diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/Scrape.php | 88 | ||||
-rw-r--r-- | include/acl.js | 4 | ||||
-rw-r--r-- | include/acl_selectors.php | 4 | ||||
-rw-r--r-- | include/api.php | 449 | ||||
-rw-r--r-- | include/attach.php | 11 | ||||
-rw-r--r-- | include/auth.php | 12 | ||||
-rw-r--r-- | include/config.php | 218 | ||||
-rw-r--r-- | include/conversation.php | 46 | ||||
-rw-r--r-- | include/cronhooks.php | 43 | ||||
-rw-r--r-- | include/crypto.php | 184 | ||||
-rw-r--r-- | include/datetime.php | 109 | ||||
-rw-r--r-- | include/diaspora.php | 815 | ||||
-rw-r--r-- | include/event.php | 13 | ||||
-rw-r--r-- | include/group.php | 28 | ||||
-rw-r--r-- | include/hostxrd.php | 12 | ||||
-rw-r--r-- | include/items.php | 46 | ||||
-rw-r--r-- | include/main.js | 12 | ||||
-rw-r--r-- | include/network.php | 695 | ||||
-rw-r--r-- | include/notifier.php | 69 | ||||
-rw-r--r-- | include/oembed.php | 6 | ||||
-rw-r--r-- | include/plugin.php | 199 | ||||
-rw-r--r-- | include/poller.php | 22 | ||||
-rw-r--r-- | include/salmon.php | 95 | ||||
-rw-r--r-- | include/security.php | 4 | ||||
-rw-r--r-- | include/text.php | 954 |
25 files changed, 3850 insertions, 288 deletions
diff --git a/include/Scrape.php b/include/Scrape.php index 6726d0b15..bfe795e19 100644 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -1,6 +1,7 @@ <?php require_once('library/HTML5/Parser.php'); +require_once('include/crypto.php'); if(! function_exists('scrape_dfrn')) { function scrape_dfrn($url) { @@ -171,6 +172,8 @@ function scrape_vcard($url) { // Pull out hCard profile elements + $largest_photo = 0; + $items = $dom->getElementsByTagName('*'); foreach($items as $item) { if(attribute_contains($item->getAttribute('class'), 'vcard')) { @@ -179,8 +182,13 @@ function scrape_vcard($url) { if(attribute_contains($x->getAttribute('class'),'fn')) $ret['fn'] = $x->textContent; if((attribute_contains($x->getAttribute('class'),'photo')) - || (attribute_contains($x->getAttribute('class'),'avatar'))) - $ret['photo'] = $x->getAttribute('src'); + || (attribute_contains($x->getAttribute('class'),'avatar'))) { + $size = intval($x->getAttribute('width')); + if(($size > $largest_photo) || (! $largest_photo)) { + $ret['photo'] = $x->getAttribute('src'); + $largest_photo = $size; + } + } if((attribute_contains($x->getAttribute('class'),'nickname')) || (attribute_contains($x->getAttribute('class'),'uid'))) $ret['nick'] = $x->textContent; @@ -289,13 +297,24 @@ function probe_url($url) { if(! $url) return $result; - $diaspora = false; + $diaspora = false; + $diaspora_base = ''; + $diaspora_guid = ''; + $diaspora_key = ''; $email_conversant = false; $twitter = ((strpos($url,'twitter.com') !== false) ? true : false); + $at_addr = ((strpos($url,'@') !== false) ? true : false); + if(! $twitter) { - $links = lrdd($url); + + if(strpos($url,'mailto:') !== false && $at_addr) { + $url = str_replace('mailto:','',$url); + $links = array(); + } + else + $links = lrdd($url); if(count($links)) { logger('probe_url: found lrdd links: ' . print_r($links,true), LOGGER_DATA); @@ -312,8 +331,19 @@ function probe_url($url) { $hcard = unamp($link['@attributes']['href']); if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') $profile = unamp($link['@attributes']['href']); - if($link['@attributes']['rel'] === 'http://joindiaspora.com/seed_location') + if($link['@attributes']['rel'] === 'http://joindiaspora.com/seed_location') { + $diaspora_base = unamp($link['@attributes']['href']); + $diaspora = true; + } + if($link['@attributes']['rel'] === 'http://joindiaspora.com/guid') { + $diaspora_guid = unamp($link['@attributes']['href']); + $diaspora = true; + } + if($link['@attributes']['rel'] === 'diaspora-public-key') { + $diaspora_key = base64_decode(unamp($link['@attributes']['href'])); + $pubkey = rsatopem($diaspora_key); $diaspora = true; + } } // Status.Net can have more than one profile URL. We need to match the profile URL @@ -411,8 +441,17 @@ function probe_url($url) { } } + if($diaspora && $diaspora_base && $diaspora_guid) { + $notify = $diaspora_base . 'receive/post/' . $diaspora_guid; + if(strpos($url,'@')) + $addr = str_replace('acct:', '', $url); + } + if($network !== NETWORK_ZOT && $network !== NETWORK_DFRN && $network !== NETWORK_MAIL) { - $network = NETWORK_OSTATUS; + if($diaspora) + $network = NETWORK_DIASPORA; + else + $network = NETWORK_OSTATUS; $priority = 0; if($hcard) { @@ -429,13 +468,6 @@ function probe_url($url) { logger('probe_url: scrape_vcard: ' . print_r($vcard,true), LOGGER_DATA); } - if(! $profile) { - if($diaspora) - $profile = $hcard; - else - $profile = $url; - } - if($twitter) { logger('twitter: setup'); $tid = basename($url); @@ -451,10 +483,18 @@ function probe_url($url) { if(x($vcard,'nick')) $vcard['fn'] = $vcard['nick']; - - if(((! isset($vcard)) && (! $poll)) || ($twitter)) { + $check_feed = false; + + if($twitter || ! $poll) + $check_feed = true; + if((! isset($vcard)) || (! $profile)) + $check_feed = true; + if(($at_addr) && (! count($links))) + $check_feed = false; + + if($check_feed) { - $feedret = scrape_feed($url); + $feedret = scrape_feed(($poll) ? $poll : $url); logger('probe_url: scrape_feed returns: ' . print_r($feedret,true), LOGGER_DATA); if(count($feedret) && ($feedret['feed_atom'] || $feedret['feed_rss'])) { $poll = ((x($feedret,'feed_atom')) ? unamp($feedret['feed_atom']) : unamp($feedret['feed_rss'])); @@ -488,6 +528,8 @@ function probe_url($url) { if(strpos($vcard['fn'],'@') !== false) $vcard['fn'] = substr($vcard['fn'],0,strpos($vcard['fn'],'@')); $email = unxmlify($author->get_email()); + if(! $profile && $author->get_link()) + $profile = trim(unxmlify($author->get_link())); if(! $vcard['photo']) { $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author'); if($rawtags) { @@ -508,6 +550,8 @@ function probe_url($url) { if(strpos($vcard['fn'],'@') !== false) $vcard['fn'] = substr($vcard['fn'],0,strpos($vcard['fn'],'@')); $email = unxmlify($author->get_email()); + if(! $profile && $author->get_link()) + $profile = trim(unxmlify($author->get_link())); } if(! $vcard['photo']) { $rawmedia = $item->get_item_tags('http://search.yahoo.com/mrss/','thumbnail'); @@ -545,8 +589,10 @@ function probe_url($url) { if(strpos($vcard['nick'],' ')) $vcard['nick'] = trim(substr($vcard['nick'],0,strpos($vcard['nick'],' '))); } - $network = 'feed'; - $priority = 2; + if(! $network) + $network = 'feed'; + if(! $priority) + $priority = 2; } } @@ -554,8 +600,12 @@ function probe_url($url) { $a = get_app(); $vcard['photo'] = $a->get_baseurl() . '/images/default-profile.jpg' ; } + + if(! $profile) + $profile = $url; + $vcard['fn'] = notags($vcard['fn']); - $vcard['nick'] = notags($vcard['nick']); + $vcard['nick'] = str_replace(' ','',notags($vcard['nick'])); $result['name'] = $vcard['fn']; diff --git a/include/acl.js b/include/acl.js index a0a1f5dd8..82b631ee9 100644 --- a/include/acl.js +++ b/include/acl.js @@ -153,6 +153,9 @@ ACL.prototype.updateview = function(){ $('#jot-perms-icon').removeClass('lock').addClass('unlock'); $('#jot-public').show(); $('.profile-jot-net input').attr('disabled', false); + if(editor != false) { + $('#profile-jot-desc').html(ispublic); + } } else { that.showall.removeClass("selected"); @@ -160,6 +163,7 @@ ACL.prototype.updateview = function(){ $('#jot-perms-icon').removeClass('unlock').addClass('lock'); $('#jot-public').hide(); $('.profile-jot-net input').attr('disabled', 'disabled'); + $('#profile-jot-desc').html(' '); } $("#acl-list-content .acl-list-item").each(function(){ diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 99de67d64..48ba77a88 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -96,7 +96,7 @@ function contact_selector($selname, $selclass, $preselected = false, $options) { $sql_extra = ''; if($x['mutual']) { - $sql_extra .= sprintf(" AND `rel` = %d ", intval(REL_BUD)); + $sql_extra .= sprintf(" AND `rel` = %d ", intval(CONTACT_IS_FRIEND)); } if(intval($x['exclude'])) @@ -163,7 +163,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p $sql_extra = ''; if($privmail || $celeb) { - $sql_extra .= sprintf(" AND `rel` = %d ", intval(REL_BUD)); + $sql_extra .= sprintf(" AND `rel` = %d ", intval(CONTACT_IS_FRIEND)); } if($privmail) { diff --git a/include/api.php b/include/api.php index 4e5ea43bd..7a44cf023 100644 --- a/include/api.php +++ b/include/api.php @@ -10,10 +10,9 @@ $API = Array(); - function api_date($str){ //Wed May 23 06:01:13 +0000 2007 - return datetime_convert('UTC', 'UTC', $str, "D M d h:i:s +0000 Y" ); + return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" ); } @@ -111,7 +110,11 @@ if ($info['auth']===true && local_user()===false) { api_login($a); } - + + load_contact_links(local_user()); + + logger('API call for ' . $a->user['username'] . ': ' . $a->query_string); + logger('API parameters: ' . print_r($_REQUEST,true)); $type="json"; if (strpos($a->query_string, ".xml")>0) $type="xml"; if (strpos($a->query_string, ".json")>0) $type="json"; @@ -145,7 +148,26 @@ //echo "<pre>"; var_dump($r); die(); } } - return false; + $r = '<status><error>not implemented</error></status>'; + switch($type){ + case "xml": + header ("Content-Type: text/xml"); + return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r; + break; + case "json": + header ("Content-Type: application/json"); + return json_encode(array('error' => 'not implemented')); + break; + case "rss": + header ("Content-Type: application/rss+xml"); + return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r; + break; + case "atom": + header ("Content-Type: application/atom+xml"); + return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r; + break; + + } } /** @@ -157,7 +179,9 @@ $arr['$rss'] = array( 'alternate' => $user_info['url'], 'self' => $a->get_baseurl(). "/". $a->query_string, + 'base' => $a->get_baseurl(), 'updated' => api_date(null), + 'atom_updated' => datetime_convert('UTC','UTC','now',ATOM_TIME), 'language' => $user_info['language'], 'logo' => $a->get_baseurl()."/images/friendika-32.png", ); @@ -168,9 +192,10 @@ /** * Returns user info array. */ - function api_get_user(&$a, $contact_id=Null){ + function api_get_user(&$a, $contact_id = Null){ $user = null; $extra_query = ""; + if(!is_null($contact_id)){ $user=$contact_id; $extra_query = "AND `contact`.`id` = %d "; @@ -185,7 +210,7 @@ $extra_query = "AND `contact`.`nick` = '%s' "; } - if (is_null($user)){ + if (is_null($user) && $a->argc > 3){ list($user, $null) = explode(".",$a->argv[3]); if(is_numeric($user)){ $user = intval($user); @@ -196,17 +221,17 @@ } } - if ($user==='') { + if (! $user) { if (local_user()===false) { api_login($a); return False; } else { $user = $_SESSION['uid']; - $extra_query = "AND `contact`.`uid` = %d "; + $extra_query = "AND `contact`.`uid` = %d AND `contact`.`self` = 1 "; } } - + logger('api_user: ' . $extra_query . ' ' , $user); // user info $uinfo = q("SELECT *, `contact`.`id` as `cid` FROM `contact` WHERE 1 @@ -217,43 +242,135 @@ return False; } - // count public wall messages - $r = q("SELECT COUNT(`id`) as `count` FROM `item` - WHERE `uid` = %d - AND `type`='wall' - AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''", - intval($uinfo[0]['uid']) - ); - $countitms = $r[0]['count']; - + if($uinfo[0]['self']) { + $usr = q("select * from user where uid = %d limit 1", + intval(local_user()) + ); + $profile = q("select * from profile where uid = %d and `is-default` = 1 limit 1", + intval(local_user()) + ); + + // count public wall messages + $r = q("SELECT COUNT(`id`) as `count` FROM `item` + WHERE `uid` = %d + AND `type`='wall' + AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''", + intval($uinfo[0]['uid']) + ); + $countitms = $r[0]['count']; + } + else { + $r = q("SELECT COUNT(`id`) as `count` FROM `item` + WHERE `contact-id` = %d + AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''", + intval($uinfo[0]['id']) + ); + $countitms = $r[0]['count']; + } + // count friends $r = q("SELECT COUNT(`id`) as `count` FROM `contact` - WHERE `uid` = %d + WHERE `uid` = %d AND `rel` IN ( %d, %d ) AND `self`=0 AND `blocked`=0", - intval($uinfo[0]['uid']) + intval($uinfo[0]['uid']), + intval(CONTACT_IS_SHARING), + intval(CONTACT_IS_FRIEND) ); $countfriends = $r[0]['count']; - + + $r = q("SELECT COUNT(`id`) as `count` FROM `contact` + WHERE `uid` = %d AND `rel` IN ( %d, %d ) + AND `self`=0 AND `blocked`=0", + intval($uinfo[0]['uid']), + intval(CONTACT_IS_FOLLOWER), + intval(CONTACT_IS_FRIEND) + ); + $countfollowers = $r[0]['count']; + + $r = q("SELECT count(`id`) as `count` FROM item where starred = 1 and uid = %d and deleted = 0", + intval($uinfo[0]['uid']) + ); + $starred = $r[0]['count']; + + + if(! $uinfo[0]['self']) { + $countfriends = 0; + $countfollowers = 0; + $starred = 0; + } $ret = Array( - 'uid' => $uinfo[0]['uid'], - 'id' => $uinfo[0]['cid'], + 'uid' => intval($uinfo[0]['uid']), + 'id' => intval($uinfo[0]['cid']), 'name' => $uinfo[0]['name'], - 'screen_name' => $uinfo[0]['nick'], - 'location' => '', //$uinfo[0]['default-location'], + 'screen_name' => (($uinfo[0]['nick']) ? $uinfo[0]['nick'] : $uinfo[0]['name']), + 'location' => ($usr) ? $usr[0]['default-location'] : '', 'profile_image_url' => $uinfo[0]['micro'], 'url' => $uinfo[0]['url'], 'contact_url' => $a->get_baseurl()."/contacts/".$uinfo[0]['cid'], - 'protected' => false, # - 'friends_count' => $countfriends, + 'protected' => false, + 'friends_count' => intval($countfriends), 'created_at' => api_date($uinfo[0]['name-date']), + 'utc_offset' => "+00:00", + 'time_zone' => 'UTC', //$uinfo[0]['timezone'], + 'geo_enabled' => false, + 'statuses_count' => intval($countitms), #XXX: fix me + 'lang' => 'en', #XXX: fix me + 'description' => (($profile) ? $profile[0]['pdesc'] : ''), + 'followers_count' => intval($countfollowers), + 'favourites_count' => intval($starred), + 'contributors_enabled' => false, + 'follow_request_sent' => false, + 'profile_background_color' => 'cfe8f6', + 'profile_text_color' => '000000', + 'profile_link_color' => 'FF8500', + 'profile_sidebar_fill_color' =>'AD0066', + 'profile_sidebar_border_color' => 'AD0066', + 'profile_background_image_url' => '', + 'profile_background_tile' => false, + 'profile_use_background_image' => false, + 'notifications' => false, + 'following' => '', #XXX: fix me + 'verified' => true, #XXX: fix me + #'status' => null + ); + + return $ret; + + } + + function api_item_get_user(&$a, $item) { + // The author is our direct contact, in a conversation with us. + if(link_compare($item['url'],$item['author-link'])) { + return api_get_user($a,$item['cid']); + } + else { + // The author may be a contact of ours, but is replying to somebody else. + // Figure out if we know him/her. + $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); + if(($normalised != 'mailbox') && (x($a->contacts[$normalised]))) + return api_get_user($a,$a->contacts[$normalised]['id']); + } + // We don't know this person directly. + $ret = array( + 'uid' => 0, + 'id' => 0, + 'name' => $item['author-name'], + 'screen_name' => $item['author_name'], + 'location' => '', //$uinfo[0]['default-location'], + 'profile_image_url' => $item['author-avatar'], + 'url' => $item['author-link'], + 'contact_url' => 0, + 'protected' => false, # + 'friends_count' => 0, + 'created_at' => '', 'utc_offset' => 0, #XXX: fix me 'time_zone' => '', //$uinfo[0]['timezone'], 'geo_enabled' => false, - 'statuses_count' => $countitms, #XXX: fix me + 'statuses_count' => 0, 'lang' => 'en', #XXX: fix me 'description' => '', - 'followers_count' => $countfriends, #XXX: fix me + 'followers_count' => 0, 'favourites_count' => 0, 'contributors_enabled' => false, 'follow_request_sent' => false, @@ -270,9 +387,8 @@ 'followers' => '', #XXX: fix me #'status' => null ); - - return $ret; - + + return $ret; } /** @@ -281,7 +397,7 @@ function api_xmlify($val){ if (is_bool($val)) return $val?"true":"false"; if (is_array($val)) return array_map('api_xmlify', $val); - return xmlify($val); + return xmlify((string) $val); } /** @@ -289,9 +405,11 @@ */ function api_apply_template($templatename, $type, $data){ + $a = get_app(); + switch($type){ - case "rss": case "atom": + case "rss": case "xml": $data = api_xmlify($data); $tpl = get_markup_template("api_".$templatename."_".$type.".tpl"); @@ -323,20 +441,39 @@ api_register_func('api/account/verify_credentials','api_account_verify_credentials', true); + /** + * get data from $_POST or $_GET + */ + function requestdata($k){ + if (isset($_POST[$k])){ + return $_POST[$k]; + } + if (isset($_GET[$k])){ + return $_GET[$k]; + } + return null; + } // TODO - media uploads - function api_statuses_update(&$a, $type) { if (local_user()===false) return false; $user_info = api_get_user($a); // convert $_POST array items to the form we use for web posts. - $_POST['body'] = urldecode($_POST['status']); - $_POST['parent'] = $_POST['in_reply_to_status_id']; - if($_POST['lat'] && $_POST['long']) - $_POST['coord'] = sprintf("%s %s",$_POST['lat'],$_POST['long']); + // logger('api_post: ' . print_r($_POST,true)); + + $_POST['body'] = urldecode(requestdata('status')); + + $parent = requestdata('in_reply_to_status_id'); + if(ctype_digit($parent)) + $_POST['parent'] = $parent; + else + $_POST['parent_uri'] = $parent; + + if(requestdata('lat') && requestdata('long')) + $_POST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long')); $_POST['profile_uid'] = local_user(); - if($_POST['parent']) + if(requestdata('parent')) $_POST['type'] = 'net-comment'; else $_POST['type'] = 'wall'; @@ -473,7 +610,85 @@ $user_info = api_get_user($a); // get last newtork messages - $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; +// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, + `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, + `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` + FROM `item`, `contact` + WHERE `item`.`uid` = %d + AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + AND `contact`.`id` = `item`.`contact-id` + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + $sql_extra + ORDER BY `item`.`received` DESC LIMIT %d ,%d ", + intval($user_info['uid']), + 0,20 + ); + + $ret = api_format_items($r,$user_info); + + + $data = array('$statuses' => $ret); + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("timeline", $type, $data); + } + api_register_func('api/statuses/home_timeline','api_statuses_home_timeline', true); + api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true); + + + + function api_statuses_user_timeline(&$a, $type){ + if (local_user()===false) return false; + + $user_info = api_get_user($a); + // get last newtork messages +// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, + `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, + `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` + FROM `item`, `contact` + WHERE `item`.`uid` = %d + AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + AND `item`.`wall` = 1 + AND `contact`.`id` = `item`.`contact-id` + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + $sql_extra + ORDER BY `item`.`received` DESC LIMIT %d ,%d ", + intval($user_info['uid']), + 0,20 + ); + + $ret = api_format_items($r,$user_info); + + + $data = array('$statuses' => $ret); + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("timeline", $type, $data); + } + + api_register_func('api/statuses/user_timeline','api_statuses_user_timeline', true); + + + function api_favorites(&$a, $type){ + if (local_user()===false) return false; + + $user_info = api_get_user($a); + // get last newtork messages +// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, @@ -482,30 +697,56 @@ FROM `item`, `contact` WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + AND `item`.`starred` = 1 AND `contact`.`id` = `item`.`contact-id` AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra - ORDER BY `item`.`created` DESC LIMIT %d ,%d ", + ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), 0,20 ); + + $ret = api_format_items($r,$user_info); + + + $data = array('$statuses' => $ret); + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("timeline", $type, $data); + } + + api_register_func('api/favorites','api_favorites', true); + + + function api_format_items($r,$user_info) { + + //logger('api_format_items: ' . print_r($r,true)); + + //logger('api_format_items: ' . print_r($user_info,true)); + + $a = get_app(); $ret = Array(); foreach($r as $item) { - $status_user = (($item['cid']==$user_info['id'])?$user_info: api_get_user($a,$item['cid'])); + $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item)); $status = array( 'created_at'=> api_date($item['created']), 'published' => datetime_convert('UTC','UTC',$item['created'],ATOM_TIME), 'updated' => datetime_convert('UTC','UTC',$item['edited'],ATOM_TIME), - 'id' => $item['id'], + 'id' => intval($item['id']), + 'message_id' => $item['uri'], 'text' => strip_tags(bbcode($item['body'])), - 'html' => bbcode($item['body']), + 'statusnet_html' => bbcode($item['body']), 'source' => (($item['app']) ? $item['app'] : 'web'), 'url' => ($item['plink']!=''?$item['plink']:$item['author-link']), 'truncated' => False, - 'in_reply_to_status_id' => ($item['parent']!=$item['id']?$item['parent']:''), + 'in_reply_to_status_id' => ($item['parent']!=$item['id']? intval($item['parent']):''), 'in_reply_to_user_id' => '', - 'favorited' => false, + 'favorited' => $item['starred'] ? true : false, 'in_reply_to_screen_name' => '', 'geo' => '', 'coordinates' => $item['coord'], @@ -514,28 +755,16 @@ 'annotations' => '', 'entities' => '', 'user' => $status_user , - 'objecttype' => $item['object-type'], - 'verb' => $item['verb'], - 'self' => $a->get_baseurl()."/api/statuses/show/".$ite['id'].".".$type, - 'edit' => $a->get_baseurl()."/api/statuses/show/".$ite['id'].".".$type, + 'objecttype' => (($item['object-type']) ? $item['object-type'] : ACTIVITY_OBJ_NOTE), + 'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST), + 'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, + 'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, ); $ret[]=$status; }; - - $data = array('$statuses' => $ret); - switch($type){ - case "atom": - case "rss": - $data = api_rss_extra($a, $data, $user_info); - } - - return api_apply_template("timeline", $type, $data); + return $ret; } - api_register_func('api/statuses/home_timeline','api_statuses_home_timeline', true); - api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true); - api_register_func('api/statuses/user_timeline','api_statuses_home_timeline', true); - # TODO: user_timeline should be profile view - + function api_account_rate_limit_status(&$a,$type) { @@ -550,3 +779,93 @@ } api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true); + + + function api_statusnet_config(&$a,$type) { + $name = $a->config['sitename']; + $server = $a->get_hostname(); + $logo = $a->get_baseurl() . '/images/friendika-64.png'; + $email = $a->config['admin_email']; + $closed = (($a->config['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false'); + $private = (($a->config['system']['block_public']) ? 'true' : 'false'); + $textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000); + if($a->config['api_import_size']) + $texlimit = string($a->config['api_import_size']); + $ssl = (($a->config['system']['have_ssl']) ? 'true' : 'false'); + $sslserver = (($ssl === 'true') ? str_replace('http:','https:',$a->get_baseurl()) : ''); + + $config = array( + 'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '', + 'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '', + 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false', + 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, + 'shorturllength' => '30' + ), + ); + + return api_apply_template('config', $type, array('$config' => $config)); + + } + api_register_func('api/statusnet/config','api_statusnet_config',false); + + + function api_statusnet_version(&$a,$type) { + + // liar + + if($type === 'xml') { + header("Content-type: application/xml"); + echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>0.9.7</version>' . "\r\n"; + killme(); + } + elseif($type === 'json') { + header("Content-type: application/json"); + echo '"0.9.7"'; + killme(); + } + } + api_register_func('api/statusnet/version','api_statusnet_version',false); + + + function api_ff_ids(&$a,$type,$qtype) { + if(! local_user()) + return false; + + if($qtype == 'friends') + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + if($qtype == 'followers') + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + + + $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", + intval(local_user()) + ); + + if(is_array($r)) { + if($type === 'xml') { + header("Content-type: application/xml"); + echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<ids>' . "\r\n"; + foreach($r as $rr) + echo '<id>' . $rr['id'] . '</id>' . "\r\n"; + echo '</ids>' . "\r\n"; + killme(); + } + elseif($type === 'json') { + $ret = array(); + header("Content-type: application/json"); + foreach($r as $rr) $ret[] = $rr['id']; + echo json_encode($ret); + killme(); + } + } + } + + function api_friends_ids(&$a,$type) { + api_ff_ids($a,$type,'friends'); + } + function api_followers_ids(&$a,$type) { + api_ff_ids($a,$type,'followers'); + } + api_register_func('api/friends/ids','api_friends_ids',true); + api_register_func('api/followers/ids','api_followers_ids',true); + diff --git a/include/attach.php b/include/attach.php index ca53081d9..4001d2af1 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1,7 +1,7 @@ <?php -if(!function_exists('mime_content_type')) { -function mime_content_type($filename) { + +function z_mime_content_type($filename) { $mime_types = array( @@ -61,8 +61,9 @@ function mime_content_type($filename) { 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', ); - if(strpos($filename,'.') !== false) { - $ext = strtolower(array_pop(explode('.',$filename))); + $dot = strpos($filename,'.'); + if($dot !== false) { + $ext = strtolower(substr($filename,$dot+1)); if (array_key_exists($ext, $mime_types)) { return $mime_types[$ext]; } @@ -76,5 +77,5 @@ function mime_content_type($filename) { else { return 'application/octet-stream'; } -}} +} diff --git a/include/auth.php b/include/auth.php index d1eb9d131..768af626f 100644 --- a/include/auth.php +++ b/include/auth.php @@ -25,7 +25,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p nuke_session(); info( t('Logged out.') . EOL); - goaway($a->get_baseurl()); + goaway(z_root()); } if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { @@ -45,7 +45,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p // extra paranoia - if the IP changed, log them out if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { nuke_session(); - goaway($a->get_baseurl()); + goaway(z_root()); } $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", @@ -54,7 +54,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p if(! count($r)) { nuke_session(); - goaway($a->get_baseurl()); + goaway(z_root()); } // initialise user environment @@ -118,7 +118,7 @@ else { if(($noid) || (strpos($temp_string,'@')) || (! validate_url($temp_string))) { $a = get_app(); notice( t('Login failed.') . EOL); - goaway($a->get_baseurl()); + goaway(z_root()); // NOTREACHED } @@ -143,7 +143,7 @@ else { if($a->config['register_policy'] == REGISTER_CLOSED) { $a = get_app(); notice( t('Login failed.') . EOL); - goaway($a->get_baseurl()); + goaway(z_root()); // NOTREACHED } // new account @@ -196,7 +196,7 @@ else { if((! $record) || (! count($record))) { logger('authenticate: failed login attempt: ' . trim($_POST['openid_url'])); notice( t('Login failed.') . EOL ); - goaway($a->get_baseurl()); + goaway(z_root()); } $_SESSION['uid'] = $record['uid']; diff --git a/include/config.php b/include/config.php new file mode 100644 index 000000000..f565ab117 --- /dev/null +++ b/include/config.php @@ -0,0 +1,218 @@ +<?php + +/** + * + * Arbitrary configuration storage + * Note: + * Please do not store booleans - convert to 0/1 integer values + * The get_?config() functions return boolean false for keys that are unset, + * and this could lead to subtle bugs. + * + * There are a few places in the code (such as the admin panel) where boolean + * configurations need to be fixed as of 10/08/2011. + */ + + +// retrieve a "family" of config variables from database to cached storage + +if(! function_exists('load_config')) { +function load_config($family) { + global $a; + $r = q("SELECT * FROM `config` WHERE `cat` = '%s'", + dbesc($family) + ); + if(count($r)) { + foreach($r as $rr) { + $k = $rr['k']; + if ($rr['cat'] === 'config') { + $a->config[$k] = $rr['v']; + } else { + $a->config[$family][$k] = $rr['v']; + } + } + } +}} + +// get a particular config variable given the family name +// and key. Returns false if not set. +// $instore is only used by the set_config function +// to determine if the key already exists in the DB +// If a key is found in the DB but doesn't exist in +// local config cache, pull it into the cache so we don't have +// to hit the DB again for this item. + +if(! function_exists('get_config')) { +function get_config($family, $key, $instore = false) { + + global $a; + + if(! $instore) { + if(isset($a->config[$family][$key])) { + if($a->config[$family][$key] === '!<unset>!') { + return false; + } + return $a->config[$family][$key]; + } + } + $ret = q("SELECT `v` FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1", + dbesc($family), + dbesc($key) + ); + if(count($ret)) { + // manage array value + $val = (preg_match("|^a:[0-9]+:{.*}$|", $ret[0]['v'])?unserialize( $ret[0]['v']):$ret[0]['v']); + $a->config[$family][$key] = $val; + return $val; + } + else { + $a->config[$family][$key] = '!<unset>!'; + } + return false; +}} + +// Store a config value ($value) in the category ($family) +// under the key ($key) +// Return the value, or false if the database update failed + +if(! function_exists('set_config')) { +function set_config($family,$key,$value) { + global $a; + + // manage array value + $dbvalue = (is_array($value)?serialize($value):$value); + + if(get_config($family,$key,true) === false) { + $a->config[$family][$key] = $value; + $ret = q("INSERT INTO `config` ( `cat`, `k`, `v` ) VALUES ( '%s', '%s', '%s' ) ", + dbesc($family), + dbesc($key), + dbesc($dbvalue) + ); + if($ret) + return $value; + return $ret; + } + + $ret = q("UPDATE `config` SET `v` = '%s' WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1", + dbesc($dbvalue), + dbesc($family), + dbesc($key) + ); + + $a->config[$family][$key] = $value; + + if($ret) + return $value; + return $ret; +}} + + +if(! function_exists('load_pconfig')) { +function load_pconfig($uid,$family) { + global $a; + $r = q("SELECT * FROM `pconfig` WHERE `cat` = '%s' AND `uid` = %d", + dbesc($family), + intval($uid) + ); + if(count($r)) { + foreach($r as $rr) { + $k = $rr['k']; + $a->config[$uid][$family][$k] = $rr['v']; + } + } +}} + + + +if(! function_exists('get_pconfig')) { +function get_pconfig($uid,$family, $key, $instore = false) { + + global $a; + + if(! $instore) { + if(isset($a->config[$uid][$family][$key])) { + if($a->config[$uid][$family][$key] === '!<unset>!') { + return false; + } + return $a->config[$uid][$family][$key]; + } + } + + $ret = q("SELECT `v` FROM `pconfig` WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1", + intval($uid), + dbesc($family), + dbesc($key) + ); + + if(count($ret)) { + $a->config[$uid][$family][$key] = $ret[0]['v']; + return $ret[0]['v']; + } + else { + $a->config[$uid][$family][$key] = '!<unset>!'; + } + return false; +}} + +if(! function_exists('del_config')) { +function del_config($family,$key) { + + global $a; + if(x($a->config[$family],$key)) + unset($a->config[$family][$key]); + $ret = q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1", + dbesc($cat), + dbesc($key) + ); + return $ret; +}} + + + +// Same as above functions except these are for personal config storage and take an +// additional $uid argument. + +if(! function_exists('set_pconfig')) { +function set_pconfig($uid,$family,$key,$value) { + + global $a; + + if(get_pconfig($uid,$family,$key,true) === false) { + $a->config[$uid][$family][$key] = $value; + $ret = q("INSERT INTO `pconfig` ( `uid`, `cat`, `k`, `v` ) VALUES ( %d, '%s', '%s', '%s' ) ", + intval($uid), + dbesc($family), + dbesc($key), + dbesc($value) + ); + if($ret) + return $value; + return $ret; + } + $ret = q("UPDATE `pconfig` SET `v` = '%s' WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1", + dbesc($value), + intval($uid), + dbesc($family), + dbesc($key) + ); + + $a->config[$uid][$family][$key] = $value; + + if($ret) + return $value; + return $ret; +}} + +if(! function_exists('del_pconfig')) { +function del_pconfig($uid,$family,$key) { + + global $a; + if(x($a->config[$uid][$family],$key)) + unset($a->config[$uid][$family][$key]); + $ret = q("DELETE FROM `pconfig` WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1", + intval($uid), + dbesc($family), + dbesc($key) + ); + return $ret; +}} diff --git a/include/conversation.php b/include/conversation.php index 82a107c07..0d901a3c0 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -283,14 +283,14 @@ function conversation(&$a, $items, $mode, $update) { continue; $toplevelpost = (($item['id'] == $item['parent']) ? true : false); - + $toplevelprivate = false; // Take care of author collapsing and comment collapsing // If a single author has more than 3 consecutive top-level posts, squash the remaining ones. // If there are more than two comments, squash all but the last 2. - + if($toplevelpost) { - + $toplevelprivate = (($toplevelpost && $item['private']) ? true : false); $item_writeable = (($item['writable'] || $item['self']) ? true : false); if($blowhard == $item['cid'] && (! $item['self']) && ($mode != 'profile') && ($mode != 'notes')) { @@ -312,9 +312,12 @@ function conversation(&$a, $items, $mode, $update) { $comments_seen = 0; $comments_collapsed = false; } - else + else { + // prevent private email from leaking into public conversation + if((! $toplevelpost) && (! toplevelprivate) && ($item['private']) && ($profile_owner != local_user())) + continue; $comments_seen ++; - + } $override_comment_box = ((($page_writeable) && ($item_writeable)) ? true : false); $show_comment_box = ((($page_writeable) && ($item_writeable) && ($comments_seen == $comments[$item['parent']])) ? true : false); @@ -347,7 +350,7 @@ function conversation(&$a, $items, $mode, $update) { if(($toplevelpost) && (! $item['self']) && ($mode !== 'profile')) { - if($item['type'] === 'wall') { + if($item['wall']) { // On the network page, I am the owner. On the display page it will be the profile owner. // This will have been stored in $a->page_contact by our calling page. @@ -359,7 +362,7 @@ function conversation(&$a, $items, $mode, $update) { $template = $wallwall; $commentww = 'ww'; } - if(($item['type'] === 'remote') && (strlen($item['owner-link'])) && ($item['owner-link'] != $item['author-link'])) { + if((! $item['wall']) && (strlen($item['owner-link'])) && ($item['owner-link'] != $item['author-link'])) { // Could be anybody. @@ -444,7 +447,7 @@ function conversation(&$a, $items, $mode, $update) { $profile_link = ''; $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); - if(($normalised != 'mailbox') && (x($a->contacts[$normalised]))) + if(($normalised != 'mailbox') && (x($a->contacts,$normalised))) $profile_avatar = $a->contacts[$normalised]['thumb']; else $profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $thumb); @@ -533,33 +536,6 @@ function conversation(&$a, $items, $mode, $update) { return $o; } - -if(! function_exists('load_contact_links')) { -function load_contact_links($uid) { - - $a = get_app(); - - $ret = array(); - - if(! $uid || x($a->contacts,'empty')) - return; - - $r = q("SELECT `id`,`network`,`url`,`thumb` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 ", - intval($uid) - ); - if(count($r)) { - foreach($r as $rr){ - $url = normalise_link($rr['url']); - $ret[$url] = $rr; - } - } - else - $ret['empty'] = true; - $a->contacts = $ret; - return; -}} - - function best_link_url($item,&$sparkle) { $a = get_app(); diff --git a/include/cronhooks.php b/include/cronhooks.php new file mode 100644 index 000000000..37541f013 --- /dev/null +++ b/include/cronhooks.php @@ -0,0 +1,43 @@ +<?php + +require_once("boot.php"); + + +function cronhooks_run($argv, $argc){ + global $a, $db; + + if(is_null($a)) { + $a = new App; + } + + if(is_null($db)) { + @include(".htconfig.php"); + require_once("dba.php"); + $db = new dba($db_host, $db_user, $db_pass, $db_data); + unset($db_host, $db_user, $db_pass, $db_data); + }; + + require_once('include/session.php'); + require_once('include/datetime.php'); + + load_config('config'); + load_config('system'); + + $a->set_baseurl(get_config('system','url')); + + load_hooks(); + + logger('cronhooks: start'); + + + $d = datetime_convert(); + + call_hooks('cron', $d); + + return; +} + +if (array_search(__file__,get_included_files())===0){ + cronhooks_run($argv,$argc); + killme(); +} diff --git a/include/crypto.php b/include/crypto.php new file mode 100644 index 000000000..1ab9e7b25 --- /dev/null +++ b/include/crypto.php @@ -0,0 +1,184 @@ +<?php + +require_once('library/ASNValue.class.php'); +require_once('library/asn1.php'); + + +function rsa_sign($data,$key) { + + $sig = ''; + if (version_compare(PHP_VERSION, '5.3.0', '>=')) { + openssl_sign($data,$sig,$key,'sha256'); + } + else { + if(strlen($key) < 1024 || extension_loaded('gmp')) { + require_once('library/phpsec/Crypt/RSA.php'); + $rsa = new CRYPT_RSA(); + $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; + $rsa->setHash('sha256'); + $rsa->loadKey($key); + $sig = $rsa->sign($data); + } + else { + logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3'); + openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key); + } + } + return $sig; +} + +function rsa_verify($data,$sig,$key) { + + if (version_compare(PHP_VERSION, '5.3.0', '>=')) { + $verify = openssl_verify($data,$sig,$key,'sha256'); + } + else { + if(strlen($key) <= 300 || extension_loaded('gmp')) { + require_once('library/phpsec/Crypt/RSA.php'); + $rsa = new CRYPT_RSA(); + $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; + $rsa->setHash('sha256'); + $rsa->loadKey($key); + $verify = $rsa->verify($data,$sig); + } + else { + // fallback sha256 verify for PHP < 5.3 and large key lengths + $rawsig = ''; + openssl_public_decrypt($sig,$rawsig,$key); + $verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false); + } + } + return $verify; +} + + +function DerToPem($Der, $Private=false) +{ + //Encode: + $Der = base64_encode($Der); + //Split lines: + $lines = str_split($Der, 65); + $body = implode("\n", $lines); + //Get title: + $title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY'; + //Add wrapping: + $result = "-----BEGIN {$title}-----\n"; + $result .= $body . "\n"; + $result .= "-----END {$title}-----\n"; + + return $result; +} + +function DerToRsa($Der) +{ + //Encode: + $Der = base64_encode($Der); + //Split lines: + $lines = str_split($Der, 65); + $body = implode("\n", $lines); + //Get title: + $title = 'RSA PUBLIC KEY'; + //Add wrapping: + $result = "-----BEGIN {$title}-----\n"; + $result .= $body . "\n"; + $result .= "-----END {$title}-----\n"; + + return $result; +} + + +function pkcs8_encode($Modulus,$PublicExponent) { + //Encode key sequence + $modulus = new ASNValue(ASNValue::TAG_INTEGER); + $modulus->SetIntBuffer($Modulus); + $publicExponent = new ASNValue(ASNValue::TAG_INTEGER); + $publicExponent->SetIntBuffer($PublicExponent); + $keySequenceItems = array($modulus, $publicExponent); + $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE); + $keySequence->SetSequence($keySequenceItems); + //Encode bit string + $bitStringValue = $keySequence->Encode(); + $bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte + $bitString = new ASNValue(ASNValue::TAG_BITSTRING); + $bitString->Value = $bitStringValue; + //Encode body + $bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode(); + $body = new ASNValue(ASNValue::TAG_SEQUENCE); + $body->Value = $bodyValue; + //Get DER encoded public key: + $PublicDER = $body->Encode(); + return $PublicDER; +} + + +function pkcs1_encode($Modulus,$PublicExponent) { + //Encode key sequence + $modulus = new ASNValue(ASNValue::TAG_INTEGER); + $modulus->SetIntBuffer($Modulus); + $publicExponent = new ASNValue(ASNValue::TAG_INTEGER); + $publicExponent->SetIntBuffer($PublicExponent); + $keySequenceItems = array($modulus, $publicExponent); + $keySequence = new ASNValue(ASNValue::TAG_SEQUENCE); + $keySequence->SetSequence($keySequenceItems); + //Encode bit string + $bitStringValue = $keySequence->Encode(); + return $bitStringValue; +} + + +function metopem($m,$e) { + $der = pkcs8_encode($m,$e); + $key = DerToPem($der,false); + return $key; +} + + +function pubrsatome($key,&$m,&$e) { + require_once('library/asn1.php'); + require_once('include/salmon.php'); + + $lines = explode("\n",$key); + unset($lines[0]); + unset($lines[count($lines)]); + $x = base64_decode(implode('',$lines)); + + $r = ASN_BASE::parseASNString($x); + + $m = base64url_decode($r[0]->asnData[0]->asnData); + $e = base64url_decode($r[0]->asnData[1]->asnData); +} + + +function rsatopem($key) { + pubrsatome($key,$m,$e); + return(metopem($m,$e)); +} + +function pemtorsa($key) { + pemtome($key,$m,$e); + return(metorsa($m,$e)); +} + +function pemtome($key,&$m,&$e) { + require_once('include/salmon.php'); + $lines = explode("\n",$key); + unset($lines[0]); + unset($lines[count($lines)]); + $x = base64_decode(implode('',$lines)); + + $r = ASN_BASE::parseASNString($x); + + $m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData); + $e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData); +} + +function metorsa($m,$e) { + $der = pkcs1_encode($m,$e); + $key = DerToRsa($der); + return $key; +} + +function salmon_key($pubkey) { + pemtome($pubkey,$m,$e); + return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ; +} diff --git a/include/datetime.php b/include/datetime.php index a056eaa60..3033b88af 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -84,12 +84,47 @@ function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d function dob($dob) { list($year,$month,$day) = sscanf($dob,'%4d-%2d-%2d'); $y = datetime_convert('UTC',date_default_timezone_get(),'now','Y'); - $o = datesel('',1920,$y,true,$year,$month,$day); + $f = get_config('system','birthday_input_format'); + if(! $f) + $f = 'ymd'; + $o = datesel($f,'',1920,$y,true,$year,$month,$day); + return $o; +} + + +function datesel_format($f) { + + $o = ''; + + if(strlen($f)) { + for($x = 0; $x < strlen($f); $x ++) { + switch($f[$x]) { + case 'y': + if(strlen($o)) + $o .= '-'; + $o .= t('year'); + break; + case 'm': + if(strlen($o)) + $o .= '-'; + $o .= t('month'); + break; + case 'd': + if(strlen($o)) + $o .= '-'; + $o .= t('day'); + break; + default: + break; + } + } + } return $o; } // returns a date selector. +// $f = format string, e.g. 'ymd' or 'mdy' // $pre = prefix (if needed) for HTML name and class fields // $ymin = first year shown in selector dropdown // $ymax = last year shown in selector dropdown @@ -99,40 +134,52 @@ function dob($dob) { // $d = already selected day if(! function_exists('datesel')) { -function datesel($pre,$ymin,$ymax,$allow_blank,$y,$m,$d) { +function datesel($f,$pre,$ymin,$ymax,$allow_blank,$y,$m,$d) { $o = ''; - $o .= "<select name=\"{$pre}year\" class=\"{$pre}year\" size=\"1\">"; - if($allow_blank) { - $sel = (($y == '0000') ? " selected=\"selected\" " : ""); - $o .= "<option value=\"0000\" $sel ></option>"; - } - if($ymax > $ymin) { - for($x = $ymax; $x >= $ymin; $x --) { - $sel = (($x == $y) ? " selected=\"selected\" " : ""); - $o .= "<option value=\"$x\" $sel>$x</option>"; - } - } - else { - for($x = $ymax; $x <= $ymin; $x ++) { - $sel = (($x == $y) ? " selected=\"selected\" " : ""); - $o .= "<option value=\"$x\" $sel>$x</option>"; - } - } + if(strlen($f)) { + for($z = 0; $z < strlen($f); $z ++) { + if($f[$z] === 'y') { + + $o .= "<select name=\"{$pre}year\" class=\"{$pre}year\" size=\"1\">"; + if($allow_blank) { + $sel = (($y == '0000') ? " selected=\"selected\" " : ""); + $o .= "<option value=\"0000\" $sel ></option>"; + } + + if($ymax > $ymin) { + for($x = $ymax; $x >= $ymin; $x --) { + $sel = (($x == $y) ? " selected=\"selected\" " : ""); + $o .= "<option value=\"$x\" $sel>$x</option>"; + } + } + else { + for($x = $ymax; $x <= $ymin; $x ++) { + $sel = (($x == $y) ? " selected=\"selected\" " : ""); + $o .= "<option value=\"$x\" $sel>$x</option>"; + } + } + } + elseif($f[$z] == 'm') { - $o .= "</select> <select name=\"{$pre}month\" class=\"{$pre}month\" size=\"1\">"; - for($x = (($allow_blank) ? 0 : 1); $x <= 12; $x ++) { - $sel = (($x == $m) ? " selected=\"selected\" " : ""); - $y = (($x) ? $x : ''); - $o .= "<option value=\"$x\" $sel>$y</option>"; - } - - $o .= "</select> <select name=\"{$pre}day\" class=\"{$pre}day\" size=\"1\">"; - for($x = (($allow_blank) ? 0 : 1); $x <= 31; $x ++) { - $sel = (($x == $d) ? " selected=\"selected\" " : ""); - $y = (($x) ? $x : ''); - $o .= "<option value=\"$x\" $sel>$y</option>"; + $o .= "</select> <select name=\"{$pre}month\" class=\"{$pre}month\" size=\"1\">"; + for($x = (($allow_blank) ? 0 : 1); $x <= 12; $x ++) { + $sel = (($x == $m) ? " selected=\"selected\" " : ""); + $y = (($x) ? $x : ''); + $o .= "<option value=\"$x\" $sel>$y</option>"; + } + } + elseif($f[$z] == 'd') { + + $o .= "</select> <select name=\"{$pre}day\" class=\"{$pre}day\" size=\"1\">"; + for($x = (($allow_blank) ? 0 : 1); $x <= 31; $x ++) { + $sel = (($x == $d) ? " selected=\"selected\" " : ""); + $y = (($x) ? $x : ''); + $o .= "<option value=\"$x\" $sel>$y</option>"; + } + } + } } $o .= "</select>"; diff --git a/include/diaspora.php b/include/diaspora.php new file mode 100644 index 000000000..e089e3f04 --- /dev/null +++ b/include/diaspora.php @@ -0,0 +1,815 @@ +<?php + +require_once('include/crypto.php'); +require_once('include/items.php'); + +function get_diaspora_key($uri) { + $key = ''; + + logger('Fetching diaspora key for: ' . $uri); + + $arr = lrdd($uri); + + if(is_array($arr)) { + foreach($arr as $a) { + if($a['@attributes']['rel'] === 'diaspora-public-key') { + $key = base64_decode($a['@attributes']['href']); + } + } + } + else { + return ''; + } + + if($key) + return rsatopem($key); + return ''; +} + + +function diaspora_base_message($type,$data) { + + $tpl = get_markup_template('diaspora_' . $type . '.tpl'); + if(! $tpl) + return ''; + return replace_macros($tpl,$data); + +} + + +function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { + $a = get_app(); + + $inner_aes_key = random_string(32); + $b_inner_aes_key = base64_encode($inner_aes_key); + $inner_iv = random_string(32); + $b_inner_iv = base64_encode($inner_iv); + + $outer_aes_key = random_string(32); + $b_outer_aes_key = base64_encode($outer_aes_key); + $outer_iv = random_string(32); + $b_outer_iv = base64_encode($outer_iv); + + $handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + + $padded_data = pkcs5_pad($msg,16); + $inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv); + + $b64_data = base64_encode($inner_encrypted); + + + $b64url_data = base64url_encode($b64_data); + $b64url_stripped = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data); + $lines = str_split($b64url_stripped,60); + $data = implode("\n",$lines); + $data = $data . (($data[-1] != "\n") ? "\n" : '') ; + $type = 'application/atom+xml'; + $encoding = 'base64url'; + $alg = 'RSA-SHA256'; + + $signable_data = $data . '.' . base64url_encode($type) . "\n" . '.' + . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; + + $signature = rsa_sign($signable_data,$prvkey); + $sig = base64url_encode($signature); + +$decrypted_header = <<< EOT +<decrypted_header> + <iv>$b_inner_iv</iv> + <aes_key>$b_inner_aes_key</aes_key> + <author> + <name>{$user['username']}</name> + <uri>$handle</uri> + </author> +</decrypted_header> +EOT; + + $decrypted_header = pkcs5_pad($decrypted_header,16); + + $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv); + + $outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key)); + $encrypted_outer_key_bundle = ''; + openssl_public_encrypt($outer_json,$encrypted_outer_key_bundle,$pubkey); + + $b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle); + $encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle), + 'ciphertext' => base64_encode($ciphertext))); + $encrypted_header = '<encrypted_header>' . base64_encode($encrypted_header_json_object) . '</encrypted_header>'; + +$magic_env = <<< EOT +<?xml version='1.0' encoding='UTF-8'?> +<entry xmlns='http://www.w3.org/2005/Atom'> + $encrypted_header + <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env"> + <me:encoding>base64url</me:encoding> + <me:alg>RSA-SHA256</me:alg> + <me:data type="application/atom+xml">$data</me:data> + <me:sig>$sig</me:sig> + </me:env> +</entry> +EOT; + + return $magic_env; + +} + +/** + * + * diaspora_decode($importer,$xml) + * array $importer -> from user table + * string $xml -> urldecoded Diaspora salmon + * + * Returns array + * 'message' -> decoded Diaspora XML message + * 'author' -> author diaspora handle + * 'key' -> author public key (converted to pkcs#8) + * + * Author and key are used elsewhere to save a lookup for verifying replies and likes + */ + + +function diaspora_decode($importer,$xml) { + + $basedom = parse_xml_string($xml); + + $atom = $basedom->children(NAMESPACE_ATOM1); + + // Diaspora devs: This is kind of sucky - 'encrypted_header' does not belong in the atom namespace + + $encrypted_header = json_decode(base64_decode($atom->encrypted_header)); + + $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); + $ciphertext = base64_decode($encrypted_header->ciphertext); + + $outer_key_bundle = ''; + openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']); + + $j_outer_key_bundle = json_decode($outer_key_bundle); + + $outer_iv = base64_decode($j_outer_key_bundle->iv); + $outer_key = base64_decode($j_outer_key_bundle->key); + + $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); + + $decrypted = pkcs5_unpad($decrypted); + + /** + * $decrypted now contains something like + * + * <decrypted_header> + * <iv>8e+G2+ET8l5BPuW0sVTnQw==</iv> + * <aes_key>UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU=</aes_key> + * <author> + * <name>Ryan Hughes</name> + * <uri>acct:galaxor@diaspora.pirateship.org</uri> + * </author> + * </decrypted_header> + */ + + logger('decrypted: ' . $decrypted); + $idom = parse_xml_string($decrypted,false); + + $inner_iv = base64_decode($idom->iv); + $inner_aes_key = base64_decode($idom->aes_key); + + $author_link = str_replace('acct:','',$idom->author->uri); + + $dom = $basedom->children(NAMESPACE_SALMON_ME); + + // figure out where in the DOM tree our data is hiding + + if($dom->provenance->data) + $base = $dom->provenance; + elseif($dom->env->data) + $base = $dom->env; + elseif($dom->data) + $base = $dom; + + if(! $base) { + logger('mod-diaspora: unable to locate salmon data in xml '); + http_status_exit(400); + } + + + // Stash the signature away for now. We have to find their key or it won't be good for anything. + $signature = base64url_decode($base->sig); + + // unpack the data + + // strip whitespace so our data element will return to one big base64 blob + $data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data); + + // Add back the 60 char linefeeds + + // Diaspora devs: This completely violates the entire principle of salmon magic signatures, + // which was to have a message signing format that was completely ambivalent to linefeeds + // and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby + // use different linelengths for base64 output. + + $lines = str_split($data,60); + $data = implode("\n",$lines); + + + // stash away some other stuff for later + + $type = $base->data[0]->attributes()->type[0]; + $keyhash = $base->sig[0]->attributes()->keyhash[0]; + $encoding = $base->encoding; + $alg = $base->alg; + + // Diaspora devs: I can't even begin to tell you how sucky this is. Read the freaking spec. + + $signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; + + + // decode the data + $data = base64url_decode($data); + + // Now pull out the inner encrypted blob + + $inner_encrypted = base64_decode($data); + + $inner_decrypted = + $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); + + $inner_decrypted = pkcs5_unpad($inner_decrypted); + + if(! $author_link) { + logger('mod-diaspora: Could not retrieve author URI.'); + http_status_exit(400); + } + + // Once we have the author URI, go to the web and try to find their public key + // *** or look it up locally *** + + logger('mod-diaspora: Fetching key for ' . $author_link ); + + // Get diaspora public key (pkcs#1) and convert to pkcs#8 + + $key = get_diaspora_key($author_link); + + if(! $key) { + logger('mod-diaspora: Could not retrieve author key.'); + http_status_exit(400); + } + + $verify = rsa_verify($signed_data,$signature,$key); + + if(! $verify) { + logger('mod-diaspora: Message did not verify. Discarding.'); + http_status_exit(400); + } + + logger('mod-diaspora: Message verified.'); + + return array('message' => $inner_decrypted, 'author' => $author_link, 'key' => $key); + +} + +function diaspora_get_contact_by_handle($uid,$handle) { + $r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND `uid` = %d AND `addr` = '%s' LIMIT 1", + dbesc(NETWORK_DIASPORA), + intval($uid), + dbesc($handle) + ); + if($r && count($r)) + return $r[0]; + return false; +} + +function find_person_by_handle($handle) { + // we don't care about the uid, we just want to save an expensive webfinger probe + $r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1", + dbesc(NETWORK_DIASPORA), + dbesc($handle) + ); + if(count($r)) + return $r[0]; + $r = probe_url($handle); + // need to cached this, perhaps in fcontact + if(count($r)) + return ($r); + return false; +} + +function diaspora_request($importer,$xml) { + + $sender_handle = unxmlify($xml->sender_handle); + $recipient_handle = unxmlify($xml->recipient_handle); + + if(! $sender_handle || ! $recipient_handle) + return; + + $contact = diaspora_get_contact_by_handle($importer['uid'],$sender_handle); + + + if($contact) { + + // perhaps we were already sharing with this person. Now they're sharing with us. + // That makes us friends. + + if($contact['rel'] == CONTACT_IS_FOLLOWER) { + q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval(CONTACT_IS_FRIEND), + intval($contact['id']), + intval($importer['uid']) + ); + } + // send notification? + return; + } + + require_once('include/Scrape.php'); + $ret = probe_url($sender_handle); + + if((! count($ret)) || ($ret['network'] != NETWORK_DIASPORA)) { + logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle); + return; + } + + $r = q("INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`) + VALUES ( %d, '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s',%d,%d) ", + intval($importer['uid']), + dbesc($ret['network']), + dbesc($ret['addr']), + datetime_convert(), + dbesc($ret['url']), + dbesc($ret['name']), + dbesc($ret['nick']), + dbesc($ret['photo']), + dbesc($ret['pubkey']), + dbesc($ret['notify']), + dbesc($ret['poll']), + 1, + 2 + ); + + // find the contact record we just created + + $contact_record = diaspora_get_contact_by_handle($importer['uid'],$sender_handle); + + $hash = random_string() . (string) time(); // Generate a confirm_key + + if($contact_record) { + $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`,`blocked`) + VALUES ( %d, %d, 1, %d, '%s', '%s', '%s', 0 )", + intval($importer['uid']), + intval($contact_record['id']), + 0, + dbesc( t('Sharing notification from Diaspora network')), + dbesc($hash), + dbesc(datetime_convert()) + ); + } + + return; +} + +function diaspora_post($importer,$xml) { + + $guid = notags(unxmlify($xml->guid)); + $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + + $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); + if(! $contact) + return; + + if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { + logger('diaspora_post: Ignoring this author.'); + http_status_exit(202); + // NOTREACHED + } + + $message_id = $diaspora_handle . ':' . $guid; + $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `uri` = '%s' AND `guid` = '%s' LIMIT 1", + intval($importer['uid']), + dbesc($message_id), + dbesc($guid) + ); + if(count($r)) + return; + + // allocate a guid on our system - we aren't fixing any collisions. + // we're ignoring them + + $g = q("select * from guid where guid = '%s' limit 1", + dbesc($guid) + ); + if(! count($g)) { + q("insert into guid ( guid ) values ( '%s' )", + dbesc($guid) + ); + } + + $created = unxmlify($xml->created_at); + $private = ((unxmlify($xml->public) == 'false') ? 1 : 0); + + $body = unxmlify($xml->raw_message); + + require_once('library/HTMLPurifier.auto.php'); + require_once('include/html2bbcode.php'); + + $maxlen = get_max_import_size(); + if($maxlen && (strlen($body) > $maxlen)) + $body = substr($body,0, $maxlen); + + if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) { + + $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', + '[youtube]$1[/youtube]', $body); + + $body = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s', + '[youtube]$1[/youtube]', $body); + + $body = oembed_html2bbcode($body); + + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.DefinitionImpl', null); + $purifier = new HTMLPurifier($config); + $body = $purifier->purify($body); + + $body = html2bbcode($body); + } + + $datarray = array(); + $datarray['uid'] = $importer['uid']; + $datarray['contact-id'] = $contact['id']; + $datarray['wall'] = 0; + $datarray['guid'] = $guid; + $datarray['uri'] = $datarray['parent-uri'] = $message_id; + $datarray['created'] = $datarray['edited'] = datetime_convert('UTC','UTC',$created); + $datarray['private'] = $private; + $datarray['parent'] = 0; + $datarray['owner-name'] = $contact['name']; + $datarray['owner-link'] = $contact['url']; + $datarray['owner-avatar'] = $contact['thumb']; + $datarray['author-name'] = $contact['name']; + $datarray['author-link'] = $contact['url']; + $datarray['author-avatar'] = $contact['thumb']; + $datarray['body'] = $body; + + item_store($datarray); + + return; + +} + +function diaspora_comment($importer,$xml,$msg) { + + $guid = notags(unxmlify($xml->guid)); + $parent_guid = notags(unxmlify($xml->parent_guid)); + $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + $target_type = notags(unxmlify($xml->target_type)); + $text = unxmlify($xml->text); + $author_signature = notags(unxmlify($xml->author_signature)); + + $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); + + $text = $xml->text; + + $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']); + if(! $contact) + return; + + if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { + logger('diaspora_comment: Ignoring this author.'); + http_status_exit(202); + // NOTREACHED + } + + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + intval($importer['uid']), + dbesc($parent_guid) + ); + if(! count($r)) { + logger('diaspora_comment: parent item not found: ' . $guid); + return; + } + $parent_item = $r[0]; + + $author_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle; + + $author_signature = base64_decode($author_signature); + + if(stricmp($diaspora_handle,$msg['author']) == 0) { + $person = $contact; + $key = $msg['key']; + } + else { + $person = find_person_by_handle($diaspora_handle); + + if(is_array($person) && x($person,'pubkey')) + $key = $person['pubkey']; + else { + logger('diaspora_comment: unable to find author details'); + return; + } + } + + if(! rsa_verify($author_signed_data,$author_signature,$key)) { + logger('diaspora_comment: verification failed.'); + return; + } + + if($parent_author_signature) { + $owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $msg['author']; + + $parent_author_signature = base64_decode($parent_author_signature); + + $key = $msg['key']; + + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) { + logger('diaspora_comment: owner verification failed.'); + return; + } + } + + // Phew! Everything checks out. Now create an item. + + require_once('library/HTMLPurifier.auto.php'); + require_once('include/html2bbcode.php'); + + $body = $text; + + $maxlen = get_max_import_size(); + if($maxlen && (strlen($body) > $maxlen)) + $body = substr($body,0, $maxlen); + + if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) { + + $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', + '[youtube]$1[/youtube]', $body); + + $body = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s', + '[youtube]$1[/youtube]', $body); + + $body = oembed_html2bbcode($body); + + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.DefinitionImpl', null); + $purifier = new HTMLPurifier($config); + $body = $purifier->purify($body); + + $body = html2bbcode($body); + } + + $message_id = $diaspora_handle . ':' . $guid; + + $datarray = array(); + $datarray['uid'] = $importer['uid']; + $datarray['contact-id'] = $contact['id']; + $datarray['wall'] = $parent_item['wall']; + $datarray['gravity'] = GRAVITY_COMMENT; + $datarray['guid'] = $guid; + $datarray['uri'] = $message_id; + $datarray['parent-uri'] = $parent_item['uri']; + + // No timestamps for comments? OK, we'll the use current time. + $datarray['created'] = $datarray['edited'] = datetime_convert(); + $datarray['private'] = $parent_item['private']; + + $datarray['owner-name'] = $contact['name']; + $datarray['owner-link'] = $contact['url']; + $datarray['owner-avatar'] = $contact['thumb']; + + $datarray['author-name'] = $person['name']; + $datarray['author-link'] = $person['url']; + $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); + $datarray['body'] = $body; + + item_store($datarray); + + return; + +} + +function diaspora_like($importer,$xml,$msg) { + + $guid = notags(unxmlify($xml->guid)); + $parent_guid = notags(unxmlify($xml->parent_guid)); + $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + $target_type = notags(unxmlify($xml->target_type)); + $positive = notags(unxmlify($xml->positive)); + $author_signature = notags(unxmlify($xml->author_signature)); + + $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); + + // likes on comments not supported here and likes on photos not supported by Diaspora + + if($target_type !== 'Post') + return; + + $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']); + if(! $contact) + return; + + if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { + logger('diaspora_like: Ignoring this author.'); + http_status_exit(202); + // NOTREACHED + } + + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + intval($importer['uid']), + dbesc($parent_guid) + ); + if(! count($r)) { + logger('diaspora_like: parent item not found: ' . $guid); + return; + } + + $parent_item = $r[0]; + + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '$s' LIMIT 1", + intval($importer['uid']), + dbesc($guid) + ); + if(count($r)) { + if($positive === 'true') { + logger('diaspora_like: duplicate like: ' . $guid); + return; + } + if($positive === 'false') { + q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($r[0]['id']), + intval($importer['uid']) + ); + // FIXME + // send notification via proc_run() + return; + } + } + if($positive === 'false') { + logger('diaspora_like: unlike received with no corresponding like'); + return; + } + + $author_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $diaspora_handle; + + $author_signature = base64_decode($author_signature); + + if(stricmp($diaspora_handle,$msg['author']) == 0) { + $person = $contact; + $key = $msg['key']; + } + else { + $person = find_person_by_handle($diaspora_handle); + if(is_array($person) && x($person,'pubkey')) + $key = $person['pubkey']; + else { + logger('diaspora_comment: unable to find author details'); + return; + } + } + + if(! rsa_verify($author_signed_data,$author_signature,$key)) { + logger('diaspora_like: verification failed.'); + return; + } + + if($parent_author_signature) { + $owner_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $msg['author']; + + $parent_author_signature = base64_decode($parent_author_signature); + + $key = $msg['key']; + + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) { + logger('diaspora_like: owner verification failed.'); + return; + } + } + + // Phew! Everything checks out. Now create an item. + + $uri = $diaspora_handle . ':' . $guid; + + $activity = ACTIVITY_LIKE; + $post_type = (($parent_item['resource-id']) ? t('photo') : t('status')); + $objtype = (($parent_item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + $link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . '" />' . "\n") ; + $body = $parent_item['body']; + + $obj = <<< EOT + + <object> + <type>$objtype</type> + <local>1</local> + <id>{$parent_item['uri']}</id> + <link>$link</link> + <title></title> + <content>$body</content> + </object> +EOT; + $bodyverb = t('%1$s likes %2$s\'s %3$s'); + + $arr = array(); + + $arr['uri'] = $uri; + $arr['uid'] = $importer['uid']; + $arr['contact-id'] = $contact['id']; + $arr['type'] = 'activity'; + $arr['wall'] = $parent_item['wall']; + $arr['gravity'] = GRAVITY_LIKE; + $arr['parent'] = $parent_item['id']; + $arr['parent-uri'] = $parent_item['uri']; + + $datarray['owner-name'] = $contact['name']; + $datarray['owner-link'] = $contact['url']; + $datarray['owner-avatar'] = $contact['thumb']; + + $datarray['author-name'] = $person['name']; + $datarray['author-link'] = $person['url']; + $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); + + $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; + $alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]'; + $plink = '[url=' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . ']' . $post_type . '[/url]'; + $arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink ); + + $arr['private'] = $parent_item['private']; + $arr['verb'] = $activity; + $arr['object-type'] = $objtype; + $arr['object'] = $obj; + $arr['visible'] = 1; + $arr['unseen'] = 1; + $arr['last-child'] = 0; + + $post_id = item_store($arr); + + + // FIXME send notification + + +} + +function diaspora_retraction($importer,$xml) { + + $guid = notags(unxmlify($xml->guid)); + $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + + $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); + if(! $contact) + return; + +// if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { +// logger('diaspora_retraction: Ignoring this author.'); +// http_status_exit(202); +// // NOTREACHED +// } + + + +} + +function diaspora_share($me,$contact) { + $a = get_app(); + $myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $theiraddr = $contact['addr']; + + $tpl = get_markup_template('diaspora_share.tpl'); + $msg = replace_macros($tpl, array( + '$sender' => myaddr, + '$recipient' => $theiraddr + )); + + $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey'])); + + post_url($contact['notify'],$slap); + $return_code = $a->get_curl_code(); + return $return_code; +} + +function diaspora_send_status($item,$owner,$contact) { + + $a = get_app(); + $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $theiraddr = $contact['addr']; + require_once('include/bbcode.php'); + + $body = xmlify(bbcode($item['body'])); + $public = (($item['private']) ? 'false' : 'true'); + + require_once('include/datetime.php'); + $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d h:i:s \U\T\C'); + + $tpl = get_markup_template('diaspora_post.tpl'); + $msg = replace_macros($tpl, array( + '$body' => $body, + '$guid' => $item['guid'], + '$handle' => xmlify($myaddr), + '$public' => $public, + '$created' => $created + )); + + logger('diaspora_send_status: base message: ' . $msg, LOGGER_DATA); + + $slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'])); + + post_url($contact['notify'],$slap); + $return_code = $a->get_curl_code(); + logger('diaspora_send_status: returns: ' . $return_code); + return $return_code; +} + diff --git a/include/event.php b/include/event.php index aab195d24..99f685d0b 100644 --- a/include/event.php +++ b/include/event.php @@ -197,6 +197,7 @@ function event_store($arr) { $arr['type'] = (($arr['type']) ? $arr['type'] : 'event' ); $arr['cid'] = ((intval($arr['cid'])) ? intval($arr['cid']) : 0); $arr['uri'] = (x($arr,'uri') ? $arr['uri'] : item_new_uri($a->get_hostname(),$arr['uid'])); + $arr['private'] = ((x($arr,'private')) ? intval($arr['private']) : 0); if($arr['cid']) $c = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", @@ -275,7 +276,7 @@ function event_store($arr) { $object .= '</object>' . "\n"; - q("UPDATE `item` SET `body` = '%s', `object` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", + q("UPDATE `item` SET `body` = '%s', `object` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `edited` = '%s', `private` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc(format_event_bbcode($arr)), dbesc($object), dbesc($arr['allow_cid']), @@ -283,6 +284,7 @@ function event_store($arr) { dbesc($arr['deny_cid']), dbesc($arr['deny_gid']), dbesc($arr['edited']), + intval($arr['private']), intval($r[0]['id']), intval($arr['uid']) ); @@ -341,10 +343,11 @@ function event_store($arr) { $item_arr['author-link'] = $contact['url']; $item_arr['author-avatar'] = $contact['thumb']; $item_arr['title'] = ''; - $item_arr['allow_cid'] = $str_contact_allow; - $item_arr['allow_gid'] = $str_group_allow; - $item_arr['deny_cid'] = $str_contact_deny; - $item_arr['deny_gid'] = $str_group_deny; + $item_arr['allow_cid'] = $arr['allow_cid']; + $item_arr['allow_gid'] = $arr['allow_gid']; + $item_arr['deny_cid'] = $arr['deny_cid']; + $item_arr['deny_gid'] = $arr['deny_gid']; + $item_arr['private'] = $arr['private']; $item_arr['last-child'] = 1; $item_arr['visible'] = 1; $item_arr['verb'] = ACTIVITY_POST; diff --git a/include/group.php b/include/group.php index e16c900d9..1ebae7b7b 100644 --- a/include/group.php +++ b/include/group.php @@ -136,7 +136,7 @@ function group_public_members($gid) { -function group_side($every="contacts",$each="group",$edit = false, $group_id = 0) { +function group_side($every="contacts",$each="group",$edit = false, $group_id = 0, $cid = 0) { $o = ''; @@ -160,10 +160,19 @@ EOT; $r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC", intval($_SESSION['uid']) ); + if($cid) { + $member_of = groups_containing(local_user(),$cid); + } + if(count($r)) { foreach($r as $rr) { $selected = (($group_id == $rr['id']) ? ' class="group-selected" ' : ''); - $o .= ' <li class="sidebar-group-li">' . (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit') . "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "") . "<a href=\"$each/{$rr['id']}\" $selected >{$rr['name']}</a></li>\r\n"; + $o .= ' <li class="sidebar-group-li">' + . (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit') + . "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "") + . (($cid) ? '<input type="checkbox" class="' . (($selected) ? 'ticked' : 'unticked') . '" onclick="contactgroupChangeMember(' . $rr['id'] . ',' . $cid . ');return true;" ' + . ((in_array($rr['id'],$member_of)) ? ' checked="checked" ' : '') . '/>' : '') + . "<a href=\"$each/{$rr['id']}\" $selected >{$rr['name']}</a></li>\r\n"; } } $o .= " </ul>\r\n </div>"; @@ -204,3 +213,18 @@ function member_of($c) { } +function groups_containing($uid,$c) { + + $r = q("SELECT `gid` FROM `group_member` WHERE `uid` = %d AND `group_member`.`contact-id` = %d ", + intval($uid), + intval($c) + ); + + $ret = array(); + if(count($r)) { + foreach($r as $rr) + $ret[] = $rr['gid']; + } + + return $ret; +}
\ No newline at end of file diff --git a/include/hostxrd.php b/include/hostxrd.php deleted file mode 100644 index 7040f927d..000000000 --- a/include/hostxrd.php +++ /dev/null @@ -1,12 +0,0 @@ -<?php - -function hostxrd($baseurl) { - - header('Access-Control-Allow-Origin: *'); - header("Content-type: text/xml"); - $tpl = file_get_contents('view/xrd_host.tpl'); - echo str_replace('$domain',$baseurl,$tpl); - session_write_close(); - exit(); - -}
\ No newline at end of file diff --git a/include/items.php b/include/items.php index 6593647ba..ec519ad9b 100644 --- a/include/items.php +++ b/include/items.php @@ -6,7 +6,6 @@ require_once('include/salmon.php'); function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) { - // default permissions - anonymous user if(! strlen($owner_nick)) @@ -113,7 +112,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) $items = $r; - $feed_template = get_markup_template('atom_feed.tpl'); + $feed_template = get_markup_template(($dfrn_id) ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl'); $atom = ''; @@ -154,6 +153,9 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) if($dfrn_id === '') { $type = 'html'; + // catch any email that's in a public conversation and make sure it doesn't leak + if($item['private']) + continue; } else { $type = 'text'; @@ -485,7 +487,6 @@ function get_atom_elements($feed,$item) { if((x($res,'verb')) && ($res['verb'] === 'http://ostatus.org/schema/1.0/unfollow')) $res['verb'] = ACTIVITY_UNFOLLOW; - $cats = $item->get_categories(); if($cats) { $tag_arr = array(); @@ -520,7 +521,7 @@ function get_atom_elements($feed,$item) { if(! $type) $type = 'application/octet-stream'; - $att_arr[] = '[attach]href="' . $link . '" size="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]'; + $att_arr[] = '[attach]href="' . $link . '" length="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]'; } $res['attach'] = implode(',', $att_arr); } @@ -720,6 +721,13 @@ function item_store($arr,$force_parent = false) { if($r[0]['uri'] != $r[0]['parent-uri']) { $arr['thr-parent'] = $arr['parent-uri']; $arr['parent-uri'] = $r[0]['parent-uri']; + $z = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `parent-uri` = '%s' AND `uid` = %d LIMIT 1", + dbesc($r[0]['parent-uri']), + dbesc($r[0]['parent-uri']), + intval($arr['uid']) + ); + if($z && count($z)) + $r = $z; } $parent_id = $r[0]['id']; @@ -749,6 +757,8 @@ function item_store($arr,$force_parent = false) { } } + $arr['guid'] = get_guid(); + call_hooks('post_remote',$arr); dbesc_array($arr); @@ -917,7 +927,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['dissolve'] = '1'; - if((($contact['rel']) && ($contact['rel'] != REL_FAN) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { + if((($contact['rel']) && ($contact['rel'] != CONTACT_IS_SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { $postvars['data'] = $atom; $postvars['perm'] = 'rw'; } @@ -997,6 +1007,11 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee require_once('library/simplepie/simplepie.inc'); + if(! strlen($xml)) { + logger('consume_feed: empty input'); + return; + } + $feed = new SimplePie(); $feed->set_raw_data($xml); if($datedir) @@ -1023,7 +1038,9 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee if(count($hubs)) $hub = implode(',', $hubs); - $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author'); + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'owner'); + if(! $rawtags) + $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author'); if($rawtags) { $elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]; if($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) { @@ -1349,6 +1366,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee $ev['uid'] = $importer['uid']; $ev['uri'] = $item_id; $ev['edited'] = $datarray['edited']; + $ev['private'] = $datarray['private']; if(is_array($contact)) $ev['cid'] = $contact['id']; @@ -1444,9 +1462,9 @@ function new_follower($importer,$contact,$datarray,$item) { $nick = $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data']; if(is_array($contact)) { - if($contact['network'] == 'stat' && $contact['rel'] == REL_FAN) { + if($contact['network'] == 'stat' && $contact['rel'] == CONTACT_IS_SHARING) { $r = q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval(REL_BUD), + intval(CONTACT_IS_FRIEND), intval($contact['id']), intval($importer['uid']) ); @@ -1468,12 +1486,12 @@ function new_follower($importer,$contact,$datarray,$item) { dbesc($nick), dbesc($photo), dbesc('stat'), - intval(REL_VIP) + intval(CONTACT_IS_FOLLOWER) ); $r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `pending` = 1 AND `rel` = %d LIMIT 1", intval($importer['uid']), dbesc($url), - intval(REL_VIP) + intval(CONTACT_IS_FOLLOWER) ); if(count($r)) $contact_record = $r[0]; @@ -1518,9 +1536,9 @@ function new_follower($importer,$contact,$datarray,$item) { function lose_follower($importer,$contact,$datarray,$item) { - if(($contact['rel'] == REL_BUD) || ($contact['rel'] == REL_FAN)) { + if(($contact['rel'] == CONTACT_IS_FRIEND) || ($contact['rel'] == CONTACT_IS_SHARING)) { q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d LIMIT 1", - intval(REL_FAN), + intval(CONTACT_IS_SHARING), intval($contact['id']) ); } @@ -1726,11 +1744,11 @@ function item_getfeedattach($item) { if(count($arr)) { foreach($arr as $r) { $matches = false; - $cnt = preg_match('|\[attach\]href=\"(.*?)\" size=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches); + $cnt = preg_match('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches); if($cnt) { $ret .= '<link rel="enclosure" href="' . xmlify($matches[1]) . '" type="' . xmlify($matches[3]) . '" '; if(intval($matches[2])) - $ret .= 'size="' . intval($matches[2]) . '" '; + $ret .= 'length="' . intval($matches[2]) . '" '; if($matches[4] !== ' ') $ret .= 'title="' . xmlify(trim($matches[4])) . '" '; $ret .= ' />' . "\r\n"; diff --git a/include/main.js b/include/main.js index 3574e6eb8..83dcc720c 100644 --- a/include/main.js +++ b/include/main.js @@ -194,7 +194,8 @@ else { $('#' + ident + ' ' + '.wall-item-ago').replaceWith($(this).find('.wall-item-ago')); - $('#' + ident + ' ' + '.wall-item-comment-wrapper').replaceWith($(this).find('.wall-item-comment-wrapper')); + if($('#' + ident + ' ' + '.comment-edit-text-empty').length) + $('#' + ident + ' ' + '.wall-item-comment-wrapper').replaceWith($(this).find('.wall-item-comment-wrapper')); $('#' + ident + ' ' + '.wall-item-like').replaceWith($(this).find('.wall-item-like')); $('#' + ident + ' ' + '.wall-item-dislike').replaceWith($(this).find('.wall-item-dislike')); $('#' + ident + ' ' + '.my-comment-photo').each(function() { @@ -361,6 +362,14 @@ }); } + function contactgroupChangeMember(gid,cid) { + $('body').css('cursor', 'wait'); + $.get('contactgroup/' + gid + '/' + cid, function(data) { + $('body').css('cursor', 'auto'); + }); + } + + function checkboxhighlight(box) { if($(box).is(':checked')) { $(box).addClass('checkeditem'); @@ -414,3 +423,4 @@ Array.prototype.remove = function(item) { this.length = from < 0 ? this.length + from : from; return this.push.apply(this, rest); }; + diff --git a/include/network.php b/include/network.php new file mode 100644 index 000000000..bbf1d6a63 --- /dev/null +++ b/include/network.php @@ -0,0 +1,695 @@ +<?php + + +// curl wrapper. If binary flag is true, return binary +// results. + +if(! function_exists('fetch_url')) { +function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0) { + + $a = get_app(); + + $ch = curl_init($url); + if(($redirects > 8) || (! $ch)) + return false; + + curl_setopt($ch, CURLOPT_HEADER, true); + curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); + curl_setopt($ch, CURLOPT_USERAGENT, "Friendika"); + + if(intval($timeout)) { + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + } + else { + $curl_time = intval(get_config('system','curl_timeout')); + curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); + } + // by default we will allow self-signed certs + // but you can override this + + $check_cert = get_config('system','verifyssl'); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); + + $prx = get_config('system','proxy'); + if(strlen($prx)) { + curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); + curl_setopt($ch, CURLOPT_PROXY, $prx); + $prxusr = get_config('system','proxyuser'); + if(strlen($prxusr)) + curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + } + if($binary) + curl_setopt($ch, CURLOPT_BINARYTRANSFER,1); + + $a->set_curl_code(0); + + // don't let curl abort the entire application + // if it throws any errors. + + $s = @curl_exec($ch); + + $base = $s; + $curl_info = curl_getinfo($ch); + $http_code = $curl_info['http_code']; + + $header = ''; + + // Pull out multiple headers, e.g. proxy and continuation headers + // allow for HTTP/2.x without fixing code + + while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { + $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); + $header .= $chunk; + $base = substr($base,strlen($chunk)); + } + + if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { + $matches = array(); + preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); + $url = trim(array_pop($matches)); + $url_parsed = @parse_url($url); + if (isset($url_parsed)) { + $redirects++; + return fetch_url($url,$binary,$redirects,$timeout); + } + } + + $a->set_curl_code($http_code); + + $body = substr($s,strlen($header)); + + $a->set_curl_headers($header); + + curl_close($ch); + return($body); +}} + +// post request to $url. $params is an array of post variables. + +if(! function_exists('post_url')) { +function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) { + $a = get_app(); + $ch = curl_init($url); + if(($redirects > 8) || (! $ch)) + return false; + + curl_setopt($ch, CURLOPT_HEADER, true); + curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); + curl_setopt($ch, CURLOPT_POST,1); + curl_setopt($ch, CURLOPT_POSTFIELDS,$params); + curl_setopt($ch, CURLOPT_USERAGENT, "Friendika"); + + if(intval($timeout)) { + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + } + else { + $curl_time = intval(get_config('system','curl_timeout')); + curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); + } + + if(defined('LIGHTTPD')) { + if(!is_array($headers)) { + $headers = array('Expect:'); + } else { + if(!in_array('Expect:', $headers)) { + array_push($headers, 'Expect:'); + } + } + } + if($headers) + curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + + $check_cert = get_config('system','verifyssl'); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); + $prx = get_config('system','proxy'); + if(strlen($prx)) { + curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); + curl_setopt($ch, CURLOPT_PROXY, $prx); + $prxusr = get_config('system','proxyuser'); + if(strlen($prxusr)) + curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + } + + $a->set_curl_code(0); + + // don't let curl abort the entire application + // if it throws any errors. + + $s = @curl_exec($ch); + + $base = $s; + $curl_info = curl_getinfo($ch); + $http_code = $curl_info['http_code']; + + $header = ''; + + // Pull out multiple headers, e.g. proxy and continuation headers + // allow for HTTP/2.x without fixing code + + while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { + $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); + $header .= $chunk; + $base = substr($base,strlen($chunk)); + } + + if($http_code == 301 || $http_code == 302 || $http_code == 303) { + $matches = array(); + preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); + $url = trim(array_pop($matches)); + $url_parsed = @parse_url($url); + if (isset($url_parsed)) { + $redirects++; + return post_url($url,$params,$headers,$redirects,$timeout); + } + } + $a->set_curl_code($http_code); + $body = substr($s,strlen($header)); + + $a->set_curl_headers($header); + + curl_close($ch); + return($body); +}} + +// Generic XML return +// Outputs a basic dfrn XML status structure to STDOUT, with a <status> variable +// of $st and an optional text <message> of $message and terminates the current process. + +if(! function_exists('xml_status')) { +function xml_status($st, $message = '') { + + $xml_message = ((strlen($message)) ? "\t<message>" . xmlify($message) . "</message>\r\n" : ''); + + if($st) + logger('xml_status returning non_zero: ' . $st . " message=" . $message); + + header( "Content-type: text/xml" ); + echo '<?xml version="1.0" encoding="UTF-8"?>'."\r\n"; + echo "<result>\r\n\t<status>$st</status>\r\n$xml_message</result>\r\n"; + killme(); +}} + + +if(! function_exists('http_status_exit')) { +function http_status_exit($val) { + + if($val >= 400) + $err = 'Error'; + if($val >= 200 && $val < 300) + $err = 'OK'; + + logger('http_status_exit ' . $val); + header($_SERVER["SERVER_PROTOCOL"] . ' ' . $val . ' ' . $err); + killme(); + +}} + + +// convert an XML document to a normalised, case-corrected array +// used by webfinger + +if(! function_exists('convert_xml_element_to_array')) { +function convert_xml_element_to_array($xml_element, &$recursion_depth=0) { + + // If we're getting too deep, bail out + if ($recursion_depth > 512) { + return(null); + } + + if (!is_string($xml_element) && + !is_array($xml_element) && + (get_class($xml_element) == 'SimpleXMLElement')) { + $xml_element_copy = $xml_element; + $xml_element = get_object_vars($xml_element); + } + + if (is_array($xml_element)) { + $result_array = array(); + if (count($xml_element) <= 0) { + return (trim(strval($xml_element_copy))); + } + + foreach($xml_element as $key=>$value) { + + $recursion_depth++; + $result_array[strtolower($key)] = + convert_xml_element_to_array($value, $recursion_depth); + $recursion_depth--; + } + if ($recursion_depth == 0) { + $temp_array = $result_array; + $result_array = array( + strtolower($xml_element_copy->getName()) => $temp_array, + ); + } + + return ($result_array); + + } else { + return (trim(strval($xml_element))); + } +}} + +// Given an email style address, perform webfinger lookup and +// return the resulting DFRN profile URL, or if no DFRN profile URL +// is located, returns an OStatus subscription template (prefixed +// with the string 'stat:' to identify it as on OStatus template). +// If this isn't an email style address just return $s. +// Return an empty string if email-style addresses but webfinger fails, +// or if the resultant personal XRD doesn't contain a supported +// subscription/friend-request attribute. + +if(! function_exists('webfinger_dfrn')) { +function webfinger_dfrn($s) { + if(! strstr($s,'@')) { + return $s; + } + $links = webfinger($s); + logger('webfinger_dfrn: ' . $s . ':' . print_r($links,true), LOGGER_DATA); + if(count($links)) { + foreach($links as $link) + if($link['@attributes']['rel'] === NAMESPACE_DFRN) + return $link['@attributes']['href']; + foreach($links as $link) + if($link['@attributes']['rel'] === NAMESPACE_OSTATUSSUB) + return 'stat:' . $link['@attributes']['template']; + } + return ''; +}} + +// Given an email style address, perform webfinger lookup and +// return the array of link attributes from the personal XRD file. +// On error/failure return an empty array. + + +if(! function_exists('webfinger')) { +function webfinger($s) { + $host = ''; + if(strstr($s,'@')) { + $host = substr($s,strpos($s,'@') + 1); + } + if(strlen($host)) { + $tpl = fetch_lrdd_template($host); + logger('webfinger: lrdd template: ' . $tpl); + if(strlen($tpl)) { + $pxrd = str_replace('{uri}', urlencode('acct:' . $s), $tpl); + logger('webfinger: pxrd: ' . $pxrd); + $links = fetch_xrd_links($pxrd); + if(! count($links)) { + // try with double slashes + $pxrd = str_replace('{uri}', urlencode('acct://' . $s), $tpl); + logger('webfinger: pxrd: ' . $pxrd); + $links = fetch_xrd_links($pxrd); + } + return $links; + } + } + return array(); +}} + +if(! function_exists('lrdd')) { +function lrdd($uri) { + + $a = get_app(); + + // default priority is host priority, host-meta first + + $priority = 'host'; + + // All we have is an email address. Resource-priority is irrelevant + // because our URI isn't directly resolvable. + + if(strstr($uri,'@')) { + return(webfinger($uri)); + } + + // get the host meta file + + $host = @parse_url($uri); + + if($host) { + $url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://'; + $url .= $host['host'] . '/.well-known/host-meta' ; + } + else + return array(); + + logger('lrdd: constructed url: ' . $url); + + $xml = fetch_url($url); + $headers = $a->get_curl_headers(); + + if (! $xml) + return array(); + + logger('lrdd: host_meta: ' . $xml, LOGGER_DATA); + + $h = parse_xml_string($xml); + if(! $h) + return array(); + + $arr = convert_xml_element_to_array($h); + + if(isset($arr['xrd']['property'])) { + $property = $arr['crd']['property']; + if(! isset($property[0])) + $properties = array($property); + else + $properties = $property; + foreach($properties as $prop) + if((string) $prop['@attributes'] === 'http://lrdd.net/priority/resource') + $priority = 'resource'; + } + + // save the links in case we need them + + $links = array(); + + if(isset($arr['xrd']['link'])) { + $link = $arr['xrd']['link']; + if(! isset($link[0])) + $links = array($link); + else + $links = $link; + } + + // do we have a template or href? + + if(count($links)) { + foreach($links as $link) { + if($link['@attributes']['rel'] && attribute_contains($link['@attributes']['rel'],'lrdd')) { + if(x($link['@attributes'],'template')) + $tpl = $link['@attributes']['template']; + elseif(x($link['@attributes'],'href')) + $href = $link['@attributes']['href']; + } + } + } + + if((! isset($tpl)) || (! strpos($tpl,'{uri}'))) + $tpl = ''; + + if($priority === 'host') { + if(strlen($tpl)) + $pxrd = str_replace('{uri}', urlencode($uri), $tpl); + elseif(isset($href)) + $pxrd = $href; + if(isset($pxrd)) { + logger('lrdd: (host priority) pxrd: ' . $pxrd); + $links = fetch_xrd_links($pxrd); + return $links; + } + + $lines = explode("\n",$headers); + if(count($lines)) { + foreach($lines as $line) { + if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) { + return(fetch_xrd_links($matches[1])); + break; + } + } + } + } + + + // priority 'resource' + + + $html = fetch_url($uri); + $headers = $a->get_curl_headers(); + logger('lrdd: headers=' . $headers, LOGGER_DEBUG); + + // don't try and parse raw xml as html + if(! strstr($html,'<?xml')) { + require_once('library/HTML5/Parser.php'); + $dom = @HTML5_Parser::parse($html); + + if($dom) { + $items = $dom->getElementsByTagName('link'); + foreach($items as $item) { + $x = $item->getAttribute('rel'); + if($x == "lrdd") { + $pagelink = $item->getAttribute('href'); + break; + } + } + } + } + + if(isset($pagelink)) + return(fetch_xrd_links($pagelink)); + + // next look in HTTP headers + + $lines = explode("\n",$headers); + if(count($lines)) { + foreach($lines as $line) { + // TODO alter the following regex to support multiple relations (space separated) + if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) { + $pagelink = $matches[1]; + break; + } + // don't try and run feeds through the html5 parser + if(stristr($line,'content-type:') && ((stristr($line,'application/atom+xml')) || (stristr($line,'application/rss+xml')))) + return array(); + if(stristr($html,'<rss') || stristr($html,'<feed')) + return array(); + } + } + + if(isset($pagelink)) + return(fetch_xrd_links($pagelink)); + + // If we haven't found any links, return the host xrd links (which we have already fetched) + + if(isset($links)) + return $links; + + return array(); + +}} + + + +// Given a host name, locate the LRDD template from that +// host. Returns the LRDD template or an empty string on +// error/failure. + +if(! function_exists('fetch_lrdd_template')) { +function fetch_lrdd_template($host) { + $tpl = ''; + + $url1 = 'https://' . $host . '/.well-known/host-meta' ; + $url2 = 'http://' . $host . '/.well-known/host-meta' ; + $links = fetch_xrd_links($url1); + logger('fetch_lrdd_template from: ' . $url1); + logger('template (https): ' . print_r($links,true)); + if(! count($links)) { + logger('fetch_lrdd_template from: ' . $url2); + $links = fetch_xrd_links($url2); + logger('template (http): ' . print_r($links,true)); + } + if(count($links)) { + foreach($links as $link) + if($link['@attributes']['rel'] && $link['@attributes']['rel'] === 'lrdd') + $tpl = $link['@attributes']['template']; + } + if(! strpos($tpl,'{uri}')) + $tpl = ''; + return $tpl; +}} + +// Given a URL, retrieve the page as an XRD document. +// Return an array of links. +// on error/failure return empty array. + +if(! function_exists('fetch_xrd_links')) { +function fetch_xrd_links($url) { + + $xrd_timeout = intval(get_config('system','xrd_timeout')); + $redirects = 0; + $xml = fetch_url($url,false,$redirects,(($xrd_timeout) ? $xrd_timeout : 30)); + + logger('fetch_xrd_links: ' . $xml, LOGGER_DATA); + + if ((! $xml) || (! stristr($xml,'<xrd'))) + return array(); + + $h = parse_xml_string($xml); + if(! $h) + return array(); + + $arr = convert_xml_element_to_array($h); + + $links = array(); + + if(isset($arr['xrd']['link'])) { + $link = $arr['xrd']['link']; + if(! isset($link[0])) + $links = array($link); + else + $links = $link; + } + if(isset($arr['xrd']['alias'])) { + $alias = $arr['xrd']['alias']; + if(! isset($alias[0])) + $aliases = array($alias); + else + $aliases = $alias; + if(count($aliases)) { + foreach($aliases as $alias) { + $links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias); + } + } + } + + logger('fetch_xrd_links: ' . print_r($links,true), LOGGER_DATA); + + return $links; + +}} + + +// Take a URL from the wild, prepend http:// if necessary +// and check DNS to see if it's real +// return true if it's OK, false if something is wrong with it + +if(! function_exists('validate_url')) { +function validate_url(&$url) { + if(substr($url,0,4) != 'http') + $url = 'http://' . $url; + $h = @parse_url($url); + + if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) { + return true; + } + return false; +}} + +// checks that email is an actual resolvable internet address + +if(! function_exists('validate_email')) { +function validate_email($addr) { + + if(! strpos($addr,'@')) + return false; + $h = substr($addr,strpos($addr,'@') + 1); + + if(($h) && (dns_get_record($h, DNS_A + DNS_CNAME + DNS_PTR + DNS_MX))) { + return true; + } + return false; +}} + +// Check $url against our list of allowed sites, +// wildcards allowed. If allowed_sites is unset return true; +// If url is allowed, return true. +// otherwise, return false + +if(! function_exists('allowed_url')) { +function allowed_url($url) { + + $h = @parse_url($url); + + if(! $h) { + return false; + } + + $str_allowed = get_config('system','allowed_sites'); + if(! $str_allowed) + return true; + + $found = false; + + $host = strtolower($h['host']); + + // always allow our own site + + if($host == strtolower($_SERVER['SERVER_NAME'])) + return true; + + $fnmatch = function_exists('fnmatch'); + $allowed = explode(',',$str_allowed); + + if(count($allowed)) { + foreach($allowed as $a) { + $pat = strtolower(trim($a)); + if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) { + $found = true; + break; + } + } + } + return $found; +}} + +// check if email address is allowed to register here. +// Compare against our list (wildcards allowed). +// Returns false if not allowed, true if allowed or if +// allowed list is not configured. + +if(! function_exists('allowed_email')) { +function allowed_email($email) { + + + $domain = strtolower(substr($email,strpos($email,'@') + 1)); + if(! $domain) + return false; + + $str_allowed = get_config('system','allowed_email'); + if(! $str_allowed) + return true; + + $found = false; + + $fnmatch = function_exists('fnmatch'); + $allowed = explode(',',$str_allowed); + + if(count($allowed)) { + foreach($allowed as $a) { + $pat = strtolower(trim($a)); + if(($fnmatch && fnmatch($pat,$domain)) || ($pat == $domain)) { + $found = true; + break; + } + } + } + return $found; +}} + + +if(! function_exists('gravatar_img')) { +function gravatar_img($email) { + $size = 175; + $opt = 'identicon'; // psuedo-random geometric pattern if not found + $rating = 'pg'; + $hash = md5(trim(strtolower($email))); + + $url = 'http://www.gravatar.com/avatar/' . $hash . '.jpg' + . '?s=' . $size . '&d=' . $opt . '&r=' . $rating; + + logger('gravatar: ' . $email . ' ' . $url); + return $url; +}} + + +if(! function_exists('parse_xml_string')) { +function parse_xml_string($s,$strict = true) { + if($strict) { + if(! strstr($s,'<?xml')) + return false; + $s2 = substr($s,strpos($s,'<?xml')); + } + else + $s2 = $s; + libxml_use_internal_errors(true); + + $x = @simplexml_load_string($s2); + if(! $x) { + logger('libxml: parse: error: ' . $s2, LOGGER_DATA); + foreach(libxml_get_errors() as $err) + logger('libxml: parse: ' . $err->code." at ".$err->line.":".$err->column." : ".$err->message, LOGGER_DATA); + libxml_clear_errors(); + } + return $x; +}} diff --git a/include/notifier.php b/include/notifier.php index 59e573762..15fb38534 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -50,8 +50,10 @@ function notifier_run($argv, $argc){ $recipients = array(); $url_recipients = array(); - if($cmd === 'mail') { + $normal_mode = true; + if($cmd === 'mail') { + $normal_mode = false; $message = q("SELECT * FROM `mail` WHERE `id` = %d LIMIT 1", intval($item_id) ); @@ -64,6 +66,7 @@ function notifier_run($argv, $argc){ } elseif($cmd === 'expire') { + $normal_mode = false; $expire = true; $items = q("SELECT * FROM `item` WHERE `uid` = %d AND `wall` = 1 AND `deleted` = 1 AND `changed` > UTC_TIMESTAMP - INTERVAL 10 MINUTE", @@ -75,6 +78,7 @@ function notifier_run($argv, $argc){ return; } elseif($cmd === 'suggest') { + $normal_mode = false; $suggest = q("SELECT * FROM `fsuggest` WHERE `id` = %d LIMIT 1", intval($item_id) ); @@ -95,7 +99,7 @@ function notifier_run($argv, $argc){ return; } - $parent_item = $r[0]; + $target_item = $r[0]; $parent_id = intval($r[0]['parent']); $uid = $r[0]['uid']; $updated = $r[0]['edited']; @@ -119,7 +123,8 @@ function notifier_run($argv, $argc){ $top_level = true; } - $r = q("SELECT `contact`.*, `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`, + $r = q("SELECT `contact`.*, `user`.`pubkey` AS `upubkey`, `user`.`prvkey` AS `uprvkey`, + `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`, `user`.`page-flags`, `user`.`prvnets` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1", @@ -145,7 +150,7 @@ function notifier_run($argv, $argc){ $parent = $items[0]; - if($parent['type'] === 'remote' && (! $expire)) { + if($parent['wall'] == 0 && (! $expire)) { // local followup to remote post $followup = true; $notify_hub = false; // not public @@ -289,6 +294,11 @@ function notifier_run($argv, $argc){ if(! $item['parent']) continue; + // private emails may be in included in public conversations. Filter them. + + if(($notify_hub) && $item['private']) + continue; + $contact = get_item_contact($item,$contacts); if(! $contact) continue; @@ -311,9 +321,9 @@ function notifier_run($argv, $argc){ $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1); if(! $mail_disabled) { - if((! strlen($parent_item['allow_cid'])) && (! strlen($parent_item['allow_gid'])) - && (! strlen($parent_item['deny_cid'])) && (! strlen($parent_item['deny_gid'])) - && (intval($parent_item['pubmail']))) { + if((! strlen($target_item['allow_cid'])) && (! strlen($target_item['allow_gid'])) + && (! strlen($target_item['deny_cid'])) && (! strlen($target_item['deny_gid'])) + && (intval($target_item['pubmail']))) { $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `network` = '%s'", intval($uid), dbesc(NETWORK_MAIL) @@ -346,7 +356,7 @@ function notifier_run($argv, $argc){ $deliver_status = 0; switch($contact['network']) { - case 'dfrn': + case NETWORK_DFRN: logger('notifier: dfrndelivery: ' . $contact['name']); $deliver_status = dfrn_deliver($owner,$contact,$atom); @@ -364,7 +374,7 @@ function notifier_run($argv, $argc){ ); } break; - case 'stat': + case NETWORK_OSTATUS: // Do not send to otatus if we are not configured to send to public networks if($owner['prvnets']) @@ -414,7 +424,7 @@ function notifier_run($argv, $argc){ } break; - case 'mail': + case NETWORK_MAIL: if(get_config('system','dfrn_only')) break; @@ -491,9 +501,34 @@ function notifier_run($argv, $argc){ mail($addr, $subject, $message, $headers); } break; - case 'feed': - case 'face': - case 'dspr': + case NETWORK_DIASPORA: + if(get_config('system','dfrn_only') || (! get_config('diaspora_enabled')) || (! $normal_mode)) + break; + + if($target_item['deleted']) { + // diaspora delete, (check for like) + + break; + } + elseif($followup) { + // send to owner to relay + + break; + } + elseif($target_item['parent'] != $target_item['id']) { + // we are the relay + + break; + } + elseif($top_level) { + diaspora_send_status($target_item,$owner,$contact); + break; + } + + break; + + case NETWORK_FEED: + case NETWORK_FACEBOOK: if(get_config('system','dfrn_only')) break; default: @@ -504,7 +539,7 @@ function notifier_run($argv, $argc){ // send additional slaps to mentioned remote tags (@foo@example.com) - if($slap && count($url_recipients) && $followup && $notify_hub && (! $expire)) { + if($slap && count($url_recipients) && ($followup || $top_level) && $notify_hub && (! $expire)) { if(! get_config('system','dfrn_only')) { foreach($url_recipients as $url) { if($url) { @@ -542,7 +577,7 @@ function notifier_run($argv, $argc){ * */ - $max_allowed = ((get_config('system','maxpubdeliver') === false) ? 150 : intval(get_config('system','maxpubdeliver'))); + $max_allowed = ((get_config('system','maxpubdeliver') === false) ? 999 : intval(get_config('system','maxpubdeliver'))); /** * @@ -552,10 +587,10 @@ function notifier_run($argv, $argc){ */ $r = q("SELECT `id`, `name` FROM `contact` - WHERE `network` = 'dfrn' AND `uid` = %d AND `blocked` = 0 AND `pending` = 0 + WHERE `network` = NETWORK_DFRN AND `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `rel` != %d ", intval($owner['uid']), - intval(REL_FAN) + intval(CONTACT_IS_SHARING) ); if((count($r)) && (($max_allowed == 0) || (count($r) < $max_allowed))) { diff --git a/include/oembed.php b/include/oembed.php index 06a37d8e4..06f71a3b3 100644 --- a/include/oembed.php +++ b/include/oembed.php @@ -7,6 +7,7 @@ function oembed_replacecb($matches){ function oembed_fetch_url($embedurl){ + $r = q("SELECT v FROM `cache` WHERE k='%s'", dbesc($embedurl)); @@ -16,7 +17,10 @@ function oembed_fetch_url($embedurl){ $txt = ""; // try oembed autodiscovery - $html_text = fetch_url($embedurl); + $redirects = 0; + $html_text = fetch_url($embedurl, false, $redirects, 15); + if(! $html_text) + return; $dom = @DOMDocument::loadHTML($html_text); if ($dom){ $xpath = new DOMXPath($dom); diff --git a/include/plugin.php b/include/plugin.php new file mode 100644 index 000000000..9f2832981 --- /dev/null +++ b/include/plugin.php @@ -0,0 +1,199 @@ +<?php + + +// install and uninstall plugin +if (! function_exists('uninstall_plugin')){ +function uninstall_plugin($plugin){ + logger("Addons: uninstalling " . $plugin); + q("DELETE FROM `addon` WHERE `name` = '%s' LIMIT 1", + dbesc($plugin) + ); + + @include_once('addon/' . $plugin . '/' . $plugin . '.php'); + if(function_exists($plugin . '_uninstall')) { + $func = $plugin . '_uninstall'; + $func(); + } +}} + +if (! function_exists('install_plugin')){ +function install_plugin($plugin){ + logger("Addons: installing " . $plugin); + $t = filemtime('addon/' . $plugin . '/' . $plugin . '.php'); + @include_once('addon/' . $plugin . '/' . $plugin . '.php'); + if(function_exists($plugin . '_install')) { + $func = $plugin . '_install'; + $func(); + + $plugin_admin = (function_exists($plugin."_plugin_admin")?1:0); + + $r = q("INSERT INTO `addon` (`name`, `installed`, `timestamp`, `plugin_admin`) VALUES ( '%s', 1, %d , %d ) ", + dbesc($plugin), + intval($t), + $plugin_admin + ); + } +}} + +// reload all updated plugins + +if(! function_exists('reload_plugins')) { +function reload_plugins() { + $plugins = get_config('system','addon'); + if(strlen($plugins)) { + + $r = q("SELECT * FROM `addon` WHERE `installed` = 1"); + if(count($r)) + $installed = $r; + else + $installed = array(); + + $parr = explode(',',$plugins); + if(count($parr)) { + foreach($parr as $pl) { + $pl = trim($pl); + + $t = filemtime('addon/' . $pl . '/' . $pl . '.php'); + foreach($installed as $i) { + if(($i['name'] == $pl) && ($i['timestamp'] != $t)) { + logger('Reloading plugin: ' . $i['name']); + @include_once('addon/' . $pl . '/' . $pl . '.php'); + + if(function_exists($pl . '_uninstall')) { + $func = $pl . '_uninstall'; + $func(); + } + if(function_exists($pl . '_install')) { + $func = $pl . '_install'; + $func(); + } + q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d LIMIT 1", + intval($t), + intval($i['id']) + ); + } + } + } + } + } +}} + + + + + +if(! function_exists('register_hook')) { +function register_hook($hook,$file,$function) { + + $r = q("SELECT * FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1", + dbesc($hook), + dbesc($file), + dbesc($function) + ); + if(count($r)) + return true; + + $r = q("INSERT INTO `hook` (`hook`, `file`, `function`) VALUES ( '%s', '%s', '%s' ) ", + dbesc($hook), + dbesc($file), + dbesc($function) + ); + return $r; +}} + +if(! function_exists('unregister_hook')) { +function unregister_hook($hook,$file,$function) { + + $r = q("DELETE FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1", + dbesc($hook), + dbesc($file), + dbesc($function) + ); + return $r; +}} + + +if(! function_exists('load_hooks')) { +function load_hooks() { + $a = get_app(); + $a->hooks = array(); + $r = q("SELECT * FROM `hook` WHERE 1"); + if(count($r)) { + foreach($r as $rr) { + $a->hooks[] = array($rr['hook'], $rr['file'], $rr['function']); + } + } +}} + + +if(! function_exists('call_hooks')) { +function call_hooks($name, &$data = null) { + $a = get_app(); + + if(count($a->hooks)) { + foreach($a->hooks as $hook) { + if($hook[HOOK_HOOK] === $name) { + @include_once($hook[HOOK_FILE]); + if(function_exists($hook[HOOK_FUNCTION])) { + $func = $hook[HOOK_FUNCTION]; + $func($a,$data); + } + } + } + } +}} + + +/* + * parse plugin comment in search of plugin infos. + * like + * + * * Name: Plugin + * * Description: A plugin which plugs in + * * Version: 1.2.3 + * * Author: John <profile url> + * * Author: Jane <email> + * * + */ + +if (! function_exists('get_plugin_info')){ +function get_plugin_info($plugin){ + if (!is_file("addon/$plugin/$plugin.php")) return false; + + $f = file_get_contents("addon/$plugin/$plugin.php"); + $r = preg_match("|/\*.*\*/|msU", $f, $m); + + $info=Array( + 'name' => $plugin, + 'description' => "", + 'author' => array(), + 'version' => "" + ); + + if ($r){ + $ll = explode("\n", $m[0]); + foreach( $ll as $l ) { + $l = trim($l,"\t\n\r */"); + if ($l!=""){ + list($k,$v) = array_map("trim", explode(":",$l,2)); + $k= strtolower($k); + if ($k=="author"){ + $r=preg_match("|([^<]+)<([^>]+)>|", $v, $m); + if ($r) { + $info['author'][] = array('name'=>$m[1], 'link'=>$m[2]); + } else { + $info['author'][] = array('name'=>$v); + } + } else { + if (array_key_exists($k,$info)){ + $info[$k]=$v; + } + } + + } + } + + } + return $info; +}} + diff --git a/include/poller.php b/include/poller.php index 569eb59d1..651736a99 100644 --- a/include/poller.php +++ b/include/poller.php @@ -80,15 +80,14 @@ function poller_run($argv, $argc){ $d = datetime_convert(); if(! $restart) - call_hooks('cron', $d); - + proc_run('php','include/cronhooks.php'); $contacts = q("SELECT `id` FROM `contact` WHERE ( `rel` = %d OR `rel` = %d ) AND `poll` != '' $sql_extra AND `self` = 0 AND `blocked` = 0 AND `readonly` = 0 ORDER BY RAND()", - intval(REL_FAN), - intval(REL_BUD) + intval(CONTACT_IS_SHARING), + intval(CONTACT_IS_FRIEND) ); if(! count($contacts)) { @@ -101,7 +100,7 @@ function poller_run($argv, $argc){ intval($c['id']) ); - if(! count($res)) + if((! $res) || (! count($res))) continue; foreach($res as $contact) { @@ -312,7 +311,7 @@ function poller_run($argv, $argc){ // Will only do this once per notify-enabled OStatus contact // or if relationship changes - $stat_writeable = ((($contact['notify']) && ($contact['rel'] == REL_VIP || $contact['rel'] == REL_BUD)) ? 1 : 0); + $stat_writeable = ((($contact['notify']) && ($contact['rel'] == CONTACT_IS_FOLLOWER || $contact['rel'] == CONTACT_IS_FRIEND)) ? 1 : 0); if($stat_writeable != $contact['writable']) { q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1", @@ -323,7 +322,7 @@ function poller_run($argv, $argc){ // Are we allowed to import from this person? - if($contact['rel'] == REL_VIP || $contact['blocked'] || $contact['readonly']) + if($contact['rel'] == CONTACT_IS_FOLLOWER || $contact['blocked'] || $contact['readonly']) continue; $xml = fetch_url($contact['poll']); @@ -421,6 +420,10 @@ function poller_run($argv, $argc){ $datarray['contact-id'] = $contact['id']; if($datarray['parent-uri'] === $datarray['uri']) $datarray['private'] = 1; + if(! get_pconfig($importer_uid,'system','allow_public_email_replies')) { + $datarray['private'] = 1; + $datarray['allow_cid'] = '<' . $contact['id'] . '>'; + } $datarray['author-name'] = $contact['name']; $datarray['author-link'] = 'mailbox'; $datarray['author-avatar'] = $contact['photo']; @@ -440,7 +443,8 @@ function poller_run($argv, $argc){ } } elseif($contact['network'] === NETWORK_FACEBOOK) { - // TODO: work in progress + // This is picked up by the Facebook plugin on a cron hook. + // Ignored here. } if($xml) { @@ -463,7 +467,7 @@ function poller_run($argv, $argc){ consume_feed($xml,$importer,$contact,$hub,1); - if((strlen($hub)) && ($hub_update) && (($contact['rel'] == REL_BUD) || (($contact['network'] === NETWORK_OSTATUS) && (! $contact['readonly'])))) { + if((strlen($hub)) && ($hub_update) && (($contact['rel'] == CONTACT_IS_FRIEND) || (($contact['network'] === NETWORK_OSTATUS) && (! $contact['readonly'])))) { logger('poller: subscribing to hub(s) : ' . $hub . ' contact name : ' . $contact['name'] . ' local user : ' . $importer['name']); $hubs = explode(',', $hub); if(count($hubs)) { diff --git a/include/salmon.php b/include/salmon.php index 473432f25..4043b4f1d 100644 --- a/include/salmon.php +++ b/include/salmon.php @@ -1,53 +1,8 @@ <?php -require_once('library/asn1.php'); +require_once('include/crypto.php'); -function salmon_key($pubkey) { - $lines = explode("\n",$pubkey); - unset($lines[0]); - unset($lines[count($lines)]); - $x = base64_decode(implode('',$lines)); - $r = ASN_BASE::parseASNString($x); - - $m = $r[0]->asnData[1]->asnData[0]->asnData[0]->asnData; - $e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData; - - - return 'RSA' . '.' . $m . '.' . $e ; -} - - -function base64url_encode($s, $strip_padding = false) { - - $s = strtr(base64_encode($s),'+/','-_'); - - if($strip_padding) - $s = str_replace('=','',$s); - - return $s; -} - -function base64url_decode($s) { - -/* - * // Placeholder for new rev of salmon which strips base64 padding. - * // PHP base64_decode handles the un-padded input without requiring this step - * // Uncomment if you find you need it. - * - * $l = strlen($s); - * if(! strpos($s,'=')) { - * $m = $l % 4; - * if($m == 2) - * $s .= '=='; - * if($m == 3) - * $s .= '='; - * } - * - */ - - return base64_decode(strtr($s,'-_','+/')); -} function get_salmon_key($uri,$keyhash) { $ret = array(); @@ -141,28 +96,20 @@ EOT; $data_type = 'application/atom+xml'; $encoding = 'base64url'; $algorithm = 'RSA-SHA256'; - $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey']))); - - // Setup RSA stuff to PKCS#1 sign the data - - set_include_path(get_include_path() . PATH_SEPARATOR . 'library/phpsec'); - - require_once('library/phpsec/Crypt/RSA.php'); - - $rsa = new CRYPT_RSA(); - $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; - $rsa->setHash('sha256'); - $rsa->loadKey($owner['sprvkey']); + $keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true); // precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods $precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='; - $signature = base64url_encode($rsa->sign($data . $precomputed)); + $signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),true),$owner['sprvkey']); + + $signature2 = base64url_encode(rsa_sign($data . $precomputed),$owner['sprvkey']); - $signature2 = base64url_encode($rsa->sign($data)); + $signature3 = base64url_encode(rsa_sign($data),$owner['sprvkey']); $salmon_tpl = get_markup_template('magicsig.tpl'); + $salmon = replace_macros($salmon_tpl,array( '$data' => $data, '$encoding' => $encoding, @@ -184,11 +131,11 @@ EOT; if($return_code > 299) { - logger('slapper: compliant salmon failed. Falling back to status.net hack'); + logger('slapper: compliant salmon failed. Falling back to status.net hack2'); // Entirely likely that their salmon implementation is // non-compliant. Let's try once more, this time only signing - // the data, without the precomputed blob + // the data, without stripping '=' chars $salmon = replace_macros($salmon_tpl,array( '$data' => $data, @@ -205,6 +152,30 @@ EOT; )); $return_code = $a->get_curl_code(); + + if($return_code > 299) { + + logger('slapper: compliant salmon failed. Falling back to status.net hack3'); + + // Entirely likely that their salmon implementation is + // non-compliant. Let's try once more, this time only signing + // the data, without the precomputed blob + + $salmon = replace_macros($salmon_tpl,array( + '$data' => $data, + '$encoding' => $encoding, + '$algorithm' => $algorithm, + '$keyhash' => $keyhash, + '$signature' => $signature3 + )); + + // slap them + post_url($url,$salmon, array( + 'Content-type: application/magic-envelope+xml', + 'Content-length: ' . strlen($salmon) + )); + $return_code = $a->get_curl_code(); + } } logger('slapper returned ' . $return_code); if(! $return_code) diff --git a/include/security.php b/include/security.php index 789e47db2..6fbdd697f 100644 --- a/include/security.php +++ b/include/security.php @@ -28,8 +28,8 @@ function can_write_wall(&$a,$owner) { AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", intval($owner), intval(remote_user()), - intval(REL_VIP), - intval(REL_BUD), + intval(CONTACT_IS_FOLLOWER), + intval(CONTACT_IS_FRIEND), intval(PAGE_COMMUNITY) ); if(count($r)) { diff --git a/include/text.php b/include/text.php new file mode 100644 index 000000000..803bf0e51 --- /dev/null +++ b/include/text.php @@ -0,0 +1,954 @@ +<?php + +// This is our template processor. +// $s is the string requiring macro substitution. +// $r is an array of key value pairs (search => replace) +// returns substituted string. +// WARNING: this is pretty basic, and doesn't properly handle search strings that are substrings of each other. +// For instance if 'test' => "foo" and 'testing' => "bar", testing could become either bar or fooing, +// depending on the order in which they were declared in the array. + +require_once("include/template_processor.php"); + +if(! function_exists('replace_macros')) { +function replace_macros($s,$r) { + global $t; + + return $t->replace($s,$r); + +}} + + +// random string, there are 86 characters max in text mode, 128 for hex +// output is urlsafe + +define('RANDOM_STRING_HEX', 0x00 ); +define('RANDOM_STRING_TEXT', 0x01 ); + +if(! function_exists('random_string')) { +function random_string($size = 64,$type = RANDOM_STRING_HEX) { + // generate a bit of entropy and run it through the whirlpool + $s = hash('whirlpool', (string) rand() . uniqid(rand(),true) . (string) rand(),(($type == RANDOM_STRING_TEXT) ? true : false)); + $s = (($type == RANDOM_STRING_TEXT) ? str_replace("\n","",base64url_encode($s,true)) : $s); + return(substr($s,0,$size)); +}} + +/** + * This is our primary input filter. + * + * The high bit hack only involved some old IE browser, forget which (IE5/Mac?) + * that had an XSS attack vector due to stripping the high-bit on an 8-bit character + * after cleansing, and angle chars with the high bit set could get through as markup. + * + * This is now disabled because it was interfering with some legitimate unicode sequences + * and hopefully there aren't a lot of those browsers left. + * + * Use this on any text input where angle chars are not valid or permitted + * They will be replaced with safer brackets. This may be filtered further + * if these are not allowed either. + * + */ + +if(! function_exists('notags')) { +function notags($string) { + + return(str_replace(array("<",">"), array('[',']'), $string)); + +// High-bit filter no longer used +// return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string)); +}} + +// use this on "body" or "content" input where angle chars shouldn't be removed, +// and allow them to be safely displayed. + +if(! function_exists('escape_tags')) { +function escape_tags($string) { + + return(htmlspecialchars($string)); +}} + + +// generate a string that's random, but usually pronounceable. +// used to generate initial passwords + +if(! function_exists('autoname')) { +function autoname($len) { + + $vowels = array('a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u'); + if(mt_rand(0,5) == 4) + $vowels[] = 'y'; + + $cons = array( + 'b','bl','br', + 'c','ch','cl','cr', + 'd','dr', + 'f','fl','fr', + 'g','gh','gl','gr', + 'h', + 'j', + 'k','kh','kl','kr', + 'l', + 'm', + 'n', + 'p','ph','pl','pr', + 'qu', + 'r','rh', + 's','sc','sh','sm','sp','st', + 't','th','tr', + 'v', + 'w','wh', + 'x', + 'z','zh' + ); + + $midcons = array('ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp', + 'nd','ng','nk','nt','rn','rp','rt'); + + $noend = array('bl', 'br', 'cl','cr','dr','fl','fr','gl','gr', + 'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh'); + + $start = mt_rand(0,2); + if($start == 0) + $table = $vowels; + else + $table = $cons; + + $word = ''; + + for ($x = 0; $x < $len; $x ++) { + $r = mt_rand(0,count($table) - 1); + $word .= $table[$r]; + + if($table == $vowels) + $table = array_merge($cons,$midcons); + else + $table = $vowels; + + } + + $word = substr($word,0,$len); + + foreach($noend as $noe) { + if((strlen($word) > 2) && (substr($word,-2) == $noe)) { + $word = substr($word,0,-1); + break; + } + } + if(substr($word,-1) == 'q') + $word = substr($word,0,-1); + return $word; +}} + + +// escape text ($str) for XML transport +// returns escaped text. + +if(! function_exists('xmlify')) { +function xmlify($str) { + $buffer = ''; + + for($x = 0; $x < strlen($str); $x ++) { + $char = $str[$x]; + + switch( $char ) { + + case "\r" : + break; + case "&" : + $buffer .= '&'; + break; + case "'" : + $buffer .= '''; + break; + case "\"" : + $buffer .= '"'; + break; + case '<' : + $buffer .= '<'; + break; + case '>' : + $buffer .= '>'; + break; + case "\n" : + $buffer .= "\n"; + break; + default : + $buffer .= $char; + break; + } + } + $buffer = trim($buffer); + return($buffer); +}} + +// undo an xmlify +// pass xml escaped text ($s), returns unescaped text + +if(! function_exists('unxmlify')) { +function unxmlify($s) { + $ret = str_replace('&','&', $s); + $ret = str_replace(array('<','>','"','''),array('<','>','"',"'"),$ret); + return $ret; +}} + +// convenience wrapper, reverse the operation "bin2hex" + +if(! function_exists('hex2bin')) { +function hex2bin($s) { + if(! ctype_xdigit($s)) { + logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true)); + return($s); + } + + return(pack("H*",$s)); +}} + +// Automatic pagination. +// To use, get the count of total items. +// Then call $a->set_pager_total($number_items); +// Optionally call $a->set_pager_itemspage($n) to the number of items to display on each page +// Then call paginate($a) after the end of the display loop to insert the pager block on the page +// (assuming there are enough items to paginate). +// When using with SQL, the setting LIMIT %d, %d => $a->pager['start'],$a->pager['itemspage'] +// will limit the results to the correct items for the current page. +// The actual page handling is then accomplished at the application layer. + +if(! function_exists('paginate')) { +function paginate(&$a) { + $o = ''; + $stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string); + $stripped = str_replace('q=','',$stripped); + $stripped = trim($stripped,'/'); + $pagenum = $a->pager['page']; + $url = $a->get_baseurl() . '/' . $stripped; + + + if($a->pager['total'] > $a->pager['itemspage']) { + $o .= '<div class="pager">'; + if($a->pager['page'] != 1) + $o .= '<span class="pager_prev">'."<a href=\"$url".'&page='.($a->pager['page'] - 1).'">' . t('prev') . '</a></span> '; + + $o .= "<span class=\"pager_first\"><a href=\"$url"."&page=1\">" . t('first') . "</a></span> "; + + $numpages = $a->pager['total'] / $a->pager['itemspage']; + + $numstart = 1; + $numstop = $numpages; + + if($numpages > 14) { + $numstart = (($pagenum > 7) ? ($pagenum - 7) : 1); + $numstop = (($pagenum > ($numpages - 7)) ? $numpages : ($numstart + 14)); + } + + for($i = $numstart; $i <= $numstop; $i++){ + if($i == $a->pager['page']) + $o .= '<span class="pager_current">'.(($i < 10) ? ' '.$i : $i); + else + $o .= "<span class=\"pager_n\"><a href=\"$url"."&page=$i\">".(($i < 10) ? ' '.$i : $i)."</a>"; + $o .= '</span> '; + } + + if(($a->pager['total'] % $a->pager['itemspage']) != 0) { + if($i == $a->pager['page']) + $o .= '<span class="pager_current">'.(($i < 10) ? ' '.$i : $i); + else + $o .= "<span class=\"pager_n\"><a href=\"$url"."&page=$i\">".(($i < 10) ? ' '.$i : $i)."</a>"; + $o .= '</span> '; + } + + $lastpage = (($numpages > intval($numpages)) ? intval($numpages)+1 : $numpages); + $o .= "<span class=\"pager_last\"><a href=\"$url"."&page=$lastpage\">" . t('last') . "</a></span> "; + + if(($a->pager['total'] - ($a->pager['itemspage'] * $a->pager['page'])) > 0) + $o .= '<span class="pager_next">'."<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . t('next') . '</a></span>'; + $o .= '</div>'."\r\n"; + } + return $o; +}} + +// Turn user/group ACLs stored as angle bracketed text into arrays + +if(! function_exists('expand_acl')) { +function expand_acl($s) { + // turn string array of angle-bracketed elements into numeric array + // e.g. "<1><2><3>" => array(1,2,3); + $ret = array(); + + if(strlen($s)) { + $t = str_replace('<','',$s); + $a = explode('>',$t); + foreach($a as $aa) { + if(intval($aa)) + $ret[] = intval($aa); + } + } + return $ret; +}} + +// Used to wrap ACL elements in angle brackets for storage + +if(! function_exists('sanitise_acl')) { +function sanitise_acl(&$item) { + if(intval($item)) + $item = '<' . intval(notags(trim($item))) . '>'; + else + unset($item); +}} + + +// Convert an ACL array to a storable string + +if(! function_exists('perms2str')) { +function perms2str($p) { + $ret = ''; + $tmp = $p; + if(is_array($tmp)) { + array_walk($tmp,'sanitise_acl'); + $ret = implode('',$tmp); + } + return $ret; +}} + +// generate a guaranteed unique (for this domain) item ID for ATOM +// safe from birthday paradox + +if(! function_exists('item_new_uri')) { +function item_new_uri($hostname,$uid) { + + do { + $dups = false; + $hash = random_string(); + + $uri = "urn:X-dfrn:" . $hostname . ':' . $uid . ':' . $hash; + + $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", + dbesc($uri)); + if(count($r)) + $dups = true; + } while($dups == true); + return $uri; +}} + +// Generate a guaranteed unique photo ID. +// safe from birthday paradox + +if(! function_exists('photo_new_resource')) { +function photo_new_resource() { + + do { + $found = false; + $resource = hash('md5',uniqid(mt_rand(),true)); + $r = q("SELECT `id` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", + dbesc($resource) + ); + if(count($r)) + $found = true; + } while($found == true); + return $resource; +}} + + +// wrapper to load a view template, checking for alternate +// languages before falling back to the default + +// obsolete, deprecated. + +if(! function_exists('load_view_file')) { +function load_view_file($s) { + global $lang, $a; + if(! isset($lang)) + $lang = 'en'; + $b = basename($s); + $d = dirname($s); + if(file_exists("$d/$lang/$b")) + return file_get_contents("$d/$lang/$b"); + + $theme = current_theme(); + + if(file_exists("$d/theme/$theme/$b")) + return file_get_contents("$d/theme/$theme/$b"); + + return file_get_contents($s); +}} + +if(! function_exists('get_intltext_template')) { +function get_intltext_template($s) { + global $lang; + + if(! isset($lang)) + $lang = 'en'; + + if(file_exists("view/$lang/$s")) + return file_get_contents("view/$lang/$s"); + elseif(file_exists("view/en/$s")) + return file_get_contents("view/en/$s"); + else + return file_get_contents("view/$s"); +}} + +if(! function_exists('get_markup_template')) { +function get_markup_template($s) { + + $theme = current_theme(); + + if(file_exists("view/theme/$theme/$s")) + return file_get_contents("view/theme/$theme/$s"); + else + return file_get_contents("view/$s"); + +}} + + + + + +// for html,xml parsing - let's say you've got +// an attribute foobar="class1 class2 class3" +// and you want to find out if it contains 'class3'. +// you can't use a normal sub string search because you +// might match 'notclass3' and a regex to do the job is +// possible but a bit complicated. +// pass the attribute string as $attr and the attribute you +// are looking for as $s - returns true if found, otherwise false + +if(! function_exists('attribute_contains')) { +function attribute_contains($attr,$s) { + $a = explode(' ', $attr); + if(count($a) && in_array($s,$a)) + return true; + return false; +}} + +if(! function_exists('logger')) { +function logger($msg,$level = 0) { + $debugging = get_config('system','debugging'); + $loglevel = intval(get_config('system','loglevel')); + $logfile = get_config('system','logfile'); + + if((! $debugging) || (! $logfile) || ($level > $loglevel)) + return; + + @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $msg . "\n", FILE_APPEND); + return; +}} + + +if(! function_exists('activity_match')) { +function activity_match($haystack,$needle) { + if(($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle,NAMESPACE_ACTIVITY_SCHEMA))) + return true; + return false; +}} + + +// Pull out all #hashtags and @person tags from $s; +// We also get @person@domain.com - which would make +// the regex quite complicated as tags can also +// end a sentence. So we'll run through our results +// and strip the period from any tags which end with one. +// Returns array of tags found, or empty array. + + +if(! function_exists('get_tags')) { +function get_tags($s) { + $ret = array(); + + // ignore anything in a code block + + $s = preg_replace('/\[code\](.*?)\[\/code\]/sm','',$s); + + // Match full names against @tags including the space between first and last + // We will look these up afterward to see if they are full names or not recognisable. + + if(preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) { + foreach($match[1] as $mtch) { + if(strstr($mtch,"]")) { + // we might be inside a bbcode color tag - leave it alone + continue; + } + if(substr($mtch,-1,1) === '.') + $ret[] = substr($mtch,0,-1); + else + $ret[] = $mtch; + } + } + + // Otherwise pull out single word tags. These can be @nickname, @first_last + // and #hash tags. + + if(preg_match_all('/([@#][^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) { + foreach($match[1] as $mtch) { + if(strstr($mtch,"]")) { + // we might be inside a bbcode color tag - leave it alone + continue; + } + // ignore strictly numeric tags like #1 + if((strpos($mtch,'#') === 0) && ctype_digit(substr($mtch,1))) + continue; + if(substr($mtch,-1,1) === '.') + $ret[] = substr($mtch,0,-1); + else + $ret[] = $mtch; + } + } + return $ret; +}} + + +// quick and dirty quoted_printable encoding + +if(! function_exists('qp')) { +function qp($s) { +return str_replace ("%","=",rawurlencode($s)); +}} + + + +if(! function_exists('get_mentions')) { +function get_mentions($item) { + $o = ''; + if(! strlen($item['tag'])) + return $o; + + $arr = explode(',',$item['tag']); + foreach($arr as $x) { + $matches = null; + if(preg_match('/@\[url=([^\]]*)\]/',$x,$matches)) { + $o .= "\t\t" . '<link rel="mentioned" href="' . $matches[1] . '" />' . "\r\n"; + $o .= "\t\t" . '<link rel="ostatus:attention" href="' . $matches[1] . '" />' . "\r\n"; + } + } + return $o; +}} + +if(! function_exists('contact_block')) { +function contact_block() { + $o = ''; + $a = get_app(); + + $shown = get_pconfig($a->profile['uid'],'system','display_friend_count'); + if(! $shown) + $shown = 24; + + if((! is_array($a->profile)) || ($a->profile['hide-friends'])) + return $o; + $r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0", + intval($a->profile['uid']) + ); + if(count($r)) { + $total = intval($r[0]['total']); + } + if(! $total) { + $o .= '<h4 class="contact-h4">' . t('No contacts') . '</h4>'; + return $o; + } + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0 ORDER BY RAND() LIMIT %d", + intval($a->profile['uid']), + intval($shown) + ); + if(count($r)) { + $o .= '<h4 class="contact-h4">' . sprintf( tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">'; + foreach($r as $rr) { + $o .= micropro($rr,true,'mpfriend'); + } + $o .= '</div><div id="contact-block-end"></div>'; + $o .= '<div id="viewcontacts"><a id="viewcontacts-link" href="viewcontacts/' . $a->profile['nickname'] . '">' . t('View Contacts') . '</a></div>'; + + } + + $arr = array('contacts' => $r, 'output' => $o); + + call_hooks('contact_block_end', $arr); + return $o; + +}} + +if(! function_exists('micropro')) { +function micropro($contact, $redirect = false, $class = '', $textmode = false) { + + if($class) + $class = ' ' . $class; + + $url = $contact['url']; + $sparkle = ''; + + if($redirect) { + $a = get_app(); + $redirect_url = $a->get_baseurl() . '/redir/' . $contact['id']; + if(local_user() && ($contact['uid'] == local_user()) && ($contact['network'] === 'dfrn')) { + $url = $redirect_url; + $sparkle = ' sparkle'; + } + } + $click = ((x($contact,'click')) ? ' onclick="' . $contact['click'] . '" ' : ''); + if($click) + $url = ''; + if($textmode) { + return '<div class="contact-block-textdiv' . $class . '"><a class="contact-block-link' . $class . $sparkle + . (($click) ? ' fakelink' : '') . '" ' + . (($url) ? ' href="' . $url . '"' : '') . $click + . '" title="' . $contact['name'] . ' [' . $contact['url'] . ']" alt="' . $contact['name'] + . '" >'. $contact['name'] . '</a></div>' . "\r\n"; + } + else { + return '<div class="contact-block-div' . $class . '"><a class="contact-block-link' . $class . $sparkle + . (($click) ? ' fakelink' : '') . '" ' + . (($url) ? ' href="' . $url . '"' : '') . $click . ' ><img class="contact-block-img' . $class . $sparkle . '" src="' + . $contact['micro'] . '" title="' . $contact['name'] . ' [' . $contact['url'] . ']" alt="' . $contact['name'] + . '" /></a></div>' . "\r\n"; + } +}} + + + +if(! function_exists('search')) { +function search($s,$id='search-box',$url='/search') { + $a = get_app(); + $o = '<div id="' . $id . '">'; + $o .= '<form action="' . $a->get_baseurl() . $url . '" method="get" >'; + $o .= '<input type="text" name="search" id="search-text" value="' . $s .'" />'; + $o .= '<input type="submit" name="submit" id="search-submit" value="' . t('Search') . '" />'; + $o .= '</form></div>'; + return $o; +}} + +if(! function_exists('valid_email')) { +function valid_email($x){ + if(preg_match('/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/',$x)) + return true; + return false; +}} + + +if(! function_exists('aes_decrypt')) { +function aes_decrypt($val,$ky) +{ + $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + for($a=0;$a<strlen($ky);$a++) + $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a])); + $mode = MCRYPT_MODE_ECB; + $enc = MCRYPT_RIJNDAEL_128; + $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) ); + return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null)); +}} + + +if(! function_exists('aes_encrypt')) { +function aes_encrypt($val,$ky) +{ + $key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + for($a=0;$a<strlen($ky);$a++) + $key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a])); + $mode=MCRYPT_MODE_ECB; + $enc=MCRYPT_RIJNDAEL_128; + $val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16))); + return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM)); +}} + + +/** + * + * Function: linkify + * + * Replace naked text hyperlink with HTML formatted hyperlink + * + */ + +if(! function_exists('linkify')) { +function linkify($s) { + $s = preg_replace("/(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\.\=\_\~\#\'\%\$\!\+]*)/", ' <a href="$1" target="external-link">$1</a>', $s); + return($s); +}} + + +/** + * + * Function: smilies + * + * Description: + * Replaces text emoticons with graphical images + * + * @Parameter: string $s + * + * Returns string + */ + +if(! function_exists('smilies')) { +function smilies($s) { + $a = get_app(); + + return str_replace( + array( '<3', '</3', '<\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O', + '~friendika', 'Diaspora*' ), + array( + '<img src="' . $a->get_baseurl() . '/images/smiley-heart.gif" alt="<3" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="</3" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="<\\3" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":-)" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":)" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-wink.gif" alt=";-)" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":-(" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":(" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-P" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":P" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-x" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />', + '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>', + '<a href="http://joindiaspora.com">Diaspora<img src="' . $a->get_baseurl() . '/images/diaspora.png" alt="Diaspora*" /></a>', + + ), $s); +}} + + + +if(! function_exists('day_translate')) { +function day_translate($s) { + $ret = str_replace(array('Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sunday'), + array( t('Monday'), t('Tuesday'), t('Wednesday'), t('Thursday'), t('Friday'), t('Saturday'), t('Sunday')), + $s); + + $ret = str_replace(array('January','February','March','April','May','June','July','August','September','October','November','December'), + array( t('January'), t('February'), t('March'), t('April'), t('May'), t('June'), t('July'), t('August'), t('September'), t('October'), t('November'), t('December')), + $ret); + + return $ret; +}} + + +if(! function_exists('normalise_link')) { +function normalise_link($url) { + $ret = str_replace(array('https:','//www.'), array('http:','//'), $url); + return(rtrim($ret,'/')); +}} + +/** + * + * Compare two URLs to see if they are the same, but ignore + * slight but hopefully insignificant differences such as if one + * is https and the other isn't, or if one is www.something and + * the other isn't - and also ignore case differences. + * + * Return true if the URLs match, otherwise false. + * + */ + +if(! function_exists('link_compare')) { +function link_compare($a,$b) { + if(strcasecmp(normalise_link($a),normalise_link($b)) === 0) + return true; + return false; +}} + +// Given an item array, convert the body element from bbcode to html and add smilie icons. +// If attach is true, also add icons for item attachments + + +if(! function_exists('prepare_body')) { +function prepare_body($item,$attach = false) { + + $s = prepare_text($item['body']); + if(! $attach) + return $s; + + $arr = explode(',',$item['attach']); + if(count($arr)) { + $s .= '<div class="body-attach">'; + foreach($arr as $r) { + $matches = false; + $icon = ''; + $cnt = preg_match('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches); + if($cnt) { + $icontype = strtolower(substr($matches[3],0,strpos($matches[3],'/'))); + switch($icontype) { + case 'video': + case 'audio': + case 'image': + case 'text': + $icon = '<div class="attachtype type-' . $icontype . '"></div>'; + break; + default: + $icon = '<div class="attachtype type-unkn"></div>'; + break; + } + $title = ((strlen(trim($matches[4]))) ? escape_tags(trim($matches[4])) : escape_tags($matches[1])); + $title .= ' ' . $matches[2] . ' ' . t('bytes'); + + $s .= '<a href="' . strip_tags($matches[1]) . '" title="' . $title . '" class="attachlink" target="external-link" >' . $icon . '</a>'; + } + } + $s .= '<div class="clear"></div></div>'; + } + return $s; +}} + + +// Given a text string, convert from bbcode to html and add smilie icons. + +if(! function_exists('prepare_text')) { +function prepare_text($text) { + + require_once('include/bbcode.php'); + + $s = smilies(bbcode($text)); + + return $s; +}} + + +/** + * return atom link elements for all of our hubs + */ + +if(! function_exists('feed_hublinks')) { +function feed_hublinks() { + + $hub = get_config('system','huburl'); + + $hubxml = ''; + if(strlen($hub)) { + $hubs = explode(',', $hub); + if(count($hubs)) { + foreach($hubs as $h) { + $h = trim($h); + if(! strlen($h)) + continue; + $hubxml .= '<link rel="hub" href="' . xmlify($h) . '" />' . "\n" ; + } + } + } + return $hubxml; +}} + +/* return atom link elements for salmon endpoints */ + +if(! function_exists('feed_salmonlinks')) { +function feed_salmonlinks($nick) { + + $a = get_app(); + + $salmon = '<link rel="salmon" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ; + + // old style links that status.net still needed as of 12/2010 + + $salmon .= ' <link rel="http://salmon-protocol.org/ns/salmon-replies" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ; + $salmon .= ' <link rel="http://salmon-protocol.org/ns/salmon-mention" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ; + return $salmon; +}} + +if(! function_exists('get_plink')) { +function get_plink($item) { + $a = get_app(); + $plink = (((x($item,'plink')) && (! $item['private'])) ? '<div class="wall-item-links-wrapper"><a href="' + . $item['plink'] . '" title="' . t('link to source') . '" target="external-link" class="icon remote-link"></a></div>' : ''); + return $plink; +}} + +if(! function_exists('unamp')) { +function unamp($s) { + return str_replace('&', '&', $s); +}} + + + + +if(! function_exists('lang_selector')) { +function lang_selector() { + global $lang; + $o = '<div id="lang-select-icon" class="icon language" title="' . t('Select an alternate language') . '" onclick="openClose(\'language-selector\');" ></div>'; + $o .= '<div id="language-selector" style="display: none;" >'; + $o .= '<form action="" method="post" ><select name="system_language" onchange="this.form.submit();" >'; + $langs = glob('view/*/strings.php'); + if(is_array($langs) && count($langs)) { + if(! in_array('view/en/strings.php',$langs)) + $langs[] = 'view/en/'; + asort($langs); + foreach($langs as $l) { + $ll = substr($l,5); + $ll = substr($ll,0,strrpos($ll,'/')); + $selected = (($ll === $lang) ? ' selected="selected" ' : ''); + $o .= '<option value="' . $ll . '"' . $selected . '>' . $ll . '</option>'; + } + } + $o .= '</select></form></div>'; + return $o; +}} + + +if(! function_exists('return_bytes')) { +function return_bytes ($size_str) { + switch (substr ($size_str, -1)) + { + case 'M': case 'm': return (int)$size_str * 1048576; + case 'K': case 'k': return (int)$size_str * 1024; + case 'G': case 'g': return (int)$size_str * 1073741824; + default: return $size_str; + } +}} + +function generate_user_guid() { + $found = true; + do { + $guid = random_string(16); + $x = q("SELECT `uid` FROM `user` WHERE `guid` = '%s' LIMIT 1", + dbesc($guid) + ); + if(! count($x)) + $found = false; + } while ($found == true ); + return $guid; +} + + +function pkcs5_pad ($text, $blocksize) +{ + $pad = $blocksize - (strlen($text) % $blocksize); + return $text . str_repeat(chr($pad), $pad); +} + +function pkcs5_unpad($text) +{ + $pad = ord($text{strlen($text)-1}); + if ($pad > strlen($text)) return false; + if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; + return substr($text, 0, -1 * $pad); +} + + +function base64url_encode($s, $strip_padding = false) { + + $s = strtr(base64_encode($s),'+/','-_'); + + if($strip_padding) + $s = str_replace('=','',$s); + + return $s; +} + +function base64url_decode($s) { + +/* + * // Placeholder for new rev of salmon which strips base64 padding. + * // PHP base64_decode handles the un-padded input without requiring this step + * // Uncomment if you find you need it. + * + * $l = strlen($s); + * if(! strpos($s,'=')) { + * $m = $l % 4; + * if($m == 2) + * $s .= '=='; + * if($m == 3) + * $s .= '='; + * } + * + */ + + return base64_decode(strtr($s,'-_','+/')); +} + +function cc_license() { +return '<div class="cc-license">' . t('Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.') . '</div>'; +} |