diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/attach.php | 151 | ||||
| -rw-r--r-- | include/bbcode.php | 2 | ||||
| -rw-r--r-- | include/conversation.php | 9 | ||||
| -rwxr-xr-x | include/diaspora.php | 55 | ||||
| -rw-r--r-- | include/dir_fns.php | 43 | ||||
| -rw-r--r-- | include/identity.php | 4 | ||||
| -rwxr-xr-x | include/items.php | 1 | ||||
| -rw-r--r-- | include/js_strings.php | 4 | ||||
| -rw-r--r-- | include/notifier.php | 14 | ||||
| -rw-r--r-- | include/ratenotif.php | 124 | ||||
| -rw-r--r-- | include/text.php | 7 | ||||
| -rw-r--r-- | include/widgets.php | 60 | ||||
| -rw-r--r-- | include/zot.php | 46 |
13 files changed, 467 insertions, 53 deletions
diff --git a/include/attach.php b/include/attach.php index ec79f47e5..cd8fe4f06 100644 --- a/include/attach.php +++ b/include/attach.php @@ -970,6 +970,30 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $poster = get_app()->get_observer(); + //if we got no object something went wrong + if(!$object) + return; + + $is_dir = (($object['flags'] & ATTACH_FLAG_DIR) ? true : false); + + //do not send activity for folders for now + if($is_dir) + return; + + //check for recursive perms if we are in a folder + if($object['folder']) { + + $folder_hash = $object['folder']; + + $r_perms = recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash); + + $allow_cid = perms2str($r_perms['allow_cid']); + $allow_gid = perms2str($r_perms['allow_gid']); + $deny_cid = perms2str($r_perms['deny_cid']); + $deny_gid = perms2str($r_perms['deny_gid']); + + } + $mid = item_message_id(); $arr = array(); @@ -1124,7 +1148,132 @@ function get_file_activity_object($channel_id, $hash, $cloudpath) { 'created' => $x[0]['created'], 'edited' => $x[0]['edited'] ); - return $object; } + +function recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash) { + + $poster = get_app()->get_observer(); + + $arr_allow_cid = expand_acl($allow_cid); + $arr_allow_gid = expand_acl($allow_gid); + $arr_deny_cid = expand_acl($deny_cid); + $arr_deny_gid = expand_acl($deny_gid); + + $count = 0; + while($folder_hash) { + $x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s' LIMIT 1", + dbesc($folder_hash) + ); + + //only process private folders + if($x[0]['allow_cid'] || $x[0]['allow_gid'] || $x[0]['deny_cid'] || $x[0]['deny_gid']) { + + $parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']); + $parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']); + + //TODO: should find a much better solution for the allow_cid <-> allow_gid problem. + //Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid. + if($parent_arr['allow_gid']) { + foreach($parent_arr['allow_gid'][$count] as $gid) { + $in_group = in_group($gid); + $parent_arr['allow_cid'][$count] = array_unique(array_merge($parent_arr['allow_cid'][$count], $in_group)); + } + } + + $parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']); + $parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']); + + $count++; + + } + + $folder_hash = $x[0]['folder']; + + } + + //if none of the parent folders is private just return file perms + if(!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) { + $ret['allow_gid'] = $arr_allow_gid; + $ret['allow_cid'] = $arr_allow_cid; + $ret['deny_gid'] = $arr_deny_gid; + $ret['deny_cid'] = $arr_deny_cid; + + return $ret; + } + + //if there are no perms on the file we get them from the first parent folder + if(!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) { + $arr_allow_cid = $parent_arr['allow_cid'][0]; + $arr_allow_gid = $parent_arr['allow_gid'][0]; + $arr_deny_cid = $parent_arr['deny_cid'][0]; + $arr_deny_gid = $parent_arr['deny_gid'][0]; + } + + //allow_cid + $r_arr_allow_cid = false; + foreach ($parent_arr['allow_cid'] as $folder_arr_allow_cid) { + foreach ($folder_arr_allow_cid as $ac_hash) { + $count_values[$ac_hash]++; + } + } + foreach ($arr_allow_cid as $fac_hash) { + if($count_values[$fac_hash] == $count) + $r_arr_allow_cid[] = $fac_hash; + } + + //allow_gid + $r_arr_allow_gid = false; + foreach ($parent_arr['allow_gid'] as $folder_arr_allow_gid) { + foreach ($folder_arr_allow_gid as $ag_hash) { + $count_values[$ag_hash]++; + } + } + foreach ($arr_allow_gid as $fag_hash) { + if($count_values[$fag_hash] == $count) + $r_arr_allow_gid[] = $fag_hash; + } + + //deny_gid + foreach($parent_arr['deny_gid'] as $folder_arr_deny_gid) { + $r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); + } + $r_arr_deny_gid = array_unique($r_arr_deny_gid); + + //deny_cid + foreach($parent_arr['deny_cid'] as $folder_arr_deny_cid) { + $r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); + } + $r_arr_deny_cid = array_unique($r_arr_deny_cid); + + //if none is allowed restrict to self + if(($r_arr_allow_gid === false) && ($r_arr_allow_cid === false)) { + $ret['allow_cid'] = $poster['xchan_hash']; + } else { + $ret['allow_gid'] = $r_arr_allow_gid; + $ret['allow_cid'] = $r_arr_allow_cid; + $ret['deny_gid'] = $r_arr_deny_gid; + $ret['deny_cid'] = $r_arr_deny_cid; + } + + return $ret; + +} + +function in_group($group_id) { + //TODO: make these two queries one with a join. + $x = q("SELECT id FROM groups WHERE hash = '%s'", + dbesc($group_id) + ); + + $r = q("SELECT xchan FROM group_member WHERE gid = %d", + intval($x[0]['id']) + ); + + foreach($r as $ig) { + $group_members[] = $ig['xchan']; + } + + return $group_members; +} diff --git a/include/bbcode.php b/include/bbcode.php index 7067fcd39..8f2b5bd38 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -216,7 +216,7 @@ function bb_ShareAttributes($match) { $headline = '<div class="shared_container"> <div class="shared_header">'; if ($avatar != "") - $headline .= '<img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" />'; + $headline .= '<a href="' . zid($profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>'; // Bob Smith wrote the following post 2 hours ago diff --git a/include/conversation.php b/include/conversation.php index a61f070a7..f76d3a27c 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -610,10 +610,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ $profile_link = zid($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); - if(x($a->contacts,$normalised)) - $profile_avatar = $a->contacts[$normalised]['thumb']; - else - $profile_avatar = ((strlen($item['author-avatar'])) ? $a->get_cached_avatar_image($item['author-avatar']) : $item['thumb']); $profile_name = $item['author']['xchan_name']; $profile_link = $item['author']['xchan_url']; @@ -1129,6 +1125,9 @@ function status_editor($a,$x,$popup=false) { if(x($x,'nopreview')) $preview = ''; + $defexpire = ((($z = get_pconfig($x['profile_uid'],'system','default_post_expire')) && (! $webpage)) ? $z : ''); + + $cipher = get_pconfig($x['profile_uid'],'system','default_cipher'); if(! $cipher) $cipher = 'aes256'; @@ -1186,7 +1185,7 @@ function status_editor($a,$x,$popup=false) { '$preview' => $preview, '$source' => ((x($x,'source')) ? $x['source'] : ''), '$jotplugins' => $jotplugins, - '$defexpire' => '', + '$defexpire' => $defexpire, '$feature_expire' => ((feature_enabled($x['profile_uid'],'content_expire') && (! $webpage)) ? true : false), '$expires' => t('Set expiration date'), '$feature_encrypt' => ((feature_enabled($x['profile_uid'],'content_encrypt') && (! $webpage)) ? true : false), diff --git a/include/diaspora.php b/include/diaspora.php index 447fd363a..518f6ccd1 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -35,19 +35,28 @@ function diaspora_dispatch_public($msg) { logger('diaspora_public: delivering to: ' . $rr['channel_name'] . ' (' . $rr['channel_address'] . ') '); diaspora_dispatch($rr,$msg); } - if($sys) - diaspora_dispatch($sys,$msg); } - else - logger('diaspora_public: no subscribers'); + else { + if(! $sys) + logger('diaspora_public: no subscribers'); + } + + if($sys) { + $sys['system'] = true; + logger('diaspora_public: delivering to sys.'); + diaspora_dispatch($sys,$msg); + } } -function diaspora_dispatch($importer,$msg,$attempt=1) { +function diaspora_dispatch($importer,$msg) { $ret = 0; + if(! array_key_exists('system',$importer)) + $importer['system'] = false; + $enabled = intval(get_config('system','diaspora_enabled')); if(! $enabled) { logger('mod-diaspora: disabled'); @@ -100,7 +109,7 @@ function diaspora_dispatch($importer,$msg,$attempt=1) { $ret = diaspora_signed_retraction($importer,$xmlbase->relayable_retraction,$msg); } elseif($xmlbase->photo) { - $ret = diaspora_photo($importer,$xmlbase->photo,$msg,$attempt); + $ret = diaspora_photo($importer,$xmlbase->photo,$msg); } elseif($xmlbase->conversation) { $ret = diaspora_conversation($importer,$xmlbase->conversation,$msg); @@ -267,8 +276,6 @@ function diaspora_process_outbound($arr) { } - - function diaspora_handle_from_contact($contact_hash) { logger("diaspora_handle_from_contact: contact id is " . $contact_hash, LOGGER_DEBUG); @@ -286,11 +293,21 @@ function diaspora_get_contact_by_handle($uid,$handle) { if(diaspora_is_blacklisted($handle)) return false; + require_once('include/identity.php'); + + $sys = get_sys_channel(); + if(($sys) && ($sys['channel_id'] == $uid)) { + $r = q("SELECT * FROM xchan where xchan_addr = '%s' limit 1", + dbesc($handle) + ); + } + else { + $r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where xchan_addr = '%s' and abook_channel = %d limit 1", + dbesc($handle), + intval($uid) + ); + } - $r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where xchan_addr = '%s' and abook_channel = %d limit 1", - dbesc($handle), - intval($uid) - ); return (($r) ? $r[0] : false); } @@ -783,7 +800,7 @@ function diaspora_post($importer,$xml,$msg) { } - if(! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream')) { + if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream'))) { logger('diaspora_post: Ignoring this author.'); return 202; } @@ -970,7 +987,7 @@ function diaspora_reshare($importer,$xml,$msg) { if(! $contact) return; - if(! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream')) { + if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream'))) { logger('diaspora_reshare: Ignoring this author: ' . $diaspora_handle . ' ' . print_r($xml,true)); return 202; } @@ -1137,7 +1154,7 @@ function diaspora_asphoto($importer,$xml,$msg) { if(! $contact) return; - if(! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream')) { + if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream'))) { logger('diaspora_asphoto: Ignoring this author.'); return 202; } @@ -1242,7 +1259,7 @@ function diaspora_comment($importer,$xml,$msg) { return; } - if(! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'post_comments')) { + if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'post_comments'))) { logger('diaspora_comment: Ignoring this author.'); return 202; } @@ -1719,7 +1736,7 @@ function diaspora_message($importer,$xml,$msg) { } -function diaspora_photo($importer,$xml,$msg,$attempt=1) { +function diaspora_photo($importer,$xml,$msg) { $a = get_app(); @@ -1747,7 +1764,7 @@ function diaspora_photo($importer,$xml,$msg,$attempt=1) { return; } - if(! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream')) { + if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'send_stream'))) { logger('diaspora_photo: Ignoring this author.'); return 202; } @@ -1806,7 +1823,7 @@ function diaspora_like($importer,$xml,$msg) { } - if(! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'post_comments')) { + if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'post_comments'))) { logger('diaspora_like: Ignoring this author.'); return 202; } diff --git a/include/dir_fns.php b/include/dir_fns.php index 86be8662c..b5ba296cf 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -216,6 +216,49 @@ function sync_directories($dirmode) { ); } } + if(count($j['ratings'])) { + foreach($j['ratings'] as $rr) { + $x = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", + dbesc($rr['channel']), + dbesc($rr['target']) + ); + if($x && $x[0]['xlink_updated'] >= $rr['edited']) + continue; + $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", + dbesc($rr['channel']) + ); + if(! $y) { + logger('key unavailable on this site for ' . $rr['channel']); + continue; + } + if(! rsa_verify($rr['target'] . '.' . $rr['rating'] . '.' . $rr['rating_text'], base64url_decode($rr['signature']),$y[0]['xchan_pubkey'])) { + logger('failed to verify rating'); + continue; + } + + if($x) { + $z = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d", + intval($rr['rating']), + dbesc($rr['rating_text']), + dbesc($rr['signature']), + dbesc(datetime_convert()), + intval($x[0]['xlink_id']) + ); + logger('rating updated'); + } + else { + $z = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values( '%s', '%s', %d, '%s', '%s', 1 ) ", + dbesc($rr['channel']), + dbesc($rr['target']), + intval($rr['rating']), + dbesc($rr['rating_text']), + dbesc($rr['signature']), + dbesc(datetime_convert()) + ); + logger('rating created'); + } + } + } } } diff --git a/include/identity.php b/include/identity.php index f81d285c7..4a39070bd 100644 --- a/include/identity.php +++ b/include/identity.php @@ -941,6 +941,9 @@ logger('online: ' . $profile['online']); $tpl = get_markup_template('profile_vcard.tpl'); + require_once('include/widgets.php'); + $z = widget_rating(array('target' => $profile['channel_hash'])); + $o .= replace_macros($tpl, array( '$profile' => $profile, '$connect' => $connect, @@ -952,6 +955,7 @@ logger('online: ' . $profile['online']); '$homepage' => $homepage, '$chanmenu' => $channel_menu, '$diaspora' => $diaspora, + '$rating' => $z, '$contact_block' => $contact_block, )); diff --git a/include/items.php b/include/items.php index f07b7a2e7..4608d5d55 100755 --- a/include/items.php +++ b/include/items.php @@ -4746,6 +4746,7 @@ function item_remove_cid($xchan_hash,$mid,$uid) { // Set item permissions based on results obtained from linkify_tags() function set_linkified_perms($linkified, &$str_contact_allow, &$str_group_allow, $profile_uid, $parent_item = false) { $first_access_tag = true; + foreach($linkified as $x) { $access_tag = $x['access_tag']; if(($access_tag) && (! $parent_item)) { diff --git a/include/js_strings.php b/include/js_strings.php index f4c0a631d..56ffa9536 100644 --- a/include/js_strings.php +++ b/include/js_strings.php @@ -16,6 +16,10 @@ function js_strings() { '$permschange' => t('Notice: Permissions have changed but have not yet been submitted.'), '$closeAll' => t('close all'), '$nothingnew' => t('Nothing new here'), + '$rating_desc' => t('Rate This Channel (this is public)'), + '$rating_val' => t('Rating'), + '$rating_text' => t('Describe (optional)'), + '$submit' => t('Submit'), '$t01' => ((t('timeago.prefixAgo') != 'timeago.prefixAgo') ? t('timeago.prefixAgo') : ''), '$t02' => ((t('timeago.prefixFromNow') != 'timeago.prefixFromNow') ? t('timeago.prefixFromNow') : ''), diff --git a/include/notifier.php b/include/notifier.php index 303e3485b..174df7120 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -295,15 +295,6 @@ function notifier_run($argv, $argc){ $private = false; $packet_type = 'purge'; } - elseif($cmd === 'rating') { - $r = q("select * from xlink where xlink_id = %d and xlink_static = 1 limit 1", - intval($item_id) - ); - if($r) { - logger('rating message: ' . print_r($r[0],true)); - return; - } - } else { // Normal items @@ -483,11 +474,6 @@ function notifier_run($argv, $argc){ // Now we have collected recipients (except for external mentions, FIXME) // Let's reduce this to a set of hubs. - - // for public posts always include our own hub -// this shouldn't be needed any more. collect_recipients should take care of it. -// $sql_extra = (($private) ? "" : " or hubloc_url = '" . dbesc(z_root()) . "' "); - logger('notifier: hub choice: ' . intval($relay_to_owner) . ' ' . intval($private) . ' ' . $cmd, LOGGER_DEBUG); if($relay_to_owner && (! $private) && ($cmd !== 'relay')) { diff --git a/include/ratenotif.php b/include/ratenotif.php new file mode 100644 index 000000000..4fa0077a6 --- /dev/null +++ b/include/ratenotif.php @@ -0,0 +1,124 @@ +<?php + +require_once('include/cli_startup.php'); +require_once('include/zot.php'); +require_once('include/queue_fn.php'); + + +function ratenotif_run($argv, $argc){ + + cli_startup(); + + $a = get_app(); + + require_once("session.php"); + require_once("datetime.php"); + require_once('include/items.php'); + require_once('include/Contact.php'); + + if($argc < 3) + return; + + + logger('ratenotif: invoked: ' . print_r($argv,true), LOGGER_DEBUG); + + $cmd = $argv[1]; + + $item_id = $argv[2]; + + + if($cmd === 'rating') { + $r = q("select * from xlink where xlink_id = %d and xlink_static = 1 limit 1", + intval($item_id) + ); + if(! $r) { + logger('rating not found'); + return; + } + + $encoded_item = array( + 'type' => 'rating', + 'encoding' => 'zot', + 'target' => $r[0]['xlink_link'], + 'rating' => intval($r[0]['xlink_rating']), + 'rating_text' => $r[0]['xlink_rating_text'], + 'signature' => $r[0]['xlink_sig'], + 'edited' => $r[0]['xlink_updated'] + ); + } + + $channel = channelx_by_hash($r[0]['xlink_xchan']); + if(! $channel) { + logger('no channel'); + return; + } + + + $primary = get_directory_primary(); + + if(! $primary) + return; + + + $interval = ((get_config('system','delivery_interval') !== false) + ? intval(get_config('system','delivery_interval')) : 2 ); + + $deliveries_per_process = intval(get_config('system','delivery_batch_count')); + + if($deliveries_per_process <= 0) + $deliveries_per_process = 1; + + $deliver = array(); + + $x = z_fetch_url($primary . '/regdir'); + if($x['success']) { + $j = json_decode($x['body'],true); + if($j && $j['success'] && is_array($j['directories'])) { + + foreach($j['directories'] as $h) { +// if($h == z_root()) +// continue; + + $hash = random_string(); + $n = zot_build_packet($channel,'notify',null,null,$hash); + + q("insert into outq ( outq_hash, outq_account, outq_channel, outq_driver, outq_posturl, outq_async, outq_created, outq_updated, outq_notify, outq_msg ) values ( '%s', %d, %d, '%s', '%s', %d, '%s', '%s', '%s', '%s' )", + dbesc($hash), + intval($channel['channel_account_id']), + intval($channel['channel_id']), + dbesc('zot'), + dbesc($h . '/post'), + intval(1), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc($n), + dbesc(json_encode($encoded_item)) + ); + } + $deliver[] = $hash; + + if(count($deliver) >= $deliveries_per_process) { + proc_run('php','include/deliver.php',$deliver); + $deliver = array(); + if($interval) + @time_sleep_until(microtime(true) + (float) $interval); + } + + + // catch any stragglers + + if(count($deliver)) { + proc_run('php','include/deliver.php',$deliver); + } + } + } + + logger('ratenotif: complete.'); + return; + +} + +if (array_search(__file__,get_included_files())===0){ + ratenotif_run($argv,$argc); + killme(); +} diff --git a/include/text.php b/include/text.php index 6c3bb3017..1689dbef7 100644 --- a/include/text.php +++ b/include/text.php @@ -1945,9 +1945,9 @@ function find_xchan_in_array($xchan,$arr) { } function get_rel_link($j,$rel) { - if(count($j)) + if(is_array($j) && ($j)) foreach($j as $l) - if($l['rel'] === $rel) + if(array_key_exists('rel',$j) && $l['rel'] === $rel && array_key_exists('href',$l)) return $l['href']; return ''; @@ -2296,6 +2296,7 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { } } else { + // check for a group/collection exclusion tag // note that we aren't setting $replaced even though we're replacing text. @@ -2356,6 +2357,8 @@ function linkify_tags($a, &$body, $uid) { $tags = get_tags($body); if(count($tags)) { foreach($tags as $tag) { + $access_tag = ''; + // If we already tagged 'Robert Johnson', don't try and tag 'Robert'. // Robert Johnson should be first in the $tags array diff --git a/include/widgets.php b/include/widgets.php index 882e21f1c..7cc9fc708 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -903,3 +903,63 @@ function widget_random_block($arr) { return $o; } + + +function widget_rating($arr) { + $a = get_app(); + + $poco_rating = get_config('system','poco_rating_enable'); + if((! $poco_rating) && ($poco_rating !== false)) { + return; + } + + if($arr['target']) + $hash = $arr['target']; + else + $hash = $a->poi['xchan_hash']; + + if(! $hash) + return; + + $url = ''; + $remote = false; + + if(remote_channel() && ! local_channel()) { + $ob = $a->get_observer(); + if($ob && $ob['xchan_url']) { + $p = parse_url($ob['xchan_url']); + if($p) { + $url = $p['scheme'] . '://' . $p['host'] . (($p['port']) ? ':' . $p['port'] : ''); + $url .= '/rate?f=&target=' . urlencode($hash); + } + $remote = true; + } + } + + $self = false; + + if(local_channel()) { + $channel = $a->get_channel(); + + if($hash == $channel['channel_hash']) + $self = true; + + head_add_js('ratings.js'); + + } + + if((($remote) || (local_channel())) && (! $self)) { + $o = '<div class="widget rateme">'; + if($remote) + $o .= '<a class="rateme" href="' . $url . '"><i class="icon-pencil"></i> ' . t('Rate Me') . '</a>'; + else + $o .= '<div class="rateme fakelink" onclick="doRatings(\'' . $hash . '\'); return false;"><i class="icon-pencil"></i> ' . t('Rate Me') . '</div>'; + $o .= '</div>'; + } + + $o .= '<div class="widget rateme"><a class="rateme" href="ratings/' . $hash . '"><i class="icon-eye-open"></i> ' . t('View Ratings') . '</a>'; + $o .= '</div>'; + + return $o; + +} diff --git a/include/zot.php b/include/zot.php index ed8f1e72e..b654a1b86 100644 --- a/include/zot.php +++ b/include/zot.php @@ -418,7 +418,7 @@ function zot_refresh($them,$channel = null, $force = false) { where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 ", intval($their_perms), - dbesc($next_birthday), + dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) @@ -1067,6 +1067,11 @@ function zot_import($arr, $sender_url) { if(is_array($incoming)) { foreach($incoming as $i) { + if(! is_array($i)) { + logger('incoming is not an array'); + continue; + } + $result = null; if(array_key_exists('iv',$i['notify'])) { @@ -1091,7 +1096,8 @@ function zot_import($arr, $sender_url) { if(array_key_exists('message',$i) && array_key_exists('type',$i['message']) && $i['message']['type'] === 'rating') { // rating messages are processed only by directory servers logger('Rating received: ' . print_r($arr,true), LOGGER_DATA); - $result = process_rating_delivery($i['notify']['sender'],$arr); + $result = process_rating_delivery($i['notify']['sender'],$i['message']); + continue; } if(array_key_exists('recipients',$i['notify']) && count($i['notify']['recipients'])) { @@ -1793,34 +1799,52 @@ function process_mail_delivery($sender,$arr,$deliveries) { function process_rating_delivery($sender,$arr) { - $dirmode = intval(get_config('system','directory_mode')); - if($dirmode == DIRECTORY_MODE_NORMAL) - return; + logger('process_rating_delivery: ' . print_r($arr,true)); if(! $arr['target']) return; - $r = q("select * from xlink where xlink_xchan = '%s' and xlink_target = '%s' limit 1", + $z = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", + dbesc($sender['hash']) + ); + + + if((! $z) || (! rsa_verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) { + logger('failed to verify rating'); + return; + } + + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($sender['hash']), dbesc($arr['target']) - ); + ); + if($r) { - $x = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_updated = '%s' where xlink_id = %d", + if($r[0]['xlink_updated'] >= $arr['edited']) { + logger('rating message duplicate'); + return; + } + + $x = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d", intval($arr['rating']), - intval($arr['rating_text']), + dbesc($arr['rating_text']), + dbesc($arr['signature']), dbesc(datetime_convert()), intval($r[0]['xlink_id']) ); + logger('rating updated'); } else { - $x = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_updated, xlink_static ) + $x = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values( '%s', '%s', %d, '%s', '%s', 1 ) ", dbesc($sender['hash']), dbesc($arr['target']), intval($arr['rating']), - intval($arr['rating_text']), + dbesc($arr['rating_text']), + dbesc($arr['signature']), dbesc(datetime_convert()) ); + logger('rating created'); } return; } |