aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/File_upload.php40
-rw-r--r--Zotlabs/Module/Id.php319
-rw-r--r--Zotlabs/Module/Like.php31
-rw-r--r--Zotlabs/Module/Openid.php198
-rw-r--r--Zotlabs/Module/Ratingsearch.php4
-rw-r--r--Zotlabs/Module/Rmagic.php13
6 files changed, 58 insertions, 547 deletions
diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php
new file mode 100644
index 000000000..999b241f1
--- /dev/null
+++ b/Zotlabs/Module/File_upload.php
@@ -0,0 +1,40 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/attach.php');
+require_once('include/channel.php');
+require_once('include/photos.php');
+
+
+class File_upload extends \Zotlabs\Web\Controller {
+
+ function post() {
+
+ // logger('file upload: ' . print_r($_REQUEST,true));
+
+ $channel = (($_REQUEST['channick']) ? get_channel_by_nick($_REQUEST['channick']) : null);
+
+ if(! $channel) {
+ logger('channel not found');
+ killme();
+ }
+
+ $_REQUEST['source'] = 'file_upload';
+
+ if($channel['channel_id'] != local_channel()) {
+ $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
+ $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
+ $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
+ $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
+ }
+
+ if($_REQUEST['directory_name'])
+ $r = attach_mkdir($channel,get_observer_hash(),$_REQUEST);
+ else
+ $r = attach_store($channel,get_observer_hash(), '', $_REQUEST);
+
+ goaway(z_root() . '/' . $_REQUEST['return_url']);
+
+ }
+
+}
diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php
deleted file mode 100644
index e053bf99c..000000000
--- a/Zotlabs/Module/Id.php
+++ /dev/null
@@ -1,319 +0,0 @@
-<?php
-namespace Zotlabs\Module;
-
-/**
- * @file mod/id.php
- * @brief OpenID implementation
- */
-
-require 'library/openid/provider/provider.php';
-
-
-$attrMap = array(
- 'namePerson/first' => t('First Name'),
- 'namePerson/last' => t('Last Name'),
- 'namePerson/friendly' => t('Nickname'),
- 'namePerson' => t('Full Name'),
- 'contact/internet/email' => t('Email'),
- 'contact/email' => t('Email'),
- 'media/image/aspect11' => t('Profile Photo'),
- 'media/image' => t('Profile Photo'),
- 'media/image/default' => t('Profile Photo'),
- 'media/image/16x16' => t('Profile Photo 16px'),
- 'media/image/32x32' => t('Profile Photo 32px'),
- 'media/image/48x48' => t('Profile Photo 48px'),
- 'media/image/64x64' => t('Profile Photo 64px'),
- 'media/image/80x80' => t('Profile Photo 80px'),
- 'media/image/128x128' => t('Profile Photo 128px'),
- 'timezone' => t('Timezone'),
- 'contact/web/default' => t('Homepage URL'),
- 'language/pref' => t('Language'),
- 'birthDate/birthYear' => t('Birth Year'),
- 'birthDate/birthMonth' => t('Birth Month'),
- 'birthDate/birthday' => t('Birth Day'),
- 'birthDate' => t('Birthdate'),
- 'gender' => t('Gender'),
-);
-
-
-/**
- * @brief Entrypoint for the OpenID implementation.
- *
- * @param App &$a
- */
-
-class Id extends \Zotlabs\Web\Controller {
-
- function init() {
-
- logger('id: ' . print_r($_REQUEST, true));
-
- if(argc() > 1) {
- $which = argv(1);
- } else {
- \App::$error = 404;
- return;
- }
-
- $profile = '';
- $channel = \App::get_channel();
- profile_load($which,$profile);
-
- $op = new MysqlProvider;
- $op->server();
- }
-
- /**
- * @brief Returns user data needed for OpenID.
- *
- * If no $handle is provided we will use local_channel() by default.
- *
- * @param string $handle (default null)
- * @return boolean|array
- */
- static public function getUserData($handle = null) {
- if (! local_channel()) {
- notice( t('Permission denied.') . EOL);
- \App::$page['content'] = login();
-
- return false;
- }
-
- // logger('handle: ' . $handle);
-
- if ($handle) {
- $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1",
- dbesc($handle)
- );
- } else {
- $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d",
- intval(local_channel())
- );
- }
-
- if (! r)
- return false;
-
- $x = q("select * from account where account_id = %d limit 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x)
- $r[0]['email'] = $x[0]['account_email'];
-
- $p = q("select * from profile where is_default = 1 and uid = %d limit 1",
- intval($r[0]['channel_account_id'])
- );
-
- $gender = '';
- if ($p[0]['gender'] == t('Male'))
- $gender = 'M';
- if ($p[0]['gender'] == t('Female'))
- $gender = 'F';
-
- $r[0]['firstName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],0,strpos($r[0]['channel_name'],' ')) : $r[0]['channel_name']);
- $r[0]['lastName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],strpos($r[0]['channel_name'],' ')+1) : '');
- $r[0]['namePerson'] = $r[0]['channel_name'];
- $r[0]['pphoto'] = $r[0]['xchan_photo_l'];
- $r[0]['pphoto16'] = z_root() . '/photo/profile/16/' . $r[0]['channel_id'] . '.jpg';
- $r[0]['pphoto32'] = z_root() . '/photo/profile/32/' . $r[0]['channel_id'] . '.jpg';
- $r[0]['pphoto48'] = z_root() . '/photo/profile/48/' . $r[0]['channel_id'] . '.jpg';
- $r[0]['pphoto64'] = z_root() . '/photo/profile/64/' . $r[0]['channel_id'] . '.jpg';
- $r[0]['pphoto80'] = z_root() . '/photo/profile/80/' . $r[0]['channel_id'] . '.jpg';
- $r[0]['pphoto128'] = z_root() . '/photo/profile/128/' . $r[0]['channel_id'] . '.jpg';
- $r[0]['timezone'] = $r[0]['channel_timezone'];
- $r[0]['url'] = $r[0]['xchan_url'];
- $r[0]['language'] = (($x[0]['account_language']) ? $x[0]['account_language'] : 'en');
- $r[0]['birthyear'] = ((intval(substr($p[0]['dob'],0,4))) ? intval(substr($p[0]['dob'],0,4)) : '');
- $r[0]['birthmonth'] = ((intval(substr($p[0]['dob'],5,2))) ? intval(substr($p[0]['dob'],5,2)) : '');
- $r[0]['birthday'] = ((intval(substr($p[0]['dob'],8,2))) ? intval(substr($p[0]['dob'],8,2)) : '');
- $r[0]['birthdate'] = (($r[0]['birthyear'] && $r[0]['birthmonth'] && $r[0]['birthday']) ? $p[0]['dob'] : '');
- $r[0]['gender'] = $gender;
-
- return $r[0];
-
- /*
- * if(isset($_POST['login'],$_POST['password'])) {
- * $login = mysql_real_escape_string($_POST['login']);
- * $password = sha1($_POST['password']);
- * $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'");
- * if($data = mysql_fetch_assoc($q)) {
- * return $data;
- * }
- * if($handle) {
- * echo 'Wrong login/password.';
- * }
- * }
- * if($handle) {
- * ?>
- * <form action="" method="post">
- * <input type="hidden" name="openid.assoc_handle" value="<?php
-namespace Zotlabs\Module; echo $handle?>">
- * Login: <input type="text" name="login"><br>
- * Password: <input type="password" name="password"><br>
- * <button>Submit</button>
- * </form>
- * <?php
-namespace Zotlabs\Module;
- * die();
- * }
- */
-
- }
-}
-
-
- /**
- * @brief MySQL provider for OpenID implementation.
- *
- */
- class MysqlProvider extends \LightOpenIDProvider {
-
- // See http://openid.net/specs/openid-attribute-properties-list-1_0-01.html
- // This list contains a few variations of these attributes to maintain
- // compatibility with legacy clients
-
- private $attrFieldMap = array(
- 'namePerson/first' => 'firstName',
- 'namePerson/last' => 'lastName',
- 'namePerson/friendly' => 'channel_address',
- 'namePerson' => 'namePerson',
- 'contact/internet/email' => 'email',
- 'contact/email' => 'email',
- 'media/image/aspect11' => 'pphoto',
- 'media/image' => 'pphoto',
- 'media/image/default' => 'pphoto',
- 'media/image/16x16' => 'pphoto16',
- 'media/image/32x32' => 'pphoto32',
- 'media/image/48x48' => 'pphoto48',
- 'media/image/64x64' => 'pphoto64',
- 'media/image/80x80' => 'pphoto80',
- 'media/image/128x128' => 'pphoto128',
- 'timezone' => 'timezone',
- 'contact/web/default' => 'url',
- 'language/pref' => 'language',
- 'birthDate/birthYear' => 'birthyear',
- 'birthDate/birthMonth' => 'birthmonth',
- 'birthDate/birthday' => 'birthday',
- 'birthDate' => 'birthdate',
- 'gender' => 'gender',
- );
-
- function setup($identity, $realm, $assoc_handle, $attributes) {
- global $attrMap;
-
- // logger('identity: ' . $identity);
- // logger('realm: ' . $realm);
- // logger('assoc_handle: ' . $assoc_handle);
- // logger('attributes: ' . print_r($attributes,true));
-
- $data = \Zotlabs\Module\Id::getUserData($assoc_handle);
-
-
- /** @FIXME this needs to be a template with localised strings */
-
- $o .= '<form action="" method="post">'
- . '<input type="hidden" name="openid.assoc_handle" value="' . $assoc_handle . '">'
- . '<input type="hidden" name="login" value="' . $_POST['login'] .'">'
- . '<input type="hidden" name="password" value="' . $_POST['password'] .'">'
- . "<b>$realm</b> wishes to authenticate you.";
- if($attributes['required'] || $attributes['optional']) {
- $o .= " It also requests following information (required fields marked with *):"
- . '<ul>';
-
- foreach($attributes['required'] as $attr) {
- if(isset($this->attrMap[$attr])) {
- $o .= '<li>'
- . '<input type="checkbox" name="attributes[' . $attr . ']"> '
- . $this->attrMap[$attr] . ' <span class="required">*</span></li>';
- }
- }
-
- foreach($attributes['optional'] as $attr) {
- if(isset($this->attrMap[$attr])) {
- $o .= '<li>'
- . '<input type="checkbox" name="attributes[' . $attr . ']"> '
- . $this->attrMap[$attr] . '</li>';
- }
- }
- $o .= '</ul>';
- }
- $o .= '<br>'
- . '<button name="once">Allow once</button> '
- . '<button name="always">Always allow</button> '
- . '<button name="cancel">cancel</button> '
- . '</form>';
-
- \App::$page['content'] .= $o;
- }
-
- function checkid($realm, &$attributes) {
-
- logger('checkid: ' . $realm);
- logger('checkid attrs: ' . print_r($attributes,true));
-
- if(isset($_POST['cancel'])) {
- $this->cancel();
- }
-
- $data = \Zotlabs\Module\Id::getUserData();
- if(! $data) {
- return false;
- }
-
- $q = get_pconfig(local_channel(), 'openid', $realm);
-
- $attrs = array();
- if($q) {
- $attrs = $q;
- } elseif(isset($_POST['attributes'])) {
- $attrs = array_keys($_POST['attributes']);
- } elseif(!isset($_POST['once']) && !isset($_POST['always'])) {
- return false;
- }
-
- $attributes = array();
- foreach($attrs as $attr) {
- if(isset($this->attrFieldMap[$attr])) {
- $attributes[$attr] = $data[$this->attrFieldMap[$attr]];
- }
- }
-
- if(isset($_POST['always'])) {
- set_pconfig(local_channel(),'openid',$realm,array_keys($attributes));
- }
-
- return z_root() . '/id/' . $data['channel_address'];
- }
-
- function assoc_handle() {
- logger('assoc_handle');
- $channel = \App::get_channel();
-
- return z_root() . '/channel/' . $channel['channel_address'];
- }
-
- function setAssoc($handle, $data) {
- logger('setAssoc');
- $channel = channelx_by_nick(basename($handle));
- if($channel)
- set_pconfig($channel['channel_id'],'openid','associate',$data);
- }
-
- function getAssoc($handle) {
- logger('getAssoc: ' . $handle);
-
- $channel = channelx_by_nick(basename($handle));
- if($channel)
- return get_pconfig($channel['channel_id'], 'openid', 'associate');
-
- return false;
- }
-
- function delAssoc($handle) {
- logger('delAssoc');
- $channel = channelx_by_nick(basename($handle));
- if($channel)
- return del_pconfig($channel['channel_id'], 'openid', 'associate');
- }
- }
-
diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php
index 1ca37d646..170349509 100644
--- a/Zotlabs/Module/Like.php
+++ b/Zotlabs/Module/Like.php
@@ -264,23 +264,22 @@ class Like extends \Zotlabs\Web\Controller {
logger('like: no item ' . $item_id);
killme();
}
-
-
+
+
+ xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel()));
+
$item = $r[0];
- $owner_uid = $item['uid'];
- $owner_aid = $item['aid'];
-
-
- $sys = get_sys_channel();
-
-
- // if this is a "discover" item, (item['uid'] is the sys channel),
- // fallback to the item comment policy, which should've been
- // respected when generating the conversation thread.
- // Even if the activity is rejected by the item owner, it should still get attached
- // to the local discover conversation on this site.
-
- if(($owner_uid != $sys['channel_id']) && (! perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_comments'))) {
+
+ $owner_uid = $r[0]['uid'];
+ $owner_aid = $r[0]['aid'];
+
+ $can_comment = false;
+ if((array_key_exists('owner',$item)) && intval($item['owner']['abook_self']))
+ $can_comment = perm_is_allowed($item['uid'],$observer['xchan_hash'],'post_comments');
+ else
+ $can_comment = can_comment_on_post($observer['xchan_hash'],$item);
+
+ if(! $can_comment) {
notice( t('Permission denied') . EOL);
killme();
}
diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php
deleted file mode 100644
index 8cbc6d2fd..000000000
--- a/Zotlabs/Module/Openid.php
+++ /dev/null
@@ -1,198 +0,0 @@
-<?php
-namespace Zotlabs\Module;
-
-
-require_once('library/openid/openid.php');
-require_once('include/auth.php');
-
-
-class Openid extends \Zotlabs\Web\Controller {
-
- function get() {
-
- $noid = get_config('system','disable_openid');
- if($noid)
- goaway(z_root());
-
- logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
-
- if(x($_REQUEST,'openid_mode')) {
-
- $openid = new LightOpenID(z_root());
-
- if($openid->validate()) {
-
- logger('openid: validate');
-
- $authid = normalise_openid($_REQUEST['openid_identity']);
-
- if(! strlen($authid)) {
- logger( t('OpenID protocol error. No ID returned.') . EOL);
- goaway(z_root());
- }
-
- $x = match_openid($authid);
- if($x) {
-
- $r = q("select * from channel where channel_id = %d limit 1",
- intval($x)
- );
- if($r) {
- $y = q("select * from account where account_id = %d limit 1",
- intval($r[0]['channel_account_id'])
- );
- if($y) {
- foreach($y as $record) {
- if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) {
- logger('mod_openid: openid success for ' . $x[0]['channel_name']);
- $_SESSION['uid'] = $r[0]['channel_id'];
- $_SESSION['account_id'] = $r[0]['channel_account_id'];
- $_SESSION['authenticated'] = true;
- authenticate_success($record,$r[0],true,true,true,true);
- goaway(z_root());
- }
- }
- }
- }
- }
-
- // Successful OpenID login - but we can't match it to an existing account.
- // See if they've got an xchan
-
- $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1",
- dbesc($authid)
- );
-
- if($r) {
- $_SESSION['authenticated'] = 1;
- $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
- $_SESSION['my_url'] = $r[0]['xchan_url'];
- $_SESSION['my_address'] = $r[0]['xchan_addr'];
- $arr = array('xchan' => $r[0], 'session' => $_SESSION);
- call_hooks('magic_auth_openid_success',$arr);
- \App::set_observer($r[0]);
- require_once('include/security.php');
- \App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
- info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name']));
- logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
- if($_SESSION['return_url'])
- goaway($_SESSION['return_url']);
- goaway(z_root());
- }
-
- // no xchan...
- // create one.
- // We should probably probe the openid url and figure out if they have any kind of social presence we might be able to
- // scrape some identifying info from.
-
- $name = $authid;
- $url = trim($_REQUEST['openid_identity'],'/');
- if(strpos($url,'http') === false)
- $url = 'https://' . $url;
- $pphoto = z_root() . '/' . get_default_profile_photo();
- $parsed = @parse_url($url);
- if($parsed) {
- $host = $parsed['host'];
- }
-
- $attr = $openid->getAttributes();
-
- if(is_array($attr) && count($attr)) {
- foreach($attr as $k => $v) {
- if($k === 'namePerson/friendly')
- $nick = notags(trim($v));
- if($k === 'namePerson/first')
- $first = notags(trim($v));
- if($k === 'namePerson')
- $name = notags(trim($v));
- if($k === 'contact/email')
- $addr = notags(trim($v));
- if($k === 'media/image/aspect11')
- $photosq = trim($v);
- if($k === 'media/image/default')
- $photo_other = trim($v);
- }
- }
- if(! $nick) {
- if($first)
- $nick = $first;
- else
- $nick = $name;
- }
-
- require_once('library/urlify/URLify.php');
- $x = strtolower(\URLify::transliterate($nick));
- if($nick & $host)
- $addr = $nick . '@' . $host;
- $network = 'unknown';
-
- if($photosq)
- $pphoto = $photosq;
- elseif($photo_other)
- $pphoto = $photo_other;
-
- $mimetype = guess_image_type($pphoto);
-
- $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,
- xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date,
- xchan_name_date, xchan_hidden)
- values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ",
- dbesc($url),
- dbesc(''),
- dbesc(''),
- dbesc(''),
- dbesc($mimetype),
- dbesc($pphoto),
- dbesc($addr),
- dbesc($url),
- dbesc(''),
- dbesc(''),
- dbesc(''),
- dbesc($name),
- dbesc($network),
- dbesc(datetime_convert()),
- dbesc(datetime_convert())
- );
- if($x) {
- $r = q("select * from xchan where xchan_hash = '%s' limit 1",
- dbesc($url)
- );
- if($r) {
-
- $photos = import_xchan_photo($pphoto,$url);
- if($photos) {
- $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s',
- xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
- dbesc(datetime_convert()),
- dbesc($photos[0]),
- dbesc($photos[1]),
- dbesc($photos[2]),
- dbesc($photos[3]),
- dbesc($url)
- );
- }
-
- set_xconfig($url,'system','openid',$authid);
- $_SESSION['authenticated'] = 1;
- $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
- $_SESSION['my_url'] = $r[0]['xchan_url'];
- $_SESSION['my_address'] = $r[0]['xchan_addr'];
- $arr = array('xchan' => $r[0], 'session' => $_SESSION);
- call_hooks('magic_auth_openid_success',$arr);
- \App::set_observer($r[0]);
- info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name']));
- logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
- if($_SESSION['return_url'])
- goaway($_SESSION['return_url']);
- goaway(z_root());
- }
- }
-
- }
- }
- notice( t('Login failed.') . EOL);
- goaway(z_root());
- // NOTREACHED
- }
-
-}
diff --git a/Zotlabs/Module/Ratingsearch.php b/Zotlabs/Module/Ratingsearch.php
index 5f463b378..dcbfd6a9b 100644
--- a/Zotlabs/Module/Ratingsearch.php
+++ b/Zotlabs/Module/Ratingsearch.php
@@ -58,7 +58,9 @@ class Ratingsearch extends \Zotlabs\Web\Controller {
$ret['success'] = true;
$r = q("select * from xlink left join xchan on xlink_xchan = xchan_hash
- where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 order by xchan_name asc",
+ where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1
+ and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0
+ order by xchan_name asc",
dbesc($target)
);
diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php
index 26b0c46a6..9252d1f1d 100644
--- a/Zotlabs/Module/Rmagic.php
+++ b/Zotlabs/Module/Rmagic.php
@@ -2,7 +2,6 @@
namespace Zotlabs\Module;
-
class Rmagic extends \Zotlabs\Web\Controller {
function init() {
@@ -32,18 +31,6 @@ class Rmagic extends \Zotlabs\Web\Controller {
$arr = array('address' => $address);
call_hooks('reverse_magic_auth', $arr);
- try {
- require_once('library/openid/openid.php');
- $openid = new \LightOpenID(z_root());
- $openid->identity = $address;
- $openid->returnUrl = z_root() . '/openid';
- $openid->required = array('namePerson/friendly', 'namePerson');
- $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
- goaway($openid->authUrl());
- } catch (\Exception $e) {
- notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
- }
-
// if they're still here...
notice( t('Authentication failed.') . EOL);
return;