diff options
Diffstat (limited to 'Zotlabs/Module')
| -rw-r--r-- | Zotlabs/Module/Acl.php | 1 | ||||
| -rw-r--r-- | Zotlabs/Module/Cal.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Module/Cdav.php | 12 | ||||
| -rw-r--r-- | Zotlabs/Module/Channel.php | 17 | ||||
| -rw-r--r-- | Zotlabs/Module/Chanview.php | 16 | ||||
| -rw-r--r-- | Zotlabs/Module/Connections.php | 14 | ||||
| -rw-r--r-- | Zotlabs/Module/Dirsearch.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Hq.php | 59 | ||||
| -rw-r--r-- | Zotlabs/Module/Like.php | 1 | ||||
| -rw-r--r-- | Zotlabs/Module/Magic.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Module/Notes.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Settings/Account.php | 1 | ||||
| -rw-r--r-- | Zotlabs/Module/Settings/Multifactor.php | 90 | ||||
| -rw-r--r-- | Zotlabs/Module/Totp_check.php | 86 |
14 files changed, 245 insertions, 68 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index bcd79c873..b98f5621e 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -378,6 +378,7 @@ class Acl extends \Zotlabs\Web\Controller { "name" => $g['name'], "id" => urlencode($g['id']), "xid" => $g['hash'], + "url" => $g['url'], "link" => $clink, "nick" => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']), "self" => (intval($g['abook_self']) ? 'abook-self' : ''), diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index 9049fe7d0..70d8aa755 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -65,13 +65,9 @@ class Cal extends Controller { nav_set_selected('Calendar'); - head_add_css('/library/fullcalendar/packages/core/main.min.css'); - head_add_css('/library/fullcalendar/packages/daygrid/main.min.css'); + head_add_js('/library/fullcalendar/dist/index.global.js'); head_add_css('cdav_calendar.css'); - head_add_js('/library/fullcalendar/packages/core/main.min.js'); - head_add_js('/library/fullcalendar/packages/daygrid/main.min.js'); - $sql_extra = permissions_sql($channel['channel_id'], get_observer_hash(), 'event'); if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts') || App::$profile['hide_friends']) diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index 8e77515ce..b6d7ff5a3 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -901,19 +901,9 @@ class Cdav extends Controller { //Display calendar(s) here if(argc() <= 3 && argv(1) === 'calendar') { - - head_add_css('/library/fullcalendar/packages/core/main.min.css'); - head_add_css('/library/fullcalendar/packages/daygrid/main.min.css'); - head_add_css('/library/fullcalendar/packages/timegrid/main.min.css'); - head_add_css('/library/fullcalendar/packages/list/main.min.css'); + head_add_js('/library/fullcalendar/dist/index.global.js'); head_add_css('cdav_calendar.css'); - head_add_js('/library/fullcalendar/packages/core/main.min.js'); - head_add_js('/library/fullcalendar/packages/interaction/main.min.js'); - head_add_js('/library/fullcalendar/packages/daygrid/main.min.js'); - head_add_js('/library/fullcalendar/packages/timegrid/main.min.js'); - head_add_js('/library/fullcalendar/packages/list/main.min.js'); - $o = ''; $sources = ''; $resource_id = ''; diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index d3d72ca10..748d990cb 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -247,9 +247,7 @@ class Channel extends Controller { $channel_acl = ['allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '']; } - if ($perms['post_wall']) { - $x = [ 'is_owner' => $is_owner, 'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'], 'system', 'use_browser_location')))) ? true : false), @@ -273,6 +271,12 @@ class Channel extends Controller { $o .= status_editor($a, $x, false, 'Channel'); } + // Add pinned content + if (!x($_REQUEST, 'mid') && !$search) { + $pinned = new \Zotlabs\Widget\Pinned; + $r = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]); + $o .= $r['html']; + } } @@ -423,17 +427,14 @@ class Channel extends Controller { $items = []; } - // Add pinned content - if (!x($_REQUEST, 'mid') && !$search) { - $pinned = new \Zotlabs\Widget\Pinned; - $r = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]); - $o .= $r['html']; - } + $mode = (($search) ? 'search' : 'channel'); if ((!$update) && (!$load)) { + + //if we got a decoded hash we must encode it again before handing to javascript $mid = gen_link_id($mid); diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index f43432376..e178b27df 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -16,17 +16,17 @@ class Chanview extends \Zotlabs\Web\Controller { $r = null; - if(isset($_REQUEST['hash']) && $_REQUEST['hash']) { + if(!empty($_REQUEST['hash'])) { $r = q("select * from xchan where xchan_hash = '%s' and xchan_deleted = 0", dbesc($_REQUEST['hash']) ); } - if(isset($_REQUEST['address']) && $_REQUEST['address']) { + if(!empty($_REQUEST['address'])) { $r = q("select * from xchan where xchan_addr = '%s' and xchan_deleted = 0", dbesc(punify($_REQUEST['address'])) ); } - elseif(local_channel() && isset($_REQUEST['cid']) && $_REQUEST['cid']) { + elseif(local_channel() && !empty($_REQUEST['cid'])) { $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and abook_id = %d and xchan_deleted = 0", @@ -34,8 +34,7 @@ class Chanview extends \Zotlabs\Web\Controller { intval($_REQUEST['cid']) ); } - elseif(isset($_REQUEST['url']) && $_REQUEST['url']) { - + elseif(!empty($_REQUEST['url'])) { // if somebody re-installed they will have more than one xchan, use the most recent name date as this is // the most useful consistently ascending table item we have. @@ -56,7 +55,7 @@ class Chanview extends \Zotlabs\Web\Controller { if(! App::$poi) { logger('mod_chanview: fallback'); - if(isset($_REQUEST['address']) && $_REQUEST['address']) { + if(!empty($_REQUEST['address'])) { $href = Webfinger::zot_url(punify($_REQUEST['address'])); if($href) { $_REQUEST['url'] = $href; @@ -65,9 +64,9 @@ class Chanview extends \Zotlabs\Web\Controller { $r = null; - if(isset($_REQUEST['url']) && $_REQUEST['url']) { + if(!empty($_REQUEST['url'])) { - $zf = Zotfinger::exec($_REQUEST['url'], null); + $zf = Zotfinger::exec($_REQUEST['url']); if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $_REQUEST['url'] && intval($zf['signature']['header_valid'])) { Libzot::import_xchan($zf['data']); @@ -79,6 +78,7 @@ class Chanview extends \Zotlabs\Web\Controller { } } if(! $r) { + if(discover_by_webbie($_REQUEST['url'])) { $r = q("select * from xchan where xchan_url = '%s' and xchan_deleted = 0", dbesc($_REQUEST['url']) diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index ea30b9b9e..e0f463c76 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -145,6 +145,7 @@ class Connections extends \Zotlabs\Web\Controller { } $search = ((x($_REQUEST,'search')) ? notags(trim($_REQUEST['search'])) : ''); + $search_xchan = ((x($_REQUEST,'search_xchan')) ? notags(trim($_REQUEST['search_xchan'])) : ''); $tabs = array( /* @@ -233,10 +234,15 @@ class Connections extends \Zotlabs\Web\Controller { if($search) { $search_hdr = $search; - $search_txt = dbesc(protect_sprintf(preg_quote($search))); - $searching = true; + $search_txt = (($search_xchan) ? urldecode($search_xchan) : preg_quote($search)); + + if ($search_xchan) { + $sql_extra .= " AND xchan_hash = '" . protect_sprintf(dbesc($search_txt)) . "' "; + } + else { + $sql_extra .= " AND xchan_name LIKE '%%" . protect_sprintf(dbesc($search_txt)) . "%%' "; + } } - $sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : ""); if(isset($_REQUEST['gid']) && $_REQUEST['gid']) { $sql_extra .= " and xchan_hash in ( select xchan from pgrp_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) "; @@ -396,7 +402,7 @@ class Connections extends \Zotlabs\Web\Controller { '$search' => $search_hdr, '$label' => t('Search'), '$role_label' => t('Contact role'), - '$desc' => t('Search your connections'), + '$desc' => $search ?? t('Search your connections'), '$finding' => (($searching) ? t('Contact search') . ": '" . $search . "'" : ""), '$submit' => t('Find'), '$edit' => t('Edit'), diff --git a/Zotlabs/Module/Dirsearch.php b/Zotlabs/Module/Dirsearch.php index 34678af57..c0df8a1e3 100644 --- a/Zotlabs/Module/Dirsearch.php +++ b/Zotlabs/Module/Dirsearch.php @@ -263,7 +263,7 @@ class Dirsearch extends Controller { xprof.xprof_homepage as homepage, xprof.xprof_hometown as hometown, xprof.xprof_keywords as keywords - from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on hubloc_hash = xchan_hash + from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on (hubloc_id_url = xchan_url and hubloc_hash = xchan_hash) where hubloc_primary = 1 and hubloc_updated > %s - INTERVAL %s and ( $logic $sql_extra ) $hub_query and xchan_network = 'zot6' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql $order $qlimit", db_utcnow(), diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 0b2d0ea7d..77d56e9a2 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -51,13 +51,20 @@ class Hq extends \Zotlabs\Web\Controller { $o = ''; if($item_hash) { + // select the target item with a bias to our own item + $sql_order = ((local_channel() > $sys['channel_id']) ? 'DESC' : 'ASC'); - $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid = '%s' limit 1", + $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where uid in (%d, %d) and mid = '%s' order by uid $sql_order limit 2", + intval(local_channel()), + intval($sys['channel_id']), dbesc($item_hash) ); if($r) { $target_item = $r[0]; + if (intval($target_item['uid']) === intval($sys['channel_id'])) { + $sys_item = true; + } } //if the item is to be moderated redirect to /moderate @@ -158,19 +165,18 @@ class Hq extends \Zotlabs\Web\Controller { } if($load && $target_item) { - $r = null; - - $r = q("SELECT item.id AS item_id FROM item - WHERE uid = %d - AND mid = '%s' - $item_normal - LIMIT 1", - intval(local_channel()), - dbesc($target_item['parent_mid']) - ); - if(!$r) { - $sys_item = true; + if (!$sys_item) { + $r = q("SELECT item.id AS item_id FROM item + WHERE uid = %d + AND mid = '%s' + $item_normal + LIMIT 1", + intval(local_channel()), + dbesc($target_item['parent_mid']) + ); + } + else { $sql_extra = item_permissions_sql($sys['channel_id']); $r = q("SELECT item.id AS item_id FROM item @@ -184,20 +190,18 @@ class Hq extends \Zotlabs\Web\Controller { } } elseif($update && $target_item) { - $r = null; - - $r = q("SELECT item.parent AS item_id FROM item - WHERE uid = %d - AND parent_mid = '%s' - $item_normal_update - $simple_update - LIMIT 1", - intval(local_channel()), - dbesc($target_item['parent_mid']) - ); - - if(!$r) { - $sys_item = true; + if (!$sys_item) { + $r = q("SELECT item.parent AS item_id FROM item + WHERE uid = %d + AND parent_mid = '%s' + $item_normal_update + $simple_update + LIMIT 1", + intval(local_channel()), + dbesc($target_item['parent_mid']) + ); + } + else { $sql_extra = item_permissions_sql($sys['channel_id']); $r = q("SELECT item.parent AS item_id FROM item @@ -245,6 +249,7 @@ class Hq extends \Zotlabs\Web\Controller { $options['offset'] = $_REQUEST['offset'] ?? 0; $options['type'] = $_REQUEST['type'] ?? ''; + $options['author'] = ((isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : ''); $ret = Messages::get_messages_page($options); diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 98fa7db5a..ef41faedd 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -546,6 +546,7 @@ class Like extends Controller { $arr['deny_cid'] = $deny_cid; $arr['deny_gid'] = $deny_gid; $arr['item_private'] = $private; + $arr['created'] = datetime_convert(); call_hooks('post_local', $arr); diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index bfd38d2fa..6d997c662 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -16,7 +16,7 @@ class Magic extends Controller { 'url' => '', 'message' => '' ]; - + logger('mod_magic: invoked', LOGGER_DEBUG); logger('args: ' . print_r($_REQUEST,true),LOGGER_DATA); @@ -43,12 +43,12 @@ class Magic extends Controller { $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (isset($parsed['port']) ? ':' . $parsed['port'] : ''); $owapath = SConfig::get($basepath,'system','openwebauth', $basepath . '/owa'); - // This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. + // This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. // By default, we'll proceed without asking. $arr = [ 'channel_id' => local_channel(), - 'destination' => $dest, + 'destination' => $dest, 'proceed' => true ]; diff --git a/Zotlabs/Module/Notes.php b/Zotlabs/Module/Notes.php index 57b8f30db..2fd719f25 100644 --- a/Zotlabs/Module/Notes.php +++ b/Zotlabs/Module/Notes.php @@ -39,7 +39,7 @@ class Notes extends Controller { } set_pconfig(local_channel(),'notes','text',$body); - $ret['html'] = bbcode($body); + $ret['html'] = bbcode($body, ['tryoembed' => false]); $ret['success'] = true; } diff --git a/Zotlabs/Module/Settings/Account.php b/Zotlabs/Module/Settings/Account.php index 5e1fb176e..85e7c793f 100644 --- a/Zotlabs/Module/Settings/Account.php +++ b/Zotlabs/Module/Settings/Account.php @@ -105,6 +105,7 @@ class Account { '$password1' => array('npassword', t('Enter New Password'), '', ''), '$password2' => array('confirm', t('Confirm New Password'), '', t('Leave password fields blank unless changing')), '$submit' => t('Submit'), + '$mfa' => t('Multi-Factor Authentication'), '$email' => array('email', t('DId2 or Email Address:'), $email, '', '', $attremail), '$email_hidden' => (($attremail) ? $email : ''), '$removeme' => t('Remove Account'), diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php new file mode 100644 index 000000000..8b91bc87a --- /dev/null +++ b/Zotlabs/Module/Settings/Multifactor.php @@ -0,0 +1,90 @@ +<?php + +namespace Zotlabs\Module\Settings; + +use App; +use chillerlan\QRCode\QRCode; +use Zotlabs\Lib\AConfig; +use Zotlabs\Lib\System; +use OTPHP\TOTP; +use ParagonIE\ConstantTime\Base32; + + +class Multifactor { + public function post() { + check_form_security_token_redirectOnErr('/settings/multifactor', 'settings_mfa'); + + $account = App::get_account(); + if (!$account) { + return; + } + + if (empty($_POST['password'])) { + notice(t('Password is required') . EOL); + return; + } + + $password = trim($_POST['password']); + if(!account_verify_password($account['account_email'], $password)) { + notice(t('The provided password is not correct') . EOL); + return; + } + + $enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false; + AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa); + if ($enable_mfa) { + $_SESSION['2FA_VERIFIED'] = true; + } + } + + public function get() { + $account = App::get_account(); + if (!$account) { + return ''; + } + + if (!$account['account_external']) { + $otp = TOTP::create(); + $otp->setLabel($account['account_email']); + // $otp->setLabel(rawurlencode(System::get_platform_name())); + $otp->setIssuer(rawurlencode(System::get_platform_name())); + + $mySecret = trim(Base32::encodeUpper(random_bytes(32)), '='); + $otp = TOTP::create($mySecret); + q("UPDATE account set account_external = '%s' where account_id = %d", + dbesc($otp->getSecret()), + intval($account['account_id']) + ); + $account['account_external'] = $otp->getSecret(); + } + + $otp = TOTP::create($account['account_external']); + $otp->setLabel($account['account_email']); + $otp->setIssuer(rawurlencode(System::get_platform_name())); + $uri = $otp->getProvisioningUri(); + return replace_macros(get_markup_template('totp_setup.tpl'), + [ + '$form_security_token' => get_form_security_token("settings_mfa"), + '$title' => t('Account Multi-Factor Authentication'), + '$secret_text' => t('This is your generated secret. It may be used in some cases if the QR image cannot be read. Please store it in a safe place.'), + '$test_title' => t('Please enter the code from your authenticator app'), + '$test_title_sub' => t('You will only be able to enable MFA if the test passes'), + '$qrcode' => (new QRCode())->render($uri), + '$uri' => $uri, + '$secret' => ($account['account_external'] ?? ''), + '$test_pass' => t("Congratulations, the provided code was correct"), + '$test_fail' => t("Incorrect code"), + '$enable_mfa' => [ + 'enable_mfa', + t('Enable Multi-Factor Authentication'), + AConfig::Get($account['account_id'], 'system', 'mfa_enabled'), + t('Logging in will require you to be in possession of your smartphone'), + [t('No'), t('Yes')] + ], + '$password' => ['password', t('Your account password'), '', t('Required')], + '$submit' => t('Submit'), + '$test' => t('Test') + ] + ); + } +} diff --git a/Zotlabs/Module/Totp_check.php b/Zotlabs/Module/Totp_check.php new file mode 100644 index 000000000..8212d3716 --- /dev/null +++ b/Zotlabs/Module/Totp_check.php @@ -0,0 +1,86 @@ +<?php + +namespace Zotlabs\Module; + +use App; +use Zotlabs\Web\Controller; +use OTPHP\TOTP; + +class Totp_check extends Controller { + + public function post() { + $retval = ['status' => false]; + $static = $_POST['totp_code_static'] ?? false; + + if (!local_channel()) { + if ($static) { + goaway(z_root()); + } + + json_return_and_die($retval); + } + + $account = App::get_account(); + if (!$account) { + json_return_and_die($retval); + } + + $secret = $account['account_external']; + $input = (isset($_POST['totp_code'])) ? trim($_POST['totp_code']) : ''; + + if ($secret && $input) { + $otp = TOTP::create($secret); // create TOTP object from the secret. + if ($otp->verify($_POST['totp_code']) || $input === $secret ) { + logger('otp_success'); + $_SESSION['2FA_VERIFIED'] = true; + + if ($static) { + goaway(z_root()); + } + + $retval['status'] = true; + json_return_and_die($retval); + } + logger('otp_fail'); + } + + if ($static) { + if(empty($_SESSION['totp_try_count'])) { + $_SESSION['totp_try_count'] = 1; + } + + if ($_SESSION['totp_try_count'] > 2) { + goaway('logout'); + } + + $_SESSION['totp_try_count']++; + goaway(z_root()); + } + + json_return_and_die($retval); + } + + public function get() { + + if (!local_channel() || App::$module === 'totp_check') { + goaway(z_root()); + } + + $account = App::get_account(); + if (!$account) { + return t('Account not found.'); + } + + $id = $account['account_email']; + + return replace_macros(get_markup_template('totp.tpl'), + [ + '$header' => t('Multifactor Verification'), + '$id' => $id, + '$desc' => t('Please enter the verification key from your authenticator app'), + '$submit' => t('Verify') + ] + ); + } +} + |