diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/api.php | 53 | ||||
-rw-r--r-- | include/conversation.php | 2 | ||||
-rw-r--r-- | include/features.php | 2 | ||||
-rwxr-xr-x | include/items.php | 22 | ||||
-rw-r--r-- | include/security.php | 87 |
5 files changed, 55 insertions, 111 deletions
diff --git a/include/api.php b/include/api.php index e854012e5..dc270167b 100644 --- a/include/api.php +++ b/include/api.php @@ -7,6 +7,7 @@ require_once("oauth.php"); require_once("html2plain.php"); require_once('include/security.php'); require_once('include/photos.php'); +require_once('include/items.php'); /* * @@ -1242,27 +1243,43 @@ require_once('include/photos.php'); $sql_extra = ''; if ($user_info['self']==1) $sql_extra .= " AND `item`.`wall` = 1 "; + +//FIXME - this isn't yet implemented if ($exclude_replies > 0) $sql_extra .= ' AND `item`.`parent` = `item`.`id`'; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`uid` = %d - AND `item`.`contact-id` = %d - AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra - AND `item`.`id`>%d - ORDER BY `item`.`received` DESC LIMIT %d ,%d ", - intval(api_user()), - intval($user_info['id']), - intval($since_id), - intval($start), intval($count) - ); +// $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, +// `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, +// `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, +// `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` +// FROM `item`, `contact` +// WHERE `item`.`uid` = %d +// AND `item`.`contact-id` = %d +// AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 +// AND `contact`.`id` = `item`.`contact-id` +// AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 +// $sql_extra +// AND `item`.`id`>%d +// ORDER BY `item`.`received` DESC LIMIT %d ,%d ", +// intval(api_user()), +// intval($user_info['id']), +// intval($since_id), +// intval($start), intval($count) +// ); + + $arr = array( + 'uid' => api_user(), + 'since_id' => $since_id, + 'start' => $start, + 'records' => $count); + + if ($user_info['self']==1) + $arr['wall'] = 1; + else + $arr['cid'] = $user_info['id']; + + $r = items_fetch($arr,get_app()->get_channel(),get_observer_hash()); + $ret = api_format_items($r,$user_info); diff --git a/include/conversation.php b/include/conversation.php index cec5993b6..34d661004 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1481,7 +1481,7 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){ if($p['view_storage']) { $tabs[] = array( 'label' => t('Files'), - 'url' => $a->get_baseurl() . '/cloud/' . $nickname, + 'url' => $a->get_baseurl() . '/cloud/' . $nickname . ((get_observer_hash()) ? '' : '?f=&davguest=1'), 'sel' => ((argv(0) == 'cloud') ? 'active' : ''), 'title' => t('Files and Storage'), 'id' => 'files-tab', diff --git a/include/features.php b/include/features.php index 1f83eb319..cc8d457bc 100644 --- a/include/features.php +++ b/include/features.php @@ -7,6 +7,8 @@ function feature_enabled($uid,$feature) { $x = get_pconfig($uid,'feature',$feature); + if($x === false) + $x = get_config('feature',$feature); $arr = array('uid' => $uid, 'feature' => $feature, 'enabled' => $x); call_hooks('feature_enabled',$arr); return($arr['enabled']); diff --git a/include/items.php b/include/items.php index 12823c6f9..2fe923303 100755 --- a/include/items.php +++ b/include/items.php @@ -3719,21 +3719,26 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $def_acl = ''; $item_uids = ' true '; - + + if ($arr['uid']) $uid= $arr['uid']; + if($channel) { $uid = $channel['channel_id']; $uidhash = $channel['channel_hash']; $item_uids = " item.uid = " . intval($uid) . " "; } - + if($arr['star']) $sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ") "; if($arr['wall']) $sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ") "; - + $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; - + + if($arr['since_id']) + $sql_extra .= " and item.id > " . $since_id . " "; + if($arr['gid'] && $uid) { $r = q("SELECT * FROM `groups` WHERE id = %d AND uid = %d LIMIT 1", intval($arr['group']), @@ -3813,6 +3818,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C ); } + if(($client_mode & CLIENT_MODE_UPDATE) && (! ($client_mode & CLIENT_MODE_LOAD))) { // only setup pagination on initial page view @@ -3825,6 +3831,8 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $pager_sql = sprintf(" LIMIT %d, %d ",intval(get_app()->pager['start']), intval(get_app()->pager['itemspage'])); } + if(isset($arr['start']) && isset($arr['records'])) + $pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records'])); if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { @@ -3859,7 +3867,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $item_restrict = " AND item_restrict = 0 "; - if($arr['nouveau'] && ($client_mode & CLIENT_MODELOAD) && $channel) { + if($arr['nouveau'] && ($client_mode & CLIENT_MODE_LOAD) && $channel) { // "New Item View" - show all items unthreaded in reverse created date order $items = q("SELECT item.*, item.id AS item_id FROM item @@ -3884,7 +3892,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C else $ordering = "commented"; - if(($client_mode & CLIENT_MODE_LOAD) || ($client_mode & CLIENT_MODE_NORMAL)) { + if(($client_mode & CLIENT_MODE_LOAD) || ($client_mode == CLIENT_MODE_NORMAL)) { // Fetch a page full of parent items for this page @@ -3897,7 +3905,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C ORDER BY item.$ordering DESC $pager_sql ", intval(ABOOK_FLAG_BLOCKED) ); - + } else { // update diff --git a/include/security.php b/include/security.php index 9943cf88d..5e86cf790 100644 --- a/include/security.php +++ b/include/security.php @@ -31,90 +31,6 @@ function authenticate_success($user_record, $login_initial = false, $interactive } } - else { - $_SESSION['uid'] = $user_record['uid']; - $_SESSION['theme'] = $user_record['theme']; - $_SESSION['mobile_theme'] = get_pconfig($user_record['uid'], 'system', 'mobile_theme'); - $_SESSION['authenticated'] = 1; - $_SESSION['page_flags'] = $user_record['page-flags']; - $_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $user_record['nickname']; - $_SESSION['my_address'] = $user_record['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3); - - $a->user = $user_record; - - if($interactive) { - if($a->user['login_date'] === '0000-00-00 00:00:00') { - $_SESSION['return_url'] = 'profile_photo/new'; - $a->module = 'profile_photo'; - info( t("Welcome ") . $a->user['username'] . EOL); - info( t('Please upload a profile photo.') . EOL); - } - else - info( t("Welcome back ") . $a->user['username'] . EOL); - } - - $member_since = strtotime($a->user['register_date']); - if(time() < ($member_since + ( 60 * 60 * 24 * 14))) - $_SESSION['new_member'] = true; - else - $_SESSION['new_member'] = false; - if(strlen($a->user['timezone'])) { - date_default_timezone_set($a->user['timezone']); - $a->timezone = $a->user['timezone']; - } - - $master_record = $a->user; - - if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) { - $r = q("select * from user where uid = %d limit 1", - intval($_SESSION['submanage']) - ); - if(count($r)) - $master_record = $r[0]; - } - - $r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s'", - dbesc($master_record['password']), - dbesc($master_record['email']) - ); - if($r && count($r)) - $a->identities = $r; - else - $a->identities = array(); - - $r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` - from manage left join user on manage.mid = user.uid - where `manage`.`uid` = %d", - intval($master_record['uid']) - ); - if($r && count($r)) - $a->identities = array_merge($a->identities,$r); - - if($login_initial) - logger('auth_identities: ' . print_r($a->identities,true), LOGGER_DEBUG); - - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", - intval($_SESSION['uid'])); - if(count($r)) { - $a->contact = $r[0]; - $a->cid = $r[0]['id']; - $_SESSION['cid'] = $a->cid; - } - - header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); - - if($login_initial) { - $l = get_browser_language(); - - q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d LIMIT 1", - dbesc(datetime_convert()), - dbesc($l), - intval($_SESSION['uid']) - ); - - - } - } if($login_initial) call_hooks('logged_in', $user_record); @@ -144,6 +60,7 @@ function change_channel($change_channel) { intval(get_account_id()), intval(PAGE_REMOVED) ); + if($r) { $hash = $r[0]['channel_hash']; $_SESSION['uid'] = intval($r[0]['channel_id']); @@ -158,7 +75,7 @@ function change_channel($change_channel) { ); if($x) { $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $x[0]['xchan_addr']; + $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(),strpos(get_app()->get_baseurl(),'://')+3); get_app()->set_observer($x[0]); get_app()->set_perms(get_all_perms(local_user(),$hash)); |