5 files changed, 312 insertions, 6 deletions
diff --git a/Zotlabs/Project/System.php b/Zotlabs/Project/System.php
index f87f827bb..a67742db5 100644
--- a/Zotlabs/Project/System.php
+++ b/Zotlabs/Project/System.php
@@ -5,21 +5,24 @@ namespace Zotlabs\Project;
 class System {
 
 	function get_platform_name() {
-		$a = get_app();
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['platform_name'])
 			return \App::$config['system']['platform_name'];
 		return PLATFORM_NAME;
 	}
 
+	function get_site_name() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['sitename'])
+			return \App::$config['system']['sitename'];
+		return '';
+	}
+
 	function get_project_version() {
-		$a = get_app();
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
 			return '';
 		return RED_VERSION;
 	}
 
 	function get_update_version() {
-		$a = get_app();
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
 			return '';
 		return DB_UPDATE_VERSION;
@@ -27,14 +30,12 @@ class System {
 
 
 	function get_notify_icon() {
-		$a = get_app();
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['email_notify_icon_url'])
 			return \App::$config['system']['email_notify_icon_url'];
 		return z_root() . '/images/hz-white-32.png';
 	}
 
 	function get_site_icon() {
-		$a = get_app();
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['site_icon_url'])
 			return \App::$config['system']['site_icon_url'];
 		return z_root() . '/images/hz-32.png';
diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php
index 0347ce087..edbef5a95 100644
--- a/Zotlabs/Storage/Directory.php
+++ b/Zotlabs/Storage/Directory.php
@@ -168,6 +168,14 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			intval($this->auth->owner_id)
 		);
 
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->folder_hash);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
+
 		$this->red_path = $new_path;
 	}
 
@@ -335,6 +343,12 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			$p = photo_upload($c[0],\App::get_observer(),$args);
 		}
 
+		$sync = attach_export_data($c[0],$hash);
+
+		if($sync) 
+			build_sync_packet($c[0]['channel_id'],array('file' => array($sync)));
+
+
 	}
 
 	/**
@@ -356,7 +370,14 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 		if ($r) {
 			$result = attach_mkdir($r[0], $this->auth->observer, array('filename' => $name, 'folder' => $this->folder_hash));
-			if (! $result['success']) {
+
+			if($result['success']) {
+				$sync = attach_export_data($r[0],$ret['data']['hash']);
+				if($sync) {
+					build_sync_packet($r[0]['channel_id'],array('file' => array($sync)));
+				}
+			}
+			else {		
 				logger('error ' . print_r($result, true), LOGGER_DEBUG);
 			}
 		}
@@ -380,6 +401,15 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 		}
 
 		attach_delete($this->auth->owner_id, $this->folder_hash);
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->folder_hash,true);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
+
+
 	}
 
 
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php
index a4bf3f49d..897f24edd 100644
--- a/Zotlabs/Storage/File.php
+++ b/Zotlabs/Storage/File.php
@@ -84,6 +84,20 @@ class File extends DAV\Node implements DAV\IFile {
 			dbesc($this->data['hash']),
 			intval($this->data['id'])
 		);
+
+		if($this->data->is_photo) {
+			$r = q("update photo set filename = '%s' where resource_id = '%s' and uid = %d",
+				dbesc($newName),
+				dbesc($this->data['hash']),
+				intval($this->auth->owner_id)
+			);
+		}
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->data['hash']);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
 	}
 
 	/**
@@ -205,6 +219,12 @@ class File extends DAV\Node implements DAV\IFile {
 				return;
 			}
 		}
+
+		$sync = attach_export_data($c[0],$this->data['hash']);
+
+		if($sync) 
+			build_sync_packet($c[0]['channel_id'],array('file' => array($sync)));
+
 	}
 
 	/**
@@ -318,5 +338,12 @@ class File extends DAV\Node implements DAV\IFile {
 		}
 
 		attach_delete($this->auth->owner_id, $this->data['hash']);
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->data['hash'],true);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
 	}
 }
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
new file mode 100644
index 000000000..55536fdc7
--- /dev/null
+++ b/Zotlabs/Web/Session.php
@@ -0,0 +1,160 @@
+<?php
+
+namespace Zotlabs\Web;
+
+/**
+ *
+ * @brief This file includes session related functions.
+ *
+ * Session management functions. These provide database storage of PHP
+ * session info.
+ */
+
+
+class Session {
+
+	private static $handler = null;
+	private static $session_started = false;
+
+	function init() {
+
+		$gc_probability = 50;
+
+		ini_set('session.gc_probability', $gc_probability);
+		ini_set('session.use_only_cookies', 1);
+		ini_set('session.cookie_httponly', 1);
+	
+		/*
+		 * Set our session storage functions.
+		 */
+
+		$handler = new \Zotlabs\Web\SessionHandler();
+		self::$handler = $handler;
+
+		$x = session_set_save_handler($handler,true);
+		if(! $x)
+			logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
+
+		// Force cookies to be secure (https only) if this site is SSL enabled. 
+		// Must be done before session_start().
+
+		$arr = session_get_cookie_params();
+		session_set_cookie_params(
+			((isset($arr['lifetime']))   ? $arr['lifetime'] : 0),
+			((isset($arr['path']))      ? $arr['path']     : '/'),
+			((isset($arr['domain']))    ? $arr['domain']   : App::get_hostname()),
+			((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+			((isset($arr['httponly']))  ? $arr['httponly'] : true)
+		);
+	}
+
+	function start() {
+		session_start();
+		self::$session_started = true;
+	}
+
+	/**
+	 * @brief Resets the current session.
+	 *
+	 * @return void
+	 */
+
+	function nuke() {
+		self::new_cookie(0); // 0 means delete on browser exit
+		if($_SESSION && count($_SESSION)) {
+			foreach($_SESSION as $k => $v) {
+				unset($_SESSION[$k]);
+			}
+		}
+	}
+
+	function new_cookie($xtime) {
+
+		$newxtime = (($xtime> 0) ? (time() + $xtime) : 0);
+
+		$old_sid = session_id();
+
+		if(self::$handler && self::$session_started) {
+			session_regenerate_id(true);
+
+			// force SessionHandler record creation with the new session_id
+			// which occurs as a side effect of read()
+
+			self::$handler->read(session_id());
+		}
+		else 
+			logger('no session handler');
+
+		if (x($_COOKIE, 'jsAvailable')) {
+			setcookie('jsAvailable', $_COOKIE['jsAvailable'], $newxtime);
+		}
+		setcookie(session_name(),session_id(),$newxtime);
+
+		$arr = array('expire' => $xtime);
+		call_hooks('new_cookie', $arr);
+
+	}
+
+	function extend_cookie() {
+
+		// if there's a long-term cookie, extend it
+
+		$xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 );
+
+		if($xtime)
+			setcookie(session_name(),session_id(),(time() + $xtime));
+		$arr = array('expire' => $xtime);
+		call_hooks('extend_cookie', $arr);
+
+	}
+
+
+	function return_check() {
+
+		// check a returning visitor against IP changes.
+		// If the change results in being blocked from re-entry with the current cookie
+		// nuke the session and logout.
+		// Returning at all indicates the session is still valid.
+
+		// first check if we're enforcing that sessions can't change IP address
+		// @todo what to do with IPv6 addresses
+
+		if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
+			logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
+
+			$partial1 = substr($_SESSION['addr'], 0, strrpos($_SESSION['addr'], '.')); 
+			$partial2 = substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], '.')); 
+
+			$paranoia = intval(get_pconfig($_SESSION['uid'], 'system', 'paranoia'));
+
+			if(! $paranoia)
+				$paranoia = intval(get_config('system', 'paranoia'));
+
+			switch($paranoia) {
+				case 0:
+					// no IP checking
+					break;
+				case 2:
+					// check 2 octets
+					$partial1 = substr($partial1, 0, strrpos($partial1, '.'));
+					$partial2 = substr($partial2, 0, strrpos($partial2, '.'));
+					if($partial1 == $partial2)
+						break;
+				case 1:
+					// check 3 octets
+					if($partial1 == $partial2)
+						break;
+				case 3:
+				default:
+					// check any difference at all
+					logger('Session address changed. Paranoid setting in effect, blocking session. '
+					. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
+					self::nuke();
+					goaway(z_root());
+					break;
+			}
+		}
+		return true;
+	}
+
+}
diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php
new file mode 100644
index 000000000..6980a6408
--- /dev/null
+++ b/Zotlabs/Web/SessionHandler.php
@@ -0,0 +1,88 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class SessionHandler implements \SessionHandlerInterface {
+
+
+	function open ($s, $n) {
+		return true;
+	}
+
+	// IMPORTANT: if we read the session and it doesn't exist, create an empty record.
+	// We rely on this due to differing PHP implementation of session_regenerate_id()
+	// some which call read explicitly and some that do not. So we call it explicitly
+	// just after sid regeneration to force a record to exist.
+
+	function read ($id) {
+
+		if($id) {
+			$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
+
+			if($r) {
+				return $r[0]['data'];
+			}
+			else {
+				q("INSERT INTO `session` (sid, expire) values ('%s', '%s')",
+					dbesc($id),
+					dbesc(time() + 300)
+				);
+			}
+		}
+
+		return '';
+	}
+
+
+	function write ($id, $data) {
+
+		if(! $id || ! $data) {
+			return false;
+		}
+
+		// Unless we authenticate somehow, only keep a session for 5 minutes
+		// The viewer can extend this by performing any web action using the
+		// original cookie, but this allows us to cleanup the hundreds or 
+		// thousands of empty sessions left around from web crawlers which are
+		// assigned cookies on each page that they never use. 
+
+		$expire = time() + 300;
+
+		if($_SESSION) {
+			if(array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
+				$expire = time() + (60 * 60 * 24 * 365);
+			elseif(local_channel())
+				$expire = time() + (60 * 60 * 24 * 3);
+			elseif(remote_channel())
+				$expire = time() + (60 * 60 * 24 * 1);
+		}
+
+		q("UPDATE `session`
+			SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
+			dbesc($data),
+			dbesc($expire),
+			dbesc($id)
+		);
+
+		return true;
+	}
+
+	
+	function close() {
+		return true;
+	}
+
+
+	function destroy ($id) {
+		q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
+		return true;
+	}
+
+
+	function gc($expire) {
+		q("DELETE FROM session WHERE expire < %d", dbesc(time()));
+		return true;
+	}
+
+}