t('Delete'), - 'url' => chanlink_url($rr['xchan_url']), + 'url' => chanlink_hash($rr['xchan_hash']), 'webbie_label' => t('Channel address'), 'webbie' => $rr['xchan_addr'], 'network_label' => t('Network'), diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 7a753c286..23c5282e3 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -11,9 +11,6 @@ namespace Zotlabs\Module; require_once('include/socgraph.php'); require_once('include/selectors.php'); require_once('include/group.php'); -require_once('include/contact_widgets.php'); -require_once('include/zot.php'); -require_once('include/widgets.php'); require_once('include/photos.php'); @@ -251,6 +248,10 @@ class Connedit extends \Zotlabs\Web\Controller { notice( t('Failed to update connection record.') . EOL); if(! intval(\App::$poi['abook_self'])) { + if($new_friend) { + \Zotlabs\Daemon\Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); + } + \Zotlabs\Daemon\Master::Summon( [ 'Notifier', (($new_friend) ? 'permission_create' : 'permission_update'), @@ -391,30 +392,22 @@ class Connedit extends \Zotlabs\Web\Controller { $section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : ''); $channel = \App::get_channel(); - $my_perms = get_channel_default_perms(local_channel()); - $role = get_pconfig(local_channel(),'system','permissions_role'); - if($role) { - $x = \Zotlabs\Access\PermissionRoles::role_perms($role); - if($x['perms_connect']) - $my_perms = $x['perms_connect']; - } $yes_no = array(t('No'),t('Yes')); - if($my_perms) { - $o .= "<script>function connectDefaultShare() { - \$('.abook-edit-me').each(function() { - if(! $(this).is(':disabled')) - $(this).prop('checked', false); - });\n\n"; - $perms = get_perms(); - foreach($perms as $p => $v) { - if($my_perms & $v[1]) { - $o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n"; - } + $connect_perms = \Zotlabs\Access\Permissions::connect_perms(local_channel()); + + $o .= "<script>function connectDefaultShare() { + \$('.abook-edit-me').each(function() { + if(! $(this).is(':disabled')) + $(this).prop('checked', false); + });\n\n"; + foreach($connect_perms['perms'] as $p => $v) { + if($v) { + $o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n"; } - $o .= " }\n</script>\n"; } + $o .= " }\n</script>\n"; if(argc() == 3) { @@ -441,6 +434,34 @@ class Connedit extends \Zotlabs\Web\Controller { goaway(z_root() . '/connedit/' . $contact_id); } + + if($cmd === 'fetchvc') { + $url = str_replace('/channel/','/profile/',$orig_record[0]['xchan_url']) . '/vcard'; + $recurse = 0; + $x = z_fetch_url(zid($url),false,$recurse,['session' => true]); + if($x['success']) { + $h = new \Zotlabs\Web\HTTPHeaders($x['header']); + $fields = $h->fetch(); + if($fields) { + foreach($fields as $y) { + if(array_key_exists('content-type',$y)) { + $type = explode(';',trim($y['content-type'])); + if($type && $type[0] === 'text/vcard' && $x['body']) { + $vc = \Sabre\VObject\Reader::read($x['body']); + $vcard = $vc->serialize(); + if($vcard) { + set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'system','vcard',$vcard); + $this->connedit_clone($a); + } + } + } + } + } + } + goaway(z_root() . '/connedit/' . $contact_id); + } + + if($cmd === 'resetphoto') { q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s'", dbesc($orig_record[0]['xchan_hash']) @@ -582,6 +603,13 @@ class Connedit extends \Zotlabs\Web\Controller { 'sel' => '', 'title' => t('Fetch updated permissions'), ), + + 'rephoto' => array( + 'label' => t('Refresh Photo'), + 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/resetphoto', + 'sel' => '', + 'title' => t('Fetch updated photo'), + ), 'recent' => array( 'label' => t('Recent Activity'), @@ -631,6 +659,17 @@ class Connedit extends \Zotlabs\Web\Controller { ); + + if($contact['xchan_network'] === 'zot') { + $tools['fetchvc'] = [ + 'label' => t('Fetch Vcard'), + 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/fetchvc', + 'sel' => '', + 'title' => t('Fetch electronic calling card for this connection') + ]; + } + + $sections = []; $sections['perms'] = [ @@ -806,7 +845,23 @@ class Connedit extends \Zotlabs\Web\Controller { } } else - $locstr = t('none'); + $locstr = $contact['xchan_url']; + + $clone_warn = ''; + $clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false); + if(! $clonable) { + $clone_warn = '<strong>'; + $clone_warn .= ((intval($contact['abook_not_here'])) + ? t('This connection is unreachable from this location.') + : t('This connection may be unreachable from other channel locations.') + ); + $clone_warn .= '</strong><br>' . t('Location independence is not supported by their network.'); + } + + + + if(intval($contact['abook_not_here']) && $unclonable) + $not_here = t('This connection is unreachable from this location. Location independence is not supported by their network.'); $o .= replace_macros($tpl, [ '$header' => (($self) ? t('Connection Default Permissions') : sprintf( t('Connection: %s'),$contact['xchan_name'])), @@ -815,12 +870,14 @@ class Connedit extends \Zotlabs\Web\Controller { '$permcat_new' => t('Add permission role'), '$permcat_enable' => feature_enabled(local_channel(),'permcats'), '$addr' => $contact['xchan_addr'], + '$primeurl' => $contact['xchan_url'], '$section' => $section, '$sections' => $sections, '$vcard' => $vcard, '$addr_text' => t('This connection\'s primary address is'), '$loc_text' => t('Available locations:'), '$locstr' => $locstr, + '$unclonable' => $clone_warn, '$notself' => (($self) ? '' : '1'), '$self' => (($self) ? '1' : ''), '$autolbl' => t('The permissions indicated on this page will be applied to all new connections.'), diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index 72ec1020d..47bce6c2b 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -23,19 +23,17 @@ require_once('include/channel.php'); class Cover_photo extends \Zotlabs\Web\Controller { function init() { - if(! local_channel()) { return; } $channel = \App::get_channel(); - profile_load($channel['channel_address']); - + profile_load($channel['channel_address']); } - /* @brief Evaluate posted values + /** + * @brief Evaluate posted values * - * @param $a Current application * @return void * */ @@ -130,8 +128,15 @@ class Cover_photo extends \Zotlabs\Web\Controller { $aid = get_account_id(); - $p = array('aid' => $aid, 'uid' => local_channel(), 'resource_id' => $base_image['resource_id'], - 'filename' => $base_image['filename'], 'album' => t('Cover Photos')); + $p = [ + 'aid' => $aid, + 'uid' => local_channel(), + 'resource_id' => $base_image['resource_id'], + 'filename' => $base_image['filename'], + 'album' => t('Cover Photos'), + 'os_path' => $base_image['os_path'], + 'display_path' => $base_image['display_path'] + ]; $p['imgscale'] = 7; $p['photo_usage'] = PHOTO_COVER; @@ -195,11 +200,10 @@ class Cover_photo extends \Zotlabs\Web\Controller { $os_storage = false; foreach($i as $ii) { - $smallest = intval($ii['imgscale']); + $smallest = intval($ii['imgscale']); $os_storage = intval($ii['os_storage']); - $imagedata = $ii['content']; - $filetype = $ii['mimetype']; - + $imagedata = $ii['content']; + $filetype = $ii['mimetype']; } } @@ -263,10 +267,10 @@ class Cover_photo extends \Zotlabs\Web\Controller { } - /* @brief Generate content of profile-photo view + /** + * @brief Generate content of profile-photo view * - * @param $a Current application - * @return void + * @return string * */ @@ -350,15 +354,15 @@ class Cover_photo extends \Zotlabs\Web\Controller { $tpl = get_markup_template('cover_photo.tpl'); $o .= replace_macros($tpl,array( - '$user' => \App::$channel['channel_address'], - '$lbl_upfile' => t('Upload File:'), - '$lbl_profiles' => t('Select a profile:'), - '$title' => t('Upload Cover Photo'), - '$submit' => t('Upload'), - '$profiles' => $profiles, + '$user' => \App::$channel['channel_address'], + '$lbl_upfile' => t('Upload File:'), + '$lbl_profiles' => t('Select a profile:'), + '$title' => t('Upload Cover Photo'), + '$submit' => t('Upload'), + '$profiles' => $profiles, '$form_security_token' => get_form_security_token("cover_photo"), - // FIXME - yuk - '$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="'. z_root() . '/photos/' . \App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>') + /// @FIXME - yuk + '$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="'. z_root() . '/photos/' . \App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>') )); call_hooks('cover_photo_content_end', $o); @@ -370,14 +374,14 @@ class Cover_photo extends \Zotlabs\Web\Controller { $resolution = 3; $tpl = get_markup_template("cropcover.tpl"); $o .= replace_macros($tpl,array( - '$filename' => $filename, - '$profile' => intval($_REQUEST['profile']), - '$resource' => \App::$data['imagecrop'] . '-3', - '$image_url' => z_root() . '/photo/' . $filename, - '$title' => t('Crop Image'), - '$desc' => t('Please adjust the image cropping for optimum viewing.'), + '$filename' => $filename, + '$profile' => intval($_REQUEST['profile']), + '$resource' => \App::$data['imagecrop'] . '-3', + '$image_url' => z_root() . '/photo/' . $filename, + '$title' => t('Crop Image'), + '$desc' => t('Please adjust the image cropping for optimum viewing.'), '$form_security_token' => get_form_security_token("cover_photo"), - '$done' => t('Done Editing') + '$done' => t('Done Editing') )); return $o; } @@ -393,8 +397,6 @@ class Cover_photo extends \Zotlabs\Web\Controller { * */ - - function cover_photo_crop_ui_head(&$a, $ph, $hash, $smallest){ $max_length = get_config('system','max_image_length'); diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 8ae2e8991..d506fe9f5 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -12,6 +12,9 @@ use \Sabre\DAV as SDAV; use \Zotlabs\Storage; require_once('include/attach.php'); +require_once('include/auth.php'); +require_once('include/security.php'); + class Dav extends \Zotlabs\Web\Controller { @@ -21,22 +24,65 @@ class Dav extends \Zotlabs\Web\Controller { */ function init() { - // workaround for HTTP-auth in CGI mode - if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + + /* Basic authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') { + $userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + break; } - } - if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; + /* Signature authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + continue; + } + + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + if($sigblock) { + $keyId = $sigblock['keyId']; + if($keyId) { + $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + dbesc($keyId) + ); + if($r) { + $c = channelx_by_hash($r[0]['hubloc_hash']); + if($c) { + $a = q("select * from account where account_id = %d limit 1", + intval($c['channel_account_id']) + ); + if($a) { + $record = [ 'channel' => $c, 'account' => $a[0] ]; + $channel_login = $c['channel_id']; + } + } + } + if(! $record) + continue; + + if($record) { + $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); + if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { + $record = null; + } + if($record['account']) { + authenticate_success($record['account']); + if($channel_login) { + change_channel($channel_login); + } + } + break; + } + } + } } } diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 59ae88857..6268e99c6 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -4,7 +4,6 @@ namespace Zotlabs\Module; require_once('include/socgraph.php'); require_once('include/dir_fns.php'); -require_once('include/widgets.php'); require_once('include/bbcode.php'); @@ -78,7 +77,7 @@ class Directory extends \Zotlabs\Web\Controller { $pubforums = get_directory_setting($observer, 'pubforums'); $o = ''; - nav_set_selected('directory'); + nav_set_selected(t('Directory')); if(x($_POST,'search')) $search = notags(trim($_POST['search'])); @@ -234,7 +233,7 @@ class Directory extends \Zotlabs\Web\Controller { $age = ''; if(strlen($rr['birthday'])) { - if(($years = age($rr['birthday'],'UTC','')) != 0) + if(($years = age($rr['birthday'],'UTC','')) > 0) $age = $years; } diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 638aa881a..0ea55102e 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -1,60 +1,53 @@ <?php namespace Zotlabs\Module; +require_once("include/bbcode.php"); +require_once('include/security.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); +require_once('include/items.php'); class Display extends \Zotlabs\Web\Controller { function get($update = 0, $load = false) { - + $checkjs = new \Zotlabs\Web\CheckJS(1); if($load) $_SESSION['loadtime'] = datetime_convert(); - if(observer_prohibited()) { notice( t('Public access denied.') . EOL); return; } - require_once("include/bbcode.php"); - require_once('include/security.php'); - require_once('include/conversation.php'); - require_once('include/acl_selectors.php'); - require_once('include/items.php'); - - - \App::$page['htmlhead'] .= replace_macros(get_markup_template('display-head.tpl'), array()); - if(argc() > 1 && argv(1) !== 'load') $item_hash = argv(1); if($_REQUEST['mid']) $item_hash = $_REQUEST['mid']; - if(! $item_hash) { + if(! $item_hash) { \App::$error = 404; notice( t('Item not found.') . EOL); return; } $observer_is_owner = false; - - + $updateable = false; + if(local_channel() && (! $update)) { $channel = \App::get_channel(); - - + $channel_acl = array( 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid'] ); - - + $x = array( 'is_owner' => true, 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), @@ -78,7 +71,6 @@ class Display extends \Zotlabs\Web\Controller { $o = '<div id="jot-popup">'; $o .= status_editor($a,$x); $o .= '</div>'; - } // This page can be viewed by anybody so the query could be complicated @@ -97,9 +89,8 @@ class Display extends \Zotlabs\Web\Controller { if($decoded) $item_hash = $decoded; - $r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1", - dbesc($item_hash . '%'), - dbesc($decoded . '%') + $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted from item where mid like '%s' limit 1", + dbesc($item_hash . '%') ); if($r) { @@ -140,10 +131,16 @@ class Display extends \Zotlabs\Web\Controller { $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; if((! $update) && (! $load)) { - - $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0); - + $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); + + //if the target item is not a post (eg a like) we want to address its thread parent + $mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']); + + //if we got a decoded hash we must encode it again before handing to javascript + if($decoded) + $mid = 'b64.' . base64url_encode($mid); + $o .= '<div id="live-display"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1)) . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n"; @@ -167,6 +164,7 @@ class Display extends \Zotlabs\Web\Controller { '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1), '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$search' => '', + '$xchan' => '', '$order' => '', '$file' => '', '$cats' => '', @@ -174,32 +172,37 @@ class Display extends \Zotlabs\Web\Controller { '$dend' => '', '$dbegin' => '', '$verb' => '', - '$mid' => $item_hash + '$mid' => $mid )); - - + + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); + } - + $observer_hash = get_observer_hash(); $item_normal = item_normal(); - + $item_normal_update = item_normal_update(); + $sql_extra = public_permissions_sql($observer_hash); - + if(($update && $load) || ($checkjs->disabled())) { - - $updateable = false; - + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start'])); - + if($load || ($checkjs->disabled())) { $r = null; - + require_once('include/channel.php'); $sys = get_sys_channel(); $sysid = $sys['channel_id']; - + if(local_channel()) { - $r = q("SELECT * from item + $r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal @@ -209,24 +212,22 @@ class Display extends \Zotlabs\Web\Controller { ); if($r) { $updateable = true; - } - } + if($r === null) { - + // in case somebody turned off public access to sys channel content using permissions - // make that content unsearchable by ensuring the owner_xchan can't match - + // make that content unsearchable by ensuring the owner uid can't match + if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - - - $r = q("SELECT * from item + + $r = q("SELECT item.id as item_id from item WHERE mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ) $sql_extra ) $item_normal @@ -234,7 +235,6 @@ class Display extends \Zotlabs\Web\Controller { dbesc($target_item['parent_mid']), intval($sysid) ); - } } } @@ -245,12 +245,12 @@ class Display extends \Zotlabs\Web\Controller { require_once('include/channel.php'); $sys = get_sys_channel(); $sysid = $sys['channel_id']; - + if(local_channel()) { - $r = q("SELECT * from item + $r = q("SELECT item.parent AS item_id from item WHERE uid = %d - and mid = '%s' - $item_normal + and parent_mid = '%s' + $item_normal_update $simple_update limit 1", intval(local_channel()), @@ -260,20 +260,21 @@ class Display extends \Zotlabs\Web\Controller { $updateable = true; } } + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - - $r = q("SELECT * from item - WHERE mid = '%s' + + $r = q("SELECT item.parent AS item_id from item + WHERE parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ) $sql_extra ) - $item_normal + $item_normal_update $simple_update limit 1", dbesc($target_item['parent_mid']), @@ -288,10 +289,8 @@ class Display extends \Zotlabs\Web\Controller { } if($r) { - - $parents_str = ids_to_querystr($r,'id'); + $parents_str = ids_to_querystr($r,'item_id'); if($parents_str) { - $items = q("SELECT item.*, item.id AS item_id FROM item WHERE parent in ( %s ) $item_normal ", @@ -302,39 +301,35 @@ class Display extends \Zotlabs\Web\Controller { $items = fetch_post_tags($items,true); $items = conv_sort($items,'created'); } - } else { + } + else { $items = array(); } - if ($checkjs->disabled()) { - $o .= conversation($a, $items, 'display', $update, 'traditional'); + $o .= conversation($items, 'display', $update, 'traditional'); if ($items[0]['title']) \App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title']; } else { - $o .= conversation($a, $items, 'display', $update, 'client'); + $o .= conversation($items, 'display', $update, 'client'); } if($updateable) { $x = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 AND uid = %d and parent = %d ", intval(local_channel()), - intval($r[0]['parent']) + intval($r[0]['item_id']) ); } - + $o .= '<div id="content-complete"></div>'; - - return $o; - - - /* - elseif((! $update) && (! { + + if((($update && $load) || $checkjs->disabled()) && (! $items)) { - $r = q("SELECT id, item_flags FROM item WHERE id = '%s' OR mid = '%s' LIMIT 1", - dbesc($item_hash), + $r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1", dbesc($item_hash) ); + if($r) { if(intval($r[0]['item_deleted'])) { notice( t('Item has been removed.') . EOL ); @@ -348,8 +343,9 @@ class Display extends \Zotlabs\Web\Controller { } } - */ + + return $o; + } - - + } diff --git a/Zotlabs/Module/Editblock.php b/Zotlabs/Module/Editblock.php index 654e2251d..8a7e87a09 100644 --- a/Zotlabs/Module/Editblock.php +++ b/Zotlabs/Module/Editblock.php @@ -98,6 +98,11 @@ class Editblock extends \Zotlabs\Web\Controller { $mimetype = $itm[0]['mimetype']; + $content = $itm[0]['body']; + if($itm[0]['mimetype'] === 'text/markdown') + $content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']); + + $rp = 'blocks/' . $channel['channel_address']; $x = array( @@ -117,7 +122,7 @@ class Editblock extends \Zotlabs\Web\Controller { 'ptyp' => $itm[0]['type'], 'mimeselect' => true, 'mimetype' => $itm[0]['mimetype'], - 'body' => undo_post_tagging($itm[0]['body']), + 'body' => undo_post_tagging($content), 'post_id' => $post_id, 'visitor' => true, 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), diff --git a/Zotlabs/Module/Editlayout.php b/Zotlabs/Module/Editlayout.php index ea637fcba..3d6a79507 100644 --- a/Zotlabs/Module/Editlayout.php +++ b/Zotlabs/Module/Editlayout.php @@ -119,6 +119,7 @@ class Editlayout extends \Zotlabs\Web\Controller { 'hide_weblink' => true, 'hide_attach' => true, 'hide_preview' => true, + 'disable_comments' => true, 'ptyp' => $itm[0]['obj_type'], 'body' => undo_post_tagging($itm[0]['body']), 'post_id' => $post_id, diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index d7612b165..a54c42e7f 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -31,7 +31,15 @@ class Editpost extends \Zotlabs\Web\Controller { dbesc(get_observer_hash()) ); - if(! count($itm)) { + // don't allow web editing of potentially binary content (item_obscured = 1) + // @FIXME how do we do it instead? + + if((! $itm) || intval($itm[0]['item_obscured'])) { + notice( t('Item is not editable') . EOL); + return; + } + + if($itm[0]['resource_type'] === 'photo' && $itm[0]['resource_id']) { notice( t('Item is not editable') . EOL); return; } @@ -44,14 +52,6 @@ class Editpost extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - if(intval($itm[0]['item_obscured'])) { - $key = get_config('system','prvkey'); - if($itm[0]['title']) - $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key); - if($itm[0]['body']) - $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key); - } - $category = ''; $catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : ''); diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php index 3d4af107d..da536a729 100644 --- a/Zotlabs/Module/Editwebpage.php +++ b/Zotlabs/Module/Editwebpage.php @@ -100,24 +100,19 @@ class Editwebpage extends \Zotlabs\Web\Controller { intval($owner) ); - if(! $itm) { + // don't allow web editing of potentially binary content (item_obscured = 1) + // @FIXME how do we do it instead? + + if((! $itm) || intval($itm[0]['item_obscured'])) { notice( t('Permission denied.') . EOL); return; } - if(intval($itm[0]['item_obscured'])) { - $key = get_config('system','prvkey'); - if($itm[0]['title']) - $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key); - if($itm[0]['body']) - $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key); - } - $item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1", intval($itm[0]['id']) ); if($item_id) - $page_title = $item_id[0]['v']; + $page_title = urldecode($item_id[0]['v']); $mimetype = $itm[0]['mimetype']; @@ -129,9 +124,11 @@ class Editwebpage extends \Zotlabs\Web\Controller { } $layout = $itm[0]['layout_mid']; - - $tpl = get_markup_template("jot.tpl"); + $content = $itm[0]['body']; + if($itm[0]['mimetype'] === 'text/markdown') + $content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']); + $rp = 'webpages/' . $which; $x = array( @@ -147,7 +144,7 @@ class Editwebpage extends \Zotlabs\Web\Controller { 'hide_location' => true, 'hide_voting' => true, 'ptyp' => $itm[0]['type'], - 'body' => undo_post_tagging($itm[0]['body']), + 'body' => undo_post_tagging($content), 'post_id' => $post_id, 'visitor' => ($is_owner) ? true : false, 'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')), diff --git a/Zotlabs/Module/Embedphotos.php b/Zotlabs/Module/Embedphotos.php index 48667795c..c92af27d6 100644 --- a/Zotlabs/Module/Embedphotos.php +++ b/Zotlabs/Module/Embedphotos.php @@ -92,6 +92,7 @@ class Embedphotos extends \Zotlabs\Web\Controller { * It is a limitation of the photo table using a name for a photo album instead of a folder hash */ if($album) { + require_once('include/attach.php'); $x = q("select hash from attach where filename = '%s' and uid = %d limit 1", dbesc($album), intval($owner_uid) diff --git a/Zotlabs/Module/Events.php b/Zotlabs/Module/Events.php index edc6dd3f0..0541f5e9b 100644 --- a/Zotlabs/Module/Events.php +++ b/Zotlabs/Module/Events.php @@ -272,7 +272,7 @@ class Events extends \Zotlabs\Web\Controller { return; } - nav_set_selected('all_events'); + nav_set_selected(t('Events')); if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { $r = q("update event set dismissed = 1 where id = %d and uid = %d", diff --git a/Zotlabs/Module/Feed.php b/Zotlabs/Module/Feed.php index 47871eafb..06637b6d2 100644 --- a/Zotlabs/Module/Feed.php +++ b/Zotlabs/Module/Feed.php @@ -1,40 +1,41 @@ <?php + namespace Zotlabs\Module; require_once('include/items.php'); - class Feed extends \Zotlabs\Web\Controller { function init() { - $params = array(); - - $params['begin'] = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin'] : NULL_DATE); - $params['end'] = ((x($_REQUEST,'date_end')) ? $_REQUEST['date_end'] : ''); - $params['type'] = ((stristr(argv(0),'json')) ? 'json' : 'xml'); - $params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0); - $params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0); - $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0); - $params['records'] = ((x($params,'records')) ? intval($params['records']) : 40); - $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc'); - $params['cat'] = ((x($_REQUEST,'cat')) ? escape_tags($_REQUEST['cat']) : ''); - - $channel = ''; + $params = []; + + $params['begin'] = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin'] : NULL_DATE); + $params['end'] = ((x($_REQUEST,'date_end')) ? $_REQUEST['date_end'] : ''); + $params['type'] = ((stristr(argv(0),'json')) ? 'json' : 'xml'); + $params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0); + $params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0); + $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0); + $params['records'] = ((x($params,'records')) ? intval($params['records']) : 40); + $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc'); + $params['cat'] = ((x($_REQUEST,'cat')) ? escape_tags($_REQUEST['cat']) : ''); + $params['compat'] = ((x($_REQUEST,'compat')) ? intval($_REQUEST['compat']) : 0); + + if(argc() > 1) { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", - dbesc(argv(1)) - ); - if(!($r && count($r))) + + if(observer_prohibited(true)) { killme(); - - $channel = $r[0]; - - if(observer_prohibited(true)) + } + + $channel = channelx_by_nick(argv(1)); + if(! $channel) { killme(); + } + - logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']); + logger('public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']); echo get_public_feed($channel,$params); @@ -43,6 +44,4 @@ class Feed extends \Zotlabs\Web\Controller { } - - } diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php index 769134808..5c4b9a502 100644 --- a/Zotlabs/Module/File_upload.php +++ b/Zotlabs/Module/File_upload.php @@ -28,15 +28,32 @@ class File_upload extends \Zotlabs\Web\Controller { $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } + $_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']); + $_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']); + $_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']); + $_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']); + if($_REQUEST['filename']) { - $_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']); - $_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']); - $_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']); - $_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']); - $r = attach_mkdir($channel,get_observer_hash(),$_REQUEST); + $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST); + if($r['success']) { + $hash = $r['data']['hash']; + + $sync = attach_export_data($channel,$hash); + if($sync) { + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + } + goaway(z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']); + + } } else { - $r = attach_store($channel,get_observer_hash(), '', $_REQUEST); + $r = attach_store($channel, get_observer_hash(), '', $_REQUEST); + if($r['success']) { + $sync = attach_export_data($channel,$r['data']['hash']); + if($sync) + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + + } } goaway(z_root() . '/' . $_REQUEST['return_url']); diff --git a/Zotlabs/Module/Filer.php b/Zotlabs/Module/Filer.php index 6a57cdb2a..af59f28fb 100644 --- a/Zotlabs/Module/Filer.php +++ b/Zotlabs/Module/Filer.php @@ -49,8 +49,10 @@ class Filer extends \Zotlabs\Web\Controller { } $tpl = get_markup_template("filer_dialog.tpl"); $o = replace_macros($tpl, array( - '$field' => array('term', t("Save to Folder:"), '', '', $filetags, t('- select -')), + '$field' => array('term', t('Enter a folder name'), '', '', $filetags, 'placeholder="' . t('or select an existing folder (doubleclick)') . '"'), '$submit' => t('Save'), + '$title' => t('Save to Folder'), + '$cancel' => t('Cancel') )); echo $o; diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index 874445145..55713027a 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -5,14 +5,6 @@ namespace Zotlabs\Module; * */ -require_once('include/attach.php'); - - -/** - * - * @param object &$a - */ - class Filestorage extends \Zotlabs\Web\Controller { function post() { @@ -26,7 +18,7 @@ class Filestorage extends \Zotlabs\Web\Controller { $recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0); $resource = ((x($_POST, 'filehash')) ? notags($_POST['filehash']) : ''); - $notify = ((x($_POST, 'notify')) ? intval($_POST['notify']) : 0); + $notify = ((x($_POST, 'notify_edit')) ? intval($_POST['notify_edit']) : 0); if(! $resource) { notice(t('Item not found.') . EOL); @@ -36,19 +28,19 @@ class Filestorage extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $acl = new \Zotlabs\Access\AccessList($channel); - $acl->set_from_array($_REQUEST); + $acl->set_from_array($_POST); $x = $acl->get(); - $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource); + $url = get_cloud_url($channel_id, $channel['channel_address'], $resource); //get the object before permissions change so we can catch eventual former allowed members - $object = get_file_activity_object($channel_id, $resource, $cloudPath); + $object = get_file_activity_object($channel_id, $resource, $url); attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true); file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify); - goaway($cloudPath); + goaway(dirname($url)); } function get() { @@ -107,11 +99,11 @@ class Filestorage extends \Zotlabs\Web\Controller { $f = $r[0]; $channel = \App::get_channel(); - $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); + $url = get_cloud_url($channel['channel_id'], $channel['channel_address'], $f['hash']); attach_delete($owner, $f['hash']); - goaway($parentpath); + goaway(dirname($url)); } if(argc() > 3 && argv(3) === 'edit') { @@ -130,8 +122,7 @@ class Filestorage extends \Zotlabs\Web\Controller { $f = $r[0]; $channel = \App::get_channel(); - $cloudpath = get_cloudpath($f) . (intval($f['is_dir']) ? '?f=&davguest=1' : ''); - $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); + $cloudpath = get_cloudpath($f); $aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')); $is_a_dir = (intval($f['is_dir']) ? true : false); @@ -146,7 +137,6 @@ class Filestorage extends \Zotlabs\Web\Controller { '$header' => t('Edit file permissions'), '$file' => $f, '$cloudpath' => z_root() . '/' . $encoded_path, - '$parentpath' => $parentpath, '$uid' => $channel['channel_id'], '$channelnick' => $channel['channel_address'], '$permissions' => t('Permissions'), @@ -165,7 +155,7 @@ class Filestorage extends \Zotlabs\Web\Controller { '$submit' => t('Submit'), '$attach_btn_title' => t('Share this file'), '$link_btn_title' => t('Show URL to this file'), - '$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))), + '$notify' => array('notify_edit', t('Show in your contacts shared folder'), 0, '', array(t('No'), t('Yes'))), )); echo $o; diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 3d859d94b..413a68e0c 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -35,6 +35,7 @@ class Getfile extends \Zotlabs\Web\Controller { $sig = $_POST['signature']; $resource = $_POST['resource']; $revision = intval($_POST['revision']); + $resolution = (-1); if(! $hash) killme(); @@ -46,6 +47,11 @@ class Getfile extends \Zotlabs\Web\Controller { killme(); } + if(substr($resource,-2,1) == '-') { + $resolution = intval(substr($resource,-1,1)); + $resource = substr($resource,0,-2); + } + $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop')); if($slop < 1) $slop = 3; @@ -63,6 +69,35 @@ class Getfile extends \Zotlabs\Web\Controller { killme(); } + + if($resolution > 0) { + $r = q("select * from photo where resource_id = '%s' and uid = %d limit 1", + dbesc($resource), + intval($channel['channel_id']) + ); + if($r) { + header('Content-type: ' . $r[0]['mimetype']); + + if(intval($r[0]['os_storage'])) { + $fname = dbunescbin($r[0]['content']); + if(strpos($fname,'store') !== false) + $istream = fopen($fname,'rb'); + else + $istream = fopen('store/' . $channel['channel_address'] . '/' . $fname,'rb'); + $ostream = fopen('php://output','wb'); + if($istream && $ostream) { + pipe_streams($istream,$ostream); + fclose($istream); + fclose($ostream); + } + } + else { + echo dbunescbin($r[0]['content']); + } + } + killme(); + } + $r = attach_by_hash($resource,$channel['channel_hash'],$revision); if(! $r['success']) { @@ -73,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller { $unsafe_types = array('text/html','text/css','application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types)) { + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) { header('Content-type: text/plain'); } else { diff --git a/Zotlabs/Module/Group.php b/Zotlabs/Module/Group.php index 646310356..93a089d02 100644 --- a/Zotlabs/Module/Group.php +++ b/Zotlabs/Module/Group.php @@ -56,6 +56,7 @@ class Group extends \Zotlabs\Web\Controller { ); if($r) info( t('Privacy group updated.') . EOL ); + build_sync_packet(local_channel(),null,true); } goaway(z_root() . '/group/' . argv(1) . '/' . argv(2)); @@ -63,7 +64,8 @@ class Group extends \Zotlabs\Web\Controller { return; } - function get() { + function get() { + $change = false; logger('mod_group: ' . \App::$cmd,LOGGER_DEBUG); diff --git a/Zotlabs/Module/Hcard.php b/Zotlabs/Module/Hcard.php index 93c8d3ece..912c84fd2 100644 --- a/Zotlabs/Module/Hcard.php +++ b/Zotlabs/Module/Hcard.php @@ -14,6 +14,8 @@ class Hcard extends \Zotlabs\Web\Controller { return; } + logger('hcard_request: ' . $which, LOGGER_DEBUG); + $profile = ''; $channel = \App::get_channel(); @@ -29,7 +31,20 @@ class Hcard extends \Zotlabs\Web\Controller { $profile = $r[0]['profile_guid']; } - \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which .'" />' . "\r\n" ; + head_add_link( [ + 'rel' => 'alternate', + 'type' => 'application/atom+xml', + 'title' => t('Posts and comments'), + 'href' => z_root() . '/feed/' . $which + ]); + + head_add_link( [ + 'rel' => 'alternate', + 'type' => 'application/atom+xml', + 'title' => t('Only posts'), + 'href' => z_root() . '/feed/' . $which . '?f=&top=1' + ]); + if(! $profile) { $x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", @@ -46,12 +61,10 @@ class Hcard extends \Zotlabs\Web\Controller { } - function get() { - - require_once('include/widgets.php'); - return widget_profile(array()); - - + function get() { + + $x = new \Zotlabs\Widget\Profile(); + return $x->widget(array()); } diff --git a/Zotlabs/Module/Help.php b/Zotlabs/Module/Help.php index e247416d9..f3cc3aa5f 100644 --- a/Zotlabs/Module/Help.php +++ b/Zotlabs/Module/Help.php @@ -15,7 +15,7 @@ require_once('include/help.php'); class Help extends \Zotlabs\Web\Controller { function get() { - nav_set_selected('help'); + nav_set_selected(t('Help')); if($_REQUEST['search']) { $o .= '<div id="help-content" class="generic-content-wrapper">'; @@ -44,42 +44,42 @@ class Help extends \Zotlabs\Web\Controller { return $o; } - - - if(argc() > 2 && argv(argc()-2) === 'assets') { - $path = ''; - for($x = 1; $x < argc(); $x ++) { - if(strlen($path)) - $path .= '/'; - $path .= argv($x); - } - $realpath = 'doc/' . $path; - //Set the content-type header as appropriate - $imageInfo = getimagesize($realpath); - switch ($imageInfo[2]) { - case IMAGETYPE_JPEG: - header("Content-Type: image/jpeg"); - break; - case IMAGETYPE_GIF: - header("Content-Type: image/gif"); - break; - case IMAGETYPE_PNG: - header("Content-Type: image/png"); - break; - default: - break; - } - header("Content-Length: " . filesize($realpath)); + + + if(argc() > 2 && argv(argc()-2) === 'assets') { + $path = ''; + for($x = 1; $x < argc(); $x ++) { + if(strlen($path)) + $path .= '/'; + $path .= argv($x); + } + $realpath = 'doc/' . $path; + //Set the content-type header as appropriate + $imageInfo = getimagesize($realpath); + switch ($imageInfo[2]) { + case IMAGETYPE_JPEG: + header("Content-Type: image/jpeg"); + break; + case IMAGETYPE_GIF: + header("Content-Type: image/gif"); + break; + case IMAGETYPE_PNG: + header("Content-Type: image/png"); + break; + default: + break; + } + header("Content-Length: " . filesize($realpath)); - // dump the picture and stop the script - readfile($realpath); - killme(); - } + // dump the picture and stop the script + readfile($realpath); + killme(); + } $headings = [ - 'about' => t('About'), - 'member' => t('Members'), - 'admin' => t('Administrators'), + 'about' => t('About'), + 'member' => t('Members'), + 'admin' => t('Administrators'), 'developer' => t('Developers'), 'tutorials' => t('Tutorials') ]; @@ -87,13 +87,16 @@ class Help extends \Zotlabs\Web\Controller { if(array_key_exists(argv(1), $headings)) $heading = $headings[argv(1)]; - $content = get_help_content(); + $content = get_help_content(); + + $language = determine_help_language()['language']; return replace_macros(get_markup_template('help.tpl'), array( - '$title' => t('$Projectname Documentation'), + '$title' => t('$Projectname Documentation'), '$tocHeading' => t('Contents'), - '$content' => $content, - '$heading' => $heading + '$content' => $content, + '$heading' => $heading, + '$language' => $language )); } diff --git a/Zotlabs/Module/Impel.php b/Zotlabs/Module/Impel.php index 197d9f859..77f488d26 100644 --- a/Zotlabs/Module/Impel.php +++ b/Zotlabs/Module/Impel.php @@ -144,18 +144,8 @@ class Impel extends \Zotlabs\Web\Controller { // Verify ability to use html or php!!! - $execflag = false; - - if($arr['mimetype'] === 'application/x-php') { - $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", - intval(local_channel()) - ); - - if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { - $execflag = true; - } - } - + $execflag = ((intval($channel['channel_id']) == intval(local_channel()) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false); + $i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1", dbesc($arr['mid']), intval(local_channel()) diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 3969f25e0..40ce8f6d1 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -2,26 +2,32 @@ namespace Zotlabs\Module; -// Import a channel, either by direct file upload or via -// connection to original server. - - require_once('include/zot.php'); require_once('include/channel.php'); require_once('include/import.php'); require_once('include/perm_upgrade.php'); - +/** + * @brief Module for channel import. + * + * Import a channel, either by direct file upload or via + * connection to another server. + */ class Import extends \Zotlabs\Web\Controller { + /** + * @brief Import channel into account. + * + * @param int $account_id + */ function import_account($account_id) { - + if(! $account_id){ - logger("import_account: No account ID supplied"); + logger('No account ID supplied'); return; } - + $max_friends = account_service_class_fetch($account_id,'total_channels'); $max_feeds = account_service_class_fetch($account_id,'total_feeds'); $data = null; @@ -32,35 +38,39 @@ class Import extends \Zotlabs\Web\Controller { $filename = basename($_FILES['filename']['name']); $filesize = intval($_FILES['filename']['size']); $filetype = $_FILES['filename']['type']; - + // import channel from file if($src) { - - // This is OS specific and could also fail if your tmpdir isn't very large - // mostly used for Diaspora which exports gzipped files. - + + // This is OS specific and could also fail if your tmpdir isn't very + // large mostly used for Diaspora which exports gzipped files. + if(strpos($filename,'.gz')){ @rename($src,$src . '.gz'); @system('gunzip ' . escapeshellarg($src . '.gz')); } - + if($filesize) { $data = @file_get_contents($src); } unlink($src); } - + + // import channel from another server if(! $src) { $old_address = ((x($_REQUEST,'old_address')) ? $_REQUEST['old_address'] : ''); if(! $old_address) { - logger('mod_import: nothing to import.'); + logger('Nothing to import.'); notice( t('Nothing to import.') . EOL); return; + } else if(strpos($old_address, 'ï¼ ')) { + // if you copy the identity address from your profile page, make it work for convenience + $old_address = str_replace('ï¼ ', '@', $old_address); } - + $email = ((x($_REQUEST,'email')) ? $_REQUEST['email'] : ''); $password = ((x($_REQUEST,'password')) ? $_REQUEST['password'] : ''); - + $channelname = substr($old_address,0,strpos($old_address,'@')); $servername = substr($old_address,strpos($old_address,'@')+1); @@ -73,6 +83,7 @@ class Import extends \Zotlabs\Web\Controller { $api_path .= 'channel/export/basic?f=&channel=' . $channelname; if($import_posts) $api_path .= '&posts=1'; + $binary = false; $redirects = 0; $opts = array('http_auth' => $email . ':' . $password); @@ -85,19 +96,18 @@ class Import extends \Zotlabs\Web\Controller { return; } } - + if(! $data) { - logger('mod_import: empty file.'); + logger('Empty import file.'); notice( t('Imported file is empty.') . EOL); return; } - + $data = json_decode($data,true); - - // logger('import: data: ' . print_r($data,true)); - // print_r($data); - - + + //logger('import: data: ' . print_r($data,true)); + //print_r($data); + if(! array_key_exists('compatibility',$data)) { call_hooks('import_foreign_channel_data',$data); if($data['handled']) @@ -108,24 +118,23 @@ class Import extends \Zotlabs\Web\Controller { $v1 = substr($data['compatibility']['database'],-4); $v2 = substr(DB_UPDATE_VERSION,-4); if($v2 > $v1) { - $t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); + $t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); notice($t); } - if(array_key_exists('server_role',$data['compatibility']) && $data['compatibility']['server_role'] == 'basic') - $moving = true; + } - + if($moving) $seize = 1; - + // import channel - + $relocate = ((array_key_exists('relocate',$data)) ? $data['relocate'] : null); if(array_key_exists('channel',$data)) { - + $max_identities = account_service_class_fetch($account_id,'total_identities'); - + if($max_identities !== false) { $r = q("select channel_id from channel where channel_account_id = %d", intval($account_id) @@ -137,46 +146,40 @@ class Import extends \Zotlabs\Web\Controller { } $channel = import_channel($data['channel'], $account_id, $seize); - } else { $moving = false; $channel = \App::get_channel(); } - + if(! $channel) { - logger('mod_import: channel not found. ', print_r($channel,true)); + logger('Channel not found. ', print_r($channel,true)); notice( t('No channel. Import failed.') . EOL); return; } - - if(is_array($data['config'])) { import_config($channel,$data['config']); } - + logger('import step 2'); - - - if(array_key_exists('channel',$data)) { if($data['photo']) { require_once('include/photo/photo_driver.php'); import_channel_photo(base64url_decode($data['photo']['data']),$data['photo']['type'],$account_id,$channel['channel_id']); } - + if(is_array($data['profile'])) import_profiles($channel,$data['profile']); } - + logger('import step 3'); - + if(is_array($data['hubloc'])) { import_hublocs($channel,$data['hubloc'],$seize,$moving); } - + logger('import step 4'); // create new hubloc for the new channel at this site @@ -200,7 +203,7 @@ class Import extends \Zotlabs\Web\Controller { ); // reset the original primary hubloc if it is being seized - + if($seize) { $r = q("update hubloc set hubloc_primary = 0 where hubloc_primary = 1 and hubloc_hash = '%s' and hubloc_url != '%s' ", dbesc($channel['channel_hash']), @@ -210,20 +213,18 @@ class Import extends \Zotlabs\Web\Controller { } logger('import step 5'); - - - + + // import xchans and contact photos - + if(array_key_exists('channel',$data) && $seize) { - + // replace any existing xchan we may have on this site if we're seizing control - + $r = q("delete from xchan where xchan_hash = '%s'", dbesc($channel['channel_hash']) ); - $r = xchan_store_lowlevel( [ 'xchan_hash' => $channel['channel_hash'], @@ -242,23 +243,22 @@ class Import extends \Zotlabs\Web\Controller { 'xchan_photo_date' => datetime_convert(), 'xchan_name_date' => datetime_convert() ] - ); + ); } - + logger('import step 6'); - - + // import xchans $xchans = $data['xchan']; if($xchans) { foreach($xchans as $xchan) { - + $hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']); if($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) { logger('forged xchan: ' . print_r($xchan,true)); continue; } - + if(! array_key_exists('xchan_hidden',$xchan)) { $xchan['xchan_hidden'] = (($xchan['xchan_flags'] & 0x0001) ? 1 : 0); $xchan['xchan_orphan'] = (($xchan['xchan_flags'] & 0x0002) ? 1 : 0); @@ -268,22 +268,22 @@ class Import extends \Zotlabs\Web\Controller { $xchan['xchan_pubforum'] = (($xchan['xchan_flags'] & 0x0020) ? 1 : 0); $xchan['xchan_deleted'] = (($xchan['xchan_flags'] & 0x1000) ? 1 : 0); } - + $r = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1", dbesc($xchan['xchan_hash']) ); if($r) continue; - create_table_from_array('xchan',$xchan); - + create_table_from_array('xchan',$xchan); + require_once('include/photo/photo_driver.php'); $photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']); if($photos[4]) $photodate = NULL_DATE; else $photodate = $xchan['xchan_photo_date']; - + $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), @@ -292,33 +292,32 @@ class Import extends \Zotlabs\Web\Controller { dbesc($photodate), dbesc($xchan['xchan_hash']) ); - } - logger('import step 7'); + logger('import step 7'); } - $friends = 0; $feeds = 0; - + // import contacts $abooks = $data['abook']; if($abooks) { foreach($abooks as $abook) { $abook_copy = $abook; - + $abconfig = null; if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig'])) $abconfig = $abook['abconfig']; - + unset($abook['abook_id']); unset($abook['abook_rating']); unset($abook['abook_rating_text']); unset($abook['abconfig']); unset($abook['abook_their_perms']); unset($abook['abook_my_perms']); + unset($abook['abook_not_here']); $abook['abook_account'] = $account_id; $abook['abook_channel'] = $channel['channel_id']; @@ -332,7 +331,11 @@ class Import extends \Zotlabs\Web\Controller { $abook['abook_self'] = (($abook['abook_flags'] & 0x0080 ) ? 1 : 0); $abook['abook_feed'] = (($abook['abook_flags'] & 0x0100 ) ? 1 : 0); } - + + if(array_key_exists('abook_instance',$abook) && $abook['abook_instance'] && strpos($abook['abook_instance'],z_root()) === false) { + $abook['abook_not_here'] = 1; + } + if($abook['abook_self']) { $role = get_pconfig($channel['channel_id'],'system','permissions_role'); if(($role === 'forum') || ($abook['abook_my_perms'] & PERMS_W_TAGWALL)) { @@ -340,24 +343,24 @@ class Import extends \Zotlabs\Web\Controller { dbesc($abook['abook_xchan']) ); } - } + } else { if($max_friends !== false && $friends > $max_friends) continue; if($max_feeds !== false && intval($abook['abook_feed']) && ($feeds > $max_feeds)) continue; } - - create_table_from_array('abook',$abook); + + abook_store_lowlevel($abook); $friends ++; if(intval($abook['abook_feed'])) $feeds ++; translate_abook_perms_inbound($channel,$abook_copy); - + if($abconfig) { - // @fixme does not handle sync of del_abconfig + /// @FIXME does not handle sync of del_abconfig foreach($abconfig as $abc) { set_abconfig($channel['channel_id'],$abc['xchan'],$abc['cat'],$abc['k'],$abc['v']); } @@ -366,20 +369,21 @@ class Import extends \Zotlabs\Web\Controller { logger('import step 8'); } - + + // import groups $groups = $data['group']; if($groups) { $saved = array(); foreach($groups as $group) { $saved[$group['hash']] = array('old' => $group['id']); - if(array_key_exists('name',$group)) { + if(array_key_exists('name', $group)) { $group['gname'] = $group['name']; unset($group['name']); } unset($group['id']); $group['uid'] = $channel['channel_id']; - create_table_from_array('groups',$group); + create_table_from_array('groups', $group); } $r = q("select * from groups where uid = %d", intval($channel['channel_id']) @@ -388,10 +392,10 @@ class Import extends \Zotlabs\Web\Controller { foreach($r as $rr) { $saved[$rr['hash']]['new'] = $rr['id']; } - } + } } - - + + // import group members $group_members = $data['group_member']; if($group_members) { foreach($group_members as $group_member) { @@ -401,36 +405,36 @@ class Import extends \Zotlabs\Web\Controller { if($x['old'] == $group_member['gid']) $group_member['gid'] = $x['new']; } - create_table_from_array('group_member',$group_member); + create_table_from_array('group_member', $group_member); } } logger('import step 9'); - + if(is_array($data['obj'])) import_objs($channel,$data['obj']); - + if(is_array($data['likes'])) import_likes($channel,$data['likes']); - + if(is_array($data['app'])) import_apps($channel,$data['app']); - + if(is_array($data['chatroom'])) import_chatrooms($channel,$data['chatroom']); - + if(is_array($data['conv'])) import_conv($channel,$data['conv']); - + if(is_array($data['mail'])) import_mail($channel,$data['mail']); - + if(is_array($data['event'])) import_events($channel,$data['event']); - + if(is_array($data['event_item'])) import_items($channel,$data['event_item'],false,$relocate); - + if(is_array($data['menu'])) import_menus($channel,$data['menu']); @@ -439,56 +443,62 @@ class Import extends \Zotlabs\Web\Controller { if(is_array($data['webpages'])) import_items($channel,$data['webpages'],false,$relocate); - + $addon = array('channel' => $channel,'data' => $data); call_hooks('import_channel',$addon); - + $saved_notification_flags = notifications_off($channel['channel_id']); - + if($import_posts && array_key_exists('item',$data) && $data['item']) import_items($channel,$data['item'],false,$relocate); - + notifications_on($channel['channel_id'],$saved_notification_flags); - - + if(array_key_exists('item_id',$data) && $data['item_id']) import_item_ids($channel,$data['item_id']); - + // send out refresh requests // notify old server that it may no longer be primary. - + \Zotlabs\Daemon\Master::Summon(array('Notifier','location',$channel['channel_id'])); - + // This will indirectly perform a refresh_all *and* update the directory - + \Zotlabs\Daemon\Master::Summon(array('Directory', $channel['channel_id'])); - - + + notice( t('Import completed.') . EOL); - + change_channel($channel['channel_id']); - + goaway(z_root() . '/network' ); - } - - + + /** + * @brief Handle POST action on channel import page. + */ function post() { - $account_id = get_account_id(); if(! $account_id) return; - + + check_form_security_token_redirectOnErr('/import', 'channel_import'); + $this->import_account($account_id); } - + + /** + * @brief Generate channel import page. + * + * @return string with parsed HTML. + */ function get() { - + if(! get_account_id()) { - notice( t('You must be logged in to use this feature.')); + notice( t('You must be logged in to use this feature.') . EOL); return ''; } - + $o = replace_macros(get_markup_template('channel_import.tpl'),array( '$title' => t('Import Channel'), '$desc' => t('Use this form to import an existing channel from a different server/hub. You may retrieve the channel identity from the old server/hub via the network or provide an export file.'), @@ -501,14 +511,14 @@ class Import extends \Zotlabs\Web\Controller { '$label_import_primary' => t('Make this hub my primary location'), '$label_import_moving' => t('Move this channel (disable all previous locations)'), '$label_import_posts' => t('Import a few months of posts if possible (limited by available memory'), - '$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'), + '$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'), '$email' => '', '$pass' => '', + '$form_security_token' => get_form_security_token('channel_import'), '$submit' => t('Submit') )); - + return $o; - } - + } diff --git a/Zotlabs/Module/Import_items.php b/Zotlabs/Module/Import_items.php index f20cbfe7e..c2b2506fe 100644 --- a/Zotlabs/Module/Import_items.php +++ b/Zotlabs/Module/Import_items.php @@ -3,54 +3,60 @@ namespace Zotlabs\Module; require_once('include/import.php'); - +/** + * @brief Module for importing items. + * + * Import existing posts and content from an export file. + */ class Import_items extends \Zotlabs\Web\Controller { function post() { - + if(! local_channel()) return; - + + check_form_security_token_redirectOnErr('/import_items', 'import_items'); + $data = null; - + $src = $_FILES['filename']['tmp_name']; $filename = basename($_FILES['filename']['name']); $filesize = intval($_FILES['filename']['size']); $filetype = $_FILES['filename']['type']; - + if($src) { // This is OS specific and could also fail if your tmpdir isn't very large // mostly used for Diaspora which exports gzipped files. - + if(strpos($filename,'.gz')){ @rename($src,$src . '.gz'); @system('gunzip ' . escapeshellarg($src . '.gz')); } - + if($filesize) { $data = @file_get_contents($src); } unlink($src); } - + if(! $src) { - + $old_address = ((x($_REQUEST,'old_address')) ? $_REQUEST['old_address'] : ''); - + if(! $old_address) { - logger('mod_import: nothing to import.'); + logger('Nothing to import.'); notice( t('Nothing to import.') . EOL); return; } - + $email = ((x($_REQUEST,'email')) ? $_REQUEST['email'] : ''); $password = ((x($_REQUEST,'password')) ? $_REQUEST['password'] : ''); - + $year = ((x($_REQUEST,'year')) ? $_REQUEST['year'] : ''); - + $channelname = substr($old_address,0,strpos($old_address,'@')); $servername = substr($old_address,strpos($old_address,'@')+1); - + $scheme = 'https://'; $api_path = '/api/red/channel/export/items?f=&channel=' . $channelname . '&year=' . intval($year); $binary = false; @@ -64,68 +70,66 @@ class Import_items extends \Zotlabs\Web\Controller { $data = $ret['body']; else notice( t('Unable to download data from old server') . EOL); - } - + if(! $data) { - logger('mod_import: empty file.'); + logger('Empty file.'); notice( t('Imported file is empty.') . EOL); return; } - - $data = json_decode($data,true); - - // logger('import: data: ' . print_r($data,true)); - // print_r($data); - + + $data = json_decode($data, true); + + //logger('import: data: ' . print_r($data,true)); + //print_r($data); + if(! is_array($data)) return; - + if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) { $v1 = substr($data['compatibility']['database'],-4); $v2 = substr(DB_UPDATE_VERSION,-4); if($v2 > $v1) { - $t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); - notice($t); + $t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); + notice($t . EOL); } } - + $channel = \App::get_channel(); - - + if(array_key_exists('item',$data) && $data['item']) { import_items($channel,$data['item'],false,((array_key_exists('relocate',$data)) ? $data['relocate'] : null)); } - + if(array_key_exists('item_id',$data) && $data['item_id']) { import_item_ids($channel,$data['item_id']); } - + info( t('Import completed') . EOL); - return; } - - - - + + + /** + * @brief Generate item import page. + * + * @return string with parsed HTML. + */ function get() { - + if(! local_channel()) { notice( t('Permission denied') . EOL); return login(); } - - $o = replace_macros(get_markup_template('item_import.tpl'),array( + + $o = replace_macros(get_markup_template('item_import.tpl'), array( '$title' => t('Import Items'), '$desc' => t('Use this form to import existing posts and content from an export file.'), '$label_filename' => t('File to Upload'), + '$form_security_token' => get_form_security_token('import_items'), '$submit' => t('Submit') )); - + return $o; - } - - - + } diff --git a/Zotlabs/Module/Invite.php b/Zotlabs/Module/Invite.php index 6b6f80a31..bbd98150d 100644 --- a/Zotlabs/Module/Invite.php +++ b/Zotlabs/Module/Invite.php @@ -49,7 +49,7 @@ class Invite extends \Zotlabs\Web\Controller { if(! $recip) continue; - if(! valid_email($recip)) { + if(! validate_email($recip)) { notice( sprintf( t('%s : Not a valid email address.'), $recip) . EOL); continue; } @@ -88,12 +88,14 @@ class Invite extends \Zotlabs\Web\Controller { } - function get() { + function get() { if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } + + nav_set_selected(t('Invite')); $tpl = get_markup_template('invite.tpl'); $invonly = false; diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 4725ecb38..3e023ae8b 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -33,7 +33,7 @@ class Item extends \Zotlabs\Web\Controller { // This will change. Figure out who the observer is and whether or not // they have permission to post here. Else ignore the post. - if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'commenter'))) + if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'anonname'))) return; $uid = local_channel(); @@ -77,7 +77,7 @@ class Item extends \Zotlabs\Web\Controller { call_hooks('post_local_start', $_REQUEST); - // logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); + // logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); $api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false); @@ -110,6 +110,7 @@ class Item extends \Zotlabs\Web\Controller { $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : ''); $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); + $item_obscured = ((x($_REQUEST,'obscured')) ? intval($_REQUEST['obscured']) : 0); $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : ''); $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); @@ -204,10 +205,29 @@ class Item extends \Zotlabs\Web\Controller { $route = $parent_item['route']; } + + $moderated = false; - if(! $observer) + if(! $observer) { $observer = \App::get_observer(); + if(! $observer) { + $observer = anon_identity_init($_REQUEST); + if($observer) { + $moderated = true; + $remote_xchan = $remote_observer = $observer; + } + } + } + if(! $observer) { + notice( t('Permission denied.') . EOL) ; + if($api_source) + return ( [ 'success' => false, 'message' => 'permission denied' ] ); + if(x($_REQUEST,'return')) + goaway(z_root() . "/" . $return_path ); + killme(); + } + if($parent) { logger('mod_item: item_post parent=' . $parent); $can_comment = false; @@ -311,7 +331,7 @@ class Item extends \Zotlabs\Web\Controller { $walltowall = false; $walltowall_comment = false; - if($remote_xchan) + if($remote_xchan && ! $moderated) $observer = $remote_observer; if($observer) { @@ -471,34 +491,16 @@ class Item extends \Zotlabs\Web\Controller { if(! $mimetype) $mimetype = 'text/bbcode'; + + $execflag = ((intval($uid) == intval($profile_uid) + && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false); + if($preview) { - $body = z_input_filter($profile_uid,$body,$mimetype); + $body = z_input_filter($body,$mimetype,$execflag); } - // Verify ability to use html or php!!! - $execflag = false; - - if($mimetype !== 'text/bbcode') { - $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", - intval($profile_uid) - ); - if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { - if($uid && (get_account_id() == $z[0]['account_id'])) { - $execflag = true; - } - else { - notice( t('Executable content type not permitted to this channel.') . EOL); - if($api_source) - return ( [ 'success' => false, 'message' => 'forbidden content type' ] ); - if(x($_REQUEST,'return')) - goaway(z_root() . "/" . $return_path ); - killme(); - } - } - } - $gacl = $acl->get(); $str_contact_allow = $gacl['allow_cid']; $str_group_allow = $gacl['allow_gid']; @@ -632,7 +634,7 @@ class Item extends \Zotlabs\Web\Controller { $attach_link = ''; $hash = substr($mtch,0,strpos($mtch,',')); $rev = intval(substr($mtch,strpos($mtch,','))); - $r = attach_by_hash_nodata($hash,$rev); + $r = attach_by_hash_nodata($hash, $observer['xchan_hash'], $rev); if($r['success']) { $attachments[] = array( 'href' => z_root() . '/attach/' . $r['data']['hash'], @@ -657,14 +659,23 @@ class Item extends \Zotlabs\Web\Controller { // BBCODE end alert if(strlen($categories)) { + $cats = explode(',',$categories); foreach($cats as $cat) { + + if($webpage == ITEM_TYPE_CARD) { + $catlink = z_root() . '/cards/' . $channel['channel_address'] . '?f=&cat=' . urlencode(trim($cat)); + } + else { + $catlink = $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)); + } + $post_tags[] = array( 'uid' => $profile_uid, 'ttype' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), - 'url' => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)) + 'url' => $catlink ); } } @@ -732,7 +743,9 @@ class Item extends \Zotlabs\Web\Controller { if($parent_item) $parent_mid = $parent_item['mid']; - + + + // Fallback so that we alway have a thr_parent if(!$thr_parent) @@ -742,6 +755,21 @@ class Item extends \Zotlabs\Web\Controller { $item_thread_top = ((! $parent) ? 1 : 0); + + // fix permalinks for cards + + if($webpage == ITEM_TYPE_CARD) { + $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16)); + } + if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_CARD)) { + $r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.iid = %d limit 1", + intval($parent_item['id']) + ); + if($r) { + $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . $r[0]['v']; + } + } + if ((! $plink) && ($item_thread_top)) { $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid; } @@ -816,7 +844,7 @@ class Item extends \Zotlabs\Web\Controller { $datarray['owner'] = $owner_xchan; $datarray['author'] = $observer; $datarray['attach'] = json_encode($datarray['attach']); - $o = conversation($a,array($datarray),'search',false,'preview'); + $o = conversation(array($datarray),'search',false,'preview'); // logger('preview: ' . $o, LOGGER_DEBUG); echo json_encode(array('preview' => $o)); killme(); @@ -859,20 +887,8 @@ class Item extends \Zotlabs\Web\Controller { } - if(mb_strlen($datarray['title']) > 255) - $datarray['title'] = mb_substr($datarray['title'],0,255); - - if(array_key_exists('item_private',$datarray) && $datarray['item_private']) { - - $datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype'])); - - if($uid) { - if($channel['channel_hash'] === $datarray['author_xchan']) { - $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey'])); - $datarray['item_verified'] = 1; - } - } - } + if(mb_strlen($datarray['title']) > 191) + $datarray['title'] = mb_substr($datarray['title'],0,191); if($webpage) { Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage), @@ -889,7 +905,17 @@ class Item extends \Zotlabs\Web\Controller { $x = item_store_update($datarray,$execflag); - item_create_edit_activity($x); + // We only need edit activities for other federated protocols + // which do not support edits natively. While this does federate + // edits, it presents a number of issues locally - such as #757 and #758. + // The SQL check for an edit activity would not perform that well so to fix these issues + // requires an additional item flag (perhaps 'item_edit_activity') that we can add to the + // query for searches and notifications. + + // For now we'll just forget about trying to make edits work on network protocols that + // don't support them. + + // item_create_edit_activity($x); if(! $parent) { $r = q("select * from item where id = %d", @@ -928,6 +954,11 @@ class Item extends \Zotlabs\Web\Controller { if($parent) { + // prevent conversations which you are involved from being expired + + if(local_channel()) + retain_item($parent); + // only send comment notification if this is a wall-to-wall comment, // otherwise it will happen during delivery @@ -1015,6 +1046,10 @@ class Item extends \Zotlabs\Web\Controller { \Zotlabs\Daemon\Master::Summon(array('Notifier', $notify_type, $post_id)); logger('post_complete'); + + if($moderated) { + info(t('Your comment is awaiting approval.') . EOL); + } // figure out how to return, depending on from whence we came diff --git a/Zotlabs/Module/Lang.php b/Zotlabs/Module/Lang.php index 69f10fe6d..84776c3ea 100644 --- a/Zotlabs/Module/Lang.php +++ b/Zotlabs/Module/Lang.php @@ -5,6 +5,7 @@ namespace Zotlabs\Module; class Lang extends \Zotlabs\Web\Controller { function get() { + nav_set_selected(t('Language')); return lang_selector(); } diff --git a/Zotlabs/Module/Layouts.php b/Zotlabs/Module/Layouts.php index c07f65ce1..34d754029 100644 --- a/Zotlabs/Module/Layouts.php +++ b/Zotlabs/Module/Layouts.php @@ -125,6 +125,7 @@ class Layouts extends \Zotlabs\Web\Controller { 'hide_weblink' => true, 'hide_attach' => true, 'hide_preview' => true, + 'disable_comments' => true, 'ptlabel' => t('Layout Name'), 'profile_uid' => intval($owner), 'expanded' => true, diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 5ce8ec7f0..b104a5f5f 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -255,7 +255,7 @@ class Like extends \Zotlabs\Web\Controller { // get the item. Allow linked photos (which are normally hidden) to be liked $r = q("SELECT * FROM item WHERE id = %d - and item_type = 0 and item_deleted = 0 and item_unpublished = 0 + and (item_type = 0 or item_type = 6) and item_deleted = 0 and item_unpublished = 0 and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1", intval($item_id) ); @@ -373,6 +373,10 @@ class Like extends \Zotlabs\Web\Controller { $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink'])); $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + + if($objtype === ACTIVITY_OBJ_NOTE && (! intval($item['item_thread_top']))) + $objtype = ACTIVITY_OBJ_COMMENT; + $body = $item['body']; @@ -500,6 +504,11 @@ class Like extends \Zotlabs\Web\Controller { $post = item_store($arr); $post_id = $post['item_id']; + + // save the conversation from expiration + + if(local_channel() && array_key_exists('item',$post) && (intval($post['item']['id']) != intval($post['item']['parent']))) + retain_item($post['item']['parent']); $arr['id'] = $post_id; diff --git a/Zotlabs/Module/Linkinfo.php b/Zotlabs/Module/Linkinfo.php index 8f8231c49..78c34583e 100644 --- a/Zotlabs/Module/Linkinfo.php +++ b/Zotlabs/Module/Linkinfo.php @@ -95,7 +95,7 @@ class Linkinfo extends \Zotlabs\Web\Controller { echo $arr['text']; killme(); } - + if($process_oembed) { $x = oembed_process($url); if($x) { diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php index fc7d5c7c8..466d16997 100644 --- a/Zotlabs/Module/Lockview.php +++ b/Zotlabs/Module/Lockview.php @@ -72,7 +72,7 @@ class Lockview extends \Zotlabs\Web\Controller { } if($uid != local_channel()) { - echo '<li>' . t('Remote privacy information not available.') . '</li>'; + echo '<div class="dropdown-item">' . t('Remote privacy information not available.') . '</div>'; killme(); } @@ -84,7 +84,7 @@ class Lockview extends \Zotlabs\Web\Controller { // as unknown specific recipients. The sender will have the visibility list and will fall through to the // next section. - echo '<li>' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</li>'; + echo '<div class="dropdown-item">' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>'; killme(); } @@ -93,7 +93,7 @@ class Lockview extends \Zotlabs\Web\Controller { $deny_users = expand_acl($item['deny_cid']); $deny_groups = expand_acl($item['deny_gid']); - $o = '<li>' . t('Visible to:') . '</li>'; + $o = '<div class="dropdown-item">' . t('Visible to:') . '</div>'; $l = array(); stringify_array_elms($allowed_groups,true); @@ -114,24 +114,24 @@ class Lockview extends \Zotlabs\Web\Controller { $r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )"); if($r) foreach($r as $rr) - $l[] = '<li><b>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</b></li>'; + $l[] = '<div class="dropdown-item"><b>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</b></div>'; } if(count($allowed_groups)) { $r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $allowed_groups) . " )"); if($r) foreach($r as $rr) - $l[] = '<li><b>' . $rr['gname'] . '</b></li>'; + $l[] = '<div class="dropdown-item"><b>' . $rr['gname'] . '</b></div>'; } if(count($allowed_users)) { $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )"); if($r) foreach($r as $rr) - $l[] = '<li>' . $rr['xchan_name'] . '</li>'; + $l[] = '<div class="dropdown-item">' . $rr['xchan_name'] . '</div>'; if($atokens) { foreach($atokens as $at) { if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) { - $l[] = '<li>' . $at['xchan_name'] . '</li>'; + $l[] = '<div class="dropdown-item">' . $at['xchan_name'] . '</div>'; } } } @@ -150,7 +150,7 @@ class Lockview extends \Zotlabs\Web\Controller { $r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )"); if($r) foreach($r as $rr) - $l[] = '<li><b><strike>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</strike></b></li>'; + $l[] = '<div class="dropdown-item"><b><strike>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</strike></b></div>'; } @@ -159,18 +159,18 @@ class Lockview extends \Zotlabs\Web\Controller { $r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); if($r) foreach($r as $rr) - $l[] = '<li><b><strike>' . $rr['gname'] . '</strike></b></li>'; + $l[] = '<div class="dropdown-item"><b><strike>' . $rr['gname'] . '</strike></b></div>'; } if(count($deny_users)) { $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )"); if($r) foreach($r as $rr) - $l[] = '<li><strike>' . $rr['xchan_name'] . '</strike></li>'; + $l[] = '<div class="dropdown-item"><strike>' . $rr['xchan_name'] . '</strike></div>'; if($atokens) { foreach($atokens as $at) { if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) { - $l[] = '<li><strike>' . $at['xchan_name'] . '</strike></li>'; + $l[] = '<div class="dropdown-item"><strike>' . $at['xchan_name'] . '</strike></div>'; } } } diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 9ee5f9324..d1550ec89 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller { $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); $parsed = parse_url($dest); @@ -132,12 +133,31 @@ class Magic extends \Zotlabs\Web\Controller { if(local_channel()) { $channel = \App::get_channel(); + // OpenWebAuth + + if($owa) { + + $headers = []; + $headers['Accept'] = 'application/x-zot+json' ; + $headers['X-Open-Web-Auth'] = random_string(); + $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], + 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); + $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); + + if($x['success']) { + $j = json_decode($x['body'],true); + if($j['success'] && $j['token']) { + $x = strpbrk($dest,'?&'); + $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : ''); + goaway($dest . $args); + } + } + goaway($dest); + } + + $token = random_string(); - $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); - - $channel['token'] = $token; - $channel['token_sig'] = $token_sig; - + \Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel)) diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index 459ce5acf..e5509961a 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -22,32 +22,40 @@ class Mail extends \Zotlabs\Web\Controller { $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : ''); $rstr = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : ''); $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); - $expires = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE); + $expires = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE); + $raw = ((x($_REQUEST,'raw')) ? intval($_REQUEST['raw']) : 0); + $mimetype = ((x($_REQUEST,'mimetype')) ? notags(trim($_REQUEST['mimetype'])) : 'text/bbcode'); if($preview) { - $body = cleanup_bbcode($body); - $results = linkify_tags($a, $body, local_channel()); + if($raw) { + $body = mail_prepare_binary(['id' => 'M0']); + echo json_encode(['preview' => $body]); + } + else { + $body = cleanup_bbcode($body); + $results = linkify_tags($a, $body, local_channel()); - if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { - $attachments = array(); - foreach($match[2] as $mtch) { - $hash = substr($mtch,0,strpos($mtch,',')); - $rev = intval(substr($mtch,strpos($mtch,','))); - $r = attach_by_hash_nodata($hash,get_observer_hash(),$rev); - if($r['success']) { - $attachments[] = array( - 'href' => z_root() . '/attach/' . $r['data']['hash'], - 'length' => $r['data']['filesize'], - 'type' => $r['data']['filetype'], - 'title' => urlencode($r['data']['filename']), - 'revision' => $r['data']['revision'] - ); + if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { + $attachments = array(); + foreach($match[2] as $mtch) { + $hash = substr($mtch,0,strpos($mtch,',')); + $rev = intval(substr($mtch,strpos($mtch,','))); + $r = attach_by_hash_nodata($hash,get_observer_hash(),$rev); + if($r['success']) { + $attachments[] = array( + 'href' => z_root() . '/attach/' . $r['data']['hash'], + 'length' => $r['data']['filesize'], + 'type' => $r['data']['filetype'], + 'title' => urlencode($r['data']['filename']), + 'revision' => $r['data']['revision'] + ); + } + $body = trim(str_replace($match[1],'',$body)); } - $body = trim(str_replace($match[1],'',$body)); } + echo json_encode(['preview' => zidify_links(smilies(bbcode($body)))]); } - echo json_encode(['preview' => zidify_links(smilies(bbcode($body)))]); killme(); } @@ -102,36 +110,10 @@ class Mail extends \Zotlabs\Web\Controller { } } - // if(feature_enabled(local_channel(),'richtext')) { - // $body = fix_mce_lf($body); - // } - require_once('include/text.php'); linkify_tags($a, $body, local_channel()); - // I don't think this is used any more. - - if($preview) { - $mail = [ - 'mailbox' => 'outbox', - 'id' => 0, - 'mid' => 'M0', - 'from_name' => $channel['xchan_name'], - 'from_url' => $channel['xchan_url'], - 'from_photo' => $channel['xchan_photo_s'], - 'subject' => zidify_links(smilies(bbcode($subject))), - 'body' => zidify_links(smilies(bbcode($body))), - 'attachments' => '', - 'can_recall' => false, - 'is_recalled' => '', - 'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'], 'c') - ]; - - echo replace_macros(get_markup_template('mail_conv.tpl'), [ '$mail' => $mail ] ); - killme(); - } - if(! $recipient) { notice('No recipient found.'); \App::$argc = 2; @@ -141,7 +123,7 @@ class Mail extends \Zotlabs\Web\Controller { // We have a local_channel, let send_message use the session channel and save a lookup - $ret = send_message(0, $recipient, $body, $subject, $replyto, $expires); + $ret = send_message(0, $recipient, $body, $subject, $replyto, $expires, $mimetype, $raw); if($ret['success']) { xchan_mail_query($ret['mail']); @@ -158,7 +140,7 @@ class Mail extends \Zotlabs\Web\Controller { function get() { $o = ''; - nav_set_selected('messages'); + nav_set_selected(t('Mail')); if(! local_channel()) { notice( t('Permission denied.') . EOL); @@ -178,6 +160,25 @@ class Mail extends \Zotlabs\Web\Controller { '$header' => t('Messages'), )); + if(argc() == 3 && intval(argv(1)) && argv(2) === 'download') { + + $r = q("select * from mail where id = %d and channel_id = %d", + intval(argv(1)), + intval(local_channel()) + ); + + if($r) { + + header('Content-type: ' . $r[0]['mail_mimetype']); + header('Content-disposition: attachment; filename="' . t('message') . '-' . $r[0]['id'] . '"' ); + $body = (($r[0]['mail_obscured']) ? base64url_decode(str_rot47($r[0]['body'])) : $r[0]['body']); + echo $body; + killme(); + } + + } + + if((argc() == 4) && (argv(2) === 'drop')) { if(! intval(argv(3))) return; @@ -296,7 +297,9 @@ class Mail extends \Zotlabs\Web\Controller { return $o; } - + + $direct_mid = 0; + switch(argv(1)) { case 'combined': $mailbox = 'combined'; @@ -309,12 +312,22 @@ class Mail extends \Zotlabs\Web\Controller { break; default: $mailbox = 'combined'; + + // notifications direct to mail/nn + + if(intval(argv(1))) + $direct_mid = intval(argv(1)); break; } + $last_message = private_messages_list(local_channel(), $mailbox, 0, 1); - + $mid = ((argc() > 2) && (intval(argv(2)))) ? argv(2) : $last_message[0]['id']; + + if($direct_mid) + $mid = $direct_mid; + $plaintext = true; @@ -358,6 +371,11 @@ class Mail extends \Zotlabs\Web\Controller { foreach($messages as $message) { $s = theme_attachments($message); + + if($message['mail_raw']) + $message['body'] = mail_prepare_binary([ 'id' => $message['id'] ]); + else + $message['body'] = zidify_links(smilies(bbcode($message['body']))); $mails[] = array( 'mailbox' => $mailbox, @@ -370,7 +388,7 @@ class Mail extends \Zotlabs\Web\Controller { 'to_url' => chanlink_hash($message['to_xchan']), 'to_photo' => $message['to']['xchan_photo_s'], 'subject' => $message['title'], - 'body' => zidify_links(smilies(bbcode($message['body']))), + 'body' => $message['body'], 'attachments' => $s, 'delete' => t('Delete message'), 'dreport' => t('Delivery report'), diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php index 3b7b3c3dd..2d8f39ded 100644 --- a/Zotlabs/Module/Manage.php +++ b/Zotlabs/Module/Manage.php @@ -10,6 +10,8 @@ class Manage extends \Zotlabs\Web\Controller { notice( t('Permission denied.') . EOL); return; } + + nav_set_selected('Manage'); require_once('include/security.php'); @@ -46,107 +48,111 @@ class Manage extends \Zotlabs\Web\Controller { $channels = null; - if(local_channel()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and channel_removed = 0 order by channel_name ", - intval(get_account_id()) - ); + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and channel_removed = 0 order by channel_name ", + intval(get_account_id()) + ); - $account = \App::get_account(); + $account = \App::get_account(); - if($r && count($r)) { - $channels = $r; - for($x = 0; $x < count($channels); $x ++) { - $channels[$x]['link'] = 'manage/' . intval($channels[$x]['channel_id']); - $channels[$x]['default'] = (($channels[$x]['channel_id'] == $account['account_default_channel']) ? "1" : ''); - $channels[$x]['default_links'] = '1'; + if($r && count($r)) { + $channels = $r; + for($x = 0; $x < count($channels); $x ++) { + $channels[$x]['link'] = 'manage/' . intval($channels[$x]['channel_id']); + $channels[$x]['default'] = (($channels[$x]['channel_id'] == $account['account_default_channel']) ? "1" : ''); + $channels[$x]['default_links'] = '1'; - $c = q("SELECT id, item_wall FROM item - WHERE item_unseen = 1 and uid = %d " . item_normal(), - intval($channels[$x]['channel_id']) - ); + $c = q("SELECT id, item_wall FROM item + WHERE item_unseen = 1 and uid = %d " . item_normal(), + intval($channels[$x]['channel_id']) + ); - if($c) { - foreach ($c as $it) { - if(intval($it['item_wall'])) - $channels[$x]['home'] ++; - else - $channels[$x]['network'] ++; - } + if($c) { + foreach ($c as $it) { + if(intval($it['item_wall'])) + $channels[$x]['home'] ++; + else + $channels[$x]['network'] ++; } + } - $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ", - intval($channels[$x]['channel_id']) - ); + $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ", + intval($channels[$x]['channel_id']) + ); - if($intr) - $channels[$x]['intros'] = intval($intr[0]['total']); + if($intr) + $channels[$x]['intros'] = intval($intr[0]['total']); - $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND mail_seen = 0 and from_xchan != '%s' ", - intval($channels[$x]['channel_id']), - dbesc($channels[$x]['channel_hash']) - ); + $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND mail_seen = 0 and from_xchan != '%s' ", + intval($channels[$x]['channel_id']), + dbesc($channels[$x]['channel_hash']) + ); - if($mails) - $channels[$x]['mail'] = intval($mails[0]['total']); + if($mails) + $channels[$x]['mail'] = intval($mails[0]['total']); - $events = q("SELECT etype, dtstart, adjust FROM event - WHERE event.uid = %d AND dtstart < '%s' AND dtstart > '%s' and dismissed = 0 - ORDER BY dtstart ASC ", - intval($channels[$x]['channel_id']), - dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')), - dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) - ); - - if($events) { - $channels[$x]['all_events'] = count($events); - - if($channels[$x]['all_events']) { - $str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d'); - foreach($events as $e) { - $bd = false; - if($e['etype'] === 'birthday') { - $channels[$x]['birthdays'] ++; - $bd = true; - } - else { - $channels[$x]['events'] ++; - } - if(datetime_convert('UTC', ((intval($e['adjust'])) ? date_default_timezone_get() : 'UTC'), $e['dtstart'], 'Y-m-d') === $str_now) { - $channels[$x]['all_events_today'] ++; - if($bd) - $channels[$x]['birthdays_today'] ++; - else - $channels[$x]['events_today'] ++; - } + $events = q("SELECT etype, dtstart, adjust FROM event + WHERE event.uid = %d AND dtstart < '%s' AND dtstart > '%s' and dismissed = 0 + ORDER BY dtstart ASC ", + intval($channels[$x]['channel_id']), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) + ); + + if($events) { + $channels[$x]['all_events'] = count($events); + + if($channels[$x]['all_events']) { + $str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d'); + foreach($events as $e) { + $bd = false; + if($e['etype'] === 'birthday') { + $channels[$x]['birthdays'] ++; + $bd = true; + } + else { + $channels[$x]['events'] ++; + } + if(datetime_convert('UTC', ((intval($e['adjust'])) ? date_default_timezone_get() : 'UTC'), $e['dtstart'], 'Y-m-d') === $str_now) { + $channels[$x]['all_events_today'] ++; + if($bd) + $channels[$x]['birthdays_today'] ++; + else + $channels[$x]['events_today'] ++; } } } } } - - $r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0", - intval(get_account_id()) - ); - $limit = account_service_class_fetch(get_account_id(),'total_identities'); - if($limit !== false) { - $channel_usage_message = sprintf( t("You have created %1$.0f of %2$.0f allowed channels."), $r[0]['total'], $limit); - } - else { - $channel_usage_message = ''; - } + + } + + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0", + intval(get_account_id()) + ); + $limit = account_service_class_fetch(get_account_id(),'total_identities'); + if($limit !== false) { + $channel_usage_message = sprintf( t("You have created %1$.0f of %2$.0f allowed channels."), $r[0]['total'], $limit); } + else { + $channel_usage_message = ''; + } + $create = array( 'new_channel', t('Create a new channel'), t('Create New')); - $delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where - abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = '1' )", - intval(local_channel()), - intval(local_channel()) - ); + $delegates = null; + + if(local_channel()) { + $delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where + abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = '1' )", + intval(local_channel()), + intval(local_channel()) + ); + } if($delegates) { for($x = 0; $x < count($delegates); $x ++) { diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php new file mode 100644 index 000000000..9af43420d --- /dev/null +++ b/Zotlabs/Module/Moderate.php @@ -0,0 +1,76 @@ +<?php + +namespace Zotlabs\Module; + +require_once('include/conversation.php'); + + +class Moderate extends \Zotlabs\Web\Controller { + + + function get() { + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + + if(argc() > 2) { + $post_id = intval(argv(1)); + if(! $post_id) + goaway(z_root() . '/moderate'); + + $action = argv(2); + + $r = q("select * from item where uid = %d and id = %d and item_blocked = %d limit 1", + intval(local_channel()), + intval($post_id), + intval(ITEM_MODERATED) + ); + + if($r) { + if($action === 'approve') { + q("update item set item_blocked = 0 where uid = %d and id = %d", + intval(local_channel()), + intval($post_id) + ); + notice( t('Comment approved') . EOL); + } + elseif($action === 'drop') { + drop_item($post_id,false); + notice( t('Comment deleted') . EOL); + } + + $r = q("select * from item where id = %d", + intval($post_id) + ); + if($r) { + xchan_query($r); + $sync_item = fetch_post_tags($r); + build_sync_packet(local_channel(),array('item' => array(encode_item($sync_item[0],true)))); + } + if($action === 'approve') { + \Zotlabs\Daemon\Master::Summon(array('Notifier', 'comment-new', $post_id)); + } + goaway(z_root() . '/moderate'); + } + } + $r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60", + intval(local_channel()), + intval(ITEM_MODERATED) + ); + + if($r) { + xchan_query($r); + $items = fetch_post_tags($r,true); + } + else { + $items = array(); + } + + $o = conversation($items,'moderate',false,'traditional'); + return $o; + + } + +}
\ No newline at end of file diff --git a/Zotlabs/Module/Mood.php b/Zotlabs/Module/Mood.php index eeb050040..85c8a3042 100644 --- a/Zotlabs/Module/Mood.php +++ b/Zotlabs/Module/Mood.php @@ -110,17 +110,17 @@ class Mood extends \Zotlabs\Web\Controller { - function get() { + function get() { if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + + nav_set_selected(t('Mood')); + $parent = ((x($_GET,'parent')) ? intval($_GET['parent']) : '0'); - - $verbs = get_mood_verbs(); $shortlist = array(); diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 8263420b6..2b5584c35 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -44,6 +44,7 @@ class Network extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $item_normal = item_normal(); + $item_normal_update = item_normal_update(); $datequery = $datequery2 = ''; @@ -116,10 +117,9 @@ class Network extends \Zotlabs\Web\Controller { $spam = ((x($_GET,'spam')) ? intval($_GET['spam']) : 0); $cmin = ((x($_GET,'cmin')) ? intval($_GET['cmin']) : 0); $cmax = ((x($_GET,'cmax')) ? intval($_GET['cmax']) : 99); - $firehose = ((x($_GET,'fh')) ? intval($_GET['fh']) : 0); $file = ((x($_GET,'file')) ? $_GET['file'] : ''); - - + $xchan = ((x($_GET,'xchan')) ? $_GET['xchan'] : ''); + $deftag = ''; if(x($_GET,'search') || x($_GET,'file')) @@ -154,7 +154,7 @@ class Network extends \Zotlabs\Web\Controller { )); } - nav_set_selected('network'); + nav_set_selected(t('Activity')); $channel_acl = array( 'allow_cid' => $channel['channel_allow_cid'], @@ -257,6 +257,26 @@ class Network extends \Zotlabs\Web\Controller { goaway(z_root() . '/network'); } } + elseif($xchan) { + $r = q("select * from xchan where xchan_hash = '%s'", + dbesc($xchan) + ); + if($r) { + $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($xchan) . "' or owner_xchan = '" . dbesc($xchan) . "' ) $item_normal ) "; + $title = replace_macros(get_markup_template("section_title.tpl"),array( + '$title' => '<a href="' . zid($r[0]['xchan_url']) . '" ><img src="' . zid($r[0]['xchan_photo_s']) . '" alt="' . urlencode($r[0]['xchan_name']) . '" /></a> <a href="' . zid($r[0]['xchan_url']) . '" >' . $r[0]['xchan_name'] . '</a>' + )); + $o = $tabs; + $o .= $title; + $o .= $status_editor; + + } + else { + notice( t('Invalid channel.') . EOL); + goaway(z_root() . '/network'); + } + + } if(x($category)) { $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY)); @@ -270,9 +290,6 @@ class Network extends \Zotlabs\Web\Controller { // We only launch liveUpdate if you aren't filtering in some incompatible // way and also you aren't writing a comment (discovered in javascript). - if($gid || $cid || $cmin || ($cmax != 99) || $star || $liked || $conv || $spam || $nouveau || $list) - $firehose = 0; - $maxheight = get_pconfig(local_channel(),'system','network_divmore_height'); if(! $maxheight) $maxheight = 400; @@ -295,17 +312,18 @@ class Network extends \Zotlabs\Web\Controller { '$liked' => (($liked) ? $liked : '0'), '$conv' => (($conv) ? $conv : '0'), '$spam' => (($spam) ? $spam : '0'), - '$fh' => (($firehose) ? $firehose : '0'), + '$fh' => '0', '$nouveau' => (($nouveau) ? $nouveau : '0'), '$wall' => '0', '$static' => $static, '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1), '$search' => (($search) ? $search : ''), + '$xchan' => $xchan, '$order' => $order, '$file' => $file, - '$cats' => $category, - '$tags' => $hashtags, + '$cats' => urlencode($category), + '$tags' => urlencode($hashtags), '$dend' => $datequery, '$mid' => '', '$verb' => $verb, @@ -388,16 +406,7 @@ class Network extends \Zotlabs\Web\Controller { } $abook_uids = " and abook.abook_channel = " . local_channel() . " "; - - if($firehose && (! get_config('system','disable_discover_tab'))) { - require_once('include/channel.php'); - $sys = get_sys_channel(); - $uids = " and item.uid = " . intval($sys['channel_id']) . " "; - \App::$data['firehose'] = intval($sys['channel_id']); - } - else { - $uids = " and item.uid = " . local_channel() . " "; - } + $uids = " and item.uid = " . local_channel() . " "; if(get_pconfig(local_channel(),'system','network_list_mode')) $page_mode = 'list'; @@ -469,10 +478,11 @@ class Network extends \Zotlabs\Web\Controller { } else { + // this is an update $r = q("SELECT item.parent AS item_id FROM item left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) - WHERE true $uids $item_normal $simple_update + WHERE true $uids $item_normal_update $simple_update and (abook.abook_blocked = 0 or abook.abook_flags is null) $sql_extra3 $sql_extra $sql_nets " ); @@ -494,14 +504,14 @@ class Network extends \Zotlabs\Web\Controller { dbesc($parents_str) ); - xchan_query($items,true,(($firehose) ? local_channel() : 0)); + xchan_query($items,true); $items = fetch_post_tags($items,true); $items = conv_sort($items,$ordering); } else { $items = array(); } - + if($page_mode === 'list') { /** @@ -513,24 +523,30 @@ class Network extends \Zotlabs\Web\Controller { if($parents_str) { $update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )"; + $update_unseen .= " AND obj_type != '" . dbesc(ACTIVITY_OBJ_FILE) . "'"; $update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) "; } } else { if($parents_str) { - $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )"; + $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " ) AND obj_type != '" . dbesc(ACTIVITY_OBJ_FILE) . "'"; } } } - if(($update_unseen) && (! $firehose)) - $r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ", - intval(local_channel()) - ); + if($update_unseen) { + $x = [ 'channel_id' => local_channel(), 'update' => 'unset' ]; + call_hooks('update_unseen',$x); + if($x['update'] === 'unset' || intval($x['update'])) { + $r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ", + intval(local_channel()) + ); + } + } $mode = (($nouveau) ? 'network-new' : 'network'); - $o .= conversation($a,$items,$mode,$update,$page_mode); + $o .= conversation($items,$mode,$update,$page_mode); if(($items) && (! $update)) $o .= alt_pager($a,count($items)); diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index 8e6fd1d37..cfd45e909 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -134,7 +134,7 @@ class New_channel extends \Zotlabs\Web\Controller { $name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'), "*"); $nickhub = '@' . \App::get_hostname(); $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub), "*"); - $role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles); + $role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles); $o = replace_macros(get_markup_template('new_channel.tpl'), array( '$title' => t('Create Channel'), diff --git a/Zotlabs/Module/Notifications.php b/Zotlabs/Module/Notifications.php index e0313dd8b..652648701 100644 --- a/Zotlabs/Module/Notifications.php +++ b/Zotlabs/Module/Notifications.php @@ -40,7 +40,7 @@ class Notifications extends \Zotlabs\Web\Controller { $o .= replace_macros(get_markup_template('notifications.tpl'),array( '$notif_header' => t('System Notifications'), - '$notif_link_mark_seen' => t('Mark all system notifications seen'), + '$notif_link_mark_seen' => t('Mark all seen'), '$notif_content' => $notif_content, '$notifications_available' => $notifications_available, )); diff --git a/Zotlabs/Module/Notify.php b/Zotlabs/Module/Notify.php index f592f6f37..3d6e1c2e7 100644 --- a/Zotlabs/Module/Notify.php +++ b/Zotlabs/Module/Notify.php @@ -15,12 +15,16 @@ class Notify extends \Zotlabs\Web\Controller { intval(local_channel()) ); if($r) { - q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d", - dbesc($r[0]['parent']), - dbesc($r[0]['otype']), - dbesc($r[0]['link']), - intval(local_channel()) - ); + $x = [ 'channel_id' => local_channel(), 'update' => 'unset' ]; + call_hooks('update_unseen',$x); + if($x['update'] === 'unset' || intval($x['update'])) { + q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d", + dbesc($r[0]['parent']), + dbesc($r[0]['otype']), + dbesc($r[0]['link']), + intval(local_channel()) + ); + } goaway($r[0]['link']); } goaway(z_root()); diff --git a/Zotlabs/Module/Oembed.php b/Zotlabs/Module/Oembed.php index 9394e5942..aee5ea079 100644 --- a/Zotlabs/Module/Oembed.php +++ b/Zotlabs/Module/Oembed.php @@ -22,7 +22,7 @@ class Oembed extends \Zotlabs\Web\Controller { } else { - echo "<html><head><base target=\"_blank\" /></head><body>"; + echo "<html><head><base target=\"_blank\" rel=\"nofollow noopener\" /></head><body>"; $src = base64url_decode(argv(1)); $j = oembed_fetch_url($src); echo $j['html']; diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index dc0547a42..5e06d3540 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +require_once('include/security.php'); + // oembed provider @@ -41,6 +43,8 @@ class Oep extends \Zotlabs\Web\Controller { $arr = $this->oep_profile_reply($_REQUEST); elseif(fnmatch('*/profile/*',$url)) $arr = $this->oep_profile_reply($_REQUEST); + elseif(fnmatch('*/cards/*',$url)) + $arr = $this->oep_cards_reply($_REQUEST); if($arr) { if($html) { @@ -66,49 +70,158 @@ class Oep extends \Zotlabs\Web\Controller { $url = $args['url']; $maxwidth = intval($args['maxwidth']); $maxheight = intval($args['maxheight']); - - if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) { - $chn = $matches[3]; - $res = $matches[5]; + logger('processing display'); + if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) { + $res = $matches[2]; } - - if(! ($chn && $res)) - return; - $c = q("select * from channel where channel_address = '%s' limit 1", - dbesc($chn) + + if(strpos($res,'b64.') === 0) { + $res = base64url_decode(substr($res,4)); + } + + $item_normal = item_normal(); + + $p = q("select * from item where mid like '%s' limit 1", + dbesc($res . '%') ); - - if(! $c) + + if(! $p) return; + + $c = channelx_by_n($p[0]['uid']); + - $sql_extra = item_permissions_sql($c[0]['channel_id']); + if(! ($c && $res)) + return; + + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream')) + return; + + $sql_extra = item_permissions_sql($c['channel_id']); - $p = q("select * from item where mid = '%s' and uid = %d $sql_extra limit 1", - dbesc($res), - intval($c[0]['channel_id']) + $p = q("select * from item where mid like '%s' and uid = %d $sql_extra $item_normal limit 1", + dbesc($res . '%'), + intval($c['channel_id']) ); + if(! $p) return; xchan_query($p,true); $p = fetch_post_tags($p,true); + + // This function can get tripped up if the item is already a reshare + // (the multiple share declarations do not parse cleanly if nested) + // So build a template with a known nonsense string as the content, and then + // replace that known string with the actual rendered content, sending + // each content layer through bbcode() separately. + + $x = '2eGriplW^*Jmf4'; + + + $o = "[share author='".urlencode($p[0]['author']['xchan_name']). + "' profile='".$p[0]['author']['xchan_url'] . + "' avatar='".$p[0]['author']['xchan_photo_s']. + "' link='".$p[0]['plink']. + "' posted='".$p[0]['created']. + "' message_id='".$p[0]['mid']."']"; + if($p[0]['title']) + $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; + + $o .= $x; + $o .= "[/share]"; + $o = bbcode($o); + + $o = str_replace($x,bbcode($p[0]['body']),$o); + + $ret['type'] = 'rich'; + + $w = (($maxwidth) ? $maxwidth : 640); + $h = (($maxheight) ? $maxheight : intval($w * 2 / 3)); + + $ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>'; + + $ret['width'] = $w; + $ret['height'] = $h; + + return $ret; + + } + + + function oep_cards_reply($args) { + + $ret = []; + $url = $args['url']; + $maxwidth = intval($args['maxwidth']); + $maxheight = intval($args['maxheight']); + + if(preg_match('#//(.*?)/cards/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) { + $nick = $matches[2]; + $res = $matches[3]; + } + if(! ($nick && $res)) + return $ret; + + $channel = channelx_by_nick($nick); + + if(! $channel) + return $ret; + + + if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages')) + return $ret; + + $sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash()); + + $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1", + dbesc($res) + ); + if($r) { + $sql_extra = "and item.id = " . intval($r[0]['iid']) . " "; + } + else { + return $ret; + } + + $r = q("select * from item + where item.uid = %d and item_type = %d + $sql_extra order by item.created desc", + intval($channel['channel_id']), + intval(ITEM_TYPE_CARD) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 "; + + if($r) { + xchan_query($r); + $p = fetch_post_tags($r, true); + } + + $x = '2eGriplW^*Jmf4'; + $o = "[share author='".urlencode($p[0]['author']['xchan_name']). - "' profile='".$p[0]['author']['xchan_url'] . - "' avatar='".$p[0]['author']['xchan_photo_s']. - "' link='".$p[0]['plink']. - "' posted='".$p[0]['created']. - "' message_id='".$p[0]['mid']."']"; + "' profile='".$p[0]['author']['xchan_url'] . + "' avatar='".$p[0]['author']['xchan_photo_s']. + "' link='".$p[0]['plink']. + "' posted='".$p[0]['created']. + "' message_id='".$p[0]['mid']."']"; if($p[0]['title']) - $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; - $o .= $p[0]['body']; - $o .= "[/share]"; + $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; + + $o .= $x; + $o .= "[/share]"; $o = bbcode($o); + $o = str_replace($x,bbcode($p[0]['body']),$o); + $ret['type'] = 'rich'; $w = (($maxwidth) ? $maxwidth : 640); - $h = (($maxheight) ? $maxheight : $w * 2 / 3); + $h = (($maxheight) ? $maxheight : intval($w * 2 / 3)); $ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>'; @@ -118,6 +231,7 @@ class Oep extends \Zotlabs\Web\Controller { return $ret; } + function oep_mid_reply($args) { @@ -139,6 +253,9 @@ class Oep extends \Zotlabs\Web\Controller { if(! $c) return; + + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream')) + return; $sql_extra = item_permissions_sql($c[0]['channel_id']); @@ -151,23 +268,33 @@ class Oep extends \Zotlabs\Web\Controller { xchan_query($p,true); $p = fetch_post_tags($p,true); - + + // This function can get tripped up if the item is already a reshare + // (the multiple share declarations do not parse cleanly if nested) + // So build a template with a known nonsense string as the content, and then + // replace that known string with the actual rendered content, sending + // each content layer through bbcode() separately. + + $x = '2eGriplW^*Jmf4'; + $o = "[share author='".urlencode($p[0]['author']['xchan_name']). - "' profile='".$p[0]['author']['xchan_url'] . - "' avatar='".$p[0]['author']['xchan_photo_s']. - "' link='".$p[0]['plink']. - "' posted='".$p[0]['created']. - "' message_id='".$p[0]['mid']."']"; - if($p[0]['title']) - $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; - $o .= $p[0]['body']; - $o .= "[/share]"; + "' profile='".$p[0]['author']['xchan_url'] . + "' avatar='".$p[0]['author']['xchan_photo_s']. + "' link='".$p[0]['plink']. + "' posted='".$p[0]['created']. + "' message_id='".$p[0]['mid']."']"; + if($p[0]['title']) + $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; + $o .= $x; + $o .= "[/share]"; $o = bbcode($o); + $o = str_replace($x,bbcode($p[0]['body']),$o); + $ret['type'] = 'rich'; $w = (($maxwidth) ? $maxwidth : 640); - $h = (($maxheight) ? $maxheight : $w * 2 / 3); + $h = (($maxheight) ? $maxheight : intval($w * 2 / 3)); $ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>'; @@ -247,6 +374,9 @@ class Oep extends \Zotlabs\Web\Controller { if(! $c) return; + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files')) + return; + $sql_extra = permissions_sql($c[0]['channel_id']); $p = q("select resource_id from photo where album = '%s' and uid = %d and imgscale = 0 $sql_extra order by created desc limit 1", @@ -308,6 +438,9 @@ class Oep extends \Zotlabs\Web\Controller { if(! $c) return; + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files')) + return; + $sql_extra = permissions_sql($c[0]['channel_id']); $p = q("select resource_id from photo where uid = %d and imgscale = 0 $sql_extra order by created desc limit 1", @@ -368,7 +501,10 @@ class Oep extends \Zotlabs\Web\Controller { if(! $c) return; - + + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files')) + return; + $sql_extra = permissions_sql($c[0]['channel_id']); diff --git a/Zotlabs/Module/Ofeed.php b/Zotlabs/Module/Ofeed.php new file mode 100644 index 000000000..58488d4af --- /dev/null +++ b/Zotlabs/Module/Ofeed.php @@ -0,0 +1,48 @@ +<?php + +namespace Zotlabs\Module; + +/* Ofeed: Broken feed for software which requires broken feeds */ + +require_once('include/items.php'); + +class Ofeed extends \Zotlabs\Web\Controller { + + function init() { + + $params = []; + + $params['begin'] = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin'] : NULL_DATE); + $params['end'] = ((x($_REQUEST,'date_end')) ? $_REQUEST['date_end'] : ''); + $params['type'] = ((stristr(argv(0),'json')) ? 'json' : 'xml'); + $params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0); + $params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0); + $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0); + $params['records'] = ((x($params,'records')) ? intval($params['records']) : 10); + $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc'); + $params['cat'] = ((x($_REQUEST,'cat')) ? escape_tags($_REQUEST['cat']) : ''); + $params['compat'] = ((x($_REQUEST,'compat')) ? intval($_REQUEST['compat']) : 1); + + + if(argc() > 1) { + + if(observer_prohibited(true)) { + killme(); + } + + $channel = channelx_by_nick(argv(1)); + if(! $channel) { + killme(); + } + + + logger('public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']); + + echo get_public_feed($channel,$params); + + killme(); + } + + } + +} diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php new file mode 100644 index 000000000..4b0d855c5 --- /dev/null +++ b/Zotlabs/Module/Owa.php @@ -0,0 +1,53 @@ +<?php + +namespace Zotlabs\Module; + +/** + * OpenWebAuth verifier and token generator + * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home + * Requests to this endpoint should be signed using HTTP Signatures + * using the 'Authorization: Signature' authentication method + * If the signature verifies a token is returned. + * + * This token may be exchanged for an authenticated cookie. + */ + +class Owa extends \Zotlabs\Web\Controller { + + function init() { + + $ret = [ 'success' => false ]; + + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + continue; + } + + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + if($sigblock) { + $keyId = $sigblock['keyId']; + + if($keyId) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where hubloc_addr = '%s' limit 1", + dbesc(str_replace('acct:','',$keyId)) + ); + if($r) { + $hubloc = $r[0]; + $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); + if($verified && $verified['header_signed'] && $verified['header_valid']) { + $ret['success'] = true; + $token = random_string(32); + \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); + $ret['token'] = $token; + } + } + } + } + } + } + json_return_and_die($ret,'application/x-zot+json'); + } +} diff --git a/Zotlabs/Module/Page.php b/Zotlabs/Module/Page.php index 6ef285dd0..c142afe77 100644 --- a/Zotlabs/Module/Page.php +++ b/Zotlabs/Module/Page.php @@ -3,7 +3,6 @@ namespace Zotlabs\Module; require_once('include/items.php'); require_once('include/conversation.php'); -require_once('include/page_widgets.php'); class Page extends \Zotlabs\Web\Controller { @@ -43,11 +42,31 @@ class Page extends \Zotlabs\Web\Controller { $channel_address = argv(1); + // Always look first for the page name prefixed by the observer language; for instance page/nickname/de/foo + // followed by page/nickname/foo if that is not found. + // If your browser language is de and you want to access the default in this case, + // use page/nickname/-/foo to over-ride the language and access only the page with pagelink of 'foo' + + $page_name = ''; + $ignore_language = false; + + for($x = 2; $x < argc(); $x ++) { + if($page_name === '' && argv($x) === '-') { + $ignore_language = true; + continue; + } + if($page_name) + $page_name .= '/'; + $page_name .= argv($x); + } + + // The page link title was stored in a urlencoded format // php or the browser may/will have decoded it, so re-encode it for our search - $page_id = urlencode(argv(2)); - + $page_id = urlencode($page_name); + $lang_page_id = urlencode(\App::$language . '/' . $page_name); + $u = q("select channel_id from channel where channel_address = '%s' limit 1", dbesc($channel_address) ); @@ -64,16 +83,31 @@ class Page extends \Zotlabs\Web\Controller { require_once('include/security.php'); $sql_options = item_permissions_sql($u[0]['channel_id']); - - $r = q("select item.* from item left join iconfig on item.id = iconfig.iid - where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 - and (( iconfig.k = 'WEBPAGE' and item_type = %d ) - OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", - intval($u[0]['channel_id']), - dbesc($page_id), - intval(ITEM_TYPE_WEBPAGE), - intval(ITEM_TYPE_PDL) - ); + + $r = null; + + if(! $ignore_language) { + $r = q("select item.* from item left join iconfig on item.id = iconfig.iid + where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 + and (( iconfig.k = 'WEBPAGE' and item_type = %d ) + OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", + intval($u[0]['channel_id']), + dbesc($lang_page_id), + intval(ITEM_TYPE_WEBPAGE), + intval(ITEM_TYPE_PDL) + ); + } + if(! $r) { + $r = q("select item.* from item left join iconfig on item.id = iconfig.iid + where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 + and (( iconfig.k = 'WEBPAGE' and item_type = %d ) + OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_TYPE_WEBPAGE), + intval(ITEM_TYPE_PDL) + ); + } if(! $r) { // Check again with no permissions clause to see if it is a permissions issue diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 256a51e71..8a110f925 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -127,7 +127,6 @@ class Photo extends \Zotlabs\Web\Controller { } } - $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution) @@ -150,12 +149,16 @@ class Photo extends \Zotlabs\Web\Controller { $channel = channelx_by_n($r[0]['uid']); // Now we'll see if we can access the photo - $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1", dbesc($photo), intval($resolution) ); - + + // viewing cover photos is allowed unless a plugin chooses to block it. + + if($r && intval($r[0]['photo_usage']) === PHOTO_COVER && $resolution >= PHOTO_RES_COVER_1200) + $allowed = 1; + $d = [ 'imgscale' => $resolution, 'resource_id' => $photo, 'photo' => $r, 'allowed' => $allowed ]; call_hooks('get_photo',$d); diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 582174d0e..2ca9bfe50 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -15,13 +15,10 @@ class Photos extends \Zotlabs\Web\Controller { function init() { - if(observer_prohibited()) { return; } - $o = ''; - if(argc() > 1) { $nick = argv(1); @@ -54,7 +51,6 @@ class Photos extends \Zotlabs\Web\Controller { logger('mod-photos: photos_post: begin' , LOGGER_DEBUG); - logger('mod_photos: REQUEST ' . print_r($_REQUEST,true), LOGGER_DATA); logger('mod_photos: FILES ' . print_r($_FILES,true), LOGGER_DATA); @@ -92,14 +88,9 @@ class Photos extends \Zotlabs\Web\Controller { if((argc() > 3) && (argv(2) === 'album')) { - $album = hex2bin(argv(3)); - - if($album === t('Profile Photos')) { - // not allowed - goaway(z_root() . '/' . $_SESSION['photo_return']); - } - - if(! photos_album_exists($page_owner_uid,$album)) { + $album = argv(3); + + if(! photos_album_exists($page_owner_uid, get_observer_hash(), $album)) { notice( t('Album not found.') . EOL); goaway(z_root() . '/' . $_SESSION['photo_return']); } @@ -121,7 +112,7 @@ class Photos extends \Zotlabs\Web\Controller { $folder_hash = ''; - $r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'", + $r = q("select * from attach where is_dir = 1 and uid = %d and hash = '%s'", intval($page_owner_uid), dbesc($album) ); @@ -129,14 +120,7 @@ class Photos extends \Zotlabs\Web\Controller { notice( t('Album not found.') . EOL); return; } - if(count($r) > 1) { - notice( t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL); - return; - } - else { - $folder_hash = $r[0]['hash']; - } - + $folder_hash = $r[0]['hash']; $res = array(); @@ -468,7 +452,7 @@ class Photos extends \Zotlabs\Web\Controller { * default post action - upload a photo */ - $channel = \App::$data['channel']; + $channel = \App::$data['channel']; $observer = \App::$data['observer']; $_REQUEST['source'] = 'photos'; @@ -485,12 +469,10 @@ class Photos extends \Zotlabs\Web\Controller { if(! $r['success']) { notice($r['message'] . EOL); + goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); } - - if($_REQUEST['newalbum']) - goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum'])); - else - goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC',date_default_timezone_get(),'now', 'Y'))); + + goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $r['data']['folder']); } @@ -569,7 +551,11 @@ class Photos extends \Zotlabs\Web\Controller { return; } - $sql_extra = permissions_sql($owner_uid); + $sql_item = item_permissions_sql($owner_uid,get_observer_hash()); + $sql_extra = permissions_sql($owner_uid,get_observer_hash(),'photo'); + $sql_attach = permissions_sql($owner_uid,get_observer_hash(),'attach'); + + nav_set_selected(t('Photos')); $o = ""; @@ -579,7 +565,7 @@ class Photos extends \Zotlabs\Web\Controller { // tabs $_is_owner = (local_channel() && (local_channel() == $owner_uid)); - $o .= profile_tabs($a,$_is_owner, \App::$data['channel']['channel_address']); + //$o .= profile_tabs($a,$_is_owner, \App::$data['channel']['channel_address']); /** * Display upload form @@ -628,8 +614,14 @@ class Photos extends \Zotlabs\Web\Controller { if(! $aclselect) { $aclselect = '<input id="group_allow" type="hidden" name="allow_gid[]" value="" /><input id="contact_allow" type="hidden" name="allow_cid[]" value="" /><input id="group_deny" type="hidden" name="deny_gid[]" value="" /><input id="contact_deny" type="hidden" name="deny_cid[]" value="" />'; } - - $selname = (($datum) ? hex2bin($datum) : ''); + + $selname = ''; + + if($datum) { + $h = attach_by_hash_nodata($datum,get_observer_hash()); + $selname = $h['data']['display_path']; + } + $albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer'])); @@ -679,30 +671,19 @@ class Photos extends \Zotlabs\Web\Controller { */ if($datatype === 'album') { - - if(strlen($datum)) { - if((strlen($datum) & 1) || (! ctype_xdigit($datum))) { - notice( t('Album name could not be decoded') . EOL); - logger('mod_photos: illegal album encoding: ' . $datum); - $datum = ''; - goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); - } - } - - $album = (($datum) ? hex2bin($datum) : ''); - - \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n"; - //check if the album exists and if we have perms - $r = q("SELECT album FROM photo WHERE uid = %d AND album = '%s' and is_nsfw = %d $sql_extra LIMIT 1", - intval($owner_uid), - dbesc($album), - intval($unsafe) - ); + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); - if($r) { + if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) { \App::set_pager_itemspage(60); - } else { + $album = $x['display_path']; + } + else { goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); } @@ -712,26 +693,26 @@ class Photos extends \Zotlabs\Web\Controller { $order = 'DESC'; $r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.imgscale, p.description, p.created FROM photo p INNER JOIN - (SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph + (SELECT resource_id, max(imgscale) imgscale FROM photo left join attach on folder = '%s' and photo.resource_id = attach.hash WHERE attach.uid = %d AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale) ORDER BY created $order LIMIT %d OFFSET %d", + dbesc($x['hash']), intval($owner_uid), - dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe), intval(\App::$pager['itemspage']), intval(\App::$pager['start']) ); - - //edit album name + + // edit album name $album_edit = null; - if(($album !== t('Profile Photos')) && ($album !== 'Profile Photos') && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) { - if($can_post) { - $album_e = $album; - $albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer'])); + + if($can_post) { + $album_e = $album; + $albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer'])); - // @fixme - syncronise actions with DAV + // @fixme - syncronise actions with DAV // $edit_tpl = get_markup_template('album_edit.tpl'); // $album_edit = replace_macros($edit_tpl,array( @@ -745,13 +726,12 @@ class Photos extends \Zotlabs\Web\Controller { // '$dropsubmit' => t('Delete Album') // )); - } } if($_GET['order'] === 'posted') - $order = array(t('Show Newest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($album)); + $order = array(t('Show Newest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum); else - $order = array(t('Show Oldest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted'); + $order = array(t('Show Oldest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum . '?f=&order=posted'); $photos = array(); if(count($r)) { @@ -790,7 +770,7 @@ class Photos extends \Zotlabs\Web\Controller { if($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'),array( '$photos' => $photos, - '$album_id' => bin2hex($album) + '$album_id' => $datum )); } else { @@ -805,10 +785,10 @@ class Photos extends \Zotlabs\Web\Controller { $o .= replace_macros($tpl, array( '$photos' => $photos, '$album' => $album, - '$album_id' => bin2hex($album), + '$album_id' => $datum, '$album_edit' => array(t('Edit Album'), $album_edit), '$can_post' => $can_post, - '$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . bin2hex($album)), + '$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum), '$order' => $order, '$upload_form' => $upload_form, '$usage' => $usage_message @@ -822,8 +802,6 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } - // $o .= paginate($a); - return $o; } @@ -836,6 +814,11 @@ class Photos extends \Zotlabs\Web\Controller { \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n"; + $x = q("select folder from attach where hash = '%s' and uid = %d $sql_attach limit 1", + dbesc($datum), + intval($owner_uid) + ); + // fetch image, item containing image, then comments $ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,description,album,filename,mimetype,height,width,filesize,imgscale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM photo WHERE uid = %d AND resource_id = '%s' @@ -844,7 +827,7 @@ class Photos extends \Zotlabs\Web\Controller { dbesc($datum) ); - if(! $ph) { + if(! ($ph && $x)) { /* Check again - this time without specifying permissions */ @@ -869,16 +852,16 @@ class Photos extends \Zotlabs\Web\Controller { else $order = 'DESC'; - - $prvnxt = q("SELECT resource_id FROM photo WHERE album = '%s' AND uid = %d AND imgscale = 0 - $sql_extra ORDER BY created $order ", - dbesc($ph[0]['album']), + + $prvnxt = q("SELECT hash FROM attach WHERE folder = '%s' AND uid = %d AND is_photo = 1 + $sql_attach ORDER BY created $order ", + dbesc($x[0]['folder']), intval($owner_uid) ); - + if(count($prvnxt)) { for($z = 0; $z < count($prvnxt); $z++) { - if($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) { + if($prvnxt[$z]['hash'] == $ph[0]['resource_id']) { $prv = $z - 1; $nxt = $z + 1; if($prv < 0) @@ -889,8 +872,8 @@ class Photos extends \Zotlabs\Web\Controller { } } - $prevlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''); - $nextlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''); + $prevlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['hash'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''); + $nextlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['hash'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''); } @@ -907,7 +890,7 @@ class Photos extends \Zotlabs\Web\Controller { } } - $album_link = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']); + $album_link = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $x[0]['folder']; $tools = Null; $lock = Null; @@ -947,7 +930,7 @@ class Photos extends \Zotlabs\Web\Controller { // Do we have an item for this photo? $linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' - $sql_extra LIMIT 1", + $sql_item LIMIT 1", dbesc($datum) ); @@ -962,7 +945,7 @@ class Photos extends \Zotlabs\Web\Controller { $item_normal = item_normal(); $r = q("select * from item where parent_mid = '%s' - $item_normal and uid = %d $sql_extra ", + $item_normal and uid = %d $sql_item ", dbesc($link_item['mid']), intval($link_item['uid']) @@ -1008,13 +991,6 @@ class Photos extends \Zotlabs\Web\Controller { $edit = null; if($can_post) { - $m = q("select folder from attach where hash = '%s' and uid = %d limit 1", - dbesc($ph[0]['resource_id']), - intval($ph[0]['uid']) - ); - if($m) - $album_hash = $m[0]['folder']; - $album_e = $ph[0]['album']; $caption_e = $ph[0]['description']; $aclselect_e = (($_is_owner) ? populate_acl($ph[0], true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : ''); @@ -1024,35 +1000,35 @@ class Photos extends \Zotlabs\Web\Controller { $folder_list = attach_folder_select_list($ph[0]['uid']); - $edit = array( + $edit = [ 'edit' => t('Edit photo'), 'id' => $link_item['id'], - 'rotatecw' => t('Rotate CW (right)'), - 'rotateccw' => t('Rotate CCW (left)'), - 'albums' => $albums['albums'], - 'album' => $album_e, - 'album_select' => [ 'move_to_album', t('Move photo to album'), $album_hash, '', $folder_list ], - 'newalbum_label' => t('Enter a new album name'), + 'rotatecw' => t('Rotate CW (right)'), + 'rotateccw' => t('Rotate CCW (left)'), + 'albums' => $albums['albums'], + 'album' => $album_e, + 'album_select' => [ 'move_to_album', t('Move photo to album'), $x[0]['folder'], '', $folder_list ], + 'newalbum_label' => t('Enter a new album name'), 'newalbum_placeholder' => t('or select an existing one (doubleclick)'), - 'nickname' => \App::$data['channel']['channel_address'], - 'resource_id' => $ph[0]['resource_id'], - 'capt_label' => t('Caption'), - 'caption' => $caption_e, - 'tag_label' => t('Add a Tag'), - 'permissions' => t('Permissions'), - 'aclselect' => $aclselect_e, - 'allow_cid' => acl2json($ph[0]['allow_cid']), - 'allow_gid' => acl2json($ph[0]['allow_gid']), - 'deny_cid' => acl2json($ph[0]['deny_cid']), - 'deny_gid' => acl2json($ph[0]['deny_gid']), - 'lockstate' => $lockstate[0], - 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), - 'item_id' => ((count($linked_items)) ? $link_item['id'] : 0), - 'adult_enabled' => feature_enabled($owner_uid,'adult_photo_flagging'), - 'adult' => array('adult',t('Flag as adult in album view'), intval($ph[0]['is_nsfw']),''), - 'submit' => t('Submit'), - 'delete' => t('Delete Photo') - ); + 'nickname' => \App::$data['channel']['channel_address'], + 'resource_id' => $ph[0]['resource_id'], + 'capt_label' => t('Caption'), + 'caption' => $caption_e, + 'tag_label' => t('Add a Tag'), + 'permissions' => t('Permissions'), + 'aclselect' => $aclselect_e, + 'allow_cid' => acl2json($ph[0]['allow_cid']), + 'allow_gid' => acl2json($ph[0]['allow_gid']), + 'deny_cid' => acl2json($ph[0]['deny_cid']), + 'deny_gid' => acl2json($ph[0]['deny_gid']), + 'lockstate' => $lockstate[0], + 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), + 'item_id' => ((count($linked_items)) ? $link_item['id'] : 0), + 'adult_enabled' => feature_enabled($owner_uid,'adult_photo_flagging'), + 'adult' => array('adult',t('Flag as adult in album view'), intval($ph[0]['is_nsfw']),''), + 'submit' => t('Submit'), + 'delete' => t('Delete Photo') + ]; } if(count($linked_items)) { @@ -1065,19 +1041,19 @@ class Photos extends \Zotlabs\Web\Controller { $likebuttons = ''; - if($can_post || $can_comment) { - $likebuttons = array( - 'id' => $link_item['id'], + if($observer && ($can_post || $can_comment)) { + $likebuttons = [ + 'id' => $link_item['id'], 'likethis' => t("I like this \x28toggle\x29"), - 'nolike' => t("I don't like this \x28toggle\x29"), - 'share' => t('Share'), - 'wait' => t('Please wait') - ); + 'nolike' => t("I don't like this \x28toggle\x29"), + 'share' => t('Share'), + 'wait' => t('Please wait') + ]; } $comments = ''; if(! count($r)) { - if($can_post || $can_comment) { + if($observer && ($can_post || $can_comment)) { $commentbox = replace_macros($cmnt_tpl,array( '$return_path' => '', '$mode' => 'photos', @@ -1196,7 +1172,7 @@ class Photos extends \Zotlabs\Web\Controller { } - if($can_post || $can_comment) { + if($observer && ($can_post || $can_comment)) { $commentbox = replace_macros($cmnt_tpl,array( '$return_path' => '', '$jsreload' => $return_url, @@ -1277,25 +1253,13 @@ class Photos extends \Zotlabs\Web\Controller { \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n"; - /* - $r = q("SELECT resource_id, max(imgscale) AS imgscale FROM photo WHERE uid = %d - and photo_usage in ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id", - intval(\App::$data['channel']['channel_id']), - intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE), - intval($unsafe) - ); - if($r) { - \App::set_pager_total(count($r)); - \App::set_pager_itemspage(60); - } - */ \App::set_pager_itemspage(60); - $r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.album, p.imgscale, p.created FROM photo p + $r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.album, p.imgscale, p.created, p.display_path + FROM photo p INNER JOIN ( SELECT resource_id, max(imgscale) imgscale FROM photo - WHERE uid = %d AND photo_usage IN ( %d, %d ) + WHERE photo.uid = %d AND photo_usage IN ( %d, %d ) AND is_nsfw = %d $sql_extra group by resource_id ) ph ON (p.resource_id = ph.resource_id and p.imgscale = ph.imgscale) ORDER by p.created DESC LIMIT %d OFFSET %d", @@ -1313,21 +1277,19 @@ class Photos extends \Zotlabs\Web\Controller { if($r) { $twist = 'rotright'; foreach($r as $rr) { + + if(! attach_can_view_folder(\App::$data['channel']['channel_id'],get_observer_hash(),$rr['resource_id'])) + continue; + if($twist == 'rotright') $twist = 'rotleft'; else $twist = 'rotright'; $ext = $phototypes[$rr['mimetype']]; - if(\App::get_template_engine() === 'internal') { - $alt_e = template_escape($rr['filename']); - $name_e = template_escape($rr['album']); - } - else { - $alt_e = $rr['filename']; - $name_e = $rr['album']; - } - + $alt_e = $rr['filename']; + $name_e = dirname($rr['display_path']); + $photos[] = array( 'id' => $rr['id'], 'twist' => ' ' . $twist . rand(2,4), @@ -1336,9 +1298,7 @@ class Photos extends \Zotlabs\Web\Controller { 'src' => z_root() . '/photo/' . $rr['resource_id'] . '-' . ((($rr['imgscale']) == 6) ? 4 : $rr['imgscale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array( - 'link' => z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, - 'alt' => t('View Album'), ), ); diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index bf2fa5cc9..1a76f4f7b 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -36,6 +36,11 @@ class Ping extends \Zotlabs\Web\Controller { $result['all_events_today'] = 0; $result['notice'] = array(); $result['info'] = array(); + $result['pubs'] = 0; + $result['files'] = 0; + + if(! $_SESSION['static_loadtime']) + $_SESSION['static_loadtime'] = datetime_convert(); $t0 = dba_timer(); @@ -134,6 +139,30 @@ class Ping extends \Zotlabs\Web\Controller { db_utcnow(), db_quoteinterval('3 MINUTE') ); + $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; + $notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && !$disable_discover_tab : !$disable_discover_tab); + + if($notify_pubs) { + $sys = get_sys_channel(); + + $pubs = q("SELECT count(id) as total from item + WHERE uid = %d + AND author_xchan != '%s' + AND obj_type != '%s' + AND item_unseen = 1 + AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "' + $item_normal", + intval($sys['channel_id']), + dbesc(get_observer_hash()), + dbesc(ACTIVITY_OBJ_FILE) + ); + + if($pubs) + $result['pubs'] = intval($pubs[0]['total']); + } + + $t1 = dba_timer(); + if((! local_channel()) || ($result['invalid'])) { echo json_encode($result); killme(); @@ -265,9 +294,12 @@ class Ping extends \Zotlabs\Web\Controller { $r = q("SELECT * FROM item WHERE item_unseen = 1 and uid = %d $item_normal - and author_xchan != '%s' ORDER BY created DESC limit 300", + AND author_xchan != '%s' + AND obj_type != '%s' + ORDER BY created DESC limit 300", intval(local_channel()), - dbesc($ob_hash) + dbesc($ob_hash), + dbesc(ACTIVITY_OBJ_FILE) ); if($r) { @@ -356,15 +388,35 @@ class Ping extends \Zotlabs\Web\Controller { $result['notify'] = intval($t[0]['total']); } - $t1 = dba_timer(); + $t2 = dba_timer(); + + if($vnotify & VNOTIFY_FILES) { + $files = q("SELECT count(id) as total FROM item + WHERE verb = '%s' + AND obj_type = '%s' + AND uid = %d + AND owner_xchan != '%s' + AND item_unseen = 1", + dbesc(ACTIVITY_POST), + dbesc(ACTIVITY_OBJ_FILE), + intval(local_channel()), + dbesc($ob_hash) + ); + if($files) + $result['files'] = intval($files[0]['total']); + } + + $t2 = dba_timer(); if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) { $r = q("SELECT id, item_wall FROM item WHERE item_unseen = 1 and uid = %d $item_normal - and author_xchan != '%s'", + AND author_xchan != '%s' + AND obj_type != '%s'", intval(local_channel()), - dbesc($ob_hash) + dbesc($ob_hash), + dbesc(ACTIVITY_OBJ_FILE) ); if($r) { @@ -384,20 +436,20 @@ class Ping extends \Zotlabs\Web\Controller { if(! ($vnotify & VNOTIFY_CHANNEL)) $result['home'] = 0; - $t2 = dba_timer(); + $t4 = dba_timer(); if($vnotify & VNOTIFY_INTRO) { $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ", intval(local_channel()) ); - $t3 = dba_timer(); + $t5 = dba_timer(); if($intr) $result['intros'] = intval($intr[0]['total']); } - $t4 = dba_timer(); + $t6 = dba_timer(); $channel = \App::get_channel(); if($vnotify & VNOTIFY_MAIL) { @@ -420,7 +472,7 @@ class Ping extends \Zotlabs\Web\Controller { } } - $t5 = dba_timer(); + $t7 = dba_timer(); if($vnotify & (VNOTIFY_EVENT|VNOTIFY_EVENTTODAY|VNOTIFY_BIRTHDAY)) { $events = q("SELECT etype, dtstart, adjust FROM event @@ -466,9 +518,9 @@ class Ping extends \Zotlabs\Web\Controller { $x = json_encode($result); - $t6 = dba_timer(); + $t8 = dba_timer(); -// logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0)); +// logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t8 - $t7, $t7 - $t6, $t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0)); echo $x; killme(); diff --git a/Zotlabs/Module/Poke.php b/Zotlabs/Module/Poke.php index cf8d83023..0bd1187c7 100644 --- a/Zotlabs/Module/Poke.php +++ b/Zotlabs/Module/Poke.php @@ -41,7 +41,10 @@ class Poke extends \Zotlabs\Web\Controller { $activity = ACTIVITY_POKE . '#' . urlencode($verbs[$verb][0]); $contact_id = intval($_REQUEST['cid']); - if(! $contact_id) + + $xchan = trim($_REQUEST['xchan']); + + if(! ($contact_id || $xchan)) return; $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0); @@ -49,13 +52,20 @@ class Poke extends \Zotlabs\Web\Controller { logger('poke: verb ' . $verb . ' contact ' . $contact_id, LOGGER_DEBUG); - $r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where abook_id = %d and abook_channel = %d LIMIT 1", - intval($contact_id), - intval($uid) - ); - + if($contact_id) { + $r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where abook_id = %d and abook_channel = %d LIMIT 1", + intval($contact_id), + intval($uid) + ); + } + if($xchan) { + $r = q("SELECT * FROM xchan where xchan_hash like ( '%s' ) LIMIT 1", + dbesc($xchan . '%') + ); + } + if(! $r) { - logger('poke: no target ' . $contact_id); + logger('poke: no target.'); return; } @@ -79,7 +89,7 @@ class Poke extends \Zotlabs\Web\Controller { $deny_gid = $r[0]['deny_gid']; } } - else { + elseif($contact_id) { $item_private = ((x($_GET,'private')) ? intval($_GET['private']) : 0); @@ -92,9 +102,11 @@ class Poke extends \Zotlabs\Web\Controller { $arr = array(); + + $arr['item_wall'] = 1; $arr['owner_xchan'] = (($parent_item) ? $parent_item['owner_xchan'] : $channel['channel_hash']); - $arr['parent_mid'] = (($parent_mid) ? $parent_mid : $mid); + $arr['parent_mid'] = (($parent_mid) ? $parent_mid : ''); $arr['title'] = ''; $arr['allow_cid'] = $allow_cid; $arr['allow_gid'] = $allow_gid; @@ -131,12 +143,14 @@ class Poke extends \Zotlabs\Web\Controller { - function get() { + function get() { if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } + + nav_set_selected(t('Poke')); $name = ''; $id = ''; diff --git a/Zotlabs/Module/Post.php b/Zotlabs/Module/Post.php index c78484a45..f67cbf020 100644 --- a/Zotlabs/Module/Post.php +++ b/Zotlabs/Module/Post.php @@ -19,16 +19,16 @@ class Post extends \Zotlabs\Web\Controller { function init() { if(array_key_exists('auth', $_REQUEST)) { $x = new \Zotlabs\Zot\Auth($_REQUEST); - exit; } } function post() { - $z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler()); + if(array_key_exists('data',$_REQUEST)) { + $z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler()); + exit; + } - // notreached; - exit; } } diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index 7fc0e8ff5..859bed315 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -7,7 +7,9 @@ require_once('include/zot.php'); class Probe extends \Zotlabs\Web\Controller { function get() { - + + nav_set_selected(t('Remote Diagnostics')); + $o .= '<h3>Probe Diagnostic</h3>'; $o .= '<form action="probe" method="get">'; diff --git a/Zotlabs/Module/Profile.php b/Zotlabs/Module/Profile.php index 0bc23952b..43106e3af 100644 --- a/Zotlabs/Module/Profile.php +++ b/Zotlabs/Module/Profile.php @@ -21,6 +21,8 @@ class Profile extends \Zotlabs\Web\Controller { \App::$error = 404; return; } + + nav_set_selected('Profile'); $profile = ''; $channel = \App::get_channel(); @@ -37,8 +39,21 @@ class Profile extends \Zotlabs\Web\Controller { $profile = $r[0]['profile_guid']; } - \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which .'" />' . "\r\n" ; - + head_add_link( [ + 'rel' => 'alternate', + 'type' => 'application/atom+xml', + 'title' => t('Posts and comments'), + 'href' => z_root() . '/feed/' . $which + ]); + + head_add_link( [ + 'rel' => 'alternate', + 'type' => 'application/atom+xml', + 'title' => t('Only posts'), + 'href' => z_root() . '/feed/' . $which . '?f=&top=1' + ]); + + if(! $profile) { $x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", dbesc(argv(1)) @@ -79,7 +94,6 @@ class Profile extends \Zotlabs\Web\Controller { echo \App::$profile['profile_vcard']; killme(); } - $is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false); @@ -87,11 +101,14 @@ class Profile extends \Zotlabs\Web\Controller { notice( t('Permission denied.') . EOL); return; } - - $o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); - - \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n"; - + + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); + $o .= advanced_profile($a); call_hooks('profile_advanced',$o); return $o; diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 29a239f4d..47b627015 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -108,11 +108,13 @@ class Profile_photo extends \Zotlabs\Web\Controller { $aid = get_account_id(); $p = [ - 'aid' => $aid, - 'uid' => local_channel(), - 'resource_id' => $base_image['resource_id'], - 'filename' => $base_image['filename'], - 'album' => t('Profile Photos') + 'aid' => $aid, + 'uid' => local_channel(), + 'resource_id' => $base_image['resource_id'], + 'filename' => $base_image['filename'], + 'album' => t('Profile Photos'), + 'os_path' => $base_image['os_path'], + 'display_path' => $base_image['display_path'] ]; $p['imgscale'] = PHOTO_RES_PROFILE_300; @@ -183,8 +185,12 @@ class Profile_photo extends \Zotlabs\Web\Controller { photo_profile_setperms(local_channel(),$base_image['resource_id'],$_REQUEST['profile']); + $sync = attach_export_data($channel,$base_image['resource_id']); + if($sync) + build_sync_packet($channel['channel_id'],array('file' => array($sync))); - // Similarly, tell the nav bar to bypass the cache and update the avater image. + + // Similarly, tell the nav bar to bypass the cache and update the avatar image. $_SESSION['reload_avatar'] = true; info( t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL); @@ -341,6 +347,11 @@ class Profile_photo extends \Zotlabs\Web\Controller { photo_profile_setperms(local_channel(),$resource_id,$_REQUEST['profile']); + $sync = attach_export_data($channel,$resource_id); + if($sync) + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + + \Zotlabs\Daemon\Master::Summon(array('Directory',local_channel())); goaway(z_root() . '/profiles'); } diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index 32e888f14..b1cf9596c 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -9,7 +9,7 @@ class Profiles extends \Zotlabs\Web\Controller { function init() { - nav_set_selected('profiles'); + nav_set_selected('Profiles'); if(! local_channel()) { return; @@ -317,8 +317,10 @@ class Profiles extends \Zotlabs\Web\Controller { $hide_friends = ((intval($_POST['hide_friends'])) ? 1: 0); +// start fresh and create a new vcard. TODO: preserve the original guid or whatever else needs saving +// $orig_vcard = (($orig[0]['profile_vcard']) ? \Sabre\VObject\Reader::read($orig[0]['profile_vcard']) : null); - $orig_vcard = (($orig[0]['profile_vcard']) ? \Sabre\VObject\Reader::read($orig[0]['profile_vcard']) : null); + $orig_vcard = null; $channel = \App::get_channel(); @@ -330,13 +332,7 @@ class Profiles extends \Zotlabs\Web\Controller { 'photo' => $channel['xchan_photo_l'], 'adr' => [], 'adr_type' => [ $default_vcard_cat ], - 'tel' => [], - 'tel_type' => [ $default_vcard_cat ], - 'email' => [], - 'email_type' => [ $default_vcard_cat ], - 'impp' => [], - 'impp_type' => [ $default_vcard_cat ], - 'url' => [], + 'url' => [ $homepage ], 'url_type' => [ $default_vcard_cat ] ]; @@ -350,9 +346,12 @@ class Profiles extends \Zotlabs\Web\Controller { 6 => $country_name ]; - $profile_vcard = update_vcard($defcard,$orig_vcard); + $orig_vcard = \Sabre\VObject\Reader::read($profile_vcard); + + $profile_vcard = update_vcard($_REQUEST,$orig_vcard); + require_once('include/text.php'); linkify_tags($a, $likes, local_channel()); @@ -700,6 +699,10 @@ class Profiles extends \Zotlabs\Web\Controller { } //logger('extra_fields: ' . print_r($extra_fields,true)); + + $vc = $r[0]['profile_vcard']; + $vctmp = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); + $vcard = (($vctmp) ? get_vcard_array($vctmp,$r[0]['id']) : [] ); $f = get_config('system','birthday_input_format'); if(! $f) @@ -717,6 +720,7 @@ class Profiles extends \Zotlabs\Web\Controller { . get_form_security_token("profile_drop"), '$fields' => $fields, + '$vcard' => $vcard, '$guid' => $r[0]['profile_guid'], '$banner' => t('Edit Profile Details'), '$submit' => t('Submit'), @@ -776,11 +780,28 @@ class Profiles extends \Zotlabs\Web\Controller { '$film' => array('film', t('Film/Dance/Culture/Entertainment'), $r[0]['film']), '$interest' => array('interest', t('Hobbies/Interests'), $r[0]['interest']), '$romance' => array('romance',t('Love/Romance'), $r[0]['romance']), - '$work' => array('work', t('Work/Employment'), $r[0]['employment']), + '$employ' => array('work', t('Work/Employment'), $r[0]['employment']), '$education' => array('education', t('School/Education'), $r[0]['education']), '$contact' => array('contact', t('Contact information and social networks'), $r[0]['contact']), '$channels' => array('channels', t('My other channels'), $r[0]['channels']), '$extra_fields' => $extra_fields, + '$comms' => t('Communications'), + '$tel_label' => t('Phone'), + '$email_label' => t('Email'), + '$impp_label' => t('Instant messenger'), + '$url_label' => t('Website'), + '$adr_label' => t('Address'), + '$note_label' => t('Note'), + '$mobile' => t('Mobile'), + '$home' => t('Home'), + '$work' => t('Work'), + '$other' => t('Other'), + '$add_card' => t('Add Contact'), + '$add_field' => t('Add Field'), + '$create' => t('Create'), + '$update' => t('Update'), + '$delete' => t('Delete'), + '$cancel' => t('Cancel'), )); $arr = array('profile' => $r[0], 'entry' => $o); diff --git a/Zotlabs/Module/Pubsites.php b/Zotlabs/Module/Pubsites.php index d87967189..ef02cf099 100644 --- a/Zotlabs/Module/Pubsites.php +++ b/Zotlabs/Module/Pubsites.php @@ -36,7 +36,8 @@ class Pubsites extends \Zotlabs\Web\Controller { $o .= '</tr>'; if($j['sites']) { foreach($j['sites'] as $jj) { - if(! \Zotlabs\Lib\System::compatible_project($jj['project'])) + $projectname = explode(' ',$jj['project']); + if(! \Zotlabs\Lib\System::compatible_project($projectname[0])) continue; if(strpos($jj['version'],' ')) { $x = explode(' ', $jj['version']); diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 6c4d479d4..72d5f80fa 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -7,27 +7,32 @@ require_once('include/conversation.php'); class Pubstream extends \Zotlabs\Web\Controller { function get($update = 0, $load = false) { - + if($load) $_SESSION['loadtime'] = datetime_convert(); - + if(observer_prohibited(true)) { return login(); } - - if(get_config('system','disable_discover_tab')) + $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; + if($disable_discover_tab) return; $item_normal = item_normal(); + $item_normal_update = item_normal_update(); $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); if(! $update) { - $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0); + nav_set_selected(t('Public Stream')); + + $_SESSION['static_loadtime'] = datetime_convert(); + + $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); $maxheight = get_config('system','home_divmore_height'); if(! $maxheight) @@ -57,6 +62,7 @@ class Pubstream extends \Zotlabs\Web\Controller { '$static' => $static, '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1), '$search' => '', + '$xchan' => '', '$order' => 'comment', '$file' => '', '$cats' => '', @@ -104,7 +110,7 @@ class Pubstream extends \Zotlabs\Web\Controller { $simple_update = ''; if($static && $simple_update) - $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; + $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; //logger('update: ' . $update . ' load: ' . $load); @@ -131,7 +137,7 @@ class Pubstream extends \Zotlabs\Web\Controller { $r = q("SELECT distinct item.id AS item_id, $ordering FROM item left join abook on item.author_xchan = abook.abook_xchan - WHERE true $uids $item_normal + WHERE true $uids $item_normal_update AND item.parent = item.id $simple_update and (abook.abook_blocked = 0 or abook.abook_flags is null) $sql_extra3 $sql_extra $sql_nets" @@ -166,7 +172,7 @@ class Pubstream extends \Zotlabs\Web\Controller { // fake it $mode = ('network'); - $o .= conversation($a,$items,$mode,$update,$page_mode); + $o .= conversation($items,$mode,$update,$page_mode); if(($items) && (! $update)) $o .= alt_pager($a,count($items)); diff --git a/Zotlabs/Module/Randprof.php b/Zotlabs/Module/Randprof.php index dc2e925fe..94ec095cb 100644 --- a/Zotlabs/Module/Randprof.php +++ b/Zotlabs/Module/Randprof.php @@ -8,7 +8,7 @@ class Randprof extends \Zotlabs\Web\Controller { function init() { $x = random_profile(); if($x) - goaway(chanlink_url($x)); + goaway(chanlink_hash($x)); /** FIXME this doesn't work at the moment as a fallback */ goaway(z_root() . '/profile'); diff --git a/Zotlabs/Module/React.php b/Zotlabs/Module/React.php index ed4f87e7e..6cd79c952 100644 --- a/Zotlabs/Module/React.php +++ b/Zotlabs/Module/React.php @@ -39,6 +39,10 @@ class React extends \Zotlabs\Web\Controller { $n['author_xchan'] = $channel['channel_hash']; $x = item_store($n); + + if(local_channel()) + retain_item($postid); + if($x['success']) { $nid = $x['item_id']; \Zotlabs\Daemon\Master::Summon(array('Notifier','like',$nid)); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 1d8944d8e..d4573156c 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -151,7 +151,7 @@ class Register extends \Zotlabs\Web\Controller { $new_channel = false; $next_page = 'new_channel'; - if(get_config('system','auto_channel_create') || get_config('system','server_role') == 'basic') { + if(get_config('system','auto_channel_create')) { $new_channel = auto_channel_create($result['account']['account_id']); if($new_channel['success']) { $channel_id = $new_channel['channel']['channel_id']; @@ -237,14 +237,12 @@ class Register extends \Zotlabs\Web\Controller { $name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"')); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub)); - $role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles); + $role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles); $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); - $server_role = get_config('system','server_role'); - - $auto_create = (($server_role == 'basic') || (get_config('system','auto_channel_create')) ? true : false); - $default_role = (($server_role == 'basic') ? 'social' : get_config('system','default_permissions_role')); + $auto_create = (get_config('system','auto_channel_create') ? true : false); + $default_role = get_config('system','default_permissions_role'); require_once('include/bbcode.php'); diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 9fcc72441..0c4eb9ae4 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -18,7 +18,7 @@ class Rmagic extends \Zotlabs\Web\Controller { if($r[0]['hubloc_url'] === z_root()) goaway(z_root() . '/login'); $dest = z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string); - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&dest=' . $dest); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest); } } } @@ -63,7 +63,7 @@ class Rmagic extends \Zotlabs\Web\Controller { else $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string)); - goaway($url . '/magic' . '?f=&dest=' . $dest); + goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest); } } } diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index 1349cd1c5..e716d1330 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -20,6 +20,7 @@ require_once('include/zot.php'); * body= Body of post * url= URL which will be parsed and the results appended to the body * source= Source application + * post_id= post_id of post to 'share' (local use only) * remote_return= absolute URL to return after posting is finished * type= choices are 'html' or 'bbcode', default is 'bbcode' * @@ -59,6 +60,8 @@ class Rpost extends \Zotlabs\Web\Controller { } return login(); } + + nav_set_selected(t('Post')); // If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables @@ -88,8 +91,6 @@ class Rpost extends \Zotlabs\Web\Controller { } $plaintext = true; - // if(feature_enabled(local_channel(),'richtext')) - // $plaintext = false; if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') { require_once('include/html2bbcode.php'); @@ -108,28 +109,67 @@ class Rpost extends \Zotlabs\Web\Controller { if($x['success']) $_REQUEST['body'] = $_REQUEST['body'] . $x['body']; } + + if($_REQUEST['post_id']) { + $r = q("SELECT * from item WHERE id = %d LIMIT 1", + intval($_REQUEST['post_id']) + ); + if(($r) && (! intval($r[0]['item_private']))) { + $sql_extra = item_permissions_sql($r[0]['uid']); + + $r = q("select * from item where id = %d $sql_extra", + intval($_REQUEST['post_id']) + ); + if($r && $r[0]['mimetype'] === 'text/bbcode') { + + xchan_query($r); + + $is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false); + if($is_photo) { + $object = json_decode($r[0]['obj'],true); + $photo_bb = $object['body']; + } + + if (strpos($r[0]['body'], "[/share]") !== false) { + $pos = strpos($r[0]['body'], "[share"); + $i = substr($r[0]['body'], $pos); + } else { + $i = "[share author='".urlencode($r[0]['author']['xchan_name']). + "' profile='".$r[0]['author']['xchan_url'] . + "' avatar='".$r[0]['author']['xchan_photo_s']. + "' link='".$r[0]['plink']. + "' posted='".$r[0]['created']. + "' message_id='".$r[0]['mid']."']"; + if($r[0]['title']) + $i .= '[b]'.$r[0]['title'].'[/b]'."\r\n"; + $i .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']); + $i .= "[/share]"; + } + } + } + $_REQUEST['body'] = $_REQUEST['body'] . $i; + } $x = array( - 'is_owner' => true, - 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), - 'default_location' => $channel['channel_location'], - 'nickname' => $channel['channel_address'], - 'lockstate' => (($acl->is_private()) ? 'lock' : 'unlock'), - 'acl' => populate_acl($channel_acl, true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), - 'permissions' => $channel_acl, - 'bang' => '', - 'visitor' => true, - 'profile_uid' => local_channel(), - 'title' => $_REQUEST['title'], - 'body' => $_REQUEST['body'], - 'attachment' => $_REQUEST['attachment'], - 'source' => ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''), - 'return_path' => 'rpost/return', - 'bbco_autocomplete' => 'bbcode', - 'editor_autocomplete'=> true, - 'bbcode' => true, - 'jotnets' => true - + 'is_owner' => true, + 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), + 'default_location' => $channel['channel_location'], + 'nickname' => $channel['channel_address'], + 'lockstate' => (($acl->is_private()) ? 'lock' : 'unlock'), + 'acl' => populate_acl($channel_acl, true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), + 'permissions' => $channel_acl, + 'bang' => '', + 'visitor' => true, + 'profile_uid' => local_channel(), + 'title' => $_REQUEST['title'], + 'body' => $_REQUEST['body'], + 'attachment' => $_REQUEST['attachment'], + 'source' => ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''), + 'return_path' => 'rpost/return', + 'bbco_autocomplete' => 'bbcode', + 'editor_autocomplete' => true, + 'bbcode' => true, + 'jotnets' => true ); $editor = status_editor($a,$x); diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index 89eaa4ffa..e1d35b879 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -15,14 +15,14 @@ class Search extends \Zotlabs\Web\Controller { if((get_config('system','block_public')) || (get_config('system','block_public_search'))) { if ((! local_channel()) && (! remote_channel())) { notice( t('Public access denied.') . EOL); - return; + return; } } if($load) $_SESSION['loadtime'] = datetime_convert(); - nav_set_selected('search'); + nav_set_selected(t('Search')); require_once("include/bbcode.php"); require_once('include/security.php'); @@ -81,11 +81,12 @@ class Search extends \Zotlabs\Web\Controller { return $o; if($tag) { - $sql_extra = sprintf(" AND item.id IN (select oid from term where otype = %d and ttype in ( %d , %d) and term = '%s') ", + $wildtag = str_replace('*','%',$search); + $sql_extra = sprintf(" AND item.id IN (select oid from term where otype = %d and ttype in ( %d , %d) and term like '%s') ", intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG), - dbesc(protect_sprintf($search)) + dbesc(protect_sprintf($wildtag)) ); } else { @@ -130,6 +131,7 @@ class Search extends \Zotlabs\Web\Controller { '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1), '$search' => (($tag) ? urlencode('#') : '') . $search, + '$xchan' => '', '$order' => '', '$file' => '', '$cats' => '', @@ -143,7 +145,7 @@ class Search extends \Zotlabs\Web\Controller { } - $item_normal = item_normal(); + $item_normal = item_normal_search(); $pub_sql = public_permissions_sql($observer_hash); require_once('include/channel.php'); @@ -224,7 +226,7 @@ class Search extends \Zotlabs\Web\Controller { else $o .= '<h2>' . sprintf( t('Search results for: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>'; - $o .= conversation($a,$items,'search',$update,'client'); + $o .= conversation($items,'search',$update,'client'); $o .= '</div>'; diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 76794e21c..79031c98f 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -53,7 +53,7 @@ class Settings extends \Zotlabs\Web\Controller { function get() { - nav_set_selected('settings'); + nav_set_selected('Settings'); if((! local_channel()) || ($_SESSION['delegate'])) { notice( t('Permission denied.') . EOL ); diff --git a/Zotlabs/Module/Settings/Account.php b/Zotlabs/Module/Settings/Account.php index ec176797d..18890e89f 100644 --- a/Zotlabs/Module/Settings/Account.php +++ b/Zotlabs/Module/Settings/Account.php @@ -16,7 +16,7 @@ class Account { $account = \App::get_account(); if($email != $account['account_email']) { - if(! valid_email($email)) + if(! validate_email($email)) $errs[] = t('Not valid email.'); $adm = trim(get_config('system','admin_email')); if(($adm) && (strcasecmp($email,$adm) == 0)) { diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index 5b9cfdaca..e49c34666 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -199,6 +199,10 @@ class Channel { $vnotify += intval($_POST['vnotify10']); if(x($_POST,'vnotify11')) $vnotify += intval($_POST['vnotify11']); + if(x($_POST,'vnotify12')) + $vnotify += intval($_POST['vnotify12']); + if(x($_POST,'vnotify13') && ! get_config('system', 'disable_discover_tab')) + $vnotify += intval($_POST['vnotify13']); $always_show_in_notices = x($_POST,'always_show_in_notices') ? 1 : 0; @@ -277,8 +281,8 @@ class Channel { if($email_changed && \App::$config['system']['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout - // Why? Are we verifying people or email addresses? - + // Q: Why? Are we verifying people or email addresses? + // A: the policy is to verify email addresses } goaway(z_root() . '/settings' ); @@ -324,7 +328,7 @@ class Channel { foreach($global_perms as $k => $perm) { $options = array(); foreach($perm_opts as $opt) { - if((! strstr($k,'view')) && $opt[1] == PERMS_PUBLIC) + if(((! strstr($k,'view')) && $k !== 'post_comments') && $opt[1] == PERMS_PUBLIC) continue; $options[$opt[1]] = $opt[0]; } @@ -489,7 +493,6 @@ class Channel { '$h_prv' => t('Security and Privacy Settings'), '$permissions_set' => $permissions_set, - '$server_role' => \Zotlabs\Lib\System::get_server_role(), '$perms_set_msg' => t('Your permissions are already configured. Click to view/adjust'), '$hide_presence' => array('hide_presence', t('Hide my online presence'),$hide_presence, t('Prevents displaying in your profile that you are online'), $yes_no), @@ -506,7 +509,7 @@ class Channel { '$expire' => array('expire',t('Expire other channel content after this many days'),$expire, t('0 or blank to use the website limit.') . ' ' . ((intval($sys_expire)) ? sprintf( t('This website expires after %d days.'),intval($sys_expire)) : t('This website does not expire imported content.')) . ' ' . t('The website limit takes precedence if lower than your limit.')), '$maxreq' => array('maxreq', t('Maximum Friend Requests/Day:'), intval($channel['channel_max_friend_req']) , t('May reduce spam activity')), - '$permissions' => t('Default Access Control List (ACL)'), + '$permissions' => t('Default Privacy Group'), '$permdesc' => t("\x28click to open/close\x29"), '$aclselect' => populate_acl($perm_defaults, false, \Zotlabs\Lib\PermissionDescription::fromDescription(t('Use my default audience setting for the type of object published'))), '$allow_cid' => acl2json($perm_defaults['allow_cid']), @@ -556,6 +559,8 @@ class Channel { '$vnotify9' => array('vnotify9', t('System critical alerts'), ($vnotify & VNOTIFY_ALERT), VNOTIFY_ALERT, t('Recommended'), $yes_no), '$vnotify10' => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended'), $yes_no), '$vnotify11' => array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no), + '$vnotify12' => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no), + '$vnotify13' => ((!get_config('system', 'disable_discover_tab')) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)), '$always_show_in_notices' => array('always_show_in_notices', t('Also show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no), '$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')), @@ -575,7 +580,7 @@ class Channel { '$removeme' => t('Remove Channel'), '$removechannel' => t('Remove this channel.'), '$firefoxshare' => t('Firefox Share $Projectname provider'), - '$cal_first_day' => array('first_day', t('Start calendar week on monday'), ((get_pconfig(local_channel(),'system','cal_first_day')) ? 1 : ''), '', $yes_no), + '$cal_first_day' => array('first_day', t('Start calendar week on Monday'), ((get_pconfig(local_channel(),'system','cal_first_day')) ? 1 : ''), '', $yes_no), )); call_hooks('settings_form',$o); diff --git a/Zotlabs/Module/Settings/Display.php b/Zotlabs/Module/Settings/Display.php index 67cecf1f5..a444d28a2 100644 --- a/Zotlabs/Module/Settings/Display.php +++ b/Zotlabs/Module/Settings/Display.php @@ -24,34 +24,34 @@ class Display { $mobile_theme = ((x($_POST,'mobile_theme')) ? notags(trim($_POST['mobile_theme'])) : ''); $preload_images = ((x($_POST,'preload_images')) ? intval($_POST['preload_images']) : 0); $user_scalable = ((x($_POST,'user_scalable')) ? intval($_POST['user_scalable']) : 0); - $nosmile = ((x($_POST,'nosmile')) ? intval($_POST['nosmile']) : 0); - $title_tosource = ((x($_POST,'title_tosource')) ? intval($_POST['title_tosource']) : 0); + $nosmile = ((x($_POST,'nosmile')) ? intval($_POST['nosmile']) : 0); + $title_tosource = ((x($_POST,'title_tosource')) ? intval($_POST['title_tosource']) : 0); $channel_list_mode = ((x($_POST,'channel_list_mode')) ? intval($_POST['channel_list_mode']) : 0); $network_list_mode = ((x($_POST,'network_list_mode')) ? intval($_POST['network_list_mode']) : 0); $manual_update = ((array_key_exists('manual_update',$_POST)) ? intval($_POST['manual_update']) : 0); - + $channel_divmore_height = ((x($_POST,'channel_divmore_height')) ? intval($_POST['channel_divmore_height']) : 400); if($channel_divmore_height < 50) $channel_divmore_height = 50; $network_divmore_height = ((x($_POST,'network_divmore_height')) ? intval($_POST['network_divmore_height']) : 400); if($network_divmore_height < 50) $network_divmore_height = 50; - + $browser_update = ((x($_POST,'browser_update')) ? intval($_POST['browser_update']) : 0); $browser_update = $browser_update * 1000; if($browser_update < 10000) $browser_update = 10000; - + $itemspage = ((x($_POST,'itemspage')) ? intval($_POST['itemspage']) : 20); if($itemspage > 100) $itemspage = 100; - - if ($mobile_theme == "---") + + if ($mobile_theme == "---") del_pconfig(local_channel(),'system','mobile_theme'); else { set_pconfig(local_channel(),'system','mobile_theme',$mobile_theme); } - + set_pconfig(local_channel(),'system','preload_images',$preload_images); set_pconfig(local_channel(),'system','user_scalable',$user_scalable); set_pconfig(local_channel(),'system','update_interval', $browser_update); @@ -63,9 +63,9 @@ class Display { set_pconfig(local_channel(),'system','channel_divmore_height', $channel_divmore_height); set_pconfig(local_channel(),'system','network_divmore_height', $network_divmore_height); set_pconfig(local_channel(),'system','manual_conversation_update', $manual_update); - + $newschema = ''; - if($theme == $existing_theme){ + if($theme){ // call theme_post only if theme has not been changed if( ($themeconfigfile = $this->get_theme_config_file($theme)) != null){ require_once($themeconfigfile); @@ -76,7 +76,7 @@ class Display { if(array_key_exists($_POST['schema'],$schemas)) $newschema = $_POST['schema']; if($newschema === '---') - $newschema = ''; + $newschema = ''; $theme_config->post(); } } @@ -85,18 +85,18 @@ class Display { logger('theme: ' . $theme . (($newschema) ? ':' . $newschema : '')); $_SESSION['theme'] = $theme . (($newschema) ? ':' . $newschema : ''); - + $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", dbesc($theme . (($newschema) ? ':' . $newschema : '')), intval(local_channel()) ); - + call_hooks('display_settings_post', $_POST); build_sync_packet(); goaway(z_root() . '/settings/display' ); return; // NOTREACHED } - + function get() { @@ -115,28 +115,36 @@ class Display { $default_mobile_theme = get_config('system','mobile_theme'); if(! $mobile_default_theme) $mobile_default_theme = 'none'; - + $allowed_themes_str = get_config('system','allowed_themes'); $allowed_themes_raw = explode(',',$allowed_themes_str); $allowed_themes = array(); if(count($allowed_themes_raw)) - foreach($allowed_themes_raw as $x) + foreach($allowed_themes_raw as $x) if(strlen(trim($x)) && is_dir("view/theme/$x")) $allowed_themes[] = trim($x); - + $themes = array(); $files = glob('view/theme/*'); if($allowed_themes) { foreach($allowed_themes as $th) { $f = $th; + + $info = get_theme_info($th); + $compatible = check_plugin_versions($info); + if(!$compatible) { + $mobile_themes[$f] = $themes[$f] = sprintf(t('%s - (Incompatible)'), $f); + continue; + } + $is_experimental = file_exists('view/theme/' . $th . '/experimental'); $unsupported = file_exists('view/theme/' . $th . '/unsupported'); $is_mobile = file_exists('view/theme/' . $th . '/mobile'); $is_library = file_exists('view/theme/'. $th . '/library'); - $mobile_themes["---"] = t("No special theme for mobile devices"); - - if (!$is_experimental or ($is_experimental && (get_config('experimentals','exp_themes')==1 or get_config('experimentals','exp_themes')===false))){ + $mobile_themes['---'] = t("No special theme for mobile devices"); + + if (!$is_experimental or ($is_experimental && (get_config('experimentals','exp_themes')==1 or get_config('experimentals','exp_themes')===false))){ $theme_name = (($is_experimental) ? sprintf(t('%s - (Experimental)'), $f) : $f); if (! $is_library) { if($is_mobile) { @@ -147,32 +155,35 @@ class Display { } } } - } } $theme_selected = ((array_key_exists('theme',$_SESSION) && $_SESSION['theme']) ? $_SESSION['theme'] : $theme); + if (strpos($theme_selected, ':')) { + $theme_selected = explode(':', $theme_selected)[0]; + } + $mobile_theme_selected = (!x($_SESSION,'mobile_theme')? $default_mobile_theme : $_SESSION['mobile_theme']); - + $preload_images = get_pconfig(local_channel(),'system','preload_images'); $preload_images = (($preload_images===false)? '0': $preload_images); // default if not set: 0 - + $user_scalable = get_pconfig(local_channel(),'system','user_scalable'); $user_scalable = (($user_scalable===false)? '0': $user_scalable); // default if not set: 0 - + $browser_update = intval(get_pconfig(local_channel(), 'system','update_interval')); $browser_update = (($browser_update == 0) ? 80 : $browser_update / 1000); // default if not set: 40 seconds - + $itemspage = intval(get_pconfig(local_channel(), 'system','itemspage')); $itemspage = (($itemspage > 0 && $itemspage < 101) ? $itemspage : 20); // default if not set: 20 items - + $nosmile = get_pconfig(local_channel(),'system','no_smilies'); $nosmile = (($nosmile===false)? '0': $nosmile); // default if not set: 0 - + $title_tosource = get_pconfig(local_channel(),'system','title_tosource'); $title_tosource = (($title_tosource===false)? '0': $title_tosource); // default if not set: 0 - + $theme_config = ""; if(($themeconfigfile = $this->get_theme_config_file($theme)) != null){ require_once($themeconfigfile); @@ -185,18 +196,18 @@ class Display { } // logger('schemas: ' . print_r($schemas,true)); - + $tpl = get_markup_template("settings_display.tpl"); $o = replace_macros($tpl, array( '$ptitle' => t('Display Settings'), - '$d_tset' => t('Theme Settings'), - '$d_ctset' => t('Custom Theme Settings'), + '$d_tset' => t('Theme Settings'), + '$d_ctset' => t('Custom Theme Settings'), '$d_cset' => t('Content Settings'), '$form_security_token' => get_form_security_token("settings_display"), '$submit' => t('Submit'), '$baseurl' => z_root(), '$uid' => local_channel(), - + '$theme' => (($themes) ? array('theme', t('Display Theme:'), $theme_selected, '', $themes, 'preview') : false), '$schema' => array('schema', t('Select scheme'), $existing_schema, '' , $schemas), @@ -215,11 +226,11 @@ class Display { '$network_list_mode' => array('network_list_mode', t('Use blog/list mode on grid page'), get_pconfig(local_channel(),'system','network_list_mode'), t('(comments displayed separately)'), $yes_no), '$channel_divmore_height' => array('channel_divmore_height', t('Channel page max height of content (in pixels)'), ((get_pconfig(local_channel(),'system','channel_divmore_height')) ? get_pconfig(local_channel(),'system','channel_divmore_height') : 400), t('click to expand content exceeding this height')), '$network_divmore_height' => array('network_divmore_height', t('Grid page max height of content (in pixels)'), ((get_pconfig(local_channel(),'system','network_divmore_height')) ? get_pconfig(local_channel(),'system','network_divmore_height') : 400) , t('click to expand content exceeding this height')), - - + + )); - call_hooks('display_settings',$o); + call_hooks('display_settings',$o); return $o; } @@ -227,10 +238,10 @@ class Display { function get_theme_config_file($theme){ $base_theme = \App::$theme_info['extends']; - + if (file_exists("view/theme/$theme/php/config.php")){ return "view/theme/$theme/php/config.php"; - } + } if (file_exists("view/theme/$base_theme/php/config.php")){ return "view/theme/$base_theme/php/config.php"; } @@ -239,5 +250,5 @@ class Display { - + } diff --git a/Zotlabs/Module/Settings/Featured.php b/Zotlabs/Module/Settings/Featured.php index 4885abd1d..ebe2996d3 100644 --- a/Zotlabs/Module/Settings/Featured.php +++ b/Zotlabs/Module/Settings/Featured.php @@ -10,14 +10,16 @@ class Featured { call_hooks('feature_settings_post', $_POST); - if(intval($_POST['affinity_cmax'])) { - set_pconfig(local_channel(),'affinity','cmax',intval($_POST['affinity_cmax'])); - } - if(intval($_POST['affinity_cmin'])) { - set_pconfig(local_channel(),'affinity','cmin',intval($_POST['affinity_cmin'])); - } - if(intval($_POST['affinity_cmax']) || intval($_POST['affinity_cmin'])) { - info( t('Affinity Slider settings updated.') . EOL); + if($_POST['affinity_slider-submit']) { + if(intval($_POST['affinity_cmax'])) { + set_pconfig(local_channel(),'affinity','cmax',intval($_POST['affinity_cmax'])); + } + if(intval($_POST['affinity_cmin'])) { + set_pconfig(local_channel(),'affinity','cmin',intval($_POST['affinity_cmin'])); + } + if(intval($_POST['affinity_cmax']) || intval($_POST['affinity_cmin'])) { + info( t('Affinity Slider settings updated.') . EOL); + } } build_sync_packet(); diff --git a/Zotlabs/Module/Settings/Permcats.php b/Zotlabs/Module/Settings/Permcats.php index 35d533196..336f69653 100644 --- a/Zotlabs/Module/Settings/Permcats.php +++ b/Zotlabs/Module/Settings/Permcats.php @@ -42,8 +42,6 @@ class Permcats { function get() { -logger('cmd: ' . \App::$cmd); - if(! local_channel()) return; @@ -85,7 +83,7 @@ logger('cmd: ' . \App::$cmd); if($existing[$k]) $thisperm = "1"; - $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited); + $perms[] = array('perms_' . $k, $v, '',$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited); } @@ -114,4 +112,4 @@ logger('cmd: ' . \App::$cmd); return $o; } -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index 9c688af01..2134288d6 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -73,9 +73,6 @@ class Setup extends \Zotlabs\Web\Controller { $phpath = trim($_POST['phpath']); $adminmail = trim($_POST['adminmail']); $siteurl = trim($_POST['siteurl']); - $server_role = trim($_POST['server_role']); - if(! $server_role) - $server_role = 'standard'; // $siteurl should not have a trailing slash @@ -103,9 +100,6 @@ class Setup extends \Zotlabs\Web\Controller { $timezone = trim($_POST['timezone']); $adminmail = trim($_POST['adminmail']); $siteurl = trim($_POST['siteurl']); - $server_role = trim($_POST['server_role']); - if(! $server_role) - $server_role = 'standard'; if($siteurl != z_root()) { $test = z_fetch_url($siteurl."/setup/testrewrite"); @@ -134,7 +128,7 @@ class Setup extends \Zotlabs\Web\Controller { '$dbpass' => $dbpass, '$dbdata' => $dbdata, '$dbtype' => $dbtype, - '$server_role' => $server_role, + '$server_role' => 'pro', '$timezone' => $timezone, '$siteurl' => $siteurl, '$site_id' => random_string(), @@ -192,14 +186,17 @@ class Setup extends \Zotlabs\Web\Controller { } $db_return_text = ''; if(x(\App::$data, 'db_installed')) { - $txt = '<p style="font-size: 130%;">'; - $txt .= t('Your site database has been installed.') . EOL; + $pass = 'Installation succeeded!'; + $icon = 'check'; + $txt = t('Your site database has been installed.') . EOL; $db_return_text .= $txt; } if(x(\App::$data, 'db_failed')) { + $pass = 'Database install failed!'; + $icon = 'exclamation-triangle'; $txt = t('You may need to import the file "install/schema_xxx.sql" manually using a database client.') . EOL; $txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ; - $txt .= "<pre>".\App::$data['db_failed'] . "</pre>". EOL ; + $txt .= "<pre>" . \App::$data['db_failed'] . "</pre>". EOL ; $db_return_text .= $txt; } if(\DBA::$dba && \DBA::$dba->connected) { @@ -223,8 +220,10 @@ class Setup extends \Zotlabs\Web\Controller { $tpl = get_markup_template('install.tpl'); return replace_macros($tpl, array( '$title' => $install_title, - '$pass' => '', - '$text' => $db_return_text . $this->what_next(), + '$icon' => $icon, + '$pass' => $pass, + '$text' => $db_return_text, + '$what_next' => $this->what_next() )); } @@ -324,11 +323,6 @@ class Setup extends \Zotlabs\Web\Controller { $siteurl = trim($_POST['siteurl']); $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles'); - $server_roles = [ - 'basic' => t('Basic/Minimal Social Networking'), - 'standard' => t('Standard Configuration (default)'), - 'pro' => t('Professional') - ]; $tpl = get_markup_template('install_settings.tpl'); $o .= replace_macros($tpl, array( @@ -348,8 +342,6 @@ class Setup extends \Zotlabs\Web\Controller { '$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')), - '$server_role' => array('server_role', t("Server Configuration/Role"), 'standard','',$server_roles), - '$timezone' => array('timezone', t('Please select a default timezone for your website'), $timezone, '', get_timezones()), '$baseurl' => z_root(), @@ -408,7 +400,7 @@ class Setup extends \Zotlabs\Web\Controller { if(!$passed) { $help .= t('Could not find a command line version of PHP in the web server PATH.'). EOL; $help .= t('If you don\'t have a command line version of PHP installed on server, you will not be able to run background polling via cron.') . EOL; - $help .= EOL . EOL ; + $help .= EOL; $tpl = get_markup_template('field_input.tpl'); $help .= replace_macros($tpl, array( '$field' => array('phpath', t('PHP executable path'), $phpath, t('Enter full path to php executable. You can leave this blank to continue the installation.')), @@ -456,7 +448,7 @@ class Setup extends \Zotlabs\Web\Controller { userReadableSize($result['max_upload_filesize']), $result['max_file_uploads'] ); - $help .= '<br>' . t('You can adjust these settings in the server php.ini file.'); + $help .= '<br><br>' . t('You can adjust these settings in the server php.ini file.'); $this->check_add($checks, t('PHP upload limits'), true, false, $help); } @@ -508,6 +500,7 @@ class Setup extends \Zotlabs\Web\Controller { $this->check_add($ck_funcs, t('PDO database PHP module'), true, true); $this->check_add($ck_funcs, t('mb_string PHP module'), true, true); $this->check_add($ck_funcs, t('xml PHP module'), true, true); + $this->check_add($ck_funcs, t('zip PHP module'), true, true); if(function_exists('apache_get_modules')){ if (! in_array('mod_rewrite', apache_get_modules())) { @@ -550,8 +543,12 @@ class Setup extends \Zotlabs\Web\Controller { $ck_funcs[4]['help'] = t('Error: mb_string PHP module required but not installed.'); } if(! extension_loaded('xml')) { + $ck_funcs[5]['status'] = false; + $ck_funcs[5]['help'] = t('Error: xml PHP module required for DAV but not installed.'); + } + if(! extension_loaded('zip')) { $ck_funcs[6]['status'] = false; - $ck_funcs[6]['help'] = t('Error: xml PHP module required for DAV but not installed.'); + $ck_funcs[6]['help'] = t('Error: zip PHP module required but not installed.'); } $checks = array_merge($checks, $ck_funcs); @@ -624,7 +621,6 @@ class Setup extends \Zotlabs\Web\Controller { * @param[out] array &$checks */ function check_htaccess(&$checks) { - $a = get_app(); $status = true; $help = ''; $ssl_error = false; @@ -718,7 +714,6 @@ class Setup extends \Zotlabs\Web\Controller { * @return string with parsed HTML */ function what_next() { - $a = get_app(); // install the standard theme set_config('system', 'allowed_themes', 'redbasic'); @@ -745,12 +740,12 @@ class Setup extends \Zotlabs\Web\Controller { $baseurl = z_root(); return - t('<h1>What next</h1>') - ."<p>".t('IMPORTANT: You will need to [manually] setup a scheduled task for the poller.') + t('<h1>What next?</h1>') + ."<div class=\"alert alert-info\">".t('IMPORTANT: You will need to [manually] setup a scheduled task for the poller.').EOL .t('Please see the file "install/INSTALL.txt".') - ."</p><p>" + ."</div><div>" .t("Go to your new hub <a href='$baseurl/register'>registration page</a> and register as new member. Remember to use the same email you have entered as administrator email. This will allow you to enter the site admin panel.") - ."</p>"; + ."</div>"; } /** diff --git a/Zotlabs/Module/Share.php b/Zotlabs/Module/Share.php index fcc2486ba..5c4811c59 100644 --- a/Zotlabs/Module/Share.php +++ b/Zotlabs/Module/Share.php @@ -76,7 +76,7 @@ class Share extends \Zotlabs\Web\Controller { $observer = \App::get_observer(); $parsed = $observer['xchan_url']; if($parsed) { - $post_url = $parsed['scheme'] . ':' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '') + $post_url = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '') . '/rpost'; /** diff --git a/Zotlabs/Module/Sharedwithme.php b/Zotlabs/Module/Sharedwithme.php index 25bc7dba3..2c97e9726 100644 --- a/Zotlabs/Module/Sharedwithme.php +++ b/Zotlabs/Module/Sharedwithme.php @@ -4,6 +4,11 @@ require_once('include/conversation.php'); require_once('include/text.php'); +/** + * @file Zotlabs/Module/Sharedwithme.php + * + */ + class Sharedwithme extends \Zotlabs\Web\Controller { function get() { @@ -92,7 +97,8 @@ class Sharedwithme extends \Zotlabs\Web\Controller { } - $o = profile_tabs($a, $is_owner, $channel['channel_address']); + //$o = profile_tabs($a, $is_owner, $channel['channel_address']); + $o = ''; $o .= replace_macros(get_markup_template('sharedwithme.tpl'), array( '$header' => t('Files: shared with me'), diff --git a/Zotlabs/Module/Siteinfo.php b/Zotlabs/Module/Siteinfo.php index 7c3918425..fafd51f65 100644 --- a/Zotlabs/Module/Siteinfo.php +++ b/Zotlabs/Module/Siteinfo.php @@ -5,14 +5,13 @@ namespace Zotlabs\Module; class Siteinfo extends \Zotlabs\Web\Controller { function init() { - if (argv(1) === 'json') { +logger(print_r($_REQUEST,true)); + if (argv(1) === 'json' || $_REQUEST['module_format'] === 'json') { $data = get_site_info(); json_return_and_die($data); } } - - - + function get() { $siteinfo = replace_macros(get_markup_template('siteinfo.tpl'), diff --git a/Zotlabs/Module/Siteinfo_json.php b/Zotlabs/Module/Siteinfo_json.php deleted file mode 100644 index 99c22610f..000000000 --- a/Zotlabs/Module/Siteinfo_json.php +++ /dev/null @@ -1,14 +0,0 @@ -<?php -namespace Zotlabs\Module; - - -class Siteinfo_json extends \Zotlabs\Web\Controller { - - function init() { - - $data = get_site_info(); - json_return_and_die($data); - - } - -} diff --git a/Zotlabs/Module/Suggest.php b/Zotlabs/Module/Suggest.php index 367308d90..c3f4a6d5a 100644 --- a/Zotlabs/Module/Suggest.php +++ b/Zotlabs/Module/Suggest.php @@ -3,8 +3,6 @@ namespace Zotlabs\Module; require_once('include/socgraph.php'); require_once('include/contact_widgets.php'); -require_once('include/widgets.php'); - class Suggest extends \Zotlabs\Web\Controller { @@ -23,13 +21,15 @@ class Suggest extends \Zotlabs\Web\Controller { } - function get() { + function get() { $o = ''; if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } + + nav_set_selected(t('Suggest Channels')); $_SESSION['return_url'] = z_root() . '/' . \App::$cmd; diff --git a/Zotlabs/Module/Tasks.php b/Zotlabs/Module/Tasks.php index c8deb11bf..0709f31f6 100644 --- a/Zotlabs/Module/Tasks.php +++ b/Zotlabs/Module/Tasks.php @@ -19,8 +19,8 @@ class Tasks extends \Zotlabs\Web\Controller { $arr['all'] = 1; $x = tasks_fetch($arr); + $x['html'] = ''; if($x['tasks']) { - $x['html'] = ''; foreach($x['tasks'] as $y) { $x['html'] .= '<div class="tasklist-item"><input type="checkbox" onchange="taskComplete(' . $y['id'] . '); return false;" /> ' . $y['summary'] . '</div>'; } @@ -69,6 +69,7 @@ class Tasks extends \Zotlabs\Web\Controller { if($x) $ret['success'] = true; } + json_return_and_die($ret); } diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php new file mode 100644 index 000000000..e0d9d74d7 --- /dev/null +++ b/Zotlabs/Module/Token.php @@ -0,0 +1,40 @@ +<?php + +namespace Zotlabs\Module; + + +class Token extends \Zotlabs\Web\Controller { + + + function get() { + + + // workaround for HTTP-auth in CGI mode + if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + if (x($_SERVER, 'HTTP_AUTHORIZATION')) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + + + + require_once('include/oauth2.php'); + $oauth2_server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send(); + + killme(); + } + +}
\ No newline at end of file diff --git a/Zotlabs/Module/Update_cards.php b/Zotlabs/Module/Update_cards.php new file mode 100644 index 000000000..bb87357e8 --- /dev/null +++ b/Zotlabs/Module/Update_cards.php @@ -0,0 +1,39 @@ +<?php + +namespace Zotlabs\Module; + +/** + * Module: update_profile + * Purpose: AJAX synchronisation of profile page + * + */ + + +class Update_cards extends \Zotlabs\Web\Controller { + +function get() { + + $profile_uid = intval($_GET['p']); + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body><section></section></body></html>\r\n"; + + killme(); + + + $mod = new Cards(); + + $text = $mod->get($profile_uid,$load); + + /** + * reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well + */ + + echo str_replace("\t",' ',$text); + echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; + killme(); + +} +} diff --git a/Zotlabs/Module/Update_display.php b/Zotlabs/Module/Update_display.php index 13b04204d..b2c6a56f5 100644 --- a/Zotlabs/Module/Update_display.php +++ b/Zotlabs/Module/Update_display.php @@ -21,26 +21,10 @@ class Update_display extends \Zotlabs\Web\Controller { $mod = new Display(); $text = $mod->get($profile_uid, $load); - $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; - $replace = "<img\${1} dst=\"\${2}\""; - // $text = preg_replace($pattern, $replace, $text); - /* - if(! $load) { - $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; - $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; - $text = preg_replace($pattern, $replace, $text); - } - */ echo str_replace("\t",' ',$text); echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); echo "</body></html>\r\n"; - // logger('update_display: ' . $text); + killme(); } diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 4364d482a..1f9c03751 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -70,7 +70,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { foreach($r as $rr) { - $url = chanlink_url($rr['xchan_url']); + $url = chanlink_hash($rr['xchan_hash']); if($url) { $contacts[] = array( 'id' => $rr['abook_id'], diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php index fa755a3ec..54ab89e81 100644 --- a/Zotlabs/Module/Viewsrc.php +++ b/Zotlabs/Module/Viewsrc.php @@ -13,6 +13,7 @@ class Viewsrc extends \Zotlabs\Web\Controller { $item_id = ((argc() > 1) ? intval(argv(1)) : 0); $json = ((argc() > 2 && argv(2) === 'json') ? true : false); + $dload = ((argc() > 2 && argv(2) === 'download') ? true : false); if(! local_channel()) { notice( t('Permission denied.') . EOL); @@ -27,7 +28,7 @@ class Viewsrc extends \Zotlabs\Web\Controller { $item_normal = item_normal(); if(local_channel() && $item_id) { - $r = q("select id, item_flags, item_obscured, body from item where uid in (%d , %d) and id = %d $item_normal limit 1", + $r = q("select id, item_flags, mimetype, item_obscured, body from item where uid in (%d , %d) and id = %d $item_normal limit 1", intval(local_channel()), intval($sys['channel_id']), intval($item_id) @@ -35,8 +36,18 @@ class Viewsrc extends \Zotlabs\Web\Controller { if($r) { if(intval($r[0]['item_obscured'])) - $r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); - $o = (($json) ? json_encode($r[0]['body']) : str_replace("\n",'<br />',$r[0]['body'])); + $dload = true; + + if($dload) { + header('Content-type: ' . $r[0]['mimetype']); + header('Content-disposition: attachment; filename="' . t('item') . '-' . $item_id . '"' ); + echo $r[0]['body']; + killme(); + } + + + $content = escape_tags($r[0]['body']); + $o = (($json) ? json_encode($content) : str_replace("\n",'<br />',$content)); } } diff --git a/Zotlabs/Module/Wall_attach.php b/Zotlabs/Module/Wall_attach.php index c6fe7518e..e001ad929 100644 --- a/Zotlabs/Module/Wall_attach.php +++ b/Zotlabs/Module/Wall_attach.php @@ -2,16 +2,25 @@ namespace Zotlabs\Module; require_once('include/attach.php'); -require_once('include/channel.php'); require_once('include/photos.php'); - class Wall_attach extends \Zotlabs\Web\Controller { + function init() { + logger('request_method: ' . $_SERVER['REQUEST_METHOD'],LOGGER_DATA,LOG_INFO); + logger('wall_attach: ' . print_r($_REQUEST,true),LOGGER_DEBUG,LOG_INFO); + logger('wall_attach files: ' . print_r($_FILES,true),LOGGER_DEBUG,LOG_INFO); + // for testing without actually storing anything + // http_status_exit(200,'OK'); + } + + function post() { $using_api = false; - + + $result = []; + if($_REQUEST['api_source'] && array_key_exists('media',$_FILES)) { $using_api = true; } @@ -28,7 +37,46 @@ class Wall_attach extends \Zotlabs\Web\Controller { if(! $channel) killme(); - + + $matches = []; + $partial = false; + + $x = preg_match('/bytes (\d*)\-(\d*)\/(\d*)/',$_SERVER['HTTP_CONTENT_RANGE'],$matches); + if($x) { + // logger('Content-Range: ' . print_r($matches,true)); + $partial = true; + } + + if($partial) { + $x = save_chunk($channel,$matches[1],$matches[2],$matches[3]); + if($x['partial']) { + header('Range: bytes=0-' . (($x['length']) ? $x['length'] - 1 : 0)); + json_return_and_die($result); + } + else { + header('Range: bytes=0-' . (($x['size']) ? $x['size'] - 1 : 0)); + + $_FILES['userfile'] = [ + 'name' => $x['name'], + 'type' => $x['type'], + 'tmp_name' => $x['tmp_name'], + 'error' => $x['error'], + 'size' => $x['size'] + ]; + } + } + else { + if(! array_key_exists('userfile',$_FILES)) { + $_FILES['userfile'] = [ + 'name' => $_FILES['files']['name'], + 'type' => $_FILES['files']['type'], + 'tmp_name' => $_FILES['files']['tmp_name'], + 'error' => $_FILES['files']['error'], + 'size' => $_FILES['files']['size'] + ]; + } + } + $observer = \App::get_observer(); @@ -49,12 +97,19 @@ class Wall_attach extends \Zotlabs\Web\Controller { $s = "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n"; } + + $sync = attach_export_data($channel,$r['data']['hash']); + if($sync) { + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + } + if($using_api) return $s; - - echo $s; - killme(); - + + $result['message'] = $s; + json_return_and_die($result); + } + } diff --git a/Zotlabs/Module/Webpages.php b/Zotlabs/Module/Webpages.php index 46b94f091..e449a790f 100644 --- a/Zotlabs/Module/Webpages.php +++ b/Zotlabs/Module/Webpages.php @@ -34,7 +34,9 @@ class Webpages extends \Zotlabs\Web\Controller { \App::$error = 404; return; } - + + nav_set_selected(t('Webpages')); + $which = argv(1); $_SESSION['return_url'] = \App::$query_string; @@ -142,7 +144,8 @@ class Webpages extends \Zotlabs\Web\Controller { $is_owner = ($uid && $uid == $owner); - $o = profile_tabs($a, $is_owner, \App::$profile['channel_address']); + //$o = profile_tabs($a, $is_owner, \App::$profile['channel_address']); + $o = ''; $x = array( 'webpage' => ITEM_TYPE_WEBPAGE, @@ -178,11 +181,8 @@ class Webpages extends \Zotlabs\Web\Controller { // so just list titles and an edit link. - /** @TODO - this should be replaced with pagelist_widget */ - $sql_extra = item_permissions_sql($owner); - $r = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item_type = %d $sql_extra order by item.created desc", @@ -190,12 +190,6 @@ class Webpages extends \Zotlabs\Web\Controller { intval(ITEM_TYPE_WEBPAGE) ); -// $r = q("select * from item_id left join item on item_id.iid = item.id -// where item_id.uid = %d and service = 'WEBPAGE' and item_type = %d $sql_extra order by item.created desc", -// intval($owner), -// intval(ITEM_TYPE_WEBPAGE) -// ); - if(! $r) $x['pagetitle'] = 'home'; @@ -217,13 +211,15 @@ class Webpages extends \Zotlabs\Web\Controller { 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], - 'pagetitle' => $rr['v'], + 'pageurl' => str_replace('%2f','/',$rr['v']), + 'pagetitle' => urldecode($rr['v']), 'mid' => $rr['mid'], 'layout_mid' => $rr['layout_mid'] ); $pages[$rr['iid']][] = array( 'url' => $rr['iid'], - 'pagetitle' => $rr['v'], + 'pageurl' => str_replace('%2f','/',$rr['v']), + 'pagetitle' => urldecode($rr['v']), 'title' => $rr['title'], 'created' => datetime_convert('UTC',date_default_timezone_get(),$rr['created']), 'edited' => datetime_convert('UTC',date_default_timezone_get(),$rr['edited']), @@ -693,7 +689,8 @@ class Webpages extends \Zotlabs\Web\Controller { } rrmdir($zip_folderpath); rrmdir($tmp_folderpath); // delete temporary files - + killme(); + break; default : break; diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 04eed47c3..d0c4d73d2 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -30,14 +30,23 @@ class Wfinger extends \Zotlabs\Web\Controller { $resource = $_REQUEST['resource']; logger('webfinger: ' . $resource,LOGGER_DEBUG); + + $root_resource = false; + + if(strcasecmp(rtrim($resource,'/'),z_root()) === 0) + $root_resource = true; + $r = null; - if($resource) { + if(($resource) && (! $root_resource)) { if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); if(strpos($channel,'@') !== false) { $host = substr($channel,strpos($channel,'@')+1); + + // If the webfinger address points off site, redirect to the correct site + if(strcasecmp($host,\App::get_hostname())) { goaway('https://' . $host . '/.well-known/webfinger?f=&resource=' . $resource . (($zot) ? '&zot=' . $zot : '')); } @@ -57,7 +66,25 @@ class Wfinger extends \Zotlabs\Web\Controller { header('Access-Control-Allow-Origin: *'); + + if($root_resource) { + $result['subject'] = $resource; + $result['properties'] = [ + 'https://w3id.org/security/v1#publicKeyPem' => get_config('system','pubkey') + ]; + $result['links'] = [ + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + ]; + + + + } + if($resource && $r) { $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", @@ -77,64 +104,80 @@ class Wfinger extends \Zotlabs\Web\Controller { } } - $result['aliases'] = array(); + $result['aliases'] = []; - $result['properties'] = array( - 'http://webfinger.net/ns/name' => $r[0]['channel_name'], - 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'] - ); + $result['properties'] = [ + 'http://webfinger.net/ns/name' => $r[0]['channel_name'], + 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], + 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'] + ]; foreach($aliases as $alias) if($alias != $resource) $result['aliases'][] = $alias; - $result['links'] = array( + $result['links'] = [ - array( - 'rel' => 'http://webfinger.net/rel/avatar', + [ + 'rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l'] - ), + ], - array( - 'rel' => 'http://webfinger.net/rel/profile-page', + [ + 'rel' => 'http://webfinger.net/rel/profile-page', 'href' => z_root() . '/profile/' . $r[0]['channel_address'], - ), + ], - array( - 'rel' => 'http://webfinger.net/rel/blog', + [ + 'rel' => 'http://schemas.google.com/g/2010#updates-from', + 'type' => 'application/atom+xml', + 'href' => z_root() . '/ofeed/' . $r[0]['channel_address'] + ], + + [ + 'rel' => 'http://webfinger.net/rel/blog', 'href' => z_root() . '/channel/' . $r[0]['channel_address'], - ), + ], - array( - 'rel' => 'http://ostatus.org/schema/1.0/subscribe', - 'template' => z_root() . '/follow/url={uri}', - ), + [ + 'rel' => 'http://ostatus.org/schema/1.0/subscribe', + 'template' => z_root() . '/follow?f=&url={uri}', + ], - array( - 'rel' => 'http://purl.org/zot/protocol', + [ + 'rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'], - ), + ], + + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + - array( - 'rel' => 'magic-public-key', + [ + 'rel' => 'magic-public-key', 'href' => 'data:application/magic-public-key,' . salmon_key($r[0]['channel_pubkey']), - ) - ); + ] + ]; if($zot) { // get a zotinfo packet and return it with webfinger - $result['zot'] = zotinfo(array('address' => $r[0]['xchan_addr'])); + $result['zot'] = zotinfo( [ 'address' => $r[0]['xchan_addr'] ]); } } - else { + + if(! $result) { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); killme(); } - $arr = array('channel' => $r[0], 'request' => $_REQUEST, 'result' => $result); + $arr = [ 'channel' => $r[0], 'request' => $_REQUEST, 'result' => $result ]; call_hooks('webfinger',$arr); - + + json_return_and_die($arr['result'],'application/jrd+json'); } diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index d42c26681..fe2bfbdfb 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -3,6 +3,7 @@ namespace Zotlabs\Module; use \Zotlabs\Lib as Zlib; +use \Michelf\MarkdownExtra; require_once('include/acl_selectors.php'); require_once('include/conversation.php'); @@ -41,7 +42,7 @@ class Wiki extends \Zotlabs\Web\Controller { if(! feature_enabled(\App::$profile_uid,'wiki')) { notice( t('Not found') . EOL); - return; + return; } @@ -75,6 +76,8 @@ class Wiki extends \Zotlabs\Web\Controller { $wiki_owner = true; + nav_set_selected(t('Wiki')); + // Obtain the default permission settings of the channel $owner_acl = array( 'allow_cid' => $owner['channel_allow_cid'], @@ -106,15 +109,17 @@ class Wiki extends \Zotlabs\Web\Controller { } $is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false); - $o = profile_tabs($a, $is_owner, \App::$profile['channel_address']); + //$o = profile_tabs($a, $is_owner, \App::$profile['channel_address']); + $o = ''; // Download a wiki -/* + if((argc() > 3) && (argv(2) === 'download') && (argv(3) === 'wiki')) { $resource_id = argv(4); + $w = Zlib\NativeWiki::get_wiki($owner['channel_id'],$observer_hash,$resource_id); - $w = Zlib\NativeWiki::get_wiki($owner,$observer_hash,$resource_id); +// $w = Zlib\NativeWiki::get_wiki($owner,$observer_hash,$resource_id); if(! $w['htmlName']) { notice(t('Error retrieving wiki') . EOL); } @@ -129,8 +134,41 @@ class Wiki extends \Zotlabs\Web\Controller { $zip_filename = $w['urlName']; $zip_filepath = '/tmp/' . $zip_folder_name . '/' . $zip_filename; + // Generate the zip file - ZLib\ExtendedZip::zipTree($w['path'], $zip_filepath, \ZipArchive::CREATE); + + $zip = new \ZipArchive; + $r = $zip->open($zip_filepath, \ZipArchive::CREATE); + if($r === true) { + $pages = []; + $i = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' order by revision desc", + dbesc($resource_id) + ); + + if($i) { + foreach($i as $iv) { + if(in_array($iv['mid'],$pages)) + continue; + + if($iv['mimetype'] === 'text/plain') { + $content = html_entity_decode($iv['body'],ENT_COMPAT,'UTF-8'); + } + elseif($iv['mimetype'] === 'text/bbcode') { + $content = html_entity_decode($iv['body'],ENT_COMPAT,'UTF-8'); + } + elseif($iv['mimetype'] === 'text/markdown') { + $content = html_entity_decode(Zlib\MarkdownSoap::unescape($iv['body']),ENT_COMPAT,'UTF-8'); + } + $fname = get_iconfig($iv['id'],'nwikipage','pagetitle') . Zlib\NativeWikiPage::get_file_ext($iv); + $zip->addFromString($fname,$content); + $pages[] = $iv['mid']; + } + + + } + + } + $zip->close(); // Output the file for download @@ -149,10 +187,11 @@ class Wiki extends \Zotlabs\Web\Controller { killme(); } -*/ + switch(argc()) { case 2: $wikis = Zlib\NativeWiki::listwikis($owner, get_observer_hash()); + if($wikis) { $o .= replace_macros(get_markup_template('wikilist.tpl'), array( '$header' => t('Wikis'), @@ -166,16 +205,19 @@ class Wiki extends \Zotlabs\Web\Controller { '$create' => t('Create New'), '$submit' => t('Submit'), '$wikiName' => array('wikiName', t('Wiki name')), - '$mimeType' => array('mimeType', t('Content type'), '', '', ['text/markdown' => 'Markdown', 'text/bbcode' => 'BB Code']), + '$mimeType' => array('mimeType', t('Content type'), '', '', ['text/markdown' => t('Markdown'), 'text/bbcode' => t('BBcode'), 'text/plain' => t('Text') ]), '$name' => t('Name'), '$type' => t('Type'), + '$unlocked' => t('Any type'), '$lockstate' => $x['lockstate'], '$acl' => $x['acl'], '$allow_cid' => $x['allow_cid'], '$allow_gid' => $x['allow_gid'], '$deny_cid' => $x['deny_cid'], '$deny_gid' => $x['deny_gid'], - '$notify' => array('postVisible', t('Create a status post for this wiki'), '', '', array(t('No'), t('Yes'))) + '$typelock' => array('typelock', t('Lock content type'), '', '', array(t('No'), t('Yes'))), + '$notify' => array('postVisible', t('Create a status post for this wiki'), '', '', array(t('No'), t('Yes'))), + '$edit_wiki_name' => t('Edit Wiki Name') )); return $o; @@ -190,12 +232,29 @@ class Wiki extends \Zotlabs\Web\Controller { goaway(z_root() . '/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/Home'); case 4: + default: // GET /wiki/channel/wiki/page // Fetch the wiki info and determine observer permissions $wikiUrlName = urldecode(argv(2)); - $pageUrlName = urldecode(argv(3)); + + $page_name = ''; + $ignore_language = false; + + for($x = 3; $x < argc(); $x ++) { + if($page_name === '' && argv($x) === '-') { + $ignore_language = true; + continue; + } + if($page_name) { + $page_name .= '/'; + } + $page_name .= argv($x); + } + + $pageUrlName = urldecode($page_name); + $langPageUrlName = urldecode(\App::$language . '/' . $page_name); $w = Zlib\NativeWiki::exists_by_name($owner['channel_id'], $wikiUrlName); @@ -225,35 +284,46 @@ class Wiki extends \Zotlabs\Web\Controller { $wikiheaderPage = urldecode($pageUrlName); $renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page')); + $p = []; - $p = Zlib\NativeWikiPage::get_page_content(array('channel_id' => $owner['channel_id'], 'observer_hash' => $observer_hash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); - if(! $p['success']) { + if(! $ignore_language) { + $p = Zlib\NativeWikiPage::get_page_content(array('channel_id' => $owner['channel_id'], 'observer_hash' => $observer_hash, 'resource_id' => $resource_id, 'pageUrlName' => $langPageUrlName)); + } + if(! ($p && $p['success'])) { + $p = Zlib\NativeWikiPage::get_page_content(array('channel_id' => $owner['channel_id'], 'observer_hash' => $observer_hash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); + } + if(! ($p && $p['success'])) { notice( t('Error retrieving page content') . EOL); goaway(z_root() . '/' . argv(0) . '/' . argv(1) ); } - $mimeType = $p['mimeType']; + $mimeType = $p['pageMimeType']; + + $sampleContent = (($mimeType == 'text/bbcode') ? '[h3]' . t('New page') . '[/h3]' : '### ' . t('New page')); + if($mimeType === 'text/plain') + $sampleContent = t('New page'); + + $content = (($p['content'] == '') ? $sampleContent : $p['content']); - $rawContent = (($p['mimeType'] == 'text/bbcode') - ? htmlspecialchars_decode(json_decode($p['content']),ENT_COMPAT) - : htmlspecialchars_decode($p['content'],ENT_COMPAT) - ); - $content = ($p['content'] !== '' ? $rawContent : '"# New page\n"'); // Render the Markdown-formatted page content in HTML if($mimeType == 'text/bbcode') { $renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName); } - else { - require_once('library/markdown.php'); - $html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(Markdown(Zlib\NativeWikiPage::bbcode(json_decode($content)))))); + elseif($mimeType === 'text/plain') { + $renderedContent = str_replace(["\n",' ',"\t"],[EOL,' ',' '],htmlentities($content,ENT_COMPAT,'UTF-8',false)); + } + elseif($mimeType === 'text/markdown') { + $content = Zlib\MarkdownSoap::unescape($content); + $html = Zlib\NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))); $renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName); } $showPageControls = $wiki_editor; break; - default: // Strip the extraneous URL components - goaway('/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName); +// default: // Strip the extraneous URL components +// goaway('/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName); } + $wikiModalID = random_string(3); $wikiModal = replace_macros(get_markup_template('generic_modal.tpl'), array( @@ -263,6 +333,9 @@ class Wiki extends \Zotlabs\Web\Controller { '$cancel' => t('Cancel') )); + $types = [ 'text/bbcode' => t('BBcode'), 'text/markdown' => t('Markdown'), 'text/plain' => 'Text' ]; + $currenttype = $types[$mimeType]; + $placeholder = t('Short description of your changes (optional)'); $o .= replace_macros(get_markup_template('wiki.tpl'),array( @@ -272,10 +345,12 @@ class Wiki extends \Zotlabs\Web\Controller { '$showPageControls' => $showPageControls, '$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')), '$tools_label' => 'Page Tools', - '$channel' => $owner['channel_address'], + '$channel_address' => $owner['channel_address'], + '$channel_id' => $owner['channel_id'], '$resource_id' => $resource_id, '$page' => $pageUrlName, '$mimeType' => $mimeType, + '$typename' => $currenttype, '$content' => $content, '$renderedContent' => $renderedContent, '$pageRename' => array('pageRename', t('New page name'), '', ''), @@ -295,8 +370,8 @@ class Wiki extends \Zotlabs\Web\Controller { '$modalerroralbum' => t('Error getting album'), )); - if($p['mimeType'] != 'text/bbcode') - head_add_js('library/ace/ace.js'); // Ace Code Editor + if($p['pageMimeType'] === 'text/markdown') + head_add_js('/library/ace/ace.js'); // Ace Code Editor return $o; } @@ -314,31 +389,33 @@ class Wiki extends \Zotlabs\Web\Controller { return; } - if(! perm_is_allowed(\App::$profile_uid,get_observer_hash(),'write_wiki')) { - notice( t('Permission denied.') . EOL); - return; - } - // /wiki/channel/preview // Render mardown-formatted text in HTML for preview if((argc() > 2) && (argv(2) === 'preview')) { $content = $_POST['content']; $resource_id = $_POST['resource_id']; + $w = Zlib\NativeWiki::get_wiki($owner['channel_id'],$observer_hash,$resource_id); $wikiURL = argv(0) . '/' . argv(1) . '/' . $w['urlName']; - $mimeType = $w['mimeType']; + $mimeType = $_POST['mimetype']; - if($mimeType == 'text/bbcode') { + if($mimeType === 'text/bbcode') { $html = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))),$wikiURL); } - else { - require_once('library/markdown.php'); - $content = Zlib\NativeWikiPage::bbcode($content); - $html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(Markdown($content)))); + elseif($mimeType === 'text/markdown') { + $bb = Zlib\NativeWikiPage::bbcode($content); + $x = new ZLib\MarkdownSoap($bb); + $md = $x->clean(); + $md = ZLib\MarkdownSoap::unescape($md); + $html = MarkdownExtra::defaultTransform($md); + $html = Zlib\NativeWikiPage::generate_toc(zidify_text($html)); $html = Zlib\NativeWikiPage::convert_links($html,$wikiURL); } + elseif($mimeType === 'text/plain') { + $html = str_replace(["\n",' ',"\t"],[EOL,' ',' '],htmlentities($content,ENT_COMPAT,'UTF-8',false)); + } json_return_and_die(array('html' => $html, 'success' => true)); } @@ -359,10 +436,19 @@ class Wiki extends \Zotlabs\Web\Controller { $wiki['htmlName'] = escape_tags($_POST['wikiName']); $wiki['urlName'] = urlencode(urlencode($_POST['wikiName'])); $wiki['mimeType'] = $_POST['mimeType']; + $wiki['typelock'] = $_POST['typelock']; if($wiki['urlName'] === '') { notice( t('Error creating wiki. Invalid name.') . EOL); goaway('/wiki'); + return; //not reached + } + + $exists = Zlib\NativeWiki::exists_by_name($owner['channel_id'], $wiki['urlName']); + if($exists['id']) { + notice( t('A wiki with this name already exists.') . EOL); + goaway('/wiki'); + return; //not reached } // Get ACL for permissions @@ -371,7 +457,7 @@ class Wiki extends \Zotlabs\Web\Controller { $r = Zlib\NativeWiki::create_wiki($owner, $observer_hash, $wiki, $acl); if($r['success']) { Zlib\NativeWiki::sync_a_wiki_item($owner['channel_id'],$r['item_id'],$r['item']['resource_id']); - $homePage = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash,'Home', $r['item']['resource_id']); + $homePage = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash,'Home', $r['item']['resource_id'], $wiki['mimeType']); if(! $homePage['success']) { notice( t('Wiki created, but error creating Home page.')); goaway(z_root() . '/wiki/' . $nick . '/' . $wiki['urlName']); @@ -385,6 +471,52 @@ class Wiki extends \Zotlabs\Web\Controller { } } + // Update a wiki + // /wiki/channel/update/wiki + if ((argc() > 3) && (argv(2) === 'update') && (argv(3) === 'wiki')) { + // Only the channel owner can update a wiki, at least until we create a + // more detail permissions framework + + if (local_channel() !== intval($owner['channel_id'])) { + goaway('/' . argv(0) . '/' . $nick . '/'); + } + + $arr = []; + + $arr['urlName'] = urlencode(urlencode($_POST['origRawName'])); + + if($_POST['updateRawName']) + $arr['updateRawName'] = $_POST['updateRawName']; + + if(($arr['urlName'] || $arr['updateRawName']) === '') { + notice( t('Error updating wiki. Invalid name.') . EOL); + goaway('/wiki'); + return; //not reached + } + + $wiki = Zlib\NativeWiki::exists_by_name($owner['channel_id'], $arr['urlName']); + + if($wiki['resource_id']) { + + $arr['resource_id'] = $wiki['resource_id']; + + $acl = new \Zotlabs\Access\AccessList($owner); + $acl->set_from_array($_POST); + + $r = Zlib\NativeWiki::update_wiki($owner['channel_id'], $observer_hash, $arr, $acl); + if($r['success']) { + Zlib\NativeWiki::sync_a_wiki_item($owner['channel_id'],$r['item_id'],$r['item']['resource_id']); + goaway(z_root() . '/wiki/' . $nick); + } + else { + notice( t('Error updating wiki')); + goaway(z_root() . '/wiki'); + } + + } + goaway(z_root() . '/wiki'); + } + // Delete a wiki if ((argc() > 3) && (argv(2) === 'delete') && (argv(3) === 'wiki')) { @@ -410,11 +542,13 @@ class Wiki extends \Zotlabs\Web\Controller { // Create a page if ((argc() === 4) && (argv(2) === 'create') && (argv(3) === 'page')) { + $mimetype = $_POST['mimetype']; + $resource_id = $_POST['resource_id']; // Determine if observer has permission to create a page + - - $perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + $perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash, $mimetype); if(! $perms['write']) { logger('Wiki write permission denied. ' . EOL); json_return_and_die(array('success' => false)); @@ -424,7 +558,7 @@ class Wiki extends \Zotlabs\Web\Controller { if(urlencode(escape_tags($_POST['pageName'])) === '') { json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false)); } - $page = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash, $name, $resource_id); + $page = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash, $name, $resource_id, $mimetype); if($page['item_id']) { $commit = Zlib\NativeWikiPage::commit(array( @@ -461,10 +595,16 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false)); } - $page_list_html = widget_wiki_pages(array( - 'resource_id' => $resource_id, - 'refresh' => true, - 'channel' => argv(1))); + // @FIXME - we shouldn't invoke this if it isn't in the PDL or has been over-ridden + + $x = new \Zotlabs\Widget\Wiki_pages(); + + $page_list_html = $x->widget([ + 'resource_id' => $resource_id, + 'channel_id' => $owner['channel_id'], + 'channel_address' => $owner['channel_address'], + 'refresh' => true + ]); json_return_and_die(array('pages' => $page_list_html, 'message' => '', 'success' => true)); } @@ -519,7 +659,6 @@ class Wiki extends \Zotlabs\Web\Controller { $resource_id = $_POST['resource_id']; $pageUrlName = $_POST['name']; - // Determine if observer has permission to read content $perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); @@ -528,11 +667,12 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false)); } - $historyHTML = widget_wiki_page_history(array( + $historyHTML = \Zotlabs\Lib\NativeWikiPage::render_page_history(array( 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'permsWrite' => $perms['write'] )); + json_return_and_die(array('historyHTML' => $historyHTML, 'message' => '', 'success' => true)); } diff --git a/Zotlabs/Module/Xrd.php b/Zotlabs/Module/Xrd.php index 3ed19962b..959e31cbe 100644 --- a/Zotlabs/Module/Xrd.php +++ b/Zotlabs/Module/Xrd.php @@ -9,6 +9,7 @@ class Xrd extends \Zotlabs\Web\Controller { function init() { $uri = urldecode(notags(trim($_GET['uri']))); + $subject = $uri; logger('xrd: ' . $uri,LOGGER_DEBUG); $resource = $uri; @@ -30,13 +31,7 @@ class Xrd extends \Zotlabs\Web\Controller { ); if(! $r) killme(); - - $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'),array( - '$baseurl' => z_root(), - '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.','',\App::get_hostname()), - '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey'])) - )); - + $salmon_key = salmon_key($r[0]['channel_pubkey']); header('Access-Control-Allow-Origin: *'); @@ -49,24 +44,21 @@ class Xrd extends \Zotlabs\Web\Controller { if($aliases[$x] === $resource) unset($aliases[$x]); } - - + $o = replace_macros(get_markup_template('xrd_person.tpl'), array( '$nick' => $r[0]['channel_address'], '$accturi' => $resource, + '$subject' => $subject, '$aliases' => $aliases, + '$channel_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], - '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], + '$atom' => z_root() . '/ofeed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], - '$dspr' => $dspr, - // '$salmon' => z_root() . '/salmon/' . $r[0]['channel_address'], - // '$salmen' => z_root() . '/salmon/' . $r[0]['channel_address'] . '/mention', '$modexp' => 'data:application/magic-public-key,' . $salmon_key, - '$subscribe' => z_root() . '/follow?url={uri}', - '$bigkey' => salmon_key($r[0]['channel_pubkey']) + '$subscribe' => z_root() . '/follow?f=&url={uri}', )); diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php index 2ff605fc9..0f7f6a64b 100644 --- a/Zotlabs/Module/Zfinger.php +++ b/Zotlabs/Module/Zfinger.php @@ -9,8 +9,36 @@ class Zfinger extends \Zotlabs\Web\Controller { require_once('include/zot.php'); require_once('include/crypto.php'); - $x = zotinfo($_REQUEST); + + if($x && $x['guid'] && $x['guid_sig']) { + $chan_hash = make_xchan_hash($x['guid'],$x['guid_sig']); + if($chan_hash) { + $chan = channelx_by_hash($chan_hash); + } + } + + $headers = []; + $headers['Content-Type'] = 'application/json' ; + $ret = json_encode($x); + + if($chan) { + $hash = \Zotlabs\Web\HTTPSig::generate_digest($ret,false); + $headers['Digest'] = 'SHA-256=' . $hash; + \Zotlabs\Web\HTTPSig::create_sig('',$headers,$chan['channel_prvkey'], + 'acct:' . $chan['channel_address'] . '@' . \App::get_hostname(),true); + } + else { + foreach($headers as $k => $v) { + header($k . ': ' . $v); + } + } + + echo $ret; + killme(); + + + json_return_and_die($x); } diff --git a/Zotlabs/Module/Zotfeed.php b/Zotlabs/Module/Zotfeed.php index 6b505c890..381e3acb2 100644 --- a/Zotlabs/Module/Zotfeed.php +++ b/Zotlabs/Module/Zotfeed.php @@ -22,7 +22,8 @@ class Zotfeed extends \Zotlabs\Web\Controller { $observer = \App::get_observer(); - + logger('observer: ' . get_observer_hash(), LOGGER_DEBUG); + $channel_address = ((argc() > 1) ? argv(1) : ''); if($channel_address) { $r = q("select channel_id, channel_name from channel where channel_address = '%s' and channel_removed = 0 limit 1", |