aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/ItemObject.php5
-rw-r--r--include/Photo.php18
-rw-r--r--include/api.php356
-rw-r--r--include/auth.php25
-rw-r--r--include/contact_widgets.php34
-rw-r--r--include/event.php68
-rw-r--r--include/group.php3
-rw-r--r--include/html2plain.php2
-rw-r--r--include/identity.php48
-rwxr-xr-xinclude/items.php11
-rw-r--r--include/nav.php13
-rw-r--r--include/onepoll.php8
-rw-r--r--include/security.php37
-rw-r--r--include/socgraph.php77
-rw-r--r--include/text.php51
-rw-r--r--include/user.php320
-rw-r--r--include/zot.php42
17 files changed, 465 insertions, 653 deletions
diff --git a/include/ItemObject.php b/include/ItemObject.php
index 6f9eaa18e..b6f1e53a4 100644
--- a/include/ItemObject.php
+++ b/include/ItemObject.php
@@ -49,6 +49,7 @@ class Item extends BaseObject {
// fixme
$this->writable = ($this->get_data_value('writable') || $this->get_data_value('self'));
// FIXME - base this on observer permissions
+
$this->writable = ((local_user() && $channel['channel_hash'] === $item['owner_xchan']) ? true : false);
@@ -227,8 +228,8 @@ class Item extends BaseObject {
'body' => $body_e,
'text' => strip_tags($body_e),
'id' => $this->get_id(),
- 'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])),
- 'olinktitle' => sprintf( t('View %s\'s profile @ %s'), $this->get_owner_name(), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])),
+ 'linktitle' => sprintf( t('View %s\'s profile - %s'), $profile_name, $item['author']['xchan_addr']),
+ 'olinktitle' => sprintf( t('View %s\'s profile - %s'), $this->get_owner_name(), $item['owner']['xchan_addr']),
'to' => t('to'),
'wall' => t('Wall-to-Wall'),
'vwall' => t('via Wall-To-Wall:'),
diff --git a/include/Photo.php b/include/Photo.php
index c3165cc9f..a60cfc868 100644
--- a/include/Photo.php
+++ b/include/Photo.php
@@ -523,7 +523,7 @@ class Photo {
- public function store($uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') {
+ public function store($aid, $uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') {
$x = q("select id from photo where `resource_id` = '%s' and uid = %d and `xchan` = '%s' and `scale` = %d limit 1",
dbesc($rid),
@@ -533,6 +533,7 @@ class Photo {
);
if(count($x)) {
$r = q("UPDATE `photo`
+ set `aid` = %d,
set `uid` = %d,
`xchan` = '%s',
`resource_id` = '%s',
@@ -544,6 +545,7 @@ class Photo {
`height` = %d,
`width` = %d,
`data` = '%s',
+ `size` = %d,
`scale` = %d,
`profile` = %d,
`allow_cid` = '%s',
@@ -552,6 +554,7 @@ class Photo {
`deny_gid` = '%s'
where id = %d limit 1",
+ intval($aid),
intval($uid),
dbesc($xchan),
dbesc($rid),
@@ -563,6 +566,7 @@ class Photo {
intval($this->getHeight()),
intval($this->getWidth()),
dbesc($this->imageString()),
+ intval(strlen($this->imageString())),
intval($scale),
intval($profile),
dbesc($allow_cid),
@@ -574,8 +578,9 @@ class Photo {
}
else {
$r = q("INSERT INTO `photo`
- ( `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, '%s', '%s', '%s', '%s' )",
+ ( `aid`, `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `size`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
+ VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s' )",
+ intval($aid),
intval($uid),
dbesc($xchan),
dbesc($rid),
@@ -587,6 +592,7 @@ class Photo {
intval($this->getHeight()),
intval($this->getWidth()),
dbesc($this->imageString()),
+ intval(strlen($this->imageString())),
intval($scale),
intval($profile),
dbesc($allow_cid),
@@ -669,21 +675,21 @@ function import_profile_photo($photo,$xchan) {
$img->scaleImageSquare(175);
- $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 4 );
+ $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 4 );
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
- $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 5 );
+ $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 5 );
if($r === false)
$photo_failure = true;
$img->scaleImage(48);
- $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 6 );
+ $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 6 );
if($r === false)
$photo_failure = true;
diff --git a/include/api.php b/include/api.php
index 1864d511e..cf4d45c1a 100644
--- a/include/api.php
+++ b/include/api.php
@@ -1,10 +1,11 @@
<?php
- require_once("bbcode.php");
- require_once("datetime.php");
- require_once("conversation.php");
- require_once("oauth.php");
- require_once("html2plain.php");
- require_once('include/security.php');
+
+require_once("bbcode.php");
+require_once("datetime.php");
+require_once("conversation.php");
+require_once("oauth.php");
+require_once("html2plain.php");
+require_once('include/security.php');
/*
*
@@ -12,7 +13,13 @@
*
*/
- $API = Array();
+
+ /**
+ ** TWITTER API
+ */
+
+ $API = array();
+
$called_api = Null;
// All commands which require authentication accept a "channel" parameter
@@ -114,6 +121,7 @@
/**************************
* MAIN API ENTRY POINT *
**************************/
+
function api_call(&$a){
GLOBAL $API, $called_api;
@@ -373,30 +381,20 @@
}
+
function api_item_get_user(&$a, $item) {
global $usercache;
// The author is our direct contact, in a conversation with us.
- if(link_compare($item['url'],$item['author-link'])) {
- return api_get_user($a,$item['cid']);
- }
- else {
- // The author may be a contact of ours, but is replying to somebody else.
- // Figure out if we know him/her.
- $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
- if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
- return api_get_user($a,$a->contacts[$normalised]['id']);
- }
+
+ if($item['author']['abook_id']) {
+ return api_get_user($a,$item['author']['abook_id']);
+ }
+
// We don't know this person directly.
- list($nick, $name) = array_map("trim",explode("(",$item['author-name']));
- $name=str_replace(")","",$name);
-
- if ($name == '')
- $name = $nick;
-
- if ($nick == '')
- $nick = $name;
+ $nick = substr($item['author']['xchan_addr'],0,strpos($item['author']['xchan_addr'],'@'));
+ $name = $item['author']['xchan_name'];
// Generating a random ID
if (is_null($usercache[$nick]) or !array_key_exists($nick, $usercache))
@@ -408,8 +406,8 @@
'screen_name' => $nick,
'location' => '', //$uinfo[0]['default-location'],
'description' => '',
- 'profile_image_url' => $item['author-avatar'],
- 'url' => $item['author-link'],
+ 'profile_image_url' => $item['author']['xchan_photo_m'],
+ 'url' => $item['author']['xchan_url'],
'protected' => false, #
'followers_count' => 0,
'friends_count' => 0,
@@ -466,9 +464,6 @@
return $ret;
}
- /**
- ** TWITTER API
- */
/**
* Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful;
@@ -524,27 +519,27 @@
function api_statuses_mediap(&$a, $type) {
- if (api_user()===false) {
- logger('api_statuses_update: no user');
- return false;
- }
- $user_info = api_get_user($a);
-
- $_REQUEST['type'] = 'wall';
- $_REQUEST['profile_uid'] = api_user();
- $_REQUEST['api_source'] = true;
- $txt = requestdata('status');
- //$txt = urldecode(requestdata('status'));
-
- require_once('library/HTMLPurifier.auto.php');
- require_once('include/html2bbcode.php');
-
- if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
+ if (api_user() === false) {
+ logger('api_statuses_update: no user');
+ return false;
+ }
+ $user_info = api_get_user($a);
+
+ $_REQUEST['type'] = 'wall';
+ $_REQUEST['profile_uid'] = api_user();
+ $_REQUEST['api_source'] = true;
+
+ $txt = requestdata('status');
+
+ require_once('library/HTMLPurifier.auto.php');
+ require_once('include/html2bbcode.php');
+
+ if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
$txt = html2bb_video($txt);
$config = HTMLPurifier_Config::createDefault();
- $config->set('Cache.DefinitionImpl', null);
+ $config->set('Cache.DefinitionImpl', null);
$purifier = new HTMLPurifier($config);
- $txt = $purifier->purify($txt);
+ $txt = $purifier->purify($txt);
}
$txt = html2bbcode($txt);
@@ -552,10 +547,10 @@
$_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
require_once('mod/wall_upload.php');
- $bebop = wall_upload_post($a);
+ $posted = wall_upload_post($a);
//now that we have the img url in bbcode we can add it to the status and insert the wall item.
- $_REQUEST['body']=$txt."\n\n".$bebop;
+ $_REQUEST['body']=$txt."\n\n".$posted;
require_once('mod/item.php');
item_post($a);
@@ -564,8 +559,6 @@
}
api_register_func('api/statuses/mediap','api_statuses_mediap', true);
-
-
function api_statuses_update(&$a, $type) {
if (api_user() === false) {
logger('api_statuses_update: no user');
@@ -647,13 +640,15 @@
// get last public message
+ require_once('include/security.php');
+
$lastwall = q("SELECT * from item where 1
- and not ( item_flags & %d ) and item_restrict = 0
+ and item_private != 0 and item_restrict = 0
and author_xchan = '%s'
and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
and verb = '%s'
+ and uid in ( " . stream_perms_api_uids() . " )
order by created desc limit 1",
- intval(ITEM_PRIVATE),
dbesc($user_info['guid']),
dbesc(ACTIVITY_POST)
);
@@ -717,13 +712,15 @@
function api_users_show(&$a, $type){
$user_info = api_get_user($a);
+ require_once('include/security.php');
+
$lastwall = q("SELECT * from item where 1
- and not ( item_flags & %d ) and item_restrict = 0
+ and item_private != 0 and item_restrict = 0
and author_xchan = '%s'
and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
and verb = '%s'
+ and uid in ( " . stream_perms_api_uids() . " )
order by created desc limit 1",
- intval(ITEM_PRIVATE),
dbesc($user_info['guid']),
dbesc(ACTIVITY_POST)
);
@@ -784,18 +781,20 @@
*/
function api_statuses_home_timeline(&$a, $type){
- if (api_user()===false) return false;
+ if (api_user() === false)
+ return false;
$user_info = api_get_user($a);
- // get last newtork messages
+ // get last network messages
// params
- $count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
- $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
- if ($page<0) $page=0;
- $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
- $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0);
+ $count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
+ $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
+ if($page < 0)
+ $page = 0;
+ $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
+ $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0);
$exclude_replies = (x($_REQUEST,'exclude_replies')?1:0);
//$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
@@ -809,33 +808,40 @@
if ($exclude_replies > 0)
$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
- $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
- FROM `item`, `contact`
- WHERE `item`.`uid` = %d
- AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
- AND `contact`.`id` = `item`.`contact-id`
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ if (api_user() != $user_info['uid']) {
+ $observer = get_app()->get_observer();
+ require_once('include/permissions.php');
+ if(! perm_is_allowed($user_info['uid'],(($observer) ? $observer['xchan_hash'] : ''),'view_stream'))
+ return '';
+ $sql_extra .= " and item_private = 0 ";
+ }
+
+ $r = q("SELECT * from item WHERE uid = %d and item_restrict = 0
$sql_extra
- AND `item`.`id`>%d
- ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
+ AND id > %d
+ ORDER BY received DESC LIMIT %d ,%d ",
intval($user_info['uid']),
intval($since_id),
- intval($start), intval($count)
+ intval($start),
+ intval($count)
);
+ xchan_query($r,true);
+
$ret = api_format_items($r,$user_info);
// We aren't going to try to figure out at the item, group, and page
// level which items you've seen and which you haven't. If you're looking
// at the network timeline just mark everything seen.
- $r = q("UPDATE `item` SET `unseen` = 0
- WHERE `unseen` = 1 AND `uid` = %d",
- intval($user_info['uid'])
- );
+ if (api_user() == $user_info['uid']) {
+ $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d )
+ WHERE item_flags & %d and uid = %d",
+ intval(ITEM_UNSEEN),
+ intval(ITEM_UNSEEN),
+ intval($user_info['uid'])
+ );
+ }
$data = array('$statuses' => $ret);
@@ -878,42 +884,22 @@
if ($max_id > 0)
$sql_extra = 'AND `item`.`id` <= '.intval($max_id);
+ require_once('include/security.php');
- /*$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
- FROM `item`, `contact`
- WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
- AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
- AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
- AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
- AND `contact`.`id` = `item`.`contact-id`
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ $r = q("select * from item where item_restrict = 0
+ and allow_cid = '' and allow_gid = ''
+ and deny_cid = '' and deny_gid = ''
+ and item_private = 0
+ and uid in ( " . stream_perms_api_uids() . " )
$sql_extra
- AND `item`.`id`>%d
- ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
+ AND id > %d group by uri
+ order by received desc LIMIT %d, %d ",
intval($since_id),
- intval($start), intval($count)
- );*/
- $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,
- `user`.`nickname`, `user`.`hidewall`
- FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
- LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
- WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
- AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
- AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
- AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- $sql_extra
- AND `item`.`id`>%d
- ORDER BY `received` DESC LIMIT %d, %d ",
- intval($since_id),
- intval($start),
- intval($count));
+ intval($start),
+ intval($count)
+ );
+
+ xchan_query($r,true);
$ret = api_format_items($r,$user_info);
@@ -926,7 +912,7 @@
break;
case "as":
$as = api_format_as($a, $ret, $user_info);
- $as['title'] = $a->config['sitename']." Public Timeline";
+ $as['title'] = $a->config['sitename']. " " . t('Public Timeline');
$as['link']['url'] = $a->get_baseurl()."/";
return($as);
break;
@@ -938,6 +924,7 @@
/**
*
+
*/
function api_statuses_show(&$a, $type){
if (api_user()===false) return false;
@@ -945,7 +932,7 @@
$user_info = api_get_user($a);
// params
- $id = intval($a->argv[3]);
+ $id = intval(argv(3));
logger('API: api_statuses_show: '.$id);
@@ -958,17 +945,10 @@
else
$sql_extra .= " AND `item`.`id` = %d";
- $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
- FROM `item`, `contact`
- WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
- AND `contact`.`id` = `item`.`contact-id`
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- $sql_extra",
+ $r = q("select * from item where item_restrict = 0 $sql_extra",
intval($id)
);
+ xchan_query($r,true);
$ret = api_format_items($r,$user_info);
@@ -997,34 +977,31 @@
$user_info = api_get_user($a);
// params
- $id = intval($a->argv[3]);
+ $id = intval(argv(3));
logger('API: api_statuses_repeat: '.$id);
//$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false);
- $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`nick` as `reply_author`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url` as `reply_url`, `contact`.`rel`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
- FROM `item`, `contact`
- WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
- AND `contact`.`id` = `item`.`contact-id`
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- $sql_extra
- AND `item`.`id`=%d",
+ $observer = get_app()->get_observer();
+
+ $r = q("SELECT * from item where item_restrict = 0 and id = %d limit 1",
intval($id)
);
- if ($r[0]['body'] != "") {
- $_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
- $_REQUEST['profile_uid'] = api_user();
- $_REQUEST['type'] = 'wall';
- $_REQUEST['api_source'] = true;
+ if(perm_is_allowed($r[0]['uid'],$observer['xchan_hash'],'view_stream')) {
+ if ($r[0]['body'] != "") {
+ $_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
+ $_REQUEST['profile_uid'] = api_user();
+ $_REQUEST['type'] = 'wall';
+ $_REQUEST['api_source'] = true;
- require_once('mod/item.php');
- item_post($a);
+ require_once('mod/item.php');
+ item_post($a);
+ }
}
+ else
+ return false;
if ($type == 'xml')
$ok = "true";
@@ -1038,13 +1015,14 @@
/**
*
*/
+
function api_statuses_destroy(&$a, $type){
if (api_user()===false) return false;
$user_info = api_get_user($a);
// params
- $id = intval($a->argv[3]);
+ $id = intval(argv(3));
logger('API: api_statuses_destroy: '.$id);
@@ -1065,6 +1043,8 @@
* http://developer.twitter.com/doc/get/statuses/mentions
*
*/
+
+// FIXME
function api_statuses_mentions(&$a, $type){
if (api_user()===false) return false;
@@ -1142,6 +1122,7 @@
return api_apply_template("timeline", $type, $data);
}
api_register_func('api/statuses/mentions','api_statuses_mentions', true);
+ // FIXME?? I don't think mentions and replies are congruent in this case
api_register_func('api/statuses/replies','api_statuses_mentions', true);
@@ -1149,7 +1130,7 @@
if (api_user()===false) return false;
$user_info = api_get_user($a);
- // get last newtork messages
+ // get last network messages
logger("api_statuses_user_timeline: api_user: ". api_user() .
@@ -1325,7 +1306,7 @@
function api_format_messages($item, $recipient, $sender) {
// standard meta information
- $ret=Array(
+ $ret = array(
'id' => $item['id'],
'created_at' => api_date($item['created']),
'sender_id' => $sender['id'] ,
@@ -1364,25 +1345,27 @@
//logger('api_format_items: ' . print_r($user_info,true));
$a = get_app();
- $ret = Array();
+ $ret = array();
foreach($r as $item) {
localize_item($item);
- $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
- if ($item['parent']!=$item['id']) {
- $r = q("select id from item where parent=%s and id<%s order by id desc limit 1",
- intval($item['parent']), intval($item['id']));
+ $status_user = (($item['author_xchan']==$user_info['guid'])?$user_info: api_item_get_user($a,$item));
+
+ if($item['parent'] != $item['id']) {
+ $r = q("select id from item where parent= %d and id < %d order by id desc limit 1",
+ intval($item['parent']),
+ intval($item['id'])
+ );
if ($r)
$in_reply_to_status_id = $r[0]['id'];
else
$in_reply_to_status_id = $item['parent'];
- $r = q("select `item`.`contact-id`, `contact`.nick, `item`.`author-name` from item, contact
- where `contact`.`id` = `item`.`contact-id` and `item`.id=%d", intval($in_reply_to_status_id));
+ xchan_query($r,true);
- $in_reply_to_screen_name = $r[0]['author-name'];
- $in_reply_to_user_id = $r[0]['contact-id'];
+ $in_reply_to_screen_name = $r[0]['author']['xchan_name'];
+ $in_reply_to_user_id = $r[0]['author']['abook_id'];
} else {
$in_reply_to_screen_name = '';
@@ -1399,41 +1382,39 @@
else
$statustext = trim($statustitle."\n\n".$statusbody);
- if (($item["network"] == NETWORK_FEED) and (strlen($statustext)> 1000))
- $statustext = substr($statustext, 0, 1000)."... \n".$item["plink"];
$status = array(
- 'text' => $statustext,
- 'truncated' => False,
- 'created_at'=> api_date($item['created']),
- 'in_reply_to_status_id' => $in_reply_to_status_id,
- 'source' => (($item['app']) ? $item['app'] : 'web'),
- 'id' => intval($item['id']),
- 'in_reply_to_user_id' => $in_reply_to_user_id,
- 'in_reply_to_screen_name' => $in_reply_to_screen_name,
- 'geo' => '',
- 'favorited' => $item['starred'] ? true : false,
- 'user' => $status_user ,
- 'statusnet_html' => trim(bbcode($item['body'])),
+ 'text' => $statustext,
+ 'truncated' => False,
+ 'created_at' => api_date($item['created']),
+ 'in_reply_to_status_id' => $in_reply_to_status_id,
+ 'source' => (($item['app']) ? $item['app'] : 'web'),
+ 'id' => intval($item['id']),
+ 'in_reply_to_user_id' => $in_reply_to_user_id,
+ 'in_reply_to_screen_name' => $in_reply_to_screen_name,
+ 'geo' => '',
+ 'favorited' => (($item['item_flags'] & ITEM_STARRED) ? true : false),
+ 'user' => $status_user ,
+ 'statusnet_html' => trim(bbcode($item['body'])),
'statusnet_conversation_id' => $item['parent'],
);
// Seesmic doesn't like the following content
if ($_SERVER['HTTP_USER_AGENT'] != 'Seesmic') {
$status2 = array(
- 'updated' => api_date($item['edited']),
- 'published' => api_date($item['created']),
- 'message_id' => $item['uri'],
- 'url' => ($item['plink']!=''?$item['plink']:$item['author-link']),
- 'coordinates' => $item['coord'],
- 'place' => $item['location'],
+ 'updated' => api_date($item['edited']),
+ 'published' => api_date($item['created']),
+ 'message_id' => $item['uri'],
+ 'url' => $item['plink'],
+ 'coordinates' => $item['coord'],
+ 'place' => $item['location'],
'contributors' => '',
'annotations' => '',
- 'entities' => '',
- 'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE),
- 'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
- 'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
- 'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
+ 'entities' => '',
+ 'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE),
+ 'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
+ 'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
+ 'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
);
$status = array_merge($status, $status2);
@@ -1499,12 +1480,14 @@
return false;
}
+ // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
+ // This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends')
- $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
+ $sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers')
- $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
+ $sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
- $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
+ $r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user())
);
@@ -1611,13 +1594,16 @@
if(! api_user())
return false;
+
+ // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
+ // This won't work if either of you send your stream to everybody on the network
+
if($qtype == 'friends')
- $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
+ $sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers')
- $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
+ $sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
-
- $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
+ $r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user())
);
diff --git a/include/auth.php b/include/auth.php
index c12432449..9cdbd80d5 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -63,16 +63,21 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
info( t('Logged out.') . EOL);
goaway(z_root());
}
-
-// if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
-// $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
-// intval($_SESSION['visitor_id'])
-// );
-// if(count($r)) {
-// $a->contact = $r[0];
-// }
-// }
-
+dbg(1);
+ if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
+ $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1",
+ dbesc($_SESSION['visitor_id'])
+ );
+ if($r) {
+ get_app()->set_observer($r[0]);
+ }
+ else {
+ unset($_SESSION['visitor_id']);
+ unset($_SESSION['authenticated']);
+ }
+ $a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+ }
+dbg(0);
if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
// already logged in user returning
diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index 47945e66e..cb3dc0740 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -116,23 +116,23 @@ function common_friends_visitor_widget($profile_uid) {
}
// FIXME
- if(! $cid) {
- if(get_my_url()) {
- $r = q("select id from contact where nurl = '%s' and uid = %d limit 1",
- dbesc(normalise_link(get_my_url())),
- intval($profile_uid)
- );
- if(count($r))
- $cid = $r[0]['id'];
- else {
- $r = q("select id from gcontact where nurl = '%s' limit 1",
- dbesc(normalise_link(get_my_url()))
- );
- if(count($r))
- $zcid = $r[0]['id'];
- }
- }
- }
+// if(! $cid) {
+// if(get_my_url()) {
+// $r = q("select id from contact where nurl = '%s' and uid = %d limit 1",
+// dbesc(normalise_link(get_my_url())),
+// intval($profile_uid)
+// );
+// if(count($r))
+// $cid = $r[0]['id'];
+// else {
+// $r = q("select id from gcontact where nurl = '%s' limit 1",
+// dbesc(normalise_link(get_my_url()))
+// );
+// if(count($r))
+// $zcid = $r[0]['id'];
+// }
+// }
+// }
if($cid == 0 && $zcid == 0)
return;
diff --git a/include/event.php b/include/event.php
index 685842fc3..8bf65016f 100644
--- a/include/event.php
+++ b/include/event.php
@@ -205,30 +205,36 @@ function event_store($arr) {
$a = get_app();
- $arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert());
- $arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert());
- $arr['type'] = (($arr['type']) ? $arr['type'] : 'event' );
+ $arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert());
+ $arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert());
+ $arr['type'] = (($arr['type']) ? $arr['type'] : 'event' );
$arr['event_xchan'] = (($arr['event_xchan']) ? $arr['event_xchan'] : '');
// Existing event being modified
- if($arr['id']) {
+ if($arr['id'] || $arr['event_hash']) {
// has the event actually changed?
- $r = q("SELECT * FROM `event` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($arr['id']),
- intval($arr['uid'])
- );
- if((! $r) || ($r[0]['edited'] === $arr['edited'])) {
-
- // Nothing has changed. Grab the item id to return.
-
- $r = q("SELECT id FROM item WHERE resource_type = 'event' and resource_id = '%s' AND uid = %d LIMIT 1",
- intval($arr['event_hash']),
+ if($arr['event_hash']) {
+ $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
+ dbesc($arr['event_hash']),
intval($arr['uid'])
);
- return(($r) ? $r[0]['id'] : 0);
+ }
+ else {
+ $r = q("SELECT * FROM event WHERE id = %d AND uid = %d LIMIT 1",
+ intval($arr['id']),
+ intval($arr['uid'])
+ );
+ }
+
+ if(! $r)
+ return 0;
+
+ if($r[0]['edited'] === $arr['edited']) {
+ // Nothing has changed. Return the ID.
+ return $r[0]['id'];
}
// The event changed. Update it.
@@ -262,12 +268,12 @@ function event_store($arr) {
dbesc($arr['allow_gid']),
dbesc($arr['deny_cid']),
dbesc($arr['deny_gid']),
- intval($arr['id']),
+ intval($r[0]['id']),
intval($arr['uid'])
);
$r = q("SELECT * FROM item left join xchan on author_xchan = xchan_hash WHERE resource_id = '%s' AND resource_type = 'event' and uid = %d LIMIT 1",
- intval($arr['event_hash']),
+ intval($r[0]['event_hash']),
intval($arr['uid'])
);
@@ -291,7 +297,8 @@ function event_store($arr) {
$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
- q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d WHERE id = %d AND uid = %d LIMIT 1",
+
+ q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1",
dbesc($arr['summary']),
dbesc(format_event_bbcode($arr)),
dbesc($object),
@@ -300,7 +307,8 @@ function event_store($arr) {
dbesc($arr['deny_cid']),
dbesc($arr['deny_gid']),
dbesc($arr['edited']),
- intval(($private && ($r[0]['item_flags'] & ITEM_PRIVATE)) ? $r[0]['item_flags'] : $r[0]['item_flags'] ^ ITEM_PRIVATE),
+ intval($r[0]['item_flags']),
+ intval($private),
intval($r[0]['id']),
intval($arr['uid'])
);
@@ -320,8 +328,12 @@ function event_store($arr) {
$hash = random_string();
- $r = q("INSERT INTO `event` ( `uid`,`aid`,`event_xchan`,`event_hash`,`created`,`edited`,`start`,`finish`,`summary`, `desc`,`location`,`type`,
- `adjust`,`nofinish`,`allow_cid`,`allow_gid`,`deny_cid`,`deny_gid`)
+ if(! $arr['uri'])
+ $arr['uri'] = item_message_id();
+
+
+ $r = q("INSERT INTO event ( uid,aid,event_xchan,event_hash,created,edited,start,finish,summary, desc,location,type,
+ adjust,nofinish,allow_cid,allow_gid,deny_cid,deny_gid)
VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' ) ",
intval($arr['uid']),
intval($arr['account']),
@@ -344,7 +356,7 @@ function event_store($arr) {
);
- $r = q("SELECT * FROM `event` WHERE `event_hash` = '%s' AND `uid` = %d LIMIT 1",
+ $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
dbesc($hash),
intval($arr['uid'])
);
@@ -364,19 +376,14 @@ function event_store($arr) {
$item_flags |= ITEM_ORIGIN;
}
-
- $uri = item_message_id();
-
$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
- if($private)
- $item_flags |= ITEM_PRIVATE;
$item_arr = array();
$item_arr['uid'] = $arr['uid'];
$item_arr['author_xchan'] = $arr['event_xchan'];
- $item_arr['uri'] = $uri;
- $item_arr['parent_uri'] = $uri;
+ $item_arr['uri'] = $arr['uri'];
+ $item_arr['parent_uri'] = $arr['uri'];
$item_arr['item_flags'] = $item_flags;
@@ -387,12 +394,13 @@ function event_store($arr) {
$item_arr['allow_gid'] = $arr['allow_gid'];
$item_arr['deny_cid'] = $arr['deny_cid'];
$item_arr['deny_gid'] = $arr['deny_gid'];
+ $item_arr['item_private'] = $private;
$item_arr['verb'] = ACTIVITY_POST;
$item_arr['resource_type'] = 'event';
$item_arr['resource_id'] = $hash;
- $item_arr['obj_type'] = ACTIVITY_OBJ_EVENT;
+ $item_arr['obj_type'] = ACTIVITY_OBJ_EVENT;
$item_arr['body'] = format_event_bbcode($arr);
$x = q("select * from xchan where xchan_hash = '%s' limit 1",
diff --git a/include/group.php b/include/group.php
index 6568af0c7..3a2fe7a3c 100644
--- a/include/group.php
+++ b/include/group.php
@@ -169,7 +169,7 @@ function group_add_member($uid,$name,$member,$gid = 0) {
function group_get_members($gid) {
$ret = array();
if(intval($gid)) {
- $r = q("SELECT abook.*,xchan.*,group_member.* FROM `group_member`
+ $r = q("SELECT * FROM `group_member`
LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan
WHERE `gid` = %d AND `group_member`.`uid` = %d and not ( abook_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ",
intval($gid),
@@ -228,7 +228,6 @@ function group_side($every="contacts",$each="group",$edit = false, $group_id = 0
);
-
$r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC",
intval($_SESSION['uid'])
);
diff --git a/include/html2plain.php b/include/html2plain.php
index e5615f8ba..b8c9c440d 100644
--- a/include/html2plain.php
+++ b/include/html2plain.php
@@ -205,7 +205,7 @@ function html2plain($html, $wraplength = 75, $compact = false)
if (!$compact) {
$counter = 1;
foreach ($urls as $id=>$url)
- if (strpos($message, $url) == false)
+ if ($url && strpos($message, $url) === false)
$message .= "\n".$url." ";
//$message .= "\n[".($counter++)."] ".$url;
}
diff --git a/include/identity.php b/include/identity.php
index 94de192c6..a66929b63 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -201,6 +201,9 @@ function identity_basic_export($channel_id) {
*/
$ret = array();
+
+ $ret['compatibility'] = array('project' => FRIENDICA_PLATFORM, 'version' => FRIENDICA_VERSION, 'database' => DB_UPDATE_VERSION);
+
$r = q("select * from channel where channel_id = %d limit 1",
intval($channel_id)
);
@@ -240,4 +243,49 @@ function identity_basic_export($channel_id) {
+function identity_basic_import($arr, $seize_primary = false) {
+
+ $ret = array('result' => false );
+
+ if($arr['channel']) {
+ // import channel
+
+ // create a new xchan (if necessary)
+
+ // create a new hubloc and seize control if applicable
+
+
+ }
+ if($arr['profile']) {
+ // FIXME - change profile assignment to a hash instead of an id we have to fix
+
+
+ }
+
+ if($arr['xchan']) {
+
+ // import any xchan and hubloc which are not yet available on this site
+ // Unset primary for all other hubloc on our own record if $seize_primary
+
+
+ }
+
+ if($arr['abook']) {
+ // import the abook entries
+
+
+ }
+
+
+ if($seize_primary) {
+
+ // send a refresh message to all our friends, telling them we've moved
+
+ }
+
+
+ $ret['result'] = true ;
+ return $ret;
+
+} \ No newline at end of file
diff --git a/include/items.php b/include/items.php
index a462c8073..dcc6c9b50 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1598,17 +1598,16 @@ function tag_deliver($uid,$item_id) {
$private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0;
$flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK;
- if($private)
- $flag_bits = $flag_bits | ITEM_PRIVATE;
$r = q("update item set item_flags = ( $item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s',
- deny_cid = '%s', deny_gid = '%s' where id = %d limit 1",
+ deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d limit 1",
intval($flag_bits),
dbesc($u[0]['channel_hash']),
dbesc($u[0]['allow_cid']),
dbesc($u[0]['allow_gid']),
dbesc($u[0]['deny_cid']),
dbesc($u[0]['deny_gid']),
+ intval($private),
intval($item_id)
);
if($r)
@@ -2081,13 +2080,13 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
$img->scaleImageSquare(175);
$hash = $resource_id;
- $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
+ $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
$img->scaleImage(80);
- $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
+ $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
$img->scaleImage(48);
- $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
+ $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
$a = get_app();
diff --git a/include/nav.php b/include/nav.php
index 644264a92..3a565af55 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -90,8 +90,12 @@ EOT;
);
}
-
- $nav['lock'] = array('rmagic','',(($observer) ? 'lock' : 'unlock'), (($observer) ? $observer['xchan_addr'] : t('Click to authenticate to your home hub')));
+ if($observer)
+ $nav['lock'] = array('logout','','lock',
+ sprintf( t('%s - click to logout'), $observer['xchan_addr']));
+ else
+ $nav['lock'] = array('rmagic','','unlock',
+ t('Click to authenticate to your home hub'));
/**
* "Home" should also take you home from an authenticated remote profile connection
@@ -118,9 +122,9 @@ EOT;
$nav['search'] = array('search', t('Search'), "", t('Search site content'));
- $gdirpath = 'directory';
- $nav['directory'] = array($gdirpath, t('Directory'), "", t('People directory'));
+ $nav['directory'] = array('directory', t('Channel Directory'), "", t('Channel Locator'));
+
/**
*
@@ -199,6 +203,7 @@ EOT;
'$localuser' => local_user(),
'$sel' => $a->nav_sel,
'$apps' => $a->get_apps(),
+ '$pleasewait' => t('Please wait...')
));
call_hooks('page_header', $a->page['nav']);
diff --git a/include/onepoll.php b/include/onepoll.php
index 4b44ff5b9..019fe8ed3 100644
--- a/include/onepoll.php
+++ b/include/onepoll.php
@@ -113,16 +113,14 @@ function onepoll_run($argv, $argc){
// set last updated timestamp
- $r = null;
-
if($contact['xchan_connurl']) {
$r = q("SELECT xlink_id from xlink
where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY",
intval($contact['xchan_hash'])
);
- }
- if($r) {
- poco_load($contact['xchan_hash'],$contact['xchan_connurl']);
+ if($r) {
+ poco_load($contact['xchan_hash'],$contact['xchan_connurl']);
+ }
}
return;
diff --git a/include/security.php b/include/security.php
index 0783a3c20..f28174153 100644
--- a/include/security.php
+++ b/include/security.php
@@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* default permissions - anonymous user
*/
- $sql = " AND not (item_flags & " . ITEM_PRIVATE . ") ";
+ $sql = " AND not item_private ";
/**
@@ -349,7 +349,7 @@ if(! function_exists('init_groups_visitor')) {
function init_groups_visitor($contact_id) {
$groups = array();
$r = q("SELECT gid FROM group_member WHERE xchan = '%s' ",
- intval($contact_id)
+ dbesc($contact_id)
);
if(count($r)) {
foreach($r as $rr)
@@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) {
}}
+
+
+
+// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the
+// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in.
+// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
+// We always include yourself if logged in because you can always see your own posts
+// resolving granular permissions for the observer against every person and every post on the site
+// will likely be too expensive.
+// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
+
+function stream_perms_api_uids($perms_min = PERMS_SITE) {
+ $ret = array();
+ if(local_user())
+ $ret[] = local_user();
+ $r = q("select channel_id from channel where channel_r_stream <= %d",
+ intval($perms_min)
+ );
+ if($r)
+ foreach($r as $rr)
+ if(! in_array($rr['channel_id'],$ret))
+ $ret[] = $rr['channel_id'];
+
+ $str = '';
+ if($ret)
+ foreach($ret as $rr) {
+ if($str)
+ $str .= ',';
+ $str .= intval($rr);
+ }
+ return $str;
+}
+
diff --git a/include/socgraph.php b/include/socgraph.php
index aa5a24e89..081927dcc 100644
--- a/include/socgraph.php
+++ b/include/socgraph.php
@@ -23,12 +23,11 @@ function poco_load($xchan = null,$url = null) {
$a = get_app();
if($xchan && ! $url) {
- $r = q("select xchan_connurl from xchan where xchan_hash = %d limit 1",
- intval($xchan)
+ $r = q("select xchan_connurl from xchan where xchan_hash = '%s' limit 1",
+ dbesc($xchan)
);
if($r) {
$url = $r[0]['xchan_connurl'];
- $uid = $r[0]['abook_channel'];
}
}
@@ -109,24 +108,25 @@ function poco_load($xchan = null,$url = null) {
}
- $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1",
- dbesc($xchan),
- dbesc($hash)
- );
- if(! $r) {
- q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ",
+ if($xchan) {
+ $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1",
dbesc($xchan),
- dbesc($hash),
- dbesc(datetime_convert())
- );
- }
- else {
- q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1",
- dbesc(datetime_convert()),
- intval($r[0]['xlink_id'])
+ dbesc($hash)
);
+ if(! $r) {
+ q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ",
+ dbesc($xchan),
+ dbesc($hash),
+ dbesc(datetime_convert())
+ );
+ }
+ else {
+ q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1",
+ dbesc(datetime_convert()),
+ intval($r[0]['xlink_id'])
+ );
+ }
}
-
}
logger("poco_load: loaded $total entries",LOGGER_DEBUG);
@@ -295,37 +295,38 @@ function suggestion_query($uid, $start = 0, $limit = 80) {
function update_suggestions() {
+// FIXME
+return;
$a = get_app();
$done = array();
- poco_load(0,0,0,$a->get_baseurl() . '/poco');
+ // fix this to get a json list from an upstream directory
+// poco_load(0,0,0,$a->get_baseurl() . '/poco');
- $done[] = $a->get_baseurl() . '/poco';
+// $done[] = $a->get_baseurl() . '/poco';
- if(strlen(get_config('system','directory_submit_url'))) {
- $x = fetch_url('http://dir.friendica.com/pubsites');
- if($x) {
- $j = json_decode($x);
- if($j->entries) {
- foreach($j->entries as $entry) {
- $url = $entry->url . '/poco';
- if(! in_array($url,$done))
- poco_load(0,0,0,$entry->url . '/poco');
- }
- }
- }
- }
+// if(strlen(get_config('system','directory_submit_url'))) {
+// $x = fetch_url('http://dir.friendica.com/pubsites');
+// if($x) {
+// $j = json_decode($x);
+// if($j->entries) {
+// foreach($j->entries as $entry) {
+// $url = $entry->url . '/poco';
+// if(! in_array($url,$done))
+// poco_load(0,0,0,$entry->url . '/poco');
+// }
+// }
+// }
+// }
- $r = q("select distinct(poco) as poco from contact where network = '%s'",
- dbesc(NETWORK_DFRN)
- );
+ $r = q("select distinct(xchan_connurl) as poco from xchan where xchan_network = 'zot'");
- if(count($r)) {
+ if($r) {
foreach($r as $rr) {
$base = substr($rr['poco'],0,strrpos($rr['poco'],'/'));
if(! in_array($base,$done))
- poco_load(0,0,0,$base);
+ poco_load('',$base);
}
}
}
diff --git a/include/text.php b/include/text.php
index 9db22d9ed..167fbb1df 100644
--- a/include/text.php
+++ b/include/text.php
@@ -302,26 +302,33 @@ function paginate(&$a) {
}}
if(! function_exists('alt_pager')) {
-function alt_pager(&$a, $i) {
- $o = '';
+function alt_pager(&$a, $i, $more = '', $less = '') {
+
+ $o = '';
+
+ if(! $more)
+ $more = t('older');
+ if(! $less)
+ $less = t('newer');
+
$stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
$stripped = str_replace('q=','',$stripped);
$stripped = trim($stripped,'/');
$pagenum = $a->pager['page'];
- $url = $a->get_baseurl() . '/' . $stripped;
+ $url = $a->get_baseurl() . '/' . $stripped;
- $o .= '<div class="pager">';
+ $o .= '<div class="pager">';
- if($a->pager['page']>1)
- $o .= "<a href=\"$url"."&page=".($a->pager['page'] - 1).'">' . t('newer') . '</a>';
- if($i>0) {
- if($a->pager['page']>1)
- $o .= "&nbsp;-&nbsp;";
- $o .= "<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . t('older') . '</a>';
+ if($a->pager['page'] > 1)
+ $o .= "<a href=\"$url"."&page=".($a->pager['page'] - 1).'">' . $less . '</a>';
+ if($i > 0 && $i == $a->pager['itemspage']) {
+ if($a->pager['page']>1)
+ $o .= " | ";
+ $o .= "<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . $more . '</a>';
}
- $o .= '</div>'."\r\n";
+ $o .= '</div>'."\r\n";
return $o;
}}
@@ -1711,7 +1718,11 @@ function ids_to_querystr($arr,$idx = 'id') {
return(implode(',', $t));
}
-function xchan_query(&$items) {
+// Fetches xchan and hubloc data for an array of items with only an
+// author_xchan and owner_xchan. If $abook is true also include the abook info.
+// This is needed in the API to save extra per item lookups there.
+
+function xchan_query(&$items,$abook = false) {
$arr = array();
if($items && count($items)) {
foreach($items as $item) {
@@ -1722,8 +1733,14 @@ function xchan_query(&$items) {
}
}
if(count($arr)) {
- $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
- where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+ if($abook) {
+ $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash
+ where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+ }
+ else {
+ $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
+ where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+ }
}
if($items && count($items) && $chans && count($chans)) {
for($x = 0; $x < count($items); $x ++) {
@@ -1781,9 +1798,11 @@ function magic_link($s) {
return $s;
}
-function stringify_array_elms(&$arr) {
+// if $escape is true, dbesc() each element before adding quotes
+
+function stringify_array_elms(&$arr,$escape = false) {
for($x = 0; $x < count($arr); $x ++)
- $arr[$x] = "'" . $arr[$x] . "'";
+ $arr[$x] = "'" . (($escape) ? dbesc($arr[$x]) : $arr[$x]) . "'";
}
/**
diff --git a/include/user.php b/include/user.php
deleted file mode 100644
index d71f024d1..000000000
--- a/include/user.php
+++ /dev/null
@@ -1,320 +0,0 @@
-<?php
-
-require_once('include/config.php');
-require_once('include/network.php');
-require_once('include/plugin.php');
-require_once('include/text.php');
-require_once('include/language.php');
-require_once('include/datetime.php');
-
-function create_user($arr) {
-
- // Required: { username, nickname, email } or { openid_url }
-
- $a = get_app();
- $result = array('success' => false, 'user' => null, 'password' => '', 'message' => '');
-
- $using_invites = get_config('system','invitation_only');
- $num_invites = get_config('system','number_invites');
-
-
- $invite_id = ((x($arr,'invite_id')) ? notags(trim($arr['invite_id'])) : '');
- $username = ((x($arr,'username')) ? notags(trim($arr['username'])) : '');
- $nickname = ((x($arr,'nickname')) ? notags(trim($arr['nickname'])) : '');
- $email = ((x($arr,'email')) ? notags(trim($arr['email'])) : '');
- $openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : '');
- $photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : '');
- $password = ((x($arr,'password')) ? trim($arr['password']) : '');
- $blocked = ((x($arr,'blocked')) ? intval($arr['blocked']) : 0);
- $verified = ((x($arr,'verified')) ? intval($arr['verified']) : 0);
-
- $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0);
- $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
-
- $tmp_str = $openid_url;
-
- if($using_invites) {
- if(! $invite_id) {
- $result['message'] .= t('An invitation is required.') . EOL;
- return $result;
- }
- $r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
- if(! results($r)) {
- $result['message'] .= t('Invitation could not be verified.') . EOL;
- return $result;
- }
- }
-
- if((! x($username)) || (! x($email)) || (! x($nickname))) {
- if($openid_url) {
- if(! validate_url($tmp_str)) {
- $result['message'] .= t('Invalid OpenID url') . EOL;
- return $result;
- }
- $_SESSION['register'] = 1;
- $_SESSION['openid'] = $openid_url;
- require_once('library/openid.php');
- $openid = new LightOpenID;
- $openid->identity = $openid_url;
- $openid->returnUrl = $a->get_baseurl() . '/openid';
- $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
- $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
- goaway($openid->authUrl());
- // NOTREACHED
- }
-
- notice( t('Please enter the required information.') . EOL );
- return;
- }
-
- if(! validate_url($tmp_str))
- $openid_url = '';
-
-
- $err = '';
-
- // collapse multiple spaces in name
- $username = preg_replace('/ +/',' ',$username);
-
- if(mb_strlen($username) > 48)
- $result['message'] .= t('Please use a shorter name.') . EOL;
- if(mb_strlen($username) < 3)
- $result['message'] .= t('Name too short.') . EOL;
-
- // I don't really like having this rule, but it cuts down
- // on the number of auto-registrations by Russian spammers
-
- // Using preg_match was completely unreliable, due to mixed UTF-8 regex support
- // $no_utf = get_config('system','no_utf');
- // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
-
- // So now we are just looking for a space in the full name.
-
- $loose_reg = get_config('system','no_regfullname');
- if(! $loose_reg) {
- $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
- if(! strpos($username,' '))
- $result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
- }
-
-
- if(! allowed_email($email))
- $result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL;
-
- if((! valid_email($email)) || (! validate_email($email)))
- $result['message'] .= t('Not a valid email address.') . EOL;
-
- // Disallow somebody creating an account using openid that uses the admin email address,
- // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
-
- if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
- $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
- dbesc($email)
- );
- if(count($r))
- $result['message'] .= t('Cannot use that email.') . EOL;
- }
-
- $nickname = $arr['nickname'] = strtolower($nickname);
-
- if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
- $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
- $r = q("SELECT `uid` FROM `user`
- WHERE `nickname` = '%s' LIMIT 1",
- dbesc($nickname)
- );
- if(count($r))
- $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
-
- // Check deleted accounts that had this nickname. Doesn't matter to us,
- // but could be a security issue for federated platforms.
-
- $r = q("SELECT * FROM `userd`
- WHERE `username` = '%s' LIMIT 1",
- dbesc($nickname)
- );
- if(count($r))
- $result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
-
- if(strlen($result['message'])) {
- return $result;
- }
-
- $new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999));
- $new_password_encoded = hash('whirlpool',$new_password);
-
- $result['password'] = $new_password;
-
- require_once('include/crypto.php');
-
- $keys = new_keypair(4096);
-
- if($keys === false) {
- $result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL;
- return $result;
- }
-
- $default_service_class = get_config('system','default_service_class');
- if(! $default_service_class)
- $default_service_class = '';
-
-
- $prvkey = $keys['prvkey'];
- $pubkey = $keys['pubkey'];
-
- $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
- `pubkey`, `prvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class` )
- VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s' )",
- dbesc(generate_user_guid()),
- dbesc($username),
- dbesc($new_password_encoded),
- dbesc($email),
- dbesc($openid_url),
- dbesc($nickname),
- dbesc($pubkey),
- dbesc($prvkey),
- dbesc(datetime_convert()),
- intval($verified),
- intval($blocked),
- dbesc($default_service_class)
- );
-
- if($r) {
- $r = q("SELECT * FROM `user`
- WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
- dbesc($username),
- dbesc($new_password_encoded)
- );
- if($r !== false && count($r)) {
- $u = $r[0];
- $newuid = intval($r[0]['uid']);
- }
- }
- else {
- $result['message'] .= t('An error occurred during registration. Please try again.') . EOL ;
- return $result;
- }
-
- /**
- * if somebody clicked submit twice very quickly, they could end up with two accounts
- * due to race condition. Remove this one.
- */
-
- $r = q("SELECT `uid` FROM `user`
- WHERE `nickname` = '%s' ",
- dbesc($nickname)
- );
- if((count($r) > 1) && $newuid) {
- $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
- q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1",
- intval($newuid)
- );
- return $result;
- }
-
- if(x($newuid) !== false) {
- $r = q("INSERT INTO `profile` ( `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )
- VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ",
- intval($newuid),
- t('default'),
- 1,
- dbesc($username),
- dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
- dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
- intval($publish),
- intval($netpublish)
-
- );
- if($r === false) {
- $result['message'] .= t('An error occurred creating your default profile. Please try again.') . EOL;
- // Start fresh next time.
- $r = q("DELETE FROM `user` WHERE `uid` = %d",
- intval($newuid));
- return $result;
- }
- $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
- `request`, `notify`, `poll`, `confirm`, `poco`, `name_date`, `uri_date`, `avatar_date`, `closeness` )
- VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
- intval($newuid),
- datetime_convert(),
- dbesc($username),
- dbesc($nickname),
- dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
- dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
- dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"),
- dbesc($a->get_baseurl() . "/channel/$nickname"),
- dbesc(normalise_link($a->get_baseurl() . "/channel/$nickname")),
- dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
- dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
- dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
- dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
- dbesc($a->get_baseurl() . "/poco/$nickname"),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert())
- );
-
- // Create a group with no members. This allows somebody to use it
- // right away as a default group for new contacts.
-
- require_once('include/group.php');
- group_add($newuid, t('Friends'));
-
- }
-
- // if we have no OpenID photo try to look up an avatar
- if(! strlen($photo))
- $photo = avatar_img($email);
-
- // unless there is no avatar-plugin loaded
- if(strlen($photo)) {
- require_once('include/Photo.php');
- $photo_failure = false;
-
- $filename = basename($photo);
- $img_str = fetch_url($photo,true);
- // guess mimetype from headers or filename
- $type = guess_image_type($photo,true);
-
-
- $img = new Photo($img_str, $type);
- if($img->is_valid()) {
-
- $img->scaleImageSquare(175);
-
- $hash = photo_new_resource();
-
- $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
-
- if($r === false)
- $photo_failure = true;
-
- $img->scaleImage(80);
-
- $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 );
-
- if($r === false)
- $photo_failure = true;
-
- $img->scaleImage(48);
-
- $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 );
-
- if($r === false)
- $photo_failure = true;
-
- if(! $photo_failure) {
- q("UPDATE `photo` SET `profile` = 1 WHERE `resource_id` = '%s' ",
- dbesc($hash)
- );
- }
- }
- }
-
- call_hooks('register_account', $newuid);
-
- $result['success'] = true;
- $result['user'] = $u;
- return $result;
-
-}
diff --git a/include/zot.php b/include/zot.php
index 28ecdc4dc..f35c6f93e 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -101,12 +101,13 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_
'version' => ZOT_REVISION
);
-
if($recipients)
$data['recipients'] = $recipients;
- if($secret)
+ if($secret) {
$data['secret'] = $secret;
+ $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey']));
+ }
logger('zot_build_packet: ' . print_r($data,true));
@@ -530,14 +531,35 @@ function import_xchan($arr) {
dbesc($xchan_hash)
);
+
if($r) {
if($r[0]['xchan_photo_date'] != $arr['photo_updated'])
- $update_photos = true;
- if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url'])) {
- $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s' where xchan_hash = '%s' limit 1",
+ $import_photos = true;
+
+ // if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry.
+ // TODO: check if we're the same directory realm, which would mean we are allowed to see it
+
+ $dirmode = get_config('system','directory_mode');
+
+ if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE))
+&& ($arr['site']['url'] != z_root()))
+ $arr['searchable'] = false;
+
+
+
+ // Be careful - XCHAN_FLAGS_HIDDEN should evaluate to 1
+ if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable'])
+ $new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN;
+ else
+ $new_flags = $r[0]['xchan_flags'];
+
+
+ if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) {
+ $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d where xchan_hash = '%s' limit 1",
dbesc($arr['name']),
dbesc($arr['name_updated']),
dbesc($arr['connections_url']),
+ intval($new_flags),
dbesc($xchan_hash)
);
}
@@ -901,16 +923,18 @@ function process_delivery($sender,$arr,$deliveries,$relay) {
$ev['uid'] = $channel['channel_id'];
$ev['account'] = $channel['channel_account_id'];
$ev['edited'] = $arr['edited'];
+ $ev['uri'] = $arr['uri'];
+ $ev['private'] = $arr['item_private'];
// is this an edit?
- $r = q("SELECT * FROM event left join item on resource_id = event_hash WHERE resource_type = 'event' and
- `uri` = '%s' AND event.uid = %d LIMIT 1",
+ $r = q("SELECT resource_id FROM item where uri = '%s' and uid = %d and resource_type = 'event' limit 1",
dbesc($arr['uri']),
intval($channel['channel_id'])
);
- if($r)
- $ev['event_hash'] = $r[0]['event_hash'];
+ if($r) {
+ $ev['event_hash'] = $r[0]['resource_id'];
+ }
dbg(1);
$xyz = event_store($ev);
dbg(0);