5 files changed, 146 insertions, 7 deletions

diff --git a/mod/admin.php b/mod/admin.php
index b85106e74..3e50c7be6 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -250,6 +250,7 @@ function admin_page_site_post(&$a){
 	
 	$allowed_sites		=	((x($_POST,'allowed_sites'))	? notags(trim($_POST['allowed_sites']))		: '');
 	$allowed_email		=	((x($_POST,'allowed_email'))	? notags(trim($_POST['allowed_email']))		: '');
+	$not_allowed_email		=	((x($_POST,'not_allowed_email'))	? notags(trim($_POST['not_allowed_email']))		: '');	
 	$block_public		=	((x($_POST,'block_public'))		? True	:	False);
 	$force_publish		=	((x($_POST,'publish_all'))		? True	:	False);
 	$disable_discover_tab		=	((x($_POST,'disable_discover_tab'))		? True	:	False);
@@ -308,6 +309,7 @@ function admin_page_site_post(&$a){
 	set_config('system','register_text', $register_text);
 	set_config('system','allowed_sites', $allowed_sites);
 	set_config('system','allowed_email', $allowed_email);
+	set_config('system','not_allowed_email', $not_allowed_email);	
 	set_config('system','block_public', $block_public);
 	set_config('system','publish_all', $force_publish);
 	set_config('system','disable_discover_tab', $disable_discover_tab);
@@ -435,6 +437,7 @@ function admin_page_site(&$a) {
 		'$abandon_days'     => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')),
 		'$allowed_sites'	=> array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")),
 		'$allowed_email'	=> array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")),
+		'$not_allowed_email'	=> array('not_allowed_email', t("Not allowed email domains"), get_config('system','not_allowed_email'), t("Comma separated list of domains which are not allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains, unless allowed domains have been defined.")),
 		'$block_public'		=> array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.")),
 		'$verify_email'		=> array('verify_email', t("Verify Email Addresses"), get_config('system','verify_email'), t("Check to verify email addresses used in account registration (recommended).")),
 		'$force_publish'	=> array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")),
diff --git a/mod/connedit.php b/mod/connedit.php
index 2f2ac6c46..e7d16cd82 100644
--- a/mod/connedit.php
+++ b/mod/connedit.php
@@ -55,6 +55,8 @@ function connedit_post(&$a) {
 	if(! $contact_id)
 		return;
 
+	$channel = $a->get_channel();
+
 	// TODO if configured for hassle-free permissions, we'll post the form with ajax as soon as the
 	// connection enable is toggled to a special autopost url and set permissions immediately, leaving 
 	// the other form elements alone pending a manual submit of the form. The downside is that there 
@@ -79,9 +81,11 @@ function connedit_post(&$a) {
 
 	if($orig_record[0]['abook_flags'] & ABOOK_FLAG_SELF) {
 		$autoperms = intval($_POST['autoperms']);
+		$is_self = true;
 	}
 	else {
 		$autoperms = null;
+		$is_self = false;
 	}
 
 
@@ -126,7 +130,40 @@ function connedit_post(&$a) {
 	$abook_flags = $orig_record[0]['abook_flags'];
 	$new_friend = false;
 
-
+	if(! $is_self) {
+		$z = q("select * from xlink where xlink_xchan = '%s' and xlink_xlink = '%s' and xlink_static = 1 limit 1",
+			dbesc($channel['channel_hash']),
+			dbesc($orig_record[0]['abook_xchan'])
+		);
+		if($z) {
+			$record = $z[0]['xlink_id'];
+			$w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_updated = '%s' 
+				where xlink_id = %d",
+				intval($rating),
+				dbesc($rating_text),
+				dbesc(datetime_convert()),
+				intval($record)
+			);
+		}
+		else {
+			$w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', 1 ) ",
+				dbesc($channel['channel_hash']),
+				dbesc($orig_record[0]['abook_xchan']),
+				intval($rating),
+				dbesc($rating_text),
+				dbesc(datetime_convert())
+			);
+			$z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1",
+				dbesc($channel['channel_hash']),
+				dbesc($orig_record[0]['abook_xchan'])
+			);
+			if($z)
+				$record = $z[0]['xlink_id'];
+		}
+		if($record) {
+			proc_run('php','include/notifier.php','rating',$record);
+		}	
+	}
 
 	if(($_REQUEST['pending']) && ($abook_flags & ABOOK_FLAG_PENDING)) {
 		$abook_flags = ( $abook_flags ^ ABOOK_FLAG_PENDING );
@@ -167,7 +204,6 @@ function connedit_post(&$a) {
 	}
 
 	if($new_friend) {
-		$channel = $a->get_channel();
 		$default_group = $channel['channel_default_group'];
 		if($default_group) {
 			require_once('include/group.php');
@@ -530,6 +566,7 @@ function connedit_content(&$a) {
 		}
 
 		$poco_rating = get_config('system','poco_rating_enable');
+		$poco_rating = 0;
 		// if unset default to enabled
 		if($poco_rating === false)
 			$poco_rating = true;
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index f62320378..ad0dd5373 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -125,7 +125,7 @@ function dirsearch_content(&$a) {
 
 
 	if($hash) {
-		$sql_extra = " AND xchan_hash = '" . dbesc($hash) . "' ";
+		$sql_extra = " AND xchan_hash like '" . dbesc($hash) . protect_sprintf('%') . "' ";
 	}
 
 
@@ -221,8 +221,18 @@ function dirsearch_content(&$a) {
 
 
 		foreach($r as $rr) {
+
 			$entry = array();
 
+			$pc = q("select count(xlink_rating) as total_ratings from xlink where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 group by xlink_rating",
+				dbesc($rr['xchan_hash'])
+			);
+
+			if($pc)
+				$entry['total_ratings'] = intval($pc[0]['total_ratings']);
+			else
+				$entry['total_ratings'] = 0;
+
 			$entry['name']        = $rr['xchan_name'];
 			$entry['hash']        = $rr['xchan_hash'];
 
diff --git a/mod/prate.php b/mod/prate.php
new file mode 100644
index 000000000..28703d414
--- /dev/null
+++ b/mod/prate.php
@@ -0,0 +1,91 @@
+<?php
+
+
+function prate_post(&$a) {
+	if(! local_channel())
+		return;
+
+	$channel = $a->get_channel();
+
+	$target = $_REQUEST['target'];
+	if(! $target)
+		return;
+
+	if($target === $channel['channel_hash'])
+		return;
+
+	$rating = intval($_POST['rating']);
+	if($rating < (-10))
+		$rating = (-10);
+	if($rating > 10)
+		$rating = 10;
+
+	$rating_text = escape_tags($_REQUEST['rating_text']);
+
+	$z = q("select * from xlink where xlink_xchan = '%s' and xlink_xlink = '%s' and xlink_static = 1 limit 1",
+		dbesc($channel['channel_hash']),
+		dbesc($target)
+	);
+	if($z) {
+		$record = $z[0]['xlink_id'];
+		$w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_updated = '%s'
+			where xlink_id = %d",
+			intval($rating),
+			dbesc($rating_text),
+			dbesc(datetime_convert()),
+			intval($record)
+		);
+	}
+	else {
+		$w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', 1 ) ",
+			dbesc($channel['channel_hash']),
+			dbesc($target),
+			intval($rating),
+			dbesc($rating_text),
+			dbesc(datetime_convert())
+		);
+		$z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1",
+			dbesc($channel['channel_hash']),
+			dbesc($orig_record[0]['abook_xchan'])
+		);
+		if($z)
+			$record = $z[0]['xlink_id'];
+	}
+	if($record) {
+		proc_run('php','include/notifier.php','rating',$record);
+	}
+
+	$x = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+		dbesc($target),
+		intval($local_channel())
+	);
+	if($x) {
+		$w = q("update abook set abook_rating = %d, abook_rating_text = '%s' where abook_xchan = '%s' and abook_channel = %d",
+			intval($rating),
+			dbesc($rating_text),
+			dbesc($target),
+			intval(local_channel())
+		);
+		$x = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+			dbesc($target),
+			intval($local_channel())
+		);
+		if($x) {
+			unset($x[0]['abook_id']);
+			unset($x[0]['abook_account']);
+			unset($x[0]['abook_channel']);
+			build_sync_packet(0, array('abook' => array($x[0])));
+		}
+	}
+	return;
+}
+			
+
+
+
+
+
+
+
+
+
diff --git a/mod/tagger.php b/mod/tagger.php
index 7615e31cc..5c2c3c909 100644
--- a/mod/tagger.php
+++ b/mod/tagger.php
@@ -12,11 +12,9 @@ function tagger_content(&$a) {
 	}
 
 	$observer_hash = get_observer_hash();
-
+	//strip html-tags
 	$term = notags(trim($_GET['term']));
-	// no commas allowed
-	$term = str_replace(array(',',' '),array('','_'),$term);
-
+	//check if empty
 	if(! $term)
 		return;