diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/ItemObject.php | 5 | ||||
-rw-r--r-- | include/Photo.php | 18 | ||||
-rw-r--r-- | include/api.php | 356 | ||||
-rw-r--r-- | include/auth.php | 25 | ||||
-rw-r--r-- | include/contact_widgets.php | 34 | ||||
-rw-r--r-- | include/event.php | 68 | ||||
-rw-r--r-- | include/group.php | 3 | ||||
-rw-r--r-- | include/html2plain.php | 2 | ||||
-rw-r--r-- | include/identity.php | 48 | ||||
-rwxr-xr-x | include/items.php | 11 | ||||
-rw-r--r-- | include/nav.php | 13 | ||||
-rw-r--r-- | include/onepoll.php | 8 | ||||
-rw-r--r-- | include/security.php | 37 | ||||
-rw-r--r-- | include/socgraph.php | 77 | ||||
-rw-r--r-- | include/text.php | 51 | ||||
-rw-r--r-- | include/user.php | 320 | ||||
-rw-r--r-- | include/zot.php | 42 |
17 files changed, 465 insertions, 653 deletions
diff --git a/include/ItemObject.php b/include/ItemObject.php index 6f9eaa18e..b6f1e53a4 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -49,6 +49,7 @@ class Item extends BaseObject { // fixme $this->writable = ($this->get_data_value('writable') || $this->get_data_value('self')); // FIXME - base this on observer permissions + $this->writable = ((local_user() && $channel['channel_hash'] === $item['owner_xchan']) ? true : false); @@ -227,8 +228,8 @@ class Item extends BaseObject { 'body' => $body_e, 'text' => strip_tags($body_e), 'id' => $this->get_id(), - 'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])), - 'olinktitle' => sprintf( t('View %s\'s profile @ %s'), $this->get_owner_name(), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])), + 'linktitle' => sprintf( t('View %s\'s profile - %s'), $profile_name, $item['author']['xchan_addr']), + 'olinktitle' => sprintf( t('View %s\'s profile - %s'), $this->get_owner_name(), $item['owner']['xchan_addr']), 'to' => t('to'), 'wall' => t('Wall-to-Wall'), 'vwall' => t('via Wall-To-Wall:'), diff --git a/include/Photo.php b/include/Photo.php index c3165cc9f..a60cfc868 100644 --- a/include/Photo.php +++ b/include/Photo.php @@ -523,7 +523,7 @@ class Photo { - public function store($uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') { + public function store($aid, $uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') { $x = q("select id from photo where `resource_id` = '%s' and uid = %d and `xchan` = '%s' and `scale` = %d limit 1", dbesc($rid), @@ -533,6 +533,7 @@ class Photo { ); if(count($x)) { $r = q("UPDATE `photo` + set `aid` = %d, set `uid` = %d, `xchan` = '%s', `resource_id` = '%s', @@ -544,6 +545,7 @@ class Photo { `height` = %d, `width` = %d, `data` = '%s', + `size` = %d, `scale` = %d, `profile` = %d, `allow_cid` = '%s', @@ -552,6 +554,7 @@ class Photo { `deny_gid` = '%s' where id = %d limit 1", + intval($aid), intval($uid), dbesc($xchan), dbesc($rid), @@ -563,6 +566,7 @@ class Photo { intval($this->getHeight()), intval($this->getWidth()), dbesc($this->imageString()), + intval(strlen($this->imageString())), intval($scale), intval($profile), dbesc($allow_cid), @@ -574,8 +578,9 @@ class Photo { } else { $r = q("INSERT INTO `photo` - ( `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, '%s', '%s', '%s', '%s' )", + ( `aid`, `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `size`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s' )", + intval($aid), intval($uid), dbesc($xchan), dbesc($rid), @@ -587,6 +592,7 @@ class Photo { intval($this->getHeight()), intval($this->getWidth()), dbesc($this->imageString()), + intval(strlen($this->imageString())), intval($scale), intval($profile), dbesc($allow_cid), @@ -669,21 +675,21 @@ function import_profile_photo($photo,$xchan) { $img->scaleImageSquare(175); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 4 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 4 ); if($r === false) $photo_failure = true; $img->scaleImage(80); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 5 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 5 ); if($r === false) $photo_failure = true; $img->scaleImage(48); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 6 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 6 ); if($r === false) $photo_failure = true; diff --git a/include/api.php b/include/api.php index 1864d511e..cf4d45c1a 100644 --- a/include/api.php +++ b/include/api.php @@ -1,10 +1,11 @@ <?php - require_once("bbcode.php"); - require_once("datetime.php"); - require_once("conversation.php"); - require_once("oauth.php"); - require_once("html2plain.php"); - require_once('include/security.php'); + +require_once("bbcode.php"); +require_once("datetime.php"); +require_once("conversation.php"); +require_once("oauth.php"); +require_once("html2plain.php"); +require_once('include/security.php'); /* * @@ -12,7 +13,13 @@ * */ - $API = Array(); + + /** + ** TWITTER API + */ + + $API = array(); + $called_api = Null; // All commands which require authentication accept a "channel" parameter @@ -114,6 +121,7 @@ /************************** * MAIN API ENTRY POINT * **************************/ + function api_call(&$a){ GLOBAL $API, $called_api; @@ -373,30 +381,20 @@ } + function api_item_get_user(&$a, $item) { global $usercache; // The author is our direct contact, in a conversation with us. - if(link_compare($item['url'],$item['author-link'])) { - return api_get_user($a,$item['cid']); - } - else { - // The author may be a contact of ours, but is replying to somebody else. - // Figure out if we know him/her. - $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); - if(($normalised != 'mailbox') && (x($a->contacts[$normalised]))) - return api_get_user($a,$a->contacts[$normalised]['id']); - } + + if($item['author']['abook_id']) { + return api_get_user($a,$item['author']['abook_id']); + } + // We don't know this person directly. - list($nick, $name) = array_map("trim",explode("(",$item['author-name'])); - $name=str_replace(")","",$name); - - if ($name == '') - $name = $nick; - - if ($nick == '') - $nick = $name; + $nick = substr($item['author']['xchan_addr'],0,strpos($item['author']['xchan_addr'],'@')); + $name = $item['author']['xchan_name']; // Generating a random ID if (is_null($usercache[$nick]) or !array_key_exists($nick, $usercache)) @@ -408,8 +406,8 @@ 'screen_name' => $nick, 'location' => '', //$uinfo[0]['default-location'], 'description' => '', - 'profile_image_url' => $item['author-avatar'], - 'url' => $item['author-link'], + 'profile_image_url' => $item['author']['xchan_photo_m'], + 'url' => $item['author']['xchan_url'], 'protected' => false, # 'followers_count' => 0, 'friends_count' => 0, @@ -466,9 +464,6 @@ return $ret; } - /** - ** TWITTER API - */ /** * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful; @@ -524,27 +519,27 @@ function api_statuses_mediap(&$a, $type) { - if (api_user()===false) { - logger('api_statuses_update: no user'); - return false; - } - $user_info = api_get_user($a); - - $_REQUEST['type'] = 'wall'; - $_REQUEST['profile_uid'] = api_user(); - $_REQUEST['api_source'] = true; - $txt = requestdata('status'); - //$txt = urldecode(requestdata('status')); - - require_once('library/HTMLPurifier.auto.php'); - require_once('include/html2bbcode.php'); - - if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { + if (api_user() === false) { + logger('api_statuses_update: no user'); + return false; + } + $user_info = api_get_user($a); + + $_REQUEST['type'] = 'wall'; + $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['api_source'] = true; + + $txt = requestdata('status'); + + require_once('library/HTMLPurifier.auto.php'); + require_once('include/html2bbcode.php'); + + if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { $txt = html2bb_video($txt); $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.DefinitionImpl', null); + $config->set('Cache.DefinitionImpl', null); $purifier = new HTMLPurifier($config); - $txt = $purifier->purify($txt); + $txt = $purifier->purify($txt); } $txt = html2bbcode($txt); @@ -552,10 +547,10 @@ $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo require_once('mod/wall_upload.php'); - $bebop = wall_upload_post($a); + $posted = wall_upload_post($a); //now that we have the img url in bbcode we can add it to the status and insert the wall item. - $_REQUEST['body']=$txt."\n\n".$bebop; + $_REQUEST['body']=$txt."\n\n".$posted; require_once('mod/item.php'); item_post($a); @@ -564,8 +559,6 @@ } api_register_func('api/statuses/mediap','api_statuses_mediap', true); - - function api_statuses_update(&$a, $type) { if (api_user() === false) { logger('api_statuses_update: no user'); @@ -647,13 +640,15 @@ // get last public message + require_once('include/security.php'); + $lastwall = q("SELECT * from item where 1 - and not ( item_flags & %d ) and item_restrict = 0 + and item_private != 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' + and uid in ( " . stream_perms_api_uids() . " ) order by created desc limit 1", - intval(ITEM_PRIVATE), dbesc($user_info['guid']), dbesc(ACTIVITY_POST) ); @@ -717,13 +712,15 @@ function api_users_show(&$a, $type){ $user_info = api_get_user($a); + require_once('include/security.php'); + $lastwall = q("SELECT * from item where 1 - and not ( item_flags & %d ) and item_restrict = 0 + and item_private != 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' + and uid in ( " . stream_perms_api_uids() . " ) order by created desc limit 1", - intval(ITEM_PRIVATE), dbesc($user_info['guid']), dbesc(ACTIVITY_POST) ); @@ -784,18 +781,20 @@ */ function api_statuses_home_timeline(&$a, $type){ - if (api_user()===false) return false; + if (api_user() === false) + return false; $user_info = api_get_user($a); - // get last newtork messages + // get last network messages // params - $count = (x($_REQUEST,'count')?$_REQUEST['count']:20); - $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); - if ($page<0) $page=0; - $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); - $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0); + $count = (x($_REQUEST,'count')?$_REQUEST['count']:20); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if($page < 0) + $page = 0; + $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); + $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0); $exclude_replies = (x($_REQUEST,'exclude_replies')?1:0); //$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); @@ -809,33 +808,40 @@ if ($exclude_replies > 0) $sql_extra .= ' AND `item`.`parent` = `item`.`id`'; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`uid` = %d - AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + if (api_user() != $user_info['uid']) { + $observer = get_app()->get_observer(); + require_once('include/permissions.php'); + if(! perm_is_allowed($user_info['uid'],(($observer) ? $observer['xchan_hash'] : ''),'view_stream')) + return ''; + $sql_extra .= " and item_private = 0 "; + } + + $r = q("SELECT * from item WHERE uid = %d and item_restrict = 0 $sql_extra - AND `item`.`id`>%d - ORDER BY `item`.`received` DESC LIMIT %d ,%d ", + AND id > %d + ORDER BY received DESC LIMIT %d ,%d ", intval($user_info['uid']), intval($since_id), - intval($start), intval($count) + intval($start), + intval($count) ); + xchan_query($r,true); + $ret = api_format_items($r,$user_info); // We aren't going to try to figure out at the item, group, and page // level which items you've seen and which you haven't. If you're looking // at the network timeline just mark everything seen. - $r = q("UPDATE `item` SET `unseen` = 0 - WHERE `unseen` = 1 AND `uid` = %d", - intval($user_info['uid']) - ); + if (api_user() == $user_info['uid']) { + $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d ) + WHERE item_flags & %d and uid = %d", + intval(ITEM_UNSEEN), + intval(ITEM_UNSEEN), + intval($user_info['uid']) + ); + } $data = array('$statuses' => $ret); @@ -878,42 +884,22 @@ if ($max_id > 0) $sql_extra = 'AND `item`.`id` <= '.intval($max_id); + require_once('include/security.php'); - /*$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' - AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + $r = q("select * from item where item_restrict = 0 + and allow_cid = '' and allow_gid = '' + and deny_cid = '' and deny_gid = '' + and item_private = 0 + and uid in ( " . stream_perms_api_uids() . " ) $sql_extra - AND `item`.`id`>%d - ORDER BY `item`.`received` DESC LIMIT %d ,%d ", + AND id > %d group by uri + order by received desc LIMIT %d, %d ", intval($since_id), - intval($start), intval($count) - );*/ - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`, - `user`.`nickname`, `user`.`hidewall` - FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` - WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' - AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra - AND `item`.`id`>%d - ORDER BY `received` DESC LIMIT %d, %d ", - intval($since_id), - intval($start), - intval($count)); + intval($start), + intval($count) + ); + + xchan_query($r,true); $ret = api_format_items($r,$user_info); @@ -926,7 +912,7 @@ break; case "as": $as = api_format_as($a, $ret, $user_info); - $as['title'] = $a->config['sitename']." Public Timeline"; + $as['title'] = $a->config['sitename']. " " . t('Public Timeline'); $as['link']['url'] = $a->get_baseurl()."/"; return($as); break; @@ -938,6 +924,7 @@ /** * + */ function api_statuses_show(&$a, $type){ if (api_user()===false) return false; @@ -945,7 +932,7 @@ $user_info = api_get_user($a); // params - $id = intval($a->argv[3]); + $id = intval(argv(3)); logger('API: api_statuses_show: '.$id); @@ -958,17 +945,10 @@ else $sql_extra .= " AND `item`.`id` = %d"; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra", + $r = q("select * from item where item_restrict = 0 $sql_extra", intval($id) ); + xchan_query($r,true); $ret = api_format_items($r,$user_info); @@ -997,34 +977,31 @@ $user_info = api_get_user($a); // params - $id = intval($a->argv[3]); + $id = intval(argv(3)); logger('API: api_statuses_repeat: '.$id); //$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false); - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`nick` as `reply_author`, - `contact`.`name`, `contact`.`photo`, `contact`.`url` as `reply_url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra - AND `item`.`id`=%d", + $observer = get_app()->get_observer(); + + $r = q("SELECT * from item where item_restrict = 0 and id = %d limit 1", intval($id) ); - if ($r[0]['body'] != "") { - $_REQUEST['body'] = html_entity_decode("♲ ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body']; - $_REQUEST['profile_uid'] = api_user(); - $_REQUEST['type'] = 'wall'; - $_REQUEST['api_source'] = true; + if(perm_is_allowed($r[0]['uid'],$observer['xchan_hash'],'view_stream')) { + if ($r[0]['body'] != "") { + $_REQUEST['body'] = html_entity_decode("♲ ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body']; + $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['type'] = 'wall'; + $_REQUEST['api_source'] = true; - require_once('mod/item.php'); - item_post($a); + require_once('mod/item.php'); + item_post($a); + } } + else + return false; if ($type == 'xml') $ok = "true"; @@ -1038,13 +1015,14 @@ /** * */ + function api_statuses_destroy(&$a, $type){ if (api_user()===false) return false; $user_info = api_get_user($a); // params - $id = intval($a->argv[3]); + $id = intval(argv(3)); logger('API: api_statuses_destroy: '.$id); @@ -1065,6 +1043,8 @@ * http://developer.twitter.com/doc/get/statuses/mentions * */ + +// FIXME function api_statuses_mentions(&$a, $type){ if (api_user()===false) return false; @@ -1142,6 +1122,7 @@ return api_apply_template("timeline", $type, $data); } api_register_func('api/statuses/mentions','api_statuses_mentions', true); + // FIXME?? I don't think mentions and replies are congruent in this case api_register_func('api/statuses/replies','api_statuses_mentions', true); @@ -1149,7 +1130,7 @@ if (api_user()===false) return false; $user_info = api_get_user($a); - // get last newtork messages + // get last network messages logger("api_statuses_user_timeline: api_user: ". api_user() . @@ -1325,7 +1306,7 @@ function api_format_messages($item, $recipient, $sender) { // standard meta information - $ret=Array( + $ret = array( 'id' => $item['id'], 'created_at' => api_date($item['created']), 'sender_id' => $sender['id'] , @@ -1364,25 +1345,27 @@ //logger('api_format_items: ' . print_r($user_info,true)); $a = get_app(); - $ret = Array(); + $ret = array(); foreach($r as $item) { localize_item($item); - $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item)); - if ($item['parent']!=$item['id']) { - $r = q("select id from item where parent=%s and id<%s order by id desc limit 1", - intval($item['parent']), intval($item['id'])); + $status_user = (($item['author_xchan']==$user_info['guid'])?$user_info: api_item_get_user($a,$item)); + + if($item['parent'] != $item['id']) { + $r = q("select id from item where parent= %d and id < %d order by id desc limit 1", + intval($item['parent']), + intval($item['id']) + ); if ($r) $in_reply_to_status_id = $r[0]['id']; else $in_reply_to_status_id = $item['parent']; - $r = q("select `item`.`contact-id`, `contact`.nick, `item`.`author-name` from item, contact - where `contact`.`id` = `item`.`contact-id` and `item`.id=%d", intval($in_reply_to_status_id)); + xchan_query($r,true); - $in_reply_to_screen_name = $r[0]['author-name']; - $in_reply_to_user_id = $r[0]['contact-id']; + $in_reply_to_screen_name = $r[0]['author']['xchan_name']; + $in_reply_to_user_id = $r[0]['author']['abook_id']; } else { $in_reply_to_screen_name = ''; @@ -1399,41 +1382,39 @@ else $statustext = trim($statustitle."\n\n".$statusbody); - if (($item["network"] == NETWORK_FEED) and (strlen($statustext)> 1000)) - $statustext = substr($statustext, 0, 1000)."... \n".$item["plink"]; $status = array( - 'text' => $statustext, - 'truncated' => False, - 'created_at'=> api_date($item['created']), - 'in_reply_to_status_id' => $in_reply_to_status_id, - 'source' => (($item['app']) ? $item['app'] : 'web'), - 'id' => intval($item['id']), - 'in_reply_to_user_id' => $in_reply_to_user_id, - 'in_reply_to_screen_name' => $in_reply_to_screen_name, - 'geo' => '', - 'favorited' => $item['starred'] ? true : false, - 'user' => $status_user , - 'statusnet_html' => trim(bbcode($item['body'])), + 'text' => $statustext, + 'truncated' => False, + 'created_at' => api_date($item['created']), + 'in_reply_to_status_id' => $in_reply_to_status_id, + 'source' => (($item['app']) ? $item['app'] : 'web'), + 'id' => intval($item['id']), + 'in_reply_to_user_id' => $in_reply_to_user_id, + 'in_reply_to_screen_name' => $in_reply_to_screen_name, + 'geo' => '', + 'favorited' => (($item['item_flags'] & ITEM_STARRED) ? true : false), + 'user' => $status_user , + 'statusnet_html' => trim(bbcode($item['body'])), 'statusnet_conversation_id' => $item['parent'], ); // Seesmic doesn't like the following content if ($_SERVER['HTTP_USER_AGENT'] != 'Seesmic') { $status2 = array( - 'updated' => api_date($item['edited']), - 'published' => api_date($item['created']), - 'message_id' => $item['uri'], - 'url' => ($item['plink']!=''?$item['plink']:$item['author-link']), - 'coordinates' => $item['coord'], - 'place' => $item['location'], + 'updated' => api_date($item['edited']), + 'published' => api_date($item['created']), + 'message_id' => $item['uri'], + 'url' => $item['plink'], + 'coordinates' => $item['coord'], + 'place' => $item['location'], 'contributors' => '', 'annotations' => '', - 'entities' => '', - 'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE), - 'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST), - 'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, - 'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, + 'entities' => '', + 'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE), + 'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST), + 'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, + 'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, ); $status = array_merge($status, $status2); @@ -1499,12 +1480,14 @@ return false; } + // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams. + // This won't work if either of you send your stream to everybody on the network if($qtype == 'friends') - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); if($qtype == 'followers') - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); - $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", + $r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", intval(api_user()) ); @@ -1611,13 +1594,16 @@ if(! api_user()) return false; + + // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams. + // This won't work if either of you send your stream to everybody on the network + if($qtype == 'friends') - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); if($qtype == 'followers') - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); - - $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", + $r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", intval(api_user()) ); diff --git a/include/auth.php b/include/auth.php index c12432449..9cdbd80d5 100644 --- a/include/auth.php +++ b/include/auth.php @@ -63,16 +63,21 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p info( t('Logged out.') . EOL); goaway(z_root()); } - -// if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { -// $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", -// intval($_SESSION['visitor_id']) -// ); -// if(count($r)) { -// $a->contact = $r[0]; -// } -// } - +dbg(1); + if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1", + dbesc($_SESSION['visitor_id']) + ); + if($r) { + get_app()->set_observer($r[0]); + } + else { + unset($_SESSION['visitor_id']); + unset($_SESSION['authenticated']); + } + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + } +dbg(0); if(x($_SESSION,'uid') || x($_SESSION,'account_id')) { // already logged in user returning diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 47945e66e..cb3dc0740 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -116,23 +116,23 @@ function common_friends_visitor_widget($profile_uid) { } // FIXME - if(! $cid) { - if(get_my_url()) { - $r = q("select id from contact where nurl = '%s' and uid = %d limit 1", - dbesc(normalise_link(get_my_url())), - intval($profile_uid) - ); - if(count($r)) - $cid = $r[0]['id']; - else { - $r = q("select id from gcontact where nurl = '%s' limit 1", - dbesc(normalise_link(get_my_url())) - ); - if(count($r)) - $zcid = $r[0]['id']; - } - } - } +// if(! $cid) { +// if(get_my_url()) { +// $r = q("select id from contact where nurl = '%s' and uid = %d limit 1", +// dbesc(normalise_link(get_my_url())), +// intval($profile_uid) +// ); +// if(count($r)) +// $cid = $r[0]['id']; +// else { +// $r = q("select id from gcontact where nurl = '%s' limit 1", +// dbesc(normalise_link(get_my_url())) +// ); +// if(count($r)) +// $zcid = $r[0]['id']; +// } +// } +// } if($cid == 0 && $zcid == 0) return; diff --git a/include/event.php b/include/event.php index 685842fc3..8bf65016f 100644 --- a/include/event.php +++ b/include/event.php @@ -205,30 +205,36 @@ function event_store($arr) { $a = get_app(); - $arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert()); - $arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert()); - $arr['type'] = (($arr['type']) ? $arr['type'] : 'event' ); + $arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert()); + $arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert()); + $arr['type'] = (($arr['type']) ? $arr['type'] : 'event' ); $arr['event_xchan'] = (($arr['event_xchan']) ? $arr['event_xchan'] : ''); // Existing event being modified - if($arr['id']) { + if($arr['id'] || $arr['event_hash']) { // has the event actually changed? - $r = q("SELECT * FROM `event` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($arr['id']), - intval($arr['uid']) - ); - if((! $r) || ($r[0]['edited'] === $arr['edited'])) { - - // Nothing has changed. Grab the item id to return. - - $r = q("SELECT id FROM item WHERE resource_type = 'event' and resource_id = '%s' AND uid = %d LIMIT 1", - intval($arr['event_hash']), + if($arr['event_hash']) { + $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", + dbesc($arr['event_hash']), intval($arr['uid']) ); - return(($r) ? $r[0]['id'] : 0); + } + else { + $r = q("SELECT * FROM event WHERE id = %d AND uid = %d LIMIT 1", + intval($arr['id']), + intval($arr['uid']) + ); + } + + if(! $r) + return 0; + + if($r[0]['edited'] === $arr['edited']) { + // Nothing has changed. Return the ID. + return $r[0]['id']; } // The event changed. Update it. @@ -262,12 +268,12 @@ function event_store($arr) { dbesc($arr['allow_gid']), dbesc($arr['deny_cid']), dbesc($arr['deny_gid']), - intval($arr['id']), + intval($r[0]['id']), intval($arr['uid']) ); $r = q("SELECT * FROM item left join xchan on author_xchan = xchan_hash WHERE resource_id = '%s' AND resource_type = 'event' and uid = %d LIMIT 1", - intval($arr['event_hash']), + intval($r[0]['event_hash']), intval($arr['uid']) ); @@ -291,7 +297,8 @@ function event_store($arr) { $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); - q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d WHERE id = %d AND uid = %d LIMIT 1", + + q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1", dbesc($arr['summary']), dbesc(format_event_bbcode($arr)), dbesc($object), @@ -300,7 +307,8 @@ function event_store($arr) { dbesc($arr['deny_cid']), dbesc($arr['deny_gid']), dbesc($arr['edited']), - intval(($private && ($r[0]['item_flags'] & ITEM_PRIVATE)) ? $r[0]['item_flags'] : $r[0]['item_flags'] ^ ITEM_PRIVATE), + intval($r[0]['item_flags']), + intval($private), intval($r[0]['id']), intval($arr['uid']) ); @@ -320,8 +328,12 @@ function event_store($arr) { $hash = random_string(); - $r = q("INSERT INTO `event` ( `uid`,`aid`,`event_xchan`,`event_hash`,`created`,`edited`,`start`,`finish`,`summary`, `desc`,`location`,`type`, - `adjust`,`nofinish`,`allow_cid`,`allow_gid`,`deny_cid`,`deny_gid`) + if(! $arr['uri']) + $arr['uri'] = item_message_id(); + + + $r = q("INSERT INTO event ( uid,aid,event_xchan,event_hash,created,edited,start,finish,summary, desc,location,type, + adjust,nofinish,allow_cid,allow_gid,deny_cid,deny_gid) VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' ) ", intval($arr['uid']), intval($arr['account']), @@ -344,7 +356,7 @@ function event_store($arr) { ); - $r = q("SELECT * FROM `event` WHERE `event_hash` = '%s' AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", dbesc($hash), intval($arr['uid']) ); @@ -364,19 +376,14 @@ function event_store($arr) { $item_flags |= ITEM_ORIGIN; } - - $uri = item_message_id(); - $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); - if($private) - $item_flags |= ITEM_PRIVATE; $item_arr = array(); $item_arr['uid'] = $arr['uid']; $item_arr['author_xchan'] = $arr['event_xchan']; - $item_arr['uri'] = $uri; - $item_arr['parent_uri'] = $uri; + $item_arr['uri'] = $arr['uri']; + $item_arr['parent_uri'] = $arr['uri']; $item_arr['item_flags'] = $item_flags; @@ -387,12 +394,13 @@ function event_store($arr) { $item_arr['allow_gid'] = $arr['allow_gid']; $item_arr['deny_cid'] = $arr['deny_cid']; $item_arr['deny_gid'] = $arr['deny_gid']; + $item_arr['item_private'] = $private; $item_arr['verb'] = ACTIVITY_POST; $item_arr['resource_type'] = 'event'; $item_arr['resource_id'] = $hash; - $item_arr['obj_type'] = ACTIVITY_OBJ_EVENT; + $item_arr['obj_type'] = ACTIVITY_OBJ_EVENT; $item_arr['body'] = format_event_bbcode($arr); $x = q("select * from xchan where xchan_hash = '%s' limit 1", diff --git a/include/group.php b/include/group.php index 6568af0c7..3a2fe7a3c 100644 --- a/include/group.php +++ b/include/group.php @@ -169,7 +169,7 @@ function group_add_member($uid,$name,$member,$gid = 0) { function group_get_members($gid) { $ret = array(); if(intval($gid)) { - $r = q("SELECT abook.*,xchan.*,group_member.* FROM `group_member` + $r = q("SELECT * FROM `group_member` LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan WHERE `gid` = %d AND `group_member`.`uid` = %d and not ( abook_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ", intval($gid), @@ -228,7 +228,6 @@ function group_side($every="contacts",$each="group",$edit = false, $group_id = 0 ); - $r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC", intval($_SESSION['uid']) ); diff --git a/include/html2plain.php b/include/html2plain.php index e5615f8ba..b8c9c440d 100644 --- a/include/html2plain.php +++ b/include/html2plain.php @@ -205,7 +205,7 @@ function html2plain($html, $wraplength = 75, $compact = false) if (!$compact) { $counter = 1; foreach ($urls as $id=>$url) - if (strpos($message, $url) == false) + if ($url && strpos($message, $url) === false) $message .= "\n".$url." "; //$message .= "\n[".($counter++)."] ".$url; } diff --git a/include/identity.php b/include/identity.php index 94de192c6..a66929b63 100644 --- a/include/identity.php +++ b/include/identity.php @@ -201,6 +201,9 @@ function identity_basic_export($channel_id) { */ $ret = array(); + + $ret['compatibility'] = array('project' => FRIENDICA_PLATFORM, 'version' => FRIENDICA_VERSION, 'database' => DB_UPDATE_VERSION); + $r = q("select * from channel where channel_id = %d limit 1", intval($channel_id) ); @@ -240,4 +243,49 @@ function identity_basic_export($channel_id) { +function identity_basic_import($arr, $seize_primary = false) { + + $ret = array('result' => false ); + + if($arr['channel']) { + // import channel + + // create a new xchan (if necessary) + + // create a new hubloc and seize control if applicable + + + } + if($arr['profile']) { + // FIXME - change profile assignment to a hash instead of an id we have to fix + + + } + + if($arr['xchan']) { + + // import any xchan and hubloc which are not yet available on this site + // Unset primary for all other hubloc on our own record if $seize_primary + + + } + + if($arr['abook']) { + // import the abook entries + + + } + + + if($seize_primary) { + + // send a refresh message to all our friends, telling them we've moved + + } + + + $ret['result'] = true ; + return $ret; + +}
\ No newline at end of file diff --git a/include/items.php b/include/items.php index a462c8073..dcc6c9b50 100755 --- a/include/items.php +++ b/include/items.php @@ -1598,17 +1598,16 @@ function tag_deliver($uid,$item_id) { $private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0; $flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK; - if($private) - $flag_bits = $flag_bits | ITEM_PRIVATE; $r = q("update item set item_flags = ( $item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', - deny_cid = '%s', deny_gid = '%s' where id = %d limit 1", + deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d limit 1", intval($flag_bits), dbesc($u[0]['channel_hash']), dbesc($u[0]['allow_cid']), dbesc($u[0]['allow_gid']), dbesc($u[0]['deny_cid']), dbesc($u[0]['deny_gid']), + intval($private), intval($item_id) ); if($r) @@ -2081,13 +2080,13 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) $img->scaleImageSquare(175); $hash = $resource_id; - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4); $img->scaleImage(80); - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5); $img->scaleImage(48); - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6); $a = get_app(); diff --git a/include/nav.php b/include/nav.php index 644264a92..3a565af55 100644 --- a/include/nav.php +++ b/include/nav.php @@ -90,8 +90,12 @@ EOT; ); } - - $nav['lock'] = array('rmagic','',(($observer) ? 'lock' : 'unlock'), (($observer) ? $observer['xchan_addr'] : t('Click to authenticate to your home hub'))); + if($observer) + $nav['lock'] = array('logout','','lock', + sprintf( t('%s - click to logout'), $observer['xchan_addr'])); + else + $nav['lock'] = array('rmagic','','unlock', + t('Click to authenticate to your home hub')); /** * "Home" should also take you home from an authenticated remote profile connection @@ -118,9 +122,9 @@ EOT; $nav['search'] = array('search', t('Search'), "", t('Search site content')); - $gdirpath = 'directory'; - $nav['directory'] = array($gdirpath, t('Directory'), "", t('People directory')); + $nav['directory'] = array('directory', t('Channel Directory'), "", t('Channel Locator')); + /** * @@ -199,6 +203,7 @@ EOT; '$localuser' => local_user(), '$sel' => $a->nav_sel, '$apps' => $a->get_apps(), + '$pleasewait' => t('Please wait...') )); call_hooks('page_header', $a->page['nav']); diff --git a/include/onepoll.php b/include/onepoll.php index 4b44ff5b9..019fe8ed3 100644 --- a/include/onepoll.php +++ b/include/onepoll.php @@ -113,16 +113,14 @@ function onepoll_run($argv, $argc){ // set last updated timestamp - $r = null; - if($contact['xchan_connurl']) { $r = q("SELECT xlink_id from xlink where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY", intval($contact['xchan_hash']) ); - } - if($r) { - poco_load($contact['xchan_hash'],$contact['xchan_connurl']); + if($r) { + poco_load($contact['xchan_hash'],$contact['xchan_connurl']); + } } return; diff --git a/include/security.php b/include/security.php index 0783a3c20..f28174153 100644 --- a/include/security.php +++ b/include/security.php @@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * default permissions - anonymous user */ - $sql = " AND not (item_flags & " . ITEM_PRIVATE . ") "; + $sql = " AND not item_private "; /** @@ -349,7 +349,7 @@ if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); $r = q("SELECT gid FROM group_member WHERE xchan = '%s' ", - intval($contact_id) + dbesc($contact_id) ); if(count($r)) { foreach($r as $rr) @@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) { }} + + + +// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the +// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. +// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility) +// We always include yourself if logged in because you can always see your own posts +// resolving granular permissions for the observer against every person and every post on the site +// will likely be too expensive. +// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query + +function stream_perms_api_uids($perms_min = PERMS_SITE) { + $ret = array(); + if(local_user()) + $ret[] = local_user(); + $r = q("select channel_id from channel where channel_r_stream <= %d", + intval($perms_min) + ); + if($r) + foreach($r as $rr) + if(! in_array($rr['channel_id'],$ret)) + $ret[] = $rr['channel_id']; + + $str = ''; + if($ret) + foreach($ret as $rr) { + if($str) + $str .= ','; + $str .= intval($rr); + } + return $str; +} + diff --git a/include/socgraph.php b/include/socgraph.php index aa5a24e89..081927dcc 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -23,12 +23,11 @@ function poco_load($xchan = null,$url = null) { $a = get_app(); if($xchan && ! $url) { - $r = q("select xchan_connurl from xchan where xchan_hash = %d limit 1", - intval($xchan) + $r = q("select xchan_connurl from xchan where xchan_hash = '%s' limit 1", + dbesc($xchan) ); if($r) { $url = $r[0]['xchan_connurl']; - $uid = $r[0]['abook_channel']; } } @@ -109,24 +108,25 @@ function poco_load($xchan = null,$url = null) { } - $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1", - dbesc($xchan), - dbesc($hash) - ); - if(! $r) { - q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ", + if($xchan) { + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1", dbesc($xchan), - dbesc($hash), - dbesc(datetime_convert()) - ); - } - else { - q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1", - dbesc(datetime_convert()), - intval($r[0]['xlink_id']) + dbesc($hash) ); + if(! $r) { + q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ", + dbesc($xchan), + dbesc($hash), + dbesc(datetime_convert()) + ); + } + else { + q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1", + dbesc(datetime_convert()), + intval($r[0]['xlink_id']) + ); + } } - } logger("poco_load: loaded $total entries",LOGGER_DEBUG); @@ -295,37 +295,38 @@ function suggestion_query($uid, $start = 0, $limit = 80) { function update_suggestions() { +// FIXME +return; $a = get_app(); $done = array(); - poco_load(0,0,0,$a->get_baseurl() . '/poco'); + // fix this to get a json list from an upstream directory +// poco_load(0,0,0,$a->get_baseurl() . '/poco'); - $done[] = $a->get_baseurl() . '/poco'; +// $done[] = $a->get_baseurl() . '/poco'; - if(strlen(get_config('system','directory_submit_url'))) { - $x = fetch_url('http://dir.friendica.com/pubsites'); - if($x) { - $j = json_decode($x); - if($j->entries) { - foreach($j->entries as $entry) { - $url = $entry->url . '/poco'; - if(! in_array($url,$done)) - poco_load(0,0,0,$entry->url . '/poco'); - } - } - } - } +// if(strlen(get_config('system','directory_submit_url'))) { +// $x = fetch_url('http://dir.friendica.com/pubsites'); +// if($x) { +// $j = json_decode($x); +// if($j->entries) { +// foreach($j->entries as $entry) { +// $url = $entry->url . '/poco'; +// if(! in_array($url,$done)) +// poco_load(0,0,0,$entry->url . '/poco'); +// } +// } +// } +// } - $r = q("select distinct(poco) as poco from contact where network = '%s'", - dbesc(NETWORK_DFRN) - ); + $r = q("select distinct(xchan_connurl) as poco from xchan where xchan_network = 'zot'"); - if(count($r)) { + if($r) { foreach($r as $rr) { $base = substr($rr['poco'],0,strrpos($rr['poco'],'/')); if(! in_array($base,$done)) - poco_load(0,0,0,$base); + poco_load('',$base); } } } diff --git a/include/text.php b/include/text.php index 9db22d9ed..167fbb1df 100644 --- a/include/text.php +++ b/include/text.php @@ -302,26 +302,33 @@ function paginate(&$a) { }} if(! function_exists('alt_pager')) { -function alt_pager(&$a, $i) { - $o = ''; +function alt_pager(&$a, $i, $more = '', $less = '') { + + $o = ''; + + if(! $more) + $more = t('older'); + if(! $less) + $less = t('newer'); + $stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string); $stripped = str_replace('q=','',$stripped); $stripped = trim($stripped,'/'); $pagenum = $a->pager['page']; - $url = $a->get_baseurl() . '/' . $stripped; + $url = $a->get_baseurl() . '/' . $stripped; - $o .= '<div class="pager">'; + $o .= '<div class="pager">'; - if($a->pager['page']>1) - $o .= "<a href=\"$url"."&page=".($a->pager['page'] - 1).'">' . t('newer') . '</a>'; - if($i>0) { - if($a->pager['page']>1) - $o .= " - "; - $o .= "<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . t('older') . '</a>'; + if($a->pager['page'] > 1) + $o .= "<a href=\"$url"."&page=".($a->pager['page'] - 1).'">' . $less . '</a>'; + if($i > 0 && $i == $a->pager['itemspage']) { + if($a->pager['page']>1) + $o .= " | "; + $o .= "<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . $more . '</a>'; } - $o .= '</div>'."\r\n"; + $o .= '</div>'."\r\n"; return $o; }} @@ -1711,7 +1718,11 @@ function ids_to_querystr($arr,$idx = 'id') { return(implode(',', $t)); } -function xchan_query(&$items) { +// Fetches xchan and hubloc data for an array of items with only an +// author_xchan and owner_xchan. If $abook is true also include the abook info. +// This is needed in the API to save extra per item lookups there. + +function xchan_query(&$items,$abook = false) { $arr = array(); if($items && count($items)) { foreach($items as $item) { @@ -1722,8 +1733,14 @@ function xchan_query(&$items) { } } if(count($arr)) { - $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + if($abook) { + $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + } + else { + $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + } } if($items && count($items) && $chans && count($chans)) { for($x = 0; $x < count($items); $x ++) { @@ -1781,9 +1798,11 @@ function magic_link($s) { return $s; } -function stringify_array_elms(&$arr) { +// if $escape is true, dbesc() each element before adding quotes + +function stringify_array_elms(&$arr,$escape = false) { for($x = 0; $x < count($arr); $x ++) - $arr[$x] = "'" . $arr[$x] . "'"; + $arr[$x] = "'" . (($escape) ? dbesc($arr[$x]) : $arr[$x]) . "'"; } /** diff --git a/include/user.php b/include/user.php deleted file mode 100644 index d71f024d1..000000000 --- a/include/user.php +++ /dev/null @@ -1,320 +0,0 @@ -<?php - -require_once('include/config.php'); -require_once('include/network.php'); -require_once('include/plugin.php'); -require_once('include/text.php'); -require_once('include/language.php'); -require_once('include/datetime.php'); - -function create_user($arr) { - - // Required: { username, nickname, email } or { openid_url } - - $a = get_app(); - $result = array('success' => false, 'user' => null, 'password' => '', 'message' => ''); - - $using_invites = get_config('system','invitation_only'); - $num_invites = get_config('system','number_invites'); - - - $invite_id = ((x($arr,'invite_id')) ? notags(trim($arr['invite_id'])) : ''); - $username = ((x($arr,'username')) ? notags(trim($arr['username'])) : ''); - $nickname = ((x($arr,'nickname')) ? notags(trim($arr['nickname'])) : ''); - $email = ((x($arr,'email')) ? notags(trim($arr['email'])) : ''); - $openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : ''); - $photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : ''); - $password = ((x($arr,'password')) ? trim($arr['password']) : ''); - $blocked = ((x($arr,'blocked')) ? intval($arr['blocked']) : 0); - $verified = ((x($arr,'verified')) ? intval($arr['verified']) : 0); - - $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0); - $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); - - $tmp_str = $openid_url; - - if($using_invites) { - if(! $invite_id) { - $result['message'] .= t('An invitation is required.') . EOL; - return $result; - } - $r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id)); - if(! results($r)) { - $result['message'] .= t('Invitation could not be verified.') . EOL; - return $result; - } - } - - if((! x($username)) || (! x($email)) || (! x($nickname))) { - if($openid_url) { - if(! validate_url($tmp_str)) { - $result['message'] .= t('Invalid OpenID url') . EOL; - return $result; - } - $_SESSION['register'] = 1; - $_SESSION['openid'] = $openid_url; - require_once('library/openid.php'); - $openid = new LightOpenID; - $openid->identity = $openid_url; - $openid->returnUrl = $a->get_baseurl() . '/openid'; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } - - notice( t('Please enter the required information.') . EOL ); - return; - } - - if(! validate_url($tmp_str)) - $openid_url = ''; - - - $err = ''; - - // collapse multiple spaces in name - $username = preg_replace('/ +/',' ',$username); - - if(mb_strlen($username) > 48) - $result['message'] .= t('Please use a shorter name.') . EOL; - if(mb_strlen($username) < 3) - $result['message'] .= t('Name too short.') . EOL; - - // I don't really like having this rule, but it cuts down - // on the number of auto-registrations by Russian spammers - - // Using preg_match was completely unreliable, due to mixed UTF-8 regex support - // $no_utf = get_config('system','no_utf'); - // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); - - // So now we are just looking for a space in the full name. - - $loose_reg = get_config('system','no_regfullname'); - if(! $loose_reg) { - $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); - if(! strpos($username,' ')) - $result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL; - } - - - if(! allowed_email($email)) - $result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL; - - if((! valid_email($email)) || (! validate_email($email))) - $result['message'] .= t('Not a valid email address.') . EOL; - - // Disallow somebody creating an account using openid that uses the admin email address, - // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { - $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", - dbesc($email) - ); - if(count($r)) - $result['message'] .= t('Cannot use that email.') . EOL; - } - - $nickname = $arr['nickname'] = strtolower($nickname); - - if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) - $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL; - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; - - // Check deleted accounts that had this nickname. Doesn't matter to us, - // but could be a security issue for federated platforms. - - $r = q("SELECT * FROM `userd` - WHERE `username` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL; - - if(strlen($result['message'])) { - return $result; - } - - $new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999)); - $new_password_encoded = hash('whirlpool',$new_password); - - $result['password'] = $new_password; - - require_once('include/crypto.php'); - - $keys = new_keypair(4096); - - if($keys === false) { - $result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL; - return $result; - } - - $default_service_class = get_config('system','default_service_class'); - if(! $default_service_class) - $default_service_class = ''; - - - $prvkey = $keys['prvkey']; - $pubkey = $keys['pubkey']; - - $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, - `pubkey`, `prvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class` ) - VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s' )", - dbesc(generate_user_guid()), - dbesc($username), - dbesc($new_password_encoded), - dbesc($email), - dbesc($openid_url), - dbesc($nickname), - dbesc($pubkey), - dbesc($prvkey), - dbesc(datetime_convert()), - intval($verified), - intval($blocked), - dbesc($default_service_class) - ); - - if($r) { - $r = q("SELECT * FROM `user` - WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", - dbesc($username), - dbesc($new_password_encoded) - ); - if($r !== false && count($r)) { - $u = $r[0]; - $newuid = intval($r[0]['uid']); - } - } - else { - $result['message'] .= t('An error occurred during registration. Please try again.') . EOL ; - return $result; - } - - /** - * if somebody clicked submit twice very quickly, they could end up with two accounts - * due to race condition. Remove this one. - */ - - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' ", - dbesc($nickname) - ); - if((count($r) > 1) && $newuid) { - $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; - q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", - intval($newuid) - ); - return $result; - } - - if(x($newuid) !== false) { - $r = q("INSERT INTO `profile` ( `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`, `publish`, `net-publish` ) - VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ", - intval($newuid), - t('default'), - 1, - dbesc($username), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"), - intval($publish), - intval($netpublish) - - ); - if($r === false) { - $result['message'] .= t('An error occurred creating your default profile. Please try again.') . EOL; - // Start fresh next time. - $r = q("DELETE FROM `user` WHERE `uid` = %d", - intval($newuid)); - return $result; - } - $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`, - `request`, `notify`, `poll`, `confirm`, `poco`, `name_date`, `uri_date`, `avatar_date`, `closeness` ) - VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ", - intval($newuid), - datetime_convert(), - dbesc($username), - dbesc($nickname), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"), - dbesc($a->get_baseurl() . "/channel/$nickname"), - dbesc(normalise_link($a->get_baseurl() . "/channel/$nickname")), - dbesc($a->get_baseurl() . "/dfrn_request/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"), - dbesc($a->get_baseurl() . "/poco/$nickname"), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()) - ); - - // Create a group with no members. This allows somebody to use it - // right away as a default group for new contacts. - - require_once('include/group.php'); - group_add($newuid, t('Friends')); - - } - - // if we have no OpenID photo try to look up an avatar - if(! strlen($photo)) - $photo = avatar_img($email); - - // unless there is no avatar-plugin loaded - if(strlen($photo)) { - require_once('include/Photo.php'); - $photo_failure = false; - - $filename = basename($photo); - $img_str = fetch_url($photo,true); - // guess mimetype from headers or filename - $type = guess_image_type($photo,true); - - - $img = new Photo($img_str, $type); - if($img->is_valid()) { - - $img->scaleImageSquare(175); - - $hash = photo_new_resource(); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(80); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(48); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 ); - - if($r === false) - $photo_failure = true; - - if(! $photo_failure) { - q("UPDATE `photo` SET `profile` = 1 WHERE `resource_id` = '%s' ", - dbesc($hash) - ); - } - } - } - - call_hooks('register_account', $newuid); - - $result['success'] = true; - $result['user'] = $u; - return $result; - -} diff --git a/include/zot.php b/include/zot.php index 28ecdc4dc..f35c6f93e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -101,12 +101,13 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_ 'version' => ZOT_REVISION ); - if($recipients) $data['recipients'] = $recipients; - if($secret) + if($secret) { $data['secret'] = $secret; + $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'])); + } logger('zot_build_packet: ' . print_r($data,true)); @@ -530,14 +531,35 @@ function import_xchan($arr) { dbesc($xchan_hash) ); + if($r) { if($r[0]['xchan_photo_date'] != $arr['photo_updated']) - $update_photos = true; - if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url'])) { - $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s' where xchan_hash = '%s' limit 1", + $import_photos = true; + + // if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry. + // TODO: check if we're the same directory realm, which would mean we are allowed to see it + + $dirmode = get_config('system','directory_mode'); + + if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) +&& ($arr['site']['url'] != z_root())) + $arr['searchable'] = false; + + + + // Be careful - XCHAN_FLAGS_HIDDEN should evaluate to 1 + if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable']) + $new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN; + else + $new_flags = $r[0]['xchan_flags']; + + + if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) { + $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d where xchan_hash = '%s' limit 1", dbesc($arr['name']), dbesc($arr['name_updated']), dbesc($arr['connections_url']), + intval($new_flags), dbesc($xchan_hash) ); } @@ -901,16 +923,18 @@ function process_delivery($sender,$arr,$deliveries,$relay) { $ev['uid'] = $channel['channel_id']; $ev['account'] = $channel['channel_account_id']; $ev['edited'] = $arr['edited']; + $ev['uri'] = $arr['uri']; + $ev['private'] = $arr['item_private']; // is this an edit? - $r = q("SELECT * FROM event left join item on resource_id = event_hash WHERE resource_type = 'event' and - `uri` = '%s' AND event.uid = %d LIMIT 1", + $r = q("SELECT resource_id FROM item where uri = '%s' and uid = %d and resource_type = 'event' limit 1", dbesc($arr['uri']), intval($channel['channel_id']) ); - if($r) - $ev['event_hash'] = $r[0]['event_hash']; + if($r) { + $ev['event_hash'] = $r[0]['resource_id']; + } dbg(1); $xyz = event_store($ev); dbg(0); |