diff options
Diffstat (limited to 'include')
67 files changed, 3290 insertions, 1380 deletions
diff --git a/include/Contact.php b/include/Contact.php index 20e5e1a1e..233798181 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -22,7 +22,7 @@ function rconnect_url($channel_id,$xchan) { if(($r) && ($r[0]['xchan_follow'])) return $r[0]['xchan_follow']; - $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1", + $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d )>0 limit 1", dbesc($xchan), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -35,7 +35,7 @@ function rconnect_url($channel_id,$xchan) { function abook_connections($channel_id, $sql_conditions = '') { $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d - and not ( abook_flags & %d ) $sql_conditions", + and not ( abook_flags & %d )>0 $sql_conditions", intval($channel_id), intval(ABOOK_FLAG_SELF) ); @@ -44,7 +44,7 @@ function abook_connections($channel_id, $sql_conditions = '') { function abook_self($channel_id) { $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d - and ( abook_flags & %d ) limit 1", + and ( abook_flags & %d )>0 limit 1", intval($channel_id), intval(ABOOK_FLAG_SELF) ); @@ -52,7 +52,7 @@ function abook_self($channel_id) { } function channelx_by_nick($nick) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($nick), intval(PAGE_REMOVED) ); @@ -60,7 +60,7 @@ function channelx_by_nick($nick) { } function channelx_by_hash($hash) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($hash), intval(PAGE_REMOVED) ); @@ -68,7 +68,7 @@ function channelx_by_hash($hash) { } function channelx_by_n($id) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($id), intval(PAGE_REMOVED) ); @@ -128,17 +128,19 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { function abook_toggle_flag($abook,$flag) { - $r = q("UPDATE abook set abook_flags = (abook_flags ^ %d) where abook_id = %d and abook_channel = %d limit 1", - intval($flag), - intval($abook['abook_id']), - intval($abook['abook_channel']) + $r = q("UPDATE abook set abook_flags = (abook_flags %s %d) where abook_id = %d and abook_channel = %d", + db_getfunc('^'), + intval($flag), + intval($abook['abook_id']), + intval($abook['abook_channel']) ); + // if unsetting the archive bit, update the timestamps so we'll try to connect for an additional 30 days. if(($flag === ABOOK_FLAG_ARCHIVED) && ($abook['abook_flags'] & ABOOK_FLAG_ARCHIVED)) { $r = q("update abook set abook_connected = '%s', abook_updated = '%s' - where abook_id = %d and abook_channel = %d limit 1", + where abook_id = %d and abook_channel = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($abook['abook_id']), @@ -173,7 +175,7 @@ function account_remove($account_id,$local = true,$unset_session=true) { // Don't let anybody nuke the only admin account. - $r = q("select account_id from account where (account_roles & %d)", + $r = q("select account_id from account where (account_roles & %d)>0", intval(ACCOUNT_ROLE_ADMIN) ); @@ -201,10 +203,11 @@ function account_remove($account_id,$local = true,$unset_session=true) { } } - $r = q("delete from account where account_id = %d limit 1", + $r = q("delete from account where account_id = %d", intval($account_id) ); + if ($unset_session) { unset($_SESSION['authenticated']); unset($_SESSION['uid']); @@ -214,6 +217,28 @@ function account_remove($account_id,$local = true,$unset_session=true) { return $r; } +// recursively delete a directory +function rrmdir($path) +{ + if (is_dir($path) === true) + { + $files = array_diff(scandir($path), array('.', '..')); + + foreach ($files as $file) + { + rrmdir(realpath($path) . '/' . $file); + } + + return rmdir($path); + } + + else if (is_file($path) === true) + { + return unlink($path); + } + + return false; +} function channel_remove($channel_id, $local = true, $unset_session=true) { @@ -239,7 +264,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { channel_r_photos = 0, channel_r_abook = 0, channel_w_stream = 0, channel_w_wall = 0, channel_w_tagwall = 0, channel_w_comment = 0, channel_w_mail = 0, channel_w_photos = 0, channel_w_chat = 0, channel_a_delegate = 0, channel_r_storage = 0, channel_w_storage = 0, channel_r_pages = 0, channel_w_pages = 0, channel_a_republish = 0 - where channel_id = %d limit 1", + where channel_id = %d", dbesc(datetime_convert()), intval(PAGE_REMOVED), intval($channel_id) @@ -275,12 +300,12 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { q("DELETE FROM `spam` WHERE `uid` = %d", intval($channel_id)); - q("delete from abook where abook_xchan = '%s' and (abook_flags & %d) limit 1", + q("delete from abook where abook_xchan = '%s' and (abook_flags & %d)>0", dbesc($channel['channel_hash']), dbesc(ABOOK_FLAG_SELF) ); - $r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d limit 1", + $r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d", dbesc(datetime_convert()), intval(PAGE_REMOVED), intval($channel_id) @@ -296,7 +321,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { $hublocs = 0; - $r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)", + $r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)>0", dbesc($channel['channel_hash']), intval(HUBLOC_FLAGS_DELETED) ); @@ -309,6 +334,19 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { dbesc($channel['channel_hash']) ); } + + //remove from file system + $r = q("select channel_address from channel where channel_id = %d limit 1", + intval($channel_id) + ); + if($r) + $channel_address = $r[0]['channel_address'] ; + if ($channel_address !== '') { + $f = 'store/' . $channel_address.'/'; + logger ('delete '. $f); + if(is_dir($f)) + @rrmdir($f); + } proc_run('php','include/directory.php',$channel_id); @@ -335,10 +373,11 @@ function mark_orphan_hubsxchans() { if($dirmode == DIRECTORY_MODE_NORMAL) return; - $r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d) - and hubloc_network = 'zot' and hubloc_connected < utc_timestamp() - interval 36 day", + $r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d)>0 + and hubloc_network = 'zot' and hubloc_connected < %s - interval %s", + intval(HUBLOC_OFFLINE), intval(HUBLOC_OFFLINE), - intval(HUBLOC_OFFLINE) + db_utcnow(), db_quoteinterval('36 day') ); // $realm = get_directory_realm(); @@ -354,7 +393,7 @@ function mark_orphan_hubsxchans() { // } - $r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d) and not (hubloc_flags & %d)", + $r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d)>0 and not (hubloc_flags & %d)>0", intval(HUBLOC_OFFLINE), intval(HUBLOC_FLAGS_ORPHANCHECK) ); @@ -364,7 +403,7 @@ function mark_orphan_hubsxchans() { // see if any other hublocs are still alive for this channel - $x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)", + $x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)>0", dbesc($rr['hubloc_hash']), intval(HUBLOC_OFFLINE) ); @@ -372,7 +411,7 @@ function mark_orphan_hubsxchans() { // yes - if the xchan was marked as an orphan, undo it - $y = q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", + $y = q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN), dbesc($rr['hubloc_hash']) @@ -383,7 +422,7 @@ function mark_orphan_hubsxchans() { // nope - mark the xchan as an orphan - $y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1", + $y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), dbesc($rr['hubloc_hash']) ); @@ -391,7 +430,7 @@ function mark_orphan_hubsxchans() { // mark that we've checked this entry so we don't need to do it again - $y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1", + $y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d", intval(HUBLOC_FLAGS_ORPHANCHECK), dbesc($rr['hubloc_id']) ); @@ -449,7 +488,7 @@ function remove_all_xchan_resources($xchan, $channel_id = 0) { if($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) { - $r = q("delete from xchan where xchan_hash = '%s' limit 1", + $r = q("delete from xchan where xchan_hash = '%s'", dbesc($xchan) ); $r = q("delete from hubloc where hubloc_hash = '%s'", @@ -482,7 +521,7 @@ function contact_remove($channel_id, $abook_id) { $archive = get_pconfig($channel_id, 'system','archive_removed_contacts'); if($archive) { - q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d limit 1", + q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d", intval(ABOOK_FLAG_ARCHIVED), intval($abook_id), intval($channel_id) @@ -514,7 +553,7 @@ function contact_remove($channel_id, $abook_id) { } } - q("delete from abook where abook_id = %d and abook_channel = %d limit 1", + q("delete from abook where abook_id = %d and abook_channel = %d", intval($abook['abook_id']), intval($channel_id) ); @@ -541,10 +580,31 @@ function contact_remove($channel_id, $abook_id) { function random_profile() { - $r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > UTC_TIMESTAMP() - interval 30 day order by rand() limit 1"); - if($r) - return $r[0]['xchan_url']; + $randfunc = db_getfunc('rand'); + + $checkrandom = get_config('randprofile','check'); // False by default + $retryrandom = intval(get_config('randprofile','retry')); + if($retryrandom === false) $retryrandom = 5; + + for($i = 0; $i < $retryrandom; $i++) { + $r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1", + db_utcnow(), db_quoteinterval('30 day') + ); + + if(!$r) return ''; // Couldn't get a random channel + + if($checkrandom) { + $x = z_fetch_url($r[0]['xchan_url']); + if($x['success']) + return $r[0]['xchan_url']; + else + logger('Random channel turned out to be bad.'); + } + else { + return $r[0]['xchan_url']; + } + + } return ''; } - diff --git a/include/Import/Importer.php b/include/Import/Importer.php new file mode 100644 index 000000000..5e684cd8e --- /dev/null +++ b/include/Import/Importer.php @@ -0,0 +1,82 @@ +<?php /** @file */ + +namespace RedMatrix\Import; + +/** + * @brief Class Import + * + * @package RedMatrix\Import + */ +class Import { + + private $credentials = null; + + protected $itemlist = null; + protected $src_items = null; + protected $items = null; + + function get_credentials() { + return $this->credentials; + } + + function get_itemlist() { + return $this->itemlist; + } + + function get_item_ident($item) { + + } + + function get_item($item_ident) { + + } + + function get_taxonomy($item_ident) { + + } + + function get_children($item_ident) { + + } + + function convert_item($item_ident) { + + } + + function convert_taxonomy($item_ident) { + + } + + function convert_child($child) { + + } + + function store($item, $update = false) { + + } + + function run() { + $this->credentials = $this->get_credentials(); + $this->itemlist = $this->get_itemlist(); + if($this->itemlist) { + $this->src_items = array(); + $this->items = array(); + $cnt = 0; + foreach($this->itemlist as $item) { + $ident = $item->get_item_ident($item); + $this->src_items[$ident]['item'] = $this->get_item($ident); + $this->src_items[$ident]['taxonomy'] = $this->get_taxonomy($ident); + $this->src_items[$ident]['children'] = $this->get_children($ident); + $this->items[$cnt]['item'] = $this->convert_item($ident); + $this->items[$cnt]['item']['term'] = $this->convert_taxonomy($ident); + if($this->src_items[$ident]['children']) { + $this->items[$cnt]['children'] = array(); + foreach($this->src_items[$ident]['children'] as $child) { + $this[$cnt]['children'][] = $this->convert_child($child); + } + } + $cnt ++; + } + } + } +}
\ No newline at end of file diff --git a/include/Import/refimport.php b/include/Import/refimport.php new file mode 100644 index 000000000..181b2b398 --- /dev/null +++ b/include/Import/refimport.php @@ -0,0 +1,280 @@ +<?php + +require_once('include/html2bbcode.php'); +require_once('include/hubloc.php'); + +// Sample module for importing conversation data from Reflection CMS. Some preparation was used to +// dump relevant posts, categories and comments into individual JSON files, and also JSON dump of +// the user table to search for avatars. Importation was also batched in sets of 20 posts per page +// visit so as to survive shared hosting process limits. This provides some clues as how to handle +// WordPress imports, which use a somewhat similar DB structure. The batching and individual files +// might not be needed in VPS environments. As such this could be considered an extreme test case, but +// the importation was successful in all regards using this code. The module URL was visited repeatedly +// with a browser until all the posts had been imported. + + +define('REDMATRIX_IMPORTCHANNEL','mike'); +define('REFLECT_EXPORTUSERNAME','mike'); +define('REFLECT_BLOGNAME','Diary and Other Rantings'); +define('REFLECT_BASEURL','http://example.com/'); +define('REFLECT_USERFILE','user.json'); + +// set to true if you need to process everything again +define('REFLECT_OVERWRITE',false); + +// we'll only process a small number of posts at a time on a shared host. + +define('REFLECT_MAXPERRUN',30); + +function reflect_get_channel() { + + // this will be the channel_address or nickname of the red channel + + $c = q("select * from channel left join xchan on channel_hash = xchan_hash + where channel_address = '%s' limit 1", + dbesc(REDMATRIX_IMPORTCHANNEL) + ); + return $c[0]; +} + + +function refimport_content(&$a) { + + $channel = reflect_get_channel(); + + // load the user file. We need that to find the commenter's avatars + + $u = file_get_contents(REFLECT_USERFILE); + if($u) { + $users = json_decode($u,true); + } + + $ignored = 0; + $processed = 0; + + $files = glob('article/*'); + if(! $files) + return; + + foreach($files as $f) { + $s = file_get_contents($f); + $j = json_decode($s,true); + + if(! $j) + continue; + + $arr = array(); + + // see if this article was already processed + $r = q("select * from item where mid = '%s' and uid = %d limit 1", + dbesc($j['guid']), + intval($channel['channel_id']) + ); + if($r) { + if(REFLECT_OVERWRITE) + $arr['id'] = $r[0]['id']; + else { + $ignored ++; + rename($f,str_replace('article','done',$f)); + continue; + } + } + + $arr['uid'] = $channel['channel_account_id']; + $arr['aid'] = $channel['channel_id']; + $arr['mid'] = $arr['parent_mid'] = $j['guid']; + $arr['created'] = $j['created']; + $arr['edited'] = $j['edited']; + $arr['author_xchan'] = $channel['channel_hash']; + $arr['owner_xchan'] = $channel['channel_hash']; + $arr['app'] = REFLECT_BLOGNAME; + $arr['item_flags'] = ITEM_ORIGIN|ITEM_WALL|ITEM_THREAD_TOP; + $arr['verb'] = ACTIVITY_POST; + + // this is an assumption + $arr['comment_policy'] = 'contacts'; + + + // import content. In this case the content is XHTML. + + $arr['title'] = html2bbcode($j['title']); + $arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false); + + + $arr['body'] = html2bbcode($j['body']); + $arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false); + + + // convert relative urls to other posts on that service to absolute url on our service. + $arr['body'] = preg_replace_callback("/\[url\=\/+article\/(.*?)\](.*?)\[url\]/",'reflect_article_callback',$arr['body']); + + // also import any photos + $arr['body'] = preg_replace_callback("/\[img(.*?)\](.*?)\[\/img\]/",'reflect_photo_callback',$arr['body']); + + + // add categories + + if($j['taxonomy'] && is_array($j['taxonomy']) && count($j['taxonomy'])) { + $arr['term'] = array(); + foreach($j['taxonomy'] as $tax) { + $arr['term'][] = array( + 'uid' => $channel['channel_id'], + 'type' => TERM_CATEGORY, + 'otype' => TERM_OBJ_POST, + 'term' => trim($tax['name']), + 'url' => $channel['xchan_url'] . '?f=&cat=' . urlencode(trim($tax['name'])) + ); + } + } + + // store the item + + if($arr['id']) + item_store_update($arr); + else + item_store($arr); + + // if there are any comments, process them + // $comment['registered'] is somebody with an account on the system. Others are mostly anonymous + + if($j['comments']) { + foreach($j['comments'] as $comment) { + $user = (($comment['registered']) ? reflect_find_user($users,$comment['author']) : null); + reflect_comment_store($channel,$arr,$comment,$user); + } + } + $processed ++; + + if(REFLECT_MAXPERRUN && $processed > REFLECT_MAXPERRUN) + break; + } + return 'processed: ' . $processed . EOL . 'completed: ' . $ignored . EOL; + +} + +function reflect_article_callback($matches) { + return '[zrl=' . z_root() . '/display/'. $matches[1] . ']' . $matches[2] . '[/zrl]'; +} + +function reflect_photo_callback($matches) { + + if(strpos($matches[2],'http') !== false) + return $matches[0]; + + $prefix = REFLECT_BASEURL; + $x = z_fetch_url($prefix.$matches[2],true); + + $hash = basename($matches[2]); + + if($x['success']) { + $channel = reflect_get_channel(); + require_once('include/photos.php'); + $p = photo_upload($channel,$channel, + array('data' => $x['body'], + 'resource_id' => str_replace('-','',$hash), + 'filename' => $hash . '.jpg', + 'type' => 'image/jpeg', + 'not_visible' => true + ) + ); + + if($p['success']) + $newlink = $p['resource_id'] . '-0.jpg'; + + + // import photo and locate the link for it. + return '[zmg]' . z_root() . '/photo/' . $newlink . '[/zmg]'; + + } + // no replacement. Leave it alone. + return $matches[0]; +} + +function reflect_find_user($users,$name) { + if($users) { + foreach($users as $x) { + if($x['name'] === $name) { + return $x; + } + } + } + + return false; + +} + +function reflect_comment_store($channel,$post,$comment,$user) { + + // if the commenter was the channel owner, use their redmatrix xchan + + if($comment['author'] === REFLECT_EXPORTUSERNAME && $comment['registered']) + $hash = $channel['xchan_hash']; + else { + // we need a unique hash for the commenter. We don't know how many may have supplied + // http://yahoo.com as their URL, so we'll use their avatar guid if they have one. + // anonymous folks may get more than one xchan_hash if they commented more than once. + + $hash = (($comment['registered'] && $user) ? $user['avatar'] : ''); + if(! $hash) + $hash = random_string() . '.unknown'; + + // create an xchan for them which will also import their profile photo + // they will have a network type 'unknown'. + + $x = array( + 'hash' => $hash, + 'guid' => $hash, + 'url' => (($comment['url']) ? $comment['url'] : z_root()), + 'photo' => (($user) ? REFLECT_BASEURL . $user['avatar'] : z_root() . '/' . get_default_profile_photo()), + 'name' => $comment['author'] + ); + xchan_store($x); + + } + + $arr = array(); + + $r = q("select * from item where mid = '%s' and uid = %d limit 1", + dbesc($comment['guid']), + intval($channel['channel_id']) + ); + if($r) { + if(REFLECT_OVERWRITE) + $arr['id'] = $r[0]['id']; + else + return; + } + + // this is a lot like storing the post except for subtle differences, like parent_mid, flags, author_xchan, + // and we don't have a comment edited field so use creation date + + $arr['uid'] = $channel['channel_account_id']; + $arr['aid'] = $channel['channel_id']; + $arr['mid'] = $comment['guid']; + $arr['parent_mid'] = $post['mid']; + $arr['created'] = $comment['created']; + $arr['edited'] = $comment['created']; + $arr['author_xchan'] = $hash; + $arr['owner_xchan'] = $channel['channel_hash']; + $arr['item_flags'] = ITEM_ORIGIN|ITEM_WALL; + $arr['verb'] = ACTIVITY_POST; + $arr['comment_policy'] = 'contacts'; + + + $arr['title'] = html2bbcode($comment['title']); + $arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false); + + + $arr['body'] = html2bbcode($comment['body']); + $arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false); + $arr['body'] = preg_replace_callback("/\[url\=\/+article\/(.*?)\](.*?)\[url\]/",'reflect_article_callback',$arr['body']); + $arr['body'] = preg_replace_callback("/\[img(.*?)\](.*?)\[\/img\]/",'reflect_photo_callback',$arr['body']); + + // logger('comment: ' . print_r($arr,true)); + + if($arr['id']) + item_store_update($arr); + else + item_store($arr); + +} diff --git a/include/ItemObject.php b/include/ItemObject.php index 90c036def..ec8116297 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -28,6 +28,7 @@ class Item extends BaseObject { private $threaded = false; private $visiting = false; private $channel = null; + private $display_mode = 'normal'; public function __construct($data) { @@ -64,8 +65,6 @@ class Item extends BaseObject { public function get_template_data($alike, $dlike, $thread_level=1) { - $t1 = dba_timer(); - $result = array(); $a = $this->get_app(); @@ -80,6 +79,7 @@ class Item extends BaseObject { $indent = ''; $osparkle = ''; $total_children = $this->count_descendants(); + $unseen_comments = (($item['real_uid']) ? 0 : $this->count_unseen_descendants()); $conv = $this->get_conversation(); $observer = $conv->get_observer(); @@ -88,7 +88,7 @@ class Item extends BaseObject { || strlen($item['deny_cid']) || strlen($item['deny_gid'])))) ? t('Private Message') : false); - $shareable = ((($conv->get_profile_owner() == local_user()) && ($item['item_private'] != 1)) ? true : false); + $shareable = ((($conv->get_profile_owner() == local_user() && local_user()) && ($item['item_private'] != 1)) ? true : false); // allow an exemption for sharing stuff from your private feeds if($item['author']['xchan_network'] === 'rss') @@ -228,15 +228,22 @@ class Item extends BaseObject { if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0) $indent .= ' shiny'; - $t2 = dba_timer(); localize_item($item); - - $t3 = dba_timer(); - $body = prepare_body($item,true); - $t4 = dba_timer(); + // $viewthread (below) is only valid in list mode. If this is a channel page, build the thread viewing link + // since we can't depend on llink or plink pointing to the right local location. + + $owner_address = substr($item['owner']['xchan_addr'],0,strpos($item['owner']['xchan_addr'],'@')); + $viewthread = $item['llink']; + if($conv->get_mode() === 'channel') + $viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . $item['mid']; + + $comment_count_txt = sprintf( tt('%d comment','%d comments',$total_children),$total_children ); + $list_unseen_txt = (($unseen_comments) ? sprintf('%d unseen',$unseen_comments) : ''); + + $children = $this->get_children(); $tmp_item = array( 'template' => $this->get_template(), @@ -248,6 +255,8 @@ class Item extends BaseObject { 'id' => $this->get_id(), 'linktitle' => sprintf( t('View %s\'s profile - %s'), $profile_name, $item['author']['xchan_addr']), 'olinktitle' => sprintf( t('View %s\'s profile - %s'), $this->get_owner_name(), $item['owner']['xchan_addr']), + 'llink' => $item['llink'], + 'viewthread' => $viewthread, 'to' => t('to'), 'via' => t('via'), 'wall' => t('Wall-to-Wall'), @@ -283,15 +292,21 @@ class Item extends BaseObject { 'share' => $share, 'rawmid' => $item['mid'], 'plink' => get_plink($item), - 'edpost' => ((feature_enabled($conv->get_profile_owner(),'edit_posts')) ? $edpost : ''), + 'edpost' => $edpost, // ((feature_enabled($conv->get_profile_owner(),'edit_posts')) ? $edpost : ''), 'star' => ((feature_enabled($conv->get_profile_owner(),'star_posts')) ? $star : ''), 'tagger' => ((feature_enabled($conv->get_profile_owner(),'commtag')) ? $tagger : ''), 'filer' => ((feature_enabled($conv->get_profile_owner(),'filing')) ? $filer : ''), - 'bookmark' => (($conv->get_profile_owner() == local_user() && $has_bookmarks) ? t('Save Bookmarks') : ''), + 'bookmark' => (($conv->get_profile_owner() == local_user() && local_user() && $has_bookmarks) ? t('Save Bookmarks') : ''), 'addtocal' => (($has_event) ? t('Add to Calendar') : ''), 'drop' => $drop, 'multidrop' => ((feature_enabled($conv->get_profile_owner(),'multi_delete')) ? $multidrop : ''), // end toolbar buttons + + 'unseen_comments' => $unseen_comments, + 'comment_count' => $total_children, + 'comment_count_txt' => $comment_count_txt, + 'list_unseen_txt' => $list_unseen_txt, + 'markseen' => t('Mark all seen'), 'like_count' => $like_count, 'like_list' => $like_list, 'like_list_part' => $like_list_part, @@ -311,24 +326,22 @@ class Item extends BaseObject { 'thread_level' => $thread_level ); - $t5 = dba_timer(); - $arr = array('item' => $item, 'output' => $tmp_item); call_hooks('display_item', $arr); $result = $arr['output']; $result['children'] = array(); - $children = $this->get_children(); $nb_children = count($children); - if($nb_children > 0) { + + if(($this->get_display_mode() === 'normal') && ($nb_children > 0)) { foreach($children as $child) { $result['children'][] = $child->get_template_data($alike, $dlike, $thread_level + 1); } // Collapse if(($nb_children > 2) || ($thread_level > 1)) { $result['children'][0]['comment_firstcollapsed'] = true; - $result['children'][0]['num_comments'] = sprintf( tt('%d comment','%d comments',$total_children),$total_children ); + $result['children'][0]['num_comments'] = $comment_count_txt; $result['children'][0]['hide_text'] = t('[+] show all'); if($thread_level > 1) { $result['children'][$nb_children - 1]['comment_lastcollapsed'] = true; @@ -350,14 +363,6 @@ class Item extends BaseObject { $result['flatten'] = true; $result['threaded'] = false; } - $t6 = dba_timer(); - -// profiler($t1,$t2,'t2'); -// profiler($t2,$t3,'t3'); -// profiler($t3,$t4,'t4'); -// profiler($t4,$t5,'t5'); -// profiler($t5,$t6,'t6'); -// profiler($t1,$t6,'item total'); return $result; } @@ -366,6 +371,14 @@ class Item extends BaseObject { return $this->get_data_value('id'); } + public function get_display_mode() { + return $this->display_mode; + } + + public function set_display_mode($mode) { + $this->display_mode = $mode; + } + public function is_threaded() { return $this->threaded; } @@ -517,12 +530,12 @@ class Item extends BaseObject { /** * Get template */ - private function get_template() { + public function get_template() { return $this->template; } - private function set_template($t) { + public function set_template($t) { $this->template = $t; } @@ -547,6 +560,23 @@ class Item extends BaseObject { return $total; } + private function count_unseen_descendants() { + $children = $this->get_children(); + $total = count($children); + if($total > 0) { + $total = 0; + foreach($children as $child) { + if((! visible_activity($child->data)) || array_key_exists('author_blocked',$child->data)) { + continue; + } + if($child->data['item_flags'] & ITEM_UNSEEN) + $total ++; + } + } + return $total; + } + + /** * Get the template for the comment box */ @@ -605,7 +635,7 @@ class Item extends BaseObject { '$edimg' => t('Image'), '$edurl' => t('Link'), '$edvideo' => t('Video'), - '$preview' => ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''), + '$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''), '$indent' => $indent, '$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false), '$encrypt' => t('Encrypt text'), diff --git a/include/RedDAV/RedBasicAuth.php b/include/RedDAV/RedBasicAuth.php index 2f86d4f82..19dd9a5f0 100644 --- a/include/RedDAV/RedBasicAuth.php +++ b/include/RedDAV/RedBasicAuth.php @@ -118,8 +118,11 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic { } } } - logger('password failed for ' . $username); - // @TODO add security logger + + $error = 'password failed for ' . $username; + logger($error); + log_failed_login($error); + return false; } diff --git a/include/RedDAV/RedBrowser.php b/include/RedDAV/RedBrowser.php index 21ea76aed..709f6339b 100644 --- a/include/RedDAV/RedBrowser.php +++ b/include/RedDAV/RedBrowser.php @@ -173,6 +173,7 @@ class RedBrowser extends DAV\Browser\Plugin { $type = $this->escapeHTML($type); $icon = ''; + if ($this->enableAssets) { $node = $this->server->tree->getNodeForPath(($path ? $path . '/' : '') . $name); foreach (array_reverse($this->iconMap) as $class=>$iconName) { @@ -182,10 +183,10 @@ class RedBrowser extends DAV\Browser\Plugin { } } } - - $parentHash = ""; + + $parentHash = ''; $owner = $this->auth->owner_id; - $splitPath = split("/", $fullPath); + $splitPath = split('/', $fullPath); if (count($splitPath) > 3) { for ($i = 3; $i < count($splitPath); $i++) { $attachName = urldecode($splitPath[$i]); @@ -209,6 +210,7 @@ class RedBrowser extends DAV\Browser\Plugin { $ft['size'] = $size; $ft['sizeFormatted'] = $this->userReadableSize($size); $ft['lastmodified'] = (($lastmodified) ? datetime_convert('UTC', date_default_timezone_get(), $lastmodified) : ''); + $ft['iconFromType'] = $this->getIconFromType($type); $f[] = $ft; } @@ -233,15 +235,26 @@ class RedBrowser extends DAV\Browser\Plugin { } // prepare quota for template + $quota = array(); $quota['used'] = $used; $quota['limit'] = $limit; $quota['desc'] = $quotaDesc; - $html .= replace_macros(get_markup_template('cloud_directory.tpl'), array( + $output = ''; + if ($this->enablePost) { + $this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output)); + } + + $html .= replace_macros(get_markup_template('cloud_header.tpl'), array( '$header' => t('Files') . ": " . $this->escapeHTML($path) . "/", + '$quota' => $quota, + '$total' => t('Total'), + '$actionspanel' => $output + )); + + $html .= replace_macros(get_markup_template('cloud_directory.tpl'), array( '$parentpath' => $parentpath, '$entries' => $f, - '$quota' => $quota, '$name' => t('Name'), '$type' => t('Type'), '$size' => t('Size'), @@ -249,15 +262,9 @@ class RedBrowser extends DAV\Browser\Plugin { '$parent' => t('parent'), '$edit' => t('Edit'), '$delete' => t('Delete'), - '$total' => t('Total') + '$nick' => $this->auth->getCurrentUser() )); - $output = ''; - if ($this->enablePost) { - $this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output)); - } - $html .= $output; - get_app()->page['content'] = $html; load_pdl(get_app()); construct_page(get_app()); @@ -321,6 +328,62 @@ class RedBrowser extends DAV\Browser\Plugin { } /** + * @brief returns icon name for use with e.g. font-awesome based on mime-type + * + * @param string $type + * @return string + */ + protected function getIconFromType($type) { + $iconMap = array( + //Folder + t('Collection') => 'icon-folder-close', + + //Common file + 'application/octet-stream' => 'icon-file-alt', + + //Text + 'text/plain' => 'icon-file-text-alt', + 'application/msword' => 'icon-file-text-alt', + 'application/pdf' => 'icon-file-text-alt', + 'application/vnd.oasis.opendocument.text' => 'icon-file-text-alt', + 'application/epub+zip' => 'icon-book', + + //Spreadsheet + 'application/vnd.oasis.opendocument.spreadsheet' => 'icon-table', + 'application/vnd.ms-excel' => 'icon-table', + + //Image + 'image/jpeg' => 'icon-picture', + 'image/png' => 'icon-picture', + 'image/gif' => 'icon-picture', + 'image/svg+xml' => 'icon-picture', + + //Archive + 'application/zip' => 'icon-archive', + 'application/x-rar-compressed' => 'icon-archive', + + //Audio + 'audio/mpeg' => 'icon-music', + 'audio/wav' => 'icon-music', + 'application/ogg' => 'icon-music', + + //Video + 'video/quicktime' => 'icon-film', + + + ); + + $iconFromType = 'icon-file-alt'; + + if (array_key_exists($type, $iconMap)) + { + $iconFromType = $iconMap[$type]; + } + + return $iconFromType; + } + + /** * @brief Return the hash of an attachment. * * Given the owner, the parent folder and and attach name get the attachment @@ -370,4 +433,4 @@ class RedBrowser extends DAV\Browser\Plugin { } return $id; } -}
\ No newline at end of file +} diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php index a46b77f5f..85af0d57f 100644 --- a/include/RedDAV/RedDirectory.php +++ b/include/RedDAV/RedDirectory.php @@ -159,7 +159,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { list($parent_path, ) = DAV\URLUtil::splitPath($this->red_path); $new_path = $parent_path . '/' . $name; - $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d", dbesc($name), dbesc($this->folder_hash), intval($this->auth->owner_id) @@ -197,7 +197,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $mimetype = z_mime_content_type($name); - $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -246,7 +246,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $edited = datetime_convert(); // updates entry with filesize and timestamp - $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($hash), @@ -254,7 +254,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { ); // update the folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id']) @@ -293,7 +293,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { throw new DAV\Exception\Forbidden('Permission denied.'); } - $r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -362,7 +362,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $channel_name = $path_arr[0]; - $r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d )>0 LIMIT 1", dbesc($channel_name), intval(PAGE_REMOVED) ); @@ -380,7 +380,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $os_path = ''; for ($x = 1; $x < count($path_arr); $x++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -440,7 +440,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $free = disk_free_space('store'); if ($this->auth->owner_id) { - $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", + $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d)>0 limit 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php index f96790631..3a5230dc1 100644 --- a/include/RedDAV/RedFile.php +++ b/include/RedDAV/RedFile.php @@ -79,7 +79,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $newName = str_replace('/', '%2F', $newName); - $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d LIMIT 1", + $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d", dbesc($this->data['filename']), intval($this->data['id']) ); @@ -96,7 +96,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $size = 0; // @todo only 3 values are needed - $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -113,7 +113,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $size = @filesize($f); logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); } else { - $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbesc(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']) @@ -131,7 +131,7 @@ class RedFile extends DAV\Node implements DAV\IFile { // returns now() $edited = datetime_convert(); - $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($this->data['hash']), @@ -139,7 +139,7 @@ class RedFile extends DAV\Node implements DAV\IFile { ); // update the folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']) diff --git a/include/account.php b/include/account.php index df484e608..8df44acba 100644 --- a/include/account.php +++ b/include/account.php @@ -202,7 +202,7 @@ function create_account($arr) { // Set the parent record to the current record_id if no parent was provided if(! $parent) { - $r = q("update account set account_parent = %d where account_id = %d limit 1", + $r = q("update account set account_parent = %d where account_id = %d", intval($result['account']['account_id']), intval($result['account']['account_id']) ); @@ -367,16 +367,16 @@ function user_allow($hash) { if(! $account) return $ret; - $r = q("DELETE FROM register WHERE hash = '%s' LIMIT 1", + $r = q("DELETE FROM register WHERE hash = '%s'", dbesc($register[0]['hash']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) @@ -430,11 +430,11 @@ function user_deny($hash) { if(! $account) return false; - $r = q("DELETE FROM account WHERE account_id = %d LIMIT 1", + $r = q("DELETE FROM account WHERE account_id = %d", intval($register[0]['uid']) ); - $r = q("DELETE FROM `register` WHERE id = %d LIMIT 1", + $r = q("DELETE FROM `register` WHERE id = %d", dbesc($register[0]['id']) ); notice( sprintf(t('Registration revoked for %s'), $account[0]['account_email']) . EOL); @@ -463,21 +463,21 @@ function user_approve($hash) { if(! $account) return $ret; - $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify' LIMIT 1", + $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify'", dbesc($register[0]['hash']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), intval($register[0]['uid']) @@ -510,11 +510,12 @@ function user_approve($hash) { function downgrade_accounts() { - $r = q("select * from account where not ( account_flags & %d ) + $r = q("select * from account where not ( account_flags & %d )>0 and account_expires != '%s' - and account_expires < UTC_TIMESTAMP() ", + and account_expires < %s ", intval(ACCOUNT_EXPIRED), - dbesc(NULL_DATE) + dbesc(NULL_DATE), + db_getfunc('UTC_TIMESTAMP') ); if(! $r) @@ -527,7 +528,7 @@ function downgrade_accounts() { if(($basic) && ($rr['account_service_class']) && ($rr['account_service_class'] != $basic)) { $x = q("UPDATE account set account_service_class = '%s', account_expires = '%s' - where account_id = %d limit 1", + where account_id = %d", dbesc($basic), dbesc(NULL_DATE), intval($rr['account_id']) @@ -537,7 +538,7 @@ function downgrade_accounts() { logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' downgraded.'); } else { - $x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d limit 1", + $x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d", intval(ACCOUNT_EXPIRED), intval($rr['account_id']) ); diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 5adafff2c..243e7a549 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -171,7 +171,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" $tabindex >\r\n"; $r = q("SELECT abook_id, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash - where abook_flags = 0 or not ( abook_flags & %d ) and abook_channel = %d + where abook_flags = 0 or not ( abook_flags & %d )>0 and abook_channel = %d $sql_extra ORDER BY xchan_name ASC ", intval(ABOOK_FLAG_SELF), diff --git a/include/activities.php b/include/activities.php index d978ebcd6..d770ccb23 100644 --- a/include/activities.php +++ b/include/activities.php @@ -48,7 +48,11 @@ function profile_activity($changed, $value) { if($t == 1 && strlen($value)) { // if it's a url, the HTML quotes will mess it up, so link it and don't try and zidify it because we don't know what it points to. - $value = linkify($value); + $value = preg_replace_callback("/([^\]\='".'"'."]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'red_zrl_callback', $value); + // take out the bookmark indicator + if(substr($value,0,2) === '#^') + $value = str_replace('#^','',$value); + $message = sprintf( t('%1$s changed %2$s to “%3$s”'), $A, $changes, $value); $message .= "\n\n" . sprintf( t('Visit %1$s\'s %2$s'), $A, $prof); } diff --git a/include/api.php b/include/api.php index 9fe2ef47d..51de412cf 100644 --- a/include/api.php +++ b/include/api.php @@ -309,7 +309,7 @@ require_once('include/items.php'); return False; } else { $user = local_user(); - $extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " ) "; + $extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " )>0 "; } } @@ -336,7 +336,7 @@ require_once('include/items.php'); // count public wall messages $r = q("SELECT COUNT(`id`) as `count` FROM `item` WHERE `uid` = %d - AND ( item_flags & %d ) and item_restrict = 0 + AND ( item_flags & %d )>0 and item_restrict = 0 AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''", intval($usr[0]['channel_id']), intval(ITEM_WALL) @@ -363,7 +363,7 @@ require_once('include/items.php'); $countfollowers = $r[0]['count']; } - $r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d ) and uid = %d and item_restrict = 0", + $r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d )>0 and uid = %d and item_restrict = 0", intval($uinfo[0]['channel_id']), intval(ITEM_STARRED) ); @@ -1004,8 +1004,8 @@ require_once('include/items.php'); // at the network timeline just mark everything seen. if (api_user() == $user_info['uid']) { - $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d ) - WHERE item_flags & %d and uid = %d", + $r = q("UPDATE `item` SET item_flags = ( item_flags & ~%d ) + WHERE (item_flags & %d)>0 and uid = %d", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval($user_info['uid']) @@ -1062,10 +1062,10 @@ require_once('include/items.php'); and uid in ( " . stream_perms_api_uids() . " ) $sql_extra AND id > %d group by mid - order by received desc LIMIT %d, %d ", + order by received desc LIMIT %d OFFSET %d ", intval($since_id), - intval($start), - intval($count) + intval($count), + intval($start) ); xchan_query($r,true); @@ -1706,9 +1706,9 @@ require_once('include/items.php'); // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams. // This won't work if either of you send your stream to everybody on the network if($qtype == 'friends') - $sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); + $sql_extra = sprintf(" AND ( abook_their_perms & %d )>0 and ( abook_my_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); if($qtype == 'followers') - $sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); + $sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", intval(api_user()) @@ -1822,9 +1822,9 @@ require_once('include/items.php'); // This won't work if either of you send your stream to everybody on the network if($qtype == 'friends') - $sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); + $sql_extra = sprintf(" AND ( abook_their_perms & %d )>0 and ( abook_my_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); if($qtype == 'followers') - $sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); + $sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", intval(api_user()) @@ -1868,11 +1868,14 @@ require_once('include/items.php'); require_once("include/message.php"); - $r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'", + // in a decentralised world the screen name is ambiguous + + $r = q("SELECT `abook_id` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel`=%d and xchan_addr like '%s'", intval(api_user()), - dbesc($_POST['screen_name'])); + dbesc($_POST['screen_name'] . '@%') + ); - $recipient = api_get_user($a, $r[0]['id']); + $recipient = api_get_user($a, $r[0]['abook_id']); $replyto = ''; $sub = ''; if (x($_REQUEST,'replyto')) { @@ -1925,10 +1928,11 @@ require_once('include/items.php'); if ($page<0) $page=0; $start = $page*$count; - - $profile_url = $a->get_baseurl() . '/channel/' . $a->user['nickname']; + $channel = $a->get_channel(); + + $profile_url = $a->get_baseurl() . '/channel/' . $channel['channel_address']; if ($box=="sentbox") { - $sql_extra = "`from-url`='".dbesc( $profile_url )."'"; + $sql_extra = "`from_xchan`='".dbesc( $channel['channel_hash'] )."'"; } elseif ($box=="conversation") { $sql_extra = "`parent_mid`='".dbesc( $_GET["uri"] ) ."'"; @@ -1937,12 +1941,12 @@ require_once('include/items.php'); $sql_extra = "true"; } elseif ($box=="inbox") { - $sql_extra = "`from-url`!='".dbesc( $profile_url )."'"; + $sql_extra = "`from_xchan`!='".dbesc( $channel['channel_hash'] )."'"; } - $r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d", + $r = q("SELECT * FROM `mail` WHERE channel_id = %d AND $sql_extra ORDER BY created DESC LIMIT %d OFFSET %d", intval(api_user()), - intval($start), intval($count) + intval($count), intval($start) ); $ret = Array(); @@ -1950,10 +1954,12 @@ require_once('include/items.php'); foreach($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url){ $recipient = $user_info; - $sender = api_get_user($a,$item['contact-id']); + // fixme to lookup recipient + $sender = api_get_user($a); } elseif ($box == "sentbox" || $item['from-url'] != $profile_url){ - $recipient = api_get_user($a,$item['contact-id']); + // fixme to lookup recipient + $recipient = api_get_user($a); $sender = $user_info; } diff --git a/include/apps.php b/include/apps.php index cd0c2984e..e08e6a6f5 100644 --- a/include/apps.php +++ b/include/apps.php @@ -83,35 +83,37 @@ function parse_app_description($f) { $ret['target'] = str_replace(array('\'','"'),array(''','&dquot;'),$ret['target']); if(array_key_exists('requires',$ret)) { - $require = trim(strtolower($ret['requires'])); - switch($require) { - case 'nologin': - if(local_user()) - unset($ret); - break; - case 'admin': - if(! is_site_admin()) - unset($ret); - break; - case 'local_user': - if(! local_user()) - unset($ret); - break; - case 'public_profile': - if(! is_public_profile()) - unset($ret); - break; - case 'observer': - if(! $observer) - unset($ret); - break; - default: - if(! local_user() && feature_enabled(local_user(),$require)) - unset($ret); - break; + $requires = explode(',',$ret['requires']); + foreach($requires as $require) { + $require = trim(strtolower($require)); + switch($require) { + case 'nologin': + if(local_user()) + unset($ret); + break; + case 'admin': + if(! is_site_admin()) + unset($ret); + break; + case 'local_user': + if(! local_user()) + unset($ret); + break; + case 'public_profile': + if(! is_public_profile()) + unset($ret); + break; + case 'observer': + if(! $observer) + unset($ret); + break; + default: + if(! (local_user() && feature_enabled(local_user(),$require))) + unset($ret); + break; + } } -// logger('require: ' . print_r($ret,true)); } if($ret) { translate_system_apps($ret); @@ -189,34 +191,37 @@ function app_render($papp,$mode = 'view') { $papp['desc'] = str_replace(array('\'','"'),array(''','&dquot;'),$papp['desc']); if($k === 'requires') { - $require = trim(strtolower($v)); - switch($require) { - case 'nologin': - if(local_user()) - return ''; - break; - case 'admin': - if(! is_site_admin()) - return ''; - break; - case 'local_user': - if(! local_user()) - return ''; - break; - case 'public_profile': - if(! is_public_profile()) - return ''; - break; - case 'observer': - $observer = get_app()->get_observer(); - if(! $observer) - return ''; - break; - default: - if(! local_user() && feature_enabled(local_user(),$require)) - return ''; - break; + $requires = explode(',',$v); + foreach($requires as $require) { + $require = trim(strtolower($require)); + switch($require) { + case 'nologin': + if(local_user()) + return ''; + break; + case 'admin': + if(! is_site_admin()) + return ''; + break; + case 'local_user': + if(! local_user()) + return ''; + break; + case 'public_profile': + if(! is_public_profile()) + return ''; + break; + case 'observer': + $observer = get_app()->get_observer(); + if(! $observer) + return ''; + break; + default: + if(! (local_user() && feature_enabled(local_user(),$require))) + return ''; + break; + } } } @@ -267,7 +272,7 @@ function app_install($uid,$app) { function app_destroy($uid,$app) { if($uid && $app['guid']) { - $r = q("delete from app where app_id = '%s' and app_channel = %d limit 1", + $r = q("delete from app where app_id = '%s' and app_channel = %d", dbesc($app['guid']), intval($uid) ); @@ -388,7 +393,7 @@ function app_update($arr) { $darray['app_page'] = ((x($arr,'page')) ? escape_tags($arr['page']) : ''); $darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : ''); - $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d limit 1", + $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d", dbesc($darray['app_sig']), dbesc($darray['app_author']), dbesc($darray['app_name']), diff --git a/include/attach.php b/include/attach.php index 6bce617cd..a76dd4b28 100644 --- a/include/attach.php +++ b/include/attach.php @@ -400,11 +400,11 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $created = datetime_convert(); if($options === 'replace') { - $r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1", + $r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d", dbesc($filename), dbesc($mimetype), intval($filesize), - dbesc(@file_get_contents($src)), + dbescbin(@file_get_contents($src)), dbesc($created), intval($existing_id), intval($channel_id) @@ -421,7 +421,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { dbesc($mimetype), intval($filesize), intval($x[0]['revision'] + 1), - dbesc(@file_get_contents($src)), + dbescbin(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), @@ -432,7 +432,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { } elseif($options === 'update') { $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', - allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1", + allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d", dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']), dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']), dbesc($created), @@ -455,7 +455,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { dbesc($mimetype), intval($filesize), intval(0), - dbesc(@file_get_contents($src)), + dbescbin(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'), @@ -517,7 +517,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { if(count($paths) > 1) { $curpath = array_shift($paths); - $r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id) . " limit 1", + $r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id) . " limit 1", intval($channel_id), dbesc($curpath), intval(ATTACH_FLAG_DIR) @@ -533,7 +533,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { else $paths = array($pathname); - $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id), + $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d )>0 " . permissions_sql($channel_id), intval($channel_id), dbesc($parent_hash), dbesc($paths[0]), @@ -567,6 +567,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { * $arr['deny_cid'] * $arr['deny_gid'] */ + function attach_mkdir($channel, $observer_hash, $arr = null) { $ret = array('success' => false); @@ -617,7 +618,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $sql_options = permissions_sql($channel['channel_id']); do { - $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 $sql_options limit 1", intval($channel['channel_id']), dbesc($lfile), @@ -669,7 +670,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $ret['data'] = $arr; // update the parent folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($created), dbesc($arr['folder']), intval($channel_id) @@ -716,13 +717,13 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi ); if($r) { foreach($r as $rr) { - attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $recurse); + attach_change_permissions($channel_id, $rr['hash'], $allow_cid, $allow_gid, $deny_cid, $deny_gid, $recurse); } } } } - $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d limit 1", + $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d", dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), @@ -790,13 +791,13 @@ function attach_delete($channel_id, $resource) { } // delete from database - $z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", + $z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d", dbesc($resource), intval($channel_id) ); // update the parent folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc(datetime_convert()), dbesc($r[0]['folder']), intval($channel_id) @@ -831,7 +832,7 @@ function get_cloudpath($arr) { $lfile = $arr['folder']; do { - $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 limit 1", intval($arr['uid']), dbesc($lfile), diff --git a/include/auth.php b/include/auth.php index 8f68fc562..c4bbaf546 100644 --- a/include/auth.php +++ b/include/auth.php @@ -41,6 +41,9 @@ function nuke_session() { /** * @brief Verify login credentials. * + * If system <i>authlog</i> is set a log entry will be added for failed login + * attempts. + * * @param string $email * The email address to verify. * @param string $pass @@ -88,14 +91,25 @@ function account_verify_password($email, $pass) { if($record['account_flags'] & ACCOUNT_PENDING) logger('Account is pending. account_flags = ' . $record['account_flags']); - // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention - $authlog = get_config('system', 'authlog'); - if ($authlog) - @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); + log_failed_login($error); return null; } +/** + * @brief Log failed logins to a separate auth log. + * + * Can be used to reduce overhead for server side intrusion prevention, like + * parse the authlog file with something like fail2ban, OSSEC, etc. + * + * @param string $errormsg + * Error message to display for failed login. + */ +function log_failed_login($errormsg) { + $authlog = get_config('system', 'authlog'); + if ($authlog) + @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $errormsg . PHP_EOL, FILE_APPEND); +} /** * Inline - not a function @@ -123,7 +137,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && // if our authenticated guest is allowed to take control of the admin channel, make it so. $admins = get_config('system', 'remote_admin'); if($admins && is_array($admins) && in_array($_SESSION['visitor_id'], $admins)) { - $x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d ) limit 1", + $x = q("select * from account where account_email = '%s' and account_email != '' and ( account_flags & %d )>0 limit 1", dbesc(get_config('system', 'admin_email')), intval(ACCOUNT_ROLE_ADMIN) ); @@ -269,7 +283,7 @@ else { @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); notice( t('Login failed.') . EOL ); - goaway(z_root()); + goaway(z_root() . '/login'); } // If the user specified to remember the authentication, then change the cookie diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php index 8a178d1ac..5c93ac3aa 100644 --- a/include/bb2diaspora.php +++ b/include/bb2diaspora.php @@ -116,22 +116,11 @@ function diaspora_mention_callback($matches) { function diaspora2bb($s,$use_zrl = false) { + $s = str_replace("
","\r",$s); $s = str_replace("
\n>","",$s); $s = html_entity_decode($s,ENT_COMPAT,'UTF-8'); - // Too many new lines. So deactivated the following line - // $s = str_replace("\r","\n",$s); - // Simply remove cr. - $s = str_replace("\r","",$s); - - // <br/> is invalid. Replace it with the valid expression - $s = str_replace("<br/>","<br />",$s); - $s = str_replace("\n","<br />",$s); - - -// $s = preg_replace('/\@\{(.+?)\; (.+?)\@(.+?)\}/','@[url=https://$3/u/$2]$1[/url]',$s); - // first try plustags $s = preg_replace_callback('/\@\{(.+?)\; (.+?)\@(.+?)\}\+/','diaspora_mention_callback',$s); @@ -143,16 +132,13 @@ function diaspora2bb($s,$use_zrl = false) { // This seems to work $s = preg_replace('/\#([^\s\#])/','#$1',$s); - $s = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$s); - $s = Markdown($s); + $s = str_replace("\r","",$s); + $s = str_replace('#','#',$s); -// we seem to have double linebreaks -// $s = str_replace("\n",'<br />',$s); $s = html2bbcode($s); -// $s = str_replace('*','*',$s); // protect the recycle symbol from turning into a tag, but without unescaping angles and naked ampersands $s = str_replace('♲',html_entity_decode('♲',ENT_QUOTES,'UTF-8'),$s); @@ -175,10 +161,6 @@ function diaspora2bb($s,$use_zrl = false) { // remove duplicate adjacent code tags $s = preg_replace("/(\[code\])+(.*?)(\[\/code\])+/ism","[code]$2[/code]", $s); - - $s = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$s); - - // Don't show link to full picture (until it is fixed) $s = scale_external_images($s, false); @@ -277,7 +259,7 @@ function bb2diaspora_itemwallwall(&$item) { } if(($item['mid'] == $item['parent_mid']) && ($item['author_xchan'] != $item['owner_xchan']) && (is_array($item['author']))) { - logger('bb2diaspora_itemwallwall: author: ' . print_r($item['author'],true), LOGGER_DEBUG); + logger('bb2diaspora_itemwallwall: author: ' . print_r($item['author'],true), LOGGER_DATA); } if(($item['mid'] == $item['parent_mid']) && ($item['author_xchan'] != $item['owner_xchan']) && (is_array($item['author'])) && $item['author']['xchan_url'] && $item['author']['xchan_name'] && $item['author']['xchan_photo_m']) { @@ -388,7 +370,7 @@ function bb2diaspora_itembody($item,$force_update = false) { } } - logger('bb2diaspora_itembody : ' . $body); +// logger('bb2diaspora_itembody : ' . $body, LOGGER_DATA); return html_entity_decode($body); @@ -462,7 +444,7 @@ function format_event_diaspora($ev) { $bd_format = t('l F d, Y \@ g:i A') ; // Friday January 18, 2011 @ 8 AM - $o = 'Friendica event notification:' . "\n"; + $o = t('Redmatrix event notification:') . "\n"; $o .= '**' . (($ev['summary']) ? bb2diaspora($ev['summary']) : bb2diaspora($ev['desc'])) . '**' . "\n"; diff --git a/include/bbcode.php b/include/bbcode.php index 6b7217f91..030a1fb49 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -22,7 +22,7 @@ function tryzrlaudio($match) { $zrl = is_matrix_url($link); if($zrl) $link = zid($link); - return '<audio src="' . $link . '" controls="controls" ><a href="' . $link . '">' . $link . '</a></audio>'; + return '<audio src="' . str_replace(' ','%20',$link) . '" controls="controls" ><a href="' . str_replace(' ','%20',$link) . '">' . $link . '</a></audio>'; } function tryzrlvideo($match) { @@ -30,7 +30,7 @@ function tryzrlvideo($match) { $zrl = is_matrix_url($link); if($zrl) $link = zid($link); - return '<video controls="controls" src="' . $link . '" style="width:100%; max-width:' . get_app()->videowidth . 'px"><a href="' . $link . '">' . $link . '</a></video>'; + return '<video controls="controls" src="' . str_replace(' ','%20',$link) . '" style="width:100%; max-width:' . get_app()->videowidth . 'px"><a href="' . str_replace(' ','%20',$link) . '">' . $link . '</a></video>'; } @@ -278,6 +278,17 @@ function rpost_callback($match) { } } +function bb_map_coords($match) { + // the extra space in the following line is intentional + return str_replace($match[0],'<div class="map" >' . generate_map(str_replace('/',' ',$match[1])) . '</div>', $match[0]); +} + +function bb_map_location($match) { + // the extra space in the following line is intentional + return str_replace($match[0],'<div class="map" >' . generate_named_map($match[1]) . '</div>', $match[0]); +} + + function bb_sanitize_style($input) { //whitelist property limits (0 = no limitation) $w = array( // color properties @@ -357,11 +368,6 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { $Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_spacefy',$Text); } -// Not yet implemented - thinking this should display a map or perhaps be a map directive -// if (strpos($Text,'[location]') !== false) { -// $Text = preg_replace_callback("/\[location\](.*?)\[\/location\]/ism", 'bb_location',$Text); -// } - // If we find any event code, turn it into an event. @@ -431,14 +437,16 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { // replace [observer.baseurl] if ($observer) { + $s1 = '<span class="bb_observer" title="' . t('Different viewers will see this text differently') . '">'; + $s2 = '</span>'; $obsBaseURL = $observer['xchan_connurl']; $obsBaseURL = preg_replace("/\/poco\/.*$/", '', $obsBaseURL); $Text = str_replace('[observer.baseurl]', $obsBaseURL, $Text); $Text = str_replace('[observer.url]',$observer['xchan_url'], $Text); - $Text = str_replace('[observer.name]',$observer['xchan_name'], $Text); - $Text = str_replace('[observer.address]',$observer['xchan_addr'], $Text); - $Text = str_replace('[observer.webname]',substr($observer['xchan_addr'],0,strpos($observer['xchan_addr'],'@')), $Text); - $Text = str_replace('[observer.photo]','[zmg]'.$observer['xchan_photo_l'].'[/zmg]', $Text); + $Text = str_replace('[observer.name]',$s1 . $observer['xchan_name'] . $s2, $Text); + $Text = str_replace('[observer.address]',$s1 . $observer['xchan_addr'] . $s2, $Text); + $Text = str_replace('[observer.webname]',$s1 . substr($observer['xchan_addr'],0,strpos($observer['xchan_addr'],'@')) . $s2, $Text); + $Text = str_replace('[observer.photo]',$s1 . '[zmg]'.$observer['xchan_photo_l'].'[/zmg]' . $s2, $Text); } else { $Text = str_replace('[observer.baseurl]', '', $Text); $Text = str_replace('[observer.url]','', $Text); @@ -490,6 +498,22 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1">$1</a>', $Text); $Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '<a href="mailto:$1">$2</a>', $Text); } + + // leave open the posibility of [map=something] + // this is replaced in prepare_body() which has knowledge of the item location + + if (strpos($Text,'[/map]') !== false) { + $Text = preg_replace_callback("/\[map\](.*?)\[\/map\]/ism",'bb_map_location',$Text); + } + + if (strpos($Text,'[map=') !== false) { + $Text = preg_replace_callback("/\[map=(.*?)\]/ism",'bb_map_coords',$Text); + } + + if (strpos($Text,'[map]') !== false) { + $Text = preg_replace("/\[map\]/", '<div class="map"></div>', $Text); + } + // Check for bold text if (strpos($Text,'[b]') !== false) { $Text = preg_replace("(\[b\](.*?)\[\/b\])ism",'<strong>$1</strong>',$Text); diff --git a/include/cache.php b/include/cache.php index a70650b5e..4a3f453e1 100644 --- a/include/cache.php +++ b/include/cache.php @@ -21,7 +21,7 @@ dbesc($key) ); if($r) { - q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s' limit 1", + q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s'", dbesc($value), dbesc(datetime_convert()), dbesc($key)); diff --git a/include/chat.php b/include/chat.php index 5c3d0c9d9..533c03dde 100644 --- a/include/chat.php +++ b/include/chat.php @@ -77,7 +77,7 @@ function chatroom_destroy($channel,$arr) { return $ret; } - q("delete from chatroom where cr_id = %d limit 1", + q("delete from chatroom where cr_id = %d", intval($r[0]['cr_id']) ); if($r[0]['cr_id']) { @@ -129,8 +129,11 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) { } if(intval($x[0]['cr_expire'])) { - $sql = "delete from chat where created < UTC_TIMESTAMP() - INTERVAL " . intval($x[0]['cr_expire']) . " MINUTE and chat_room = " . intval($x[0]['cr_id']); - $r = q($sql); + $r = q("delete from chat where created < %s - INTERVAL %s and chat_room = %d", + db_utcnow(), + db_quoteinterval( intval($x[0]['cr_expire']) . ' MINUTE' ), + intval($x[0]['cr_id']) + ); } $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", @@ -138,7 +141,7 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) { intval($room_id) ); if($r) { - q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s' limit 1", + q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s'", dbesc(datetime_convert()), intval($r[0]['cp_id']), dbesc($client) @@ -169,7 +172,7 @@ function chatroom_leave($observer_xchan,$room_id,$client) { dbesc($client) ); if($r) { - q("delete from chatpresence where cp_id = %d limit 1", + q("delete from chatpresence where cp_id = %d", intval($r[0]['cp_id']) ); } diff --git a/include/cli_startup.php b/include/cli_startup.php index f90a75cd1..027d62953 100644 --- a/include/cli_startup.php +++ b/include/cli_startup.php @@ -19,8 +19,8 @@ function cli_startup() { date_default_timezone_set($a->timezone); require_once('include/dba/dba_driver.php'); - $db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data); - unset($db_host, $db_port, $db_user, $db_pass, $db_data); + $db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); + unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); }; require_once('include/session.php'); diff --git a/include/config.php b/include/config.php index 3292059d1..87b91e51a 100644 --- a/include/config.php +++ b/include/config.php @@ -154,7 +154,7 @@ function set_config($family, $key, $value) { return $ret; } - $ret = q("UPDATE config SET v = '%s' WHERE cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("UPDATE config SET v = '%s' WHERE cat = '%s' AND k = '%s'", dbesc($dbvalue), dbesc($family), dbesc($key) @@ -185,7 +185,7 @@ function del_config($family, $key) { if(array_key_exists($family, $a->config) && array_key_exists($key, $a->config[$family])) unset($a->config[$family][$key]); - $ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s'", dbesc($family), dbesc($key) ); @@ -212,7 +212,7 @@ function load_pconfig($uid) { if(! array_key_exists($uid, $a->config)) $a->config[$uid] = array(); - $r = q("SELECT * FROM `pconfig` WHERE `uid` = %d", + $r = q("SELECT * FROM pconfig WHERE uid = %d", intval($uid) ); @@ -318,7 +318,7 @@ function set_pconfig($uid, $family, $key, $value) { return $ret; } - $ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s'", dbesc($dbvalue), intval($uid), dbesc($family), @@ -362,7 +362,7 @@ function del_pconfig($uid, $family, $key) { if(x($a->config[$uid][$family], $key)) unset($a->config[$uid][$family][$key]); - $ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'", intval($uid), dbesc($family), dbesc($key) @@ -390,7 +390,7 @@ function load_xconfig($xchan) { if(! array_key_exists($xchan, $a->config)) $a->config[$xchan] = array(); - $r = q("SELECT * FROM `xconfig` WHERE `xchan` = '%s'", + $r = q("SELECT * FROM xconfig WHERE xchan = '%s'", dbesc($xchan) ); @@ -483,7 +483,7 @@ function set_xconfig($xchan, $family, $key, $value) { return $ret; } - $ret = q("UPDATE xconfig SET v = '%s' WHERE xchan = '%s' and cat = '%s' AND k = '%s' LIMIT 1", + $ret = q("UPDATE xconfig SET v = '%s' WHERE xchan = '%s' and cat = '%s' AND k = '%s'", dbesc($dbvalue), dbesc($xchan), dbesc($family), @@ -517,7 +517,7 @@ function del_xconfig($xchan, $family, $key) { if(x($a->config[$xchan][$family], $key)) unset($a->config[$xchan][$family][$key]); - $ret = q("DELETE FROM `xconfig` WHERE `xchan` = '%s' AND `cat` = '%s' AND `k` = '%s' LIMIT 1", + $ret = q("DELETE FROM xconfig WHERE xchan = '%s' AND cat = '%s' AND k = '%s'", dbesc($xchan), dbesc($family), dbesc($key) diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 28a9fcfd3..ee9394e95 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -29,8 +29,7 @@ function findpeople_widget() { '$random' => t('Random Profile'), '$inv' => t('Invite Friends'), '$advanced_search' => $advanced_search, - '$advanced_hint' => t('Exammple: name=fred and country=iceland'), - '$find_advanced' => t('Advanced Find'), + '$advanced_hint' => "\r\n" . t('Advanced example: name=fred and country=iceland'), '$loggedin' => local_user() )); diff --git a/include/conversation.php b/include/conversation.php index 48fe8af60..a2fb3d162 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -419,8 +419,6 @@ function visible_activity($item) { function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $prepared_item = '') { - $tstart = dba_timer(); - $t0 = $t1 = $t2 = $t3 = $t4 = $t5 = $t6 = null; $content_html = ''; $o = ''; @@ -433,13 +431,18 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ $arr_blocked = null; - if(local_user()) { + if(local_user()) $str_blocked = get_pconfig(local_user(),'system','blocked'); - if($str_blocked) { + if(! local_user() && ($mode == 'network')) { + $sys = get_sys_channel(); + $id = $sys['channel_id']; + $str_blocked = get_pconfig($id,'system','blocked'); + } + + if($str_blocked) { $arr_blocked = explode(',',$str_blocked); for($x = 0; $x < count($arr_blocked); $x ++) - $arr_blocked[$x] = trim($arr_blocked[$x]); - } + $arr_blocked[$x] = trim($arr_blocked[$x]); } @@ -452,8 +455,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ if($mode === 'network') { - $t1 = dba_timer(); - $profile_owner = local_user(); $page_writeable = true; @@ -665,7 +666,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ $body = prepare_body($item,true); - //$tmp_item = replace_macros($tpl,array( $tmp_item = array( 'template' => $tpl, 'toplevel' => 'toplevel_item', @@ -790,29 +790,21 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ $item['pagedrop'] = $page_dropping; if($item['id'] == $item['parent']) { -// $tx1 = dba_timer(); + $item_object = new Item($item); $conv->add_thread($item_object); - if($page_mode === 'list') + if($page_mode === 'list') { $item_object->set_template('conv_list.tpl'); - -// $tx2 = dba_timer(); -// if($mode === 'network') -// profiler($tx1,$tx2,'add thread ' . $item['id']); + $item_object->set_display_mode('list'); + } } } - $t2 = dba_timer(); + $threads = $conv->get_template_data($alike, $dlike); if(!$threads) { logger('[ERROR] conversation : Failed to get template data.', LOGGER_DEBUG); $threads = array(); } - $t3 = dba_timer(); - if($mode === 'network') { - profiler($t1,$t2,'Conversation prepare'); - profiler($t2,$t3,'Conversation get_template'); - } - } } @@ -848,14 +840,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ '$dropping' => ($page_dropping?t('Delete Selected Items'):False), )); - if($mode === 'network') { - $t4 = dba_timer(); - profiler($t3,$t4,'conversation template'); - } - - if($page_mode === 'preview') - logger('preview: ' . $o); - return $o; } @@ -905,15 +889,18 @@ function item_photo_menu($item){ $vsrc_link = ""; $follow_url = ""; - if(local_user()) { + + $local_user = local_user(); + + if($local_user) { $ssl_state = true; if(! count($a->contacts)) - load_contact_links(local_user()); + load_contact_links($local_user); $channel = $a->get_channel(); $channel_hash = (($channel) ? $channel['channel_hash'] : ''); } - if((local_user()) && local_user() == $item['uid']) { + if(($local_user) && $local_user == $item['uid']) { $vsrc_link = 'javascript:viewsrc(' . $item['id'] . '); return false;'; if($item['parent'] == $item['id'] && $channel && ($channel_hash != $item['author_xchan'])) { $sub_link = 'javascript:dosubthread(' . $item['id'] . '); return false;'; @@ -921,17 +908,19 @@ function item_photo_menu($item){ } $profile_link = chanlink_hash($item['author_xchan']); - $pm_url = $a->get_baseurl($ssl_state) . '/mail/new/?f=&hash=' . $item['author_xchan']; + if($item['uid'] > 0) + $pm_url = $a->get_baseurl($ssl_state) . '/mail/new/?f=&hash=' . $item['author_xchan']; if($a->contacts && array_key_exists($item['author_xchan'],$a->contacts)) $contact = $a->contacts[$item['author_xchan']]; else - if(local_user() && $item['author']['xchan_addr']) + if($local_user && $item['author']['xchan_addr']) $follow_url = z_root() . '/follow/?f=&url=' . $item['author']['xchan_addr']; if($contact) { $poke_link = $a->get_baseurl($ssl_state) . '/poke/?f=&c=' . $contact['abook_id']; - $contact_url = $a->get_baseurl($ssl_state) . '/connedit/' . $contact['abook_id']; + if (!($contact['abook_flags'] & ABOOK_FLAG_SELF)) + $contact_url = $a->get_baseurl($ssl_state) . '/connedit/' . $contact['abook_id']; $posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $contact['abook_id']; $clean_url = normalise_link($item['author-link']); @@ -1110,8 +1099,8 @@ function status_editor($a,$x,$popup=false) { $jotplugins = ''; $jotnets = ''; - - $preview = ((feature_enabled($x['profile_uid'],'preview')) ? t('Preview') : ''); + $preview = t('Preview'); +// $preview = ((feature_enabled($x['profile_uid'],'preview')) ? t('Preview') : ''); if(x($x,'nopreview')) $preview = ''; @@ -1143,13 +1132,13 @@ function status_editor($a,$x,$popup=false) { '$shortaudio' => t('audio link'), '$setloc' => t('Set your location'), '$shortsetloc' => t('set location'), - '$noloc' => t('Clear browser location'), + '$noloc' => ((get_pconfig($x['profile_uid'],'system','use_browser_location')) ? t('Clear browser location') : ''), '$shortnoloc' => t('clear location'), '$title' => ((x($x,'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''), - '$placeholdertitle' => t('Set title'), + '$placeholdertitle' => t('Title (optional)'), '$catsenabled' => ((feature_enabled($x['profile_uid'],'categories') && (! $webpage)) ? 'categories' : ''), '$category' => "", - '$placeholdercategory' => t('Categories (comma-separated list)'), + '$placeholdercategory' => t('Categories (optional, comma-separated list)'), '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$shortpermset' => t('permissions'), @@ -1493,8 +1482,12 @@ function network_tabs() { function profile_tabs($a, $is_owner=False, $nickname=Null){ - //echo "<pre>"; var_dump($a->user); killme(); - + + // Don't provide any profile tabs if we're running as the sys channel + + if($a->is_sys) + return; + $channel = $a->get_channel(); if (is_null($nickname)) @@ -1551,16 +1544,18 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){ ); } - require_once('include/chat.php'); - $has_chats = chatroom_list_count($uid); - if ($has_chats) { - $tabs[] = array( - 'label' => t('Chatrooms'), - 'url' => $a->get_baseurl() . '/chat/' . $nickname, - 'sel' => ((argv(0) == 'chat') ? 'active' : '' ), - 'title' => t('Chatrooms'), - 'id' => 'chat-tab', - ); + if($p['chat']) { + require_once('include/chat.php'); + $has_chats = chatroom_list_count($uid); + if ($has_chats) { + $tabs[] = array( + 'label' => t('Chatrooms'), + 'url' => $a->get_baseurl() . '/chat/' . $nickname, + 'sel' => ((argv(0) == 'chat') ? 'active' : '' ), + 'title' => t('Chatrooms'), + 'id' => 'chat-tab', + ); + } } require_once('include/menu.php'); diff --git a/include/datetime.php b/include/datetime.php index fe0f29c7a..346d03bd4 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -14,25 +14,17 @@ function timezone_cmp($a, $b) { return ( t($a) < t($b)) ? -1 : 1; } -// emit a timezone selector grouped (primarily) by continent - -function select_timezone($current = 'America/Los_Angeles') { - +// Return timezones grouped (primarily) by continent +function get_timezones( ){ $timezone_identifiers = DateTimeZone::listIdentifiers(); - - $o ='<select id="timezone_select" name="timezone">'; usort($timezone_identifiers, 'timezone_cmp'); $continent = ''; + $continents = array(); foreach($timezone_identifiers as $value) { $ex = explode("/", $value); if(count($ex) > 1) { - if($ex[0] != $continent) { - if($continent != '') - $o .= '</optgroup>'; - $continent = $ex[0]; - $o .= '<optgroup label="' . t($continent) . '">'; - } + $continent = t($ex[0]); if(count($ex) > 2) $city = substr($value,strpos($value,'/')+1); else @@ -40,35 +32,14 @@ function select_timezone($current = 'America/Los_Angeles') { } else { $city = $ex[0]; - if($continent != t('Miscellaneous')) { - $o .= '</optgroup>'; - $continent = t('Miscellaneous'); - $o .= '<optgroup label="' . t($continent) . '">'; - } + $continent = t('Miscellaneous'); } $city = str_replace('_', ' ', t($city)); - $selected = (($value == $current) ? " selected=\"selected\" " : ""); - $o .= "<option value=\"$value\" $selected >$city</option>"; - } - $o .= '</optgroup></select>'; - return $o; -} - -// return a select using 'field_select_raw' template, with timezones -// groupped (primarily) by continent -// arguments follow convetion as other field_* template array: -// 'name', 'label', $value, 'help' -function field_timezone($name='timezone', $label='', $current = 'America/Los_Angeles', $help){ - $options = select_timezone($current); - $options = str_replace('<select id="timezone_select" name="timezone">','', $options); - $options = str_replace('</select>','', $options); - - $tpl = get_markup_template('field_select_raw.tpl'); - return replace_macros($tpl, array( - '$field' => array($name, $label, $current, $help, $options), - )); - + if(!x($continents,$ex[0])) $continents[$ex[0]] = array(); + $continents[$continent][$value] = $city; + } + return $continents; } // General purpose date parse/convert function. @@ -134,7 +105,17 @@ function dob($dob) { if(! $f) $f = 'ymd'; - $o = datesel($f,mktime(0,0,0,0,0,1900),mktime(),mktime(0,0,0,$month,$day,$year),'dob'); + if($dob === '0000-00-00') + $value = ''; + else + $value = (($year) ? datetime_convert('UTC','UTC',$dob,'Y-m-d') : datetime_convert('UTC','UTC',$dob,'m-d')); + + $o = '<input type="text" name="dob" value="' . $value . '" placeholder="' . t('YYYY-MM-DD or MM-DD') . '" />'; + +// if ($dob && $dob != '0000-00-00') +// $o = datesel($f,mktime(0,0,0,0,0,1900),mktime(),mktime(0,0,0,$month,$day,$year),'dob'); +// else +// $o = datesel($f,mktime(0,0,0,0,0,1900),mktime(),false,'dob'); return $o; } @@ -153,12 +134,12 @@ function dob($dob) { * @param $id * id and name of datetimepicker (defaults to "datetimepicker") */ -function datesel($format, $min, $max, $default,$id = 'datepicker') { - return datetimesel($format,$min,$max,$default,$id,true,false); +function datesel($format, $min, $max, $default, $id = 'datepicker') { + return datetimesel($format,$min,$max,$default,$id,true,false, '',''); } /** - * returns a date selector + * returns a time selector * @param $format * format string, e.g. 'ymd' or 'mdy'. Not currently supported * @param $h @@ -168,8 +149,8 @@ function datesel($format, $min, $max, $default,$id = 'datepicker') { * @param $id * id and name of datetimepicker (defaults to "timepicker") */ -function timesel($format,$h,$m,$id='timepicker') { - return datetimesel($format,mktime(),mktime(),mktime($h,$m),$id,false,true); +function timesel($format, $h, $m, $id='timepicker') { + return datetimesel($format,new DateTime(),new DateTime(),new DateTime("$h:$m"),$id,false,true); } /** @@ -194,31 +175,42 @@ function timesel($format,$h,$m,$id='timepicker') { * set maximum date from picker with id $maxfrom (none by default) */ function datetimesel($format, $min, $max, $default, $id = 'datetimepicker', $pickdate = true, $picktime = true, $minfrom = '', $maxfrom = '') { + // Once browser support is better this could probably be replaced with native HTML5 date picker $o = ''; $dateformat = ''; - if($pickdate) $dateformat .= 'YYYY-MM-DD'; + + if($pickdate) $dateformat .= 'Y-m-d'; if($pickdate && $picktime) $dateformat .= ' '; - if($picktime) $dateformat .= 'HH:mm'; + if($picktime) $dateformat .= 'H:i'; - $mindate = $min ? "new Date($min*1000)" : ''; - $maxdate = $max ? "new Date($max*1000)" : ''; + $minjs = $min ? ",minDate: new Date({$min->getTimestamp()}*1000), yearStart: " . $min->format('Y') : ''; + $maxjs = $max ? ",maxDate: new Date({$max->getTimestamp()}*1000), yearEnd: " . $max->format('Y') : ''; - $defaultDate = $default ? ", defaultDate: new Date($default*1000)" : ''; + $input_text = $default ? 'value="' . date($dateformat, $default->getTimestamp()) . '"' : ''; + $defaultdatejs = $default ? ",defaultDate: new Date({$default->getTimestamp()}*1000)" : ''; $pickers = ''; - if(!$pickdate) $pickers .= 'pickDate: false,'; - if(!$picktime) $pickers .= 'pickTime: false,'; + if(!$pickdate) $pickers .= ',datepicker: false'; + if(!$picktime) $pickers .= ',timepicker: false'; $extra_js = ''; if($minfrom != '') - $extra_js .= "\$('#$minfrom').on('dp.change',function (e) { \$('#$id').data('DateTimePicker').setMinDate(e.date); });"; + $extra_js .= "\$('#$minfrom').data('xdsoft_datetimepicker').setOptions({onChangeDateTime: function (currentDateTime) { \$('#$id').data('xdsoft_datetimepicker').setOptions({minDate: currentDateTime})}})"; if($maxfrom != '') - $extra_js .= "\$('#$maxfrom').on('dp.change',function (e) { \$('#$id').data('DateTimePicker').setMaxDate(e.date); });"; - - $o .= "<div class='date' id='$id'><input type='text' placeholder='$dateformat' name='$id'/></div>"; - $o .= "<script type='text/javascript'>\$(function () {\$('#$id').datetimepicker({sideBySide: true, $pickers minDate: $mindate, maxDate: $maxdate, format: '$dateformat', useCurrent: false $defaultDate}); $extra_js});</script>"; + $extra_js .= "\$('#$maxfrom').data('xdsoft_datetimepicker').setOptions({onChangeDateTime: function (currentDateTime) { \$('#$id').data('xdsoft_datetimepicker').setOptions({maxDate: currentDateTime})}})"; + + $readable_format = $dateformat; + $readable_format = str_replace('Y','yyyy',$readable_format); + $readable_format = str_replace('m','mm',$readable_format); + $readable_format = str_replace('d','dd',$readable_format); + $readable_format = str_replace('H','HH',$readable_format); + $readable_format = str_replace('i','MM',$readable_format); + + $o .= "<div class='date'><input type='text' placeholder='$readable_format' name='$id' id='$id' $input_text />"; + $o .= '</div>'; + $o .= "<script type='text/javascript'>\$(function () {var picker = \$('#$id').datetimepicker({step:5,format:'$dateformat' $minjs $maxjs $pickers $defaultdatejs}); $extra_js})</script>"; return $o; } @@ -450,7 +442,10 @@ function update_birthdays() { require_once('include/permissions.php'); $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_dob > utc_timestamp() + interval 7 day and abook_dob < utc_timestamp() + interval 14 day"); + WHERE abook_dob > %s + interval %s and abook_dob < %s + interval %s", + db_utcnow(), db_quoteinterval('7 day'), + db_utcnow(), db_quoteinterval('14 day') + ); if($r) { foreach($r as $rr) { @@ -472,7 +467,7 @@ function update_birthdays() { $z = event_store_event($ev); if($z) { $item_id = event_store_item($ev,$z); - q("update abook set abook_dob = '%s' where abook_id = %d limit 1", + q("update abook set abook_dob = '%s' where abook_id = %d", dbesc(intval($rr['abook_dob']) + 1 . substr($rr['abook_dob'],4)), intval($rr['abook_id']) ); diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index 3e19b7aa4..4a0f5e37b 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -1,42 +1,134 @@ -<?php /** @file */ +<?php +/** + * @file dba_driver.php + * @brief some database related functions and abstract driver class. + * + * This file contains the abstract database driver class dba_driver and some + * functions for working with databases. + */ -function dba_factory($server, $port,$user,$pass,$db,$install = false) { +/** + * @brief Returns the database driver object. + * + * If available it will use PHP's mysqli otherwise mysql driver. + * + * @param string $server DB server name + * @param string $port DB port + * @param string $user DB username + * @param string $pass DB password + * @param string $db database name + * @param string $dbtype 0 for mysql, 1 for postgres + * @param bool $install Defaults to false + * @return null|dba_driver A database driver object (dba_mysql|dba_mysqli) or null if no driver found. + */ +function dba_factory($server, $port,$user,$pass,$db,$dbtype,$install = false) { $dba = null; - if(class_exists('mysqli')) { - if (is_null($port)) $port = ini_get("mysqli.default_port"); - require_once('include/dba/dba_mysqli.php'); - $dba = new dba_mysqli($server, $port,$user,$pass,$db,$install); - } - else { - if (is_null($port)) $port = "3306"; - require_once('include/dba/dba_mysql.php'); - $dba = new dba_mysql($server, $port,$user,$pass,$db,$install); + + $dbtype = intval($dbtype); + + if($dbtype == DBTYPE_POSTGRES) { + require_once('include/dba/dba_postgres.php'); + if(is_null($port)) $port = 5432; + $dba = new dba_postgres($server, $port, $user, $pass, $db, $install); + } else { + if(class_exists('mysqli')) { + if (is_null($port)) $port = ini_get("mysqli.default_port"); + require_once('include/dba/dba_mysqli.php'); + $dba = new dba_mysqli($server, $port,$user,$pass,$db,$install); + } else { + if (is_null($port)) $port = "3306"; + require_once('include/dba/dba_mysql.php'); + $dba = new dba_mysql($server, $port,$user,$pass,$db,$install); + } } + define('NULL_DATE', $dba->get_null_date()); + define('ACTIVE_DBTYPE', $dbtype); return $dba; } - +/** + * @brief abstract database driver class. + * + * This class gets extended by the real database driver classes, e.g. dba_mysql, + * dba_mysqli. + */ abstract class dba_driver { - + // legacy behavior + const INSTALL_SCRIPT='install/schema_mysql.sql'; + const NULL_DATE = '0000-00-00 00:00:00'; + const UTC_NOW = 'UTC_TIMESTAMP()'; + protected $debug = 0; protected $db; public $connected = false; public $error = false; - abstract function connect($server, $port, $user,$pass,$db); + /** + * @brief Connect to the database. + * + * This abstract function needs to be implemented in the real driver. + * + * @param string $server DB server name + * @param string $port DB port + * @param string $user DB username + * @param string $pass DB password + * @param string $db database name + * @return bool + */ + abstract function connect($server, $port, $user, $pass, $db); + + /** + * @brief Perform a DB query with the SQL statement $sql. + * + * This abstract function needs to be implemented in the real driver. + * + * @param string $sql The SQL query to execute + */ abstract function q($sql); + + /** + * @brief Escape a string before being passed to a DB query. + * + * This abstract function needs to be implemented in the real driver. + * + * @param string $str The string to escape. + */ abstract function escape($str); + + /** + * @brief Close the database connection. + * + * This abstract function needs to be implemented in the real driver. + */ abstract function close(); + /** + * @brief Return text name for db driver + * + * This abstract function needs to be implemented in the real driver. + */ + abstract function getdriver(); + function __construct($server, $port, $user,$pass,$db,$install = false) { - if(($install) && (! $this->install($server, $port, $user,$pass,$db))) { + if(($install) && (! $this->install($server, $port, $user, $pass, $db))) { return; } - $this->connect($server, $port, $user,$pass,$db); + $this->connect($server, $port, $user, $pass, $db); } + function get_null_date() { + return static::NULL_DATE; + } + + function get_install_script() { + return static::INSTALL_SCRIPT; + } + + function utcnow() { + return static::UTC_NOW; + } function install($server,$user,$pass,$db) { if (!(strlen($server) && strlen($user))){ @@ -56,7 +148,11 @@ abstract class dba_driver { return true; } - + /** + * @brief Sets the database driver's debugging state. + * + * @param int $dbg 0 to disable debugging + */ function dbg($dbg) { $this->debug = $dbg; } @@ -67,9 +163,30 @@ abstract class dba_driver { } } -} + function quote_interval($txt) { + return $txt; + } + + function optimize_table($table) { + q('OPTIMIZE TABLE '.$table); + } + + function concat($fld, $sep) { + return 'GROUP_CONCAT(DISTINCT '.$fld.' SEPARATOR \''.$sep.'\')'; + } + + function escapebin($str) { + return $this->escape($str); + } + + function unescapebin($str) { + return $str; + } +} // end abstract dba_driver class + +// Procedural functions function printable($s) { $s = preg_replace("~([\x01-\x08\x0E-\x0F\x10-\x1F\x7F-\xFF])~",".", $s); @@ -79,24 +196,79 @@ function printable($s) { return $s; } -// Procedural functions - +/** + * @brief set database driver debugging state. + * + * @param int $state 0 to disable debugging + */ function dbg($state) { global $db; + if($db) - $db->dbg($state); + $db->dbg($state); } - +/** + * @brief Escape strings being passed to DB queries. + * + * Always escape strings being used in DB queries. This function returns the + * escaped string. Integer DB parameters should all be proven integers by + * wrapping with intval(). + * + * @param string $str A string to pass to a DB query + * @return Return an escaped string of the value to pass to a DB query. + */ function dbesc($str) { global $db; + if($db && $db->connected) return($db->escape($str)); else - return(str_replace("'","\\'",$str)); + return(str_replace("'", "\\'", $str)); +} +function dbescbin($str) { + global $db; + return $db->escapebin($str); +} + +function dbunescbin($str) { + global $db; + return $db->unescapebin($str); +} + +function dbescdate($date) { + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES && $date == '0000-00-00 00:00:00') { + $date = NULL_DATE; + } else if(ACTIVE_DBTYPE != DBTYPE_POSTGRES && $date == '0001-01-01 00:00:00') { + $date = NULL_DATE; + } + return $date; +} + +function db_quoteinterval($txt) { + global $db; + return $db->quote_interval($txt); +} + +function dbesc_identifier($str) { + global $db; + return $db->escape_identifier($txt); +} + +function db_utcnow() { + global $db; + return $db->utcnow(); } +function db_optimizetable($table) { + global $db; + $db->optimize_table($table); +} +function db_concat($fld, $sep) { + global $db; + return $db->concat($fld, $sep); +} // Function: q($sql,$args); // Description: execute SQL query with printf style args. @@ -104,68 +276,114 @@ function dbesc($str) { // 'user', 1); +/** + * @brief Execute a SQL query with printf style args. + * + * printf style arguments %s and %d are replaced with variable arguments, which + * should each be appropriately dbesc() or intval(). + * SELECT queries return an array of results or false if SQL or DB error. Other + * queries return true if the command was successful or false if it wasn't. + * + * Example: + * $r = q("SELECT * FROM `%s` WHERE `uid` = %d", + * 'user', 1); + * + * @param string $sql The SQL query to execute + * @return bool|array + */ function q($sql) { - global $db; + $args = func_get_args(); unset($args[0]); if($db && $db->connected) { - $stmt = vsprintf($sql,$args); + $stmt = vsprintf($sql, $args); if($stmt === false) { - if(version_compare(PHP_VERSION,'5.4.0') >= 0) - logger('dba: vsprintf error: ' . print_r(debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT,1),true)); + if(version_compare(PHP_VERSION, '5.4.0') >= 0) + logger('dba: vsprintf error: ' . + print_r(debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT, 1), true)); else - logger('dba: vsprintf error: ' . print_r(debug_backtrace(),true)); + logger('dba: vsprintf error: ' . print_r(debug_backtrace(), true)); } return $db->q($stmt); } - /** - * + /* * This will happen occasionally trying to store the * session data after abnormal program termination - * */ logger('dba: no database: ' . print_r($args,true)); - return false; + return false; } /** + * @brief Raw DB query, no arguments. * - * Raw db query, no arguments + * This function executes a raw DB query without any arguments. * + * @param string $sql The SQL query to execute */ - - function dbq($sql) { - global $db; + if($db && $db->connected) $ret = $db->q($sql); else $ret = false; + return $ret; } -// Caller is responsible for ensuring that any integer arguments to + +// Caller is responsible for ensuring that any integer arguments to // dbesc_array are actually integers and not malformed strings containing // SQL injection vectors. All integer array elements should be specifically // cast to int to avoid trouble. - - function dbesc_array_cb(&$item, $key) { - if(is_string($item)) + if(is_string($item)) { + if($item == '0000-00-00 00:00:00' && ACTIVE_DBTYPE == DBTYPE_POSTGRES) + $item = '0001-01-01 00:00:00'; + else if($item == '0001-01-01 00:00:00' && ACTIVE_DBTYPE == DBTYPE_MYSQL) + $item = '0000-00-00 00:00:00'; $item = dbesc($item); + } } - function dbesc_array(&$arr) { if(is_array($arr) && count($arr)) { array_walk($arr,'dbesc_array_cb'); } } + +function db_getfunc($f) { + $lookup = array( + 'rand'=>array( + DBTYPE_MYSQL=>'RAND()', + DBTYPE_POSTGRES=>'RANDOM()' + ), + 'utc_timestamp'=>array( + DBTYPE_MYSQL=>'UTC_TIMESTAMP()', + DBTYPE_POSTGRES=>"now() at time zone 'UTC'" + ), + 'regexp'=>array( + DBTYPE_MYSQL=>'REGEXP', + DBTYPE_POSTGRES=>'~' + ), + '^'=>array( + DBTYPE_MYSQL=>'^', + DBTYPE_POSTGRES=>'#' + ) + ); + $f = strtolower($f); + if(isset($lookup[$f]) && isset($lookup[$f][ACTIVE_DBTYPE])) + return $lookup[$f][ACTIVE_DBTYPE]; + + logger('Unable to abstract DB function "'. $f . '" for dbtype ' . ACTIVE_DBTYPE, LOGGER_DEBUG); + return $f; +} + diff --git a/include/dba/dba_mysql.php b/include/dba/dba_mysql.php index f5a2a47ba..3cadad6dc 100755 --- a/include/dba/dba_mysql.php +++ b/include/dba/dba_mysql.php @@ -59,5 +59,9 @@ class dba_mysql extends dba_driver { mysql_close($this->db); $this->connected = false; } + + function getdriver() { + return 'mysql'; + } } diff --git a/include/dba/dba_mysqli.php b/include/dba/dba_mysqli.php index 19907705b..74a999974 100755 --- a/include/dba/dba_mysqli.php +++ b/include/dba/dba_mysqli.php @@ -40,7 +40,7 @@ class dba_mysqli extends dba_driver { if(($result === true) || ($result === false)) { if($this->debug) { - logger('dba_mysqli: DEBUG: returns ' . (($result) ? 'true' : 'false')); + logger('dba_mysqli: DEBUG: ' . printable($sql) . ' returns ' . (($result) ? 'true' : 'false')); } return $result; } @@ -72,5 +72,9 @@ class dba_mysqli extends dba_driver { $this->db->close(); $this->connected = false; } + + function getdriver() { + return 'mysqli'; + } }
\ No newline at end of file diff --git a/include/dba/dba_postgres.php b/include/dba/dba_postgres.php new file mode 100644 index 000000000..ba4366d13 --- /dev/null +++ b/include/dba/dba_postgres.php @@ -0,0 +1,116 @@ +<?php + +require_once('include/dba/dba_driver.php'); + + +class dba_postgres extends dba_driver { + const INSTALL_SCRIPT='install/schema_postgres.sql'; + const NULL_DATE = '0001-01-01 00:00:00'; + const UTC_NOW = "now() at time zone 'UTC'"; + + function connect($server,$port,$user,$pass,$db) { + if(!$port) $port = 5432; + $connstr = 'host=' . $server . ' port='.$port . ' user=' . $user . ' password=' . $pass . ' dbname='. $db; + $this->db = pg_connect($connstr); + if($this->db !== false) { + $this->connected = true; + } else { + $this->connected = false; + } + $this->q("SET standard_conforming_strings = 'off'; SET backslash_quote = 'on';"); // emulate mysql string escaping to prevent massive code-clobber + return $this->connected; + } + + function q($sql) { + if((! $this->db) || (! $this->connected)) + return false; + + if(!strpos($sql, ';')) + $sql .= ';'; + + if(strpos($sql, '`')) // this is a hack. quoted identifiers should be replaced everywhere in the code with dbesc_identifier(), remove this once it is + $sql = str_replace('`', '"', $sql); + + $this->error = ''; + $result = @pg_query($this->db, $sql); + if(file_exists('db-allqueries.out')) { + $bt = debug_backtrace(); + $trace = array(); + foreach($bt as $frame) { + if(!empty($frame['file']) && @strstr($frame['file'], $_SERVER['DOCUMENT_ROOT'])) + $frame['file'] = substr($frame['file'], strlen($_SERVER['DOCUMENT_ROOT'])+1); + + $trace[] = $frame['file'] . ':' . $frame['function'] . '():' . $frame['line'] ; + } + $compact = join(', ', $trace); + file_put_contents('db-allqueries.out', datetime_convert() . ": " . $sql . ' is_resource: '.var_export(is_resource($result), true).', backtrace: '.$compact."\n\n", FILE_APPEND); + } + + if($result === false) + $this->error = pg_last_error($this->db); + + if($result === false || $this->error) { + //logger('dba_postgres: ' . printable($sql) . ' returned false.' . "\n" . $this->error); + if(file_exists('dbfail.out')) + file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n" . $this->error . "\n", FILE_APPEND); + } + + if(($result === true) || ($result === false)) + return $result; + + if(pg_result_status($result) == PGSQL_COMMAND_OK) + return true; + + $r = array(); + if(pg_num_rows($result)) { + while($x = pg_fetch_array($result, null, PGSQL_ASSOC)) + $r[] = $x; + pg_free_result($result); + if($this->debug) + logger('dba_postgres: ' . printable(print_r($r,true))); + } + return $r; + } + + function escape($str) { + if($this->db && $this->connected) { + $x = @pg_escape_string($this->db, $str); + return $x; + } + } + + function escapebin($str) { + return pg_escape_bytea($str); + } + + function unescapebin($str) { + return pg_unescape_bytea($str); + } + + function close() { + if($this->db) + pg_close($this->db); + $this->connected = false; + } + + function quote_interval($txt) { + return "'$txt'"; + } + + function escape_identifier($str) { + return pg_escape_identifier($this->db, $str); + } + + function optimize_table($table) { + // perhaps do some equivalent thing here, vacuum, etc? I think this is the DBA's domain anyway. Applications should not need to muss with this. + // for now do nothing without a compelling reason. function overrides default legacy mysql. + } + + function concat($fld, $sep) { + return 'string_agg(' . $fld . ',\'' . $sep . '\')'; + } + + function getdriver() { + return 'pgsql'; + } +}
\ No newline at end of file diff --git a/include/deliver.php b/include/deliver.php index f4fae6061..47d8562df 100644 --- a/include/deliver.php +++ b/include/deliver.php @@ -24,13 +24,13 @@ function deliver_run($argv, $argc) { $result = z_post_url($r[0]['outq_posturl'],$r[0]['outq_msg']); if($result['success'] && $result['return_code'] < 300) { logger('deliver: queue post success to ' . $r[0]['outq_posturl'], LOGGER_DEBUG); - $y = q("delete from outq where outq_hash = '%s' limit 1", + $y = q("delete from outq where outq_hash = '%s'", dbesc($argv[$x]) ); } else { logger('deliver: queue post returned ' . $result['return_code'] . ' from ' . $r[0]['outq_posturl'],LOGGER_DEBUG); - $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", + $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'", dbesc(datetime_convert()), dbesc($argv[$x]) ); @@ -38,16 +38,34 @@ function deliver_run($argv, $argc) { continue; } - if($r[0]['outq_posturl'] === z_root() . '/post') { + $notify = json_decode($r[0]['outq_notify'],true); + + // Check if this is a conversation request packet. It won't have outq_msg + // but will be an encrypted packet - so will need to be handed off to + // web delivery rather than processed inline. + + $sendtoweb = false; + if(array_key_exists('iv',$notify) && (! $r[0]['outq_msg'])) + $sendtoweb = true; + + if(($r[0]['outq_posturl'] === z_root() . '/post') && (! $sendtoweb)) { logger('deliver: local delivery', LOGGER_DEBUG); // local delivery // we should probably batch these and save a few delivery processes - // If there is no outq_msg, this is a refresh_all message which does not require local handling - if($r[0]['outq_msg']) { - $msg = array('body' => json_encode(array('pickup' => array(array('notify' => json_decode($r[0]['outq_notify'],true),'message' => json_decode($r[0]['outq_msg'],true)))))); - zot_import($msg,z_root()); - $r = q("delete from outq where outq_hash = '%s' limit 1", + if($r[0]['outq_msg']) { + $m = json_decode($r[0]['outq_msg'],true); + if(array_key_exists('message_list',$m)) { + foreach($m['message_list'] as $mm) { + $msg = array('body' => json_encode(array('pickup' => array(array('notify' => $notify,'message' => $mm))))); + zot_import($msg,z_root()); + } + } + else { + $msg = array('body' => json_encode(array('pickup' => array(array('notify' => $notify,'message' => $m))))); + zot_import($msg,z_root()); + } + $r = q("delete from outq where outq_hash = '%s'", dbesc($argv[$x]) ); } @@ -59,7 +77,7 @@ function deliver_run($argv, $argc) { zot_process_response($r[0]['outq_posturl'],$result, $r[0]); } else { - $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", + $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'", dbesc(datetime_convert()), dbesc($argv[$x]) ); diff --git a/include/diaspora.php b/include/diaspora.php index c6d4b7423..e494aac0f 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -58,7 +58,7 @@ function diaspora_dispatch($importer,$msg,$attempt=1) { $xmlbase = $parsed_xml->post; - logger('diaspora_dispatch: ' . print_r($xmlbase,true), LOGGER_DATA); +// logger('diaspora_dispatch: ' . print_r($xmlbase,true), LOGGER_DATA); if($xmlbase->request) { @@ -657,7 +657,7 @@ function diaspora_request($importer,$xml) { $newperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK|PERMS_W_STREAM|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT|PERMS_R_STORAGE|PERMS_R_PAGES; - $r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d limit 1", + $r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d", intval($newperms), intval($contact['abook_id']), intval($importer['channel_id']) @@ -673,16 +673,15 @@ function diaspora_request($importer,$xml) { return; } - $default_perms = 0; - // look for default permissions to apply in return - e.g. auto-friend - $z = q("select * from abook where abook_channel = %d and (abook_flags & %d) limit 1", - intval($importer['channel_id']), - intval(ABOOK_FLAG_SELF) - ); - - if($z) - $default_perms = intval($z[0]['abook_my_perms']); - + $role = get_pconfig($channel['channel_id'],'system','permissions_role'); + if($role) { + $x = get_role_perms($role); + if($x['perms_auto']) + $default_perms = $x['perms_accept']; + } + if(! $default_perms) + $default_perms = intval(get_pconfig($channel['channel_id'],'system','autoperms')); + $their_perms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK|PERMS_W_STREAM|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT|PERMS_R_STORAGE|PERMS_R_PAGES; $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_my_perms, abook_their_perms, abook_closeness, abook_rating, abook_created, abook_updated, abook_connected, abook_dob, abook_flags) values ( %d, %d, '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', %d )", @@ -1396,7 +1395,12 @@ function diaspora_comment($importer,$xml,$msg) { $datarray['body'] = $body; - $datarray['app'] = 'Diaspora'; + if(strstr($person['xchan_network'],'friendica')) + $app = 'Friendica'; + else + $app = 'Diaspora'; + + $datarray['app'] = $app; if(! $parent_author_signature) { $key = get_config('system','pubkey'); @@ -1789,7 +1793,7 @@ function diaspora_like($importer,$xml,$msg) { $contact = diaspora_get_contact_by_handle($importer['channel_id'],$msg['author']); if(! $contact) { - logger('diaspora_like: cannot find contact: ' . $msg['author']); + logger('diaspora_like: cannot find contact: ' . $msg['author'] . ' for channel ' . $importer['channel_name']); return; } diff --git a/include/dir_fns.php b/include/dir_fns.php index f58e7c307..af6f78c01 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -38,7 +38,7 @@ function check_upstream_directory() { */ $directory = get_config('system','directory_server'); if ($directory) { - $r = q("select * from site where site_url = '%s' and (site_flags & %d) ", + $r = q("select * from site where site_url = '%s' and (site_flags & %d) > 0 ", dbesc($directory), intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY|DIRECTORY_MODE_STANDALONE) ); @@ -51,12 +51,32 @@ function check_upstream_directory() { } function dir_sort_links() { + // Build urls without order and pubforums so it's easy to tack on the changed value + // Probably there's an easier way to do this + + $current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : 'normal'); + $url = 'directory?'; + $tmp = $_REQUEST; + unset($tmp['order']); + $sorturl = $url . http_build_query($tmp); + $tmp = $_REQUEST; + + unset($tmp['pubforums']); + $forumsurl = $url . http_build_query($tmp); $o = replace_macros(get_markup_template('dir_sort_links.tpl'), array( - '$header' => t('Sort Options'), + '$header' => t('Directory Options'), '$normal' => t('Alphabetic'), '$reverse' => t('Reverse Alphabetic'), - '$date' => t('Newest to Oldest') + '$date' => t('Newest to Oldest'), + '$reversedate' => t('Oldest to Newest'), + '$pubforums' => t('Public Forums Only'), + '$pubforumsonly' => x($_REQUEST,'pubforums') ? $_REQUEST['pubforums'] : '', + '$sort' => t('Sort'), + '$selected_sort' => $current_order, + '$sorturl' => $sorturl, + '$forumsurl' => $forumsurl, + )); return $o; } @@ -86,14 +106,14 @@ function sync_directories($dirmode) { $realm = get_directory_realm(); if($realm == DIRECTORY_REALM) { - $r = q("select * from site where (site_flags & %d) and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ", + $r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ", intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), dbesc(z_root()), dbesc($realm) ); } else { - $r = q("select * from site where (site_flags & %d) and site_url != '%s' and site_realm like '%s' ", + $r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_realm like '%s' ", intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), dbesc(z_root()), dbesc(protect_sprintf('%' . $realm . '%')) @@ -120,7 +140,7 @@ function sync_directories($dirmode) { dbesc($r[0]['site_realm']) ); - $r = q("select * from site where (site_flags & %d) and site_url != '%s'", + $r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s'", intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY), dbesc(z_root()) ); @@ -146,7 +166,7 @@ function sync_directories($dirmode) { if((! $j['transactions']) || (! is_array($j['transactions']))) continue; - q("update site set site_sync = '%s' where site_url = '%s' limit 1", + q("update site set site_sync = '%s' where site_url = '%s'", dbesc(datetime_convert()), dbesc($rr['site_url']) ); @@ -212,7 +232,7 @@ function update_directory_entry($ud) { function local_dir_update($uid,$force) { - logger('local_dir_update', LOGGER_DEBUG); + logger('local_dir_update: uid: ' . $uid, LOGGER_DEBUG); $p = q("select channel.channel_hash, channel_address, channel_timezone, profile.* from profile left join channel on channel_id = uid where uid = %d and is_default = 1", intval($uid) @@ -267,7 +287,7 @@ function local_dir_update($uid,$force) { if($new_flags != $r[0]['xchan_flags']) { - $r = q("update xchan set xchan_flags = %d where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_flags = %d where xchan_hash = '%s'", intval($new_flags), dbesc($p[0]['channel_hash']) ); @@ -281,10 +301,10 @@ function local_dir_update($uid,$force) { } else { // they may have made it private - $r = q("delete from xprof where xprof_hash = '%s' limit 1", + $r = q("delete from xprof where xprof_hash = '%s'", dbesc($hash) ); - $r = q("delete from xtag where xtag_hash = '%s' limit 1", + $r = q("delete from xtag where xtag_hash = '%s'", dbesc($hash) ); } diff --git a/include/directory.php b/include/directory.php index 60070f7ec..a7324a99a 100644 --- a/include/directory.php +++ b/include/directory.php @@ -42,7 +42,7 @@ function directory_run($argv, $argc){ local_dir_update($argv[1],$force); - q("update channel set channel_dirdate = '%s' where channel_id = %d limit 1", + q("update channel set channel_dirdate = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($channel['channel_id']) ); @@ -85,7 +85,7 @@ function directory_run($argv, $argc){ ); } else { - q("update channel set channel_dirdate = '%s' where channel_id = %d limit 1", + q("update channel set channel_dirdate = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($channel['channel_id']) ); diff --git a/include/enotify.php b/include/enotify.php index 2503f9ab0..3fef3ba0a 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -18,7 +18,7 @@ function notification($params) { } if($params['to_xchan']) { $y = q("select channel.*, account.* from channel left join account on channel_account_id = account_id - where channel_hash = '%s' and not (channel_pageflags & %d) limit 1", + where channel_hash = '%s' and not (channel_pageflags & %d)>0 limit 1", dbesc($params['to_xchan']), intval(PAGE_REMOVED) ); @@ -357,9 +357,21 @@ function notification($params) { // create notification entry in DB + $seen = 0; + + // Mark some notifications as seen right away + // Note! The notification have to be created, because they are used to send emails + // So easiest solution to hide them from Notices is to mark them as seen right away. + // Another option would be to not add them to the DB, and change how emails are handled (probably would be better that way) + $always_show_in_notices = get_pconfig($recip['channel_id'],'system','always_show_in_notices'); + if(!$always_show_in_notices) { + if(($params['type'] == NOTIFY_WALL) || ($params['type'] == NOTIFY_MAIL) || ($params['type'] == NOTIFY_INTRO)) { + $seen = 1; + } + } - $r = q("insert into notify (hash,name,url,photo,date,aid,uid,link,parent,type,verb,otype) - values('%s','%s','%s','%s','%s',%d,%d,'%s','%s',%d,'%s','%s')", + $r = q("insert into notify (hash,name,url,photo,date,aid,uid,link,parent,seen,type,verb,otype) + values('%s','%s','%s','%s','%s',%d,%d,'%s','%s',%d,%d,'%s','%s')", dbesc($datarray['hash']), dbesc($datarray['name']), dbesc($datarray['url']), @@ -369,6 +381,7 @@ function notification($params) { intval($datarray['uid']), dbesc($datarray['link']), dbesc($datarray['parent']), + intval($seen), intval($datarray['type']), dbesc($datarray['verb']), dbesc($datarray['otype']) @@ -394,7 +407,7 @@ function notification($params) { if(($a->language === 'en' || (! $a->language)) && strpos($msg,', ')) $msg = substr($msg,strpos($msg,', ')+1); - $r = q("update notify set msg = '%s' where id = %d and uid = %d limit 1", + $r = q("update notify set msg = '%s' where id = %d and uid = %d", dbesc($msg), intval($notify_id), intval($datarray['uid']) diff --git a/include/event.php b/include/event.php index 03ecaa0a7..1ed541d99 100644 --- a/include/event.php +++ b/include/event.php @@ -45,6 +45,56 @@ function format_event_html($ev) { return $o; } + + +function ical_wrapper($ev) { + + if(! ((is_array($ev)) && count($ev))) + return ''; + + $o .= "BEGIN:VCALENDAR"; + $o .= "\nVERSION:2.0"; + $o .= "\nMETHOD:PUBLISH"; + $o .= "\nPRODID:-//" . get_config('system','sitename') . "//" . RED_PLATFORM . "//" . strtoupper(get_app()->language). "\n"; + if(array_key_exists('start',$ev)) + $o .= format_event_ical($ev); + else { + foreach($ev as $e) { + $o .= format_event_ical($e); + } + } + $o .= "\nEND:VCALENDAR\n"; + + return $o; +} + +function format_event_ical($ev) { + + $o = ''; + + $o .= "\nBEGIN:VEVENT"; + if($ev['start']) + $o .= "\nDTSTART:" . datetime_convert('UTC','UTC', $ev['start'],'Ymd\\THis' . (($ev['adjust']) ? '\\Z' : '')); + if($ev['finish'] && ! $ev['nofinish']) + $o .= "\nDTEND:" . datetime_convert('UTC','UTC', $ev['finish'],'Ymd\\THis' . (($ev['adjust']) ? '\\Z' : '')); + if($ev['summary']) + $o .= "\nSUMMARY:" . format_ical_text($ev['summary']); + if($ev['location']) + $o .= "\nLOCATION:" . format_ical_text($ev['location']); + if($ev['description']) + $o .= "\nDESCRIPTION:" . format_ical_text($ev['description']); + $o .= "\nEND:VEVENT\n"; + return $o; +} + +function format_ical_text($s) { + + require_once('include/bbcode.php'); + require_once('include/html2plain.php'); + return(wordwrap(html2plain(bbcode($s)),72,"\n ",true)); +} + + function format_event_bbcode($ev) { $o = ''; @@ -183,7 +233,7 @@ function event_store_event($arr) { `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - WHERE `id` = %d AND `uid` = %d LIMIT 1", + WHERE `id` = %d AND `uid` = %d", dbesc($arr['edited']), dbesc($arr['start']), @@ -284,7 +334,7 @@ function event_addtocal($item_id, $uid) { $event = event_store_event($ev); if($event) { - $r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d limit 1", + $r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d", dbesc($event['event_hash']), intval($item['id']), intval($channel['channel_id']) @@ -359,7 +409,7 @@ function event_store_item($arr,$event) { $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); - q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1", + q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d", dbesc($arr['summary']), dbesc($prefix . format_event_bbcode($arr)), dbesc($object), diff --git a/include/expire.php b/include/expire.php index 442914a39..a229bd4ac 100644 --- a/include/expire.php +++ b/include/expire.php @@ -7,9 +7,10 @@ function expire_run($argv, $argc){ cli_startup(); - $r = q("select id from item where (item_restrict & %d) and not (item_restrict & %d) and changed < UTC_TIMESTAMP() - INTERVAL 10 DAY", + $r = q("select id from item where (item_restrict & %d)>0 and not (item_restrict & %d)>0 and changed < %s - INTERVAL %s", intval(ITEM_DELETED), - intval(ITEM_PENDING_REMOVE) + intval(ITEM_PENDING_REMOVE), + db_utcnow(), db_quoteinterval('10 DAY') ); if($r) { foreach($r as $rr) { @@ -19,8 +20,9 @@ function expire_run($argv, $argc){ // physically remove anything that has been deleted for more than two months - $r = q("delete from item where ( item_restrict & %d ) and changed < UTC_TIMESTAMP() - INTERVAL 36 DAY", - intval(ITEM_PENDING_REMOVE) + $r = q("delete from item where ( item_restrict & %d )>0 and changed < %s - INTERVAL %s", + intval(ITEM_PENDING_REMOVE), + db_utcnow(), db_quoteinterval('36 DAY') ); // make this optional as it could have a performance impact on large sites diff --git a/include/externals.php b/include/externals.php index 280daf4a4..b0f853dc6 100644 --- a/include/externals.php +++ b/include/externals.php @@ -14,6 +14,8 @@ function externals_run($argv, $argc){ $total = 0; $attempts = 0; + logger('externals: startup', LOGGER_DEBUG); + // pull in some public posts @@ -25,7 +27,8 @@ function externals_run($argv, $argc){ $url = $arr['url']; } else { - $r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d order by rand() limit 1", + $randfunc = db_getfunc('RAND'); + $r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d order by $randfunc limit 1", dbesc(z_root()), intval(DIRECTORY_MODE_STANDALONE) ); @@ -76,7 +79,7 @@ function externals_run($argv, $argc){ $x = z_fetch_url($feedurl); if(($x) && ($x['success'])) { - q("update site set site_pull = '%s' where site_url = '%s' limit 1", + q("update site set site_pull = '%s' where site_url = '%s'", dbesc(datetime_convert()), dbesc($url) ); @@ -99,12 +102,12 @@ $z = null; $flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK; // preserve the source - $r = q("update item set source_xchan = owner_xchan where id = %d limit 1", + $r = q("update item set source_xchan = owner_xchan where id = %d", intval($z[0]['id']) ); $r = q("update item set item_flags = ( item_flags | %d ), owner_xchan = '%s' - where id = %d limit 1", + where id = %d", intval($flag_bits), dbesc($sys['xchan_hash']), intval($z[0]['id']) diff --git a/include/features.php b/include/features.php index 7530158ec..7009b1d6b 100644 --- a/include/features.php +++ b/include/features.php @@ -45,9 +45,10 @@ function get_features() { t('Post Composition Features'), // array('richtext', t('Richtext Editor'), t('Enable richtext editor')), array('markdown', t('Use Markdown'), t('Allow use of "Markdown" to format posts')), - array('preview', t('Post Preview'), t('Allow previewing posts and comments before publishing them')), +// array('preview', t('Post Preview'), t('Allow previewing posts and comments before publishing them')), array('channel_sources', t('Channel Sources'), t('Automatically import channel content from other channels or feeds')), array('content_encrypt', t('Even More Encryption'), t('Allow optional encryption of content end-to-end with a shared secret key')), + array('adult_photo_flagging', t('Flag Adult Photos'), t('Provide photo edit option to hide adult photos from default album view')), ), // Network Tools @@ -66,7 +67,7 @@ function get_features() { 'tools' => array( t('Post/Comment Tools'), // array('multi_delete', t('Multiple Deletion'), t('Select and delete multiple posts/comments at once')), - array('edit_posts', t('Edit Sent Posts'), t('Edit and correct posts and comments after sending')), +// array('edit_posts', t('Edit Sent Posts'), t('Edit and correct posts and comments after sending')), array('commtag', t('Tagging'), t('Ability to tag existing posts')), array('categories', t('Post Categories'), t('Add categories to your posts')), array('filing', t('Saved Folders'), t('Ability to file posts under folders')), diff --git a/include/fixd.php b/include/fixd.php new file mode 100644 index 000000000..bce5eb348 --- /dev/null +++ b/include/fixd.php @@ -0,0 +1,33 @@ +<?php + + require_once('include/cli_startup.php'); + + cli_startup(); + + $rand = db_getfunc('RAND'); + $r = q("select xchan_addr, hubloc_url from xchan left join hubloc on hubloc_hash = xchan_hash where xchan_network like '%%diaspora%%' order by $rand"); + + if(! $r) + killme(); + + require_once('include/network.php'); + $total = 0; + foreach ($r as $rr) { + if($rr['hubloc_url']) { + continue; + } + $total ++; + } + + print $total . "\n"; + + foreach ($r as $rr) { + if($rr['hubloc_url']) { + continue; + } + + $webbie = $rr['xchan_addr']; + print $webbie . ' '; + + discover_by_webbie($webbie); + } diff --git a/include/follow.php b/include/follow.php index 14385d90d..1abd0e3b9 100644 --- a/include/follow.php +++ b/include/follow.php @@ -37,7 +37,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) // check service class limits - $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ", intval($uid), intval(ABOOK_FLAG_SELF) ); @@ -64,9 +64,9 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $j = json_decode($ret['body'],true); } - if($is_red && $j) { + $my_perms = get_channel_default_perms($uid); - $my_perms = PERMS_W_STREAM|PERMS_W_MAIL; + if($is_red && $j) { $role = get_pconfig($uid,'system','permissions_role'); if($role) { @@ -137,7 +137,6 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) } } - $my_perms = 0; $their_perms = 0; $xchan_hash = ''; @@ -164,7 +163,6 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) if($r) { $xchan_hash = $r[0]['xchan_hash']; $their_perms = 0; - $my_perms = PERMS_W_STREAM|PERMS_W_MAIL; $role = get_pconfig($uid,'system','permissions_role'); if($role) { $x = get_role_perms($role); @@ -205,8 +203,9 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) return $result; } - $r = q("select count(*) as total from abook where abook_account = %d and ( abook_flags & ABOOK_FLAG_FEED )", - intval($aid) + $r = q("select count(*) as total from abook where abook_account = %d and ( abook_flags & %d )>0", + intval($aid), + intval(ABOOK_FLAG_FEED) ); if($r) $total_feeds = $r[0]['total']; @@ -227,7 +226,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) intval($uid) ); if($r) { - $x = q("update abook set abook_their_perms = %d where abook_id = %d limit 1", + $x = q("update abook set abook_their_perms = %d where abook_id = %d", intval($their_perms), intval($r[0]['abook_id']) ); diff --git a/include/group.php b/include/group.php index d4f08108f..28cf5d80d 100644 --- a/include/group.php +++ b/include/group.php @@ -18,10 +18,11 @@ function group_add($uid,$name,$public = 0) { intval($r) ); if(count($z) && $z[0]['deleted']) { - $r = q("UPDATE `groups` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", + /*$r = q("UPDATE `groups` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", intval($uid), dbesc($name) - ); + );*/ + q('UPDATE groups SET deleted = 0 WHERE id = %d', intval($z[0]['id'])); notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); } return true; @@ -107,7 +108,7 @@ function group_rmv($uid,$name) { ); // remove group - $r = q("UPDATE `groups` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", + $r = q("UPDATE `groups` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s'", intval($uid), dbesc($name) ); @@ -152,7 +153,7 @@ function group_rmv_member($uid,$name,$member) { return false; if(! ( $uid && $gid && $member)) return false; - $r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND xchan = '%s' LIMIT 1 ", + $r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND xchan = '%s' ", intval($uid), intval($gid), dbesc($member) @@ -199,7 +200,7 @@ function group_get_members($gid) { if(intval($gid)) { $r = q("SELECT * FROM `group_member` LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan - WHERE `gid` = %d AND abook_channel = %d and `group_member`.`uid` = %d and not ( xchan_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ", + WHERE `gid` = %d AND abook_channel = %d and `group_member`.`uid` = %d and not ( xchan_flags & %d )>0 and not ( abook_flags & %d )>0 and not ( abook_flags & %d )>0 ORDER BY xchan_name ASC ", intval($gid), intval(local_user()), intval(local_user()), diff --git a/include/hubloc.php b/include/hubloc.php index 0a1b51331..b5a3d47c5 100644 --- a/include/hubloc.php +++ b/include/hubloc.php @@ -33,7 +33,7 @@ function prune_hub_reinstalls() { // allow some slop period, say 3 days - just in case this is a glitch or transient occurrence // Then remove any hublocs pointing to the oldest entry. - if($d1 < $d2) { + if(($d1 < $d2) && ($x[0]['hubloc_sitekey'])) { logger('prune_hub_reinstalls: removing dead hublocs at ' . $rr['site_url']); $y = q("delete from hubloc where hubloc_sitekey = '%s'", dbesc($x[0]['hubloc_sitekey']) @@ -96,7 +96,7 @@ function remove_obsolete_hublocs() { ? intval(get_config('system','delivery_interval')) : 2 ); foreach($r as $rr) { - q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d", intval(HUBLOC_FLAGS_DELETED), intval($rr['hubloc_id']) ); @@ -134,7 +134,7 @@ function hubloc_change_primary($hubloc) { dbesc($hubloc['hubloc_hash']) ); if(($r) && (! $r[0]['channel_primary'])) { - q("update channel set channel_primary = 1 where channel_id = %d limit 1", + q("update channel set channel_primary = 1 where channel_id = %d", intval($r[0]['channel_id']) ); } @@ -156,7 +156,7 @@ function hubloc_change_primary($hubloc) { $url = $hubloc['hubloc_url']; $lwebbie = substr($hubloc['hubloc_addr'],0,strpos($hubloc['hubloc_addr'],'@')); - $r = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_follow = '%s', xchan_connurl = '%s' where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_follow = '%s', xchan_connurl = '%s' where xchan_hash = '%s'", dbesc($hubloc['hubloc_addr']), dbesc($url . '/channel/' . $lwebbie), dbesc($url . '/follow?f=&url=%s'), @@ -214,7 +214,7 @@ function xchan_store($arr) { return $r; $photos = import_profile_photo($arr['photo'],$arr['hash']); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), diff --git a/include/identity.php b/include/identity.php index 9a574ea65..17238ea99 100644 --- a/include/identity.php +++ b/include/identity.php @@ -22,7 +22,7 @@ require_once('include/crypto.php'); function identity_check_service_class($account_id) { $ret = array('success' => false, $message => ''); - $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d ) ", + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0 ", intval($account_id), intval(PAGE_REMOVED) ); @@ -104,7 +104,7 @@ function create_sys_channel() { } function get_sys_channel() { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where (channel_pageflags & %d) limit 1", + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where (channel_pageflags & %d)>0 limit 1", intval(PAGE_SYSTEM) ); if($r) @@ -132,7 +132,7 @@ function is_sys_channel($channel_id) { */ function channel_total() { - $r = q("select channel_id from channel where not ( channel_pageflags & %d )", + $r = q("select channel_id from channel where not ( channel_pageflags & %d )>0", intval(PAGE_REMOVED) ); @@ -348,10 +348,13 @@ function create_identity($arr) { dbesc($a->get_baseurl() . "/photo/profile/m/{$newuid}") ); - $myperms = 0; if($role_permissions) { $myperms = ((array_key_exists('perms_auto',$role_permissions) && $role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0); } + else + $myperms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK + |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT + |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_closeness, abook_created, abook_updated, abook_flags, abook_my_perms ) values ( %d, %d, '%s', %d, '%s', '%s', %d, %d ) ", @@ -373,6 +376,8 @@ function create_identity($arr) { set_pconfig($newuid,'system','permissions_role',$arr['permissions_role']); if(array_key_exists('online',$role_permissions)) set_pconfig($newuid,'system','hide_presence',1-intval($role_permissions['online'])); + if(array_key_exists('perms_auto',$role_permissions)) + set_pconfig($newuid,'system','autoperms',(($role_permissions['perms_auto']) ? $role_permissions['perms_accept'] : 0)); } // Create a group with yourself as a member. This allows somebody to use it @@ -390,7 +395,7 @@ function create_identity($arr) { dbesc( t('Friends') ) ); if($r) { - q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d limit 1", + q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval($newuid) @@ -446,7 +451,7 @@ function set_default_login_identity($account_id,$channel_id,$force = true) { ); if($r) { if((intval($r[0]['account_default_channel']) == 0) || ($force)) { - $r = q("update account set account_default_channel = %d where account_id = %d limit 1", + $r = q("update account set account_default_channel = %d where account_id = %d", intval($channel_id), intval($account_id) ); @@ -584,7 +589,7 @@ function identity_basic_export($channel_id, $items = false) { // warning: this may run into memory limits on smaller systems - $r = q("select * from item where (item_flags & %d) and not (item_restrict & %d) and uid = %d", + $r = q("select * from item where (item_flags & %d)>0 and not (item_restrict & %d)>0 and uid = %d", intval(ITEM_WALL), intval(ITEM_DELETED), intval($channel_id) @@ -673,7 +678,7 @@ function profile_load(&$a, $nickname, $profile = '') { if(! $p) { $p = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile LEFT JOIN channel ON profile.uid = channel.channel_id - WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d ) + WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d )>0 AND profile.is_default = 1 LIMIT 1", dbesc($nickname), intval(PAGE_REMOVED) @@ -851,7 +856,8 @@ function profile_sidebar($profile, $block = 0, $show_connect = true) { ); - if(feature_enabled(local_user(),'multi_profiles')) { + $multi_profiles = feature_enabled(local_user(), 'multi_profiles'); + if($multi_profiles) { $profile['edit'] = array($a->get_baseurl(). '/profiles', t('Profiles'),"", t('Manage/edit profiles')); $profile['menu']['cr_new'] = t('Create New Profile'); } @@ -864,6 +870,8 @@ function profile_sidebar($profile, $block = 0, $show_connect = true) { if($r) { foreach($r as $rr) { + if(!($multi_profiles || $rr['is_default'])) + continue; $profile['menu']['entries'][] = array( 'photo' => $rr['thumb'], 'id' => $rr['id'], @@ -885,6 +893,8 @@ function profile_sidebar($profile, $block = 0, $show_connect = true) { || (x($profile,'country_name') == 1)) $location = t('Location:'); + $profile['homepage'] = linkify($profile['homepage']); + $gender = ((x($profile,'gender') == 1) ? t('Gender:') : False); $marital = ((x($profile,'marital') == 1) ? t('Status:') : False); $homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False); @@ -1106,7 +1116,7 @@ logger('online: ' . $profile['online']); function advanced_profile(&$a) { - + require_once('include/text.php'); if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_profile')) return ''; @@ -1198,7 +1208,18 @@ function advanced_profile(&$a) { if($txt = prepare_text($a->profile['contact'])) $profile['contact'] = array( t('Contact information and Social Networks:'), $txt); - if($txt = prepare_text($a->profile['channels'])) $profile['channels'] = array( t('My other channels:'), $txt); + // Support tags in the other channels field (probably want to restrict it to channels only?) + $txt = $a->profile['channels']; + $matches = get_tags($txt); + $access_tag = ''; + $str_tags = ''; + foreach($matches as $m) { + $success = handle_tag($a, $txt, $access_tag, $str_tags, $a->profile_uid, $m); // Use uid of the profile maker + } + + if($txt = prepare_text($txt)) { + $profile['channels'] = array( t('My other channels:'), $txt); + } if($txt = prepare_text($a->profile['music'])) $profile['music'] = array( t('Musical interests:'), $txt); @@ -1466,7 +1487,7 @@ function get_channel_by_nick($nick) { function identity_selector() { if(local_user()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and (channel_pageflags & %d) = 0 order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED) ); @@ -1546,7 +1567,7 @@ function notifications_off($channel_id) { $r = q("select channel_notifyflags from channel where channel_id = %d limit 1", intval($channel_id) ); - $x = q("update channel set channel_notifyflags = 0 where channel_id = %d limit 1", + $x = q("update channel set channel_notifyflags = 0 where channel_id = %d", intval($channel_id) ); @@ -1556,9 +1577,21 @@ function notifications_off($channel_id) { function notifications_on($channel_id,$value) { - $x = q("update channel set channel_notifyflags = %d where channel_id = %d limit 1", + $x = q("update channel set channel_notifyflags = %d where channel_id = %d", intval($value), intval($channel_id) ); return $x; -}
\ No newline at end of file +} + + +function get_channel_default_perms($uid) { + + $r = q("select abook_my_perms from abook where abook_channel = %d and (abook_flags & %d) > 0 limit 1", + intval($uid), + intval(ABOOK_FLAG_SELF) + ); + if($r) + return $r[0]['abook_my_perms']; + return 0; +} diff --git a/include/items.php b/include/items.php index 41c211953..c488e1953 100755 --- a/include/items.php +++ b/include/items.php @@ -30,7 +30,7 @@ function collect_recipients($item,&$private_envelope) { // as that would allow the denied person to see the post by logging out. if((! $item['allow_cid']) && (! $item['allow_gid'])) { - $r = q("select * from abook where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select * from abook where abook_channel = %d and not (abook_flags & %d)>0 ", intval($item['uid']), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) ); @@ -66,9 +66,11 @@ function collect_recipients($item,&$private_envelope) { // by the directives in $item['public_policy']. $private_envelope = false; + require_once('include/identity.php'); + $sys = get_sys_channel(); if(array_key_exists('public_policy',$item) && $item['public_policy'] !== 'self') { - $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ", intval($item['uid']), intval(ABOOK_FLAG_SELF|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) ); @@ -95,6 +97,9 @@ function collect_recipients($item,&$private_envelope) { } } } +// we probably want to check that discovery channel delivery is allowed before uncommenting this. +// if($policy === 'pub') +// $recipients[] = $sys['xchan_hash']; } } @@ -258,7 +263,7 @@ function add_source_route($iid,$hash) { ); if($r) { $new_route = (($r[0]['route']) ? $r[0]['route'] . ',' : '') . $hash; - q("update item set route = '%s' where id = %d limit 1", + q("update item set route = '%s' where id = %d", (dbesc($new_route)), intval($iid) ); @@ -969,7 +974,7 @@ function import_author_rss($x) { $photos = import_profile_photo($x['photo']['src'],$x['url']); if($photos) { - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss' limit 1", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss'", dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), @@ -1014,7 +1019,7 @@ function import_author_unknown($x) { $photos = import_profile_photo($x['photo']['src'],$x['url']); if($photos) { - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown' limit 1", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown'", dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), @@ -1089,7 +1094,8 @@ function encode_item($item,$mirror = false) { $x['message_parent'] = $item['thr_parent']; $x['created'] = $item['created']; $x['edited'] = $item['edited']; - $x['expires'] = $item['expires']; + // always send 0's over the wire + $x['expires'] = (($item['expires'] == '0001-01-01 00:00:00') ? '0000-00-00 00:00:00' : $item['expires']); $x['commented'] = $item['commented']; $x['mimetype'] = $item['mimetype']; $x['title'] = $item['title']; @@ -2213,7 +2219,7 @@ function item_store($arr,$allow_exec = false) { $r = q("UPDATE item SET parent = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', public_policy = '%s', item_private = %d, comments_closed = '%s' - WHERE id = %d LIMIT 1", + WHERE id = %d", intval($parent_id), dbesc($allow_cid), dbesc($allow_gid), @@ -2258,13 +2264,13 @@ function item_store($arr,$allow_exec = false) { // update the commented timestamp on the parent - $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and not ( item_restrict & %d ) ", + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and not ( item_restrict & %d )>0 ", dbesc($arr['parent_mid']), intval($arr['uid']), intval(ITEM_DELAYED_PUBLISH) ); - q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d LIMIT 1", + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), dbesc(datetime_convert()), intval($parent_id) @@ -2476,7 +2482,7 @@ function item_store_update($arr,$allow_exec = false) { $str .= " `" . $k . "` = '" . $v . "' "; } - $r = dbq("update `item` set " . $str . " where id = " . $orig_post_id . " limit 1"); + $r = dbq("update `item` set " . $str . " where id = " . $orig_post_id ); if($r) logger('item_store_update: updated item ' . $orig_post_id, LOGGER_DEBUG); @@ -2553,7 +2559,7 @@ function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id, $key = get_config('system','pubkey'); $y = crypto_encapsulate(json_encode($x),$key); - $r = q("update item set diaspora_meta = '%s' where id = %d limit 1", + $r = q("update item set diaspora_meta = '%s' where id = %d", dbesc(json_encode($y)), intval($post_id) ); @@ -2749,7 +2755,7 @@ function tag_deliver($uid,$item_id) { $taglink = get_rel_link($j_obj['link'],'alternate'); store_item_tag($u[0]['channel_id'],$p[0]['id'],TERM_OBJ_POST,TERM_HASHTAG,$j_obj['title'],$j_obj['id']); - $x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d limit 1", + $x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -2815,7 +2821,7 @@ function tag_deliver($uid,$item_id) { if($mention) { logger('tag_deliver: mention found for ' . $u[0]['channel_name']); - $r = q("update item set item_flags = ( item_flags | %d ) where id = %d limit 1", + $r = q("update item set item_flags = ( item_flags | %d ) where id = %d", intval(ITEM_MENTIONSME), intval($item_id) ); @@ -2930,7 +2936,7 @@ function tgroup_check($uid,$item) { // or is a followup and we have already accepted the top level post as an uplink if($item['mid'] != $item['parent_mid']) { - $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1", + $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d )>0 limit 1", dbesc($item['parent_mid']), intval($uid), intval(ITEM_UPLINK) @@ -2974,7 +2980,15 @@ function tgroup_check($uid,$item) { // At this point we've determined that the person receiving this post was mentioned in it. // Now let's check if this mention was inside a reshare so we don't spam a forum - $body = preg_replace('/\[share(.*?)\[\/share\]/','',$item['body']); + + $body = $item['body']; + + if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED) && $body) { + $key = get_config('system','prvkey'); + $body = crypto_unencapsulate(json_decode($body,true),$key); + } + + $body = preg_replace('/\[share(.*?)\[\/share\]/','',$body); $pattern = '/@\!?\[zrl\=' . preg_quote($term['url'],'/') . '\]' . preg_quote($term['term'] . '+','/') . '\[\/zrl\]/'; @@ -3020,14 +3034,14 @@ function start_delivery_chain($channel,$item,$item_id,$parent) { // when we created the delivery fork if($parent) { - $r = q("update item set source_xchan = '%s' where id = %d limit 1", + $r = q("update item set source_xchan = '%s' where id = %d", dbesc($parent['source_xchan']), intval($item_id) ); } else { $flag_bits = $flag_bits | ITEM_UPLINK; - $r = q("update item set source_xchan = owner_xchan where id = %d limit 1", + $r = q("update item set source_xchan = owner_xchan where id = %d", intval($item_id) ); } @@ -3057,7 +3071,7 @@ function start_delivery_chain($channel,$item,$item_id,$parent) { } $r = q("update item set item_flags = %d, owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', - deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s' where id = %d limit 1", + deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s' where id = %d", intval($flag_bits), dbesc($channel['channel_hash']), dbesc($channel['channel_allow_cid']), @@ -3097,7 +3111,7 @@ function start_delivery_chain($channel,$item,$item_id,$parent) { function check_item_source($uid,$item) { - $r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' || src_xchan = '*' ) limit 1", + $r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' or src_xchan = '*' ) limit 1", intval($uid), dbesc(($item['source_xchan']) ? $item['source_xchan'] : $item['owner_xchan']) ); @@ -3837,17 +3851,17 @@ function item_expire($uid,$days) { $expire_network_only = 1; - $sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ") " : ""); + $sql_extra = ((intval($expire_network_only)) ? " AND not (item_flags & " . intval(ITEM_WALL) . ")>0 " : ""); $r = q("SELECT * FROM `item` WHERE `uid` = %d - AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY + AND `created` < %s - INTERVAL %s AND `id` = `parent` $sql_extra - AND NOT ( item_flags & %d ) + AND NOT ( item_flags & %d )>0 AND (item_restrict = 0 ) ", intval($uid), - intval($days), + db_utcnow(), db_quoteinterval(intval($days).' DAY'), intval(ITEM_RETAINED) ); @@ -3885,7 +3899,7 @@ function item_expire($uid,$days) { } function retain_item($id) { - $r = q("update item set item_flags = (item_flags | %d ) where id = %d limit 1", + $r = q("update item set item_flags = (item_flags | %d ) where id = %d", intval(ITEM_RETAINED), intval($id) ); @@ -3961,7 +3975,7 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL) { // set the deleted flag immediately on this item just in case the // hook calls a remote process which loops. We'll delete it properly in a second. - $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d LIMIT 1", + $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d", intval(ITEM_DELETED), intval($item['id']) ); @@ -4018,7 +4032,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { switch($stage) { case DROPITEM_PHASE2: $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '', - changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", + changed = '%s', edited = '%s' WHERE id = %d", intval(ITEM_PENDING_REMOVE), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -4028,7 +4042,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { case DROPITEM_PHASE1: $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), - changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", + changed = '%s', edited = '%s' WHERE id = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -4039,7 +4053,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { case DROPITEM_NORMAL: default: $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ), body = '', title = '', - changed = '%s', edited = '%s' WHERE id = %d LIMIT 1", + changed = '%s', edited = '%s' WHERE id = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -4051,7 +4065,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { // immediately remove any undesired profile likes. - q("delete from likes where iid = %d and channel_id = %d limit 1", + q("delete from likes where iid = %d and channel_id = %d", intval($item['id']), intval($item['uid']) ); @@ -4062,7 +4076,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { if(strlen($item['resource_id'])) { if($item['resource_type'] === 'event') { - q("delete from event where event_hash = '%s' and uid = %d limit 1", + q("delete from event where event_hash = '%s' and uid = %d", dbesc($item['resource_id']), intval($item['uid']) ); @@ -4082,12 +4096,12 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { if($stage == DROPITEM_PHASE1) return true; - $r = q("delete from term where otype = %d and oid = %d limit 1", + $r = q("delete from term where otype = %d and oid = %d", intval(TERM_OBJ_POST), intval($item['id']) ); - q("delete from item_id where iid = %d and uid = %d limit 1", + q("delete from item_id where iid = %d and uid = %d", intval($item['id']), intval($item['uid']) ); @@ -4106,7 +4120,7 @@ function delete_item_lowlevel($item,$stage = DROPITEM_NORMAL) { function first_post_date($uid,$wall = false) { - $wall_sql = (($wall) ? sprintf(" and item_flags & %d ", ITEM_WALL) : "" ); + $wall_sql = (($wall) ? sprintf(" and (item_flags & %d)>0 ", ITEM_WALL) : "" ); $r = q("select id, created from item where item_restrict = %d and uid = %d and id = parent $wall_sql @@ -4128,10 +4142,13 @@ function first_post_date($uid,$wall = false) { * current flat list of all representative dates. */ -function list_post_dates($uid,$wall) { +function list_post_dates($uid,$wall,$mindate) { $dnow = datetime_convert('',date_default_timezone_get(),'now','Y-m-d'); - $dthen = first_post_date($uid,$wall); + if($mindate) + $dthen = datetime_convert('',date_default_timezone_get(),$mindate); + else + $dthen = first_post_date($uid,$wall); if(! $dthen) return array(); @@ -4249,17 +4266,29 @@ function fetch_post_tags($items,$link = false) { -function zot_feed($uid,$observer_xchan,$mindate) { +function zot_feed($uid,$observer_xchan,$arr) { $result = array(); - $mindate = datetime_convert('UTC','UTC',$mindate); + $mindate = null; + $message_id = null; + + if(array_key_exists('mindate',$arr)) { + $mindate = datetime_convert('UTC','UTC',$arr['mindate']); + } + + if(array_key_exists('message_id',$arr)) { + $message_id = $arr['message_id']; + } + + if(! $mindate) $mindate = NULL_DATE; - $mindate = dbesc($mindate); - logger('zot_feed: ' . $uid); + logger('zot_feed: requested for uid ' . $uid . ' from observer ' . $observer_xchan, LOGGER_DEBUG); + if($message_id) + logger('message_id: ' . $message_id,LOGGER_DEBUG); if(! perm_is_allowed($uid,$observer_xchan,'view_stream')) { logger('zot_feed: permission denied.'); @@ -4278,23 +4307,28 @@ function zot_feed($uid,$observer_xchan,$mindate) { else $limit = " limit 0, 50 "; + if($message_id) { + $sql_extra .= " and mid = '" . dbesc($message_id) . "' "; + $limit = ''; + } + $items = array(); if(is_sys_channel($uid)) { require_once('include/security.php'); - $r = q("SELECT distinct parent from item + $r = q("SELECT distinct parent, created from item WHERE uid != %d and uid in (" . stream_perms_api_uids(PERMS_PUBLIC) . ") AND item_restrict = 0 - AND (item_flags & %d) + AND (item_flags & %d)>0 and item_private = 0 $sql_extra ORDER BY created ASC $limit", intval($uid), intval(ITEM_WALL) ); } else { - $r = q("SELECT distinct parent from item + $r = q("SELECT distinct parent, created from item WHERE uid = %d AND item_restrict = 0 - AND (item_flags & %d) + AND (item_flags & %d)>0 $sql_extra ORDER BY created ASC $limit", intval($uid), intval(ITEM_WALL) @@ -4357,12 +4391,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } if($arr['star']) - $sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ") "; + $sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ")>0 "; if($arr['wall']) - $sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ") "; + $sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ")>0 "; - $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; + $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 $sql_options ) "; if($arr['since_id']) $sql_extra .= " and item.id > " . $since_id . " "; @@ -4400,7 +4434,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } elseif($arr['cid'] && $uid) { - $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1", + $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1", intval($arr['cid']), intval(local_user()) ); @@ -4440,7 +4474,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } if($arr['conv'] && $channel) { - $sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d ))) ", + $sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ", dbesc(protect_sprintf($uidhash)), intval(ITEM_MENTIONSME) ); @@ -4456,11 +4490,11 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C else { $itemspage = (($channel) ? get_pconfig($uid,'system','itemspage') : 20); $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); - $pager_sql = sprintf(" LIMIT %d, %d ",intval(get_app()->pager['start']), intval(get_app()->pager['itemspage'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(get_app()->pager['itemspage']), intval(get_app()->pager['start'])); } if(isset($arr['start']) && isset($arr['records'])) - $pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records'])); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($arr['records']), intval($arr['start'])); if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) { if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { @@ -4482,7 +4516,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } } - $simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''); + $simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " )>0 " : ''); if($client_mode & CLIENT_MODE_LOAD) $simple_update = ''; @@ -4526,7 +4560,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C // Fetch a page full of parent items for this page - $r = q("SELECT distinct item.id AS item_id FROM item + $r = q("SELECT distinct item.id AS item_id, item.$ordering FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE $item_uids $item_restrict AND item.parent = item.id @@ -4624,7 +4658,7 @@ function update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remo dbesc($page_type) ); if($r) { - q("update item_id set sid = '%s' where id = %d limit 1", + q("update item_id set sid = '%s' where id = %d", dbesc(($pagetitle) ? $pagetitle : substr($mid,0,16)), intval($r[0]['id']) ); @@ -4655,7 +4689,7 @@ function item_add_cid($xchan_hash,$mid,$uid) { dbesc('<' . $xchan_hash . '>') ); if(! $r) { - $r = q("update item set allow_cid = concat(allow_cid,'%s') where mid = '%s' and uid = %d limit 1", + $r = q("update item set allow_cid = concat(allow_cid,'%s') where mid = '%s' and uid = %d", dbesc('<' . $xchan_hash . '>'), dbesc($mid), intval($uid) @@ -4670,7 +4704,7 @@ function item_remove_cid($xchan_hash,$mid,$uid) { dbesc('<' . $xchan_hash . '>') ); if($r) { - $x = q("update item set allow_cid = '%s' where mid = '%s' and uid = %d limit 1", + $x = q("update item set allow_cid = '%s' where mid = '%s' and uid = %d", dbesc(str_replace('<' . $xchan_hash . '>','',$r[0]['allow_cid'])), dbesc($mid), intval($uid) diff --git a/include/language.php b/include/language.php index 9db57dceb..f5ee3471e 100644 --- a/include/language.php +++ b/include/language.php @@ -250,8 +250,7 @@ function detect_language($s) { * By default we use the localized language name. You can switch the result * to any language with the optional 2nd parameter $l. * - * $s and $l can be in any format that PHP's Locale understands. We will mostly - * use the 2-letter ISO 639-1 (en, de, fr) format. + * $s and $l should be in 2-letter ISO 639-1 format * * If nothing could be looked up it returns $s. * @@ -259,11 +258,30 @@ function detect_language($s) { * @param $l (optional) In which language to return the name * @return string with the language name, or $s if unrecognized */ +require_once(__DIR__ . '/../library/intl/vendor/autoload.php'); +use CommerceGuys\Intl\Language\LanguageRepository; function get_language_name($s, $l = null) { - if($l === null) - $l = $s; + // get() expects the second part to be in upper case + if(strpos($s,'-') !== false) $s = substr($s,0,2) . strtoupper(substr($s,2)); + if($l !== null && strpos($l,'-') !== false) $l = substr($l,0,2) . strtoupper(substr($l,2)); - logger('get_language_name: for ' . $s . ' in ' . $l . ' returns: ' . Locale::getDisplayLanguage($s, $l), LOGGER_DEBUG); - return Locale::getDisplayLanguage($s, $l); + $languageRepository = new LanguageRepository; + + // Sometimes intl doesn't like the second part at all ... + try { + $language = $languageRepository->get($s, $l); + } + catch(CommerceGuys\Intl\Exception\UnknownLanguageException $e) { + $s = substr($s,0,2); + if($l !== null) $l = substr($s,0,2); + try { + $language = $languageRepository->get($s, $l); + } + catch(CommerceGuys\Intl\Exception\UnknownLanguageException $e) { + return $s; // Give up + } + } + + return $language->getName(); } diff --git a/include/menu.php b/include/menu.php index 8997d2e39..9dc236605 100644 --- a/include/menu.php +++ b/include/menu.php @@ -176,7 +176,7 @@ function menu_edit($arr) { } return q("update menu set menu_name = '%s', menu_desc = '%s', menu_flags = %d - where menu_id = %d and menu_channel_id = %d limit 1", + where menu_id = %d and menu_channel_id = %d", dbesc($menu_name), dbesc($menu_desc), intval($menu_flags), @@ -303,7 +303,7 @@ function menu_edit_item($menu_id, $uid, $arr) { } - $r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d limit 1", + $r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d", dbesc($mitem_link), dbesc($mitem_desc), intval($mitem_flags), @@ -323,7 +323,7 @@ function menu_edit_item($menu_id, $uid, $arr) { function menu_del_item($menu_id,$uid,$item_id) { - $r = q("delete from menu_item where mitem_menu_id = %d and mitem_channel_id = %d and mitem_id = %d limit 1", + $r = q("delete from menu_item where mitem_menu_id = %d and mitem_channel_id = %d and mitem_id = %d", intval($menu_id), intval($uid), intval($item_id) diff --git a/include/message.php b/include/message.php index b063530d6..49278f273 100644 --- a/include/message.php +++ b/include/message.php @@ -243,7 +243,7 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $limit = ''; if($numitems) - $limit = " LIMIT " . intval($start) . ", " . intval($numitems); + $limit = " LIMIT " . intval($numitems) . " OFFSET " . intval($start); if($mailbox !== '') { $x = q("select channel_hash from channel where channel_id = %d limit 1", @@ -332,7 +332,7 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee } if($updateseen) { - $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and id = %d AND channel_id = %d", + $r = q("UPDATE `mail` SET mail_flags = (mail_flags | %d) where not (mail_flags & %d)>0 and id = %d AND channel_id = %d", intval(MAIL_SEEN), intval(MAIL_SEEN), dbesc($messageitem_id), @@ -363,7 +363,7 @@ function private_messages_drop($channel_id, $messageitem_id, $drop_conversation } } else { - $r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d LIMIT 1", + $r = q("DELETE FROM mail WHERE id = %d AND channel_id = %d", intval($messageitem_id), intval($channel_id) ); @@ -421,7 +421,7 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if($updateseen) { - $r = q("UPDATE `mail` SET mail_flags = (mail_flags ^ %d) where not (mail_flags & %d) and parent_mid = '%s' AND channel_id = %d", + $r = q("UPDATE `mail` SET mail_flags = (mail_flags | %d) where not (mail_flags & %d)>0 and parent_mid = '%s' AND channel_id = %d", intval(MAIL_SEEN), intval(MAIL_SEEN), dbesc($r[0]['parent_mid']), diff --git a/include/nav.php b/include/nav.php index f1f89db20..a9bff4b29 100644 --- a/include/nav.php +++ b/include/nav.php @@ -38,7 +38,7 @@ EOT; intval($channel['channel_id']) ); - $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", + $chans = q("select channel_name, channel_id from channel where channel_account_id = %d and not ( channel_pageflags & %d )>0 order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED) ); @@ -92,40 +92,40 @@ EOT; if($chans && count($chans) > 1 && feature_enabled(local_user(),'nav_channel_select')) $nav['channels'] = $chans; - $nav['logout'] = Array('logout',t('Logout'), "", t('End this session')); + $nav['logout'] = Array('logout',t('Logout'), "", t('End this session'),'logout_nav_btn'); // user menu - $nav['usermenu'][] = Array('channel/' . $channel['channel_address'], t('Home'), "", t('Your posts and conversations')); - $nav['usermenu'][] = Array('profile/' . $channel['channel_address'], t('View Profile'), "", t('Your profile page')); + $nav['usermenu'][] = Array('channel/' . $channel['channel_address'], t('Home'), "", t('Your posts and conversations'),'channel_nav_btn'); + $nav['usermenu'][] = Array('profile/' . $channel['channel_address'], t('View Profile'), "", t('Your profile page'),'profile_nav_btn'); if(feature_enabled(local_user(),'multi_profiles')) - $nav['usermenu'][] = Array('profiles', t('Edit Profiles'),"", t('Manage/Edit profiles')); + $nav['usermenu'][] = Array('profiles', t('Edit Profiles'),"", t('Manage/Edit profiles'),'profiles_nav_btn'); else - $nav['usermenu'][] = Array('profiles/' . $prof[0]['id'], t('Edit Profile'),"", t('Edit your profile')); + $nav['usermenu'][] = Array('profiles/' . $prof[0]['id'], t('Edit Profile'),"", t('Edit your profile'),'profiles_nav_btn'); - $nav['usermenu'][] = Array('photos/' . $channel['channel_address'], t('Photos'), "", t('Your photos')); - $nav['usermenu'][] = Array('cloud/' . $channel['channel_address'],t('Files'),"",t('Your files')); + $nav['usermenu'][] = Array('photos/' . $channel['channel_address'], t('Photos'), "", t('Your photos'),'photos_nav_btn'); + $nav['usermenu'][] = Array('cloud/' . $channel['channel_address'],t('Files'),"",t('Your files'),'cloud_nav_btn'); require_once('include/chat.php'); $has_chats = chatroom_list_count(local_user()); if($has_chats) { - $nav['usermenu'][] = Array('chat/' . $channel['channel_address'],t('Chat'),"",t('Your chatrooms')); + $nav['usermenu'][] = Array('chat/' . $channel['channel_address'],t('Chat'),"",t('Your chatrooms'),'chat_nav_btn'); } require_once('include/menu.php'); $has_bookmarks = menu_list_count(local_user(),'',MENU_BOOKMARK) + menu_list_count(local_user(),'',MENU_SYSTEM|MENU_BOOKMARK); if($has_bookmarks) { - $nav['usermenu'][] = Array('bookmarks', t('Bookmarks'), "", t('Your bookmarks')); + $nav['usermenu'][] = Array('bookmarks', t('Bookmarks'), "", t('Your bookmarks'),'bookmarks_nav_btn'); } if(feature_enabled($channel['channel_id'],'webpages')) - $nav['usermenu'][] = Array('webpages/' . $channel['channel_address'],t('Webpages'),"",t('Your webpages')); + $nav['usermenu'][] = Array('webpages/' . $channel['channel_address'],t('Webpages'),"",t('Your webpages'),'webpages_nav_btn'); } else { if(! get_account_id()) { - $nav['loginmenu'][] = Array('login',t('Login'),'',t('Sign in')); + $nav['loginmenu'][] = Array('login',t('Login'),'',t('Sign in'),'login_nav_btn'); } else - $nav['alogout'] = Array('logout',t('Logout'), "", t('End this session')); + $nav['alogout'] = Array('logout',t('Logout'), "", t('End this session'),'logout_nav_btn'); } @@ -142,7 +142,7 @@ EOT; sprintf( t('%s - click to logout'), $observer['xchan_addr'])); } else { - $nav['loginmenu'][] = Array('rmagic',t('Remote authentication'),'',t('Click to authenticate to your home hub')); + $nav['loginmenu'][] = Array('rmagic',t('Remote authentication'),'',t('Click to authenticate to your home hub'),'rmagic_nav_btn'); } /** @@ -156,24 +156,24 @@ EOT; } if(($a->module != 'home') && (! (local_user()))) - $nav['home'] = array($homelink, t('Home'), "", t('Home Page')); + $nav['home'] = array($homelink, t('Home'), "", t('Home Page'),'home_nav_btn'); if(($a->config['system']['register_policy'] == REGISTER_OPEN) && (! local_user()) && (! remote_user())) - $nav['register'] = array('register',t('Register'), "", t('Create an account')); + $nav['register'] = array('register',t('Register'), "", t('Create an account'),'register_nav_btn'); $help_url = z_root() . '/help?f=&cmd=' . $a->cmd; if(! get_config('system','hide_help')) - $nav['help'] = array($help_url, t('Help'), "", t('Help and documentation')); + $nav['help'] = array($help_url, t('Help'), "", t('Help and documentation'),'help_nav_btn'); - $nav['apps'] = array('apps', t('Apps'), "", t('Applications, utilities, links, games')); + $nav['apps'] = array('apps', t('Apps'), "", t('Applications, utilities, links, games'),'apps_nav_btn'); $nav['search'] = array('search', t('Search'), "", t('Search site content')); - $nav['directory'] = array('directory', t('Directory'), "", t('Channel Locator')); + $nav['directory'] = array('directory', t('Directory'), "", t('Channel Directory'),'directory_nav_btn'); /** @@ -187,21 +187,21 @@ EOT; $network_options = get_pconfig(local_user(),'system','network_page_default'); $nav['network'] = array('network' . (($network_options) ? '?f=&' . $network_options : ''), - t('Matrix'), "", t('Your matrix')); + t('Matrix'), "", t('Your matrix'),'network_nav_btn'); $nav['network']['mark'] = array('', t('Mark all matrix notifications seen'), '',''); - $nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home')); + $nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home'),'home_nav_btn'); $nav['home']['mark'] = array('', t('Mark all channel notifications seen'), '',''); - $nav['intros'] = array('connections/ifpending', t('Connections'), "", t('Connections')); + $nav['intros'] = array('connections/ifpending', t('Connections'), "", t('Connections'),'connections_nav_btn'); - $nav['notifications'] = array('notifications/system', t('Notices'), "", t('Notifications')); + $nav['notifications'] = array('notifications/system', t('Notices'), "", t('Notifications'),'notifications_nav_btn'); $nav['notifications']['all']=array('notifications/system', t('See all notifications'), "", ""); $nav['notifications']['mark'] = array('', t('Mark all system notifications seen'), '',''); - $nav['messages'] = array('message', t('Mail'), "", t('Private mail')); + $nav['messages'] = array('message', t('Mail'), "", t('Private mail'),'mail_nav_btn'); $nav['messages']['all']=array('message', t('See all private messages'), "", ""); $nav['messages']['mark'] = array('', t('Mark all private messages seen'), '',''); $nav['messages']['inbox'] = array('message', t('Inbox'), "", t('Inbox')); @@ -209,13 +209,13 @@ EOT; $nav['messages']['new'] = array('mail/new', t('New Message'), "", t('New Message')); - $nav['all_events'] = array('events', t('Events'), "", t('Event Calendar')); + $nav['all_events'] = array('events', t('Events'), "", t('Event Calendar'),'events_nav_btn'); $nav['all_events']['all']=array('events', t('See all events'), "", ""); $nav['all_events']['mark'] = array('', t('Mark all events seen'), '',''); - $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels')); + $nav['manage'] = array('manage', t('Channel Manager'), "", t('Manage Your Channels'),'manage_nav_btn'); - $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings')); + $nav['settings'] = array('settings', t('Settings'),"", t('Account/Channel Settings'),'settings_nav_btn'); } @@ -223,7 +223,7 @@ EOT; * Admin page */ if (is_site_admin()){ - $nav['admin'] = array('admin/', t('Admin'), "", t('Site Setup and Configuration')); + $nav['admin'] = array('admin/', t('Admin'), "", t('Site Setup and Configuration'),'admin_nav_btn'); } @@ -259,6 +259,7 @@ $powered_by = ''; '$localuser' => local_user(), '$sel' => $a->nav_sel, '$powered_by' => $powered_by, + '$help' => t('@name, #tag, content'), '$pleasewait' => t('Please wait...') )); diff --git a/include/network.php b/include/network.php index 25ed615c6..98c411cd8 100644 --- a/include/network.php +++ b/include/network.php @@ -991,7 +991,7 @@ function discover_by_url($url,$arr = null) { ); $photos = import_profile_photo($photo,$guid); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), @@ -1092,25 +1092,27 @@ function discover_by_webbie($webbie) { $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($webbie) ); - if($r) - return true; - - $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_pubkey, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_instance_url, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", - dbesc($addr), - dbesc($guid), - dbesc($pubkey), - dbesc($addr), - dbesc($profile), - dbesc($vcard['fn']), - dbesc($network), - dbesc(z_root()), - dbesc(datetime_convert()) - ); + if(! $r) { + + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_pubkey, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_instance_url, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", + dbesc($addr), + dbesc($guid), + dbesc($pubkey), + dbesc($addr), + dbesc($profile), + dbesc($vcard['fn']), + dbesc($network), + dbesc(z_root()), + dbescdate(datetime_convert()) + ); + } $r = q("select * from hubloc where hubloc_hash = '%s' limit 1", dbesc($webbie) ); + if(! $r) { + $r = q("insert into hubloc ( hubloc_guid, hubloc_hash, hubloc_addr, hubloc_network, hubloc_url, hubloc_host, hubloc_callback, hubloc_updated, hubloc_flags ) values ('%s','%s','%s','%s','%s','%s','%s','%s', %d)", dbesc($guid), dbesc($addr), @@ -1119,13 +1121,13 @@ function discover_by_webbie($webbie) { dbesc(trim($diaspora_base,'/')), dbesc($hostname), dbesc($notify), - dbesc(datetime_convert()), + dbescdate(datetime_convert()), intval(HUBLOC_FLAGS_PRIMARY) ); } $photos = import_profile_photo($vcard['photo'],$addr); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", - dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", + dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), diff --git a/include/notifier.php b/include/notifier.php index 79a6886ad..e1eb0c554 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -58,6 +58,7 @@ require_once('include/html2plain.php'); * expire channel_id * relay item_id (item was relayed to owner, we will deliver it as owner) * location channel_id + * request channel_id xchan_hash message_id * */ @@ -98,7 +99,7 @@ function notifier_run($argv, $argc){ // Get the recipient $r = q("select abook.*, hubloc.* from abook left join hubloc on hubloc_hash = abook_xchan - where abook_id = %d and not ( abook_flags & %d ) limit 1", + where abook_id = %d and not ( abook_flags & %d )>0 limit 1", intval($item_id), intval(ABOOK_FLAG_SELF) ); @@ -142,6 +143,7 @@ function notifier_run($argv, $argc){ $expire = false; + $request = false; $mail = false; $fsuggest = false; $top_level = false; @@ -175,6 +177,22 @@ function notifier_run($argv, $argc){ $channel = $s[0]; } + elseif($cmd === 'request') { + $channel_id = $item_id; + $xchan = $argv[3]; + $request_message_id = $argv[4]; + + $s = q("select * from channel where channel_id = %d limit 1", + intval($channel_id) + ); + if($s) + $channel = $s[0]; + + $private = true; + $recipients[] = $xchan; + $packet_type = 'request'; + $normal_mode = false; + } elseif($cmd === 'expire') { // FIXME @@ -187,11 +205,12 @@ function notifier_run($argv, $argc){ $normal_mode = false; $expire = true; - $items = q("SELECT * FROM item WHERE uid = %d AND ( item_flags & %d ) - AND ( item_restrict & %d ) AND `changed` > UTC_TIMESTAMP() - INTERVAL 10 MINUTE", + $items = q("SELECT * FROM item WHERE uid = %d AND ( item_flags & %d )>0 + AND ( item_restrict & %d )>0 AND `changed` > %s - INTERVAL %s", intval($item_id), intval(ITEM_WALL), - intval(ITEM_DELETED) + intval(ITEM_DELETED), + db_utcnow(), db_quoteinterval('10 MINUTE') ); $uid = $item_id; $item_id = 0; @@ -474,34 +493,51 @@ function notifier_run($argv, $argc){ $r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc - where hubloc_hash in (" . implode(',',$recipients) . ") group by hubloc_sitekey order by hubloc_connected desc limit 1"); + where hubloc_hash in (" . implode(',',$recipients) . ") order by hubloc_connected desc limit 1"); } else { - $r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host from hubloc - where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d) and not (hubloc_status & %d) group by hubloc_sitekey", + where hubloc_hash in (" . implode(',',$recipients) . ") and not (hubloc_flags & %d) > 0 and not (hubloc_status & %d) > 0", intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_OFFLINE) - ); - - } + ); + } if(! $r) { logger('notifier: no hubs'); return; } + $hubs = $r; - $hublist = array(); - $keys = array(); + + /** + * Reduce the hubs to those that are unique. For zot hubs, we need to verify uniqueness by the sitekey, since it may have been + * a re-install which has not yet been detected and pruned. + * For other networks which don't have or require sitekeys, we'll have to use the URL + */ + + + $hublist = array(); // this provides an easily printable list for the logs + $dhubs = array(); // delivery hubs where we store our resulting unique array + $keys = array(); // array of keys to check uniquness for zot hubs + $urls = array(); // array of urls to check uniqueness of hubs from other networks + foreach($hubs as $hub) { - // don't try to deliver to deleted hublocs - and inexplicably SQL "distinct" and "group by" - // both return records with duplicate keys in rare circumstances -// FIXME this is probably redundant now. - if((! ($hub['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) && (! in_array($hub['hubloc_sitekey'],$keys))) { - $hublist[] = $hub['hubloc_host']; - $keys[] = $hub['hubloc_sitekey']; + if($hub['hubloc_network'] == 'zot') { + if(! in_array($hub['hubloc_sitekey'],$keys)) { + $hublist[] = $hub['hubloc_host']; + $dhubs[] = $hub; + $keys[] = $hub['hubloc_sitekey']; + } + } + else { + if(! in_array($hub['hubloc_url'],$urls)) { + $hublist[] = $hub['hubloc_host']; + $dhubs[] = $hub; + $urls[] = $hub['hubloc_url']; + } } } @@ -517,7 +553,7 @@ function notifier_run($argv, $argc){ $deliver = array(); - foreach($hubs as $hub) { + foreach($dhubs as $hub) { if(defined('DIASPORA_RELIABILITY_EMULATION')) { $cointoss = mt_rand(0,2); @@ -550,6 +586,7 @@ function notifier_run($argv, $argc){ 'mail' => $mail, 'location' => $location, 'fsuggest' => $fsuggest, + 'request' => $request, 'normal_mode' => $normal_mode, 'packet_type' => $packet_type, 'walltowall' => $walltowall @@ -579,6 +616,21 @@ function notifier_run($argv, $argc){ dbesc('') ); } + elseif($packet_type === 'request') { + $n = zot_build_packet($channel,'request',$env_recips,$hub['hubloc_sitekey'],$hash,array('message_id' => $request_message_id)); + q("insert into outq ( outq_hash, outq_account, outq_channel, outq_driver, outq_posturl, outq_async, outq_created, outq_updated, outq_notify, outq_msg ) values ( '%s', %d, %d, '%s', '%s', %d, '%s', '%s', '%s', '%s' )", + dbesc($hash), + intval($channel['channel_account_id']), + intval($channel['channel_id']), + dbesc('zot'), + dbesc($hub['hubloc_callback']), + intval(1), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc($n), + dbesc('') + ); + } else { $n = zot_build_packet($channel,'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hash); q("insert into outq ( outq_hash, outq_account, outq_channel, outq_driver, outq_posturl, outq_async, outq_created, outq_updated, outq_notify, outq_msg ) values ( '%s', %d, %d, '%s', '%s', %d, '%s', '%s', '%s', '%s' )", diff --git a/include/onedirsync.php b/include/onedirsync.php index 8ae1df5e5..a1450e183 100644 --- a/include/onedirsync.php +++ b/include/onedirsync.php @@ -35,13 +35,13 @@ function onedirsync_run($argv, $argc){ // (where we received this update from) ? // If we have, we don't need to do anything except mark any older entries updated - $x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d ) order by ud_date desc limit 1", + $x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d )>0 order by ud_date desc limit 1", dbesc($r[0]['ud_addr']), dbesc($r[0]['ud_date']), intval(UPDATE_FLAGS_UPDATED) ); if($x) { - $y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d ) and ud_date < '%s' ", + $y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 and ud_date < '%s' ", intval(UPDATE_FLAGS_UPDATED), dbesc($r[0]['ud_addr']), intval(UPDATE_FLAGS_UPDATED), @@ -50,6 +50,28 @@ function onedirsync_run($argv, $argc){ return; } + // ignore doing an update if this ud_addr refers to a known dead hubloc + + $h = q("select * from hubloc where hubloc_addr = '%s' limit 1", + dbesc($r[0]['ud_addr']) + ); + if(($h) && ($h[0]['hubloc_status'] & HUBLOC_OFFLINE)) { + $y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 and ud_date < '%s' ", + intval(UPDATE_FLAGS_UPDATED), + dbesc($r[0]['ud_addr']), + intval(UPDATE_FLAGS_UPDATED), + dbesc($x[0]['ud_date']) + ); + + return; + } + + // we might have to pull this out some day, but for now update_directory_entry() + // runs zot_finger() and is kind of zot specific + + if($h && $h[0]['hubloc_network'] !== 'zot') + return; + update_directory_entry($r[0]); return; diff --git a/include/onepoll.php b/include/onepoll.php index 98d52db93..095edd095 100644 --- a/include/onepoll.php +++ b/include/onepoll.php @@ -15,12 +15,6 @@ function onepoll_run($argv, $argc){ logger('onepoll: start'); - $manual_id = 0; - $generation = 0; - - $force = false; - $restart = false; - if(($argc > 1) && (intval($argv[1]))) $contact_id = intval($argv[1]); @@ -28,14 +22,14 @@ function onepoll_run($argv, $argc){ logger('onepoll: no contact'); return; } - + $d = datetime_convert(); $contacts = q("SELECT abook.*, xchan.*, account.* FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan where abook_id = %d - AND (( abook_flags & %d ) OR ( abook_flags = %d )) - AND NOT ( abook_flags & %d ) + AND (( abook_flags & %d )>0 OR ( abook_flags = %d )) + AND NOT ( abook_flags & %d )>0 AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1", intval($contact_id), intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED), @@ -75,7 +69,7 @@ function onepoll_run($argv, $argc){ if($contact['xchan_network'] === 'rss') { logger('onepoll: processing feed ' . $contact['xchan_name'], LOGGER_DEBUG); handle_feed($importer['channel_id'],$contact_id,$contact['xchan_hash']); - q("update abook set abook_connected = '%s' where abook_id = %d limit 1", + q("update abook set abook_connected = '%s' where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id']) ); @@ -90,18 +84,19 @@ function onepoll_run($argv, $argc){ $x = zot_refresh($contact,$importer); $responded = false; - $updated = datetime_convert(); + $updated = datetime_convert(); + $connected = datetime_convert(); if(! $x) { // mark for death by not updating abook_connected, this is caught in include/poller.php - q("update abook set abook_updated = '%s' where abook_id = %d limit 1", + q("update abook set abook_updated = '%s' where abook_id = %d", dbesc($updated), intval($contact['abook_id']) ); } else { - q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d limit 1", - dbesc($updated), + q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d", dbesc($updated), + dbesc($connected), intval($contact['abook_id']) ); $responded = true; @@ -120,7 +115,9 @@ function onepoll_run($argv, $argc){ if($fetch_feed) { $feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']); - $x = z_fetch_url($feedurl . '?f=&mindate=' . urlencode($last_update)); + $feedurl .= '?f=&mindate=' . urlencode($last_update); + + $x = z_fetch_url($feedurl); logger('feed_update: ' . print_r($x,true), LOGGER_DATA); @@ -143,13 +140,14 @@ function onepoll_run($argv, $argc){ } } - // fetch some items - // set last updated timestamp + + // update the poco details for this connection if($contact['xchan_connurl']) { $r = q("SELECT xlink_id from xlink - where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY limit 1", - intval($contact['xchan_hash']) + where xlink_xchan = '%s' and xlink_updated > %s - INTERVAL %s limit 1", + intval($contact['xchan_hash']), + db_utcnow(), db_quoteinterval('1 DAY') ); if(! $r) { poco_load($contact['xchan_hash'],$contact['xchan_connurl']); diff --git a/include/permissions.php b/include/permissions.php index 186ba32d8..ccbde1a7c 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -1,6 +1,19 @@ -<?php /** @file */ - +<?php +/** + * @file incldue/permissions.php + * + * This file conntains functions to check and work with permissions. + */ +/** + * @brief Return an array with all available permissions. + * + * These are channel specific permissions. + * The list of available permissions can get manipulated by the <i>hook</i> + * <b>global_permissions</b>. + * + * @return array associative array containing all permissions + */ function get_perms() { // thinking about making element[2] a bitmask instead of boolean so that we can provide a list of applicable selections @@ -14,8 +27,8 @@ function get_perms() { 'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my default channel profile'), ''), 'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my photo albums'), ''), 'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my connections'), ''), - 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''), - 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''), + 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''), + 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''), // Write permissions 'send_stream' => array('channel_w_stream', intval(PERMS_W_STREAM), false, t('Can send me their channel stream and posts'), ''), @@ -23,19 +36,20 @@ function get_perms() { 'post_comments' => array('channel_w_comment', intval(PERMS_W_COMMENT), false, t('Can comment on or like my posts'), ''), 'post_mail' => array('channel_w_mail', intval(PERMS_W_MAIL), false, t('Can send me private mail messages'), ''), 'post_photos' => array('channel_w_photos', intval(PERMS_W_PHOTOS), false, t('Can post photos to my photo albums'), ''), - 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')), + 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')), 'tag_deliver' => array('channel_w_tagwall', intval(PERMS_W_TAGWALL), false, t('Can forward to all my channel contacts via post @mentions'), t('Advanced - useful for creating group forum channels')), 'chat' => array('channel_w_chat', intval(PERMS_W_CHAT), false, t('Can chat with me (when available)'), t('')), - 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''), - 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''), + 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''), + 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''), - 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')), + 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')), - 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')), + 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')), ); $ret = array('global_permissions' => $global_perms); - call_hooks('global_permissions',$ret); + call_hooks('global_permissions', $ret); + return $ret['global_permissions']; } @@ -43,13 +57,13 @@ function get_perms() { /** * get_all_perms($uid,$observer_xchan) * - * @param $uid : The channel_id associated with the resource owner - * @param $observer_xchan: The xchan_hash representing the observer + * @param int $uid The channel_id associated with the resource owner + * @param string $observer_xchan The xchan_hash representing the observer + * @param bool $internal_use (default true) * - * @returns: array of all permissions, key is permission name, value is true or false + * @returns array of all permissions, key is permission name, value is true or false */ - -function get_all_perms($uid,$observer_xchan,$internal_use = true) { +function get_all_perms($uid, $observer_xchan, $internal_use = true) { $global_perms = get_perms(); @@ -85,7 +99,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { continue; } - // Next we're going to check for blocked or ignored contacts. // These take priority over all other settings. @@ -94,10 +107,10 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $ret[$perm_name] = true; continue; } - + if(! $abook_checked) { $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash - where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", + where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1", intval($uid), dbesc($observer_xchan), intval(ABOOK_FLAG_SELF) @@ -105,7 +118,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { if(! $x) { // not in address book, see if they've got an xchan $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) + dbesc($observer_xchan) ); } @@ -113,7 +126,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { } // If they're blocked - they can't read or write - + if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) { $ret[$perm_name] = false; continue; @@ -130,7 +143,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { // system is blocked to anybody who is not authenticated - if((! $observer_xchan) && intval(get_config('system','block_public'))) { + if((! $observer_xchan) && intval(get_config('system', 'block_public'))) { $ret[$perm_name] = false; continue; } @@ -177,14 +190,14 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $onsite_checked = true; } - + if($c) $ret[$perm_name] = true; else $ret[$perm_name] = false; continue; - } + } // From here on we require that the observer be a connection and // handle whether we're allowing any, approved or specific ones @@ -226,7 +239,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $ret[$perm_name] = false; continue; - } $arr = array( @@ -235,11 +247,23 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { 'permissions' => $ret); call_hooks('get_all_perms',$arr); + return $arr['permissions']; } - -function perm_is_allowed($uid,$observer_xchan,$permission) { +/** + * @brief Checks if given permission is allowed for given observer on a channel. + * + * Checks if the given observer with the hash $observer_xchan has permission + * $permission on channel_id $uid. + * $permission is one defined in get_perms(); + * + * @param int $uid The channel_id associated with the resource owner + * @param string $observer_xchan The xchan_hash representing the observer + * @param string $permission + * @return bool true if permission is allowed for observer on channel + */ +function perm_is_allowed($uid, $observer_xchan, $permission) { $arr = array( 'channel_id' => $uid, @@ -247,7 +271,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { 'permission' => $permission, 'result' => false); - call_hooks('perm_is_allowed',$arr); + call_hooks('perm_is_allowed', $arr); if($arr['result']) return true; @@ -257,7 +281,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { $channel_perm = $global_perms[$permission][0]; - $r = q("select %s, channel_hash from channel where channel_id = %d limit 1", + $r = q("select %s, channel_pageflags, channel_hash from channel where channel_id = %d limit 1", dbesc($channel_perm), intval($uid) ); @@ -269,7 +293,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return true; $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash - where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", + where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1", intval($uid), dbesc($observer_xchan), intval(ABOOK_FLAG_SELF) @@ -279,21 +303,21 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) return false; - + if(($x) && (! $global_perms[$permission][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED)) return false; if(! $x) { // not in address book, see if they've got an xchan $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) + dbesc($observer_xchan) ); } } // system is blocked to anybody who is not authenticated - if((! $observer_xchan) && intval(get_config('system','block_public'))) + if((! $observer_xchan) && intval(get_config('system', 'block_public'))) return false; // Check if this $uid is actually the $observer_xchan @@ -301,7 +325,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if($r[0]['channel_hash'] === $observer_xchan) return true; - if($r[0][$channel_perm] & PERMS_PUBLIC) return true; @@ -326,6 +349,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { ); if($c) return true; + return false; } @@ -361,25 +385,32 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { // No permissions allowed. - return false; + return false; } // Check a simple array of observers against a permissions // return a simple array of those with permission -function check_list_permissions($uid,$arr,$perm) { +function check_list_permissions($uid, $arr, $perm) { $result = array(); if($arr) foreach($arr as $x) - if(perm_is_allowed($uid,$x,$perm)) + if(perm_is_allowed($uid, $x, $perm)) $result[] = $x; + return($result); } - +/** + * @brief Sets site wide default permissions. + * + * @return array + */ function site_default_perms() { + $ret = array(); + $typical = array( 'view_stream' => PERMS_PUBLIC, 'view_profile' => PERMS_PUBLIC, @@ -401,14 +432,14 @@ function site_default_perms() { ); $global_perms = get_perms(); - $ret = array(); foreach($global_perms as $perm => $v) { - $x = get_config('default_perms',$perm); + $x = get_config('default_perms', $perm); if($x === false) $x = $typical[$perm]; $ret[$perm] = $x; } + return $ret; } @@ -449,15 +480,15 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; + $ret['channel_w_stream'] = PERMS_SPECIFIC; + $ret['channel_w_wall'] = PERMS_SPECIFIC; $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_CONTACTS; - $ret['channel_w_mail'] = PERMS_CONTACTS; + $ret['channel_w_comment'] = PERMS_SPECIFIC; + $ret['channel_w_mail'] = PERMS_SPECIFIC; $ret['channel_w_photos'] = 0; - $ret['channel_w_chat'] = PERMS_CONTACTS; + $ret['channel_w_chat'] = PERMS_SPECIFIC; $ret['channel_a_delegate'] = 0; $ret['channel_r_storage'] = PERMS_PUBLIC; $ret['channel_w_storage'] = 0; @@ -465,9 +496,8 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - - break; + break; case 'social_restricted': $ret['perms_auto'] = false; @@ -482,25 +512,24 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; + $ret['channel_w_stream'] = PERMS_SPECIFIC; + $ret['channel_w_wall'] = PERMS_SPECIFIC; $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_CONTACTS; - $ret['channel_w_mail'] = PERMS_CONTACTS; + $ret['channel_w_comment'] = PERMS_SPECIFIC; + $ret['channel_w_mail'] = PERMS_SPECIFIC; $ret['channel_w_photos'] = 0; - $ret['channel_w_chat'] = PERMS_CONTACTS; + $ret['channel_w_chat'] = PERMS_SPECIFIC; $ret['channel_a_delegate'] = 0; $ret['channel_r_storage'] = PERMS_PUBLIC; $ret['channel_w_storage'] = 0; $ret['channel_r_pages'] = PERMS_PUBLIC; $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_CONTACTS; - - break; + $ret['channel_w_like'] = PERMS_SPECIFIC; + break; case 'social_private': $ret['perms_auto'] = false; @@ -515,12 +544,12 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; - $ret['channel_r_abook'] = PERMS_CONTACTS; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; + $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_abook'] = PERMS_SPECIFIC; + $ret['channel_w_stream'] = PERMS_SPECIFIC; + $ret['channel_w_wall'] = PERMS_SPECIFIC; $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_CONTACTS; + $ret['channel_w_comment'] = PERMS_SPECIFIC; $ret['channel_w_mail'] = PERMS_SPECIFIC; $ret['channel_w_photos'] = 0; $ret['channel_w_chat'] = PERMS_SPECIFIC; @@ -530,8 +559,8 @@ function get_role_perms($role) { $ret['channel_r_pages'] = PERMS_PUBLIC; $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_CONTACTS; - + $ret['channel_w_like'] = PERMS_SPECIFIC; + break; case 'forum': @@ -547,15 +576,15 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; - $ret['channel_w_tagwall'] = PERMS_CONTACTS; - $ret['channel_w_comment'] = PERMS_CONTACTS; - $ret['channel_w_mail'] = PERMS_CONTACTS; + $ret['channel_w_stream'] = 0; + $ret['channel_w_wall'] = PERMS_SPECIFIC; + $ret['channel_w_tagwall'] = PERMS_SPECIFIC; + $ret['channel_w_comment'] = PERMS_SPECIFIC; + $ret['channel_w_mail'] = PERMS_SPECIFIC; $ret['channel_w_photos'] = 0; - $ret['channel_w_chat'] = PERMS_CONTACTS; + $ret['channel_w_chat'] = PERMS_SPECIFIC; $ret['channel_a_delegate'] = 0; $ret['channel_r_storage'] = PERMS_PUBLIC; $ret['channel_w_storage'] = 0; @@ -563,7 +592,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'forum_restricted': @@ -579,25 +608,24 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; + $ret['channel_w_stream'] = 0; + $ret['channel_w_wall'] = PERMS_SPECIFIC; $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_CONTACTS; - $ret['channel_w_mail'] = PERMS_CONTACTS; + $ret['channel_w_comment'] = PERMS_SPECIFIC; + $ret['channel_w_mail'] = PERMS_SPECIFIC; $ret['channel_w_photos'] = 0; - $ret['channel_w_chat'] = PERMS_CONTACTS; + $ret['channel_w_chat'] = PERMS_SPECIFIC; $ret['channel_a_delegate'] = 0; $ret['channel_r_storage'] = PERMS_PUBLIC; $ret['channel_w_storage'] = 0; $ret['channel_r_pages'] = PERMS_PUBLIC; $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_CONTACTS; - - break; + $ret['channel_w_like'] = PERMS_SPECIFIC; + break; case 'forum_private': $ret['perms_auto'] = false; @@ -611,24 +639,24 @@ function get_role_perms($role) { |PERMS_W_STREAM|PERMS_W_WALL|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; - $ret['channel_r_profile'] = PERMS_CONTACTS; - $ret['channel_r_photos'] = PERMS_CONTACTS; - $ret['channel_r_abook'] = PERMS_CONTACTS; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; + $ret['channel_r_profile'] = PERMS_SPECIFIC; + $ret['channel_r_photos'] = PERMS_SPECIFIC; + $ret['channel_r_abook'] = PERMS_SPECIFIC; + $ret['channel_w_stream'] = 0; + $ret['channel_w_wall'] = PERMS_SPECIFIC; $ret['channel_w_tagwall'] = 0; - $ret['channel_w_comment'] = PERMS_CONTACTS; + $ret['channel_w_comment'] = PERMS_SPECIFIC; $ret['channel_w_mail'] = PERMS_SPECIFIC; $ret['channel_w_photos'] = 0; $ret['channel_w_chat'] = PERMS_SPECIFIC; $ret['channel_a_delegate'] = 0; - $ret['channel_r_storage'] = PERMS_CONTACTS; + $ret['channel_r_storage'] = PERMS_SPECIFIC; $ret['channel_w_storage'] = 0; - $ret['channel_r_pages'] = PERMS_CONTACTS; + $ret['channel_r_pages'] = PERMS_SPECIFIC; $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; - $ret['channel_w_like'] = PERMS_CONTACTS; - + $ret['channel_w_like'] = PERMS_SPECIFIC; + break; case 'feed': @@ -644,15 +672,15 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; + $ret['channel_w_stream'] = PERMS_SPECIFIC; + $ret['channel_w_wall'] = PERMS_SPECIFIC; $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_CONTACTS; - $ret['channel_w_mail'] = PERMS_CONTACTS; + $ret['channel_w_comment'] = PERMS_SPECIFIC; + $ret['channel_w_mail'] = PERMS_SPECIFIC; $ret['channel_w_photos'] = 0; - $ret['channel_w_chat'] = PERMS_CONTACTS; + $ret['channel_w_chat'] = PERMS_SPECIFIC; $ret['channel_a_delegate'] = 0; $ret['channel_r_storage'] = PERMS_PUBLIC; $ret['channel_w_storage'] = 0; @@ -660,11 +688,10 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_NETWORK; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'feed_restricted': - $ret['perms_auto'] = false; $ret['default_collection'] = true; $ret['directory_publish'] = false; @@ -677,15 +704,15 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; + $ret['channel_w_stream'] = PERMS_SPECIFIC; + $ret['channel_w_wall'] = PERMS_SPECIFIC; $ret['channel_w_tagwall'] = PERMS_SPECIFIC; - $ret['channel_w_comment'] = PERMS_CONTACTS; - $ret['channel_w_mail'] = PERMS_CONTACTS; + $ret['channel_w_comment'] = PERMS_SPECIFIC; + $ret['channel_w_mail'] = PERMS_SPECIFIC; $ret['channel_w_photos'] = 0; - $ret['channel_w_chat'] = PERMS_CONTACTS; + $ret['channel_w_chat'] = PERMS_SPECIFIC; $ret['channel_a_delegate'] = 0; $ret['channel_r_storage'] = PERMS_PUBLIC; $ret['channel_w_storage'] = 0; @@ -693,7 +720,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'soapbox': @@ -707,7 +734,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = 0; @@ -723,7 +750,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'repository': @@ -741,28 +768,25 @@ function get_role_perms($role) { $ret['channel_r_profile'] = PERMS_PUBLIC; $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; - $ret['channel_w_stream'] = PERMS_CONTACTS; - $ret['channel_w_wall'] = PERMS_CONTACTS; - $ret['channel_w_tagwall'] = PERMS_CONTACTS; - $ret['channel_w_comment'] = PERMS_CONTACTS; - $ret['channel_w_mail'] = PERMS_CONTACTS; - $ret['channel_w_photos'] = PERMS_CONTACTS; - $ret['channel_w_chat'] = PERMS_CONTACTS; + $ret['channel_w_stream'] = PERMS_SPECIFIC; + $ret['channel_w_wall'] = PERMS_SPECIFIC; + $ret['channel_w_tagwall'] = PERMS_SPECIFIC; + $ret['channel_w_comment'] = PERMS_SPECIFIC; + $ret['channel_w_mail'] = PERMS_SPECIFIC; + $ret['channel_w_photos'] = PERMS_SPECIFIC; + $ret['channel_w_chat'] = PERMS_SPECIFIC; $ret['channel_a_delegate'] = 0; $ret['channel_r_storage'] = PERMS_PUBLIC; - $ret['channel_w_storage'] = PERMS_CONTACTS; + $ret['channel_w_storage'] = PERMS_SPECIFIC; $ret['channel_r_pages'] = PERMS_PUBLIC; - $ret['channel_w_pages'] = PERMS_CONTACTS; + $ret['channel_w_pages'] = PERMS_SPECIFIC; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - - break; - + break; default: break; - } $x = get_config('system','role_perms'); @@ -775,33 +799,19 @@ function get_role_perms($role) { return $ret; } - -function role_selector($current) { - - if(! $current) - $current = 'custom'; - +/** + * @brief Returns a list or roles, grouped by type + * + * @param string $current The current role + * @return string Returns an array of roles, grouped by type + */ +function get_roles() { $roles = array( - 'social' => array( t('Social Networking'), - array('social' => t('Mostly Public'), 'social_restricted' => t('Restricted'), 'social_private' => t('Private'))), - 'forum' => array( t('Community Forum'), - array('forum' => t('Mostly Public'), 'forum_restricted' => t('Restricted'), 'forum_private' => t('Private'))), - 'feed' => array( t('Feed Republish'), - array('feed' => t('Mostly Public'), 'feed_restricted' => t('Restricted'))), - 'special' => array( t('Special Purpose'), - array('soapbox' => t('Celebrity/Soapbox'), 'repository' => t('Group Repository'))), - 'other' => array( t('Other'), - array('custom' => t('Custom/Expert Mode')))); - $o = '<select name="permissions_role" id="privacy-role-select">'; - foreach($roles as $k => $v) { - $o .= '<optgroup label="'. htmlspecialchars($v[0]) . '" >'; - foreach($v[1] as $kk => $vv) { - $selected = (($kk === $current) ? ' selected="selected" ' : ''); - $o .= '<option value="' . $kk . '" ' . $selected . '>' . htmlspecialchars($vv) . '</option>'; - } - $o .= '</optgroup>'; - } - $o .= '</select>'; - return $o; -} + t('Social Networking') => array('social' => t('Mostly Public'), 'social_restricted' => t('Restricted'), 'social_private' => t('Private')), + t('Community Forum') => array('forum' => t('Mostly Public'), 'forum_restricted' => t('Restricted'), 'forum_private' => t('Private')), + t('Feed Republish') => array('feed' => t('Mostly Public'), 'feed_restricted' => t('Restricted')), + t('Special Purpose') => array('soapbox' => t('Celebrity/Soapbox'), 'repository' => t('Group Repository')), + t('Other') => array('custom' => t('Custom/Expert Mode'))); + return $roles; +} diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 508d82957..e63125671 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -341,7 +341,7 @@ abstract class photo_driver { `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - where id = %d limit 1", + where id = %d", intval($p['aid']), intval($p['uid']), @@ -354,7 +354,7 @@ abstract class photo_driver { dbesc($p['album']), intval($this->getHeight()), intval($this->getWidth()), - dbesc($this->imageString()), + dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($p['scale']), intval($p['profile']), @@ -383,7 +383,7 @@ abstract class photo_driver { dbesc($p['album']), intval($this->getHeight()), intval($this->getWidth()), - dbesc($this->imageString()), + dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($p['scale']), intval($p['profile']), @@ -428,7 +428,7 @@ abstract class photo_driver { `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - where id = %d limit 1", + where id = %d", intval($aid), intval($uid), @@ -441,7 +441,7 @@ abstract class photo_driver { dbesc($album), intval($this->getHeight()), intval($this->getWidth()), - dbesc($this->imageString()), + dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($scale), intval($profile), @@ -467,7 +467,7 @@ abstract class photo_driver { dbesc($album), intval($this->getHeight()), intval($this->getWidth()), - dbesc($this->imageString()), + dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($scale), intval($profile), @@ -562,7 +562,7 @@ function import_profile_photo($photo,$xchan,$thing = false) { if($thing) $hash = photo_new_resource(); else { - $r = q("select resource_id from photo where xchan = '%s' and (photo_flags & %d ) and scale = 4 limit 1", + $r = q("select resource_id from photo where xchan = '%s' and (photo_flags & %d )>0 and scale = 4 limit 1", dbesc($xchan), intval(PHOTO_XCHAN) ); diff --git a/include/photos.php b/include/photos.php index badbbd791..2393153c6 100644 --- a/include/photos.php +++ b/include/photos.php @@ -44,9 +44,10 @@ function photo_upload($channel, $observer, $args) { * */ - $r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > UTC_TIMESTAMP() - INTERVAL 3 HOUR ", + $r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > %s - INTERVAL %s ", dbesc($album), - intval($channel_id) + intval($channel_id), + db_utcnow(), db_quoteinterval('3 HOUR') ); if((! $r) || ($album == t('Profile Photos'))) $visible = 1; @@ -178,7 +179,7 @@ function photo_upload($channel, $observer, $args) { if($args['title']) $p['title'] = $args['title']; if($args['description']) - $p['desciprion'] = $args['description']; + $p['description'] = $args['description']; $r1 = $ph->save($p); @@ -291,7 +292,7 @@ function photos_albums_list($channel,$observer) { $sql_extra = permissions_sql($channel_id); - $albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by created desc", + $albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by max(created) desc", intval($channel_id), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE) @@ -431,7 +432,7 @@ function photos_create_item($channel, $creator_hash, $photo, $visible = false) { // Create item container $item_flags = ITEM_WALL|ITEM_ORIGIN|ITEM_THREAD_TOP; - $item_restrict = (($visible) ? ITEM_HIDDEN : ITEM_VISIBLE); + $item_restrict = (($visible) ? ITEM_VISIBLE : ITEM_HIDDEN); $title = ''; $mid = item_message_id(); diff --git a/include/plugin.php b/include/plugin.php index 4f9ab71da..08decc8e3 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -102,7 +102,7 @@ function load_plugin($plugin) { // This way the system won't fall over dead during the update. if(file_exists('addon/' . $plugin . '/.hidden')) { - q("update addon set hidden = 1 where name = '%s' limit 1", + q("update addon set hidden = 1 where name = '%s'", dbesc($plugin) ); } @@ -158,7 +158,7 @@ function reload_plugins() { $func = $pl . '_load'; $func(); } - q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d LIMIT 1", + q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d", intval($t), intval($i['id']) ); @@ -208,7 +208,7 @@ function register_hook($hook, $file, $function, $priority = 0) { * @return mixed */ function unregister_hook($hook, $file, $function) { - $r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1", + $r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `function` = '%s'", dbesc($hook), dbesc($file), dbesc($function) @@ -472,6 +472,8 @@ function script_path() { $scheme = 'https'; elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) $scheme = 'https'; + elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') + $scheme = 'https'; else $scheme = 'http'; diff --git a/include/poller.php b/include/poller.php index f11618d37..bd3f81a2e 100644 --- a/include/poller.php +++ b/include/poller.php @@ -27,10 +27,11 @@ function poller_run($argv, $argc){ // Check for a lockfile. If it exists, but is over an hour old, it's stale. Ignore it. $lockfile = 'store/[data]/poller'; - if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600))) { - logger("poller: Already running"); + if((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600)) + && (! get_config('system','override_poll_lockfile'))) { + logger("poller: Already running"); return; - } + } // Create a lockfile. Needs two vars, but $x doesn't need to contain anything. file_put_contents($lockfile, $x); @@ -44,15 +45,17 @@ function poller_run($argv, $argc){ // expire any expired mail - q("delete from mail where expires != '%s' and expires < UTC_TIMESTAMP() ", - dbesc(NULL_DATE) + q("delete from mail where expires != '%s' and expires < %s ", + dbesc(NULL_DATE), + db_utcnow() ); // expire any expired items - $r = q("select id from item where expires != '%s' and expires < UTC_TIMESTAMP() - and not ( item_restrict & %d ) ", + $r = q("select id from item where expires != '%s' and expires < %s + and ( item_restrict & %d ) = 0 ", dbesc(NULL_DATE), + db_utcnow(), intval(ITEM_DELETED) ); if($r) { @@ -66,7 +69,10 @@ function poller_run($argv, $argc){ // channels and sites that quietly vanished and prevent the directory from accumulating stale // or dead entries. - $r = q("select channel_id from channel where channel_dirdate < UTC_TIMESTAMP() - INTERVAL 30 DAY"); + $r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s", + db_utcnow(), + db_quoteinterval('30 DAY') + ); if($r) { foreach($r as $rr) { proc_run('php','include/directory.php',$rr['channel_id'],'force'); @@ -78,12 +84,13 @@ function poller_run($argv, $argc){ // publish any applicable items that were set to be published in the future // (time travel posts) - $r = q("select id from item where ( item_restrict & %d ) and created <= UTC_TIMESTAMP() ", - intval(ITEM_DELAYED_PUBLISH) + $r = q("select id from item where ( item_restrict & %d ) > 0 and created <= %s ", + intval(ITEM_DELAYED_PUBLISH), + db_utcnow() ); if($r) { foreach($r as $rr) { - $x = q("update item set item_restrict = ( item_restrict ^ %d ) where id = %d limit 1", + $x = q("update item set item_restrict = ( item_restrict & ~%d ) where id = %d", intval(ITEM_DELAYED_PUBLISH), intval($rr['id']) ); @@ -123,8 +130,8 @@ function poller_run($argv, $argc){ if(($d2 != $d1) && ($h1 == $h2)) { - require_once('include/dir_fns.php'); - check_upstream_directory(); + require_once('include/dir_fns.php'); + check_upstream_directory(); call_hooks('cron_daily',datetime_convert()); @@ -167,7 +174,9 @@ function poller_run($argv, $argc){ // expire any read notifications over a month old - q("delete from notify where seen = 1 and date < UTC_TIMESTAMP() - INTERVAL 30 DAY"); + q("delete from notify where seen = 1 and date < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('30 DAY') + ); // expire any expired accounts downgrade_accounts(); @@ -199,13 +208,16 @@ function poller_run($argv, $argc){ // This should be rare $r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = '' - and xchan_photo_date < UTC_TIMESTAMP() - INTERVAL 1 DAY"); + and xchan_photo_date < %s - INTERVAL %s", + db_utcnow(), + db_quoteinterval('1 DAY') + ); if($r) { require_once('include/photo/photo_driver.php'); foreach($r as $rr) { $photos = import_profile_photo($rr['xchan_photo_l'],$rr['xchan_hash']); $x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), @@ -244,13 +256,13 @@ function poller_run($argv, $argc){ } - $sql_extra = (($manual_id) ? " AND abook_id = $manual_id " : ""); + $sql_extra = (($manual_id) ? " AND abook_id = " . intval($manual_id) . " " : ""); reload_plugins(); $d = datetime_convert(); - //TODO check to see if there are any cronhooks before wasting a process + // TODO check to see if there are any cronhooks before wasting a process if(! $restart) proc_run('php','include/cronhooks.php'); @@ -258,16 +270,17 @@ function poller_run($argv, $argc){ // Only poll from those with suitable relationships $abandon_sql = (($abandon_days) - ? sprintf(" AND account_lastlog > UTC_TIMESTAMP() - INTERVAL %d DAY ", intval($abandon_days)) + ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days).' DAY')) : '' ); - - $contacts = q("SELECT abook_id, abook_flags, abook_updated, abook_connected, abook_closeness, abook_xchan, abook_channel - FROM abook LEFT JOIN account on abook_account = account_id where 1 + $randfunc = db_getfunc('RAND'); + + $contacts = q("SELECT abook_id, abook_flags, abook_updated, abook_connected, abook_closeness, abook_xchan, abook_channel, xchan_network + FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash LEFT JOIN account on abook_account = account_id $sql_extra - AND (( abook_flags & %d ) OR ( abook_flags = %d )) - AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY RAND()", + AND (( abook_flags & %d ) > 0 OR ( abook_flags = %d )) + AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY $randfunc", intval(ABOOK_FLAG_HIDDEN|ABOOK_FLAG_PENDING|ABOOK_FLAG_UNCONNECTED|ABOOK_FLAG_FEED), intval(0), intval(ACCOUNT_OK), @@ -279,6 +292,9 @@ function poller_run($argv, $argc){ foreach($contacts as $contact) { + if($contact['abook_flags'] & ABOOK_FLAG_SELF) + continue; + $update = false; $t = $contact['abook_updated']; @@ -300,15 +316,19 @@ function poller_run($argv, $argc){ } + if($contact['xchan_network'] !== 'zot') + continue; + if($c == $t) { if(datetime_convert('UTC','UTC', 'now') > datetime_convert('UTC','UTC', $t . " + 1 day")) $update = true; } else { + // if we've never connected with them, start the mark for death countdown from now if($c == NULL_DATE) { - $r = q("update abook set abook_connected = '%s' where abook_id = %d limit 1", + $r = q("update abook set abook_connected = '%s' where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id']) ); @@ -319,17 +339,12 @@ function poller_run($argv, $argc){ // He's dead, Jim if(strcmp(datetime_convert('UTC','UTC', 'now'),datetime_convert('UTC','UTC', $c . " + 30 day")) > 0) { - $n = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($contact['abook_xchan']) + $r = q("update abook set abook_flags = (abook_flags | %d) where abook_id = %d", + intval(ABOOK_FLAG_ARCHIVED), + intval($contact['abook_id']) ); - if($n && $n[0]['xchan_network'] == 'zot') { - $r = q("update abook set abook_flags = (abook_flags | %d) where abook_id = %d limit 1", - intval(ABOOK_FLAG_ARCHIVED), - intval($contact['abook_id']) - ); - $update = false; - continue; - } + $update = false; + continue; } if($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) { @@ -351,9 +366,11 @@ function poller_run($argv, $argc){ $update = true; } - } + if($contact['abook_flags'] & (ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED|ABOOK_FLAG_IGNORED)) + continue; + if((! $update) && (! $force)) continue; @@ -365,9 +382,10 @@ function poller_run($argv, $argc){ } if($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) { - $r = q("select distinct ud_addr, updates.* from updates where not ( ud_flags & %d ) and ud_addr != '' and ( ud_last = '%s' OR ud_last > UTC_TIMESTAMP() - INTERVAL 7 DAY ) group by ud_addr ", + $r = q("select distinct ud_addr, updates.* from updates where ( ud_flags & %d ) = 0 and ud_addr != '' and ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) group by ud_addr ", intval(UPDATE_FLAGS_UPDATED), - dbesc(NULL_DATE) + dbesc(NULL_DATE), + db_utcnow(), db_quoteinterval('7 DAY') ); if($r) { foreach($r as $rr) { @@ -385,6 +403,8 @@ function poller_run($argv, $argc){ } } + set_config('system','lastpoll',datetime_convert()); + //All done - clear the lockfile @unlink($lockfile); diff --git a/include/queue.php b/include/queue.php index 222ebada4..b6a540ef9 100644 --- a/include/queue.php +++ b/include/queue.php @@ -22,7 +22,9 @@ function queue_run($argv, $argc){ logger('queue: start'); - $r = q("DELETE FROM outq WHERE outq_created < UTC_TIMESTAMP() - INTERVAL 3 DAY"); + $r = q("DELETE FROM outq WHERE outq_created < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('3 DAY') + ); if($queue_id) { $r = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1", @@ -37,8 +39,18 @@ function queue_run($argv, $argc){ // so that we don't start off a thousand deliveries for a couple of dead hubs. // The zot driver will deliver everything destined for a single hub once contact is made (*if* contact is made). // Other drivers will have to do something different here and may need their own query. - - $r = q("SELECT * FROM outq WHERE outq_delivered = 0 and (( outq_created > UTC_TIMESTAMP() - INTERVAL 12 HOUR and outq_updated < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ) OR ( outq_updated < UTC_TIMESTAMP() - INTERVAL 1 HOUR )) group by outq_posturl"); + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $prefix = 'DISTINCT ON (outq_posturl)'; + $suffix = 'ORDER BY outq_posturl'; + } else { + $prefix = ''; + $suffix = 'GROUP BY outq_posturl'; + } + $r = q("SELECT $prefix * FROM outq WHERE outq_delivered = 0 and (( outq_created > %s - INTERVAL %s and outq_updated < %s - INTERVAL %s ) OR ( outq_updated < %s - INTERVAL %s )) $suffix", + db_utcnow(), db_quoteinterval('12 HOUR'), + db_utcnow(), db_quoteinterval('15 MINUTE'), + db_utcnow(), db_quoteinterval('1 HOUR') + ); } if(! $r) return; @@ -51,13 +63,13 @@ function queue_run($argv, $argc){ $result = z_post_url($rr['outq_posturl'],$rr['outq_msg']); if($result['success'] && $result['return_code'] < 300) { logger('queue: queue post success to ' . $rr['outq_posturl'], LOGGER_DEBUG); - $y = q("delete from outq where outq_hash = '%s' limit 1", + $y = q("delete from outq where outq_hash = '%s'", dbesc($rr['ouq_hash']) ); } else { logger('queue: queue post returned ' . $result['return_code'] . ' from ' . $rr['outq_posturl'],LOGGER_DEBUG); - $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", + $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'", dbesc(datetime_convert()), dbesc($rr['outq_hash']) ); @@ -70,7 +82,7 @@ function queue_run($argv, $argc){ } else { $deadguys[] = $rr['outq_posturl']; - $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", + $y = q("update outq set outq_updated = '%s' where outq_hash = '%s'", dbesc(datetime_convert()), dbesc($rr['outq_hash']) ); diff --git a/include/queue_fn.php b/include/queue_fn.php index 512edb531..22580bc48 100644 --- a/include/queue_fn.php +++ b/include/queue_fn.php @@ -2,7 +2,7 @@ function update_queue_time($id) { logger('queue: requeue item ' . $id); - q("UPDATE outq SET outq_updated = '%s' WHERE outq_hash = '%s' LIMIT 1", + q("UPDATE outq SET outq_updated = '%s' WHERE outq_hash = '%s'", dbesc(datetime_convert()), dbesc($id) ); @@ -10,7 +10,7 @@ function update_queue_time($id) { function remove_queue_item($id) { logger('queue: remove queue item ' . $id); - q("DELETE FROM outq WHERE hash = '%s' LIMIT 1", + q("DELETE FROM outq WHERE hash = '%s'", dbesc($id) ); } diff --git a/include/reddav.php b/include/reddav.php index c16e08e27..750ca1b24 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -42,7 +42,7 @@ require_once('include/RedDAV/RedBasicAuth.php'); function RedChannelList(&$auth) { $ret = array(); - $r = q("SELECT channel_id, channel_address FROM channel WHERE NOT (channel_pageflags & %d) AND NOT (channel_pageflags & %d)", + $r = q("SELECT channel_id, channel_address FROM channel WHERE NOT (channel_pageflags & %d)>0 AND NOT (channel_pageflags & %d)>0", intval(PAGE_REMOVED), intval(PAGE_HIDDEN) ); @@ -115,7 +115,7 @@ function RedCollectionData($file, &$auth) { $permission_error = false; for ($x = 1; $x < count($path_arr); $x++) { - $r = q("SELECT id, hash, filename, flags FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND (flags & %d) $perms LIMIT 1", + $r = q("SELECT id, hash, filename, flags FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND (flags & %d)>0 $perms LIMIT 1", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -124,7 +124,7 @@ function RedCollectionData($file, &$auth) { if (! $r) { // path wasn't found. Try without permissions to see if it was the result of permissions. $errors = true; - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) limit 1", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0 limit 1", dbesc($folder), basename($path_arr[$x]), intval($channel_id), @@ -155,8 +155,14 @@ function RedCollectionData($file, &$auth) { logger("Path mismatch: $path !== /$file"); return NULL; } - - $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms group by filename", + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $prefix = 'DISTINCT ON (filename)'; + $suffix = 'ORDER BY filename'; + } else { + $prefix = ''; + $suffix = 'GROUP BY filename'; + } + $r = q("select $prefix id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and uid = %d $perms $suffix", dbesc($folder), intval($channel_id) ); @@ -231,7 +237,7 @@ function RedFileData($file, &$auth, $test = false) { $errors = false; for ($x = 1; $x < count($path_arr); $x++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) $perms", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0 $perms", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -244,7 +250,7 @@ function RedFileData($file, &$auth, $test = false) { } if (! $r) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach - where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", + where folder = '%s' and filename = '%s' and uid = %d $perms order by filename limit 1", dbesc($folder), dbesc(basename($file)), intval($channel_id) @@ -253,7 +259,7 @@ function RedFileData($file, &$auth, $test = false) { if (! $r) { $errors = true; $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach - where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", + where folder = '%s' and filename = '%s' and uid = %d order by filename limit 1", dbesc($folder), dbesc(basename($file)), intval($channel_id) diff --git a/include/security.php b/include/security.php index e83cc7061..07b6a96aa 100644 --- a/include/security.php +++ b/include/security.php @@ -1,18 +1,30 @@ -<?php /** @file */ - -function authenticate_success($user_record, $login_initial = false, $interactive = false,$return = false,$update_lastlog = false) { +<?php +/** + * @file include/security.php + * + * Some security related functions. + */ + +/** + * @param int $user_record The account_id + * @param bool $login_initial default false + * @param bool $interactive default false + * @param bool $return + * @param bool $update_lastlog + */ +function authenticate_success($user_record, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) { $a = get_app(); $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; - if(x($user_record,'account_id')) { + if(x($user_record, 'account_id')) { $a->account = $user_record; $_SESSION['account_id'] = $user_record['account_id']; $_SESSION['authenticated'] = 1; if($login_initial || $update_lastlog) { - q("update account set account_lastlog = '%s' where account_id = %d limit 1", + q("update account set account_lastlog = '%s' where account_id = %d", dbesc(datetime_convert()), intval($_SESSION['account_id']) ); @@ -39,7 +51,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive // might want to log success here } - if($return || x($_SESSION,'workflow')) { + if($return || x($_SESSION, 'workflow')) { unset($_SESSION['workflow']); return; } @@ -59,7 +71,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive /* This account has never created a channel. Send them to new_channel by default */ if($a->module === 'login') { - $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d)", + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d)>0", intval($a->account['account_id']), intval(PAGE_REMOVED) ); @@ -70,30 +82,36 @@ function authenticate_success($user_record, $login_initial = false, $interactive /* else just return */ } - +/** + * @brief Change to another channel with current logged-in account. + * + * @param int $change_channel The channel_id of the channel you want to change to + * + * @return bool|array false or channel record of the new channel + */ function change_channel($change_channel) { $ret = false; if($change_channel) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d) limit 1", + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d)>0 limit 1", intval($change_channel), intval(get_account_id()), intval(PAGE_REMOVED) ); // It's not there. Is this an administrator, and is this the sys channel? - if (is_developer()) { - if (! $r) { - if (is_site_admin()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d ) limit 1", - intval($change_channel), - intval(PAGE_SYSTEM), - intval(PAGE_REMOVED) - ); + if (is_developer()) { + if (! $r) { + if (is_site_admin()) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1", + intval($change_channel), + intval(PAGE_SYSTEM), + intval(PAGE_REMOVED) + ); + } } } - } if($r) { $hash = $r[0]['channel_hash']; @@ -109,23 +127,28 @@ function change_channel($change_channel) { ); if($x) { $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(),strpos(get_app()->get_baseurl(),'://')+3); + $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(), strpos(get_app()->get_baseurl(), '://') + 3); get_app()->set_observer($x[0]); - get_app()->set_perms(get_all_perms(local_user(),$hash)); + get_app()->set_perms(get_all_perms(local_user(), $hash)); } if(! is_dir('store/' . $r[0]['channel_address'])) @os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS,true); - } return $ret; - } - - -function permissions_sql($owner_id,$remote_verified = false,$groups = null) { +/** + * @brief Creates an addiontal SQL where statement to check permissions. + * + * @param int $owner_id + * @param bool $remote_verified default false, not used at all + * @param string $groups this param is not used at all + * + * @return string additional SQL where statement + */ +function permissions_sql($owner_id, $remote_verified = false, $groups = null) { if(defined('STATUSNET_PRIVACY_COMPATIBILITY')) return ''; @@ -142,8 +165,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { $sql = " AND allow_cid = '' AND allow_gid = '' AND deny_cid = '' - AND deny_gid = '' - + AND deny_gid = '' "; /** @@ -162,7 +184,6 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { * done this and passed the groups into this function. */ - else { $observer = get_observer_hash(); if($observer) { @@ -174,9 +195,10 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { foreach($groups as $g) $gs .= '|<' . $g . '>'; } + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) ) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), @@ -190,7 +212,16 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { return $sql; } -function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) { +/** + * @brief Creates an addiontal SQL where statement to check permissions for an item. + * + * @param int $owner_id + * @param bool $remote_verified default false, not used at all + * @param string $groups this param is not used at all + * + * @return string additional SQL where statement + */ +function item_permissions_sql($owner_id, $remote_verified = false, $groups = null) { if(defined('STATUSNET_PRIVACY_COMPATIBILITY')) return ''; @@ -204,8 +235,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * default permissions - anonymous user */ - $sql = " AND not item_private "; - + $sql = " AND item_private=0 "; /** * Profile owner - everything is visible @@ -223,7 +253,6 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * done this and passed the groups into this function. */ - else { $observer = get_observer_hash(); @@ -235,10 +264,11 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) if(is_array($groups) && count($groups)) { foreach($groups as $g) $gs .= '|<' . $g . '>'; - } + } + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + " AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) ) ", dbesc(protect_sprintf( '%<' . $observer . '>%')), @@ -248,12 +278,18 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) ); } } + return $sql; } +/** + * @param string $observer_hash + * + * @return string additional SQL where statement + */ function public_permissions_sql($observer_hash) { - $observer = get_app()->get_observer(); + //$observer = get_app()->get_observer(); $groups = init_groups_visitor($observer_hash); $gs = '<<>>'; // should be impossible to match @@ -261,12 +297,13 @@ function public_permissions_sql($observer_hash) { if(is_array($groups) && count($groups)) { foreach($groups as $g) $gs .= '|<' . $g . '>'; - } + } $sql = ''; if($observer_hash) { + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + " OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') + AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') ) )) ", dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), @@ -338,11 +375,11 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f } } + // Returns an array of group id's this contact is a member of. // This array will only contain group id's related to the uid of this // DFRN contact. They are *not* neccessarily unique across the entire site. - if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); @@ -358,8 +395,6 @@ function init_groups_visitor($contact_id) { - - // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the // public_timeline, and we can use this in a community page by making // $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. @@ -375,23 +410,26 @@ function stream_perms_api_uids($perms = NULL ) { $ret = array(); if(local_user()) $ret[] = local_user(); - $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0", intval($perms), - intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) + intval(PAGE_ADULT|PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); - if($r) + if($r) { foreach($r as $rr) - if(! in_array($rr['channel_id'],$ret)) + if(! in_array($rr['channel_id'], $ret)) $ret[] = $rr['channel_id']; + } $str = ''; - if($ret) + if($ret) { foreach($ret as $rr) { if($str) $str .= ','; $str .= intval($rr); } + } logger('stream_perms_api_uids: ' . $str, LOGGER_DEBUG); + return $str; } @@ -402,23 +440,25 @@ function stream_perms_xchans($perms = NULL ) { if(local_user()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d)>0 and not (channel_pageflags & %d)>0", intval($perms), - intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) + intval(PAGE_ADULT|PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); - if($r) + if($r) { foreach($r as $rr) - if(! in_array($rr['channel_hash'],$ret)) + if(! in_array($rr['channel_hash'], $ret)) $ret[] = $rr['channel_hash']; + } $str = ''; - if($ret) + if($ret) { foreach($ret as $rr) { if($str) $str .= ','; $str .= "'" . dbesc($rr) . "'"; } + } logger('stream_perms_xchans: ' . $str, LOGGER_DEBUG); + return $str; } - diff --git a/include/session.php b/include/session.php index b531688e2..ed4dfdd16 100644 --- a/include/session.php +++ b/include/session.php @@ -60,11 +60,11 @@ function ref_session_write ($id,$data) { if($session_exists) $r = q("UPDATE `session` SET `data` = '%s', `expire` = '%s' - WHERE `sid` = '%s' LIMIT 1", + WHERE `sid` = '%s'", dbesc($data), dbesc($expire), dbesc($id)); else - $r = q("INSERT INTO `session` - SET `sid` = '%s', `expire` = '%s', `data` = '%s'", + $r = q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')", + //SET `sid` = '%s', `expire` = '%s', `data` = '%s'", dbesc($id), dbesc($default_expire), dbesc($data)); return true; @@ -84,8 +84,9 @@ function ref_session_destroy ($id) { function ref_session_gc($expire) { q("DELETE FROM session WHERE expire < %d", dbesc(time())); - q("OPTIMIZE TABLE session"); - return true; + if (! get_config('system','innodb')) + db_optimizetable('session'); + return true; } $gc_probability = 50; diff --git a/include/socgraph.php b/include/socgraph.php index 504a6b2c0..740886b1c 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -77,7 +77,7 @@ function poco_load($xchan = '',$url = null) { dbesc($xchan) ); if($r) { - q("update xchat set xchat_edited = '%s' where xchat_id = %d limit 1", + q("update xchat set xchat_edited = '%s' where xchat_id = %d", dbesc(datetime_convert()), intval($r[0]['xchat_id']) ); @@ -93,7 +93,8 @@ function poco_load($xchan = '',$url = null) { } } } - q("delete from xchat where xchat_edited < UTC_TIMESTAMP() - INTERVAL 7 DAY and xchat_xchan = '%s' ", + q("delete from xchat where xchat_edited < %s - INTERVAL %s and xchat_xchan = '%s' ", + db_utcnow(), db_quoteinterval('7 DAY'), dbesc($xchan) ); } @@ -195,7 +196,7 @@ function poco_load($xchan = '',$url = null) { ); } else { - q("update xlink set xlink_updated = '%s', xlink_rating = %d where xlink_id = %d limit 1", + q("update xlink set xlink_updated = '%s', xlink_rating = %d where xlink_id = %d", dbesc(datetime_convert()), intval($rating), intval($r[0]['xlink_id']) @@ -204,8 +205,9 @@ function poco_load($xchan = '',$url = null) { } logger("poco_load: loaded $total entries",LOGGER_DEBUG); - q("delete from xlink where xlink_xchan = '%s' and xlink_updated < UTC_TIMESTAMP() - INTERVAL 2 DAY", - dbesc($xchan) + q("delete from xlink where xlink_xchan = '%s' and xlink_updated < %s - INTERVAL %s", + dbesc($xchan), + db_utcnow(), db_quoteinterval('2 DAY') ); } @@ -227,18 +229,19 @@ function count_common_friends($uid,$xchan) { function common_friends($uid,$xchan,$start = 0,$limit=100000000,$shuffle = false) { + $rand = db_getfunc('rand'); if($shuffle) - $sql_extra = " order by rand() "; + $sql_extra = " order by $rand "; else $sql_extra = " order by xchan_name asc "; $r = q("SELECT * from xchan left join xlink on xlink_link = xchan_hash where xlink_xchan = '%s' and xlink_link in - (select abook_xchan from abook where abook_xchan != '%s' and abook_channel = %d and abook_flags = 0 ) $sql_extra limit %d, %d", + (select abook_xchan from abook where abook_xchan != '%s' and abook_channel = %d and abook_flags = 0 ) $sql_extra limit %d offset %d", dbesc($xchan), dbesc($xchan), intval($uid), - intval($start), - intval($limit) + intval($limit), + intval($start) ); return $r; @@ -273,11 +276,11 @@ function common_friends_zcid($uid,$zcid,$start = 0, $limit = 9999,$shuffle = fal FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id` where `glink`.`zcid` = %d and `gcontact`.`nurl` in (select nurl from contact where uid = %d and self = 0 and blocked = 0 and hidden = 0 ) - $sql_extra limit %d, %d", + $sql_extra limit %d offset %d", intval($zcid), intval($uid), - intval($start), - intval($limit) + intval($limit), + intval($start) ); return $r; @@ -306,11 +309,11 @@ function all_friends($uid,$cid,$start = 0, $limit = 80) { $r = q("SELECT `gcontact`.* FROM `glink` left join `gcontact` on `glink`.`gcid` = `gcontact`.`id` where `glink`.`cid` = %d and `glink`.`uid` = %d - order by `gcontact`.`name` asc LIMIT %d, %d ", + order by `gcontact`.`name` asc LIMIT %d OFFSET %d ", intval($cid), intval($uid), - intval($start), - intval($limit) + intval($limit), + intval($start) ); return $r; @@ -329,16 +332,16 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) { and not xlink_link in ( select abook_xchan from abook where abook_channel = %d ) and not xlink_link in ( select xchan from xign where uid = %d ) and xlink_xchan != '' - and not ( xchan_flags & %d ) - and not ( xchan_flags & %d ) - group by xchan_hash order by total desc limit %d, %d ", + and not ( xchan_flags & %d )>0 + and not ( xchan_flags & %d )>0 + group by xchan_hash order by total desc limit %d offset %d ", intval($uid), intval($uid), intval($uid), intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_DELETED), - intval($start), - intval($limit) + intval($limit), + intval($start) ); if($r && count($r) >= ($limit -1)) @@ -349,15 +352,15 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) { where xlink_xchan = '' and not xlink_link in ( select abook_xchan from abook where abook_channel = %d ) and not xlink_link in ( select xchan from xign where uid = %d ) - and not ( xchan_flags & %d ) - and not ( xchan_flags & %d ) - group by xchan_hash order by total desc limit %d, %d ", + and not ( xchan_flags & %d )>0 + and not ( xchan_flags & %d )>0 + group by xchan_hash order by total desc limit %d offset %d ", intval($uid), intval($uid), intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_DELETED), - intval($start), - intval($limit) + intval($limit), + intval($start) ); if(is_array($r) && is_array($r2)) @@ -394,7 +397,9 @@ function update_suggestions() { // the targets may have changed their preferences and don't want to be suggested - and they // may have simply gone away. - $r = q("delete from xlink where xlink_xchan = '' and xlink_updated < UTC_TIMESTAMP() - INTERVAL 7 DAY"); + $r = q("delete from xlink where xlink_xchan = '' and xlink_updated < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('7 DAY') + ); $j = json_decode($ret['body'],true); diff --git a/include/statistics_fns.php b/include/statistics_fns.php index 4f72e6615..288925a2c 100644 --- a/include/statistics_fns.php +++ b/include/statistics_fns.php @@ -13,7 +13,9 @@ function update_channels_total_stat() { function update_channels_active_halfyear_stat() { $r = q("select channel_id from channel left join account on account_id = channel_account_id - where account_flags = 0 and account_lastlog > UTC_TIMESTAMP - INTERVAL 6 MONTH"); + where account_flags = 0 and account_lastlog > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('6 MONTH') + ); if($r) { $s = ''; foreach($r as $rr) { @@ -21,8 +23,9 @@ function update_channels_active_halfyear_stat() { $s .= ','; $s .= intval($rr['channel_id']); } - $x = q("select uid from item where uid in ( $s ) and (item_flags & %d) and created > UTC_TIMESTAMP - INTERVAL 6 MONTH group by uid", - intval(ITEM_WALL) + $x = q("select uid from item where uid in ( $s ) and (item_flags & %d)>0 and created > %s - INTERVAL %s group by uid", + intval(ITEM_WALL), + db_utcnow(), db_quoteinterval('6 MONTH') ); if($x) { $channels_active_halfyear_stat = count($x); @@ -37,7 +40,9 @@ function update_channels_active_halfyear_stat() { function update_channels_active_monthly_stat() { $r = q("select channel_id from channel left join account on account_id = channel_account_id - where account_flags = 0 and account_lastlog > UTC_TIMESTAMP - INTERVAL 1 MONTH"); + where account_flags = 0 and account_lastlog > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 MONTH') + ); if($r) { $s = ''; foreach($r as $rr) { @@ -45,8 +50,9 @@ function update_channels_active_monthly_stat() { $s .= ','; $s .= intval($rr['channel_id']); } - $x = q("select uid from item where uid in ( $s ) and ( item_flags & %d ) and created > UTC_TIMESTAMP - INTERVAL 1 MONTH group by uid", - intval(ITEM_WALL) + $x = q("select uid from item where uid in ( $s ) and ( item_flags & %d )>0 and created > %s - INTERVAL %s group by uid", + intval(ITEM_WALL), + db_utcnow(), db_quoteinterval('1 MONTH') ); if($x) { $channels_active_monthly_stat = count($x); @@ -60,7 +66,7 @@ function update_channels_active_monthly_stat() { } function update_local_posts_stat() { - $posts = q("SELECT COUNT(*) AS local_posts FROM `item` WHERE (item_flags & %d) ", + $posts = q("SELECT COUNT(*) AS local_posts FROM `item` WHERE (item_flags & %d)>0 ", intval(ITEM_WALL) ); if (is_array($posts)) { $local_posts_stat = intval($posts[0]["local_posts"]); diff --git a/include/taxonomy.php b/include/taxonomy.php index 35605da22..be80008df 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -209,13 +209,55 @@ function tagblock($link,$uid,$count = 0,$authors = '',$flags = 0,$restrict = 0,$ if($r) { $o = '<div class="tagblock widget"><h3>' . t('Tags') . '</h3><div class="tags" align="center">'; foreach($r as $rr) { - $o .= '<a href="'.$link .'/' . '?f=&tag=' . urlencode($rr[0]).'" class="tag'.$rr[2].'">'.$rr[0].'</a> ' . "\r\n"; + $o .= '<span class="tag'.$rr[2].'">#</span><a href="'.$link .'/' . '?f=&tag=' . urlencode($rr[0]).'" class="tag'.$rr[2].'">'.$rr[0].'</a> ' . "\r\n"; } $o .= '</div></div>'; } return $o; } +function wtagblock($uid,$count = 0,$authors = '',$flags = 0,$restrict = 0,$type = TERM_HASHTAG) { + $o = ''; + $tab = 0; + $r = tagadelic($uid,$count,$authors,$flags,$restrict,$type); + + if($r) { + $c = q("select channel_address from channel where channel_id = %d limit 1", + intval($uid) + ); + + $o = '<div class="tagblock widget"><h3>' . t('Tags') . '</h3><div class="tags" align="center">'; + foreach($r as $rr) { + $o .= '<span class="tag' . $rr[2] . '">#</span><a href="channel/' . $c[0]['channel_address'] . '?f=&tag=' . urlencode($rr[0]).'" class="tag'.$rr[2].'">'.$rr[0].'</a> ' . "\r\n"; + } + $o .= '</div></div>'; + } + return $o; +} + + +function catblock($uid,$count = 0,$authors = '',$flags = 0,$restrict = 0,$type = TERM_CATEGORY) { + $o = ''; + $tab = 0; + + $r = tagadelic($uid,$count,$authors,$flags,$restrict,$type); + + if($r) { + $c = q("select channel_address from channel where channel_id = %d limit 1", + intval($uid) + ); + + $o = '<div class="tagblock widget"><h3>' . t('Categories') . '</h3><div class="tags" align="center">'; + foreach($r as $rr) { + $o .= '<a href="channel/' . $c[0]['channel_address']. '?f=&cat=' . urlencode($rr[0]).'" class="tag'.$rr[2].'">'.$rr[0].'</a> ' . "\r\n"; + } + $o .= '</div></div>'; + } + return $o; +} + + + function dir_tagblock($link,$r) { $o = ''; $tab = 0; diff --git a/include/text.php b/include/text.php index fca23ca22..ca9c51bc3 100644 --- a/include/text.php +++ b/include/text.php @@ -181,34 +181,34 @@ function autoname($len) { 'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh'); $start = mt_rand(0,2); - if($start == 0) - $table = $vowels; - else - $table = $cons; + if($start == 0) + $table = $vowels; + else + $table = $cons; $word = ''; for ($x = 0; $x < $len; $x ++) { - $r = mt_rand(0,count($table) - 1); - $word .= $table[$r]; - - if($table == $vowels) - $table = array_merge($cons,$midcons); - else - $table = $vowels; + $r = mt_rand(0,count($table) - 1); + $word .= $table[$r]; + + if($table == $vowels) + $table = array_merge($cons,$midcons); + else + $table = $vowels; } $word = substr($word,0,$len); foreach($noend as $noe) { - if((strlen($word) > 2) && (substr($word,-2) == $noe)) { - $word = substr($word,0,-1); - break; - } + if((strlen($word) > 2) && (substr($word,-2) == $noe)) { + $word = substr($word,0,-1); + break; + } } if(substr($word,-1) == 'q') - $word = substr($word,0,-1); + $word = substr($word,0,-1); return $word; } @@ -224,11 +224,11 @@ function autoname($len) { */ function xmlify($str) { $buffer = ''; - + $len = mb_strlen($str); for($x = 0; $x < $len; $x ++) { $char = mb_substr($str,$x,1); - + switch( $char ) { case "\r" : @@ -267,7 +267,7 @@ function xmlify($str) { function unxmlify($s) { $ret = str_replace('&','&', $s); $ret = str_replace(array('<','>','"','''),array('<','>','"',"'"),$ret); - return $ret; + return $ret; } // convenience wrapper, reverse the operation "bin2hex" @@ -314,8 +314,7 @@ function paginate(&$a) { $pagenum = $a->pager['page']; $url = $a->get_baseurl() . '/' . $stripped; - - if($a->pager['total'] > $a->pager['itemspage']) { + if($a->pager['total'] > $a->pager['itemspage']) { $o .= '<div class="pager">'; if($a->pager['page'] != 1) $o .= '<span class="pager_prev">'."<a href=\"$url".'&page='.($a->pager['page'] - 1).'">' . t('prev') . '</a></span> '; @@ -331,7 +330,7 @@ function paginate(&$a) { $numstart = (($pagenum > 7) ? ($pagenum - 7) : 1); $numstop = (($pagenum > ($numpages - 7)) ? $numpages : ($numstart + 14)); } - + for($i = $numstart; $i <= $numstop; $i++){ if($i == $a->pager['page']) $o .= '<span class="pager_current">'.(($i < 10) ? ' '.$i : $i); @@ -405,7 +404,7 @@ function expand_acl($s) { } } return $ret; -} +} // Used to wrap ACL elements in angle brackets for storage @@ -420,7 +419,6 @@ function sanitise_acl(&$item) { // Convert an ACL array to a storable string - function perms2str($p) { $ret = ''; @@ -436,16 +434,17 @@ function perms2str($p) { return $ret; } -// generate a guaranteed unique (for this domain) item ID for ATOM -// safe from birthday paradox - - +/** + * @brief Generate a guaranteed unique (for this domain) item ID for ATOM. + * + * Safe from birthday paradox. + * + * @return string a unique id + */ function item_message_id() { - do { $dups = false; $hash = random_string(); - $mid = $hash . '@' . get_app()->get_hostname(); $r = q("SELECT id FROM item WHERE mid = '%s' LIMIT 1", @@ -453,31 +452,33 @@ function item_message_id() { if(count($r)) $dups = true; } while($dups == true); + return $mid; } -// Generate a guaranteed unique photo ID. -// safe from birthday paradox - - +/** + * @brief Generate a guaranteed unique photo ID. + * + * Safe from birthday paradox. + * + * @return string a uniqe hash + */ function photo_new_resource() { - do { $found = false; - $resource = hash('md5',uniqid(mt_rand(),true)); + $resource = hash('md5', uniqid(mt_rand(), true)); + $r = q("SELECT id FROM photo WHERE resource_id = '%s' LIMIT 1", - dbesc($resource) - ); + dbesc($resource)); if(count($r)) $found = true; - } while($found == true); + } while($found === true); + return $resource; } - - // for html,xml parsing - let's say you've got // an attribute foobar="class1 class2 class3" // and you want to find out if it contains 'class3'. @@ -487,52 +488,76 @@ function photo_new_resource() { // pass the attribute string as $attr and the attribute you // are looking for as $s - returns true if found, otherwise false -function attribute_contains($attr,$s) { +function attribute_contains($attr, $s) { $a = explode(' ', $attr); - if(count($a) && in_array($s,$a)) + if(count($a) && in_array($s, $a)) return true; + return false; } - -function logger($msg,$level = 0) { +/** + * @brief Logging function for RedMatrix. + * + * Logging output is configured through RedMatrix's system config. The log file + * is set in system logfile, log level in system loglevel and to enable logging + * set system debugging. + * + * Available constants for log level are LOGGER_NORMAL, LOGGER_TRACE, LOGGER_DEBUG, + * LOGGER_DATA and LOGGER_ALL. + * + * Since PHP5.4 we get the file, function and line automatically where the logger + * was caleld, so no need to add it to the message anymore. + * + * @param string $msg Message to log + * @param int $level A log level. + */ +function logger($msg, $level = 0) { // turn off logger in install mode global $a; global $db; - if(($a->module == 'install') || (! ($db && $db->connected))) return; + if(($a->module == 'install') || (! ($db && $db->connected))) + return; - $debugging = get_config('system','debugging'); - $loglevel = intval(get_config('system','loglevel')); - $logfile = get_config('system','logfile'); + $debugging = get_config('system', 'debugging'); + $loglevel = intval(get_config('system', 'loglevel')); + $logfile = get_config('system', 'logfile'); if((! $debugging) || (! $logfile) || ($level > $loglevel)) return; $where = ''; - if(version_compare(PHP_VERSION,'5.4.0') >= 0) { - $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS,2); + if(version_compare(PHP_VERSION, '5.4.0') >= 0) { + $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; } - @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $where . $msg . "\n", FILE_APPEND); - return; + @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); } - -// This is a special logging facility for developers. It allows one to target specific things to trace/debug -// and is identical to logger() with the exception of the log filename. This allows one to isolate specific -// calls while allowing logger() to paint a bigger picture of overall activity and capture more detail. -// If you find dlogger() calls in checked in code, you are free to remove them - so as to provide a noise-free -// development environment which responds to events you are targetting personally. - - -function dlogger($msg,$level = 0) { +/** + * @brief This is a special logging facility for developers. + * + * It allows one to target specific things to trace/debug and is identical to + * logger() with the exception of the log filename. This allows one to isolate + * specific calls while allowing logger() to paint a bigger picture of overall + * activity and capture more detail. + * + * If you find dlogger() calls in checked in code, you are free to remove them - + * so as to provide a noise-free development environment which responds to events + * you are targetting personally. + * + * @param string $msg Message to log + * @param int $level A log level. + */ +function dlogger($msg, $level = 0) { // turn off logger in install mode global $a; global $db; - if(($a->module == 'install') || (! ($db && $db->connected))) return; + if(($a->module == 'install') || (! ($db && $db->connected))) + return; $debugging = get_config('system','debugging'); $loglevel = intval(get_config('system','loglevel')); @@ -540,19 +565,23 @@ function dlogger($msg,$level = 0) { if((! $debugging) || (! $logfile) || ($level > $loglevel)) return; - - @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $msg . "\n", FILE_APPEND); - return; + + $where = ''; + if(version_compare(PHP_VERSION, '5.4.0') >= 0) { + $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); + $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; + } + + @file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $where . $msg . PHP_EOL, FILE_APPEND); } function profiler($t1,$t2,$label) { if(file_exists('profiler.out') && $t1 && t2) - @file_put_contents('profiler.out', sprintf('%01.4f %s',$t2 - $t1,$label) . "\n", FILE_APPEND); + @file_put_contents('profiler.out', sprintf('%01.4f %s',$t2 - $t1,$label) . PHP_EOL, FILE_APPEND); } - function activity_match($haystack,$needle) { if(($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle,NAMESPACE_ACTIVITY_SCHEMA))) return true; @@ -569,7 +598,6 @@ function activity_match($haystack,$needle) { // Returns array of tags found, or empty array. - function get_tags($s) { $ret = array(); @@ -592,9 +620,6 @@ function get_tags($s) { // Match full names against @tags including the space between first and last // We will look these up afterward to see if they are full names or not recognisable. - - - if(preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/',$s,$match)) { foreach($match[1] as $mtch) { if(strstr($mtch,"]")) { @@ -648,7 +673,6 @@ function get_tags($s) { usort($ret,'tag_sort_length'); - // logger('get_tags: ' . print_r($ret,true)); return $ret; @@ -657,13 +681,12 @@ function get_tags($s) { function tag_sort_length($a,$b) { if(mb_strlen($a) == mb_strlen($b)) return 0; + return((mb_strlen($b) < mb_strlen($a)) ? (-1) : 1); } - - function strip_zids($s) { return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s); } @@ -673,12 +696,10 @@ function strip_zids($s) { function qp($s) { -return str_replace ("%","=",rawurlencode($s)); + return str_replace ("%","=",rawurlencode($s)); } - - function get_mentions($item,$tags) { $o = ''; @@ -712,7 +733,6 @@ function contact_block() { if($shown == 0) return; - $is_owner = ((local_user() && local_user() == $a->profile['uid']) ? true : false); $abook_flags = ABOOK_FLAG_PENDING|ABOOK_FLAG_SELF; @@ -724,7 +744,7 @@ function contact_block() { if((! is_array($a->profile)) || ($a->profile['hide_friends'])) return $o; - $r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and not ( abook_flags & %d ) and not (xchan_flags & %d)", + $r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and not ( abook_flags & %d )>0 and not (xchan_flags & %d)>0", intval($a->profile['uid']), intval($abook_flags), intval($xchan_flags) @@ -734,11 +754,14 @@ function contact_block() { } if(! $total) { $contacts = t('No connections'); - $micropro = Null; - + $micropro = null; } else { - - $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d AND not ( abook_flags & %d) and not (xchan_flags & %d ) ORDER BY RAND() LIMIT %d", + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $randfunc = 'RANDOM()'; + } else { + $randfunc = 'RAND()'; + } + $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d AND not ( abook_flags & %d)>0 and not (xchan_flags & %d )>0 ORDER BY $randfunc LIMIT %d", intval($a->profile['uid']), intval($abook_flags|ABOOK_FLAG_ARCHIVED), intval($xchan_flags), @@ -754,7 +777,7 @@ function contact_block() { } } } - + $tpl = get_markup_template('contact_block.tpl'); $o = replace_macros($tpl, array( '$contacts' => $contacts, @@ -767,7 +790,6 @@ function contact_block() { call_hooks('contact_block_end', $arr); return $o; - } @@ -811,8 +833,6 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) { } - - function search($s,$id='search-box',$url='/search',$save = false) { $a = get_app(); return replace_macros(get_markup_template('searchbox.tpl'),array( @@ -839,12 +859,12 @@ function searchbox($s,$id='search-box',$url='/search',$save = false) { function valid_email($x){ - if(get_config('system','disable_email_validation')) return true; if(preg_match('/^[_a-zA-Z0-9\-\+]+(\.[_a-zA-Z0-9\-\+]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/',$x)) return true; + return false; } @@ -864,6 +884,7 @@ function linkify($s) { return($s); } + /** * @function sslify($s) * Replace media element using http url with https to a local redirector if using https locally @@ -875,11 +896,10 @@ function linkify($s) { * * @returns string */ - - function sslify($s) { if(strpos(z_root(),'https:') === false) return $s; + $matches = null; $cnt = preg_match_all("/\<(.*?)src=\"(http\:.*?)\"(.*?)\>/",$s,$matches,PREG_SET_ORDER); if($cnt) { @@ -893,7 +913,6 @@ function sslify($s) { function get_poke_verbs() { - // index is present tense verb // value is array containing past tense verb, translation of present, translation of past @@ -905,12 +924,13 @@ function get_poke_verbs() { 'finger' => array( 'fingered', t('finger'), t('fingered')), 'rebuff' => array( 'rebuffed', t('rebuff'), t('rebuffed')), ); + call_hooks('poke_verbs', $arr); return $arr; } function get_mood_verbs() { - + $arr = array( 'happy' => t('happy'), 'sad' => t('sad'), @@ -939,41 +959,10 @@ function get_mood_verbs() { return $arr; } - -/** - * - * Function: smilies - * - * Description: - * Replaces text emoticons with graphical images - * - * @Parameter: string $s - * - * Returns string - * - * It is expected that this function will be called using HTML text. - * We will escape text between HTML pre and code blocks, and HTML attributes - * (such as urls) from being processed. - * - * At a higher level, the bbcode [nosmile] tag can be used to prevent this - * function from being executed by the prepare_text() routine when preparing - * bbcode source for HTML display - * - */ - - -function smilies($s, $sample = false) { - +// Function to list all smilies, both internal and from addons +// Returns array with keys 'texts' and 'icons' +function list_smilies() { $a = get_app(); - - if(intval(get_config('system','no_smilies')) - || (local_user() && intval(get_pconfig(local_user(),'system','no_smilies')))) - return $s; - - - $s = preg_replace_callback('{<(pre|code)>.*?</\1>}ism','smile_shield',$s); - $s = preg_replace_callback('/<[a-z]+ .*?>/ism','smile_shield',$s); - $texts = array( '<3', '</3', @@ -1051,8 +1040,42 @@ function smilies($s, $sample = false) { ); - $params = array('texts' => $texts, 'icons' => $icons, 'string' => $s); + $params = array('texts' => $texts, 'icons' => $icons); call_hooks('smilie', $params); + return $params; +} +/** + * + * Function: smilies + * + * Description: + * Replaces text emoticons with graphical images + * + * @Parameter: string $s + * + * Returns string + * + * It is expected that this function will be called using HTML text. + * We will escape text between HTML pre and code blocks, and HTML attributes + * (such as urls) from being processed. + * + * At a higher level, the bbcode [nosmile] tag can be used to prevent this + * function from being executed by the prepare_text() routine when preparing + * bbcode source for HTML display + * + */ +function smilies($s, $sample = false) { + $a = get_app(); + + if(intval(get_config('system','no_smilies')) + || (local_user() && intval(get_pconfig(local_user(),'system','no_smilies')))) + return $s; + + $s = preg_replace_callback('{<(pre|code)>.*?</\1>}ism','smile_shield',$s); + $s = preg_replace_callback('/<[a-z]+ .*?>/ism','smile_shield',$s); + + $params = list_smilies(); + $params['string'] = $s; if($sample) { $s = '<div class="smiley-sample">'; @@ -1068,7 +1091,6 @@ function smilies($s, $sample = false) { $s = preg_replace_callback('/<!--base64:(.*?)-->/ism', 'smile_unshield', $s); return $s; - } function smile_shield($m) { @@ -1128,6 +1150,7 @@ function normalise_link($url) { function link_compare($a,$b) { if(strcasecmp(normalise_link($a),normalise_link($b)) === 0) return true; + return false; } @@ -1143,7 +1166,6 @@ function unobscure(&$item) { if($item['body']) $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } - } function theme_attachments(&$item) { @@ -1186,12 +1208,10 @@ function theme_attachments(&$item) { $url = $r['href']; else $url = z_root() . '/magic?f=&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; + $s .= '<a href="' . $url . '" title="' . $title . '" class="attachlink" >' . $icon . '</a>'; $attaches[] = array('title' => $title, 'url' => $url, 'icon' => $icon ); - } - - } $s = replace_macros(get_markup_template('item_attach.tpl'), array( @@ -1199,13 +1219,12 @@ function theme_attachments(&$item) { )); return $s; - } function format_categories(&$item,$writeable) { - $s = ''; + $terms = get_terms_oftype($item['term'],TERM_CATEGORY); if($terms) { $categories = array(); @@ -1221,6 +1240,7 @@ function format_categories(&$item,$writeable) { '$remove' => t('remove category'), '$categories' => $categories )); + return $s; } @@ -1231,7 +1251,6 @@ function format_hashtags(&$item) { $s = ''; $terms = get_terms_oftype($item['term'],TERM_HASHTAG); if($terms) { - $categories = array(); foreach($terms as $t) { $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ; if(! trim($term)) @@ -1251,11 +1270,10 @@ function format_hashtags(&$item) { function format_mentions(&$item) { - $s = ''; + $terms = get_terms_oftype($item['term'],TERM_MENTION); if($terms) { - $categories = array(); foreach($terms as $t) { $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ; if(! trim($term)) @@ -1274,8 +1292,8 @@ function format_mentions(&$item) { function format_filer(&$item) { - $s = ''; + $terms = get_terms_oftype($item['term'],TERM_FILE); if($terms) { $categories = array(); @@ -1291,18 +1309,28 @@ function format_filer(&$item) { '$remove' => t('remove from file'), '$categories' => $categories )); + return $s; } +function generate_map($coord) { + $coord = trim($coord); + $coord = str_replace(array(',','/',' '),array(' ',' ',' '),$coord); + $arr = array('lat' => trim(substr($coord,0,strpos($coord,' '))), 'lon' => trim(substr($coord,strpos($coord,' ')+1)), 'html' => ''); + call_hooks('generate_map',$arr); + return $arr['html']; +} +function generate_named_map($location) { + $arr = array('location' => $location, 'html' => ''); + call_hooks('generate_named_map',$arr); + return $arr['html']; +} -function prepare_body(&$item,$attach = false) { - - $a = get_app(); - +function prepare_body(&$item,$attach = false) { call_hooks('prepare_body_init', $item); @@ -1318,28 +1346,29 @@ function prepare_body(&$item,$attach = false) { return $s; } + if(strpos($s,'<div class="map">') !== false && $item['coord']) { + $x = generate_map(trim($item['coord'])); + if($x) { + $s = preg_replace('/\<div class\=\"map\"\>/','$0' . $x,$s); + } + } $s .= theme_attachments($item); - - $writeable = ((get_observer_hash() == $item['owner_xchan']) ? true : false); - + $writeable = ((get_observer_hash() == $item['owner_xchan']) ? true : false); $s .= format_hashtags($item); if($item['resource_type']) $s .= format_mentions($item); - $s .= format_categories($item,$writeable); if(local_user() == $item['uid']) $s .= format_filer($item); - $s = sslify($s); - // Look for spoiler $spoilersearch = '<blockquote class="spoiler">'; @@ -1354,7 +1383,7 @@ function prepare_body(&$item,$attach = false) { $pos = strpos($s, $spoilersearch); $rnd = random_string(8); $spoilerreplace = '<br /> <span id="spoiler-wrap-'.$rnd.'" style="white-space:nowrap;" class="fakelink" onclick="openClose(\'spoiler-'.$rnd.'\');">'.sprintf(t('Click to open/close')).'</span>'. - '<blockquote class="spoiler" id="spoiler-'.$rnd.'" style="display: none;">'; + '<blockquote class="spoiler" id="spoiler-'.$rnd.'" style="display: none;">'; $s = substr($s, 0, $pos).$spoilerreplace.substr($s, $pos+strlen($spoilersearch)); } @@ -1362,11 +1391,10 @@ function prepare_body(&$item,$attach = false) { $authorsearch = '<blockquote class="author">'; while ((strpos($s, $authorsearch) !== false)) { - $pos = strpos($s, $authorsearch); $rnd = random_string(8); $authorreplace = '<br /> <span id="author-wrap-'.$rnd.'" style="white-space:nowrap;" class="fakelink" onclick="openClose(\'author-'.$rnd.'\');">'.sprintf(t('Click to open/close')).'</span>'. - '<blockquote class="author" id="author-'.$rnd.'" style="display: block;">'; + '<blockquote class="author" id="author-'.$rnd.'" style="display: block;">'; $s = substr($s, 0, $pos).$authorreplace.substr($s, $pos+strlen($authorsearch)); } @@ -1382,10 +1410,7 @@ function prepare_body(&$item,$attach = false) { function prepare_text($text,$content_type = 'text/bbcode') { - - switch($content_type) { - case 'text/plain': $s = escape_tags($text); break; @@ -1455,7 +1480,7 @@ function zidify_callback($match) { function zidify_img_callback($match) { $is_zid = ((feature_enabled(local_user(),'sendzid')) || (strpos($match[1],'zrl')) ? true : false); $replace = '<img' . $match[1] . ' src="' . (($is_zid) ? zid($match[2]) : $match[2]) . '"'; - + $x = str_replace($match[0],$replace,$match[0]); return $x; } @@ -1468,14 +1493,11 @@ function zidify_links($s) { } - /** * return atom link elements for all of our hubs */ - function feed_hublinks() { - $hub = get_config('system','huburl'); $hubxml = ''; @@ -1490,14 +1512,13 @@ function feed_hublinks() { } } } + return $hubxml; } /* return atom link elements for salmon endpoints */ - function feed_salmonlinks($nick) { - $a = get_app(); $salmon = '<link rel="salmon" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ; @@ -1506,23 +1527,23 @@ function feed_salmonlinks($nick) { $salmon .= ' <link rel="http://salmon-protocol.org/ns/salmon-replies" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ; $salmon .= ' <link rel="http://salmon-protocol.org/ns/salmon-mention" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ; + return $salmon; } function get_plink($item,$conversation_mode = true) { - $a = get_app(); if($conversation_mode) $key = 'plink'; else $key = 'llink'; - + if(x($item,$key)) { return array( 'href' => zid($item[$key]), 'title' => t('Link to Source'), ); - } + } else { return false; } @@ -1534,7 +1555,7 @@ function unamp($s) { } function layout_select($channel_id, $current = '') { - $r = q("select mid,sid from item left join item_id on iid = item.id where service = 'PDL' and item.uid = item_id.uid and item_id.uid = %d and (item_restrict & %d)", + $r = q("select mid,sid from item left join item_id on iid = item.id where service = 'PDL' and item.uid = item_id.uid and item_id.uid = %d and (item_restrict & %d)>0", intval($channel_id), intval(ITEM_PDL) ); @@ -1554,9 +1575,6 @@ function layout_select($channel_id, $current = '') { } - - - function mimetype_select($channel_id, $current = 'text/bbcode') { $x = array( @@ -1587,19 +1605,17 @@ function mimetype_select($channel_id, $current = 'text/bbcode') { $o .= '</select>'; return $o; - } - function lang_selector() { global $a; - + $langs = glob('view/*/strings.php'); - + $lang_options = array(); $selected = ""; - + if(is_array($langs) && count($langs)) { $langs[] = ''; if(! in_array('view/en/strings.php',$langs)) @@ -1613,29 +1629,28 @@ function lang_selector() { $ll = substr($l,5); $ll = substr($ll,0,strrpos($ll,'/')); $selected = (($ll === $a->language && (x($_SESSION, 'language'))) ? $ll : $selected); - $lang_options[$ll]=$ll; + $lang_options[$ll] = get_language_name($ll, $ll) . " ($ll)"; } } - $tpl = get_markup_template("lang_selector.tpl"); + $tpl = get_markup_template("lang_selector.tpl"); $o = replace_macros($tpl, array( '$title' => t('Select an alternate language'), '$langs' => array($lang_options, $selected), )); + return $o; } - function return_bytes ($size_str) { - switch (substr ($size_str, -1)) - { - case 'M': case 'm': return (int)$size_str * 1048576; - case 'K': case 'k': return (int)$size_str * 1024; - case 'G': case 'g': return (int)$size_str * 1073741824; - default: return $size_str; - } + switch (substr ($size_str, -1)) { + case 'M': case 'm': return (int)$size_str * 1048576; + case 'K': case 'k': return (int)$size_str * 1024; + case 'G': case 'g': return (int)$size_str * 1073741824; + default: return $size_str; + } } @@ -1650,7 +1665,6 @@ function base64url_encode($s, $strip_padding = true) { } function base64url_decode($s) { - if(is_array($s)) { logger('base64url_decode: illegal input: ' . print_r(debug_backtrace(), true)); return $s; @@ -1658,7 +1672,11 @@ function base64url_decode($s) { return base64_decode(strtr($s,'-_','+/')); } - +/** + * @ Return a div to clear floats. + * + * @return string + */ function cleardiv() { return '<div class="clear"></div>'; } @@ -1676,7 +1694,7 @@ function bb_translate_video($s) { $s = str_replace($mtch[0],'[vimeo]' . $mtch[1] . '[/vimeo]',$s); } } - return $s; + return $s; } function html2bb_video($s) { @@ -1696,61 +1714,57 @@ function html2bb_video($s) { /** * apply xmlify() to all values of array $val, recursively */ -function array_xmlify($val){ +function array_xmlify($val) { if (is_bool($val)) return $val?"true":"false"; if (is_array($val)) return array_map('array_xmlify', $val); return xmlify((string) $val); } -function reltoabs($text, $base) -{ - if (empty($base)) - return $text; +function reltoabs($text, $base) { + if (empty($base)) + return $text; - $base = rtrim($base,'/'); + $base = rtrim($base,'/'); - $base2 = $base . "/"; - - // Replace links - $pattern = "/<a([^>]*) href=\"(?!http|https|\/)([^\"]*)\"/"; - $replace = "<a\${1} href=\"" . $base2 . "\${2}\""; - $text = preg_replace($pattern, $replace, $text); + $base2 = $base . "/"; - $pattern = "/<a([^>]*) href=\"(?!http|https)([^\"]*)\"/"; - $replace = "<a\${1} href=\"" . $base . "\${2}\""; - $text = preg_replace($pattern, $replace, $text); + // Replace links + $pattern = "/<a([^>]*) href=\"(?!http|https|\/)([^\"]*)\"/"; + $replace = "<a\${1} href=\"" . $base2 . "\${2}\""; + $text = preg_replace($pattern, $replace, $text); - // Replace images - $pattern = "/<img([^>]*) src=\"(?!http|https|\/)([^\"]*)\"/"; - $replace = "<img\${1} src=\"" . $base2 . "\${2}\""; - $text = preg_replace($pattern, $replace, $text); + $pattern = "/<a([^>]*) href=\"(?!http|https)([^\"]*)\"/"; + $replace = "<a\${1} href=\"" . $base . "\${2}\""; + $text = preg_replace($pattern, $replace, $text); - $pattern = "/<img([^>]*) src=\"(?!http|https)([^\"]*)\"/"; - $replace = "<img\${1} src=\"" . $base . "\${2}\""; - $text = preg_replace($pattern, $replace, $text); + // Replace images + $pattern = "/<img([^>]*) src=\"(?!http|https|\/)([^\"]*)\"/"; + $replace = "<img\${1} src=\"" . $base2 . "\${2}\""; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<img([^>]*) src=\"(?!http|https)([^\"]*)\"/"; + $replace = "<img\${1} src=\"" . $base . "\${2}\""; + $text = preg_replace($pattern, $replace, $text); - // Done - return $text; + // Done + return $text; } function item_post_type($item) { - - - switch($item['resource_type']) { - case 'photo': - $post_type = t('photo'); - break; - case 'event': - $post_type = t('event'); - break; - default: - $post_type = t('status'); - if($item['mid'] != $item['parent_mid']) - $post_type = t('comment'); - break; - } + switch($item['resource_type']) { + case 'photo': + $post_type = t('photo'); + break; + case 'event': + $post_type = t('event'); + break; + default: + $post_type = t('status'); + if($item['mid'] != $item['parent_mid']) + $post_type = t('comment'); + break; + } if(strlen($item['verb']) && (! activity_match($item['verb'],ACTIVITY_POST))) $post_type = t('activity'); @@ -1792,6 +1806,7 @@ function is_a_date_arg($s) { return true; } } + return false; } @@ -1811,8 +1826,13 @@ function legal_webbie($s) { function check_webbie($arr) { + $reservechan = get_config('system','reserved_channels'); + if(strlen($reservechan)) + $taken = explode(',', $reservechan); + else + $taken = array(); + $str = ''; - $taken = array(); if(count($arr)) { foreach($arr as $x) { $y = legal_webbie($x); @@ -1838,14 +1858,16 @@ function check_webbie($arr) { } } } + return ''; } - + function ids_to_querystr($arr,$idx = 'id') { $t = array(); foreach($arr as $x) $t[] = $x[$idx]; + return(implode(',', $t)); } @@ -1874,13 +1896,13 @@ function xchan_query(&$items,$abook = true,$effective_uid = 0) { if(count($arr)) { if($abook) { $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash and abook_channel = %d - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )", + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0", intval($item['uid']) ); } else { $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0"); } $xchans = q("select * from xchan where xchan_hash in (" . implode(',',$arr) . ") and xchan_network in ('rss','unknown')"); if(! $chans) @@ -1894,7 +1916,6 @@ function xchan_query(&$items,$abook = true,$effective_uid = 0) { $items[$x]['author'] = find_xchan_in_array($items[$x]['author_xchan'],$chans); } } - } function xchan_mail_query(&$item) { @@ -1909,7 +1930,7 @@ function xchan_mail_query(&$item) { if(count($arr)) { $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )>0"); } if($chans) { $item['from'] = find_xchan_in_array($item['from_xchan'],$chans); @@ -1934,6 +1955,7 @@ function get_rel_link($j,$rel) { foreach($j as $l) if($l['rel'] === $rel) return $l['href']; + return ''; } @@ -1943,7 +1965,7 @@ function get_rel_link($j,$rel) { function magic_link($s) { return $s; } - + // if $escape is true, dbesc() each element before adding quotes function stringify_array_elms(&$arr,$escape = false) { @@ -1960,23 +1982,22 @@ function stringify_array_elms(&$arr,$escape = false) { */ function jindent($json) { - $result = ''; - $pos = 0; - $strLen = strlen($json); - $indentStr = ' '; - $newLine = "\n"; - $prevChar = ''; + $result = ''; + $pos = 0; + $strLen = strlen($json); + $indentStr = ' '; + $newLine = "\n"; + $prevChar = ''; $outOfQuotes = true; for ($i=0; $i<=$strLen; $i++) { - // Grab the next character in the string. $char = substr($json, $i, 1); // Are we inside a quoted string? if ($char == '"' && $prevChar != '\\') { $outOfQuotes = !$outOfQuotes; - + // If this character is the end of an element, // output a new line and indent the next line. } else if(($char == '}' || $char == ']') && $outOfQuotes) { @@ -1986,7 +2007,7 @@ function jindent($json) { $result .= $indentStr; } } - + // Add the character to the result string. $result .= $char; @@ -1997,7 +2018,7 @@ function jindent($json) { if ($char == '{' || $char == '[') { $pos ++; } - + for ($j = 0; $j < $pos; $j++) { $result .= $indentStr; } @@ -2011,22 +2032,31 @@ function jindent($json) { function json_decode_plus($s) { - $x = json_decode($s,true); if(! $x) $x = json_decode(str_replace(array('\\"','\\\\'),array('"','\\'),$s),true); - return $x; + return $x; } function design_tools() { + $channel = get_app()->get_channel(); + $sys = false; + + if(get_app()->is_sys && is_site_admin()) { + require_once('include/identity.php'); + $channel = get_sys_channel(); + $sys = true; + } + $who = $channel['channel_address']; return replace_macros(get_markup_template('design_tools.tpl'), array( '$title' => t('Design'), '$who' => $who, + '$sys' => $sys, '$blocks' => t('Blocks'), '$menus' => t('Menus'), '$layout' => t('Layouts'), @@ -2046,7 +2076,7 @@ function normalise_openid($s) { // used in ajax endless scroll request to find out all the args that the master page was viewing. // This was using $_REQUEST, but $_REQUEST also contains all your cookies. So we're restricting it -// to $_GET. If this is used in a post handler, that decision may need to be considered. +// to $_GET and $_POST. function extra_query_args() { $s = ''; @@ -2054,9 +2084,269 @@ function extra_query_args() { foreach($_GET as $k => $v) { // these are request vars we don't want to duplicate if(! in_array($k, array('q','f','zid','page','PHPSESSID'))) { - $s .= '&' . $k . '=' . $v; + $s .= '&' . $k . '=' . urlencode($v); + } + } + } + if(count($_POST)) { + foreach($_POST as $k => $v) { + // these are request vars we don't want to duplicate + if(! in_array($k, array('q','f','zid','page','PHPSESSID'))) { + $s .= '&' . $k . '=' . urlencode($v); } } } return $s; } + +/** + * This function removes the tag $tag from the text $body and replaces it with + * the appropiate link. + * + * @param unknown_type $body the text to replace the tag in + * @param unknown_type $access_tag - used to return tag ACL exclusions e.g. @!foo + * @param unknown_type $str_tags string to add the tag to + * @param unknown_type $profile_uid + * @param unknown_type $tag the tag to replace + * + * @return boolean true if replaced, false if not replaced + */ +function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { + + $replaced = false; + $r = null; + + $termtype = ((strpos($tag,'#') === 0) ? TERM_HASHTAG : TERM_UNKNOWN); + $termtype = ((strpos($tag,'@') === 0) ? TERM_MENTION : $termtype); + $termtype = ((strpos($tag,'#^[') === 0) ? TERM_BOOKMARK : $termtype); + + //is it a hash tag? + if(strpos($tag,'#') === 0) { + if(strpos($tag,'#^[') === 0) { + if(preg_match('/#\^\[(url|zrl)(.*?)\](.*?)\[\/(url|zrl)\]/',$tag,$match)) { + $basetag = $match[3]; + $url = ((substr($match[2],0,1) === '=') ? substr($match[2],1) : $match[3]); + $replaced = true; + } + } + // if the tag is already replaced... + elseif((strpos($tag,'[zrl=')) || (strpos($tag,'[url='))) { + //...do nothing + return $replaced; + } + if($tag == '#getzot') { + $basetag = 'getzot'; + $url = 'https://redmatrix.me'; + $newtag = '#[zrl=' . $url . ']' . $basetag . '[/zrl]'; + $body = str_replace($tag,$newtag,$body); + $replaced = true; + } + if(! $replaced) { + + //base tag has the tags name only + + if((substr($tag,0,7) === '#"') && (substr($tag,-6,6) === '"')) { + $basetag = substr($tag,7); + $basetag = substr($basetag,0,-6); + } + else + $basetag = str_replace('_',' ',substr($tag,1)); + + //create text for link + $url = $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag); + $newtag = '#[zrl=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/zrl]'; + //replace tag by the link + $body = str_replace($tag, $newtag, $body); + $replaced = true; + } + //is the link already in str_tags? + if(! stristr($str_tags,$newtag)) { + //append or set str_tags + if(strlen($str_tags)) + $str_tags .= ','; + + $str_tags .= $newtag; + } + return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $basetag, 'url' => $url, 'contact' => $r[0]); + } + + //is it a person tag? + + if(strpos($tag,'@') === 0) { + + // The @! tag will alter permissions + $exclusive = ((strpos($tag,'!') === 1) ? true : false); + + //is it already replaced? + if(strpos($tag,'[zrl=')) + return $replaced; + + //get the person's name + + $name = substr($tag,(($exclusive) ? 2 : 1)); // The name or name fragment we are going to replace + $newname = $name; // a copy that we can mess with + $tagcid = 0; + + $r = null; + + // is it some generated name? + + $forum = false; + $trailing_plus_name = false; + + // @channel+ is a forum or network delivery tag + + if(substr($newname,-1,1) === '+') { + $forum = true; + $newname = substr($newname,0,-1); + } + + // Here we're looking for an address book entry as provided by the auto-completer + // of the form something+nnn where nnn is an abook_id or the first chars of xchan_hash + + if(strrpos($newname,'+')) { + //get the id + + if(strrpos($tagcid,' ')) + $tagcid = substr($tagcid,0,strrpos($tagcid,' ')); + + $tagcid = substr($newname,strrpos($newname,'+') + 1); + + if(strlen($tagcid) < 16) + $abook_id = intval($tagcid); + //remove the next word from tag's name + if(strpos($name,' ')) { + $name = substr($name,0,strpos($name,' ')); + } + + if($abook_id) { // if there was an id + // select channel with that id from the logged in user's address book + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + intval($abook_id), + intval($profile_uid) + ); + } + else { + $r = q("SELECT * FROM xchan + WHERE xchan_hash like '%s%%' LIMIT 1", + dbesc($tagcid) + ); + } + } + + if(! $r) { + + // look for matching names in the address book + + // Two ways to deal with spaces - double quote the name or use underscores + // we see this after input filtering so quotes have been html entity encoded + + if((substr($name,0,6) === '"') && (substr($name,-6,6) === '"')) { + $newname = substr($name,6); + $newname = substr($newname,0,-6); + } + else + $newname = str_replace('_',' ',$name); + + // do this bit over since we started over with $name + + if(substr($newname,-1,1) === '+') { + $forum = true; + $newname = substr($newname,0,-1); + } + + //select someone from this user's contacts by name + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", + dbesc($newname), + intval($profile_uid) + ); + + if(! $r) { + //select someone by attag or nick and the name passed in + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE xchan_addr like ('%s') AND abook_channel = %d LIMIT 1", + dbesc(((strpos($newname,'@')) ? $newname : $newname . '@%')), + intval($profile_uid) + ); + } + + if(! $r) { + // it's possible somebody has a name ending with '+', which we stripped off as a forum indicator + // This is very rare but we want to get it right. + + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", + dbesc($newname . '+'), + intval($profile_uid) + ); + if($r) + $trailing_plus_name = true; + } + } + + // $r is set if we found something + + $channel = get_app()->get_channel(); + + if($r) { + $profile = $r[0]['xchan_url']; + $newname = $r[0]['xchan_name']; + // add the channel's xchan_hash to $access_tag if exclusive + if($exclusive) { + $access_tag .= 'cid:' . $r[0]['xchan_hash']; + } + } + else { + // check for a group/collection exclusion tag + + // note that we aren't setting $replaced even though we're replacing text. + // This tag isn't going to get a term attached to it. It's only used for + // access control. The link points to out own channel just so it doesn't look + // weird - as all the other tags are linked to something. + + if(local_user() && local_user() == $profile_uid) { + require_once('include/group.php'); + $grp = group_byname($profile_uid,$name); + + if($grp) { + $g = q("select hash from groups where id = %d and visible = 1 limit 1", + intval($grp) + ); + if($g && $exclusive) { + $access_tag .= 'gid:' . $g[0]['hash']; + } + $channel = get_app()->get_channel(); + if($channel) { + $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $newname . '[/zrl]'; + $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); + } + } + } + } + + if(($exclusive) && (! $access_tag)) { + $access_tag .= 'cid:' . $channel['channel_hash']; + } + + // if there is an url for this channel + + if(isset($profile)) { + $replaced = true; + //create profile link + $profile = str_replace(',','%2c',$profile); + $url = $profile; + $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . (($forum && ! $trailing_plus_name) ? '+' : '') . '[/zrl]'; + $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); + //append tag to str_tags + if(! stristr($str_tags,$newtag)) { + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + } + } + + return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $newname, 'url' => $url, 'contact' => $r[0]); +} diff --git a/include/widgets.php b/include/widgets.php index 2e406aa77..18778ed36 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -1,4 +1,9 @@ -<?php /** @file */ +<?php +/** + * @file include/widgets.php + * + * @brief This file contains the widgets. + */ require_once('include/dir_fns.php'); require_once('include/contact_widgets.php'); @@ -6,7 +11,7 @@ require_once('include/contact_widgets.php'); function widget_profile($args) { $a = get_app(); - $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); + $block = (((get_config('system', 'block_public')) && (! local_user()) && (! remote_user())) ? true : false); return profile_sidebar($a->profile, $block, true); } @@ -16,14 +21,15 @@ function widget_profile($args) { function widget_tagcloud($args) { $o = ''; - $tab = 0; + //$tab = 0; $a = get_app(); $uid = $a->profile_uid; $count = ((x($args,'count')) ? intval($args['count']) : 24); $flags = 0; $type = TERM_CATEGORY; - $r = tagadelic($uid,$count,$authors,$flags,ITEM_WEBPAGE,$type); + // FIXME there exists no $authors variable + $r = tagadelic($uid, $count, $authors, $flags, ITEM_WEBPAGE, $type); if($r) { $o = '<div class="tagblock widget"><h3>' . t('Categories') . '</h3><div class="tags" align="center">'; @@ -75,9 +81,8 @@ function widget_collections($args) { return ''; break; } - - return group_side($every, $each, $edit, $current, $abook_id, $wmode); + return group_side($every, $each, $edit, $current, $abook_id, $wmode); } @@ -93,7 +98,6 @@ function widget_appselect($arr) { } - function widget_suggestions($arr) { if((! local_user()) || (! feature_enabled(local_user(),'suggest'))) @@ -114,16 +118,13 @@ function widget_suggestions($arr) { // This will throw some entropy intot he situation so you won't // be looking at the same two mug shots every time the widget runs - $index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0); - for($x = $index; $x <= ($index+1); $x ++) { - $rr = $r[$x]; if(! $rr['xchan_url']) break; - + $connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr']; $arr[] = array( @@ -138,7 +139,6 @@ function widget_suggestions($arr) { ); } - $o = replace_macros(get_markup_template('suggest_widget.tpl'),array( '$title' => t('Suggestions'), '$more' => t('See more...'), @@ -146,16 +146,16 @@ function widget_suggestions($arr) { )); return $o; - } function widget_follow($args) { if(! local_user()) return ''; + $a = get_app(); $uid =$a->channel['channel_id']; - $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", + $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ", intval($uid), intval(ABOOK_FLAG_SELF) ); @@ -163,10 +163,10 @@ function widget_follow($args) { $total_channels = $r[0]['total']; $limit = service_class_fetch($uid,'total_channels'); if($limit !== false) { - $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit); + $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit); } else { - $abook_usage_message = ''; + $abook_usage_message = ''; } return replace_macros(get_markup_template('follow.tpl'),array( '$connect' => t('Add New Connection'), @@ -175,7 +175,6 @@ function widget_follow($args) { '$follow' => t('Connect'), '$abook_usage_message' => $abook_usage_message )); - } @@ -192,6 +191,7 @@ function widget_notes($arr) { '$text' => $text, '$save' => t('Save'), )); + return $o; } @@ -220,7 +220,7 @@ function widget_savedsearch($arr) { } if(x($_GET,'searchremove') && $search) { - q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", + q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s'", intval(local_user()), intval(TERM_SAVEDSEARCH), dbesc($search) @@ -228,8 +228,6 @@ function widget_savedsearch($arr) { $search = ''; } - - $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/searchsave\=[^\&].*?(\&|$)/is','',$srchurl),'&'); @@ -238,9 +236,13 @@ function widget_savedsearch($arr) { $hasq = ((strpos($srchurl,'?') !== false) ? true : false); $srchurl = rtrim(preg_replace('/search\=[^\&].*?(\&|$)/is','',$srchurl),'&'); + $srchurl = rtrim(preg_replace('/submit\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); + + $hasq = ((strpos($srchurl,'?') !== false) ? true : false); - + + $o = ''; $r = q("select `tid`,`term` from `term` WHERE `uid` = %d and `type` = %d ", @@ -252,31 +254,28 @@ function widget_savedsearch($arr) { if(count($r)) { foreach($r as $rr) { - $saved[] = array( 'id' => $rr['tid'], - 'term' => $rr['term'], + 'term' => $rr['term'], 'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&searchremove=1&search=' . urlencode($rr['term']), 'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&search=' . urlencode($rr['term']), 'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'), - 'encodedterm' => urlencode($rr['term']), - 'delete' => t('Remove term'), - 'selected' => ($search==$rr['term']), + 'encodedterm' => urlencode($rr['term']), + 'delete' => t('Remove term'), + 'selected' => ($search==$rr['term']), ); } - } + } - $tpl = get_markup_template("saved_searches.tpl"); $o = replace_macros($tpl, array( '$title' => t('Saved Searches'), '$add' => t('add'), - '$searchbox' => searchbox($search,'netsearch-box',$srchurl . (($hasq) ? '' : '?f='),true), + '$searchbox' => searchbox($search, 'netsearch-box', $srchurl . (($hasq) ? '' : '?f='), true), '$saved' => $saved, )); return $o; - } @@ -306,7 +305,6 @@ function widget_filer($arr) { '$all' => t('Everything'), '$terms' => $terms, '$base' => z_root() . '/' . $a->cmd - )); } @@ -327,22 +325,32 @@ function widget_archive($arr) { if(! perm_is_allowed($uid,get_observer_hash(),'view_stream')) return ''; - $wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0); $style = ((array_key_exists('style', $arr)) ? $arr['style'] : 'select'); - $url = z_root() . '/' . $a->cmd; + $showend = ((get_pconfig($uid,'system','archive_show_end_date')) ? true : false); + $mindate = get_pconfig($uid,'system','archive_mindate'); + $visible_years = get_pconfig($uid,'system','archive_visible_years'); + if(! $visible_years) + $visible_years = 5; + $url = z_root() . '/' . $a->cmd; - $ret = list_post_dates($uid,$wall); + $ret = list_post_dates($uid,$wall,$mindate); if(! count($ret)) return ''; + $cutoff_year = intval(datetime_convert('',date_default_timezone_get(),'now','Y')) - $visible_years; + $cutoff = ((array_key_exists($cutoff_year,$ret))? true : false); + $o = replace_macros(get_markup_template('posted_date_widget.tpl'),array( '$title' => t('Archives'), - '$size' => ((count($ret) > 6) ? 6 : count($ret)), + '$size' => $visible_years, + '$cutoff_year' => $cutoff_year, + '$cutoff' => $cutoff, '$url' => $url, '$style' => $style, + '$showend' => $showend, '$dates' => $ret )); return $o; @@ -354,7 +362,7 @@ function widget_fullprofile($arr) { if(! $a->profile['profile_uid']) return; - $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); + $block = (((get_config('system', 'block_public')) && (! local_user()) && (! remote_user())) ? true : false); return profile_sidebar($a->profile, $block); } @@ -362,32 +370,45 @@ function widget_fullprofile($arr) { function widget_categories($arr) { $a = get_app(); - if($a->profile['profile_uid'] && (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream'))) return ''; - $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); - return categories_widget($srchurl,$cat); + return categories_widget($srchurl, $cat); } function widget_tagcloud_wall($arr) { $a = get_app(); + if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) return ''; - if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')) + if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream')) return ''; - $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); - if(feature_enabled($a->profile['profile_uid'],'tagadelic')) - return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL); + $limit = ((array_key_exists('limit', $arr)) ? intval($arr['limit']) : 50); + if(feature_enabled($a->profile['profile_uid'], 'tagadelic')) + return wtagblock($a->profile['profile_uid'], $limit, $a->profile['channel_hash'], ITEM_WALL); + return ''; } +function widget_catcloud_wall($arr) { + $a = get_app(); + + if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) + return ''; + if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream')) + return ''; + + $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); + + return catblock($a->profile['profile_uid'], $limit, $a->profile['channel_hash'], ITEM_WALL); +} + function widget_affinity($arr) { @@ -400,7 +421,7 @@ function widget_affinity($arr) { if(feature_enabled(local_user(),'affinity')) { $tpl = get_markup_template('main_slider.tpl'); $x = replace_macros($tpl,array( - '$val' => $cmin . ';' . $cmax, + '$val' => $cmin . ',' . $cmax, '$refresh' => t('Refresh'), '$me' => t('Me'), '$intimate' => t('Best Friends'), @@ -414,6 +435,7 @@ function widget_affinity($arr) { call_hooks('main_slider',$arr); return $arr['html']; } + return ''; } @@ -432,27 +454,26 @@ function widget_settings_menu($arr) { $role = get_pconfig(local_user(),'system','permissions_role'); - $abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d ) limit 1", + $abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d )>0 limit 1", intval(local_user()), intval(ABOOK_FLAG_SELF) ); if($abk) $abook_self_id = $abk[0]['abook_id']; - $tabs = array( array( 'label' => t('Account settings'), 'url' => $a->get_baseurl(true).'/settings/account', 'selected' => ((argv(1) === 'account') ? 'active' : ''), ), - + array( 'label' => t('Channel settings'), 'url' => $a->get_baseurl(true).'/settings/channel', 'selected' => ((argv(1) === 'channel') ? 'active' : ''), ), - + array( 'label' => t('Additional features'), 'url' => $a->get_baseurl(true).'/settings/features', @@ -470,7 +491,7 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true).'/settings/display', 'selected' => ((argv(1) === 'display') ? 'active' : ''), ), - + array( 'label' => t('Connected apps'), 'url' => $a->get_baseurl(true) . '/settings/oauth', @@ -479,13 +500,7 @@ function widget_settings_menu($arr) { array( 'label' => t('Export channel'), - 'url' => $a->get_baseurl(true) . '/uexport/basic', - 'selected' => '' - ), - - array( - 'label' => t('Export content'), - 'url' => $a->get_baseurl(true) . '/uexport/complete', + 'url' => $a->get_baseurl(true) . '/uexport', 'selected' => '' ), @@ -493,7 +508,7 @@ function widget_settings_menu($arr) { if($role === false || $role === 'custom') { $tabs[] = array( - 'label' => t('Automatic Permissions (Advanced)'), + 'label' => t('Connection Default Permissions'), 'url' => $a->get_baseurl(true) . '/connedit/' . $abook_self_id, 'selected' => '' ); @@ -505,7 +520,6 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true) . '/connect/' . $channel['channel_address'], 'selected' => '' ); - } if(feature_enabled(local_user(),'channel_sources')) { @@ -514,18 +528,14 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true) . '/sources', 'selected' => '' ); - } - - $tabtpl = get_markup_template("generic_links_widget.tpl"); return replace_macros($tabtpl, array( '$title' => t('Settings'), '$class' => 'settings-widget', '$items' => $tabs, )); - } @@ -536,9 +546,7 @@ function widget_mailmenu($arr) { $a = get_app(); return replace_macros(get_markup_template('message_side.tpl'), array( '$title' => t('Messages'), - '$tabs'=> array(), - '$check'=>array( 'label' => t('Check Mail'), 'url' => $a->get_baseurl(true) . '/message', @@ -549,9 +557,7 @@ function widget_mailmenu($arr) { 'url' => $a->get_baseurl(true) . '/mail/new', 'sel'=> (argv(1) == 'new'), ) - )); - } function widget_design_tools($arr) { @@ -561,8 +567,8 @@ function widget_design_tools($arr) { // otherwise local_user() is sufficient for permissions. if($a->profile['profile_uid']) - if($a->profile['profile_uid'] != local_user()) - return ''; + if(($a->profile['profile_uid'] != local_user()) && (! $a->is_sys)) + return ''; if(! local_user()) return ''; @@ -577,23 +583,25 @@ function widget_findpeople($arr) { function widget_photo_albums($arr) { $a = get_app(); + if(! $a->profile['profile_uid']) return ''; $channelx = channelx_by_n($a->profile['profile_uid']); - if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_photos'))) + if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_photos'))) return ''; - return photos_album_widget($channelx,$a->get_observer()); + require_once('include/photos.php'); + return photos_album_widget($channelx, $a->get_observer()); } function widget_vcard($arr) { require_once ('include/Contact.php'); - return vcard_from_xchan('',get_app()->get_observer()); + return vcard_from_xchan('', get_app()->get_observer()); } -/** +/* * The following directory widgets are only useful on the directory page */ @@ -606,21 +614,23 @@ function widget_dirsort($arr) { } function widget_dirtags($arr) { - return dir_tagblock(z_root() . '/directory',null); + return dir_tagblock(z_root() . '/directory', null); } function widget_menu_preview($arr) { if(! get_app()->data['menu_item']) return; require_once('include/menu.php'); + return menu_render(get_app()->data['menu_item']); } function widget_chatroom_list($arr) { $a = get_app(); + require_once("include/chat.php"); $r = chatroom_list($a->profile['profile_uid']); - return replace_macros(get_markup_template('chatroomlist.tpl'),array( + return replace_macros(get_markup_template('chatroomlist.tpl'), array( '$header' => t('Chat Rooms'), '$baseurl' => z_root(), '$nickname' => $a->profile['channel_address'], @@ -633,11 +643,13 @@ function widget_bookmarkedchats($arr) { if(! $h) return; $r = q("select * from xchat where xchat_xchan = '%s' group by xchat_url order by xchat_desc", - dbesc($h) + dbesc($h) ); - - for($x = 0; $x < count($r); $x ++) - $r[$x]['xchat_url'] = zid($r[$x]['xchat_url']); + if($r) { + for($x = 0; $x < count($r); $x ++) { + $r[$x]['xchat_url'] = zid($r[$x]['xchat_url']); + } + } return replace_macros(get_markup_template('bookmarkedchats.tpl'),array( '$header' => t('Bookmarked Chatrooms'), '$rooms' => $r @@ -653,9 +665,11 @@ function widget_suggestedchats($arr) { if(! $h) return; $r = q("select *, count(xchat_url) as total from xchat group by xchat_url order by total desc, xchat_desc limit 24"); - - for($x = 0; $x < count($r); $x ++) - $r[$x]['xchat_url'] = zid($r[$x]['xchat_url']); + if($r) { + for($x = 0; $x < count($r); $x ++) { + $r[$x]['xchat_url'] = zid($r[$x]['xchat_url']); + } + } return replace_macros(get_markup_template('bookmarkedchats.tpl'),array( '$header' => t('Suggested Chatrooms'), '$rooms' => $r @@ -663,17 +677,17 @@ function widget_suggestedchats($arr) { } function widget_item($arr) { + // FIXME there is no $a here $uid = $a->profile['profile_uid']; if((! $uid) || (! $arr['mid'])) return ''; - if(! perm_is_allowed($uid,get_observer_hash(),'view_pages')) + if(! perm_is_allowed($uid, get_observer_hash(), 'view_pages')) return ''; require_once('include/security.php'); $sql_extra = item_permissions_sql($uid); - $r = q("select * from item where mid = '%s' and uid = %d and item_restrict = " . intval(ITEM_WEBPAGE) . " $sql_extra limit 1", dbesc($arr['mid']), intval($uid) @@ -683,11 +697,10 @@ function widget_item($arr) { return ''; xchan_query($r); - $r = fetch_post_tags($r,true); + $r = fetch_post_tags($r, true); - $o .= prepare_page($r[0]); + $o = prepare_page($r[0]); return $o; - } function widget_clock($arr) { @@ -757,18 +770,17 @@ return $o; * URL must be an http or https URL */ - function widget_photo($arr) { $style = $zrl = false; - $params = ''; - if(array_key_exists('src',$arr) && isset($arr['src'])) + + if(array_key_exists('src', $arr) && isset($arr['src'])) $url = $arr['src']; if(strpos($url,'http') !== 0) return ''; - if(array_key_exists('style',$arr) && isset($arr['style'])) + if(array_key_exists('style', $arr) && isset($arr['style'])) $style = $arr['style']; // ensure they can't sneak in an eval(js) function @@ -776,7 +788,7 @@ function widget_photo($arr) { if(strpos($style,'(') !== false) return ''; - if(array_key_exists('zrl',$arr) && isset($arr['zrl'])) + if(array_key_exists('zrl', $arr) && isset($arr['zrl'])) $zrl = (($arr['zrl']) ? true : false); if($zrl) @@ -786,9 +798,108 @@ function widget_photo($arr) { $o .= '<img ' . (($zrl) ? ' class="zrl" ' : '') . (($style) ? ' style="' . $style . '"' : '') - . ' src="' . $url . '" />'; + . ' src="' . $url . '" alt="' . t('photo/image') . '">'; + + $o .= '</div>'; + + return $o; +} + + +function widget_photo_rand($arr) { + + require_once('include/photos.php'); + $style = false; + + if(array_key_exists('album', $arr) && isset($arr['album'])) + $album = $arr['album']; + else + $album = ''; + + $channel_id = 0; + if(array_key_exists('channel_id', $arr) && intval($arr['channel_id'])) + $channel_id = intval($arr['channel_id']); + if(! $channel_id) + $channel_id = get_app()->profile_uid; + if(! $channel_id) + return ''; + + $scale = ((array_key_exists('scale',$arr)) ? intval($arr['scale']) : 0); + + $ret = photos_list_photos(array('channel_id' => $channel_id),get_app()->get_observer(),$album); + + $filtered = array(); + if($ret['success'] && $ret['photos']) + foreach($ret['photos'] as $p) + if($p['scale'] == $scale) + $filtered[] = $p['src']; + + if($filtered) { + $e = mt_rand(0, count($filtered) - 1); + $url = $filtered[$e]; + } + + if(strpos($url, 'http') !== 0) + return ''; + + if(array_key_exists('style', $arr) && isset($arr['style'])) + $style = $arr['style']; + + // ensure they can't sneak in an eval(js) function + + if(strpos($style,'(') !== false) + return ''; + + $url = zid($url); + + $o = '<div class="widget">'; + + $o .= '<img class="zrl" ' + . (($style) ? ' style="' . $style . '"' : '') + . ' src="' . $url . '" alt="' . t('photo/image') . '">'; $o .= '</div>'; return $o; } + + +function widget_random_block($arr) { + + $channel_id = 0; + if(array_key_exists('channel_id',$arr) && intval($arr['channel_id'])) + $channel_id = intval($arr['channel_id']); + if(! $channel_id) + $channel_id = get_app()->profile_uid; + if(! $channel_id) + return ''; + + if(array_key_exists('contains',$arr)) + $contains = $arr['contains']; + + $o = ''; + + require_once('include/security.php'); + $sql_options = item_permissions_sql($channel_id); + + $randfunc = db_getfunc('RAND'); + + $r = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid like '%s' and service = 'BUILDBLOCK' and + item_restrict = %d $sql_options order by $randfunc limit 1", + intval($channel_id), + dbesc('%' . $contains . '%'), + intval(ITEM_BUILDBLOCK) + ); + + if($r) { + $o = '<div class="widget bblock">'; + if($r[0]['title']) + $o .= '<h3>' . $r[0]['title'] . '</h3>'; + + $o .= prepare_text($r[0]['body'],$r[0]['mimetype']); + $o .= '</div>'; + } + + return $o; +} diff --git a/include/zot.php b/include/zot.php index e96eae10d..c88b2a369 100644 --- a/include/zot.php +++ b/include/zot.php @@ -5,7 +5,7 @@ require_once('include/items.php'); require_once('include/hubloc.php'); /** - * Red implementation of zot protocol. + * Red implementation of zot protocol. * * https://github.com/friendica/red/wiki/zot * https://github.com/friendica/red/wiki/Zot---A-High-Level-Overview @@ -20,8 +20,8 @@ require_once('include/hubloc.php'); * Generates a unique string for use as a zot guid using our DNS-based url, the channel nickname and some entropy. * The entropy ensures uniqueness against re-installs where the same URL and nickname are chosen. * NOTE: zot doesn't require this to be unique. Internally we use a whirlpool hash of this guid and the signature - * of this guid signed with the channel private key. This can be verified and should make the probability of - * collision of the verified result negligible within the constraints of our immediate universe. + * of this guid signed with the channel private key. This can be verified and should make the probability of + * collision of the verified result negligible within the constraints of our immediate universe. * * @param string channel_nickname = unique nickname of controlling entity * @@ -51,7 +51,7 @@ function make_xchan_hash($guid,$guid_sig) { /** * @function zot_get_hublocs($hash) - * Given a zot hash, return all distinct hubs. + * Given a zot hash, return all distinct hubs. * This function is used in building the zot discovery packet * and therefore should only be used by channels which are defined * on this hub @@ -71,7 +71,7 @@ function make_xchan_hash($guid,$guid_sig) { * hubloc_connect char(255) * hubloc_sitekey text * hubloc_updated datetime - * hubloc_connected datetime + * hubloc_connected datetime * */ @@ -79,32 +79,32 @@ function zot_get_hublocs($hash) { /** Only search for active hublocs - e.g. those that haven't been marked deleted */ - $ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d ) group by hubloc_url ", + $ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d )>0 order by hubloc_url ", dbesc($hash), intval(HUBLOC_FLAGS_DELETED) ); return $ret; } - + /** * * @function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_key = null, $secret = null) * builds a zot notification packet that you can either - * store in the queue with a message array or call zot_zot to immediately + * store in the queue with a message array or call zot_zot to immediately * zot it to the other side * * @param array $channel => sender channel structure * @param string $type => packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'force_refresh', 'notify', 'auth_check' * @param array $recipients => envelope information, array ( 'guid' => string, 'guid_sig' => string ); empty for public posts * @param string $remote_key => optional public site key of target hub used to encrypt entire packet - * NOTE: remote_key and encrypted packets are required for 'auth_check' packets, optional for all others + * NOTE: remote_key and encrypted packets are required for 'auth_check' packets, optional for all others * @param string $secret => random string, required for packets which require verification/callback - * e.g. 'pickup', 'purge', 'notify', 'auth_check'. Packet types 'ping', 'force_refresh', and 'refresh' do not require verification + * e.g. 'pickup', 'purge', 'notify', 'auth_check'. Packet types 'ping', 'force_refresh', and 'refresh' do not require verification * * @returns string json encoded zot packet */ -function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_key = null, $secret = null) { +function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_key = null, $secret = null, $extra = null) { $data = array( 'type' => $type, @@ -129,6 +129,12 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_ $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'])); } + if($extra) { + foreach($extra as $k => $v) + $data[$k] = $v; + } + + logger('zot_build_packet: ' . print_r($data,true), LOGGER_DATA); // Hush-hush ultra top-secret mode @@ -188,14 +194,15 @@ function zot_finger($webbie,$channel,$autofallback = true) { logger('zot_finger: no address :' . $webbie); return array('success' => false); } - + logger('using xchan_addr: ' . $xchan_addr, LOGGER_DATA); + // potential issue here; the xchan_addr points to the primary hub. // The webbie we were called with may not, so it might not be found // unless we query for hubloc_addr instead of xchan_addr $r = q("select xchan.*, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", + where xchan_addr = '%s' and (hubloc_flags & %d) > 0 limit 1", dbesc($xchan_addr), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -205,6 +212,7 @@ function zot_finger($webbie,$channel,$autofallback = true) { if($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') { logger('zot_finger: alternate network: ' . $webbie); + logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA); return array('success' => false); } } @@ -293,7 +301,7 @@ function zot_refresh($them,$channel = null, $force = false) { if($them['hubloc_url']) $url = $them['hubloc_url']; else { - $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1", + $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) > 0 limit 1", dbesc($them['xchan_hash']), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -375,7 +383,7 @@ function zot_refresh($them,$channel = null, $force = false) { } } - $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", + $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 limit 1", dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) @@ -401,7 +409,7 @@ function zot_refresh($them,$channel = null, $force = false) { $y = q("update abook set abook_their_perms = %d, abook_dob = '%s' where abook_xchan = '%s' and abook_channel = %d - and not (abook_flags & %d) limit 1", + and not (abook_flags & %d) > 0 ", intval($their_perms), dbesc($next_birthday), dbesc($x['hash']), @@ -413,7 +421,8 @@ function zot_refresh($them,$channel = null, $force = false) { // if they are in your address book but you aren't in theirs, and/or this does not // match your current connected state setting, toggle it. - + // FIXME: uncoverted to postgres + // FIXME: when this was enabled, all contacts became unconnected. Currently disabled intentionally // $y1 = q("update abook set abook_flags = (abook_flags ^ %d) // where abook_xchan = '%s' and abook_channel = %d // and not (abook_flags & %d) limit 1", @@ -433,15 +442,15 @@ function zot_refresh($them,$channel = null, $force = false) { } } else { - $default_perms = 0; - // look for default permissions to apply in return - e.g. auto-friend - $z = q("select * from abook where abook_channel = %d and (abook_flags & %d) limit 1", - intval($channel['channel_id']), - intval(ABOOK_FLAG_SELF) - ); - - if($z) - $default_perms = intval($z[0]['abook_my_perms']); + $role = get_pconfig($channel['channel_id'],'system','permissions_role'); + if($role) { + $xx = get_role_perms($role); + if($xx['perms_auto']) + $default_perms = $xx['perms_accept']; + } + if(! $default_perms) + $default_perms = intval(get_pconfig($channel['channel_id'],'system','autoperms')); + // Keep original perms to check if we need to notify them $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); @@ -463,7 +472,7 @@ function zot_refresh($them,$channel = null, $force = false) { $new_perms = get_all_perms($channel['channel_id'],$x['hash']); if($new_perms != $previous_perms) { // Send back a permissions update if permissions have changed - $z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", + $z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 limit 1", dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) @@ -693,10 +702,10 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $dirmode = get_config('system','directory_mode'); - if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) -&& ($arr['site']['url'] != z_root())) + if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) && ($arr['site']['url'] != z_root())) $arr['searchable'] = false; + $hidden = (1 - intval($arr['searchable'])); // Be careful - XCHAN_FLAGS_HIDDEN should evaluate to 1 @@ -715,6 +724,11 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { if($deleted_changed) $new_flags = $new_flags ^ XCHAN_FLAGS_DELETED; + $public_forum = (($r[0]['xchan_flags'] & XCHAN_FLAGS_PUBFORUM) ? true : false); + $pubforum_changed = ((intval($public_forum) != intval($arr['public_forum'])) ? true : false); + if($pubforum_changed) + $new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_PUBFORUM; + if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags) @@ -724,7 +738,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { || ($r[0]['xchan_url'] != $arr['url'])) { $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_flags = %d, - xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s' limit 1", + xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s'", dbesc(($arr['name']) ? $arr['name'] : '-'), dbesc($arr['name_updated']), dbesc($arr['connections_url']), @@ -777,8 +791,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { dbesc($arr['connect_url']), dbesc(($arr['name']) ? $arr['name'] : '-'), dbesc('zot'), - dbesc($arr['photo_updated']), - dbesc($arr['name_updated']), + dbescdate($arr['photo_updated']), + dbescdate($arr['name_updated']), intval($new_flags) ); @@ -819,7 +833,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { // importing the photo failed somehow. Leave the photo_date alone so we can try again at a later date. // This often happens when somebody joins the matrix with a bad cert. $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' - where xchan_hash = '%s' limit 1", + where xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), @@ -829,8 +843,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { } else { $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' - where xchan_hash = '%s' limit 1", - dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), + where xchan_hash = '%s'", + dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), @@ -890,10 +904,10 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { else { logger('import_xchan: profile not available - hiding'); // they may have made it private - $r = q("delete from xprof where xprof_hash = '%s' limit 1", + $r = q("delete from xprof where xprof_hash = '%s'", dbesc($xchan_hash) ); - $r = q("delete from xtag where xtag_hash = '%s' limit 1", + $r = q("delete from xtag where xtag_hash = '%s'", dbesc($xchan_hash) ); } @@ -915,7 +929,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { } elseif(! $ud_flags) { // nothing changed but we still need to update the updates record - q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) ", + q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ", intval(UPDATE_FLAGS_UPDATED), dbesc($address), intval(UPDATE_FLAGS_UPDATED) @@ -965,14 +979,14 @@ function zot_process_response($hub,$arr,$outq) { // async messages remain in the queue until processed. if(intval($outq['outq_async'])) { - $r = q("update outq set outq_delivered = 1, outq_updated = '%s' where outq_hash = '%s' and outq_channel = %d limit 1", + $r = q("update outq set outq_delivered = 1, outq_updated = '%s' where outq_hash = '%s' and outq_channel = %d", dbesc(datetime_convert()), dbesc($outq['outq_hash']), intval($outq['outq_channel']) ); } else { - $r = q("delete from outq where outq_hash = '%s' and outq_channel = %d limit 1", + $r = q("delete from outq where outq_hash = '%s' and outq_channel = %d", dbesc($outq['outq_hash']), intval($outq['outq_channel']) ); @@ -1065,7 +1079,7 @@ function zot_import($arr, $sender_url) { if(array_key_exists('iv',$i['notify'])) { $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true); - } + } logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA); @@ -1075,6 +1089,9 @@ function zot_import($arr, $sender_url) { continue; } + $message_request = ((array_key_exists('message_id',$i['notify'])) ? true : false); + if($message_request) + logger('processing message request'); $i['notify']['sender']['hash'] = make_xchan_hash($i['notify']['sender']['guid'],$i['notify']['sender']['guid_sig']); $deliveries = null; @@ -1087,7 +1104,7 @@ function zot_import($arr, $sender_url) { } stringify_array_elms($recip_arr); $recips = implode(',',$recip_arr); - $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d ) ", + $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d )>0 ", intval(PAGE_REMOVED) ); if(! $r) { @@ -1098,7 +1115,7 @@ function zot_import($arr, $sender_url) { // It's a specifically targetted post. If we were sent a public_scope hint (likely), // get rid of it so that it doesn't get stored and cause trouble. - if(array_key_exists('message',$i) && array_key_exists('public_scope',$i['message'])) + if(($i) && is_array($i) && array_key_exists('message',$i) && is_array($i['message']) && array_key_exists('public_scope',$i['message'])) unset($i['message']['public_scope']); $deliveries = $r; @@ -1176,7 +1193,7 @@ function zot_import($arr, $sender_url) { logger('Activity recipients: ' . print_r($deliveries,true), LOGGER_DATA); $relay = ((array_key_exists('flags',$i['message']) && in_array('relay',$i['message']['flags'])) ? true : false); - $result = process_delivery($i['notify']['sender'],$arr,$deliveries,$relay); + $result = process_delivery($i['notify']['sender'],$arr,$deliveries,$relay,false,$message_request); } elseif($i['message']['type'] === 'mail') { @@ -1239,8 +1256,14 @@ function zot_import($arr, $sender_url) { function public_recips($msg) { + + require_once('include/identity.php'); + $check_mentions = false; + $include_sys = false; + if($msg['message']['type'] === 'activity') { + $include_sys = true; $col = 'channel_w_stream'; $field = PERMS_W_STREAM; if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { @@ -1269,9 +1292,9 @@ function public_recips($msg) { if($msg['notify']['sender']['url'] === z_root()) - $sql = " where (( " . $col . " & " . PERMS_NETWORK . " ) or ( " . $col . " & " . PERMS_SITE . " ) or ( " . $col . " & " . PERMS_PUBLIC . ")) "; + $sql = " where (( " . $col . " & " . PERMS_NETWORK . " )>0 or ( " . $col . " & " . PERMS_SITE . " )>0 or ( " . $col . " & " . PERMS_PUBLIC . ")>0) "; else - $sql = " where (( " . $col . " & " . PERMS_NETWORK . " ) or ( " . $col . " & " . PERMS_PUBLIC . ")) "; + $sql = " where (( " . $col . " & " . PERMS_NETWORK . " )>0 or ( " . $col . " & " . PERMS_PUBLIC . ")>0) "; $r = q("select channel_hash as hash from channel $sql or channel_hash = '%s' ", @@ -1281,7 +1304,7 @@ function public_recips($msg) { if(! $r) $r = array(); - $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ", + $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " )>0 and (( " . $col . " & " . PERMS_SPECIFIC . " )>0 and ( abook_my_perms & " . $field . " )>0) OR ( " . $col . " & " . PERMS_PENDING . " )>0 OR (( " . $col . " & " . PERMS_CONTACTS . " )>0 and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )>0) ", dbesc($msg['notify']['sender']['hash']) ); @@ -1290,6 +1313,14 @@ function public_recips($msg) { $r = array_merge($r,$x); + //logger('message: ' . print_r($msg['message'],true)); + + if($include_sys && array_key_exists('public_scope',$msg['message']) && $msg['message']['public_scope'] === 'public') { + $sys = get_sys_channel(); + if($sys) + $r[] = array('hash' => $sys['channel_hash']); + } + // look for any public mentions on this site // They will get filtered by tgroup_check() so we don't need to check permissions now @@ -1320,7 +1351,7 @@ function public_recips($msg) { function allowed_public_recips($msg) { - logger('allowed_public_recips: ' . print_r($msg,true)); + logger('allowed_public_recips: ' . print_r($msg,true),LOGGER_DATA); $recips = public_recips($msg); @@ -1357,7 +1388,7 @@ function allowed_public_recips($msg) { $condensed_recips[] = $rr['hash']; $results = array(); - $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d ) ", + $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d )>0 ", dbesc($hash), intval(PAGE_REMOVED) ); @@ -1373,7 +1404,7 @@ function allowed_public_recips($msg) { } -function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { +function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$request = false) { $result = array(); @@ -1386,8 +1417,9 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { return; } } - + foreach($deliveries as $d) { + $local_public = $public; $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) ); @@ -1397,8 +1429,23 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { continue; } + $channel = $r[0]; + // allow public postings to the sys channel regardless of permissions + if(($channel['channel_pageflags'] & PAGE_SYSTEM) && (! $arr['item_private'])) { + $local_public = true; + + $r = q("select xchan_flags from xchan where xchan_hash = '%s' limit 1", + dbesc($sender['hash']) + ); + // don't import sys channel posts from selfcensored authors + if($r && ($r[0]['xchan_flags'] & XCHAN_FLAGS_SELFCENSORED)) { + $local_public = false; + continue; + } + } + $tag_delivery = tgroup_check($channel['channel_id'],$arr); $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); @@ -1416,7 +1463,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { } } - if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $public)) { + if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) { logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}"); $result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; @@ -1436,6 +1483,25 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { ); if(! $r) { $result[] = array($d['hash'],'comment parent not found',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + + // We don't seem to have a copy of this conversation or at least the parent + // - so request a copy of the entire conversation to date. + // Don't do this if it's a relay post as we're the ones who are supposed to + // have the copy and we don't want the request to loop. + // Also don't do this if this comment came from a conversation request packet. + // It's possible that comments are allowed but posting isn't and that could + // cause a conversation fetch loop. We can detect these packets since they are + // delivered via a 'notify' packet type that has a message_id element in the + // initial zot packet (just like the corresponding 'request' packet type which + // makes the request). + // We'll also check the send_stream permission - because if it isn't allowed, + // the top level post is unlikely to be imported and + // this is just an exercise in futility. + + if((! $relay) && (! $request) && (! $local_public) + && perm_is_allowed($channel['channel_id'],$sender['hash'],'send_stream')) { + proc_run('php', 'include/notifier.php', 'request', $channel['channel_id'], $sender['hash'], $arr['parent_mid']); + } continue; } if($relay) { @@ -1582,7 +1648,7 @@ function remove_community_tag($sender,$arr,$uid) { return; } - $x = q("delete from term where uid = %d and oid = %d and otype = %d and type = %d and term = '%s' and url = '%s' limit 1", + $x = q("delete from term where uid = %d and oid = %d and otype = %d and type = %d and term = '%s' and url = '%s'", intval($uid), intval($r[0]['id']), intval(TERM_OBJ_POST), @@ -1676,7 +1742,7 @@ function process_mail_delivery($sender,$arr,$deliveries) { ); if($r) { if($arr['mail_flags'] & MAIL_RECALLED) { - $x = q("delete from mail where id = %d and channel_id = %d limit 1", + $x = q("delete from mail where id = %d and channel_id = %d", intval($r[0]['id']), intval($channel['channel_id']) ); @@ -1802,7 +1868,7 @@ function sync_locations($sender,$arr,$absolute = false) { // This only happens when called from import_xchan if(array_key_exists('site',$arr) && $location['url'] == $arr['site']['url']) { - q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d limit 1", + q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($r[0]['hubloc_id']) @@ -1814,17 +1880,17 @@ function sync_locations($sender,$arr,$absolute = false) { // the directory server if the site is alive. if($r[0]['hubloc_status'] & HUBLOC_OFFLINE) { - q("update hubloc set hubloc_status = (hubloc_status ^ %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_status = (hubloc_status & ~%d) where hubloc_id = %d", intval(HUBLOC_OFFLINE), intval($r[0]['hubloc_id']) ); if($r[0]['hubloc_flags'] & HUBLOC_FLAGS_ORPHANCHECK) { - q("update hubloc set hubloc_flags = (hubloc_flags ^ %d) where hubloc_id = %d limit 1", + q("update hubloc set hubloc_flags = (hubloc_flags & ~%d) where hubloc_id = %d", intval(HUBLOC_FLAGS_ORPHANCHECK), intval($r[0]['hubloc_id']) ); } - q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", + q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN), dbesc($sender['hash']) @@ -1834,7 +1900,7 @@ function sync_locations($sender,$arr,$absolute = false) { // Remove pure duplicates if(count($r) > 1) { for($h = 1; $h < count($r); $h ++) { - q("delete from hubloc where hubloc_id = %d limit 1", + q("delete from hubloc where hubloc_id = %d", intval($r[$h]['hubloc_id']) ); $what .= 'duplicate_hubloc_removed '; @@ -1844,7 +1910,7 @@ function sync_locations($sender,$arr,$absolute = false) { if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) && (! $location['primary'])) || ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY)) && ($location['primary']))) { - $m = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", + $m = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d", intval(HUBLOC_FLAGS_PRIMARY), dbesc(datetime_convert()), intval($r[0]['hubloc_id']) @@ -1865,7 +1931,7 @@ function sync_locations($sender,$arr,$absolute = false) { } if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED) && (! $location['deleted'])) || ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) && ($location['deleted']))) { - $n = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", + $n = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d", intval(HUBLOC_FLAGS_DELETED), dbesc(datetime_convert()), intval($r[0]['hubloc_id']) @@ -1880,7 +1946,7 @@ function sync_locations($sender,$arr,$absolute = false) { // New hub claiming to be primary. Make it so by removing any existing primaries. if(intval($location['primary'])) { - $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_hash = '%s' and (hubloc_flags & %d )", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_hash = '%s' and (hubloc_flags & %d )>0", intval(HUBLOC_FLAGS_PRIMARY), dbesc(datetime_convert()), dbesc($sender['hash']), @@ -1923,7 +1989,7 @@ function sync_locations($sender,$arr,$absolute = false) { foreach($xisting as $x) { if(! array_key_exists('updated',$x)) { logger('sync_locations: deleting unreferenced hub location ' . $x['hubloc_url']); - $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", + $r = q("update hubloc set hubloc_flags = (hubloc_flags & ~%d), hubloc_updated = '%s' where hubloc_id = %d", intval(HUBLOC_FLAGS_DELETED), dbesc(datetime_convert()), intval($x['hubloc_id']) @@ -2017,7 +2083,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_ if(in_arrayi('nsfw',$clean) || in_arrayi('adult',$clean)) { - q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1", + q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'", intval(XCHAN_FLAGS_SELFCENSORED), dbesc($hash) ); @@ -2052,7 +2118,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_ xprof_homepage = '%s', xprof_hometown = '%s', xprof_keywords = '%s' - where xprof_hash = '%s' limit 1", + where xprof_hash = '%s'", dbesc($arr['xprof_desc']), dbesc($arr['xprof_dob']), intval($arr['xprof_age']), @@ -2122,7 +2188,7 @@ function import_directory_keywords($hash,$keywords) { foreach($existing as $x) { if(! in_array($x,$clean)) - $r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s' limit 1", + $r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s'", dbesc($hash), dbesc($x) ); @@ -2154,7 +2220,7 @@ function update_modtime($hash,$guid,$addr,$flags = 0) { ); } else { - q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) ", + q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ", intval(UPDATE_FLAGS_UPDATED), dbesc($addr), intval(UPDATE_FLAGS_UPDATED) @@ -2245,7 +2311,7 @@ function import_site($arr,$pubkey) { // logger('import_site: stored: ' . print_r($siterecord,true)); $r = q("update site set site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s' - where site_url = '%s' limit 1", + where site_url = '%s'", dbesc($site_location), intval($site_directory), intval($access_policy), @@ -2432,8 +2498,8 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { $channel = $r[0]; - $max_friends = service_class_fetch($channel['channel_id'],'total_channels'); - $max_feeds = account_service_class_fetch($channel['channel_account_id'],'total_feeds'); + $max_friends = service_class_fetch($channel['channel_id'],'total_channels'); + $max_feeds = account_service_class_fetch($channel['channel_account_id'],'total_feeds'); if($channel['channel_hash'] != $sender['hash']) { @@ -2461,7 +2527,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { if(count($clean)) { foreach($clean as $k => $v) { $r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) - . "' where channel_id = " . intval($channel['channel_id']) . " limit 1"); + . "' where channel_id = " . intval($channel['channel_id']) ); } } } @@ -2492,7 +2558,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']); require_once('include/Contact.php'); - $r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1", + $r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) @@ -2519,7 +2585,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { continue; } $j = json_decode($f['body'],true); - if(! ($j['success'] && $j['guid'])) { + if(! ($j['success'] && $j['guid'])) { logger('process_channel_sync_delivery: probe failed.'); continue; } @@ -2570,8 +2636,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { if(count($clean)) { foreach($clean as $k => $v) { $r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) - . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']) - . " limit 1"); + . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id'])); } } } @@ -2596,7 +2661,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { if(($y['name'] != $cl['name']) || ($y['visible'] != $cl['visible']) || ($y['deleted'] != $cl['deleted'])) { - q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d limit 1", + q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), @@ -2618,8 +2683,8 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { intval($channel['channel_id']), intval($cl['visible']), intval($cl['deleted']), - dbesc($cl['name']) - ); + dbesc($cl['name']) + ); } // now look for any collections locally which weren't in the list we just received. @@ -2639,7 +2704,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { q("delete from group_member where gid = %d", intval($y['id']) ); - q("update groups set deleted = 1 where id = %d and uid = %d limit 1", + q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id']) ); @@ -2702,7 +2767,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { foreach($m as $mm) { // if the local existing member isn't in the list we just received - remove them if(! in_array($mm['xchan'],$members[$y['hash']])) { - q("delete from group_member where xchan = '%s' and gid = %d and uid = %d limit 1", + q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id']) @@ -2748,8 +2813,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { if(count($clean)) { foreach($clean as $k => $v) { $r = dbq("UPDATE profile set " . dbesc($k) . " = '" . dbesc($v) - . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']) - . " limit 1"); + . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id'])); } } } @@ -2774,7 +2838,7 @@ function get_rpost_path($observer) { function import_author_zot($x) { $hash = make_xchan_hash($x['guid'],$x['guid_sig']); - $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1", + $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d)>0 limit 1", dbesc($x['guid']), dbesc($x['guid_sig']), intval(HUBLOC_FLAGS_PRIMARY) @@ -2793,3 +2857,110 @@ function import_author_zot($x) { return false; } + +/** + * @function zot_process_message_request($data) + * If a site receives a comment to a post but finds they have no parent to attach it with, they + * may send a 'request' packet containing the message_id of the missing parent. This is the handler + * for that packet. We will create a message_list array of the entire conversation starting with + * the missing parent and invoke delivery to the sender of the packet. + * + * include/deliver.php (for local delivery) and mod/post.php (for web delivery) detect the existence of + * this 'message_list' at the destination and split it into individual messages which are + * processed/delivered in order. + * + * Called from mod/post.php + */ + + +function zot_process_message_request($data) { + $ret = array('success' => false); + + if(! $data['message_id']) { + $ret['message'] = 'no message_id'; + logger('no message_id'); + return $ret; + } + + $sender = $data['sender']; + $sender_hash = make_xchan_hash($sender['guid'],$sender['guid_sig']); + + /* + * Find the local channel in charge of this post (the first and only recipient of the request packet) + */ + + $arr = $data['recipients'][0]; + $recip_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); + $c = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_hash = '%s' limit 1", + dbesc($recip_hash) + ); + if(! $c) { + logger('recipient channel not found.'); + $ret['message'] .= 'recipient not found.' . EOL; + return $ret; + } + + /* + * fetch the requested conversation + */ + + $messages = zot_feed($c[0]['channel_id'],$sender_hash,array('message_id' => $data['message_id'])); + + if($messages) { + $env_recips = null; + + $r = q("select hubloc_guid, hubloc_url, hubloc_sitekey, hubloc_network, hubloc_flags, hubloc_callback, hubloc_host + from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)>0 + and not (hubloc_status & %d)>0 group by hubloc_sitekey", + dbesc($sender_hash), + intval(HUBLOC_FLAGS_DELETED), + intval(HUBLOC_OFFLINE) + ); + if(! $r) { + logger('no hubs'); + return $ret; + } + $hubs = $r; + $hublist = array(); + $keys = array(); + + $private = ((array_key_exists('flags',$messages[0]) && in_array('private',$messages[0]['flags'])) ? true : false); + if($private) + $env_recips = array('guid' => $sender['guid'],'guid_sig' => $sender['guid_sig'],'hash' => $sender_hash); + + $data_packet = json_encode(array('message_list' => $messages)); + + foreach($hubs as $hub) { + $hash = random_string(); + + /* + * create a notify packet and drop the actual message packet in the queue for pickup + */ + + $n = zot_build_packet($c[0],'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hash,array('message_id' => $data['message_id'])); + q("insert into outq ( outq_hash, outq_account, outq_channel, outq_driver, outq_posturl, outq_async, + outq_created, outq_updated, outq_notify, outq_msg ) + values ( '%s', %d, %d, '%s', '%s', %d, '%s', '%s', '%s', '%s' )", + dbesc($hash), + intval($c[0]['channel_account_id']), + intval($c[0]['channel_id']), + dbesc('zot'), + dbesc($hub['hubloc_callback']), + intval(1), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc($n), + dbesc($data_packet) + ); + + /* + * invoke delivery to send out the notify packet + */ + + proc_run('php','include/deliver.php',$hash); + } + + } + $ret['success'] = true; + return $ret; +} |