7 files changed, 95 insertions, 46 deletions

diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php
index 4bb34b7b7..011bf3ce4 100644
--- a/Zotlabs/Module/Admin/Site.php
+++ b/Zotlabs/Module/Admin/Site.php
@@ -62,6 +62,9 @@ class Site {
 		$from_email         = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname());
 		$from_email_name    = ((array_key_exists('from_email_name',$_POST) && trim($_POST['from_email_name'])) ? trim($_POST['from_email_name']) : \Zotlabs\Lib\System::get_site_name());
 
+
+		$sse_enabled       = ((x($_POST,'sse_enabled'))      ? true : false);
+
 		$verifyssl         = ((x($_POST,'verifyssl'))        ? True : False);
 		$proxyuser         = ((x($_POST,'proxyuser'))        ? notags(trim($_POST['proxyuser']))  : '');
 		$proxy             = ((x($_POST,'proxy'))            ? notags(trim($_POST['proxy']))      : '');
@@ -151,6 +154,9 @@ class Site {
 
 		set_config('system','no_community_page', $no_community_page);
 		set_config('system','no_utf', $no_utf);
+
+		set_config('system','sse_enabled', $sse_enabled);
+
 		set_config('system','verifyssl', $verifyssl);
 		set_config('system','proxyuser', $proxyuser);
 		set_config('system','proxy', $proxy);
@@ -331,6 +337,8 @@ class Site {
 
 			'$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null),
 
+			'$sse_enabled'		=> array('sse_enabled', t('Enable SSE Notifications'), get_config('system', 'sse_enabled', 0), t('If disabled, traditional polling will be used. Warning: this setting might not be suited for shared hosting')),
+
 			'$proxyuser'		=> array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""),
 			'$proxy'			=> array('proxy', t("Proxy URL"), get_config('system','proxy'), ""),
 			'$timeout'			=> array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php
index 307be048a..dc8e9e1c5 100644
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -60,7 +60,7 @@ class Channel extends Controller {
 
 		if(Libzot::is_zot_request()) {
 	
-			$sigdata = HTTPSig::verify(file_get_contents('php://input'));
+			$sigdata = HTTPSig::verify(file_get_contents('php://input'), EMPTY_STR, 'zot6');
 
 			if($sigdata && $sigdata['signer'] && $sigdata['header_valid']) {
 				$data = json_encode(Libzot::zotinfo([ 'address' => $channel['channel_address'], 'target_url' => $sigdata['signer'] ]));
diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php
index 0fc807d42..becf8460d 100644
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -294,8 +294,8 @@ class Connedit extends Controller {
 				intval($channel['channel_id'])
 			);
 			if(($pr) && (! intval($orig_record[0]['abook_hidden'])) && (intval(get_pconfig($channel['channel_id'],'system','post_newfriend')))) {
-				$xarr = array();
-				$xarr['verb'] = ACTIVITY_FRIEND;
+				$xarr = [];
+
 				$xarr['item_wall'] = 1;
 				$xarr['item_origin'] = 1;
 				$xarr['item_thread_top'] = 1;
@@ -305,17 +305,6 @@ class Connedit extends Controller {
 				$xarr['deny_cid'] = $channel['channel_deny_cid'];
 				$xarr['deny_gid'] = $channel['channel_deny_gid'];
 				$xarr['item_private'] = (($xarr['allow_cid']||$xarr['allow_gid']||$xarr['deny_cid']||$xarr['deny_gid']) ? 1 : 0);
-				$obj = array(
-					'type' => ACTIVITY_OBJ_PERSON,
-					'title' => App::$poi['xchan_name'],
-					'id' => App::$poi['xchan_hash'],
-					'link' => array(
-						array('rel' => 'alternate', 'type' => 'text/html', 'href' => App::$poi['xchan_url']),
-						array('rel' => 'photo', 'type' => App::$poi['xchan_photo_mimetype'], 'href' => App::$poi['xchan_photo_l'])
-	       			),
-	   			);
-				$xarr['obj'] = json_encode($obj);
-				$xarr['obj_type'] = ACTIVITY_OBJ_PERSON;
 	
 				$xarr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t('is now connected to') . ' ' . '[zrl=' . App::$poi['xchan_url'] . ']' . App::$poi['xchan_name'] . '[/zrl]';
 	
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php
index 649e753ad..fa9216c97 100644
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -210,7 +210,7 @@ class Photos extends \Zotlabs\Web\Controller {
 			if(($m) && ($m[0]['folder'] != $_POST['move_to_album'])) {
 				attach_move($page_owner_uid,argv(2),$_POST['move_to_album']);			
 
-				$sync = attach_export_data(\App::$data['channel'],argv(2),true);
+				$sync = attach_export_data(\App::$data['channel'], argv(2), false);
 				if($sync) 
 					Libsync::build_sync_packet($page_owner_uid,array('file' => array($sync)));
 
diff --git a/Zotlabs/Module/Sse.php b/Zotlabs/Module/Sse.php
index b68fe6705..46b4a8d87 100644
--- a/Zotlabs/Module/Sse.php
+++ b/Zotlabs/Module/Sse.php
@@ -14,6 +14,7 @@ class Sse extends Controller {
 	public static $ob_hash;
 	public static $sse_id;
 	public static $vnotify;
+	public static $sse_enabled;
 
 	function init() {
 
@@ -49,18 +50,86 @@ class Sse extends Controller {
 		$sys = get_sys_channel();
 		$sleep_seconds = 3;
 
-		header("Content-Type: text/event-stream");
-		header("Cache-Control: no-cache");
-		header("Connection: keep-alive");
-		header("X-Accel-Buffering: no");
+		self::$sse_enabled = get_config('system', 'sse_enabled', 0);
 
-		while(true) {
+		if(self::$sse_enabled) {
 
-			/**
-			 * Update chat presence indication (if applicable)
-			 */
+			// Server Sent Events
+
+			header("Content-Type: text/event-stream");
+			header("Cache-Control: no-cache");
+			header("Connection: keep-alive");
+			header("X-Accel-Buffering: no");
+
+			while(true) {
+
+				if(! self::$sse_id) {
+
+					// Update chat presence indication
+
+					$r = q("select cp_id, cp_room from chatpresence where cp_xchan = '%s' and cp_client = '%s' and cp_room = 0 limit 1",
+						dbesc(self::$ob_hash),
+						dbesc($_SERVER['REMOTE_ADDR'])
+					);
+					$basic_presence = false;
+					if($r) {
+						$basic_presence = true;
+						q("update chatpresence set cp_last = '%s' where cp_id = %d",
+							dbesc(datetime_convert()),
+							intval($r[0]['cp_id'])
+						);
+					}
+					if(! $basic_presence) {
+						q("insert into chatpresence ( cp_xchan, cp_last, cp_status, cp_client)
+							values( '%s', '%s', '%s', '%s' ) ",
+							dbesc(self::$ob_hash),
+							dbesc(datetime_convert()),
+							dbesc('online'),
+							dbesc($_SERVER['REMOTE_ADDR'])
+						);
+					}
+				}
+
+				XConfig::Load(self::$ob_hash);
+
+				$result = XConfig::Get(self::$ob_hash, 'sse', 'notifications', []);
+				$lock = XConfig::Get(self::$ob_hash, 'sse', 'lock');
+
+				if($result && !$lock) {
+					echo "event: notifications\n";
+					echo 'data: ' . json_encode($result);
+					echo "\n\n";
+
+					XConfig::Set(self::$ob_hash, 'sse', 'notifications', []);
+					unset($result);
+				}
+
+				// always send heartbeat to detect disconnected clients
+				echo "event: heartbeat\n";
+				echo 'data: {}';
+				echo "\n\n";
+
+				ob_end_flush();
+				flush();
+
+				if(connection_status() != CONNECTION_NORMAL || connection_aborted()) {
+					//TODO: this does not seem to be triggered
+					XConfig::Set(self::$ob_hash, 'sse', 'timestamp', NULL_DATE);
+					break;
+				}
+
+				sleep($sleep_seconds);
+
+			}
+
+		}
+		else {
+			// Fallback to traditional polling
 
 			if(! self::$sse_id) {
+
+				// Update chat presence indication
+
 				$r = q("select cp_id, cp_room from chatpresence where cp_xchan = '%s' and cp_client = '%s' and cp_room = 0 limit 1",
 					dbesc(self::$ob_hash),
 					dbesc($_SERVER['REMOTE_ADDR'])
@@ -90,29 +159,11 @@ class Sse extends Controller {
 			$lock = XConfig::Get(self::$ob_hash, 'sse', 'lock');
 
 			if($result && !$lock) {
-				echo "event: notifications\n";
-				echo 'data: ' . json_encode($result);
-				echo "\n\n";
-
 				XConfig::Set(self::$ob_hash, 'sse', 'notifications', []);
-				unset($result);
-			}
-
-			// always send heartbeat to detect disconnected clients
-			echo "event: heartbeat\n";
-			echo 'data: {}';
-			echo "\n\n";
-
-			ob_end_flush();
-			flush();
-
-			if(connection_status() != CONNECTION_NORMAL || connection_aborted()) {
-				//TODO: this does not seem to be triggered
-				XConfig::Set(self::$ob_hash, 'sse', 'timestamp', NULL_DATE);
-				break;
+				json_return_and_die($result);
 			}
 
-			sleep($sleep_seconds);
+			killme();
 
 		}
 
diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php
index e3439e7dd..287c24829 100644
--- a/Zotlabs/Module/Sse_bs.php
+++ b/Zotlabs/Module/Sse_bs.php
@@ -129,8 +129,9 @@ class Sse_bs extends Controller {
 		call_hooks('update_unseen',$x);
 
 		if($x['update'] === 'unset' || intval($x['update'])) {
-			q("UPDATE item SET item_unseen = 0 WHERE uid = %d AND mid in (". $str . ") AND item_unseen = 1",
-				intval(self::$uid)
+			q("UPDATE item SET item_unseen = 0 WHERE uid = %d AND mid in (%s) AND item_unseen = 1",
+				intval(self::$uid),
+				$str // this is dbesc() in the above foreach loop
 			);
 		}
 
diff --git a/Zotlabs/Module/Zot_probe.php b/Zotlabs/Module/Zot_probe.php
index 648ed2175..7585affdf 100644
--- a/Zotlabs/Module/Zot_probe.php
+++ b/Zotlabs/Module/Zot_probe.php
@@ -34,7 +34,7 @@ class Zot_probe extends \Zotlabs\Web\Controller {
 
 				$o .= '<pre>' . htmlspecialchars($x['header']) . '</pre>' . EOL;
 
-				$o .= 'verify returns: ' . str_replace("\n",EOL,print_r(HTTPSig::verify($x),true)) . EOL;
+				$o .= 'verify returns: ' . str_replace("\n",EOL,print_r(HTTPSig::verify($x, EMPTY_STR, 'zot6'),true)) . EOL;
 
 				$o .= '<pre>' . htmlspecialchars(json_encode(json_decode($x['body']),JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES)) . '</pre>' . EOL;