diff options
Diffstat (limited to 'mod')
152 files changed, 27244 insertions, 0 deletions
diff --git a/mod/_well_known.php b/mod/_well_known.php new file mode 100644 index 000000000..d88bc2391 --- /dev/null +++ b/mod/_well_known.php @@ -0,0 +1,42 @@ +<?php
+
+function _well_known_init(&$a){
+
+ if(argc() > 1) {
+
+ $arr = array('server' => $_SERVER, 'request' => $_REQUEST);
+ call_hooks('well_known', $arr);
+
+ switch(argv(1)) {
+ case 'zot-info':
+ $a->argc -= 1;
+ array_shift($a->argv);
+ $a->argv[0] = 'zfinger';
+ require_once('mod/zfinger.php');
+ zfinger_init($a);
+ break;
+
+ case 'webfinger':
+ $a->argc -= 1;
+ array_shift($a->argv);
+ $a->argv[0] = 'wfinger';
+ require_once('mod/wfinger.php');
+ wfinger_init($a);
+ break;
+
+ case 'host-meta':
+ $a->argc -= 1;
+ array_shift($a->argv);
+ $a->argv[0] = 'hostxrd';
+ require_once('mod/hostxrd.php');
+ hostxrd_init($a);
+ break;
+
+ default:
+ break;
+
+ }
+ }
+
+ http_status_exit(404);
+}
\ No newline at end of file diff --git a/mod/achievements.php b/mod/achievements.php new file mode 100644 index 000000000..1d0018b08 --- /dev/null +++ b/mod/achievements.php @@ -0,0 +1,87 @@ +<?php + +function achievements_content(&$a) { + // This doesn't work, so + if (! is_developer()) + return; + + if(argc() > 1) + $which = argv(1); + else { + notice( t('Requested profile is not available.') . EOL ); + return; +} + + $profile = 0; + $profile = argv(1); + profile_load($a,$which,$profile); + + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + $perms = get_all_perms($owner,$ob_hash); + if(! $perms['view_profile']) { + notice( t('Permission denied.') . EOL); + return; + } + + $newmembertext = t('Some blurb about what to do when you\'re new here'); + + +// By default, all badges are false + $contactbadge = false; + $profilebadge = false; + $keywordsbadge = false; + +// Check number of contacts. Award a badge if over 10 +// We'll figure these out on each page load instead of +// writing them to the DB because that will mean one needs +// to retain their achievements - eg, you can't add +// a bunch of channels just to get your badge, and then +// delete them all again. If these become popular or +// used in profiles or something, we may need to reconsider +// and add a table for this - because this won't scale. + + $r = q("select * from abook where abook_channel = %d", + intval($owner) + ); + + if (count($r)) + $contacts = count($r); + // We're checking for 11 to adjust for the abook record for self + if ($contacts >= 11) + $contactbadge = true; + +// Check if an about field in the profile has been created. + + $r = q("select * from profile where uid = %d and about <> ''", + intval($owner) + ); + + if ($r) + $profilebadge = 1; + +// Check if keywords have been set + + $r = q("select * from profile where uid = %d and keywords <> ''", + intval($owner) + ); + + if($r) + $keywordsbadge = 1; + + return replace_macros(get_markup_template("achievements.tpl"), array( + '$newmembertext' => $newmembertext, + '$profilebadge' => $profilebadge, + '$contactbadge' => $contactbadge, + '$keywordsbadge' => $keywordsbadge, + '$channelsbadge' => $channelsbadge +)); + +} diff --git a/mod/acl.php b/mod/acl.php new file mode 100644 index 000000000..6383d774c --- /dev/null +++ b/mod/acl.php @@ -0,0 +1,309 @@ +<?php +/* ACL selector json backend */ + +require_once("include/acl_selectors.php"); + +function acl_init(&$a){ + +// logger('mod_acl: ' . print_r($_REQUEST,true)); + + $start = (x($_REQUEST,'start')?$_REQUEST['start']:0); + $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); + $search = (x($_REQUEST,'search')?$_REQUEST['search']:""); + $type = (x($_REQUEST,'type')?$_REQUEST['type']:""); + $noforums = (x($_REQUEST,'n') ? $_REQUEST['n'] : false); + + // List of channels whose connections to also suggest, e.g. currently viewed channel or channels mentioned in a post + $extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array()); + + // For use with jquery.autocomplete for private mail completion + + if(x($_REQUEST,'query') && strlen($_REQUEST['query'])) { + if(! $type) + $type = 'm'; + $search = $_REQUEST['query']; + } + + if(!(local_channel())) + if(!($type == 'x' || $type == 'c')) + killme(); + + if ($search != "") { + $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; + $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; + + // This horrible mess is needed because position also returns 0 if nothing is found. W/ould be MUCH easier if it instead returned a very large value + // Otherwise we could just order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)). + $order_extra2 = "CASE WHEN xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) ." then POSITION('".dbesc($search)."' IN xchan_name) else position('".dbesc($search)."' IN xchan_addr) end, "; + $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' ); + $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; + + } else { + $sql_extra = $sql_extra2 = $sql_extra3 = ""; + } + + + $groups = array(); + $contacts = array(); + + if ($type=='' || $type=='g'){ + + $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`name`, + %s as uids + FROM `groups`,`group_member` + WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d + AND `group_member`.`gid`=`groups`.`id` + $sql_extra + GROUP BY `groups`.`id` + ORDER BY `groups`.`name` + LIMIT %d OFFSET %d", + db_concat('group_member.xchan', ','), + intval(local_channel()), + intval($count), + intval($start) + ); + + foreach($r as $g){ +// logger('acl: group: ' . $g['name'] . ' members: ' . $g['uids']); + $groups[] = array( + "type" => "g", + "photo" => "images/twopeople.png", + "name" => $g['name'], + "id" => $g['id'], + "xid" => $g['hash'], + "uids" => explode(",",$g['uids']), + "link" => '' + ); + } + } + + if ($type=='' || $type=='c') { + $extra_channels_sql = ''; + // Only include channels who allow the observer to view their permissions + foreach($extra_channels as $channel) { + if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) + $extra_channels_sql .= "," . intval($channel); + } + + $extra_channels_sql = substr($extra_channels_sql,1); // Remove initial comma + + // Getting info from the abook is better for local users because it contains info about permissions + if(local_channel()) { + if($extra_channels_sql != '') + $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; + + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and abook_archived = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , + intval(local_channel()) + ); + + } + else { // Visitors + $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags + FROM xchan left join xlink on xlink_link = xchan_hash + WHERE xlink_xchan = '%s' AND xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , + dbesc(get_observer_hash()) + ); + + // Find contacts of extra channels + // This is probably more complicated than it needs to be + if($extra_channels_sql) { + // Build a list of hashes that we got previously so we don't get them again + $known_hashes = array("'".get_observer_hash()."'"); + if($r) + foreach($r as $rr) + $known_hashes[] = "'".$rr['hash']."'"; + $known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')'; + + $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_archived = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc"); + if($r2) + $r = array_merge($r,$r2); + + // Sort accoring to match position, then alphabetically. This could be avoided if the above two SQL queries could be combined into one, and the sorting could be done on the SQl server (like in the case of a local user) + $matchpos = function($x) use($search) { + $namepos = strpos($x['name'],$search); + $nickpos = strpos($x['nick'],$search); + // Use a large position if not found + return min($namepos === false ? 9999 : $namepos, $nickpos === false ? 9999 : $nickpos); + }; + // This could be made simpler if PHP supported stable sorting + usort($r,function($a,$b) use($matchpos) { + $pos1 = $matchpos($a); + $pos2 = $matchpos($b); + if($pos1 == $pos2) { // Order alphabetically if match position is the same + if($a['name'] == $b['name']) + return 0; + else + return ($a['name'] < $b['name']) ? -1 : 1; + } + return ($pos1 < $pos2) ? -1 : 1; + }); + } + } + if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_channel(),'system','taganyone'))) { + if((count($r) < 100) && $type == 'c') { + $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags + FROM xchan + WHERE xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" + ); + if($r2) + $r = array_merge($r,$r2); + } + } + } + elseif($type == 'm') { + + $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0) + and xchan_deleted = 0 + $sql_extra3 + ORDER BY `xchan_name` ASC ", + intval(local_channel()), + intval(PERMS_W_MAIL) + ); + } + elseif(($type == 'a') || ($type == 'p')) { + + $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d + and xchan_deleted = 0 + $sql_extra3 + ORDER BY xchan_name ASC ", + intval(local_channel()) + ); + + } + elseif($type == 'x') { + $r = navbar_complete($a); + $contacts = array(); + if($r) { + foreach($r as $g) { + $contacts[] = array( + "photo" => $g['photo'], + "name" => $g['name'], + "nick" => $g['address'], + ); + } + } + + $o = array( + 'start' => $start, + 'count' => $count, + 'items' => $contacts, + ); + echo json_encode($o); + killme(); + } + else + $r = array(); + + if(count($r)) { + foreach($r as $g){ + + // remove RSS feeds from ACLs - they are inaccessible + if(strpos($g['hash'],'/') && $type != 'a') + continue; + + if(($g['abook_their_perms'] & PERMS_W_TAGWALL) && $type == 'c' && (! $noforums)) { + $contacts[] = array( + "type" => "c", + "photo" => "images/twopeople.png", + "name" => $g['name'] . '+', + "id" => $g['id'] . '+', + "xid" => $g['hash'], + "link" => $g['nick'], + "nick" => substr($g['nick'],0,strpos($g['nick'],'@')), + "self" => (intval($g['abook_self']) ? 'abook-self' : ''), + "taggable" => 'taggable', + "label" => t('network') + ); + } + $contacts[] = array( + "type" => "c", + "photo" => $g['micro'], + "name" => $g['name'], + "id" => $g['id'], + "xid" => $g['hash'], + "link" => $g['nick'], + "nick" => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : t('RSS')), + "self" => (intval($g['abook_self']) ? 'abook-self' : ''), + "taggable" => '', + "label" => '', + ); + } + } + + $items = array_merge($groups, $contacts); + + $o = array( + 'start' => $start, + 'count' => $count, + 'items' => $items, + ); + + + + echo json_encode($o); + + killme(); +} + + +function navbar_complete(&$a) { + +// logger('navbar_complete'); + + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + return; + } + + $dirmode = intval(get_config('system','directory_mode')); + $search = ((x($_REQUEST,'search')) ? htmlentities($_REQUEST['search'],ENT_COMPAT,'UTF-8',false) : ''); + if(! $search || mb_strlen($search) < 2) + return array(); + + $star = false; + $address = false; + + if(substr($search,0,1) === '@') + $search = substr($search,1); + + if(substr($search,0,1) === '*') { + $star = true; + $search = substr($search,1); + } + + if(strpos($search,'@') !== false) { + $address = true; + } + + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { + $url = z_root() . '/dirsearch'; + } + + if(! $url) { + require_once("include/dir_fns.php"); + $directory = find_upstream_directory($dirmode); + $url = $directory['url'] . '/dirsearch'; + } + + $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); + if($url) { + $query = $url . '?f=' ; + $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : ''); + + $x = z_fetch_url($query); + if($x['success']) { + $t = 0; + $j = json_decode($x['body'],true); + if($j && $j['results']) { + return $j['results']; + } + } + } + return array(); +} diff --git a/mod/admin.php b/mod/admin.php new file mode 100644 index 000000000..3b8cd2a95 --- /dev/null +++ b/mod/admin.php @@ -0,0 +1,1476 @@ +<?php +/** + * @file mod/admin.php + * @brief Hubzilla's admin controller. + * + * Controller for the /admin/ area. + */ + + +/** + * @param App &$a + */ +function admin_post(&$a){ + logger('admin_post', LOGGER_DEBUG); + + if(! is_site_admin()) { + return; + } + + // urls + if (argc() > 1) { + switch (argv(1)) { + case 'site': + admin_page_site_post($a); + break; + case 'users': + admin_page_users_post($a); + break; + case 'channels': + admin_page_channels_post($a); + break; + case 'plugins': + if (argc() > 2 && + is_file("addon/" . argv(2) . "/" . argv(2) . ".php")){ + @include_once("addon/" . argv(2) . "/" . argv(2) . ".php"); + if(function_exists(argv(2).'_plugin_admin_post')) { + $func = argv(2) . '_plugin_admin_post'; + $func($a); + } + } + goaway($a->get_baseurl(true) . '/admin/plugins/' . argv(2) ); + break; + case 'themes': + $theme = argv(2); + if (is_file("view/theme/$theme/php/config.php")){ + require_once("view/theme/$theme/php/config.php"); +// fixme add parent theme if derived + if (function_exists("theme_admin_post")){ + theme_admin_post($a); + } + } + info(t('Theme settings updated.')); + if(is_ajax()) return; + + goaway($a->get_baseurl(true) . '/admin/themes/' . $theme ); + break; + case 'logs': + admin_page_logs_post($a); + break; + case 'hubloc': + admin_page_hubloc_post($a); + break; + case 'dbsync': + admin_page_dbsync_post($a); + break; + case 'profs': + admin_page_profs_post($a); + break; + } + } + + goaway($a->get_baseurl(true) . '/admin' ); +} + +/** + * @param App &$a + * @return string + */ +function admin_content(&$a) { + + logger('admin_content', LOGGER_DEBUG); + + if(! is_site_admin()) { + return login(false); + } + + /* + * Side bar links + */ + + // array( url, name, extra css classes ) + + $aside = array( + 'site' => array($a->get_baseurl(true)."/admin/site/", t("Site") , "site"), + 'users' => array($a->get_baseurl(true)."/admin/users/", t("Accounts") , "users"), + 'channels' => array($a->get_baseurl(true)."/admin/channels/", t("Channels") , "channels"), + 'plugins' => array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"), + 'themes' => array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"), + 'queue' => array(z_root() . '/admin/queue', t('Inspect queue'), 'queue'), +// 'hubloc' => array($a->get_baseurl(true)."/admin/hubloc/", t("Server") , "server"), + 'profs' => array(z_root() . '/admin/profs', t('Profile Config'), 'profs'), + 'dbsync' => array($a->get_baseurl(true)."/admin/dbsync/", t('DB updates'), "dbsync") + + ); + + /* get plugins admin page */ + + $r = q("SELECT * FROM addon WHERE plugin_admin = 1"); + $aside['plugins_admin'] = array(); + foreach ($r as $h){ + $plugin = $h['name']; + $aside['plugins_admin'][] = array($a->get_baseurl(true) . '/admin/plugins/' . $plugin, $plugin, 'plugin'); + // temp plugins with admin + $a->plugins_admin[] = $plugin; + } + + $aside['logs'] = Array($a->get_baseurl(true)."/admin/logs/", t("Logs"), "logs"); + + $t = get_markup_template("admin_aside.tpl"); + $a->page['aside'] .= replace_macros( $t, array( + '$admin' => $aside, + '$admtxt' => t('Admin'), + '$plugadmtxt' => t('Plugin Features'), + '$logtxt' => t('Logs'), + '$h_pending' => t('User registrations waiting for confirmation'), + '$admurl'=> $a->get_baseurl(true)."/admin/" + )); + + + /* + * Page content + */ + $o = ''; + + // urls + if (argc() > 1){ + switch (argv(1)) { + case 'site': + $o = admin_page_site($a); + break; + case 'users': + $o = admin_page_users($a); + break; + case 'channels': + $o = admin_page_channels($a); + break; + case 'plugins': + $o = admin_page_plugins($a); + break; + case 'themes': + $o = admin_page_themes($a); + break; +// case 'hubloc': +// $o = admin_page_hubloc($a); +// break; + case 'logs': + $o = admin_page_logs($a); + break; + case 'dbsync': + $o = admin_page_dbsync($a); + break; + case 'profs': + $o = admin_page_profs($a); + break; + case 'queue': + $o = admin_page_queue($a); + break; + default: + notice( t('Item not found.') ); + } + } else { + $o = admin_page_summary($a); + } + + if(is_ajax()) { + echo $o; + killme(); + return ''; + } else { + return $o; + } +} + + +/** + * @brief Returns content for Admin Summary Page. + * + * @param App &$a + * @return string HTML from parsed admin_summary.tpl + */ +function admin_page_summary(&$a) { + + // list total user accounts, expirations etc. + $accounts = array(); + $r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires != '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account", + db_utcnow(), + db_utcnow(), + dbesc(NULL_DATE), + intval(ACCOUNT_BLOCKED) + ); + if ($r) { + $accounts['total'] = array('label' => t('# Accounts'), 'val' => $r[0]['total']); + $accounts['blocked'] = array('label' => t('# blocked accounts'), 'val' => $r[0]['blocked']); + $accounts['expired'] = array('label' => t('# expired accounts'), 'val' => $r[0]['expired']); + $accounts['expiring'] = array('label' => t('# expiring accounts'), 'val' => $r[0]['expiring']); + } + + // pending registrations + $r = q("SELECT COUNT(id) AS `count` FROM register"); + $pending = $r[0]['count']; + + // available channels, primary and clones + $channels = array(); + $r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0"); + if ($r) { + $channels['total'] = array('label' => t('# Channels'), 'val' => $r[0]['total']); + $channels['main'] = array('label' => t('# primary'), 'val' => $r[0]['main']); + $channels['clones'] = array('label' => t('# clones'), 'val' => $r[0]['clones']); + } + + // We can do better, but this is a quick queue status + $r = q("SELECT COUNT(outq_delivered) AS total FROM outq WHERE outq_delivered = 0"); + $queue = (($r) ? $r[0]['total'] : 0); + $queues = array( 'label' => t('Message queues'), 'queue' => $queue ); + + // If no plugins active return 0, otherwise list of plugin names + $plugins = (count($a->plugins) == 0) ? count($a->plugins) : $a->plugins; + + // Could be extended to provide also other alerts to the admin + $alertmsg = ''; + // annoy admin about upcoming unsupported PHP version + if (version_compare(PHP_VERSION, '5.4', '<')) { + $alertmsg = 'Your PHP version ' . PHP_VERSION . ' will not be supported with the next major release of $Projectname. You are strongly urged to upgrade to a current version.' + . '<br>PHP 5.3 has reached its <a href="http://php.net/eol.php" class="alert-link">End of Life (EOL)</a> in August 2014.' + . ' A list about current PHP versions can be found <a href="http://php.net/supported-versions.php" class="alert-link">here</a>.'; + } + + $t = get_markup_template('admin_summary.tpl'); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Summary'), + '$adminalertmsg' => $alertmsg, + '$queues' => $queues, + '$accounts' => array( t('Registered accounts'), $accounts), + '$pending' => array( t('Pending registrations'), $pending), + '$channels' => array( t('Registered channels'), $channels), + '$plugins' => array( t('Active plugins'), $plugins ), + '$version' => array( t('Version'), RED_VERSION), + '$build' => get_config('system', 'db_version') + )); +} + + +/** + * @brief POST handler for Admin Site Page. + * + * @param App &$a + */ +function admin_page_site_post(&$a){ + if (!x($_POST, 'page_site')){ + return; + } + + check_form_security_token_redirectOnErr('/admin/site', 'admin_site'); + + $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); + $banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false); + $admininfo = ((x($_POST,'admininfo')) ? trim($_POST['admininfo']) : false); + $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); + $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); + $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); +// $site_channel = ((x($_POST,'site_channel')) ? notags(trim($_POST['site_channel'])) : ''); + $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); + + $register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0); + $access_policy = ((x($_POST,'access_policy')) ? intval(trim($_POST['access_policy'])) : 0); + $abandon_days = ((x($_POST,'abandon_days')) ? intval(trim($_POST['abandon_days'])) : 0); + + $register_text = ((x($_POST,'register_text')) ? notags(trim($_POST['register_text'])) : ''); + $frontpage = ((x($_POST,'frontpage')) ? notags(trim($_POST['frontpage'])) : ''); + $mirror_frontpage = ((x($_POST,'mirror_frontpage')) ? intval(trim($_POST['mirror_frontpage'])) : 0); + + $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); + $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); + $not_allowed_email = ((x($_POST,'not_allowed_email')) ? notags(trim($_POST['not_allowed_email'])) : ''); + $block_public = ((x($_POST,'block_public')) ? True : False); + $force_publish = ((x($_POST,'publish_all')) ? True : False); + $disable_discover_tab = ((x($_POST,'disable_discover_tab')) ? True : False); + $login_on_homepage = ((x($_POST,'login_on_homepage')) ? True : False); + $global_directory = ((x($_POST,'directory_submit_url')) ? notags(trim($_POST['directory_submit_url'])) : ''); + $no_community_page = !((x($_POST,'no_community_page')) ? True : False); + $default_expire_days = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0); + + $verifyssl = ((x($_POST,'verifyssl')) ? True : False); + $proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : ''); + $proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : ''); + $timeout = ((x($_POST,'timeout')) ? intval(trim($_POST['timeout'])) : 60); + $delivery_interval = ((x($_POST,'delivery_interval'))? intval(trim($_POST['delivery_interval'])) : 0); + $poll_interval = ((x($_POST,'poll_interval')) ? intval(trim($_POST['poll_interval'])) : 0); + $maxloadavg = ((x($_POST,'maxloadavg')) ? intval(trim($_POST['maxloadavg'])) : 50); + $feed_contacts = ((x($_POST,'feed_contacts')) ? intval($_POST['feed_contacts']) : 0); + $diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? intval($_POST['diaspora_enabled']) : 0); + $verify_email = ((x($_POST,'verify_email')) ? 1 : 0); + + set_config('system', 'feed_contacts', $feed_contacts); + set_config('system', 'diaspora_enabled', $diaspora_enabled); + set_config('system', 'delivery_interval', $delivery_interval); + set_config('system', 'poll_interval', $poll_interval); + set_config('system', 'maxloadavg', $maxloadavg); + set_config('system', 'frontpage', $frontpage); + set_config('system', 'mirror_frontpage', $mirror_frontpage); + set_config('system', 'sitename', $sitename); + set_config('system', 'login_on_homepage', $login_on_homepage); + set_config('system', 'verify_email', $verify_email); + set_config('system', 'default_expire_days', $default_expire_days); + + if ($banner == '') { + del_config('system', 'banner'); + } else { + set_config('system', 'banner', $banner); + } + + if ($admininfo == ''){ + del_config('system', 'admininfo'); + } else { + require_once('include/text.php'); + linkify_tags($a, $admininfo, local_channel()); + set_config('system', 'admininfo', $admininfo); + } + set_config('system', 'language', $language); + set_config('system', 'theme', $theme); + if ( $theme_mobile === '---' ) { + del_config('system', 'mobile_theme'); + } else { + set_config('system', 'mobile_theme', $theme_mobile); + } +// set_config('system','site_channel', $site_channel); + set_config('system','maximagesize', $maximagesize); + + set_config('system','register_policy', $register_policy); + set_config('system','access_policy', $access_policy); + set_config('system','account_abandon_days', $abandon_days); + set_config('system','register_text', $register_text); + set_config('system','allowed_sites', $allowed_sites); + set_config('system','allowed_email', $allowed_email); + set_config('system','not_allowed_email', $not_allowed_email); + set_config('system','block_public', $block_public); + set_config('system','publish_all', $force_publish); + set_config('system','disable_discover_tab', $disable_discover_tab); + if ($global_directory == '') { + del_config('system', 'directory_submit_url'); + } else { + set_config('system', 'directory_submit_url', $global_directory); + } + + set_config('system','no_community_page', $no_community_page); + set_config('system','no_utf', $no_utf); + set_config('system','verifyssl', $verifyssl); + set_config('system','proxyuser', $proxyuser); + set_config('system','proxy', $proxy); + set_config('system','curl_timeout', $timeout); + + info( t('Site settings updated.') . EOL); + goaway($a->get_baseurl(true) . '/admin/site' ); +} + +/** + * @brief Admin page site. + * + * @param App $a + * @return string + */ +function admin_page_site(&$a) { + + /* Installed langs */ + $lang_choices = array(); + $langs = glob('view/*/strings.php'); + + if(is_array($langs) && count($langs)) { + if(! in_array('view/en/strings.php',$langs)) + $langs[] = 'view/en/'; + asort($langs); + foreach($langs as $l) { + $t = explode("/",$l); + $lang_choices[$t[1]] = $t[1]; + } + } + + /* Installed themes */ + $theme_choices_mobile["---"] = t("Default"); + $theme_choices = array(); + $files = glob('view/theme/*'); + if($files) { + foreach($files as $file) { + $vars = ''; + $f = basename($file); + if (file_exists($file . '/library')) + continue; + if (file_exists($file . '/mobile')) + $vars = t('mobile'); + if (file_exists($file . '/experimental')) + $vars .= t('experimental'); + if (file_exists($file . '/unsupported')) + $vars .= t('unsupported'); + if ($vars) { + $theme_choices[$f] = $f . ' (' . $vars . ')'; + $theme_choices_mobile[$f] = $f . ' (' . $vars . ')'; + } + else { + $theme_choices[$f] = $f; + $theme_choices_mobile[$f] = $f; + } + } + } + + /* Banner */ + $banner = get_config('system', 'banner'); + if($banner == false) + $banner = 'red'; + + $banner = htmlspecialchars($banner); + + /* Admin Info */ + $admininfo = get_config('system', 'admininfo'); + + /* Register policy */ + $register_choices = Array( + REGISTER_CLOSED => t("No"), + REGISTER_APPROVE => t("Yes - with approval"), + REGISTER_OPEN => t("Yes") + ); + + /* Acess policy */ + $access_choices = Array( + ACCESS_PRIVATE => t("My site is not a public server"), + ACCESS_PAID => t("My site has paid access only"), + ACCESS_FREE => t("My site has free access only"), + ACCESS_TIERED => t("My site offers free accounts with optional paid upgrades") + ); + +// $ssl_choices = array( +// SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"), +// SSL_POLICY_FULL => t("Force all links to use SSL") +// ); + + + $homelogin = get_config('system','login_on_homepage'); + + $t = get_markup_template("admin_site.tpl"); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Site'), + '$submit' => t('Submit'), + '$registration' => t('Registration'), + '$upload' => t('File upload'), + '$corporate' => t('Policies'), + '$advanced' => t('Advanced'), + + '$baseurl' => $a->get_baseurl(true), + // name, label, value, help string, extra data... + '$sitename' => array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''), + '$banner' => array('banner', t("Banner/Logo"), $banner, ""), + '$admininfo' => array('admininfo', t("Administrator Information"), $admininfo, t("Contact information for site administrators. Displayed on siteinfo page. BBCode can be used here")), + '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), + '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices), + '$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile), +// '$site_channel' => array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")), + '$diaspora_enabled' => array('diaspora_enabled',t('Enable Diaspora Protocol'), get_config('system','diaspora_enabled'), t('Communicate with Diaspora and Friendica - experimental')), + '$feed_contacts' => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')), + '$maximagesize' => array('maximagesize', t("Maximum image size"), intval(get_config('system','maximagesize')), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), + '$register_policy' => array('register_policy', t("Does this site allow new member registration?"), get_config('system','register_policy'), "", $register_choices), + '$access_policy' => array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), "This is displayed on the public server site list.", $access_choices), + '$register_text' => array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), + '$frontpage' => array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'public' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")), + '$mirror_frontpage' => array('mirror_frontpage', t("Preserve site homepage URL"), get_config('system','mirror_frontpage'), t('Present the site homepage in a frame at the original location instead of redirecting')), + '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')), + '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")), + '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")), + '$not_allowed_email' => array('not_allowed_email', t("Not allowed email domains"), get_config('system','not_allowed_email'), t("Comma separated list of domains which are not allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains, unless allowed domains have been defined.")), + '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.")), + '$verify_email' => array('verify_email', t("Verify Email Addresses"), get_config('system','verify_email'), t("Check to verify email addresses used in account registration (recommended).")), + '$force_publish' => array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")), + '$disable_discover_tab' => array('disable_discover_tab', t("Disable discovery tab"), get_config('system','disable_discover_tab'), t("Remove the tab in the network view with public content pulled from sources chosen for this site.")), + '$login_on_homepage' => array('login_on_homepage', t("login on Homepage"),((intval($homelogin) || $homelogin === false) ? 1 : '') , t("Present a login box to visitors on the home page if no other content has been configured.")), + + '$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""), + '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""), + '$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")), + '$delivery_interval' => array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")), + '$poll_interval' => array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")), + '$maxloadavg' => array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")), + '$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (matrix/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')), + '$form_security_token' => get_form_security_token("admin_site"), + )); +} + +function admin_page_hubloc_post(&$a){ + check_form_security_token_redirectOnErr('/admin/hubloc', 'admin_hubloc'); + require_once('include/zot.php'); + + //prepare for ping + + if ( $_POST['hublocid']) { + $hublocid = $_POST['hublocid']; + $arrhublocurl = q("SELECT hubloc_url FROM hubloc WHERE hubloc_id = %d ", + intval($hublocid) + ); + $hublocurl = $arrhublocurl[0]['hubloc_url'] . '/post'; + + //perform ping + $m = zot_build_packet($a->get_channel(),'ping'); + $r = zot_zot($hublocurl,$m); + //handle results and set the hubloc flags in db to make results visible + $r2 = $r['body']; + $r3 = $r2['success']; + if ( $r3['success'] == True ){ + //set HUBLOC_OFFLINE to 0 + logger(' success = true ',LOGGER_DEBUG); + } else { + //set HUBLOC_OFFLINE to 1 + logger(' success = false ', LOGGER_DEBUG); + } + + //unfotunatly zping wont work, I guess return format is not correct + //require_once('mod/zping.php'); + //$r = zping_content($hublocurl); + //logger('zping answer: ' . $r, LOGGER_DEBUG); + + //in case of repair store new pub key for tested hubloc (all channel with this hubloc) in db + //after repair set hubloc flags to 0 + } + + goaway($a->get_baseurl(true) . '/admin/hubloc' ); +} + +function admin_page_hubloc(&$a) { + $hubloc = q("SELECT hubloc_id, hubloc_addr, hubloc_host, hubloc_status FROM hubloc"); + + if(! $hubloc){ + notice( t('No server found') . EOL); + goaway($a->get_baseurl(true) . '/admin/hubloc'); + } + + $t = get_markup_template('admin_hubloc.tpl'); + return replace_macros($t, array( + '$hubloc' => $hubloc, + '$th_hubloc' => array(t('ID'), t('for channel'), t('on server'), t('Status')), + '$title' => t('Administration'), + '$page' => t('Server'), + '$queues' => $queues, + //'$accounts' => $accounts, /*$accounts is empty here*/ + '$pending' => array( t('Pending registrations'), $pending), + '$plugins' => array( t('Active plugins'), $a->plugins ), + '$form_security_token' => get_form_security_token('admin_hubloc') + )); +} + + +function admin_page_dbsync(&$a) { + $o = ''; + + if(argc() > 3 && intval(argv(3)) && argv(2) === 'mark') { + set_config('database', 'update_r' . intval(argv(3)), 'success'); + if(intval(get_config('system','db_version')) <= intval(argv(3))) + set_config('system','db_version',intval(argv(3)) + 1); + info( t('Update has been marked successful') . EOL); + goaway($a->get_baseurl(true) . '/admin/dbsync'); + } + + if(argc() > 2 && intval(argv(2))) { + require_once('install/update.php'); + $func = 'update_r' . intval(argv(2)); + if(function_exists($func)) { + $retval = $func(); + if($retval === UPDATE_FAILED) { + $o .= sprintf( t('Executing %s failed. Check system logs.'), $func); + } + elseif($retval === UPDATE_SUCCESS) { + $o .= sprintf( t('Update %s was successfully applied.'), $func); + set_config('database',$func, 'success'); + } + else + $o .= sprintf( t('Update %s did not return a status. Unknown if it succeeded.'), $func); + } + else + $o .= sprintf( t('Update function %s could not be found.'), $func); + + return $o; + } + + $failed = array(); + $r = q("select * from config where `cat` = 'database' "); + if(count($r)) { + foreach($r as $rr) { + $upd = intval(substr($rr['k'],8)); + if($rr['v'] === 'success') + continue; + $failed[] = $upd; + } + } + if(! count($failed)) + return '<h3>' . t('No failed updates.') . '</h3>'; + + $o = replace_macros(get_markup_template('failed_updates.tpl'),array( + '$base' => $a->get_baseurl(true), + '$banner' => t('Failed Updates'), + '$desc' => '', + '$mark' => t('Mark success (if update was manually applied)'), + '$apply' => t('Attempt to execute this update step automatically'), + '$failed' => $failed + )); + + return $o; +} + +function admin_page_queue($a) { + $o = ''; + + $expert = ((array_key_exists('expert',$_REQUEST)) ? intval($_REQUEST['expert']) : 0); + + if($_REQUEST['drophub']) { + require_once('hubloc.php'); + hubloc_mark_as_down($_REQUEST['drophub']); + } + + if($_REQUEST['emptyhub']) { + $r = q("delete from outq where outq_posturl = '%s' ", + dbesc($_REQUEST['emptyhub']) + ); + } + + $r = q("select count(outq_posturl) as total, max(outq_priority) as priority, outq_posturl from outq + where outq_delivered = 0 group by outq_posturl order by total desc"); + + for($x = 0; $x < count($r); $x ++) { + $r[$x]['eurl'] = urlencode($r[$x]['outq_posturl']); + $r[$x]['connected'] = datetime_convert('UTC',date_default_timezone_get(),$r[$x]['connected'],'Y-m-d'); + } + + $o = replace_macros(get_markup_template('admin_queue.tpl'), array( + '$banner' => t('Queue Statistics'), + '$numentries' => t('Total Entries'), + '$priority' => t('Priority'), + '$desturl' => t('Destination URL'), + '$nukehub' => t('Mark hub permanently offline'), + '$empty' => t('Empty queue for this hub'), + '$lastconn' => t('Last known contact'), + '$hasentries' => ((count($r)) ? true : false), + '$entries' => $r, + '$expert' => $expert + )); + + return $o; +} + +/** + * @brief Handle POST actions on users admin page. + * + * This function is called when on the admin user/account page the form was + * submitted to handle multiple operations at once. If one of the icons next + * to an entry are pressed the function admin_page_users() will handle this. + * + * @param App $a + */ +function admin_page_users_post($a) { + $pending = ( x($_POST, 'pending') ? $_POST['pending'] : array() ); + $users = ( x($_POST, 'user') ? $_POST['user'] : array() ); + $blocked = ( x($_POST, 'blocked') ? $_POST['blocked'] : array() ); + + check_form_security_token_redirectOnErr('/admin/users', 'admin_users'); + + // change to switch structure? + // account block/unblock button was submitted + if (x($_POST, 'page_users_block')) { + for ($i = 0; $i < count($users); $i++) { + // if account is blocked remove blocked bit-flag, otherwise add blocked bit-flag + $op = ($blocked[$i]) ? '& ~' : '| '; + q("UPDATE account SET account_flags = (account_flags $op%d) WHERE account_id = %d", + intval(ACCOUNT_BLOCKED), + intval($users[$i]) + ); + } + notice( sprintf( tt("%s user blocked/unblocked", "%s users blocked/unblocked", count($users)), count($users)) ); + } + // account delete button was submitted + if (x($_POST, 'page_users_delete')) { + require_once('include/Contact.php'); + foreach ($users as $uid){ + account_remove($uid, true, false); + } + notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) ); + } + // registration approved button was submitted + if (x($_POST, 'page_users_approve')) { + foreach ($pending as $hash) { + user_allow($hash); + } + } + // registration deny button was submitted + if (x($_POST, 'page_users_deny')) { + foreach ($pending as $hash) { + user_deny($hash); + } + } + + goaway($a->get_baseurl(true) . '/admin/users' ); +} + +/** + * @brief Generate users admin page and handle single item operations. + * + * This function generates the users/account admin page and handles the actions + * if an icon next to an entry was clicked. If several items were selected and + * the form was submitted it is handled by the function admin_page_users_post(). + * + * @param App &$a + * @return string + */ +function admin_page_users(&$a){ + if (argc() > 2) { + $uid = argv(3); + $account = q("SELECT * FROM account WHERE account_id = %d", + intval($uid) + ); + + if (! $account) { + notice( t('Account not found') . EOL); + goaway($a->get_baseurl(true) . '/admin/users' ); + } + + check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); + + switch (argv(2)){ + case 'delete': + // delete user + require_once('include/Contact.php'); + account_remove($uid,true,false); + + notice( sprintf(t("User '%s' deleted"), $account[0]['account_email']) . EOL); + break; + case 'block': + q("UPDATE account SET account_flags = ( account_flags | %d ) WHERE account_id = %d", + intval(ACCOUNT_BLOCKED), + intval($uid) + ); + + notice( sprintf( t("User '%s' blocked") , $account[0]['account_email']) . EOL); + break; + case 'unblock': + q("UPDATE account SET account_flags = ( account_flags & ~%d ) WHERE account_id = %d", + intval(ACCOUNT_BLOCKED), + intval($uid) + ); + + notice( sprintf( t("User '%s' unblocked"), $account[0]['account_email']) . EOL); + break; + } + + goaway($a->get_baseurl(true) . '/admin/users' ); + } + + /* get pending */ + $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d )>0 ", + intval(ACCOUNT_PENDING) + ); + + /* get users */ + + $total = q("SELECT count(*) as total FROM account"); + if (count($total)) { + $a->set_pager_total($total[0]['total']); + $a->set_pager_itemspage(100); + } + + +// We'll still need to link email addresses to admin/users/channels or some such, but this bit doesn't exist yet. +// That's where we need to be doing last post/channel flags/etc, not here. + + $serviceclass = (($_REQUEST['class']) ? " and account_service_class = '" . dbesc($_REQUEST['class']) . "' " : ''); + + $order = " order by account_email asc "; + if($_REQUEST['order'] === 'expires') + $order = " order by account_expires desc "; + if($_REQUEST['order'] === 'created') + $order = " order by account_created desc "; + + $users = q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d )>0 as `blocked`, " . + "(SELECT %s FROM channel as ch " . + "WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as `channels` " . + "FROM account as ac where true $serviceclass $order limit %d offset %d ", + intval(ACCOUNT_BLOCKED), + db_concat('ch.channel_address', ' '), + intval($a->pager['itemspage']), + intval($a->pager['start']) + ); + +// function _setup_users($e){ +// $accounts = Array( +// t('Normal Account'), +// t('Soapbox Account'), +// t('Community/Celebrity Account'), +// t('Automatic Friend Account') +// ); + +// $e['page_flags'] = $accounts[$e['page-flags']]; +// $e['register_date'] = relative_date($e['register_date']); +// $e['login_date'] = relative_date($e['login_date']); +// $e['lastitem_date'] = relative_date($e['lastitem_date']); +// return $e; +// } +// $users = array_map("_setup_users", $users); + + $t = get_markup_template('admin_users.tpl'); + $o = replace_macros($t, array( + // strings // + '$title' => t('Administration'), + '$page' => t('Users'), + '$submit' => t('Submit'), + '$select_all' => t('select all'), + '$h_pending' => t('User registrations waiting for confirm'), + '$th_pending' => array( t('Request date'), t('Email') ), + '$no_pending' => t('No registrations.'), + '$approve' => t('Approve'), + '$deny' => t('Deny'), + '$delete' => t('Delete'), + '$block' => t('Block'), + '$unblock' => t('Unblock'), + + '$h_users' => t('Users'), + '$th_users' => array( t('ID'), t('Email'), t('All Channels'), t('Register date'), t('Last login'), t('Expires'), t('Service Class')), + + '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), + '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), + + '$form_security_token' => get_form_security_token("admin_users"), + + // values // + '$baseurl' => $a->get_baseurl(true), + + '$pending' => $pending, + '$users' => $users, + )); + $o .= paginate($a); + + return $o; +} + + +/** + * @brief Channels admin page. + * + * @param App &$a + */ +function admin_page_channels_post(&$a) { + $channels = ( x($_POST, 'channel') ? $_POST['channel'] : Array() ); + + check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels'); + + $xor = db_getfunc('^'); + + if (x($_POST,'page_channels_block')){ + foreach($channels as $uid){ + q("UPDATE channel SET channel_pageflags = ( channel_pageflags $xor %d ) where channel_id = %d", + intval(PAGE_CENSORED), + intval( $uid ) + ); + proc_run('php','include/directory.php',$uid,'nopush'); + } + notice( sprintf( tt("%s channel censored/uncensored", "%s channels censored/uncensored", count($channels)), count($channels)) ); + } + if (x($_POST,'page_channels_code')){ + foreach($channels as $uid){ + q("UPDATE channel SET channel_pageflags = ( channel_pageflags $xor %d ) where channel_id = %d", + intval(PAGE_ALLOWCODE), + intval( $uid ) + ); + } + notice( sprintf( tt("%s channel code allowed/disallowed", "%s channels code allowed/disallowed", count($channels)), count($channels)) ); + } + if (x($_POST,'page_channels_delete')){ + require_once("include/Contact.php"); + foreach($channels as $uid){ + channel_remove($uid,true); + } + notice( sprintf( tt("%s channel deleted", "%s channels deleted", count($channels)), count($channels)) ); + } + + goaway($a->get_baseurl(true) . '/admin/channels' ); +} + +/** + * @brief + * + * @param App &$a + * @return string + */ +function admin_page_channels(&$a){ + if (argc() > 2) { + $uid = argv(3); + $channel = q("SELECT * FROM channel WHERE channel_id = %d", + intval($uid) + ); + + if (! $channel) { + notice( t('Channel not found') . EOL); + goaway($a->get_baseurl(true) . '/admin/channels' ); + } + + switch(argv(2)) { + case "delete":{ + check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't'); + // delete channel + require_once("include/Contact.php"); + channel_remove($uid,true); + + notice( sprintf(t("Channel '%s' deleted"), $channel[0]['channel_name']) . EOL); + }; break; + + case "block":{ + check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't'); + $pflags = $channel[0]['channel_pageflags'] ^ PAGE_CENSORED; + q("UPDATE channel SET channel_pageflags = %d where channel_id = %d", + intval($pflags), + intval( $uid ) + ); + proc_run('php','include/directory.php',$uid,'nopush'); + + notice( sprintf( (($pflags & PAGE_CENSORED) ? t("Channel '%s' censored"): t("Channel '%s' uncensored")) , $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')' ) . EOL); + }; break; + + case "code":{ + check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't'); + $pflags = $channel[0]['channel_pageflags'] ^ PAGE_ALLOWCODE; + q("UPDATE channel SET channel_pageflags = %d where channel_id = %d", + intval($pflags), + intval( $uid ) + ); + + notice( sprintf( (($pflags & PAGE_ALLOWCODE) ? t("Channel '%s' code allowed"): t("Channel '%s' code disallowed")) , $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')' ) . EOL); + }; break; + + default: + break; + } + goaway($a->get_baseurl(true) . '/admin/channels' ); + } + + /* get channels */ + + $total = q("SELECT count(*) as total FROM channel where channel_removed = 0 and channel_system = 0"); + if($total) { + $a->set_pager_total($total[0]['total']); + $a->set_pager_itemspage(100); + } + + $order = " order by channel_name asc "; + + $channels = q("SELECT * from channel where channel_removed = 0 and channel_system = 0 $order limit %d offset %d ", + intval($a->pager['itemspage']), + intval($a->pager['start']) + ); + + if($channels) { + for($x = 0; $x < count($channels); $x ++) { + if($channels[$x]['channel_pageflags'] & PAGE_CENSORED) + $channels[$x]['blocked'] = true; + else + $channels[$x]['blocked'] = false; + + if($channels[$x]['channel_pageflags'] & PAGE_ALLOWCODE) + $channels[$x]['allowcode'] = true; + else + $channels[$x]['allowcode'] = false; + } + } + + $t = get_markup_template("admin_channels.tpl"); + $o = replace_macros($t, array( + // strings // + '$title' => t('Administration'), + '$page' => t('Channels'), + '$submit' => t('Submit'), + '$select_all' => t('select all'), + '$delete' => t('Delete'), + '$block' => t('Censor'), + '$unblock' => t('Uncensor'), + '$code' => t('Allow Code'), + '$uncode' => t('Disallow Code'), + '$h_channels' => t('Channel'), + '$th_channels' => array( t('UID'), t('Name'), t('Address')), + + '$confirm_delete_multi' => t('Selected channels will be deleted!\n\nEverything that was posted in these channels on this site will be permanently deleted!\n\nAre you sure?'), + '$confirm_delete' => t('The channel {0} will be deleted!\n\nEverything that was posted in this channel on this site will be permanently deleted!\n\nAre you sure?'), + + '$form_security_token' => get_form_security_token("admin_channels"), + + // values // + '$baseurl' => $a->get_baseurl(true), + '$channels' => $channels, + )); + $o .= paginate($a); + + return $o; +} + + +/** + * Plugins admin page + * + * @param App $a + * @return string + */ +function admin_page_plugins(&$a){ + + /* + * Single plugin + */ + if ($a->argc == 3){ + $plugin = $a->argv[2]; + if (!is_file("addon/$plugin/$plugin.php")){ + notice( t("Item not found.") ); + return ''; + } + + if (x($_GET,"a") && $_GET['a']=="t"){ + check_form_security_token_redirectOnErr('/admin/plugins', 'admin_plugins', 't'); + + // Toggle plugin status + $idx = array_search($plugin, $a->plugins); + if ($idx !== false){ + unset($a->plugins[$idx]); + uninstall_plugin($plugin); + info( sprintf( t("Plugin %s disabled."), $plugin ) ); + } else { + $a->plugins[] = $plugin; + install_plugin($plugin); + info( sprintf( t("Plugin %s enabled."), $plugin ) ); + } + set_config("system","addon", implode(", ",$a->plugins)); + goaway($a->get_baseurl(true) . '/admin/plugins' ); + } + // display plugin details + require_once('library/markdown.php'); + + if (in_array($plugin, $a->plugins)){ + $status = 'on'; + $action = t('Disable'); + } else { + $status = 'off'; + $action = t('Enable'); + } + + $readme = null; + if (is_file("addon/$plugin/README.md")){ + $readme = file_get_contents("addon/$plugin/README.md"); + $readme = Markdown($readme); + } else if (is_file("addon/$plugin/README")){ + $readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>"; + } + + $admin_form = ''; + if (is_array($a->plugins_admin) && in_array($plugin, $a->plugins_admin)){ + @require_once("addon/$plugin/$plugin.php"); + if(function_exists($plugin.'_plugin_admin')) { + $func = $plugin.'_plugin_admin'; + $func($a, $admin_form); + } + } + + $t = get_markup_template('admin_plugins_details.tpl'); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Plugins'), + '$toggle' => t('Toggle'), + '$settings' => t('Settings'), + '$baseurl' => $a->get_baseurl(true), + + '$plugin' => $plugin, + '$status' => $status, + '$action' => $action, + '$info' => get_plugin_info($plugin), + '$str_author' => t('Author: '), + '$str_maintainer' => t('Maintainer: '), + + '$admin_form' => $admin_form, + '$function' => 'plugins', + '$screenshot' => '', + '$readme' => $readme, + + '$form_security_token' => get_form_security_token('admin_plugins'), + )); + } + + + /* + * List plugins + */ + $plugins = array(); + $files = glob('addon/*/'); + if($files) { + foreach($files as $file) { + if (is_dir($file)){ + list($tmp, $id) = array_map('trim', explode('/', $file)); + $info = get_plugin_info($id); + $plugins[] = array( $id, (in_array($id, $a->plugins)?"on":"off") , $info); + } + } + } + + $t = get_markup_template('admin_plugins.tpl'); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Plugins'), + '$submit' => t('Submit'), + '$baseurl' => $a->get_baseurl(true), + '$function' => 'plugins', + '$plugins' => $plugins, + '$form_security_token' => get_form_security_token('admin_plugins'), + )); +} + +/** + * @param array $themes + * @param string $th + * @param int $result + */ +function toggle_theme(&$themes, $th, &$result) { + for($x = 0; $x < count($themes); $x ++) { + if($themes[$x]['name'] === $th) { + if($themes[$x]['allowed']) { + $themes[$x]['allowed'] = 0; + $result = 0; + } + else { + $themes[$x]['allowed'] = 1; + $result = 1; + } + } + } +} + +/** + * @param array $themes + * @param string $th + * @return int + */ +function theme_status($themes, $th) { + for($x = 0; $x < count($themes); $x ++) { + if($themes[$x]['name'] === $th) { + if($themes[$x]['allowed']) { + return 1; + } + else { + return 0; + } + } + } + return 0; +} + + +/** + * @param array $themes + * @return string + */ +function rebuild_theme_table($themes) { + $o = ''; + if(count($themes)) { + foreach($themes as $th) { + if($th['allowed']) { + if(strlen($o)) + $o .= ','; + $o .= $th['name']; + } + } + } + return $o; +} + + +/** + * @brief Themes admin page. + * + * @param App &$a + * @return string + */ +function admin_page_themes(&$a){ + + $allowed_themes_str = get_config('system', 'allowed_themes'); + $allowed_themes_raw = explode(',', $allowed_themes_str); + $allowed_themes = array(); + if(count($allowed_themes_raw)) + foreach($allowed_themes_raw as $x) + if(strlen(trim($x))) + $allowed_themes[] = trim($x); + + $themes = array(); + $files = glob('view/theme/*'); + if($files) { + foreach($files as $file) { + $f = basename($file); + $is_experimental = intval(file_exists($file . '/.experimental')); + $is_supported = 1-(intval(file_exists($file . '/.unsupported'))); // Is not used yet + $is_allowed = intval(in_array($f,$allowed_themes)); + $themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed); + } + } + + if(! count($themes)) { + notice( t('No themes found.')); + return ''; + } + + /* + * Single theme + */ + + if ($a->argc == 3){ + $theme = $a->argv[2]; + if(! is_dir("view/theme/$theme")){ + notice( t("Item not found.") ); + return ''; + } + + if (x($_GET,"a") && $_GET['a']=="t"){ + check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't'); + + // Toggle theme status + + toggle_theme($themes, $theme, $result); + $s = rebuild_theme_table($themes); + if($result) + info( sprintf('Theme %s enabled.', $theme)); + else + info( sprintf('Theme %s disabled.', $theme)); + + set_config('system', 'allowed_themes', $s); + goaway($a->get_baseurl(true) . '/admin/themes' ); + } + + // display theme details + require_once('library/markdown.php'); + + if (theme_status($themes,$theme)) { + $status="on"; $action= t("Disable"); + } else { + $status="off"; $action= t("Enable"); + } + + $readme=Null; + if (is_file("view/theme/$theme/README.md")){ + $readme = file_get_contents("view/theme/$theme/README.md"); + $readme = Markdown($readme); + } else if (is_file("view/theme/$theme/README")){ + $readme = "<pre>". file_get_contents("view/theme/$theme/README") ."</pre>"; + } + + $admin_form = ''; + if (is_file("view/theme/$theme/php/config.php")){ + require_once("view/theme/$theme/php/config.php"); + if(function_exists("theme_admin")){ + $admin_form = theme_admin($a); + } + } + + $screenshot = array( get_theme_screenshot($theme), t('Screenshot')); + if(! stristr($screenshot[0],$theme)) + $screenshot = null; + + $t = get_markup_template('admin_plugins_details.tpl'); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Themes'), + '$toggle' => t('Toggle'), + '$settings' => t('Settings'), + '$baseurl' => $a->get_baseurl(true), + + '$plugin' => $theme, + '$status' => $status, + '$action' => $action, + '$info' => get_theme_info($theme), + '$function' => 'themes', + '$admin_form' => $admin_form, + '$str_author' => t('Author: '), + '$str_maintainer' => t('Maintainer: '), + '$screenshot' => $screenshot, + '$readme' => $readme, + + '$form_security_token' => get_form_security_token('admin_themes'), + )); + } + + /* + * List themes + */ + + $xthemes = array(); + if($themes) { + foreach($themes as $th) { + $xthemes[] = array($th['name'],(($th['allowed']) ? "on" : "off"), get_theme_info($th['name'])); + } + } + + $t = get_markup_template('admin_plugins.tpl'); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Themes'), + '$submit' => t('Submit'), + '$baseurl' => $a->get_baseurl(true), + '$function' => 'themes', + '$plugins' => $xthemes, + '$experimental' => t('[Experimental]'), + '$unsupported' => t('[Unsupported]'), + '$form_security_token' => get_form_security_token('admin_themes'), + )); +} + + +/** + * @brief POST handler for logs admin page. + * + * @param App &$a + */ +function admin_page_logs_post(&$a) { + if (x($_POST, 'page_logs')) { + check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs'); + + $logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : ''); + $debugging = ((x($_POST,'debugging')) ? true : false); + $loglevel = ((x($_POST,'loglevel')) ? intval(trim($_POST['loglevel'])) : 0); + + set_config('system','logfile', $logfile); + set_config('system','debugging', $debugging); + set_config('system','loglevel', $loglevel); + } + + info( t('Log settings updated.') ); + goaway($a->get_baseurl(true) . '/admin/logs' ); +} + +/** + * @brief Logs admin page. + * + * @param App $a + * @return string + */ +function admin_page_logs(&$a){ + + $log_choices = Array( + LOGGER_NORMAL => 'Normal', + LOGGER_TRACE => 'Trace', + LOGGER_DEBUG => 'Debug', + LOGGER_DATA => 'Data', + LOGGER_ALL => 'All' + ); + + $t = get_markup_template('admin_logs.tpl'); + + $f = get_config('system', 'logfile'); + + $data = ''; + + if(!file_exists($f)) { + $data = t("Error trying to open <strong>$f</strong> log file.\r\n<br/>Check to see if file $f exist and is +readable."); + } + else { + $fp = fopen($f, 'r'); + if(!$fp) { + $data = t("Couldn't open <strong>$f</strong> log file.\r\n<br/>Check to see if file $f is readable."); + } + else { + $fstat = fstat($fp); + $size = $fstat['size']; + if($size != 0) + { + if($size > 5000000 || $size < 0) + $size = 5000000; + $seek = fseek($fp,0-$size,SEEK_END); + if($seek === 0) { + $data = escape_tags(fread($fp,$size)); + while(! feof($fp)) + $data .= escape_tags(fread($fp,4096)); + } + } + fclose($fp); + } + } + + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Logs'), + '$submit' => t('Submit'), + '$clear' => t('Clear'), + '$data' => $data, + '$baseurl' => $a->get_baseurl(true), + '$logname' => get_config('system','logfile'), + + // name, label, value, help string, extra data... + '$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""), + '$logfile' => array('logfile', t("Log file"), get_config('system','logfile'), t("Must be writable by web server. Relative to your Red top-level directory.")), + '$loglevel' => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices), + + '$form_security_token' => get_form_security_token('admin_logs'), + )); +} + +function admin_page_profs_post(&$a) { + + if($_REQUEST['id']) { + $r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d", + dbesc($_REQUEST['field_name']), + dbesc($_REQUEST['field_type']), + dbesc($_REQUEST['field_desc']), + dbesc($_REQUEST['field_help']), + dbesc($_REQUEST['field_inputs']), + intval($_REQUEST['id']) + ); + } + else { + $r = q("insert into profdef ( field_name, field_type, field_desc, field_help, field_inputs ) values ( '%s' , '%s', '%s', '%s', '%s' )", + dbesc($_REQUEST['field_name']), + dbesc($_REQUEST['field_type']), + dbesc($_REQUEST['field_desc']), + dbesc($_REQUEST['field_help']), + dbesc($_REQUEST['field_inputs']) + ); + } + + // add to chosen array basic or advanced + + goaway(z_root() . '/admin/profs'); +} + +function admin_page_profs(&$a) { + + if((argc() > 3) && argv(2) == 'drop' && intval(argv(3))) { + $r = q("delete from profdef where id = %d", + intval(argv(3)) + ); + // remove from allowed fields + + goaway(z_root() . '/admin/profs'); + } + + if((argc() > 2) && argv(2) === 'new') { + return replace_macros(get_markup_template('profdef_edit.tpl'),array( + '$header' => t('New Profile Field'), + '$field_name' => array('field_name',t('Field nickname'),$_REQUEST['field_name'],t('System name of field')), + '$field_type' => array('field_type',t('Input type'),(($_REQUEST['field_type']) ? $_REQUEST['field_type'] : 'text'),''), + '$field_desc' => array('field_desc',t('Field Name'),$_REQUEST['field_desc'],t('Label on profile pages')), + '$field_help' => array('field_help',t('Help text'),$_REQUEST['field_help'],t('Additional info (optional)')), + '$submit' => t('Save') + )); + } + + if((argc() > 2) && intval(argv(2))) { + $r = q("select * from profdef where id = %d limit 1", + intval(argv(2)) + ); + if(! $r) { + notice( t('Field definition not found') . EOL); + goaway(z_root() . '/admin/profs'); + } + + return replace_macros(get_markup_template('profdef_edit.tpl'),array( + '$id' => intval($r[0]['id']), + '$header' => t('Edit Profile Field'), + '$field_name' => array('field_name',t('Field nickname'),$r[0]['field_name'],t('System name of field')), + '$field_type' => array('field_type',t('Input type'),$r[0]['field_type'],''), + '$field_desc' => array('field_desc',t('Field Name'),$r[0]['field_desc'],t('Label on profile pages')), + '$field_help' => array('field_help',t('Help text'),$r[0]['field_help'],t('Additional info (optional)')), + '$submit' => t('Save') + )); + } +} diff --git a/mod/api.php b/mod/api.php new file mode 100644 index 000000000..08978ee96 --- /dev/null +++ b/mod/api.php @@ -0,0 +1,119 @@ +<?php + +require_once('include/api.php'); + +function oauth_get_client($request){ + + + $params = $request->get_parameters(); + $token = $params['oauth_token']; + + $r = q("SELECT `clients`.* + FROM `clients`, `tokens` + WHERE `clients`.`client_id`=`tokens`.`client_id` + AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", + dbesc($token)); + + if (!count($r)) + return null; + + return $r[0]; +} + +function api_post(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + +} + +function api_content(&$a) { + if ($a->cmd=='api/oauth/authorize'){ + /* + * api/oauth/authorize interact with the user. return a standard page + */ + + $a->page['template'] = "minimal"; + + + // get consumer/client from request token + try { + $request = OAuthRequest::from_request(); + } catch(Exception $e) { + echo "<pre>"; var_dump($e); killme(); + } + + + if (x($_POST,'oauth_yes')){ + + $app = oauth_get_client($request); + if (is_null($app)) return "Invalid request. Unknown token."; + $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']); + + $verifier = md5($app['secret'].local_channel()); + set_config("oauth", $verifier, local_channel()); + + + if ($consumer->callback_url!=null) { + $params = $request->get_parameters(); + $glue="?"; + if (strstr($consumer->callback_url,$glue)) $glue="?"; + goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier)); + killme(); + } + + + + $tpl = get_markup_template("oauth_authorize_done.tpl"); + $o = replace_macros($tpl, array( + '$title' => t('Authorize application connection'), + '$info' => t('Return to your app and insert this Securty Code:'), + '$code' => $verifier, + )); + + return $o; + + + } + + + if(! local_channel()) { + //TODO: we need login form to redirect to this page + notice( t('Please login to continue.') . EOL ); + return login(false,'api-login',$request->get_parameters()); + } + //FKOAuth1::loginUser(4); + + $app = oauth_get_client($request); + if (is_null($app)) return "Invalid request. Unknown token."; + + + + + $tpl = get_markup_template('oauth_authorize.tpl'); + $o = replace_macros($tpl, array( + '$title' => t('Authorize application connection'), + '$app' => $app, + '$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'), + '$yes' => t('Yes'), + '$no' => t('No'), + )); + + //echo "<pre>"; var_dump($app); killme(); + + return $o; + } + + echo api_call($a); + killme(); +} + + + diff --git a/mod/appman.php b/mod/appman.php new file mode 100644 index 000000000..e31492f0b --- /dev/null +++ b/mod/appman.php @@ -0,0 +1,102 @@ +<?php /** @file */ + +require_once('include/apps.php'); + +function appman_post(&$a) { + + if(! local_channel()) + return; + + if($_POST['url']) { + $arr = array( + 'uid' => intval($_REQUEST['uid']), + 'url' => escape_tags($_REQUEST['url']), + 'guid' => escape_tags($_REQUEST['guid']), + 'author' => escape_tags($_REQUEST['author']), + 'addr' => escape_tags($_REQUEST['addr']), + 'name' => escape_tags($_REQUEST['name']), + 'desc' => escape_tags($_REQUEST['desc']), + 'photo' => escape_tags($_REQUEST['photo']), + 'version' => escape_tags($_REQUEST['version']), + 'price' => escape_tags($_REQUEST['price']), + 'sig' => escape_tags($_REQUEST['sig']) + ); + + $_REQUEST['appid'] = app_install(local_channel(),$arr); + + if(app_installed(local_channel(),$arr)) + info( t('App installed.') . EOL); + + return; + } + + + $papp = app_decode($_POST['papp']); + + if(! is_array($papp)) { + notice( t('Malformed app.') . EOL); + return; + } + + if($_POST['install']) { + app_install(local_channel(),$papp); + if(app_installed(local_channel(),$papp)) + info( t('App installed.') . EOL); + } + + if($_POST['delete']) { + app_destroy(local_channel(),$papp); + } + + if($_POST['edit']) { + return; + } + + if($_SESSION['return_url']) + goaway(z_root() . '/' . $_SESSION['return_url']); + goaway(z_root() . '/apps'); + + +} + + +function appman_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $channel = $a->get_channel(); + $app = null; + $embed = null; + if($_REQUEST['appid']) { + $r = q("select * from app where app_id = '%s' and app_channel = %d limit 1", + dbesc($_REQUEST['appid']), + dbesc(local_channel()) + ); + if($r) + $app = $r[0]; + $embed = array('embed', t('Embed code'), app_encode($app,true),'', 'onclick="this.select();"'); + + } + + return replace_macros(get_markup_template('app_create.tpl'), array( + + '$banner' => (($app) ? t('Edit App') : t('Create App')), + '$app' => $app, + '$guid' => (($app) ? $app['app_id'] : ''), + '$author' => (($app) ? $app['app_author'] : $channel['channel_hash']), + '$addr' => (($app) ? $app['app_addr'] : $channel['xchan_addr']), + '$name' => array('name', t('Name of app'),(($app) ? $app['app_name'] : ''), t('Required')), + '$url' => array('url', t('Location (URL) of app'),(($app) ? $app['app_url'] : ''), t('Required')), + '$desc' => array('desc', t('Description'),(($app) ? $app['app_desc'] : ''), ''), + '$photo' => array('photo', t('Photo icon URL'),(($app) ? $app['app_photo'] : ''), t('80 x 80 pixels - optional')), + '$version' => array('version', t('Version ID'),(($app) ? $app['app_version'] : ''), ''), + '$price' => array('price', t('Price of app'),(($app) ? $app['app_price'] : ''), ''), + '$page' => array('page', t('Location (URL) to purchase app'),(($app) ? $app['app_page'] : ''), ''), + '$embed' => $embed, + '$submit' => t('Submit') + )); + +} diff --git a/mod/apps.php b/mod/apps.php new file mode 100644 index 000000000..fcf545421 --- /dev/null +++ b/mod/apps.php @@ -0,0 +1,40 @@ +<?php + +require_once('include/apps.php'); + +function apps_content(&$a) { + + if(argc() == 2 && argv(1) == 'edit') + $mode = 'edit'; + else + $mode = 'list'; + + $_SESSION['return_url'] = $a->cmd; + + $apps = array(); + + $syslist = get_system_apps(); + + if(local_channel()) { + $list = app_list(local_channel()); + if($list) { + foreach($list as $x) { + $syslist[] = app_encode($x); + } + } + } + usort($syslist,'app_name_compare'); + +// logger('apps: ' . print_r($syslist,true)); + + foreach($syslist as $app) { + $apps[] = app_render($app,$mode); + } + + return replace_macros(get_markup_template('myapps.tpl'), array( + '$sitename' => get_config('system','sitename'), + '$title' => t('Apps'), + '$apps' => $apps, + )); + +} diff --git a/mod/attach.php b/mod/attach.php new file mode 100644 index 000000000..ad5dead07 --- /dev/null +++ b/mod/attach.php @@ -0,0 +1,52 @@ +<?php + +require_once('include/security.php'); +require_once('include/attach.php'); + +function attach_init(&$a) { + + if(argc() < 2) { + notice( t('Item not available.') . EOL); + return; + } + + $r = attach_by_hash(argv(1),((argc() > 2) ? intval(argv(2)) : 0)); + + if(! $r['success']) { + notice( $r['message'] . EOL); + return; + } + + $c = q("select channel_address from channel where channel_id = %d limit 1", + intval($r['data']['uid']) + ); + + if(! $c) + return; + + + $unsafe_types = array('text/html','text/css','application/javascript'); + + if(in_array($r['data']['filetype'],$unsafe_types)) { + header('Content-type: text/plain'); + } + else { + header('Content-type: ' . $r['data']['filetype']); + } + + header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"'); + if(intval($r['data']['os_storage'])) { + $fname = dbunescbin($r['data']['data']); + $istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb'); + $ostream = fopen('php://output','wb'); + if($istream && $ostream) { + pipe_streams($istream,$ostream); + fclose($istream); + fclose($ostream); + } + } + else + echo dbunescbin($r['data']['data']); + killme(); + +} diff --git a/mod/authtest.php b/mod/authtest.php new file mode 100644 index 000000000..6ef6c22ad --- /dev/null +++ b/mod/authtest.php @@ -0,0 +1,54 @@ +<?php + +require_once('include/zot.php'); +require_once('mod/magic.php'); + +function authtest_content(&$a) { + + + $auth_success = false; + $o .= '<h3>Magic-Auth Diagnostic</h3>'; + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return $o; + } + + $o .= '<form action="authtest" method="get">'; + $o .= 'Target URL: <input type="text" style="width: 250px;" name="dest" value="' . $_GET['dest'] .'" />'; + $o .= '<input type="submit" name="submit" value="Submit" /></form>'; + + $o .= '<br /><br />'; + + if(x($_GET,'dest')) { + if(strpos($_GET['dest'],'@')) { + $_GET['dest'] = $_REQUEST['dest'] = 'https://' . substr($_GET['dest'],strpos($_GET['dest'],'@')+1) . '/channel/' . substr($_GET['dest'],0,strpos($_GET['dest'],'@')); + } + + $_REQUEST['test'] = 1; + $x = magic_init($a); + $o .= 'Local Setup returns: ' . print_r($x,true); + + + + if($x['url']) { + $z = z_fetch_url($x['url'] . '&test=1'); + if($z['success']) { + $j = json_decode($z['body'],true); + if(! $j) + $o .= 'json_decode failure from remote site. ' . print_r($z['body'],true); + $o .= 'Remote site responded: ' . print_r($j,true); + if($j['success'] && strpos($j['message'],'Authentication Success')) + $auth_success = true; + } + else { + $o .= 'fetch url failure.' . print_r($z,true); + } + } + + if(! $auth_success) + $o .= 'Authentication Failed!' . EOL; + } + + return str_replace("\n",'<br />',$o); +} diff --git a/mod/block.php b/mod/block.php new file mode 100644 index 000000000..fb5645d8a --- /dev/null +++ b/mod/block.php @@ -0,0 +1,86 @@ +<?php + +require_once('include/items.php'); +require_once('include/conversation.php'); +require_once('include/page_widgets.php'); + +function block_init(&$a) { + + $which = argv(1); + $profile = 0; + profile_load($a,$which,$profile); + + if($a->profile['profile_uid']) + head_set_icon($a->profile['thumb']); + +} + + +function block_content(&$a) { + + if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + if(argc() < 3) { + notice( t('Invalid item.') . EOL); + return; + } + + $channel_address = argv(1); + $page_id = argv(2); + + $u = q("select channel_id from channel where channel_address = '%s' limit 1", + dbesc($channel_address) + ); + + if(! $u) { + notice( t('Channel not found.') . EOL); + return; + } + + if($_REQUEST['rev']) + $revision = " and revision = " . intval($_REQUEST['rev']) . " "; + else + $revision = " order by revision desc "; + + require_once('include/security.php'); + $sql_options = item_permissions_sql($u[0]['channel_id']); + + $r = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and service = 'BUILDBLOCK' and + item_type = %d $sql_options $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_TYPE_BUILDBLOCK) + ); + + if(! $r) { + + // Check again with no permissions clause to see if it is a permissions issue + + $x = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and service = 'BUILDBLOCK' and + item_type = %d $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_TYPE_BUILDBLOCK) + ); + if($x) { + // Yes, it's there. You just aren't allowed to see it. + notice( t('Permission denied.') . EOL); + } + else { + notice( t('Page not found.') . EOL); + } + return; + } + + xchan_query($r); + $r = fetch_post_tags($r,true); + + $o .= prepare_page($r[0]); + return $o; + +} diff --git a/mod/blocks.php b/mod/blocks.php new file mode 100644 index 000000000..95979a304 --- /dev/null +++ b/mod/blocks.php @@ -0,0 +1,164 @@ +<?php + +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + +function blocks_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} + + +function blocks_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $which = argv(1); + + $_SESSION['return_url'] = $a->query_string; + + $uid = local_channel(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + // Block design features from visitors + + if((! $uid) || ($uid != $owner)) { + notice( t('Permission denied.') . EOL); + return; + } + + $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); + + if(! $mimetype) { + $mimetype = 'choose'; + } + + $x = array( + 'webpage' => ITEM_TYPE_BUILDBLOCK, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'showacl' => false, + 'visitor' => true, + 'mimetype' => $mimetype, + 'ptlabel' => t('Block Name'), + 'profile_uid' => intval($owner), + 'expanded' => true, + 'novoting' => true + ); + + if($_REQUEST['title']) + $x['title'] = $_REQUEST['title']; + if($_REQUEST['body']) + $x['body'] = $_REQUEST['body']; + if($_REQUEST['pagetitle']) + $x['pagetitle'] = $_REQUEST['pagetitle']; + + $editor = status_editor($a,$x); + + $r = q("select iid, sid, mid, title, body, mimetype, created, edited from item_id left join item on item_id.iid = item.id + where item_id.uid = %d and service = 'BUILDBLOCK' and item_type = %d order by item.created desc", + intval($owner), + intval(ITEM_TYPE_BUILDBLOCK) + ); + + $pages = null; + + if($r) { + $pages = array(); + foreach($r as $rr) { + $element_arr = array( + 'type' => 'block', + 'title' => $rr['title'], + 'body' => $rr['body'], + 'created' => $rr['created'], + 'edited' => $rr['edited'], + 'mimetype' => $rr['mimetype'], + 'pagetitle' => $rr['sid'], + 'mid' => $rr['mid'] + ); + $pages[$rr['iid']][] = array( + 'url' => $rr['iid'], + 'name' => $rr['sid'], + 'title' => $rr['title'], + 'created' => $rr['created'], + 'edited' => $rr['edited'], + 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]' + ); + } + } + + //Build the base URL for edit links + $url = z_root() . '/editblock/' . $which; + + $o .= replace_macros(get_markup_template('blocklist.tpl'), array( + '$baseurl' => $url, + '$title' => t('Blocks'), + '$name' => t('Block Name'), + '$blocktitle' => t('Block Title'), + '$created' => t('Created'), + '$edited' => t('Edited'), + '$create' => t('Create'), + '$edit' => t('Edit'), + '$share' => t('Share'), + '$delete' => t('Delete'), + '$editor' => $editor, + '$pages' => $pages, + '$channel' => $which, + '$view' => t('View'), + '$preview' => '1', + )); + + return $o; +} diff --git a/mod/bookmarks.php b/mod/bookmarks.php new file mode 100644 index 000000000..c3d25253f --- /dev/null +++ b/mod/bookmarks.php @@ -0,0 +1,90 @@ +<?php + +function bookmarks_init(&$a) { + if(! local_channel()) + return; + $item_id = intval($_REQUEST['item']); + if(! $item_id) + return; + + $u = $a->get_channel(); + + $item_normal = item_normal(); + + $i = q("select * from item where id = %d and uid = %d $item_normal limit 1", + intval($item_id), + intval(local_channel()) + ); + + if(! $i) + return; + + $i = fetch_post_tags($i); + + $item = $i[0]; + + $terms = get_terms_oftype($item['term'],TERM_BOOKMARK); + + if($terms) { + require_once('include/bookmarks.php'); + + $s = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['author_xchan']) + ); + if(! $s) { + logger('mod_bookmarks: author lookup failed.'); + killme(); + } + foreach($terms as $t) { + bookmark_add($u,$s[0],$t,$item['item_private']); + info( t('Bookmark added') . EOL); + } + } + killme(); +} + +function bookmarks_content(&$a) { + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + + require_once('include/menu.php'); + require_once('include/conversation.php'); + + $channel = $a->get_channel(); + + $o = profile_tabs($a,true,$channel['channel_address']); + + $o .= '<div class="generic-content-wrapper-styled">'; + + $o .= '<h3>' . t('My Bookmarks') . '</h3>'; + + $x = menu_list(local_channel(),'',MENU_BOOKMARK); + + if($x) { + foreach($x as $xx) { + $y = menu_fetch($xx['menu_name'],local_channel(),get_observer_hash()); + $o .= menu_render($y,'',true); + } + } + + $o .= '<h3>' . t('My Connections Bookmarks') . '</h3>'; + + + $x = menu_list(local_channel(),'',MENU_SYSTEM|MENU_BOOKMARK); + + if($x) { + foreach($x as $xx) { + $y = menu_fetch($xx['menu_name'],local_channel(),get_observer_hash()); + $o .= menu_render($y,'',true); + } + } + + $o .= '</div>'; + + return $o; + +} + diff --git a/mod/branchtopic.php b/mod/branchtopic.php new file mode 100644 index 000000000..d49bbaf4c --- /dev/null +++ b/mod/branchtopic.php @@ -0,0 +1,41 @@ +<?php + +function branchtopic_init(&$a) { + + if(! local_channel()) + return; + + $item_id = 0; + + if(argc() > 1) + $item_id = intval(argv(1)); + + if(! $item_id) + return; + + $channel = $a->get_channel(); + + if(! $channel) + return; + + + $r = q("select * from item where id = %d and uid = %d and owner_xchan = '%s' and id != parent limit 1", + intval($item_id), + intval(local_channel()), + dbesc($channel['channel_hash']) + ); + + if(! $r) + return; + + $p = q("select * from item where id = %d and uid = %d limit 1", + intval($r[0]['parent']), + intval(local_channel()) + ); + + $x = q("update item set parent = id, route = '', item_thread_top = 1 where id = %d", + intval($item_id) + ); + + return; +} diff --git a/mod/channel.php b/mod/channel.php new file mode 100644 index 000000000..9a98ade60 --- /dev/null +++ b/mod/channel.php @@ -0,0 +1,356 @@ +<?php + +require_once('include/contact_widgets.php'); +require_once('include/items.php'); +require_once("include/bbcode.php"); +require_once('include/security.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); +require_once('include/permissions.php'); + + +function channel_init(&$a) { + + $which = null; + if(argc() > 1) + $which = argv(1); + if(! $which) { + if(local_channel()) { + $channel = $a->get_channel(); + if($channel && $channel['channel_address']) + $which = $channel['channel_address']; + } + } + if(! $which) { + notice( t('You must be logged in to see this page.') . EOL ); + return; + } + + $profile = 0; + $channel = $a->get_channel(); + + if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + $profile = argv(1); + } + + $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which .'" />' . "\r\n" ; + + +// Not yet ready for prime time +// $a->page['htmlhead'] .= '<link rel="openid.server" href="' . $a->get_baseurl() . '/id/' . $which .'?f=" />' . "\r\n" ; +// $a->page['htmlhead'] .= '<link rel="openid.delegate" href="' . $a->get_baseurl() . '/channel/' . $which .'" />' . "\r\n" ; + + // Run profile_load() here to make sure the theme is set before + // we start loading content + + profile_load($a,$which,$profile); + +} + +function channel_content(&$a, $update = 0, $load = false) { + + + if($load) + $_SESSION['loadtime'] = datetime_convert(); + + + $category = $datequery = $datequery2 = ''; + + $mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : ''); + + $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); + $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); + + if(get_config('system','block_public') && (! get_account_id()) && (! remote_channel())) { + return login(); + } + + $category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : ''); + $hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : ''); + + $groups = array(); + + $o = ''; + + if($update) { + // Ensure we've got a profile owner if updating. + $a->profile['profile_uid'] = $a->profile_uid = $update; + } + else { + if($a->profile['profile_uid'] == local_channel()) { + nav_set_selected('home'); + } + } + + $is_owner = (((local_channel()) && ($a->profile['profile_uid'] == local_channel())) ? true : false); + + $channel = $a->get_channel(); + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($a->profile['profile_uid'],$ob_hash); + + if(! $perms['view_stream']) { + // We may want to make the target of this redirect configurable + if($perms['view_profile']) { + notice( t('Insufficient permissions. Request redirected to profile page.') . EOL); + goaway (z_root() . "/profile/" . $a->profile['channel_address']); + } + notice( t('Permission denied.') . EOL); + return; + } + + + if(! $update) { + + $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); + + $o .= common_friends_visitor_widget($a->profile['profile_uid']); + + if($channel && $is_owner) { + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + } + else + $channel_acl = array(); + + + if($perms['post_wall']) { + + $x = array( + 'is_owner' => $is_owner, + 'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig($a->profile['profile_uid'],'system','use_browser_location')))) ? true : false), + 'default_location' => (($is_owner) ? $a->profile['channel_location'] : ''), + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'), + 'acl' => (($is_owner) ? populate_acl($channel_acl) : ''), + 'showacl' => (($is_owner) ? 'yes' : ''), + 'bang' => '', + 'visitor' => (($is_owner || $observer) ? true : false), + 'profile_uid' => $a->profile['profile_uid'] + ); + + $o .= status_editor($a,$x); + } + + } + + + /** + * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups + */ + + $item_normal = item_normal(); + $sql_extra = item_permissions_sql($a->profile['profile_uid']); + + if(get_pconfig($a->profile['profile_uid'],'system','channel_list_mode') && (! $mid)) + $page_mode = 'list'; + else + $page_mode = 'client'; + + + $abook_uids = " and abook.abook_channel = " . intval($a->profile['profile_uid']) . " "; + + $simple_update = (($update) ? " AND item_unseen = 1 " : ''); + + if($update && $_SESSION['loadtime']) + $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; + if($load) + $simple_update = ''; + + if(($update) && (! $load)) { + if ($mid) { + $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal + AND item_wall = 1 AND item_unseen = 1 $sql_extra limit 1", + dbesc($mid . '%'), + intval($a->profile['profile_uid']) + ); + } else { + $r = q("SELECT distinct parent AS `item_id`, created from item + left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) + WHERE uid = %d $item_normal + AND item_wall = 1 AND item_unseen = 1 + AND (abook.blocked = 0 or abook.abook_flags is null) + $sql_extra + ORDER BY created DESC", + intval($a->profile['profile_uid']) + ); + $_SESSION['loadtime'] = datetime_convert(); + } + + } + else { + + if(x($category)) { + $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY)); + } + if(x($hashtags)) { + $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG)); + } + + if($datequery) { + $sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery)))); + } + if($datequery2) { + $sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2)))); + } + + $itemspage = get_pconfig(local_channel(),'system','itemspage'); + $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); + + if($load || ($_COOKIE['jsAvailable'] != 1)) { + if ($mid) { + $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $item_normal + AND item_wall = 1 $sql_extra limit 1", + dbesc($mid), + intval($a->profile['profile_uid']) + ); + if (! $r) { + notice( t('Permission denied.') . EOL); + } + + } else { + $r = q("SELECT distinct id AS item_id, created FROM item + left join abook on item.author_xchan = abook.abook_xchan + WHERE uid = %d $item_normal + AND item_wall = 1 and item_thread_top = 1 + AND (abook_blocked = 0 or abook.abook_flags is null) + $sql_extra $sql_extra2 + ORDER BY created DESC $pager_sql ", + intval($a->profile['profile_uid']) + ); + } + } + else { + $r = array(); + } + } + + if($r) { + + $parents_str = ids_to_querystr($r,'item_id'); + + $items = q("SELECT `item`.*, `item`.`id` AS `item_id` + FROM `item` + WHERE `item`.`uid` = %d $item_normal + AND `item`.`parent` IN ( %s ) + $sql_extra ", + intval($a->profile['profile_uid']), + dbesc($parents_str) + ); + + xchan_query($items); + $items = fetch_post_tags($items, true); + $items = conv_sort($items,'created'); + + if ($load && $mid && (! count($items))) { + // This will happen if we don't have sufficient permissions + // to view the parent item (or the item itself if it is toplevel) + notice( t('Permission denied.') . EOL); + } + + } else { + $items = array(); + } + + + + + + if((! $update) && (! $load)) { + + // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, + // because browser prefetching might change it on us. We have to deliver it with the page. + + $maxheight = get_pconfig($a->profile['profile_uid'],'system','channel_divmore_height'); + if(! $maxheight) + $maxheight = 400; + + $o .= '<div id="live-channel"></div>' . "\r\n"; + $o .= "<script> var profile_uid = " . $a->profile['profile_uid'] + . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] + . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; + + $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + '$baseurl' => z_root(), + '$pgtype' => 'channel', + '$uid' => (($a->profile['profile_uid']) ? $a->profile['profile_uid'] : '0'), + '$gid' => '0', + '$cid' => '0', + '$cmin' => '0', + '$cmax' => '0', + '$star' => '0', + '$liked' => '0', + '$conv' => '0', + '$spam' => '0', + '$nouveau' => '0', + '$wall' => '1', + '$fh' => '0', + '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), + '$search' => '', + '$order' => '', + '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), + '$file' => '', + '$cats' => (($category) ? $category : ''), + '$tags' => (($hashtags) ? $hashtags : ''), + '$mid' => $mid, + '$verb' => '', + '$dend' => $datequery, + '$dbegin' => $datequery2 + )); + + + } + + $update_unseen = ''; + + if($page_mode === 'list') { + + /** + * in "list mode", only mark the parent item and any like activities as "seen". + * We won't distinguish between comment likes and post likes. The important thing + * is that the number of unseen comments will be accurate. The SQL to separate the + * comment likes could also get somewhat hairy. + */ + + if($parents_str) { + $update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )"; + $update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) "; + } + } + else { + if($parents_str) { + $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )"; + } + } + + if($is_owner && $update_unseen) { + $r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen", + intval(local_channel()) + ); + } + + + if($_COOKIE['jsAvailable'] == 1) { + $o .= conversation($a,$items,'channel',$update,$page_mode); + } else { + $o .= conversation($a,$items,'channel',$update,'traditional'); + } + + if((! $update) || ($_COOKIE['jsAvailable'] != 1)) { + $o .= alt_pager($a,count($items)); + if ($mid && $items[0]['title']) + $a->page['title'] = $items[0]['title'] . " - " . $a->page['title']; + } + + if($mid) + $o .= '<div id="content-complete"></div>'; + + return $o; +} diff --git a/mod/chanview.php b/mod/chanview.php new file mode 100644 index 000000000..0cbcb2e57 --- /dev/null +++ b/mod/chanview.php @@ -0,0 +1,104 @@ +<?php + +require_once('include/Contact.php'); +require_once('include/zot.php'); + +function chanview_content(&$a) { + + $observer = $a->get_observer(); + $xchan = null; + + $r = null; + + if($_REQUEST['hash']) { + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($_REQUEST['hash']) + ); + } + if($_REQUEST['address']) { + $r = q("select * from xchan where xchan_addr = '%s' limit 1", + dbesc($_REQUEST['address']) + ); + } + elseif(local_channel() && intval($_REQUEST['cid'])) { + $r = q("SELECT abook.*, xchan.* + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and abook_id = %d LIMIT 1", + intval(local_channel()), + intval($_REQUEST['cid']) + ); + } + elseif($_REQUEST['url']) { + + // if somebody re-installed they will have more than one xchan, use the most recent name date as this is + // the most useful consistently ascending table item we have. + + $r = q("select * from xchan where xchan_url = '%s' order by xchan_name_date desc limit 1", + dbesc($_REQUEST['url']) + ); + } + if($r) { + $a->poi = $r[0]; + } + + + // Here, let's see if we have an xchan. If we don't, how we proceed is determined by what + // info we do have. If it's a URL, we can offer to visit it directly. If it's a webbie or + // address, we can and should try to import it. If it's just a hash, we can't continue, but we + // probably wouldn't have a hash if we don't already have an xchan for this channel. + + if(! $a->poi) { + logger('mod_chanview: fallback'); + // This is hackish - construct a zot address from the url + if($_REQUEST['url']) { + if(preg_match('/https?\:\/\/(.*?)(\/channel\/|\/profile\/)(.*?)$/ism',$_REQUEST['url'],$matches)) { + $_REQUEST['address'] = $matches[3] . '@' . $matches[1]; + } + logger('mod_chanview: constructed address ' . print_r($matches,true)); + } + + if($_REQUEST['address']) { + $ret = zot_finger($_REQUEST['address'],null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + $r = q("select * from xchan where xchan_addr = '%s' limit 1", + dbesc($_REQUEST['address']) + ); + if($r) + $a->poi = $r[0]; + } + + } + } + + if(! $a->poi) { +// We don't know who this is, and we can't figure it out from the URL +// On the plus side, there's a good chance we know somebody else at that +// hub so sending them there with a Zid will probably work anyway. + $url = ($_REQUEST['url']); + if($observer) + $url = zid($url); + } + + if ($a->poi) { + $url = $a->poi['xchan_url']; + if($observer) + $url = zid($url); + } + // let somebody over-ride the iframed viewport presentation + // or let's just declare this a failed experiment. + +// if((! local_channel()) || (get_pconfig(local_channel(),'system','chanview_full'))) + + goaway($url); + +// $o = replace_macros(get_markup_template('chanview.tpl'),array( +// '$url' => $url, +// '$full' => t('toggle full screen mode') +// )); + +// return $o; + +} diff --git a/mod/chat.php b/mod/chat.php new file mode 100644 index 000000000..c54d29313 --- /dev/null +++ b/mod/chat.php @@ -0,0 +1,235 @@ +<?php /** @file */ + +require_once('include/chat.php'); +require_once('include/bookmarks.php'); + +function chat_init(&$a) { + + $which = null; + if(argc() > 1) + $which = argv(1); + if(! $which) { + if(local_channel()) { + $channel = $a->get_channel(); + if($channel && $channel['channel_address']) + $which = $channel['channel_address']; + } + } + if(! $which) { + notice( t('You must be logged in to see this page.') . EOL ); + return; + } + + $profile = 0; + $channel = $a->get_channel(); + + if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + $profile = argv(1); + } + + $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which .'" />' . "\r\n" ; + + // Run profile_load() here to make sure the theme is set before + // we start loading content + + profile_load($a,$which,$profile); + +} + +function chat_post(&$a) { + + if($_POST['room_name']) + $room = strip_tags(trim($_POST['room_name'])); + + if((! $room) || (! local_channel())) + return; + + $channel = $a->get_channel(); + + + if($_POST['action'] === 'drop') { + logger('delete chatroom'); + chatroom_destroy($channel,array('cr_name' => $room)); + goaway(z_root() . '/chat/' . $channel['channel_address']); + } + + + $arr = array('name' => $room); + $arr['allow_gid'] = perms2str($_REQUEST['group_allow']); + $arr['allow_cid'] = perms2str($_REQUEST['contact_allow']); + $arr['deny_gid'] = perms2str($_REQUEST['group_deny']); + $arr['deny_cid'] = perms2str($_REQUEST['contact_deny']); + + chatroom_create($channel,$arr); + + $x = q("select cr_id from chatroom where cr_name = '%s' and cr_uid = %d limit 1", + dbesc($room), + intval(local_channel()) + ); + + if($x) + goaway(z_root() . '/chat/' . $channel['channel_address'] . '/' . $x[0]['cr_id']); + + // that failed. Try again perhaps? + + goaway(z_root() . '/chat/' . $channel['channel_address'] . '/new'); + + +} + + +function chat_content(&$a) { + + if(local_channel()) + $channel = $a->get_channel(); + + $ob = $a->get_observer(); + $observer = get_observer_hash(); + if(! $observer) { + notice( t('Permission denied.') . EOL); + return; + } + + if(! perm_is_allowed($a->profile['profile_uid'],$observer,'chat')) { + notice( t('Permission denied.') . EOL); + return; + } + + if((argc() > 3) && intval(argv(2)) && (argv(3) === 'leave')) { + chatroom_leave($observer,argv(2),$_SERVER['REMOTE_ADDR']); + goaway(z_root() . '/channel/' . argv(1)); + } + + + if((argc() > 3) && intval(argv(2)) && (argv(3) === 'status')) { + $ret = array('success' => false); + $room_id = intval(argv(2)); + if(! $room_id || ! $observer) + return; + + $r = q("select * from chatroom where cr_id = %d limit 1", + intval($room_id) + ); + if(! $r) { + json_return_and_die($ret); + } + require_once('include/security.php'); + $sql_extra = permissions_sql($r[0]['cr_uid']); + + $x = q("select * from chatroom where cr_id = %d and cr_uid = %d $sql_extra limit 1", + intval($room_id), + intval($r[0]['cr_uid']) + ); + if(! $x) { + json_return_and_die($ret); + } + $y = q("select count(*) as total from chatpresence where cp_room = %d", + intval($room_id) + ); + if($y) { + $ret['success'] = true; + $ret['chatroom'] = $r[0]['cr_name']; + $ret['inroom'] = $y[0]['total']; + } + + // figure out how to present a timestamp of the last activity, since we don't know the observer's timezone. + + $z = q("select created from chat where chat_room = %d order by created desc limit 1", + intval($room_id) + ); + if($z) { + $ret['last'] = $z[0]['created']; + } + json_return_and_die($ret); + } + + + if(argc() > 2 && intval(argv(2))) { + + $room_id = intval(argv(2)); + $bookmark_link = get_bookmark_link($ob); + + $x = chatroom_enter($observer,$room_id,'online',$_SERVER['REMOTE_ADDR']); + if(! $x) + return; + $x = q("select * from chatroom where cr_id = %d and cr_uid = %d $sql_extra limit 1", + intval($room_id), + intval($a->profile['profile_uid']) + ); + if($x) { + $private = ((($x[0]['allow_cid']) || ($x[0]['allow_gid']) || ($x[0]['deny_cid']) || ($x[0]['deny_gid'])) ? true : false); + $room_name = $x[0]['cr_name']; + if($bookmark_link) + $bookmark_link .= '&url=' . z_root() . '/chat/' . argv(1) . '/' . argv(2) . '&title=' . urlencode($x[0]['cr_name']) . (($private) ? '&private=1' : '') . '&ischat=1'; + } + else { + notice( t('Room not found') . EOL); + return; + } + + $o = replace_macros(get_markup_template('chat.tpl'),array( + '$is_owner' => ((local_channel() && local_channel() == $x[0]['cr_uid']) ? true : false), + '$room_name' => $room_name, + '$room_id' => $room_id, + '$baseurl' => z_root(), + '$nickname' => argv(1), + '$submit' => t('Submit'), + '$leave' => t('Leave Room'), + '$drop' => t('Delete This Room'), + '$away' => t('I am away right now'), + '$online' => t('I am online'), + '$bookmark_link' => $bookmark_link, + '$bookmark' => t('Bookmark this room') + + )); + return $o; + } + + + + + + if(local_channel() && argc() > 2 && argv(2) === 'new') { + + + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + require_once('include/acl_selectors.php'); + + $o = replace_macros(get_markup_template('chatroom_new.tpl'),array( + '$header' => t('New Chatroom'), + '$name' => array('room_name',t('Chatroom Name'),'', ''), + '$permissions' => t('Permissions'), + '$acl' => populate_acl($channel_acl,false), + '$submit' => t('Submit') + )); + return $o; + } + + + + require_once('include/conversation.php'); + + $o = profile_tabs($a,((local_channel() && local_channel() == $a->profile['profile_uid']) ? true : false),$a->profile['channel_address']); + + require_once('include/widgets.php'); + + $o .= replace_macros(get_markup_template('chatrooms.tpl'), array( + '$header' => sprintf( t('%1$s\'s Chatrooms'), $a->profile['name']), + '$baseurl' => z_root(), + '$nickname' => $channel['channel_address'], + '$rooms' => widget_chatroom_list(array()), + '$newroom' => t('New Chatroom'), + '$is_owner' => ((local_channel() && local_channel() == $a->profile['profile_uid']) ? 1 : 0) + )); + + return $o; + +} diff --git a/mod/chatsvc.php b/mod/chatsvc.php new file mode 100644 index 000000000..44225e6dd --- /dev/null +++ b/mod/chatsvc.php @@ -0,0 +1,159 @@ +<?php /** @file */ + +require_once('include/security.php'); + +function chatsvc_init(&$a) { + +//logger('chatsvc'); + + $ret = array('success' => false); + + $a->data['chat']['room_id'] = intval($_REQUEST['room_id']); + $x = q("select cr_uid from chatroom where cr_id = %d and cr_id != 0 limit 1", + intval($a->data['chat']['room_id']) + ); + if(! $x) + json_return_and_die($ret); + + $a->data['chat']['uid'] = $x[0]['cr_uid']; + + if(! perm_is_allowed($a->data['chat']['uid'],get_observer_hash(),'chat')) { + json_return_and_die($ret); + } + +} + +function chatsvc_post(&$a) { + + $ret = array('success' => false); + + $room_id = $a->data['chat']['room_id']; + $text = escape_tags($_REQUEST['chat_text']); + if(! $text) + return; + + $sql_extra = permissions_sql($a->data['chat']['uid']); + + $r = q("select * from chatroom where cr_uid = %d and cr_id = %d $sql_extra", + intval($a->data['chat']['uid']), + intval($a->data['chat']['room_id']) + ); + if(! $r) + json_return_and_die($ret); + + $arr = array( + 'chat_room' => $a->data['chat']['room_id'], + 'chat_xchan' => get_observer_hash(), + 'chat_text' => $text + ); + + call_hooks('chat_post',$arr); + + $x = q("insert into chat ( chat_room, chat_xchan, created, chat_text ) + values( %d, '%s', '%s', '%s' )", + intval($a->data['chat']['room_id']), + dbesc(get_observer_hash()), + dbesc(datetime_convert()), + dbesc($arr['chat_text']) + ); + + $ret['success'] = true; + json_return_and_die($ret); +} + +function chatsvc_content(&$a) { + + $status = strip_tags($_REQUEST['status']); + $room_id = intval($a->data['chat']['room_id']); + $stopped = ((x($_REQUEST,'stopped') && intval($_REQUEST['stopped'])) ? true : false); + + if($status && $room_id) { + + $x = q("select channel_address from channel where channel_id = %d limit 1", + intval($a->data['chat']['uid']) + ); + + $r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", + dbesc($status), + dbesc(datetime_convert()), + intval($room_id), + dbesc(get_observer_hash()), + dbesc($_SERVER['REMOTE_ADDR']) + ); + + goaway(z_root() . '/chat/' . $x[0]['channel_address'] . '/' . $room_id); + } + + if(! $stopped) { + + $lastseen = intval($_REQUEST['last']); + + $ret = array('success' => false); + + $sql_extra = permissions_sql($a->data['chat']['uid']); + + $r = q("select * from chatroom where cr_uid = %d and cr_id = %d $sql_extra", + intval($a->data['chat']['uid']), + intval($a->data['chat']['room_id']) + ); + if(! $r) + json_return_and_die($ret); + + $inroom = array(); + + $r = q("select * from chatpresence left join xchan on xchan_hash = cp_xchan where cp_room = %d order by xchan_name", + intval($a->data['chat']['room_id']) + ); + if($r) { + foreach($r as $rr) { + switch($rr['cp_status']) { + case 'away': + $status = t('Away'); + break; + case 'online': + default: + $status = t('Online'); + break; + } + + $inroom[] = array('img' => zid($rr['xchan_photo_m']), 'img_type' => $rr['xchan_photo_mimetype'],'name' => $rr['xchan_name'], status => $status); + } + } + + $chats = array(); + + $r = q("select * from chat left join xchan on chat_xchan = xchan_hash where chat_room = %d and chat_id > %d order by created", + intval($a->data['chat']['room_id']), + intval($lastseen) + ); + if($r) { + foreach($r as $rr) { + $chats[] = array( + 'id' => $rr['chat_id'], + 'img' => zid($rr['xchan_photo_m']), + 'img_type' => $rr['xchan_photo_mimetype'], + 'name' => $rr['xchan_name'], + 'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'), + 'localtime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'r'), + 'text' => smilies(bbcode($rr['chat_text'])) + ); + } + } + } + + $r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", + dbesc(datetime_convert()), + intval($a->data['chat']['room_id']), + dbesc(get_observer_hash()), + dbesc($_SERVER['REMOTE_ADDR']) + ); + + $ret['success'] = true; + if(! $stopped) { + $ret['inroom'] = $inroom; + $ret['chats'] = $chats; + } + json_return_and_die($ret); + +} + diff --git a/mod/cloud.php b/mod/cloud.php new file mode 100644 index 000000000..7f6dc0962 --- /dev/null +++ b/mod/cloud.php @@ -0,0 +1,120 @@ +<?php +/** + * @file mod/cloud.php + * @brief Initialize Hubzilla's cloud (SabreDAV). + * + * Module for accessing the DAV storage area. + */ + +use Sabre\DAV; +use RedMatrix\RedDAV; + +// composer autoloader for SabreDAV +require_once('vendor/autoload.php'); + +/** + * @brief Fires up the SabreDAV server. + * + * @param App &$a + */ + +function cloud_init(&$a) { + require_once('include/reddav.php'); + + if (! is_dir('store')) + os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false); + + $which = null; + if (argc() > 1) + $which = argv(1); + + $profile = 0; + + $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which . '" />' . "\r\n"; + + if ($which) + profile_load($a, $which, $profile); + + $auth = new RedDAV\RedBasicAuth(); + + $ob_hash = get_observer_hash(); + + if ($ob_hash) { + if (local_channel()) { + $channel = $a->get_channel(); + $auth->setCurrentUser($channel['channel_address']); + $auth->channel_id = $channel['channel_id']; + $auth->channel_hash = $channel['channel_hash']; + $auth->channel_account_id = $channel['channel_account_id']; + if($channel['channel_timezone']) + $auth->setTimezone($channel['channel_timezone']); + } + $auth->observer = $ob_hash; + } + + if ($_GET['davguest']) + $_SESSION['davguest'] = true; + + $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']); + + $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']); + + $rootDirectory = new RedDAV\RedDirectory('/', $auth); + + // A SabreDAV server-object + $server = new DAV\Server($rootDirectory); + // prevent overwriting changes each other with a lock backend + $lockBackend = new DAV\Locks\Backend\File('store/[data]/locks'); + $lockPlugin = new DAV\Locks\Plugin($lockBackend); + + $server->addPlugin($lockPlugin); + + // The next section of code allows us to bypass prompting for http-auth if a + // FILE is being accessed anonymously and permissions allow this. This way + // one can create hotlinks to public media files in their cloud and anonymous + // viewers won't get asked to login. + // If a DIRECTORY is accessed or there are permission issues accessing the + // file and we aren't previously authenticated via zot, prompt for HTTP-auth. + // This will be the default case for mounting a DAV directory. + // In order to avoid prompting for passwords for viewing a DIRECTORY, add + // the URL query parameter 'davguest=1'. + + $isapublic_file = false; + $davguest = ((x($_SESSION, 'davguest')) ? true : false); + + if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { + try { + $x = RedFileData('/' . $a->cmd, $auth); + if($x instanceof RedDAV\RedFile) + $isapublic_file = true; + } + catch (Exception $e) { + $isapublic_file = false; + } + } + + if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { + logger('mod_cloud: auth exception'); + http_status_exit(401, 'Permission denied.'); + } + + require_once('include/RedDAV/RedBrowser.php'); + // provide a directory view for the cloud in Hubzilla + $browser = new RedDAV\RedBrowser($auth); + $auth->setBrowserPlugin($browser); + + $server->addPlugin($browser); + + // Experimental QuotaPlugin +// require_once('include/RedDAV/QuotaPlugin.php'); +// $server->addPlugin(new RedDAV\QuotaPlugin($auth)); + + // All we need to do now, is to fire up the server + $server->exec(); + + killme(); +} diff --git a/mod/common.php b/mod/common.php new file mode 100644 index 000000000..e19a9d3a9 --- /dev/null +++ b/mod/common.php @@ -0,0 +1,67 @@ +<?php + +require_once('include/socgraph.php'); + +function common_init(&$a) { + + if(argc() > 1 && intval(argv(1))) + $channel_id = intval(argv(1)); + else { + notice( t('No channel.') . EOL ); + $a->error = 404; + return; + } + + $x = q("select channel_address from channel where channel_id = %d limit 1", + intval($channel_id) + ); + + if($x) + profile_load($a,$x[0]['channel_address'],0); + +} + +function common_content(&$a) { + + $o = ''; + + if(! $a->profile['profile_uid']) + return; + + $observer_hash = get_observer_hash(); + + + if(! perm_is_allowed($a->profile['profile_uid'],$observer_hash,'view_contacts')) { + notice( t('Permission denied.') . EOL); + return; + } + + $o .= '<h2>' . t('Common connections') . '</h2>'; + + $t = count_common_friends($a->profile['profile_uid'],$observer_hash); + + if(! $t) { + notice( t('No connections in common.') . EOL); + return $o; + } + + $r = common_friends($a->profile['profile_uid'],$observer_hash); + + if($r) { + + $tpl = get_markup_template('common_friends.tpl'); + + foreach($r as $rr) { + $o .= replace_macros($tpl,array( + '$url' => $rr['xchan_url'], + '$name' => $rr['xchan_name'], + '$photo' => $rr['xchan_photo_m'], + '$tags' => '' + )); + } + + $o .= cleardiv(); + } + + return $o; +} diff --git a/mod/connect.php b/mod/connect.php new file mode 100644 index 000000000..c36aef433 --- /dev/null +++ b/mod/connect.php @@ -0,0 +1,125 @@ +<?php /** @file */ + + +require_once('include/Contact.php'); +require_once('include/contact_widgets.php'); +require_once('include/items.php'); + + +function connect_init(&$a) { + if(argc() > 1) + $which = argv(1); + else { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $r = q("select * from channel where channel_address = '%s' limit 1", + dbesc($which) + ); + + if($r) + $a->data['channel'] = $r[0]; + + profile_load($a,$which,''); +} + +function connect_post(&$a) { + + if(! array_key_exists('channel', $a->data)) + return; + + $edit = ((local_channel() && (local_channel() == $a->data['channel']['channel_id'])) ? true : false); + + if($edit) { + $has_premium = (($a->data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? 1 : 0); + $premium = (($_POST['premium']) ? intval($_POST['premium']) : 0); + $text = escape_tags($_POST['text']); + + if($has_premium != $premium) { + $r = q("update channel set channel_pageflags = ( channel_pageflags %s %d ) where channel_id = %d", + db_getfunc('^'), + intval(PAGE_PREMIUM), + intval(local_channel()) + ); + proc_run('php','include/notifier.php','refresh_all',$a->data['channel']['channel_id']); + } + set_pconfig($a->data['channel']['channel_id'],'system','selltext',$text); + // reload the page completely to get fresh data + goaway(z_root() . '/' . $a->query_string); + + } + + $url = ''; + $observer = $a->get_observer(); + if(($observer) && ($_POST['submit'] === t('Continue'))) { + if($observer['xchan_follow']) + $url = sprintf($observer['xchan_follow'],urlencode($a->data['channel']['channel_address'] . '@' . $a->get_hostname())); + if(! $url) { + $r = q("select * from hubloc where hubloc_hash = '%s' order by hubloc_id desc limit 1", + dbesc($observer['xchan_hash']) + ); + if($r) + $url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode($a->data['channel']['channel_address'] . '@' . $a->get_hostname()); + } + } + if($url) + goaway($url . '&confirm=1'); + else + notice('Unable to connect to your home hub location.'); + +} + + + +function connect_content(&$a) { + + $edit = ((local_channel() && (local_channel() == $a->data['channel']['channel_id'])) ? true : false); + + $text = get_pconfig($a->data['channel']['channel_id'],'system','selltext'); + + if($edit) { + + $o = replace_macros(get_markup_template('sellpage_edit.tpl'),array( + '$header' => t('Premium Channel Setup'), + '$address' => $a->data['channel']['channel_address'], + '$premium' => array('premium', t('Enable premium channel connection restrictions'),(($a->data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? '1' : ''),''), + '$lbl_about' => t('Please enter your restrictions or conditions, such as paypal receipt, usage guidelines, etc.'), + '$text' => $text, + '$desc' => t('This channel may require additional steps or acknowledgement of the following conditions prior to connecting:'), + '$lbl2' => t('Potential connections will then see the following text before proceeding:'), + '$desc2' => t('By continuing, I certify that I have complied with any instructions provided on this page.'), + '$submit' => t('Submit'), + + + )); + return $o; + } + else { + if(! $text) + $text = t('(No specific instructions have been provided by the channel owner.)'); + + $submit = replace_macros(get_markup_template('sellpage_submit.tpl'), array( + '$continue' => t('Continue'), + '$address' => $a->data['channel']['channel_address'] + )); + + $o = replace_macros(get_markup_template('sellpage_view.tpl'),array( + '$header' => t('Restricted or Premium Channel'), + '$desc' => t('This channel may require additional steps or acknowledgement of the following conditions prior to connecting:'), + '$text' => prepare_text($text), + + '$desc2' => t('By continuing, I certify that I have complied with any instructions provided on this page.'), + '$submit' => $submit, + + )); + + $arr = array('channel' => $a->data['channel'],'observer' => $a->get_observer(), 'sellpage' => $o, 'submit' => $submit); + call_hooks('connect_premium', $arr); + $o = $arr['sellpage']; + + } + + return $o; +}
\ No newline at end of file diff --git a/mod/connections.php b/mod/connections.php new file mode 100644 index 000000000..2f1a1fdf5 --- /dev/null +++ b/mod/connections.php @@ -0,0 +1,416 @@ +<?php + +require_once('include/Contact.php'); +require_once('include/socgraph.php'); +require_once('include/contact_selectors.php'); +require_once('include/group.php'); +require_once('include/contact_widgets.php'); +require_once('include/zot.php'); +require_once('include/widgets.php'); + +function connections_init(&$a) { + + if(! local_channel()) + return; + + $channel = $a->get_channel(); + if($channel) + head_set_icon($channel['xchan_photo_s']); + +} + +function connections_post(&$a) { + + if(! local_channel()) + return; + + $contact_id = intval(argv(1)); + if(! $contact_id) + return; + + $orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + intval($contact_id), + intval(local_channel()) + ); + + if(! $orig_record) { + notice( t('Could not access contact record.') . EOL); + goaway(z_root() . '/connections'); + return; // NOTREACHED + } + + call_hooks('contact_edit_post', $_POST); + + $profile_id = $_POST['profile_assign']; + if($profile_id) { + $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1", + dbesc($profile_id), + intval(local_channel()) + ); + if(! count($r)) { + notice( t('Could not locate selected profile.') . EOL); + return; + } + } + + $hidden = intval($_POST['hidden']); + + $priority = intval($_POST['poll']); + if($priority > 5 || $priority < 0) + $priority = 0; + + $closeness = intval($_POST['closeness']); + if($closeness < 0) + $closeness = 99; + + $abook_my_perms = 0; + + foreach($_POST as $k => $v) { + if(strpos($k,'perms_') === 0) { + $abook_my_perms += $v; + } + } + + $new_friend = false; + + if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) { + $new_friend = true; + } + + $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_pending = %d + where abook_id = %d AND abook_channel = %d", + dbesc($profile_id), + intval($abook_my_perms), + intval($closeness), + intval(1 - intval($new_friend)), + intval($contact_id), + intval(local_channel()) + ); + + if($r) + info( t('Connection updated.') . EOL); + else + notice( t('Failed to update connection record.') . EOL); + + if((x($a->data,'abook')) && $a->data['abook']['abook_my_perms'] != $abook_my_perms + && (! intval($a->data['abook']['abook_self']))) { + proc_run('php', 'include/notifier.php', 'permission_update', $contact_id); + } + + if($new_friend) { + $channel = $a->get_channel(); + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash(local_channel(),$default_group); + if($g) + group_add_member(local_channel(),'',$a->data['abook_xchan'],$g['id']); + } + + + + // Check if settings permit ("post new friend activity" is allowed, and + // friends in general or this friend in particular aren't hidden) + // and send out a new friend activity + // TODO + + // pull in a bit of content if there is any to pull in + proc_run('php','include/onepoll.php',$contact_id); + + } + + // Refresh the structure in memory with the new data + + $r = q("SELECT abook.*, xchan.* + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and abook_id = %d LIMIT 1", + intval(local_channel()), + intval($contact_id) + ); + if($r) { + $a->data['abook'] = $r[0]; + } + + if($new_friend) { + $arr = array('channel_id' => local_channel(), 'abook' => $a->data['abook']); + call_hooks('accept_follow', $arr); + } + + connections_clone($a); + + return; + +} + +function connections_clone(&$a) { + + if(! array_key_exists('abook',$a->data)) + return; + $clone = $a->data['abook']; + + unset($clone['abook_id']); + unset($clone['abook_account']); + unset($clone['abook_channel']); + + build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone))); +} + + +function connections_content(&$a) { + + $sort_type = 0; + $o = ''; + + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return login(); + } + + $blocked = false; + $hidden = false; + $ignored = false; + $archived = false; + $unblocked = false; + $pending = false; + $unconnected = false; + $all = false; + + if(! $_REQUEST['aj']) + $_SESSION['return_url'] = $a->query_string; + + $search_flags = ''; + $head = ''; + + if(argc() == 2) { + switch(argv(1)) { + case 'blocked': + $search_flags = " and abook_blocked = 1 "; + $head = t('Blocked'); + $blocked = true; + break; + case 'ignored': + $search_flags = " and abook_ignored = 1 "; + $head = t('Ignored'); + $ignored = true; + break; + case 'hidden': + $search_flags = " and abook_hidden = 1 "; + $head = t('Hidden'); + $hidden = true; + break; + case 'archived': + $search_flags = " and abook_archived = 1 "; + $head = t('Archived'); + $archived = true; + break; + case 'pending': + $search_flags = " and abook_pending = 1 "; + $head = t('New'); + $pending = true; + nav_set_selected('intros'); + break; + case 'ifpending': + $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ", + intval(local_channel()) + ); + if($r && $r[0]['total']) { + $search_flags = " and abook_pending = 1 "; + $head = t('New'); + $pending = true; + nav_set_selected('intros'); + $a->argv[1] = 'pending'; + } + else { + $head = t('All'); + $search_flags = ''; + $all = true; + $a->argc = 1; + unset($a->argv[1]); + } + nav_set_selected('intros'); + break; +// case 'unconnected': +// $search_flags = " and abook_unconnected = 1 "; +// $head = t('Unconnected'); +// $unconnected = true; +// break; + + case 'all': + $head = t('All'); + default: + $search_flags = ''; + $all = true; + break; + + } + + $sql_extra = $search_flags; + if(argv(1) === 'pending') + $sql_extra .= " and abook_ignored = 0 "; + + } + else { + $sql_extra = " and abook_blocked = 0 "; + $unblocked = true; + } + + $search = ((x($_REQUEST,'search')) ? notags(trim($_REQUEST['search'])) : ''); + + $tabs = array( + array( + 'label' => t('Suggestions'), + 'url' => z_root() . '/suggest', + 'sel' => '', + 'title' => t('Suggest new connections'), + ), + array( + 'label' => t('New Connections'), + 'url' => z_root() . '/connections/pending', + 'sel' => ($pending) ? 'active' : '', + 'title' => t('Show pending (new) connections'), + ), + array( + 'label' => t('All Connections'), + 'url' => z_root() . '/connections/all', + 'sel' => ($all) ? 'active' : '', + 'title' => t('Show all connections'), + ), + array( + 'label' => t('Unblocked'), + 'url' => z_root() . '/connections', + 'sel' => (($unblocked) && (! $search) && (! $nets)) ? 'active' : '', + 'title' => t('Only show unblocked connections'), + ), + + array( + 'label' => t('Blocked'), + 'url' => z_root() . '/connections/blocked', + 'sel' => ($blocked) ? 'active' : '', + 'title' => t('Only show blocked connections'), + ), + + array( + 'label' => t('Ignored'), + 'url' => z_root() . '/connections/ignored', + 'sel' => ($ignored) ? 'active' : '', + 'title' => t('Only show ignored connections'), + ), + + array( + 'label' => t('Archived'), + 'url' => z_root() . '/connections/archived', + 'sel' => ($archived) ? 'active' : '', + 'title' => t('Only show archived connections'), + ), + + array( + 'label' => t('Hidden'), + 'url' => z_root() . '/connections/hidden', + 'sel' => ($hidden) ? 'active' : '', + 'title' => t('Only show hidden connections'), + ), + +// array( +// 'label' => t('Unconnected'), +// 'url' => z_root() . '/connections/unconnected', +// 'sel' => ($unconnected) ? 'active' : '', +// 'title' => t('Only show one-way connections'), +// ), + + + ); + + $tab_tpl = get_markup_template('common_tabs.tpl'); + $t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); + + $searching = false; + if($search) { + $search_hdr = $search; + $search_txt = dbesc(protect_sprintf(preg_quote($search))); + $searching = true; + } + $sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : ""); + + if($_REQUEST['gid']) { + $sql_extra .= " and xchan_hash in ( select xchan from group_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) "; + } + + $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash + where abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ", + intval(local_channel()) + ); + if($r) { + $a->set_pager_total($r[0]['total']); + $total = $r[0]['total']; + } + + $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash + WHERE abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ", + intval(local_channel()), + intval($a->pager['itemspage']), + intval($a->pager['start']) + ); + + $contacts = array(); + + if(count($r)) { + + foreach($r as $rr) { + if($rr['xchan_url']) { + $contacts[] = array( + 'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']), + 'edit_hover' => t('Edit connection'), + 'id' => $rr['abook_id'], + 'alt_text' => $alt_text, + 'dir_icon' => $dir_icon, + 'thumb' => $rr['xchan_photo_m'], + 'name' => $rr['xchan_name'], + 'username' => $rr['xchan_name'], + 'classes' => (intval($rr['abook_archived']) ? 'archived' : ''), + 'link' => z_root() . '/connedit/' . $rr['abook_id'], + 'edit' => t('Edit'), + 'url' => chanlink_url($rr['xchan_url']), + 'network' => network_to_name($rr['network']), + ); + } + } + } + + + if($_REQUEST['aj']) { + if($contacts) { + $o = replace_macros(get_markup_template('contactsajax.tpl'),array( + '$contacts' => $contacts, + '$edit' => t('Edit'), + )); + } + else { + $o = '<div id="content-complete"></div>'; + } + echo $o; + killme(); + } + else { + $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= replace_macros(get_markup_template('connections.tpl'),array( + '$header' => t('Connections') . (($head) ? ' - ' . $head : ''), + '$tabs' => $t, + '$total' => $total, + '$search' => $search_hdr, + '$desc' => t('Search your connections'), + '$finding' => (($searching) ? t('Finding: ') . "'" . $search . "'" : ""), + '$submit' => t('Find'), + '$edit' => t('Edit'), + '$cmd' => $a->cmd, + '$contacts' => $contacts, + '$paginate' => paginate($a), + + )); + } + + if(! $contacts) + $o .= '<div id="content-complete"></div>'; + + return $o; +} diff --git a/mod/connedit.php b/mod/connedit.php new file mode 100644 index 000000000..46546caa1 --- /dev/null +++ b/mod/connedit.php @@ -0,0 +1,750 @@ +<?php + +/* @file connedit.php + * @brief In this file the connection-editor form is generated and evaluated. + * + * + */ + +require_once('include/Contact.php'); +require_once('include/socgraph.php'); +require_once('include/contact_selectors.php'); +require_once('include/group.php'); +require_once('include/contact_widgets.php'); +require_once('include/zot.php'); +require_once('include/widgets.php'); + +/* @brief Initialize the connection-editor + * + * + */ + +function connedit_init(&$a) { + + if(! local_channel()) + return; + + if((argc() >= 2) && intval(argv(1))) { + $r = q("SELECT abook.*, xchan.* + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and abook_id = %d LIMIT 1", + intval(local_channel()), + intval(argv(1)) + ); + if($r) { + $a->poi = $r[0]; + } + } + + $channel = $a->get_channel(); + if($channel) + head_set_icon($channel['xchan_photo_s']); + +} + +/* @brief Evaluate posted values and set changes + * + */ + +function connedit_post(&$a) { + + if(! local_channel()) + return; + + $contact_id = intval(argv(1)); + if(! $contact_id) + return; + + $channel = $a->get_channel(); + + // TODO if configured for hassle-free permissions, we'll post the form with ajax as soon as the + // connection enable is toggled to a special autopost url and set permissions immediately, leaving + // the other form elements alone pending a manual submit of the form. The downside is that there + // will be a window of opportunity when the permissions have been set but before you've had a chance + // to review and possibly restrict them. The upside is we won't have to warn you that your connection + // can't do anything until you save the bloody form. + + $autopost = (((argc() > 2) && (argv(2) === 'auto')) ? true : false); + + $orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + intval($contact_id), + intval(local_channel()) + ); + + if(! $orig_record) { + notice( t('Could not access contact record.') . EOL); + goaway($a->get_baseurl(true) . '/connections'); + return; // NOTREACHED + } + + call_hooks('contact_edit_post', $_POST); + + if(intval($orig_record[0]['abook_self'])) { + $autoperms = intval($_POST['autoperms']); + $is_self = true; + } + else { + $autoperms = null; + $is_self = false; + } + + + $profile_id = $_POST['profile_assign']; + if($profile_id) { + $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1", + dbesc($profile_id), + intval(local_channel()) + ); + if(! count($r)) { + notice( t('Could not locate selected profile.') . EOL); + return; + } + } + + $abook_incl = escape_tags($_POST['abook_incl']); + $abook_excl = escape_tags($_POST['abook_excl']); + + $hidden = intval($_POST['hidden']); + + $priority = intval($_POST['poll']); + if($priority > 5 || $priority < 0) + $priority = 0; + + $closeness = intval($_POST['closeness']); + if($closeness < 0) + $closeness = 99; + + $rating = intval($_POST['rating']); + if($rating < (-10)) + $rating = (-10); + if($rating > 10) + $rating = 10; + + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); + + $abook_my_perms = 0; + + foreach($_POST as $k => $v) { + if(strpos($k,'perms_') === 0) { + $abook_my_perms += $v; + } + } + + $abook_flags = $orig_record[0]['abook_flags']; + $new_friend = false; + + if(! $is_self) { + + $signed = $orig_record[0]['abook_xchan'] . '.' . $rating . '.' . $rating_text; + + $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); + + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", + dbesc($channel['channel_hash']), + dbesc($orig_record[0]['abook_xchan']) + ); + + + if($z) { + $record = $z[0]['xlink_id']; + $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' + where xlink_id = %d", + intval($rating), + dbesc($rating_text), + dbesc($sig), + dbesc(datetime_convert()), + intval($record) + ); + } + else { + $w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", + dbesc($channel['channel_hash']), + dbesc($orig_record[0]['abook_xchan']), + intval($rating), + dbesc($rating_text), + dbesc($sig), + dbesc(datetime_convert()) + ); + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", + dbesc($channel['channel_hash']), + dbesc($orig_record[0]['abook_xchan']) + ); + if($z) + $record = $z[0]['xlink_id']; + } + if($record) { + proc_run('php','include/ratenotif.php','rating',$record); + } + } + + if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) { + $new_friend = true; + if(! $abook_my_perms) { + + $abook_my_perms = get_channel_default_perms(local_channel()); + + $role = get_pconfig(local_channel(),'system','permissions_role'); + if($role) { + $x = get_role_perms($role); + if($x['perms_accept']) + $abook_my_perms = $x['perms_accept']; + } + } + } + + + $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_pending = %d, + abook_incl = '%s', abook_excl = '%s' + where abook_id = %d AND abook_channel = %d", + dbesc($profile_id), + intval($abook_my_perms), + intval($closeness), + intval(1 - intval($new_friend)), + dbesc($abook_incl), + dbesc($abook_excl), + intval($contact_id), + intval(local_channel()) + ); + + if($orig_record[0]['abook_profile'] != $profile_id) { + //Update profile photo permissions + + logger('A new profile was assigned - updating profile photos'); + require_once('mod/profile_photo.php'); + profile_photo_set_profile_perms($profile_id); + + } + + + if($r) + info( t('Connection updated.') . EOL); + else + notice( t('Failed to update connection record.') . EOL); + + if($a->poi && $a->poi['abook_my_perms'] != $abook_my_perms + && (! intval($a->poi['abook_self']))) { + proc_run('php', 'include/notifier.php', 'permission_update', $contact_id); + } + + if($new_friend) { + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash(local_channel(),$default_group); + if($g) + group_add_member(local_channel(),'',$a->poi['abook_xchan'],$g['id']); + } + + // Check if settings permit ("post new friend activity" is allowed, and + // friends in general or this friend in particular aren't hidden) + // and send out a new friend activity + + $pr = q("select * from profile where uid = %d and is_default = 1 and hide_friends = 0", + intval($channel['channel_id']) + ); + if(($pr) && (! intval($orig_record[0]['abook_hidden'])) && (intval(get_pconfig($channel['channel_id'],'system','post_newfriend')))) { + $xarr = array(); + $xarr['verb'] = ACTIVITY_FRIEND; + $xarr['item_wall'] = 1; + $xarr['item_origin'] = 1; + $xarr['item_thread_top'] = 1; + $xarr['owner_xchan'] = $xarr['author_xchan'] = $channel['channel_hash']; + $xarr['allow_cid'] = $channel['channel_allow_cid']; + $xarr['allow_gid'] = $channel['channel_allow_gid']; + $xarr['deny_cid'] = $channel['channel_deny_cid']; + $xarr['deny_gid'] = $channel['channel_deny_gid']; + $xarr['item_private'] = (($xarr['allow_cid']||$xarr['allow_gid']||$xarr['deny_cid']||$xarr['deny_gid']) ? 1 : 0); + $obj = array( + 'type' => ACTIVITY_OBJ_PERSON, + 'title' => $a->poi['xchan_name'], + 'id' => $a->poi['xchan_hash'], + 'link' => array( + array('rel' => 'alternate', 'type' => 'text/html', 'href' => $a->poi['xchan_url']), + array('rel' => 'photo', 'type' => $a->poi['xchan_photo_mimetype'], 'href' => $a->poi['xchan_photo_l']) + ), + ); + $xarr['object'] = json_encode($obj); + $xarr['obj_type'] = ACTIVITY_OBJ_PERSON; + + $xarr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t('is now connected to') . ' ' . '[zrl=' . $a->poi['xchan_url'] . ']' . $a->poi['xchan_name'] . '[/zrl]'; + + $xarr['body'] .= "\n\n\n" . '[zrl=' . $a->poi['xchan_url'] . '][zmg=80x80]' . $a->poi['xchan_photo_m'] . '[/zmg][/zrl]'; + + post_activity_item($xarr); + + } + + + // pull in a bit of content if there is any to pull in + proc_run('php','include/onepoll.php',$contact_id); + + } + + // Refresh the structure in memory with the new data + + $r = q("SELECT abook.*, xchan.* + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and abook_id = %d LIMIT 1", + intval(local_channel()), + intval($contact_id) + ); + if($r) { + $a->poi = $r[0]; + } + + if($new_friend) { + $arr = array('channel_id' => local_channel(), 'abook' => $a->poi); + call_hooks('accept_follow', $arr); + } + + if(! is_null($autoperms)) + set_pconfig(local_channel(),'system','autoperms',(($autoperms) ? $abook_my_perms : 0)); + + connedit_clone($a); + + return; + +} + +/* @brief Clone connection + * + * + */ + +function connedit_clone(&$a) { + + if(! $a->poi) + return; + $clone = $a->poi; + + unset($clone['abook_id']); + unset($clone['abook_account']); + unset($clone['abook_channel']); + + build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone))); +} + +/* @brief Generate content of connection edit page + * + * + */ + +function connedit_content(&$a) { + + $sort_type = 0; + $o = ''; + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return login(); + } + + $channel = $a->get_channel(); + $my_perms = get_channel_default_perms(local_channel()); + $role = get_pconfig(local_channel(),'system','permissions_role'); + if($role) { + $x = get_role_perms($role); + if($x['perms_accept']) + $my_perms = $x['perms_accept']; + } + + if($my_perms) { + $o .= "<script>function connectDefaultShare() { + \$('.abook-edit-me').each(function() { + if(! $(this).is(':disabled')) + $(this).prop('checked', false); + });\n\n"; + $perms = get_perms(); + foreach($perms as $p => $v) { + if($my_perms & $v[1]) { + $o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n"; + } + } + $o .= " }\n</script>\n"; + } + + if(argc() == 3) { + + $contact_id = intval(argv(1)); + if(! $contact_id) + return; + + $cmd = argv(2); + + $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_id = %d AND abook_channel = %d AND abook_self = 0 LIMIT 1", + intval($contact_id), + intval(local_channel()) + ); + + if(! count($orig_record)) { + notice( t('Could not access address book record.') . EOL); + goaway($a->get_baseurl(true) . '/connections'); + } + + if($cmd === 'update') { + + // pull feed and consume it, which should subscribe to the hub. + proc_run('php',"include/poller.php","$contact_id"); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + + } + + if($cmd === 'refresh') { + if(! zot_refresh($orig_record[0],get_app()->get_channel())) + notice( t('Refresh failed - channel is currently unavailable.') ); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + if($cmd === 'block') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_BLOCKED)) { + info((intval($orig_record[0]['abook_blocked']) + ? t('Channel has been unblocked') + : t('Channel has been blocked')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + if($cmd === 'ignore') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_IGNORED)) { + info((intval($orig_record[0]['abook_ignored']) + ? t('Channel has been unignored') + : t('Channel has been ignored')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + if($cmd === 'archive') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_ARCHIVED)) { + info((intval($orig_record[0]['abook_archived']) + ? t('Channel has been unarchived') + : t('Channel has been archived')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + if($cmd === 'hide') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_HIDDEN)) { + info((intval($orig_record[0]['abook_hidden']) + ? t('Channel has been unhidden') + : t('Channel has been hidden')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + // We'll prevent somebody from unapproving an already approved contact. + // Though maybe somebody will want this eventually (??) + + if($cmd === 'approve') { + if(intval($orig_record[0]['abook_pending'])) { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_PENDING)) { + info((intval($orig_record[0]['abook_pending']) + ? t('Channel has been approved') + : t('Channel has been unapproved')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + } + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); + } + + + if($cmd === 'drop') { + + require_once('include/Contact.php'); + +// FIXME +// We need to send either a purge or a refresh packet to the other side (the channel being unfriended). +// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs +// in the background there could be a race condition preventing this packet from being sent in all cases. +// PLACEHOLDER + + contact_remove(local_channel(), $orig_record[0]['abook_id']); + build_sync_packet(0 /* use the current local_channel */, + array('abook' => array(array( + 'abook_xchan' => $orig_record[0]['abook_xchan'], + 'entry_deleted' => true)) + ) + ); + + info( t('Connection has been removed.') . EOL ); + if(x($_SESSION,'return_url')) + goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']); + goaway($a->get_baseurl(true) . '/contacts'); + + } + } + + if($a->poi) { + + $contact_id = $a->poi['abook_id']; + $contact = $a->poi; + + + $tabs = array( + + array( + 'label' => t('View Profile'), + 'url' => chanlink_cid($contact['abook_id']), + 'sel' => '', + 'title' => sprintf( t('View %s\'s profile'), $contact['xchan_name']), + ), + + array( + 'label' => t('Refresh Permissions'), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/refresh', + 'sel' => '', + 'title' => t('Fetch updated permissions'), + ), + + array( + 'label' => t('Recent Activity'), + 'url' => $a->get_baseurl(true) . '/network/?f=&cid=' . $contact['abook_id'], + 'sel' => '', + 'title' => t('View recent posts and comments'), + ) + ); + + $buttons = array( + array( + 'label' => (intval($contact['abook_blocked']) ? t('Unblock') : t('Block')), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/block', + 'sel' => (intval($contact['abook_blocked']) ? 'active' : ''), + 'title' => t('Block (or Unblock) all communications with this connection'), + ), + + array( + 'label' => (intval($contact['abook_ignored']) ? t('Unignore') : t('Ignore')), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/ignore', + 'sel' => (intval($contact['abook_ignored']) ? 'active' : ''), + 'title' => t('Ignore (or Unignore) all inbound communications from this connection'), + ), + array( + 'label' => (intval($contact['abook_archived']) ? t('Unarchive') : t('Archive')), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/archive', + 'sel' => (intval($contact['abook_archived']) ? 'active' : ''), + 'title' => t('Archive (or Unarchive) this connection - mark channel dead but keep content'), + ), + array( + 'label' => (intval($contact['abook_hidden']) ? t('Unhide') : t('Hide')), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/hide', + 'sel' => (intval($contact['abook_hidden']) ? 'active' : ''), + 'title' => t('Hide or Unhide this connection from your other connections'), + ), + + array( + 'label' => t('Delete'), + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/drop', + 'sel' => '', + 'title' => t('Delete this connection'), + ), + + ); + + $self = false; + + if(! intval($contact['abook_self'])) { + $tab_tpl = get_markup_template('common_tabs.tpl'); + $t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); + } + else + $self = true; + + $a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array( + '$baseurl' => $a->get_baseurl(true), + '$editselect' => $editselect + )); + + require_once('include/contact_selectors.php'); + + $tpl = get_markup_template("abook_edit.tpl"); + + if(feature_enabled(local_channel(),'affinity')) { + + $labels = array( + t('Me'), + t('Family'), + t('Friends'), + t('Acquaintances'), + t('All') + ); + call_hooks('affinity_labels',$labels); + $label_str = ''; + + if($labels) { + foreach($labels as $l) { + if($label_str) { + $label_str .= ", '|'"; + $label_str .= ", '" . $l . "'"; + } + else + $label_str .= "'" . $l . "'"; + } + } + + $slider_tpl = get_markup_template('contact_slider.tpl'); + $slide = replace_macros($slider_tpl,array( + '$min' => 1, + '$val' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 99), + '$labels' => $label_str, + )); + } + + $rating_val = 0; + $rating_text = ''; + + $xl = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", + dbesc($channel['channel_hash']), + dbesc($contact['xchan_hash']) + ); + + if($xl) { + $rating_val = intval($xl[0]['xlink_rating']); + $rating_text = $xl[0]['xlink_rating_text']; + } + + + $poco_rating = get_config('system','poco_rating_enable'); + + // if unset default to enabled + if($poco_rating === false) + $poco_rating = true; + + if($poco_rating) { + $rating = replace_macros(get_markup_template('rating_slider.tpl'),array( + '$min' => -10, + '$val' => $rating_val + )); + } + else { + $rating = false; + } + + + $perms = array(); + $channel = $a->get_channel(); + + $global_perms = get_perms(); + $existing = get_all_perms(local_channel(),$contact['abook_xchan']); + + $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication')); + + foreach($global_perms as $k => $v) { + $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : ''); + + // For auto permissions (when $self is true) we don't want to look at existing + // permissions because they are enabled for the channel owner + + if((! $self) && ($existing[$k])) + $thisperm = "1"; + + $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC || $self) ? '' : '1'), $v[4]); + } + + $o .= replace_macros($tpl,array( + + '$header' => (($self) ? t('Connection Default Permissions') : sprintf( t('Connections: settings for %s'),$contact['xchan_name'])), + '$autoperms' => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), ''), + '$addr' => $contact['xchan_addr'], + '$notself' => (($self) ? '' : '1'), + '$self' => (($self) ? '1' : ''), + '$autolbl' => t('Apply the permissions indicated on this page to all new connections.'), + '$buttons' => (($self) ? '' : $buttons), + '$viewprof' => t('View Profile'), + '$clickme' => t('Click to open/close'), + '$lbl_slider' => t('Slide to adjust your degree of friendship'), + '$lbl_rating' => t('Rating (this information is public)'), + '$lbl_rating_txt' => t('Optionally explain your rating (this information is public)'), + '$connfilter' => feature_enabled(local_channel(),'connfilter'), + '$incl' => array('abook_incl',t('Only import posts with this text'), $contact['abook_incl'],t('words one per line or #tags or /patterns/, leave blank to import all posts')), + '$excl' => array('abook_excl',t('Do not import posts with this text'), $contact['abook_excl'],t('words one per line or #tags or /patterns/, leave blank to import all posts')), + '$rating_text' => array('rating_text', t('Optionally explain your rating (this information is public)'),$rating_text,''), + '$rating' => $rating, + '$rating_val' => $rating_val, + '$slide' => $slide, + '$tabs' => $t, + '$tab_str' => $tab_str, + '$perms_step1' => t('Default permissions for your channel type have (just) been applied. They have not yet been submitted. Please review the permissions on this page and make any desired changes at this time. This new connection may <em>not</em> be able to communicate with you until you submit this page, which will install and apply the selected permissions.'), + '$is_pending' => (intval($contact['abook_pending']) ? 1 : ''), + '$unapproved' => $unapproved, + '$inherited' => t('inherited'), + '$approve' => t('Approve this connection'), + '$noperms' => (($contact['abook_my_perms']) ? false : true), + '$no_perms' => (((! $self) && (! $contact['abook_my_perms'])) ? t('Connection has no individual permissions!') : ''), + '$noperm_desc' => (((! $self) && (! $contact['abook_my_perms'])) ? t('This may be appropriate based on your <a href="settings">privacy settings</a>, though you may wish to review the "Advanced Permissions".') : ''), + '$submit' => t('Submit'), + '$lbl_vis1' => t('Profile Visibility'), + '$lbl_vis2' => sprintf( t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), + '$lbl_info1' => t('Contact Information / Notes'), + '$infedit' => t('Edit contact notes'), + '$close' => $contact['abook_closeness'], + '$them' => t('Their Settings'), + '$me' => t('My Settings'), + '$perms' => $perms, + '$perms_new' => t('Default permissions for this channel type have (just) been applied. They have <em>not</em> been saved and there are currently no stored default permissions. Please review/edit the applied settings and click [Submit] to finalize.'), + '$clear' => t('Clear/Disable Automatic Permissions'), + '$forum' => t('Forum Members'), + '$soapbox' => t('Soapbox'), + '$full' => t('Full Sharing (typical social network permissions)'), + '$cautious' => t('Cautious Sharing '), + '$follow' => t('Follow Only'), + '$permlbl' => t('Individual Permissions'), + '$permnote' => t('Some permissions may be inherited from your channel <a href="settings">privacy settings</a>, which have higher priority than individual settings. Changing those inherited settings on this page will have no effect.'), + '$advanced' => t('Advanced Permissions'), + '$quick' => t('Simple Permissions (select one and submit)'), + '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_channel() . '/' . $contact['id'], + '$all_friends' => $all_friends, + '$relation_text' => $relation_text, + '$visit' => sprintf( t('Visit %s\'s profile - %s'),$contact['xchan_name'],$contact['xchan_url']), + '$blockunblock' => t('Block/Unblock contact'), + '$ignorecont' => t('Ignore contact'), + '$lblcrepair' => t("Repair URL settings"), + '$lblrecent' => t('View conversations'), + '$lblsuggest' => $lblsuggest, + '$delete' => t('Delete contact'), + + '$poll_interval' => contact_poll_interval($contact['priority'],(! $poll_enabled)), + '$poll_enabled' => $poll_enabled, + '$lastupdtext' => t('Last update:'), + '$lost_contact' => $lost_contact, + '$updpub' => t('Update public posts'), + '$last_update' => relative_date($contact['abook_connected']), + '$udnow' => t('Update now'), + '$profile_select' => contact_profile_assign($contact['abook_profile']), + '$multiprofs' => feature_enabled(local_channel(),'multi_profiles'), + '$contact_id' => $contact['abook_id'], + '$block_text' => (($contact['blocked']) ? t('Unblock') : t('Block') ), + '$ignore_text' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ), + '$blocked' => (($contact['blocked']) ? t('Currently blocked') : ''), + '$ignored' => (($contact['readonly']) ? t('Currently ignored') : ''), + '$archived' => (($contact['archive']) ? t('Currently archived') : ''), + '$pending' => (($contact['archive']) ? t('Currently pending') : ''), + '$name' => $contact['name'], + '$alt_text' => $alt_text, + '$url' => $url + + )); + + $arr = array('contact' => $contact,'output' => $o); + + call_hooks('contact_edit', $arr); + + return $arr['output']; + + } + + +} diff --git a/mod/contactgroup.php b/mod/contactgroup.php new file mode 100644 index 000000000..61ca37054 --- /dev/null +++ b/mod/contactgroup.php @@ -0,0 +1,49 @@ +<?php + +require_once('include/group.php'); + +function contactgroup_content(&$a) { + + if(! local_channel()) { + killme(); + } + + if((argc() > 2) && (intval(argv(1))) && (argv(2))) { + $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", + dbesc(base64url_decode(argv(2))), + intval(local_channel()) + ); + if($r) + $change = $r[0]['abook_xchan']; + } + + if((argc() > 1) && (intval(argv(1)))) { + + $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", + intval(argv(1)), + intval(local_channel()) + ); + if(! $r) { + killme(); + } + + $group = $r[0]; + $members = group_get_members($group['id']); + $preselected = array(); + if(count($members)) { + foreach($members as $member) + $preselected[] = $member['xchan_hash']; + } + + if($change) { + if(in_array($change,$preselected)) { + group_rmv_member(local_channel(),$group['name'],$change); + } + else { + group_add_member(local_channel(),$group['name'],$change); + } + } + } + + killme(); +}
\ No newline at end of file diff --git a/mod/dav.php b/mod/dav.php new file mode 100644 index 000000000..d4695a544 --- /dev/null +++ b/mod/dav.php @@ -0,0 +1,142 @@ +<?php +/** + * @file mod/dav.php + * @brief Initialize Hubzilla's cloud (SabreDAV). + * + * Module for accessing the DAV storage area from a DAV client. + */ + +use Sabre\DAV; +use RedMatrix\RedDAV; + +// composer autoloader for SabreDAV +require_once('vendor/autoload.php'); + +// workaround for HTTP-auth in CGI mode +if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } +} + +if (x($_SERVER, 'HTTP_AUTHORIZATION')) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } +} + +/** + * @brief Fires up the SabreDAV server. + * + * @param App &$a + */ +function dav_init(&$a) { + + require_once('include/reddav.php'); + + if (! is_dir('store')) + os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false); + + $which = null; + if (argc() > 1) + $which = argv(1); + + $profile = 0; + + $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which . '" />' . "\r\n"; + + if ($which) + profile_load($a, $which, $profile); + + $auth = new RedDAV\RedBasicAuth(); + + $ob_hash = get_observer_hash(); + + if ($ob_hash) { + if (local_channel()) { + $channel = $a->get_channel(); + $auth->setCurrentUser($channel['channel_address']); + $auth->channel_id = $channel['channel_id']; + $auth->channel_hash = $channel['channel_hash']; + $auth->channel_account_id = $channel['channel_account_id']; + if($channel['channel_timezone']) + $auth->setTimezone($channel['channel_timezone']); + } + $auth->observer = $ob_hash; + } + + if ($_GET['davguest']) + $_SESSION['davguest'] = true; + + $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']); + + $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']); + + $rootDirectory = new RedDAV\RedDirectory('/', $auth); + + // A SabreDAV server-object + $server = new DAV\Server($rootDirectory); + // prevent overwriting changes each other with a lock backend + $lockBackend = new DAV\Locks\Backend\File('store/[data]/locks'); + $lockPlugin = new DAV\Locks\Plugin($lockBackend); + + $server->addPlugin($lockPlugin); + + // The next section of code allows us to bypass prompting for http-auth if a + // FILE is being accessed anonymously and permissions allow this. This way + // one can create hotlinks to public media files in their cloud and anonymous + // viewers won't get asked to login. + // If a DIRECTORY is accessed or there are permission issues accessing the + // file and we aren't previously authenticated via zot, prompt for HTTP-auth. + // This will be the default case for mounting a DAV directory. + // In order to avoid prompting for passwords for viewing a DIRECTORY, add + // the URL query parameter 'davguest=1'. + + $isapublic_file = false; + $davguest = ((x($_SESSION, 'davguest')) ? true : false); + + if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { + try { + $x = RedFileData('/' . $a->cmd, $auth); + if($x instanceof RedDAV\RedFile) + $isapublic_file = true; + } + catch (Exception $e) { + $isapublic_file = false; + } + } + + if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { + try { + $auth->Authenticate($server, t('$Projectname channel')); + } + catch (Exception $e) { + logger('mod_cloud: auth exception' . $e->getMessage()); + http_status_exit($e->getHTTPCode(), $e->getMessage()); + } + } + + require_once('include/RedDAV/RedBrowser.php'); + // provide a directory view for the cloud in Hubzilla + $browser = new RedDAV\RedBrowser($auth); + $auth->setBrowserPlugin($browser); + + // Experimental QuotaPlugin +// require_once('include/RedDAV/QuotaPlugin.php'); +// $server->addPlugin(new RedDAV\QuotaPlugin($auth)); + + // All we need to do now, is to fire up the server + $server->exec(); + + killme(); +} diff --git a/mod/directory.php b/mod/directory.php new file mode 100644 index 000000000..f01efc053 --- /dev/null +++ b/mod/directory.php @@ -0,0 +1,401 @@ +<?php + +require_once('include/socgraph.php'); +require_once('include/dir_fns.php'); +require_once('include/widgets.php'); +require_once('include/bbcode.php'); + +function directory_init(&$a) { + $a->set_pager_itemspage(60); + + if(x($_GET,'ignore')) { + q("insert into xign ( uid, xchan ) values ( %d, '%s' ) ", + intval(local_channel()), + dbesc($_GET['ignore']) + ); + goaway(z_root() . '/directory?suggest=1'); + } + + $observer = get_observer_hash(); + $global_changed = false; + $safe_changed = false; + + if(array_key_exists('global',$_REQUEST)) { + $globaldir = intval($_REQUEST['global']); + $global_changed = true; + } + if($global_changed) { + $_SESSION['globaldir'] = $globaldir; + if($observer) + set_xconfig($observer,'directory','globaldir',$globaldir); + } + + if(array_key_exists('safe',$_REQUEST)) { + $safemode = intval($_REQUEST['safe']); + $safe_changed = true; + } + if($safe_changed) { + $_SESSION['safemode'] = $safemode; + if($observer) + set_xconfig($observer,'directory','safe_mode',$safemode); + } + +} + +function directory_content(&$a) { + + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + notice( t('Public access denied.') . EOL); + return; + } + + $observer = get_observer_hash(); + + $globaldir = get_globaldir_setting($observer); + // override your personal global search pref if we're doing a navbar search of the directory + if(intval($_REQUEST['navsearch'])) + $globaldir = 1; + + $safe_mode = get_safemode_setting($observer); + + $pubforums = null; + if(array_key_exists('pubforums',$_REQUEST)) + $pubforums = intval($_REQUEST['pubforums']); + if(! $pubforums) + $pubforums = null; + + $o = ''; + nav_set_selected('directory'); + + if(x($_POST,'search')) + $search = notags(trim($_POST['search'])); + else + $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); + + + if(strpos($search,'=') && local_channel() && get_pconfig(local_channel(),'feature','expert')) + $advanced = $search; + + + $keywords = (($_GET['keywords']) ? $_GET['keywords'] : ''); + + // Suggest channels if no search terms or keywords are given + $suggest = (local_channel() && x($_REQUEST,'suggest')) ? $_REQUEST['suggest'] : ''; + + if($suggest) { + + $r = suggestion_query(local_channel(),get_observer_hash()); + + // Remember in which order the suggestions were + $addresses = array(); + $common = array(); + $index = 0; + foreach($r as $rr) { + $common[$rr['xchan_addr']] = $rr['total']; + $addresses[$rr['xchan_addr']] = $index++; + } + + // Build query to get info about suggested people + $advanced = ''; + foreach(array_keys($addresses) as $address) { + $advanced .= "address=\"$address\" "; + } + // Remove last space in the advanced query + $advanced = rtrim($advanced); + + } + + $tpl = get_markup_template('directory_header.tpl'); + + $dirmode = intval(get_config('system','directory_mode')); + + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { + $url = z_root() . '/dirsearch'; + } + if(! $url) { + $directory = find_upstream_directory($dirmode); + $url = $directory['url'] . '/dirsearch'; + } + + $token = get_config('system','realm_token'); + + + logger('mod_directory: URL = ' . $url, LOGGER_DEBUG); + + $contacts = array(); + + if(local_channel()) { + $x = q("select abook_xchan from abook where abook_channel = %d", + intval(local_channel()) + ); + if($x) { + foreach($x as $xx) + $contacts[] = $xx['abook_xchan']; + } + } + + if($url) { + // We might want to make the tagadelic count (&kw=) configurable or turn it off completely. + + $numtags = get_config('system','directorytags'); + + $kw = ((intval($numtags)) ? $numtags : 50); + $query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : ''); + + if($token) + $query .= '&t=' . $token; + + if(! $globaldir) + $query .= '&hub=' . get_app()->get_hostname(); + + if($search) + $query .= '&name=' . urlencode($search) . '&keywords=' . urlencode($search); + if(strpos($search,'@')) + $query .= '&address=' . urlencode($search); + if($keywords) + $query .= '&keywords=' . urlencode($keywords); + if($advanced) + $query .= '&query=' . urlencode($advanced); + if(! is_null($pubforums)) + $query .= '&pubforums=' . intval($pubforums); + + $directory_sort_order = get_config('system','directory_sort_order'); + if(! $directory_sort_order) + $directory_sort_order = 'date'; + + $sort_order = ((x($_REQUEST,'order')) ? $_REQUEST['order'] : $directory_sort_order); + + if($sort_order) + $query .= '&order=' . urlencode($sort_order); + + if($a->pager['page'] != 1) + $query .= '&p=' . $a->pager['page']; + + logger('mod_directory: query: ' . $query); + + $x = z_fetch_url($query); + logger('directory: return from upstream: ' . print_r($x,true), LOGGER_DATA); + + if($x['success']) { + $t = 0; + $j = json_decode($x['body'],true); + if($j) { + + if($j['results']) { + + $entries = array(); + + $photo = 'thumb'; + + foreach($j['results'] as $rr) { + + $profile_link = chanlink_url($rr['url']); + + $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); + $connect_link = ((local_channel()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); + + // Checking status is disabled ATM until someone checks the performance impact more carefully + //$online = remote_online_status($rr['address']); + $online = ''; + + if(in_array($rr['hash'],$contacts)) + $connect_link = ''; + + $location = ''; + if(strlen($rr['locale'])) + $location .= $rr['locale']; + if(strlen($rr['region'])) { + if(strlen($rr['locale'])) + $location .= ', '; + $location .= $rr['region']; + } + if(strlen($rr['country'])) { + if(strlen($location)) + $location .= ', '; + $location .= $rr['country']; + } + + $age = ''; + if(strlen($rr['birthday'])) { + if(($years = age($rr['birthday'],'UTC','')) != 0) + $age = $years; + } + + $page_type = ''; + + if($rr['total_ratings']) + $total_ratings = sprintf( tt("%d rating", "%d ratings", $rr['total_ratings']), $rr['total_ratings']); + else + $total_ratings = ''; + + $profile = $rr; + + if ((x($profile,'locale') == 1) + || (x($profile,'region') == 1) + || (x($profile,'postcode') == 1) + || (x($profile,'country') == 1)) + + $gender = ((x($profile,'gender') == 1) ? t('Gender: ') . $profile['gender']: False); + + $marital = ((x($profile,'marital') == 1) ? t('Status: ') . $profile['marital']: False); + + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage: ') : False); + $homepageurl = ((x($profile,'homepage') == 1) ? $profile['homepage'] : ''); + + $hometown = ((x($profile,'hometown') == 1) ? $profile['hometown'] : False); + + $about = ((x($profile,'about') == 1) ? bbcode($profile['about']) : False); + + $keywords = ((x($profile,'keywords')) ? $profile['keywords'] : ''); + + $out = ''; + + if($keywords) { + $keywords = str_replace(',',' ', $keywords); + $keywords = str_replace(' ',' ', $keywords); + $karr = explode(' ', $keywords); + + if($karr) { + if(local_channel()) { + $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", + intval(local_channel()) + ); + if($r) { + $keywords = str_replace(',',' ', $r[0]['keywords']); + $keywords = str_replace(' ',' ', $keywords); + $marr = explode(' ', $keywords); + } + } + foreach($karr as $k) { + if(strlen($out)) + $out .= ', '; + if($marr && in_arrayi($k,$marr)) + $out .= '<strong>' . $k . '</strong>'; + else + $out .= $k; + } + } + + } + + $entry = array( + 'id' => ++$t, + 'profile_link' => $profile_link, + 'public_forum' => $rr['public_forum'], + 'photo' => $rr['photo'], + 'hash' => $rr['hash'], + 'alttext' => $rr['name'] . ((local_channel() || remote_channel()) ? ' ' . $rr['address'] : ''), + 'name' => $rr['name'], + 'age' => $age, + 'age_label' => t('Age:'), + 'profile' => $profile, + 'address' => $rr['address'], + 'nickname' => substr($rr['address'],0,strpos($rr['address'],'@')), + 'location' => $location, + 'location_label' => t('Location:'), + 'gender' => $gender, + 'total_ratings' => $total_ratings, + 'viewrate' => true, + 'canrate' => ((local_channel()) ? true : false), + 'pdesc' => $pdesc, + 'pdesc_label' => t('Description:'), + 'marital' => $marital, + 'homepage' => $homepage, + 'homepageurl' => linkify($homepageurl), + 'hometown' => $hometown, + 'hometown_label' => t('Hometown:'), + 'about' => $about, + 'about_label' => t('About:'), + 'conn_label' => t('Connect'), + 'forum_label' => t('Public Forum:'), + 'connect' => $connect_link, + 'online' => $online, + 'kw' => (($out) ? t('Keywords: ') : ''), + 'keywords' => $out, + 'ignlink' => $suggest ? $a->get_baseurl() . '/directory?ignore=' . $rr['hash'] : '', + 'ignore_label' => t('Don\'t suggest'), + 'common_friends' => (($common[$rr['address']]) ? intval($common[$rr['address']]) : ''), + 'common_label' => t('Common connections:'), + 'common_count' => intval($common[$rr['address']]), + 'safe' => $safe_mode + ); + + $arr = array('contact' => $rr, 'entry' => $entry); + + call_hooks('directory_item', $arr); + + unset($profile); + unset($location); + + if(! $arr['entry']) { + continue; + } + + if($sort_order == '' && $suggest) { + $entries[$addresses[$rr['address']]] = $arr['entry']; // Use the same indexes as originally to get the best suggestion first + } + + else { + $entries[] = $arr['entry']; + } + } + + ksort($entries); // Sort array by key so that foreach-constructs work as expected + + if($j['keywords']) { + $a->data['directory_keywords'] = $j['keywords']; + } + + logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA); + + + if($_REQUEST['aj']) { + if($entries) { + $o = replace_macros(get_markup_template('directajax.tpl'),array( + '$entries' => $entries + )); + } + else { + $o = '<div id="content-complete"></div>'; + } + echo $o; + killme(); + } + else { + $maxheight = 94; + + $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); + + $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . "; </script>"; + $o .= replace_macros($tpl, array( + '$search' => $search, + '$desc' => t('Find'), + '$finddsc' => t('Finding:'), + '$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'), + '$entries' => $entries, + '$dirlbl' => $suggest ? t('Channel Suggestions') : $dirtitle, + '$submit' => t('Find'), + '$next' => alt_pager($a,$j['records'], t('next page'), t('previous page')) + )); + + + } + + } + else { + if($_REQUEST['aj']) { + $o = '<div id="content-complete"></div>'; + echo $o; + killme(); + } + if($a->pager['page'] == 1 && $j['records'] == 0 && strpos($search,'@')) { + goaway(z_root() . '/chanview/?f=&address=' . $search); + } + info( t("No entries (some entries may be hidden).") . EOL); + } + } + } + } + return $o; +} + diff --git a/mod/dirsearch.php b/mod/dirsearch.php new file mode 100644 index 000000000..132ed252b --- /dev/null +++ b/mod/dirsearch.php @@ -0,0 +1,446 @@ +<?php + +require_once('include/dir_fns.php'); + + +function dirsearch_init(&$a) { + $a->set_pager_itemspage(60); + +} + +function dirsearch_content(&$a) { + + $ret = array('success' => false); + +// logger('request: ' . print_r($_REQUEST,true)); + + + $dirmode = intval(get_config('system','directory_mode')); + + if($dirmode == DIRECTORY_MODE_NORMAL) { + $ret['message'] = t('This site is not a directory server'); + json_return_and_die($ret); + } + + $access_token = $_REQUEST['t']; + + $token = get_config('system','realm_token'); + if($token && $access_token != $token) { + $result['message'] = t('This directory server requires an access token'); + return; + } + + + if(argc() > 1 && argv(1) === 'sites') { + $ret = list_public_sites(); + json_return_and_die($ret); + } + + $sql_extra = ''; + + + $tables = array('name','address','locale','region','postcode','country','gender','marital','sexual','keywords'); + + if($_REQUEST['query']) { + $advanced = dir_parse_query($_REQUEST['query']); + if($advanced) { + foreach($advanced as $adv) { + if(in_array($adv['field'],$tables)) { + if($adv['field'] === 'name') + $sql_extra .= dir_query_build($adv['logic'],'xchan_name',$adv['value']); + elseif($adv['field'] === 'address') + $sql_extra .= dir_query_build($adv['logic'],'xchan_addr',$adv['value']); + else + $sql_extra .= dir_query_build($adv['logic'],'xprof_' . $adv['field'],$adv['value']); + } + } + } + } + + $hash = ((x($_REQUEST['hash'])) ? $_REQUEST['hash'] : ''); + + $name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''); + $hub = ((x($_REQUEST,'hub')) ? $_REQUEST['hub'] : ''); + $address = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : ''); + $locale = ((x($_REQUEST,'locale')) ? $_REQUEST['locale'] : ''); + $region = ((x($_REQUEST,'region')) ? $_REQUEST['region'] : ''); + $postcode = ((x($_REQUEST,'postcode')) ? $_REQUEST['postcode'] : ''); + $country = ((x($_REQUEST,'country')) ? $_REQUEST['country'] : ''); + $gender = ((x($_REQUEST,'gender')) ? $_REQUEST['gender'] : ''); + $marital = ((x($_REQUEST,'marital')) ? $_REQUEST['marital'] : ''); + $sexual = ((x($_REQUEST,'sexual')) ? $_REQUEST['sexual'] : ''); + $keywords = ((x($_REQUEST,'keywords')) ? $_REQUEST['keywords'] : ''); + $agege = ((x($_REQUEST,'agege')) ? intval($_REQUEST['agege']) : 0 ); + $agele = ((x($_REQUEST,'agele')) ? intval($_REQUEST['agele']) : 0 ); + $kw = ((x($_REQUEST,'kw')) ? intval($_REQUEST['kw']) : 0 ); + $forums = ((array_key_exists('pubforums',$_REQUEST)) ? intval($_REQUEST['pubforums']) : 0); + + + + // by default use a safe search + $safe = ((x($_REQUEST,'safe'))); // ? intval($_REQUEST['safe']) : 1 ); + if ($safe === false) + $safe = 1; + + if(array_key_exists('sync',$_REQUEST)) { + if($_REQUEST['sync']) + $sync = datetime_convert('UTC','UTC',$_REQUEST['sync']); + else + $sync = datetime_convert('UTC','UTC','2010-01-01 01:01:00'); + } + else + $sync = false; + + + if($hub) + $hub_query = " and xchan_hash in (select hubloc_hash from hubloc where hubloc_host = '" . protect_sprintf(dbesc($hub)) . "') "; + else + $hub_query = ''; + + $sort_order = ((x($_REQUEST,'order')) ? $_REQUEST['order'] : ''); + + $joiner = ' OR '; + if($_REQUEST['and']) + $joiner = ' AND '; + + if($name) + $sql_extra .= dir_query_build($joiner,'xchan_name',$name); + if($address) + $sql_extra .= dir_query_build($joiner,'xchan_addr',$address); + if($city) + $sql_extra .= dir_query_build($joiner,'xprof_locale',$city); + if($region) + $sql_extra .= dir_query_build($joiner,'xprof_region',$region); + if($post) + $sql_extra .= dir_query_build($joiner,'xprof_postcode',$post); + if($country) + $sql_extra .= dir_query_build($joiner,'xprof_country',$country); + if($gender) + $sql_extra .= dir_query_build($joiner,'xprof_gender',$gender); + if($marital) + $sql_extra .= dir_query_build($joiner,'xprof_marital',$marital); + if($sexual) + $sql_extra .= dir_query_build($joiner,'xprof_sexual',$sexual); + if($keywords) + $sql_extra .= dir_query_build($joiner,'xprof_keywords',$keywords); + + if($forums) + $safesql .= dir_flag_build(' AND ','xchan_flags',XCHAN_FLAGS_PUBFORUM, $forums); + + // we only support an age range currently. You must set both agege + // (greater than or equal) and agele (less than or equal) + + if($agele && $agege) { + $sql_extra .= " $joiner ( xprof_age <= " . intval($agele) . " "; + $sql_extra .= " AND xprof_age >= " . intval($agege) . ") "; + } + + + if($hash) { + $sql_extra = " AND xchan_hash like '" . dbesc($hash) . protect_sprintf('%') . "' "; + } + + + $perpage = (($_REQUEST['n']) ? $_REQUEST['n'] : 60); + $page = (($_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0); + $startrec = (($page+1) * $perpage) - $perpage; + $limit = (($_REQUEST['limit']) ? intval($_REQUEST['limit']) : 0); + $return_total = ((x($_REQUEST,'return_total')) ? intval($_REQUEST['return_total']) : 0); + + // mtime is not currently working + + $mtime = ((x($_REQUEST,'mtime')) ? datetime_convert('UTC','UTC',$_REQUEST['mtime']) : ''); + + // ok a separate tag table won't work. + // merge them into xprof + + $ret['success'] = true; + + // If &limit=n, return at most n entries + // If &return_total=1, we count matching entries and return that as 'total_items' for use in pagination. + // By default we return one page (default 80 items maximum) and do not count total entries + + $logic = ((strlen($sql_extra)) ? 'false' : 'true'); + + if($hash) + $logic = 'true'; + + if($dirmode == DIRECTORY_MODE_STANDALONE) { + $sql_extra .= " and xchan_addr like '%%" . get_app()->get_hostname() . "' "; + } + + $safesql = (($safe > 0) ? " and xchan_censored = 0 and xchan_selfcensored = 0 " : ''); + if($safe < 0) + $safesql = " and ( xchan_censored = 1 OR xchan_selfcensored = 1 ) "; + + if($limit) + $qlimit = " LIMIT $limit "; + else { + $qlimit = " LIMIT " . intval($perpage) . " OFFSET " . intval($startrec); + if($return_total) { + $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql "); + if($r) { + $ret['total_items'] = $r[0]['total']; + } + } + } + + + if($sort_order == 'normal') { + $order = " order by xchan_name asc "; + + // Start the alphabetic search at 'A' + // This will make a handful of channels whose names begin with + // punctuation un-searchable in this mode + + $safesql .= " and ascii(substring(xchan_name FROM 1 FOR 1)) > 64 "; + } + elseif($sort_order == 'reverse') + $order = " order by xchan_name desc "; + elseif($sort_order == 'reversedate') + $order = " order by xchan_name_date asc "; + else + $order = " order by xchan_name_date desc "; + + if($sync) { + $spkt = array('transactions' => array()); + $r = q("select * from updates where ud_date >= '%s' and ud_guid != '' order by ud_date desc", + dbesc($sync) + ); + if($r) { + foreach($r as $rr) { + $flags = array(); + if($rr['ud_flags'] & UPDATE_FLAGS_DELETED) + $flags[] = 'deleted'; + if($rr['ud_flags'] & UPDATE_FLAGS_FORCED) + $flags[] = 'forced'; + + $spkt['transactions'][] = array( + 'hash' => $rr['ud_hash'], + 'address' => $rr['ud_addr'], + 'transaction_id' => $rr['ud_guid'], + 'timestamp' => $rr['ud_date'], + 'flags' => $flags + ); + } + } + $r = q("select * from xlink where xlink_static = 1 and xlink_updated >= '%s' ", + dbesc($sync) + ); + if($r) { + $spkt['ratings'] = array(); + foreach($r as $rr) { + $spkt['ratings'][] = array( + 'type' => 'rating', + 'encoding' => 'zot', + 'channel' => $rr['xlink_xchan'], + 'target' => $rr['xlink_link'], + 'rating' => intval($rr['xlink_rating']), + 'rating_text' => $rr['xlink_rating_text'], + 'signature' => $rr['xlink_sig'], + 'edited' => $rr['xlink_updated'] + ); + } + } + json_return_and_die($spkt); + } + else { + $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash + where ( $logic $sql_extra ) $hub_query and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 + $safesql $order $qlimit " + ); + $ret['page'] = $page + 1; + $ret['records'] = count($r); + } + + + if($r) { + + $entries = array(); + + foreach($r as $rr) { + + $entry = array(); + + $pc = q("select count(xlink_rating) as total_ratings from xlink where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 group by xlink_rating", + dbesc($rr['xchan_hash']) + ); + + if($pc) + $entry['total_ratings'] = intval($pc[0]['total_ratings']); + else + $entry['total_ratings'] = 0; + + $entry['name'] = $rr['xchan_name']; + $entry['hash'] = $rr['xchan_hash']; + + $entry['public_forum'] = (intval($rr['xchan_pubforum']) ? true : false); + + $entry['url'] = $rr['xchan_url']; + $entry['photo_l'] = $rr['xchan_photo_l']; + $entry['photo'] = $rr['xchan_photo_m']; + $entry['address'] = $rr['xchan_addr']; + $entry['description'] = $rr['xprof_desc']; + $entry['locale'] = $rr['xprof_locale']; + $entry['region'] = $rr['xprof_region']; + $entry['postcode'] = $rr['xprof_postcode']; + $entry['country'] = $rr['xprof_country']; + $entry['birthday'] = $rr['xprof_dob']; + $entry['age'] = $rr['xprof_age']; + $entry['gender'] = $rr['xprof_gender']; + $entry['marital'] = $rr['xprof_marital']; + $entry['sexual'] = $rr['xprof_sexual']; + $entry['about'] = $rr['xprof_about']; + $entry['homepage'] = $rr['xprof_homepage']; + $entry['hometown'] = $rr['xprof_hometown']; + $entry['keywords'] = $rr['xprof_keywords']; + + $entries[] = $entry; + + } + + $ret['results'] = $entries; + if($kw) { + $k = dir_tagadelic($kw); + if($k) { + $ret['keywords'] = array(); + foreach($k as $kv) { + $ret['keywords'][] = array('term' => $kv[0],'weight' => $kv[1], 'normalise' => $kv[2]); + } + } + } + } + + json_return_and_die($ret); +} + +function dir_query_build($joiner,$field,$s) { + $ret = ''; + if(trim($s)) + $ret .= dbesc($joiner) . " " . dbesc($field) . " like '" . protect_sprintf( '%' . dbesc($s) . '%' ) . "' "; + return $ret; +} + +function dir_flag_build($joiner,$field,$bit,$s) { + return dbesc($joiner) . " ( " . dbesc($field) . " & " . intval($bit) . " ) " . ((intval($s)) ? '>' : '=' ) . " 0 "; +} + + +function dir_parse_query($s) { + + $ret = array(); + $curr = array(); + $all = explode(' ',$s); + $quoted_string = false; + + if($all) { + foreach($all as $q) { + if($quoted_string === false) { + if($q === 'and') { + $curr['logic'] = 'and'; + continue; + } + if($q === 'or') { + $curr['logic'] = 'or'; + continue; + } + if($q === 'not') { + $curr['logic'] .= ' not'; + continue; + } + if(strpos($q,'=')) { + if(! isset($curr['logic'])) + $curr['logic'] = 'or'; + $curr['field'] = trim(substr($q,0,strpos($q,'='))); + $curr['value'] = trim(substr($q,strpos($q,'=')+1)); + if($curr['value'][0] == '"' && $curr['value'][strlen($curr['value'])-1] != '"') { + $quoted_string = true; + $curr['value'] = substr($curr['value'],1); + continue; + } + elseif($curr['value'][0] == '"' && $curr['value'][strlen($curr['value'])-1] == '"') { + $curr['value'] = substr($curr['value'],1,strlen($curr['value'])-2); + $ret[] = $curr; + $curr = array(); + continue; + } + else { + $ret[] = $curr; + $curr = array(); + continue; + } + } + } + else { + if($q[strlen($q)-1] == '"') { + $curr['value'] .= ' ' . str_replace('"','',trim($q)); + $ret[] = $curr; + $curr = array(); + $quoted_string = false; + } + else + $curr['value'] .= ' ' . trim(q); + } + } + } + logger('dir_parse_query:' . print_r($ret,true),LOGGER_DATA); + return $ret; +} + + + + + + + +function list_public_sites() { + + $rand = db_getfunc('rand'); + $realm = get_directory_realm(); + if($realm == DIRECTORY_REALM) { + $r = q("select * from site where site_access != 0 and site_register !=0 and ( site_realm = '%s' or site_realm = '') order by $rand", + dbesc($realm) + ); + } + else { + $r = q("select * from site where site_access != 0 and site_register !=0 and site_realm = '%s' order by $rand", + dbesc($realm) + ); + } + + $ret = array('success' => false); + + if($r) { + $ret['success'] = true; + $ret['sites'] = array(); + $insecure = array(); + + foreach($r as $rr) { + + if($rr['site_access'] == ACCESS_FREE) + $access = 'free'; + elseif($rr['site_access'] == ACCESS_PAID) + $access = 'paid'; + elseif($rr['site_access'] == ACCESS_TIERED) + $access = 'tiered'; + else + $access = 'private'; + + if($rr['site_register'] == REGISTER_OPEN) + $register = 'open'; + elseif($rr['site_register'] == REGISTER_APPROVE) + $register = 'approve'; + else + $register = 'closed'; + + if(strpos($rr['site_url'],'https://') !== false) + $ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']); + else + $insecure[] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']); + } + if($insecure) { + $ret['sites'] = array_merge($ret['sites'],$insecure); + } + } + return $ret; +} diff --git a/mod/display.php b/mod/display.php new file mode 100644 index 000000000..2f61e688a --- /dev/null +++ b/mod/display.php @@ -0,0 +1,285 @@ +<?php + + +function display_content(&$a, $update = 0, $load = false) { + +// logger("mod-display: update = $update load = $load"); + + if($load) + $_SESSION['loadtime'] = datetime_convert(); + + + if(intval(get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + notice( t('Public access denied.') . EOL); + return; + } + + require_once("include/bbcode.php"); + require_once('include/security.php'); + require_once('include/conversation.php'); + require_once('include/acl_selectors.php'); + require_once('include/items.php'); + + + $a->page['htmlhead'] .= replace_macros(get_markup_template('display-head.tpl'), array()); + + if(argc() > 1 && argv(1) !== 'load') + $item_hash = argv(1); + + + if($_REQUEST['mid']) + $item_hash = $_REQUEST['mid']; + + + if(! $item_hash) { + $a->error = 404; + notice( t('Item not found.') . EOL); + return; + } + + $observer_is_owner = false; + + + if(local_channel() && (! $update)) { + + $channel = $a->get_channel(); + + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + $x = array( + 'is_owner' => true, + 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), + 'default_location' => $channel['channel_location'], + 'nickname' => $channel['channel_address'], + 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + + 'acl' => populate_acl($channel_acl), + 'bang' => '', + 'visitor' => true, + 'profile_uid' => local_channel(), + 'return_path' => 'channel/' . $channel['channel_address'] + ); + + $o .= status_editor($a,$x); + + } + + // This page can be viewed by anybody so the query could be complicated + // First we'll see if there is a copy of the item which is owned by us - if we're logged in locally. + // If that fails (or we aren't logged in locally), + // query an item in which the observer (if logged in remotely) has cid or gid rights + // and if that fails, look for a copy of the post that has no privacy restrictions. + // If we find the post, but we don't find a copy that we're allowed to look at, this fact needs to be reported. + + // find a copy of the item somewhere + + $target_item = null; + + $r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1", + dbesc($item_hash . '%') + ); + + if($r) { + $target_item = $r[0]; + } + + $r = null; + + if($target_item['item_type'] == ITEM_TYPE_WEBPAGE) { + $x = q("select * from channel where channel_id = %d limit 1", + intval($target_item['uid']) + ); + $y = q("select * from item_id where uid = %d and service = 'WEBPAGE' and iid = %d limit 1", + intval($target_item['uid']), + intval($target_item['id']) + ); + if($x && $y) { + goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['sid']); + } + else { + notice( t('Page not found.') . EOL); + return ''; + } + } + + + $simple_update = (($update) ? " AND item_unseen = 1 " : ''); + + if($update && $_SESSION['loadtime']) + $simple_update .= " and item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' "; + if($load) + $simple_update = ''; + + + + if((! $update) && (! $load)) { + + + $o .= '<div id="live-display"></div>' . "\r\n"; + $o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1)) + . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; + + $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + '$baseurl' => z_root(), + '$pgtype' => 'display', + '$uid' => '0', + '$gid' => '0', + '$cid' => '0', + '$cmin' => '0', + '$cmax' => '99', + '$star' => '0', + '$liked' => '0', + '$conv' => '0', + '$spam' => '0', + '$fh' => '0', + '$nouveau' => '0', + '$wall' => '0', + '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), + '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), + '$search' => '', + '$order' => '', + '$file' => '', + '$cats' => '', + '$tags' => '', + '$dend' => '', + '$dbegin' => '', + '$verb' => '', + '$mid' => $item_hash + )); + + + } + + $observer_hash = get_observer_hash(); + $item_normal = item_normal(); + + $sql_extra = public_permissions_sql($observer_hash); + + if(($update && $load) || ($_COOKIE['jsAvailable'] != 1)) { + + $updateable = false; + + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']),intval($a->pager['start'])); + + if($load || ($_COOKIE['jsAvailable'] != 1)) { + $r = null; + + require_once('include/identity.php'); + $sys = get_sys_channel(); + $sysid = $sys['channel_id']; + + if(local_channel()) { + $r = q("SELECT * from item + WHERE uid = %d + and mid = '%s' + $item_normal + limit 1", + intval(local_channel()), + dbesc($target_item['parent_mid']) + ); + if($r) { + $updateable = true; + + } + + } + if($r === null) { + + // in case somebody turned off public access to sys channel content using permissions + // make that content unsearchable by ensuring the owner_xchan can't match + + if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) + $sysid = 0; + + + $r = q("SELECT * from item + WHERE mid = '%s' + AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' + AND `item`.`deny_gid` = '' AND item_private = 0 ) + and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + OR uid = %d ) + $sql_extra ) + $item_normal + limit 1", + dbesc($target_item['parent_mid']), + intval($sysid) + ); + + } + } + else { + $r = array(); + } + } + + if($r) { + + $parents_str = ids_to_querystr($r,'id'); + if($parents_str) { + + $items = q("SELECT `item`.*, `item`.`id` AS `item_id` + FROM `item` + WHERE parent in ( %s ) $item_normal ", + dbesc($parents_str) + ); + + xchan_query($items); + $items = fetch_post_tags($items,true); + $items = conv_sort($items,'created'); + } + } else { + $items = array(); + } + + + if ($_COOKIE['jsAvailable'] == 1) { + $o .= conversation($a, $items, 'display', $update, 'client'); + } else { + $o .= conversation($a, $items, 'display', $update, 'traditional'); + if ($items[0]['title']) + $a->page['title'] = $items[0]['title'] . " - " . $a->page['title']; + + } + + if($updateable) { + $x = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 AND uid = %d and parent = %d ", + intval(local_channel()), + intval($r[0]['parent']) + ); + } + + $o .= '<div id="content-complete"></div>'; + + return $o; + + +/* + elseif((! $update) && (! { + + $r = q("SELECT `id`, item_flags FROM `item` WHERE `id` = '%s' OR `mid` = '%s' LIMIT 1", + dbesc($item_hash), + dbesc($item_hash) + ); + if($r) { + if(intval($r[0]['item_deleted'])) { + notice( t('Item has been removed.') . EOL ); + } + else { + notice( t('Permission denied.') . EOL ); + } + } + else { + notice( t('Item not found.') . EOL ); + } + + } +*/ + return $o; +} + diff --git a/mod/editblock.php b/mod/editblock.php new file mode 100644 index 000000000..9f9770e77 --- /dev/null +++ b/mod/editblock.php @@ -0,0 +1,188 @@ +<?php + +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); + +function editblock_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} + + + +function editblock_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $which = argv(1); + + $uid = local_channel(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; + + // Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! ($post_id && $owner)) { + notice( t('Item not found') . EOL); + return; + } + + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", + intval($post_id), + intval($owner) + ); + if($itm) { + $item_id = q("select * from item_id where service = 'BUILDBLOCK' and iid = %d limit 1", + intval($itm[0]['id']) + ); + if($item_id) + $block_title = $item_id[0]['sid']; + } + else { + notice( t('Item not found') . EOL); + return; + } + + $plaintext = true; + + $mimeselect = ''; + $mimetype = $itm[0]['mimetype']; + + if($mimetype != 'text/bbcode') + $plaintext = true; + + if(get_config('system','page_mimetype')) + $mimeselect = '<input type="hidden" name="mimetype" value="' . $mimetype . '" />'; + else + $mimeselect = mimetype_select($itm[0]['uid'],$mimetype); + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit Block'), + '$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false), + '$id' => $itm[0]['id'] + )); + + $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => '', + '$nickname' => $channel['channel_address'], + '$confirmdelete' => t('Delete block?') + )); + + $tpl = get_markup_template("jot.tpl"); + + $jotplugins = ''; + $jotnets = ''; + + call_hooks('jot_tool', $jotplugins); + call_hooks('jot_networks', $jotnets); + + $rp = 'blocks/' . $channel['channel_address']; + + $o .= replace_macros($tpl,array( + '$return_path' => $rp, + '$action' => 'item', + '$webpage' => ITEM_TYPE_BUILDBLOCK, + '$share' => t('Edit'), + '$bold' => t('Bold'), + '$italic' => t('Italic'), + '$underline' => t('Underline'), + '$quote' => t('Quote'), + '$code' => t('Code'), + '$writefiles' => (perm_is_allowed($owner, get_observer_hash(), 'post_photos') || perm_is_allowed($owner, get_observer_hash(), 'write_storage')), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$mimeselect' => $mimeselect, + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Title (optional)'), + '$pagetitle' => $block_title, + '$category' => '', + '$placeholdercategory' => t('Categories (optional, comma-separated list)'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($channel['channel_id'])), + '$preview' => t('Preview'), + '$jotplugins' => $jotplugins, + '$sourceapp' => $itm[0]['app'], + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), + )); + + return $o; + +} + + diff --git a/mod/editlayout.php b/mod/editlayout.php new file mode 100644 index 000000000..d61a14a48 --- /dev/null +++ b/mod/editlayout.php @@ -0,0 +1,185 @@ +<?php + +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); + +function editlayout_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} + +function editlayout_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $which = argv(1); + + $uid = local_channel(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; + + // Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! $post_id) { + notice( t('Item not found') . EOL); + return; + } + + // Now we've got a post and an owner, let's find out if we're allowed to edit it + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", + intval($post_id), + intval($owner) + ); + + $item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", + intval($itm[0]['id']) + ); + if($item_id) + $layout_title = $item_id[0]['sid']; + + $plaintext = true; + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit Layout'), + '$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false), + '$id' => $itm[0]['id'] + )); + + $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => $geotag, + '$nickname' => $channel['channel_address'], + '$confirmdelete' => t('Delete layout?') + )); + + + $tpl = get_markup_template("jot.tpl"); + + $jotplugins = ''; + $jotnets = ''; + + call_hooks('jot_tool', $jotplugins); + call_hooks('jot_networks', $jotnets); + + + // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD + // instead of loading a sensible page. So, send folk to the webpage list. + + $rp = 'layouts/' . $which; + + $o .= replace_macros($tpl,array( + '$return_path' => $rp, + '$action' => 'item', + '$webpage' => ITEM_TYPE_PDL, + '$share' => t('Edit'), + '$bold' => t('Bold'), + '$italic' => t('Italic'), + '$underline' => t('Underline'), + '$quote' => t('Quote'), + '$code' => t('Code'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Layout Description (Optional)'), + '$pagetitle' => $layout_title, + '$placeholdpagetitle' => t('Layout Name'), + '$category' => '', + '$placeholdercategory' => t('Categories (optional, comma-separated list)'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => (intval($owner)), + '$jotplugins' => $jotplugins, + '$sourceapp' => t($a->sourcename), + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), + )); + + return $o; + +} + + diff --git a/mod/editpost.php b/mod/editpost.php new file mode 100644 index 000000000..8e4b37103 --- /dev/null +++ b/mod/editpost.php @@ -0,0 +1,168 @@ +<?php /** @file */ + +require_once('acl_selectors.php'); +require_once('include/crypto.php'); +require_once('include/items.php'); +require_once('include/taxonomy.php'); + +function editpost_content(&$a) { + + $o = ''; + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $post_id = ((argc() > 1) ? intval(argv(1)) : 0); + + if(! $post_id) { + notice( t('Item not found') . EOL); + return; + } + + $itm = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d and author_xchan = '%s' LIMIT 1", + intval($post_id), + intval(local_channel()), + dbesc(get_observer_hash()) + ); + + if(! count($itm)) { + notice( t('Item is not editable') . EOL); + return; + } + + $plaintext = true; +// if(feature_enabled(local_channel(),'richtext')) +// $plaintext = false; + + $channel = $a->get_channel(); + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit post') + )); + + + $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => $geotag, + '$nickname' => $channel['channel_address'], + '$expireswhen' => t('Expires YYYY-MM-DD HH:MM'), + '$confirmdelete' => t('Delete item?'), + )); + + + + if(intval($itm[0]['item_obscured'])) { + $key = get_config('system','prvkey'); + if($itm[0]['title']) + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); + if($itm[0]['body']) + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); + } + + $tpl = get_markup_template("jot.tpl"); + + $jotplugins = ''; + $jotnets = ''; + + call_hooks('jot_tool', $jotplugins); + call_hooks('jot_networks', $jotnets); + + $channel = $a->get_channel(); + + //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); + + $voting = feature_enabled(local_channel(),'consensus_tools'); + + $category = ''; + $catsenabled = ((feature_enabled(local_channel(),'categories')) ? 'categories' : ''); + + if ($catsenabled){ + $itm = fetch_post_tags($itm); + + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); + + foreach ($cats as $cat) { + if (strlen($category)) + $category .= ', '; + $category .= $cat['term']; + } + + } + + if($itm[0]['attach']) { + $j = json_decode($itm[0]['attach'],true); + if($j) { + foreach($j as $jj) { + $itm[0]['body'] .= "\n" . '[attachment]' . basename($jj['href']) . ',' . $jj['revision'] . '[/attachment]' . "\n"; + } + } + } + + $cipher = get_pconfig(get_app()->profile['profile_uid'],'system','default_cipher'); + if(! $cipher) + $cipher = 'aes256'; + + + $o .= replace_macros($tpl,array( + '$return_path' => $_SESSION['return_url'], + '$action' => 'item', + '$share' => t('Edit'), + '$bold' => t('Bold'), + '$italic' => t('Italic'), + '$underline' => t('Underline'), + '$quote' => t('Quote'), + '$code' => t('Code'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => t('Clear browser location'), + '$voting' => t('Toggle voting'), + '$feature_voting' => $voting, + '$consensus' => intval($itm[0]['item_consensus']), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$parent' => (($itm[0]['parent'] != $itm[0]['id']) ? $itm[0]['parent'] : ''), + '$baseurl' => $a->get_baseurl(), + '$defloc' => $channel['channel_location'], + '$visitor' => false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Title (optional)'), + '$category' => $category, + '$placeholdercategory' => t('Categories (optional, comma-separated list)'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + '$lockstate' => $lockstate, + '$acl' => '', + '$bang' => '', + '$profile_uid' => local_channel(), + '$preview' => t('Preview'), + '$jotplugins' => $jotplugins, + '$sourceapp' => t($a->sourcename), + '$catsenabled' => $catsenabled, + '$defexpire' => datetime_convert('UTC', date_default_timezone_get(),$itm[0]['expires']), + '$feature_expire' => ((feature_enabled(get_app()->profile['profile_uid'],'content_expire') && (! $webpage)) ? true : false), + '$expires' => t('Set expiration date'), + '$feature_encrypt' => ((feature_enabled(get_app()->profile['profile_uid'],'content_encrypt') && (! $webpage)) ? true : false), + '$encrypt' => t('Encrypt text'), + '$cipher' => $cipher, + '$expiryModalOK' => t('OK'), + '$expiryModalCANCEL' => t('Cancel'), + )); + + return $o; + +} + + diff --git a/mod/editwebpage.php b/mod/editwebpage.php new file mode 100644 index 000000000..3b0b543a6 --- /dev/null +++ b/mod/editwebpage.php @@ -0,0 +1,234 @@ +<?php + +require_once('include/identity.php'); +require_once('include/acl_selectors.php'); + +function editwebpage_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} + + +function editwebpage_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $which = argv(1); + + $uid = local_channel(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; + + // Figure out which post we're editing + $post_id = ((argc() > 2) ? intval(argv(2)) : 0); + + + if(! $post_id) { + notice( t('Item not found') . EOL); + return; + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + // We've already figured out which item we want and whose copy we need, + // so we don't need anything fancy here + + $sql_extra = item_permissions_sql($owner); + + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1", + intval($post_id), + intval($owner) + ); + + if(! $itm) { + notice( t('Permission denied.') . EOL); + return; + } + + if(intval($itm[0]['item_obscured'])) { + $key = get_config('system','prvkey'); + if($itm[0]['title']) + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); + if($itm[0]['body']) + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); + } + + $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", + intval($itm[0]['id']) + ); + if($item_id) + $page_title = $item_id[0]['sid']; + + $plaintext = true; + + $mimetype = $itm[0]['mimetype']; + + if($mimetype === 'application/x-php') { + if((! $uid) || ($uid != $itm[0]['uid'])) { + notice( t('Permission denied.') . EOL); + return; + } + } + + $mimeselect = ''; + + if($mimetype != 'text/bbcode') + $plaintext = true; + + if(get_config('system','page_mimetype')) + $mimeselect = '<input type="hidden" name="mimetype" value="' . $mimetype . '" />'; + else + $mimeselect = mimetype_select($itm[0]['uid'],$mimetype); + + $layout = get_config('system','page_layout'); + if($layout) + $layoutselect = '<input type="hidden" name="layout_mid" value="' . $layout . '" />'; + else + $layoutselect = layout_select($itm[0]['uid'],$itm[0]['layout_mid']); + + $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), + '$geotag' => $geotag, + '$nickname' => $channel['channel_address'], + '$confirmdelete' => t('Delete webpage?') + )); + + $tpl = get_markup_template("jot.tpl"); + + $jotplugins = ''; + $jotnets = ''; + + call_hooks('jot_tool', $jotplugins); + call_hooks('jot_networks', $jotnets); + + // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD + // instead of loading a sensible page. So, send folk to the webpage list. + + $rp = 'webpages/' . $which; + + logger('canwrite: ' . (perm_is_allowed($owner, get_observer_hash(), 'post_photos') || perm_is_allowed($owner, get_observer_hash(), 'write_storage'))); + + $editor = replace_macros($tpl,array( + '$return_path' => $rp, + '$webpage' => ITEM_TYPE_WEBPAGE, + '$placeholdpagetitle' => t('Page link title'), + '$pagetitle' => $page_title, + '$writefiles' => (perm_is_allowed($owner, get_observer_hash(), 'post_photos') || perm_is_allowed($owner, get_observer_hash(), 'write_storage')), + + '$action' => 'item', + '$share' => t('Edit'), + '$bold' => t('Bold'), + '$italic' => t('Italic'), + '$underline' => t('Underline'), + '$quote' => t('Quote'), + '$code' => t('Code'), + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$weblink' => t('Insert web link'), + '$youtube' => t('Insert YouTube video'), + '$video' => t('Insert Vorbis [.ogg] video'), + '$audio' => t('Insert Vorbis [.ogg] audio'), + '$setloc' => t('Set your location'), + '$noloc' => ((get_pconfig($uid, 'system', 'use_browser_location')) ? t('Clear browser location') : ''), + '$wait' => t('Please wait'), + '$permset' => t('Permission settings'), + '$ptyp' => $itm[0]['type'], + '$content' => undo_post_tagging($itm[0]['body']), + '$post_id' => $post_id, + '$baseurl' => $a->get_baseurl(), + '$defloc' => $itm[0]['location'], + '$visitor' => ($is_owner) ? true : false, + '$acl' => populate_acl($itm[0],false), + '$showacl' => ($is_owner) ? true : false, + '$public' => t('Public post'), + '$jotnets' => $jotnets, + '$mimeselect' => $mimeselect, + '$layoutselect' => $layoutselect, + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + '$placeholdertitle' => t('Title (optional)'), + '$category' => '', + '$placeholdercategory' => t('Categories (optional, comma-separated list)'), + '$emtitle' => t('Example: bob@example.com, mary@example.com'), + 'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'), + '$bang' => '', + '$profile_uid' => (intval($owner)), + '$preview' => t('Preview'), + '$jotplugins' => $jotplugins, + '$sourceapp' => $a->sourcename, + '$defexpire' => '', + '$feature_expire' => false, + '$expires' => t('Set expiration date'), + + )); + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit Webpage'), + '$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false), + '$editor' => $editor, + '$id' => $itm[0]['id'] + )); + + return $o; + +} + + diff --git a/mod/events.php b/mod/events.php new file mode 100755 index 000000000..a89bbb760 --- /dev/null +++ b/mod/events.php @@ -0,0 +1,663 @@ +<?php + +require_once('include/conversation.php'); +require_once('include/bbcode.php'); +require_once('include/datetime.php'); +require_once('include/event.php'); +require_once('include/items.php'); + +function events_post(&$a) { + + logger('post: ' . print_r($_REQUEST,true)); + + if(! local_channel()) + return; + + $event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0); + $event_hash = ((x($_POST,'event_hash')) ? $_POST['event_hash'] : ''); + + $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : ''); + $uid = local_channel(); + + $start_text = escape_tags($_REQUEST['start_text']); + $finish_text = escape_tags($_REQUEST['finish_text']); + + $adjust = intval($_POST['adjust']); + $nofinish = intval($_POST['nofinish']); + + $categories = escape_tags(trim($_POST['category'])); + + + + // only allow editing your own events. + + if(($xchan) && ($xchan !== get_observer_hash())) + return; + + // The default setting for the `private` field in event_store() is false, so mirror that + $private_event = false; + + if($start_text) { + $start = $start_text; + } + else { + $start = sprintf('%d-%d-%d %d:%d:0',$startyear,$startmonth,$startday,$starthour,$startminute); + } + + if($nofinish) { + $finish = NULL_DATE; + } + + if($finish_text) { + $finish = $finish_text; + } + else { + $finish = sprintf('%d-%d-%d %d:%d:0',$finishyear,$finishmonth,$finishday,$finishhour,$finishminute); + } + + if($adjust) { + $start = datetime_convert(date_default_timezone_get(),'UTC',$start); + if(! $nofinish) + $finish = datetime_convert(date_default_timezone_get(),'UTC',$finish); + } + else { + $start = datetime_convert('UTC','UTC',$start); + if(! $nofinish) + $finish = datetime_convert('UTC','UTC',$finish); + } + + // Don't allow the event to finish before it begins. + // It won't hurt anything, but somebody will file a bug report + // and we'll waste a bunch of time responding to it. Time that + // could've been spent doing something else. + + + $summary = escape_tags(trim($_POST['summary'])); + $desc = escape_tags(trim($_POST['desc'])); + $location = escape_tags(trim($_POST['location'])); + $type = 'event'; + + require_once('include/text.php'); + linkify_tags($a, $desc, local_channel()); + linkify_tags($a, $location, local_channel()); + + $action = ($event_hash == '') ? 'new' : "event/" . $event_hash; + $onerror_url = $a->get_baseurl() . "/events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish"; + if(strcmp($finish,$start) < 0 && !$nofinish) { + notice( t('Event can not end before it has started.') . EOL); + if(intval($_REQUEST['preview'])) { + echo( t('Unable to generate preview.')); + killme(); + } + goaway($onerror_url); + } + + if((! $summary) || (! $start)) { + notice( t('Event title and start time are required.') . EOL); + if(intval($_REQUEST['preview'])) { + echo( t('Unable to generate preview.')); + killme(); + } + goaway($onerror_url); + } + + $share = ((intval($_POST['share'])) ? intval($_POST['share']) : 0); + + $channel = $a->get_channel(); + + if($event_id) { + $x = q("select * from event where id = %d and uid = %d limit 1", + intval($event_id), + intval(local_channel()) + ); + if(! $x) { + notice( t('Event not found.') . EOL); + if(intval($_REQUEST['preview'])) { + echo( t('Unable to generate preview.')); + killme(); + } + return; + } + if($x[0]['allow_cid'] === '<' . $channel['channel_hash'] . '>' + && $x[0]['allow_gid'] === '' && $x[0]['deny_cid'] === '' && $x[0]['deny_gid'] === '') { + $share = false; + } + else { + $share = true; + $str_group_allow = $x[0]['allow_gid']; + $str_contact_allow = $x[0]['allow_cid']; + $str_group_deny = $x[0]['deny_gid']; + $str_contact_deny = $x[0]['deny_cid']; + + if(strlen($str_group_allow) || strlen($str_contact_allow) + || strlen($str_group_deny) || strlen($str_contact_deny)) { + $private_event = true; + } + } + } + else { + if($share) { + $str_group_allow = perms2str($_POST['group_allow']); + $str_contact_allow = perms2str($_POST['contact_allow']); + $str_group_deny = perms2str($_POST['group_deny']); + $str_contact_deny = perms2str($_POST['contact_deny']); + + if(strlen($str_group_allow) || strlen($str_contact_allow) + || strlen($str_group_deny) || strlen($str_contact_deny)) { + $private_event = true; + } + } + else { + // Note: do not set `private` field for self-only events. It will + // keep even you from seeing them! + $str_contact_allow = '<' . $channel['channel_hash'] . '>'; + $str_group_allow = $str_contact_deny = $str_group_deny = ''; + } + } + + $post_tags = array(); + $channel = $a->get_channel(); + + if(strlen($categories)) { + $cats = explode(',',$categories); + foreach($cats as $cat) { + $post_tags[] = array( + 'uid' => $profile_uid, + 'type' => TERM_CATEGORY, + 'otype' => TERM_OBJ_POST, + 'term' => trim($cat), + 'url' => $channel['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)) + ); + } + } + + $datarray = array(); + $datarray['start'] = $start; + $datarray['finish'] = $finish; + $datarray['summary'] = $summary; + $datarray['description'] = $desc; + $datarray['location'] = $location; + $datarray['type'] = $type; + $datarray['adjust'] = $adjust; + $datarray['nofinish'] = $nofinish; + $datarray['uid'] = local_channel(); + $datarray['account'] = get_account_id(); + $datarray['event_xchan'] = $channel['channel_hash']; + $datarray['allow_cid'] = $str_contact_allow; + $datarray['allow_gid'] = $str_group_allow; + $datarray['deny_cid'] = $str_contact_deny; + $datarray['deny_gid'] = $str_group_deny; + $datarray['private'] = (($private_event) ? 1 : 0); + $datarray['id'] = $event_id; + $datarray['created'] = $created; + $datarray['edited'] = $edited; + + if(intval($_REQUEST['preview'])) { + $html = format_event_html($datarray); + echo $html; + killme(); + } + + $event = event_store_event($datarray); + + + if($post_tags) + $datarray['term'] = $post_tags; + + $item_id = event_store_item($datarray,$event); + + if($share) + proc_run('php',"include/notifier.php","event","$item_id"); + +} + + + +function events_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + nav_set_selected('all_events'); + + if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { + $r = q("update event set ignore = 1 where id = %d and uid = %d", + intval(argv(2)), + intval(local_channel()) + ); + } + + if((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) { + $r = q("update event set ignore = 0 where id = %d and uid = %d", + intval(argv(2)), + intval(local_channel()) + ); + } + + + $plaintext = true; + +// if(feature_enabled(local_channel(),'richtext')) +// $plaintext = false; + + + + $htpl = get_markup_template('event_head.tpl'); + $a->page['htmlhead'] .= replace_macros($htpl,array( + '$baseurl' => $a->get_baseurl(), + '$editselect' => (($plaintext) ? 'none' : 'textareas') + )); + + $o =""; + // tabs + + $channel = $a->get_channel(); + + $tabs = profile_tabs($a, True, $channel['channel_address']); + + + + $mode = 'view'; + $y = 0; + $m = 0; + $ignored = ((x($_REQUEST,'ignored')) ? " and ignored = " . intval($_REQUEST['ignored']) . " " : ''); + + if(argc() > 1) { + if(argc() > 2 && argv(1) == 'event') { + $mode = 'edit'; + $event_id = argv(2); + } + if(argc() > 2 && argv(1) === 'add') { + $mode = 'add'; + $item_id = intval(argv(2)); + } + if(argc() > 2 && argv(1) === 'drop') { + $mode = 'drop'; + $event_id = argv(2); + } + if(argv(1) === 'new') { + $mode = 'new'; + $event_id = ''; + } + if(argc() > 2 && intval(argv(1)) && intval(argv(2))) { + $mode = 'view'; + $y = intval(argv(1)); + $m = intval(argv(2)); + } + } + + if($mode === 'add') { + event_addtocal($item_id,local_channel()); + killme(); + } + + if($mode == 'view') { + + + $thisyear = datetime_convert('UTC',date_default_timezone_get(),'now','Y'); + $thismonth = datetime_convert('UTC',date_default_timezone_get(),'now','m'); + if(! $y) + $y = intval($thisyear); + if(! $m) + $m = intval($thismonth); + + $export = false; + if(argc() === 4 && argv(3) === 'export') + $export = true; + + + // Put some limits on dates. The PHP date functions don't seem to do so well before 1900. + // An upper limit was chosen to keep search engines from exploring links millions of years in the future. + + if($y < 1901) + $y = 1900; + if($y > 2099) + $y = 2100; + + $nextyear = $y; + $nextmonth = $m + 1; + if($nextmonth > 12) { + $nextmonth = 1; + $nextyear ++; + } + + $prevyear = $y; + if($m > 1) + $prevmonth = $m - 1; + else { + $prevmonth = 12; + $prevyear --; + } + + $dim = get_dim($y,$m); + $start = sprintf('%d-%d-%d %d:%d:%d',$y,$m,1,0,0,0); + $finish = sprintf('%d-%d-%d %d:%d:%d',$y,$m,$dim,23,59,59); + + + if (argv(1) === 'json'){ + if (x($_GET,'start')) $start = date("Y-m-d h:i:s", $_GET['start']); + if (x($_GET,'end')) $finish = date("Y-m-d h:i:s", $_GET['end']); + } + + $start = datetime_convert('UTC','UTC',$start); + $finish = datetime_convert('UTC','UTC',$finish); + + $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); + $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); + + if (x($_GET,'id')){ + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan + from event left join item on resource_id = event_hash where resource_type = 'event' and event.uid = %d and event.id = %d limit 1", + intval(local_channel()), + intval($_GET['id']) + ); + } else { + + // fixed an issue with "nofinish" events not showing up in the calendar. + // There's still an issue if the finish date crosses the end of month. + // Noting this for now - it will need to be fixed here and in Friendica. + // Ultimately the finish date shouldn't be involved in the query. + + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan + from event left join item on event_hash = resource_id + where resource_type = 'event' and event.uid = %d $ignored + AND (( `adjust` = 0 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' ) + OR ( `adjust` = 1 AND ( `finish` >= '%s' or nofinish = 1 ) AND `start` <= '%s' )) ", + intval(local_channel()), + dbesc($start), + dbesc($finish), + dbesc($adjust_start), + dbesc($adjust_finish) + ); + + } + + $links = array(); + + if($r) { + xchan_query($r); + $r = fetch_post_tags($r,true); + + $r = sort_by_date($r); + + foreach($r as $rr) { + $j = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['start'], 'j') : datetime_convert('UTC','UTC',$rr['start'],'j')); + if(! x($links,$j)) + $links[$j] = $a->get_baseurl() . '/' . $a->cmd . '#link-' . $j; + } + } + + + $events=array(); + + $last_date = ''; + $fmt = t('l, F j'); + + if($r) { + + foreach($r as $rr) { + + $j = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['start'], 'j') : datetime_convert('UTC','UTC',$rr['start'],'j')); + $d = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['start'], $fmt) : datetime_convert('UTC','UTC',$rr['start'],$fmt)); + $d = day_translate($d); + + $start = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['start'], 'c') : datetime_convert('UTC','UTC',$rr['start'],'c')); + if ($rr['nofinish']){ + $end = null; + } else { + $end = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['finish'], 'c') : datetime_convert('UTC','UTC',$rr['finish'],'c')); + } + + + $is_first = ($d !== $last_date); + + $last_date = $d; + + $edit = (intval($rr['item_wall']) ? array($a->get_baseurl().'/events/event/'.$rr['event_hash'],t('Edit event'),'','') : null); + + $drop = array($a->get_baseurl().'/events/drop/'.$rr['event_hash'],t('Delete event'),'',''); + + $title = strip_tags(html_entity_decode(bbcode($rr['summary']),ENT_QUOTES,'UTF-8')); + if(! $title) { + list($title, $_trash) = explode("<br",bbcode($rr['desc']),2); + $title = strip_tags(html_entity_decode($title,ENT_QUOTES,'UTF-8')); + } + $html = format_event_html($rr); + $rr['desc'] = bbcode($rr['desc']); + $rr['location'] = bbcode($rr['location']); + $events[] = array( + 'id'=>$rr['id'], + 'hash' => $rr['event_hash'], + 'start'=> $start, + 'end' => $end, + 'drop' => $drop, + 'allDay' => false, + 'title' => $title, + + 'j' => $j, + 'd' => $d, + 'edit' => $edit, + 'is_first'=>$is_first, + 'item'=>$rr, + 'html'=>$html, + 'plink' => array($rr['plink'],t('Link to Source'),'',''), + ); + + + } + } + + if($export) { + header('Content-type: text/calendar'); + echo ical_wrapper($r); + killme(); + } + + if ($a->argv[1] === 'json'){ + echo json_encode($events); killme(); + } + + // links: array('href', 'text', 'extra css classes', 'title') + if (x($_GET,'id')){ + $tpl = get_markup_template("event.tpl"); + } + else { + $tpl = get_markup_template("events-js.tpl"); + } + + $o = replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(), + '$tabs' => $tabs, + '$title' => t('Events'), + '$new_event'=> array($a->get_baseurl().'/events/new',t('Create New Event'),'',''), + '$previus' => array($a->get_baseurl()."/events/$prevyear/$prevmonth",t('Previous'),'',''), + '$next' => array($a->get_baseurl()."/events/$nextyear/$nextmonth",t('Next'),'',''), + '$export' => array($a->get_baseurl()."/events/$y/$m/export",t('Export'),'',''), + '$calendar' => cal($y,$m,$links, ' eventcal'), + '$events' => $events, + + + )); + + if (x($_GET,'id')){ echo $o; killme(); } + + return $o; + + } + + if($mode === 'drop' && $event_id) { + $r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1", + dbesc($event_id), + intval(local_channel()) + ); + if($r) { + $r = q("delete from event where event_hash = '%s' and uid = %d limit 1", + dbesc($event_id), + intval(local_channel()) + ); + if($r) { + $r = q("update item set resource_type = '', resource_id = '' where resource_type = 'event' and resource_id = '%s' and uid = %d", + dbesc($event_id), + intval(local_channel()) + ); + info( t('Event removed') . EOL); + } + else { + notice( t('Failed to remove event' ) . EOL); + } + goaway(z_root() . '/events'); + } + } + + if($mode === 'edit' && $event_id) { + $r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1", + dbesc($event_id), + intval(local_channel()) + ); + if(count($r)) + $orig_event = $r[0]; + } + + $channel = $a->get_channel(); + + // Passed parameters overrides anything found in the DB + if($mode === 'edit' || $mode === 'new') { + if(!x($orig_event)) $orig_event = array(); + // In case of an error the browser is redirected back here, with these parameters filled in with the previous values + if(x($_REQUEST,'nofinish')) $orig_event['nofinish'] = $_REQUEST['nofinish']; + if(x($_REQUEST,'adjust')) $orig_event['adjust'] = $_REQUEST['adjust']; + if(x($_REQUEST,'summary')) $orig_event['summary'] = $_REQUEST['summary']; + if(x($_REQUEST,'description')) $orig_event['description'] = $_REQUEST['description']; + if(x($_REQUEST,'location')) $orig_event['location'] = $_REQUEST['location']; + if(x($_REQUEST,'start')) $orig_event['start'] = $_REQUEST['start']; + if(x($_REQUEST,'finish')) $orig_event['finish'] = $_REQUEST['finish']; + } + + if($mode === 'edit' || $mode === 'new') { + + $n_checked = ((x($orig_event) && $orig_event['nofinish']) ? ' checked="checked" ' : ''); + $a_checked = ((x($orig_event) && $orig_event['adjust']) ? ' checked="checked" ' : ''); + $t_orig = ((x($orig_event)) ? $orig_event['summary'] : ''); + $d_orig = ((x($orig_event)) ? $orig_event['description'] : ''); + $l_orig = ((x($orig_event)) ? $orig_event['location'] : ''); + $eid = ((x($orig_event)) ? $orig_event['id'] : 0); + $event_xchan = ((x($orig_event)) ? $orig_event['event_xchan'] : $channel['channel_hash']); + $mid = ((x($orig_event)) ? $orig_event['mid'] : ''); + + if(! x($orig_event)) + $sh_checked = ''; + else + $sh_checked = ((($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' || (! $orig_event['allow_cid'])) && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' ); + + if($orig_event['event_xchan']) + $sh_checked .= ' disabled="disabled" '; + + + + + $sdt = ((x($orig_event)) ? $orig_event['start'] : 'now'); + $fdt = ((x($orig_event)) ? $orig_event['finish'] : 'now'); + + $tz = date_default_timezone_get(); + if(x($orig_event)) + $tz = (($orig_event['adjust']) ? date_default_timezone_get() : 'UTC'); + + $syear = datetime_convert('UTC', $tz, $sdt, 'Y'); + $smonth = datetime_convert('UTC', $tz, $sdt, 'm'); + $sday = datetime_convert('UTC', $tz, $sdt, 'd'); + + + $shour = ((x($orig_event)) ? datetime_convert('UTC', $tz, $sdt, 'H') : 0); + $sminute = ((x($orig_event)) ? datetime_convert('UTC', $tz, $sdt, 'i') : 0); + $stext = datetime_convert('UTC',$tz,$sdt); + $stext = substr($stext,0,14) . "00:00"; + + $fyear = datetime_convert('UTC', $tz, $fdt, 'Y'); + $fmonth = datetime_convert('UTC', $tz, $fdt, 'm'); + $fday = datetime_convert('UTC', $tz, $fdt, 'd'); + + $fhour = ((x($orig_event)) ? datetime_convert('UTC', $tz, $fdt, 'H') : 0); + $fminute = ((x($orig_event)) ? datetime_convert('UTC', $tz, $fdt, 'i') : 0); + $ftext = datetime_convert('UTC',$tz,$fdt); + $ftext = substr($ftext,0,14) . "00:00"; + + $f = get_config('system','event_input_format'); + if(! $f) + $f = 'ymd'; + + $catsenabled = feature_enabled(local_channel(),'categories'); + + $category = ''; + + if($catsenabled && x($orig_event)){ + $itm = q("select * from item where resource_type = 'event' and resource_id = '%s' and uid = %d limit 1", + dbesc($orig_event['event_hash']), + intval(local_channel()) + ); + $itm = fetch_post_tags($itm); + if($itm) { + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); + foreach ($cats as $cat) { + if(strlen($category)) + $category .= ', '; + $category .= $cat['term']; + } + } + } + + require_once('include/acl_selectors.php'); + + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + $tpl = get_markup_template('event_form.tpl'); + + $o .= replace_macros($tpl,array( + '$post' => $a->get_baseurl() . '/events', + '$eid' => $eid, + '$xchan' => $event_xchan, + '$mid' => $mid, + '$event_hash' => $event_id, + + '$title' => t('Event details'), + '$desc' => t('Starting date and Title are required.'), + '$catsenabled' => $catsenabled, + '$placeholdercategory' => t('Categories (comma-separated list)'), + '$category' => $category, + '$s_text' => t('Event Starts:'), + '$stext' => $stext, + '$ftext' => $ftext, + '$required' => '<span class="required" title="' . t('Required') . '">*</span>', + '$ModalCANCEL' => t('Cancel'), + '$ModalOK' => t('OK'), + '$s_dsel' => datetimesel($f,new DateTime(),DateTime::createFromFormat('Y',$syear+5),DateTime::createFromFormat('Y-m-d H:i',"$syear-$smonth-$sday $shour:$sminute"),'start_text',true,true,'','',true), + '$n_text' => t('Finish date/time is not known or not relevant'), + '$n_checked' => $n_checked, + '$f_text' => t('Event Finishes:'), + '$f_dsel' => datetimesel($f,new DateTime(),DateTime::createFromFormat('Y',$fyear+5),DateTime::createFromFormat('Y-m-d H:i',"$fyear-$fmonth-$fday $fhour:$fminute"),'finish_text',true,true,'start_text'), + '$adjust' => array('adjust', t('Adjust for viewer timezone'), $a_checked, t('Important for events that happen in a particular place. Not practical for global holidays.'),), + '$a_text' => t('Adjust for viewer timezone'), + '$d_text' => t('Description:'), + '$d_orig' => $d_orig, + '$l_text' => t('Location:'), + '$l_orig' => $l_orig, + '$t_text' => t('Title:'), + '$t_orig' => $t_orig, + '$sh_text' => t('Share this event'), + '$sh_checked' => $sh_checked, + '$preview' => t('Preview'), + '$permissions' => t('Permissions'), + '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults),false)), + '$submit' => t('Submit') + + )); + + return $o; + } +} diff --git a/mod/fbrowser.php b/mod/fbrowser.php new file mode 100644 index 000000000..90b554edd --- /dev/null +++ b/mod/fbrowser.php @@ -0,0 +1,128 @@ +<?php +/** + * @package Friendica\modules + * @subpackage FileBrowser + * @author Fabio Comuni <fabrixxm@kirgroup.com> + */ + +require_once('include/photo/photo_driver.php'); + +/** + * @param App $a + */ +function fbrowser_content($a){ + + if (!local_channel()) + killme(); + + if ($a->argc==1) + killme(); + + //echo "<pre>"; var_dump($a->argv); killme(); + + switch($a->argv[1]){ + case "image": + $path = array( array($a->get_baseurl()."/fbrowser/image/", t("Photos"))); + $albums = false; + $sql_extra = ""; + $sql_extra2 = " ORDER BY created DESC LIMIT 0, 10"; + + if ($a->argc==2){ + $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d ", + intval(local_channel()) + ); + // anon functions only from 5.3.0... meglio tardi che mai.. + function folder1($el){return array(bin2hex($el['album']),$el['album']);} + $albums = array_map( "folder1" , $albums); + + } + + $album = ""; + if ($a->argc==3){ + $album = hex2bin($a->argv[2]); + $sql_extra = sprintf("AND `album` = '%s' ",dbesc($album)); + $sql_extra2 = ""; + $path[]=array($a->get_baseurl()."/fbrowser/image/".$a->argv[2]."/", $album); + } + + $r = q("SELECT `resource_id`, `id`, `filename`, type, min(`scale`) AS `hiq`,max(`scale`) AS `loq`, `description` + FROM `photo` WHERE `uid` = %d $sql_extra + GROUP BY `resource_id` $sql_extra2", + intval(local_channel()) + ); + + function files1($rr){ + global $a; + $ph = photo_factory(''); + $types = $ph->supportedTypes(); + $ext = $types[$rr['type']]; + + if($a->get_template_engine() === 'internal') { + $filename_e = template_escape($rr['filename']); + } + else { + $filename_e = $rr['filename']; + } + + return array( + $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['hiq'] . '.' .$ext, + $filename_e, + $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['loq'] . '.'. $ext + ); + } + $files = array_map("files1", $r); + + $tpl = get_markup_template("filebrowser.tpl"); + echo replace_macros($tpl, array( + '$type' => 'image', + '$baseurl' => $a->get_baseurl(), + '$path' => $path, + '$folders' => $albums, + '$files' =>$files, + '$cancel' => t('Cancel'), + )); + + + break; + case "file": + if ($a->argc==2){ + $files = q("SELECT id, filename, filetype FROM `attach` WHERE `uid` = %d ", + intval(local_channel()) + ); + + function files2($rr){ global $a; + list($m1,$m2) = explode("/",$rr['filetype']); + $filetype = ( (file_exists("images/icons/$m1.png"))?$m1:"zip"); + + if($a->get_template_engine() === 'internal') { + $filename_e = template_escape($rr['filename']); + } + else { + $filename_e = $rr['filename']; + } + + return array( $a->get_baseurl() . '/attach/' . $rr['id'], $filename_e, $a->get_baseurl() . '/images/icons/16/' . $filetype . '.png'); + } + $files = array_map("files2", $files); + //echo "<pre>"; var_dump($files); killme(); + + + $tpl = get_markup_template("filebrowser.tpl"); + echo replace_macros($tpl, array( + '$type' => 'file', + '$baseurl' => $a->get_baseurl(), + '$path' => array( array($a->get_baseurl()."/fbrowser/image/", t("Files")) ), + '$folders' => false, + '$files' =>$files, + '$cancel' => t('Cancel'), + )); + + } + + break; + } + + + killme(); + +} diff --git a/mod/feed.php b/mod/feed.php new file mode 100644 index 000000000..3b622fc17 --- /dev/null +++ b/mod/feed.php @@ -0,0 +1,39 @@ +<?php + + +require_once('include/items.php'); + +function feed_init(&$a) { + + $params = array(); + + $params['begin'] = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin'] : NULL_DATE); + $params['end'] = ((x($_REQUEST,'date_end')) ? $_REQUEST['date_end'] : ''); + $params['type'] = ((stristr(argv(0),'json')) ? 'json' : 'xml'); + $params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0); + $params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0); + $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0); + $params['records'] = ((x($params,'records')) ? intval($params['records']) : 40); + $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc'); + + $channel = ''; + if(argc() > 1) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", + dbesc(argv(1)) + ); + if(!($r && count($r))) + killme(); + + $channel = $r[0]; + + if((intval(get_config('system','block_public'))) && (! get_account_id())) + killme(); + + logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']); + echo get_public_feed($channel,$params); + killme(); + } + +} + + diff --git a/mod/filer.php b/mod/filer.php new file mode 100644 index 000000000..8d69503b2 --- /dev/null +++ b/mod/filer.php @@ -0,0 +1,55 @@ +<?php + +require_once('include/security.php'); +require_once('include/bbcode.php'); +require_once('include/items.php'); + + +function filer_content(&$a) { + + if(! local_channel()) { + killme(); + } + + $term = unxmlify(trim($_GET['term'])); + $item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0); + + logger('filer: tag ' . $term . ' item ' . $item_id); + + if($item_id && strlen($term)){ + // file item + store_item_tag(local_channel(),$item_id,TERM_OBJ_POST,TERM_FILE,$term,''); + + // protect the entire conversation from periodic expiration + + $r = q("select parent from item where id = %d and uid = %d limit 1", + intval($item_id), + intval(local_channel()) + ); + if($r) { + $x = q("update item set item_retained = 1 where id = %d and uid = %d", + intval($r[0]['parent']), + intval(local_channel()) + ); + } + } + else { + $filetags = array(); + $r = q("select distinct(term) from term where uid = %d and type = %d order by term asc", + intval(local_channel()), + intval(TERM_FILE) + ); + if(count($r)) { + foreach($r as $rr) + $filetags[] = $rr['term']; + } + $tpl = get_markup_template("filer_dialog.tpl"); + $o = replace_macros($tpl, array( + '$field' => array('term', t("Save to Folder:"), '', '', $filetags, t('- select -')), + '$submit' => t('Save'), + )); + + echo $o; + } + killme(); +} diff --git a/mod/filerm.php b/mod/filerm.php new file mode 100644 index 000000000..bd8ce7cfc --- /dev/null +++ b/mod/filerm.php @@ -0,0 +1,33 @@ +<?php + +function filerm_content(&$a) { + + if(! local_channel()) { + killme(); + } + + $term = trim($_GET['term']); + $cat = trim($_GET['cat']); + + $category = (($cat) ? true : false); + if($category) + $term = $cat; + + $item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0); + + logger('filerm: tag ' . $term . ' item ' . $item_id); + + if($item_id && strlen($term)) { + $r = q("delete from term where uid = %d and type = %d and oid = %d and term = '%s'", + intval(local_channel()), + intval(($category) ? TERM_CATEGORY : TERM_FILE), + intval($item_id), + dbesc($term) + ); + } + + if(x($_SESSION,'return_url')) + goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + + killme(); +} diff --git a/mod/filestorage.php b/mod/filestorage.php new file mode 100644 index 000000000..8b52c086b --- /dev/null +++ b/mod/filestorage.php @@ -0,0 +1,167 @@ +<?php +/** + * @file mod/filestorage.php + * + */ + +require_once('include/attach.php'); + +/** + * + * @param object &$a + */ +function filestorage_post(&$a) { + + $channel_id = ((x($_POST, 'uid')) ? intval($_POST['uid']) : 0); + + if((! $channel_id) || (! local_channel()) || ($channel_id != local_channel())) { + notice( t('Permission denied.') . EOL); + return; + } + + $recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0); + $resource = ((x($_POST, 'filehash')) ? notags($_POST['filehash']) : ''); + $notify = ((x($_POST, 'notify')) ? intval($_POST['notify']) : 0); + + if(! $resource) { + notice(t('Item not found.') . EOL); + return; + } + + $str_group_allow = perms2str($_REQUEST['group_allow']); + $str_contact_allow = perms2str($_REQUEST['contact_allow']); + $str_group_deny = perms2str($_REQUEST['group_deny']); + $str_contact_deny = perms2str($_REQUEST['contact_deny']); + + $channel = $a->get_channel(); + $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource); + + //get the object before permissions change so we can catch eventual former allowed members + $object = get_file_activity_object($channel_id, $resource, $cloudPath); + + attach_change_permissions($channel_id, $resource, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $recurse); + + file_activity($channel_id, $object, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, 'post', $notify); + + goaway($cloudPath); +} + +function filestorage_content(&$a) { + + if(argc() > 1) + $which = argv(1); + else { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $r = q("select * from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $channel = $r[0]; + $owner = intval($r[0]['channel_id']); + } + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner, $ob_hash); + + if(! $perms['view_storage']) { + notice( t('Permission denied.') . EOL); + return; + } + + // Since we have ACL'd files in the wild, but don't have ACL here yet, we + // need to return for anyone other than the owner, despite the perms check for now. + + $is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false); + if(! $is_owner) { + info( t('Permission Denied.') . EOL ); + return; + } + + if(argc() > 3 && argv(3) === 'delete') { + if(! $perms['write_storage']) { + notice( t('Permission denied.') . EOL); + return; + } + + $file = intval(argv(2)); + $r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1", + dbesc($file), + intval($owner) + ); + if(! $r) { + notice( t('File not found.') . EOL); + goaway(z_root() . '/cloud/' . $which); + } + + $f = $r[0]; + $channel = $a->get_channel(); + + $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); + + attach_delete($owner, $f['hash']); + + goaway($parentpath); + } + + if(argc() > 3 && argv(3) === 'edit') { + require_once('include/acl_selectors.php'); + if(! $perms['write_storage']) { + notice( t('Permission denied.') . EOL); + return; + } + $file = intval(argv(2)); + + $r = q("select id, uid, folder, filename, revision, flags, hash, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1", + intval($file), + intval($owner) + ); + + $f = $r[0]; + $channel = $a->get_channel(); + + $cloudpath = get_cloudpath($f) . (($f['flags'] & ATTACH_FLAG_DIR) ? '?f=&davguest=1' : ''); + $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); + + $aclselect_e = populate_acl($f, false); + $is_a_dir = (($f['flags'] & ATTACH_FLAG_DIR) ? true : false); + + $lockstate = (($f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid']) ? 'lock' : 'unlock'); + + // Encode path that is used for link so it's a valid URL + // Keep slashes as slashes, otherwise mod_rewrite doesn't work correctly + $encoded_path = str_replace('%2F', '/', rawurlencode($cloudpath)); + + $o = replace_macros(get_markup_template('attach_edit.tpl'), array( + '$header' => t('Edit file permissions'), + '$file' => $f, + '$cloudpath' => z_root() . '/' . $encoded_path, + '$parentpath' => $parentpath, + '$uid' => $channel['channel_id'], + '$channelnick' => $channel['channel_address'], + '$permissions' => t('Permissions'), + '$aclselect' => $aclselect_e, + '$lockstate' => $lockstate, + '$permset' => t('Set/edit permissions'), + '$recurse' => array('recurse', t('Include all files and sub folders'), 0, '', array(t('No'), t('Yes'))), + '$backlink' => t('Return to file list'), + '$isadir' => $is_a_dir, + '$cpdesc' => t('Copy/paste this code to attach file to a post'), + '$cpldesc' => t('Copy/paste this URL to link file from a web page'), + '$submit' => t('Submit'), + '$attach_btn_title' => t('Share this file'), + '$link_btn_title' => t('Show URL to this file'), + '$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))) + )); + + echo $o; + killme(); + } + + goaway(z_root() . '/cloud/' . $which); +} diff --git a/mod/follow.php b/mod/follow.php new file mode 100644 index 000000000..3ad2cb3bb --- /dev/null +++ b/mod/follow.php @@ -0,0 +1,54 @@ +<?php + + +require_once('include/follow.php'); + +function follow_init(&$a) { + + if(! local_channel()) { + return; + } + + $uid = local_channel(); + $url = notags(trim($_REQUEST['url'])); + $return_url = $_SESSION['return_url']; + $confirm = intval($_REQUEST['confirm']); + + $result = new_contact($uid,$url,$a->get_channel(),true,$confirm); + + if($result['success'] == false) { + if($result['message']) + notice($result['message']); + goaway($return_url); + } + + info( t('Channel added.') . EOL); + + $clone = array(); + foreach($result['abook'] as $k => $v) { + if(strpos($k,'abook_') === 0) { + $clone[$k] = $v; + } + } + unset($clone['abook_id']); + unset($clone['abook_account']); + unset($clone['abook_channel']); + + build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone))); + + + // If we can view their stream, pull in some posts + + if(($result['abook']['abook_their_perms'] & PERMS_R_STREAM) || ($result['abook']['xchan_network'] === 'rss')) + proc_run('php','include/onepoll.php',$result['abook']['abook_id']); + + goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1'); + +} + +function follow_content(&$a) { + + if(! local_channel()) { + return login(); + } +}
\ No newline at end of file diff --git a/mod/fsuggest.php b/mod/fsuggest.php new file mode 100644 index 000000000..ec87af6ae --- /dev/null +++ b/mod/fsuggest.php @@ -0,0 +1,112 @@ +<?php + + +function fsuggest_post(&$a) { + + if(! local_channel()) { + return; + } + + if($a->argc != 2) + return; + + $contact_id = intval($a->argv[1]); + + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval(local_channel()) + ); + if(! count($r)) { + notice( t('Contact not found.') . EOL); + return; + } + $contact = $r[0]; + + $new_contact = intval($_POST['suggest']); + + $hash = random_string(); + + $note = escape_tags(trim($_POST['note'])); + + if($new_contact) { + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($new_contact), + intval(local_channel()) + ); + if(count($r)) { + + $x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`) + VALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')", + intval(local_channel()), + intval($contact_id), + dbesc($r[0]['name']), + dbesc($r[0]['url']), + dbesc($r[0]['request']), + dbesc($r[0]['photo']), + dbesc($hash), + dbesc(datetime_convert()) + ); + $r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1", + dbesc($hash), + intval(local_channel()) + ); + if(count($r)) { + $fsuggest_id = $r[0]['id']; + q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", + dbesc($note), + intval($fsuggest_id), + intval(local_channel()) + ); + proc_run('php', 'include/notifier.php', 'suggest' , $fsuggest_id); + } + + info( t('Friend suggestion sent.') . EOL); + } + + } + + +} + + + +function fsuggest_content(&$a) { + + require_once('include/acl_selectors.php'); + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + if($a->argc != 2) + return; + + $contact_id = intval($a->argv[1]); + + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval(local_channel()) + ); + if(! count($r)) { + notice( t('Contact not found.') . EOL); + return; + } + $contact = $r[0]; + + $o = '<h3>' . t('Suggest Friends') . '</h3>'; + + $o .= '<div id="fsuggest-desc" >' . sprintf( t('Suggest a friend for %s'), $contact['name']) . '</div>'; + + $o .= '<form id="fsuggest-form" action="fsuggest/' . $contact_id . '" method="post" >'; + +// FIXME contact_selector deprecated, removed +// $o .= contact_selector('suggest','suggest-select', false, +// array('size' => 4, 'exclude' => $contact_id, 'networks' => 'DFRN_ONLY', 'single' => true)); + + + $o .= '<div id="fsuggest-submit-wrapper"><input id="fsuggest-submit" type="submit" name="submit" value="' . t('Submit') . '" /></div>'; + $o .= '</form>'; + + return $o; +}
\ No newline at end of file diff --git a/mod/group.php b/mod/group.php new file mode 100644 index 000000000..ce9633669 --- /dev/null +++ b/mod/group.php @@ -0,0 +1,238 @@ +<?php + +require_once('include/group.php'); + + +function group_post(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + if((argc() == 2) && (argv(1) === 'new')) { + check_form_security_token_redirectOnErr('/group/new', 'group_edit'); + + $name = notags(trim($_POST['groupname'])); + $public = intval($_POST['public']); + $r = group_add(local_channel(),$name,$public); + if($r) { + info( t('Collection created.') . EOL ); + $r = group_byname(local_channel(),$name); + if($r) + goaway($a->get_baseurl() . '/group/' . $r); + } + else + notice( t('Could not create collection.') . EOL ); + goaway($a->get_baseurl() . '/group'); + + } + if((argc() == 2) && (intval(argv(1)))) { + check_form_security_token_redirectOnErr('/group', 'group_edit'); + + $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval(argv(1)), + intval(local_channel()) + ); + if(! $r) { + notice( t('Collection not found.') . EOL ); + goaway($a->get_baseurl() . '/connections'); + + } + $group = $r[0]; + $groupname = notags(trim($_POST['groupname'])); + $public = intval($_POST['public']); + + if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) { + $r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d", + dbesc($groupname), + intval($public), + intval(local_channel()), + intval($group['id']) + ); + if($r) + info( t('Collection updated.') . EOL ); + } + + goaway(z_root() . '/group/' . argv(1) . '/' . argv(2)); + } + return; +} + +function group_content(&$a) { + $change = false; + + logger('mod_group: ' . $a->cmd,LOGGER_DEBUG); + + if(! local_channel()) { + notice( t('Permission denied') . EOL); + return; + } + + // Switch to text mode interface if we have more than 'n' contacts or group members + + $switchtotext = get_pconfig(local_channel(),'system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = get_config('system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = 400; + + $tpl = get_markup_template('group_edit.tpl'); + $context = array('$submit' => t('Submit')); + + if((argc() == 2) && (argv(1) === 'new')) { + + return replace_macros($tpl, $context + array( + '$title' => t('Create a collection of channels.'), + '$gname' => array('groupname',t('Collection Name: '), '', ''), + '$gid' => 'new', + '$public' => array('public',t('Members are visible to other channels'), false, ''), + '$form_security_token' => get_form_security_token("group_edit"), + )); + + + } + + if((argc() == 3) && (argv(1) === 'drop')) { + check_form_security_token_redirectOnErr('/group', 'group_drop', 't'); + + if(intval(argv(2))) { + $r = q("SELECT `name` FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval(argv(2)), + intval(local_channel()) + ); + if($r) + $result = group_rmv(local_channel(),$r[0]['name']); + if($result) + info( t('Collection removed.') . EOL); + else + notice( t('Unable to remove collection.') . EOL); + } + goaway($a->get_baseurl() . '/group'); + // NOTREACHED + } + + + if((argc() > 2) && intval(argv(1)) && argv(2)) { + + check_form_security_token_ForbiddenOnErr('group_member_change', 't'); + + $r = q("SELECT abook_xchan from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and xchan_deleted = 0 and abook_blocked = 0 and abook_pending = 0 limit 1", + dbesc(base64url_decode(argv(2))), + intval(local_channel()) + ); + if(count($r)) + $change = base64url_decode(argv(2)); + + } + + if((argc() > 1) && (intval(argv(1)))) { + + require_once('include/acl_selectors.php'); + $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", + intval(argv(1)), + intval(local_channel()) + ); + if(! $r) { + notice( t('Collection not found.') . EOL ); + goaway($a->get_baseurl() . '/connections'); + } + $group = $r[0]; + + + $members = group_get_members($group['id']); + + $preselected = array(); + if(count($members)) { + foreach($members as $member) + if(! in_array($member['xchan_hash'],$preselected)) + $preselected[] = $member['xchan_hash']; + } + + if($change) { + + if(in_array($change,$preselected)) { + group_rmv_member(local_channel(),$group['name'],$change); + } + else { + group_add_member(local_channel(),$group['name'],$change); + } + + $members = group_get_members($group['id']); + + $preselected = array(); + if(count($members)) { + foreach($members as $member) + $preselected[] = $member['xchan_hash']; + } + } + + $drop_tpl = get_markup_template('group_drop.tpl'); + $drop_txt = replace_macros($drop_tpl, array( + '$id' => $group['id'], + '$delete' => t('Delete'), + '$form_security_token' => get_form_security_token("group_drop"), + )); + + + $context = $context + array( + '$title' => t('Collection Editor'), + '$gname' => array('groupname',t('Collection Name: '),$group['name'], ''), + '$gid' => $group['id'], + '$drop' => $drop_txt, + '$public' => array('public',t('Members are visible to other channels'), $group['visible'], ''), + '$form_security_token' => get_form_security_token('group_edit'), + ); + + } + + if(! isset($group)) + return; + + $groupeditor = array( + 'label_members' => t('Members'), + 'members' => array(), + 'label_contacts' => t('All Connected Channels'), + 'contacts' => array(), + ); + + $sec_token = addslashes(get_form_security_token('group_member_change')); + $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); + foreach($members as $member) { + if($member['xchan_url']) { + $member['archived'] = (intval($member['abook_archived']) ? true : false); + $member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . base64url_encode($member['xchan_hash']) . '\',\'' . $sec_token . '\'); return false;'; + $groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode); + } + else + group_rmv_member(local_channel(),$group['name'],$member['xchan_hash']); + } + + $r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 order by xchan_name asc", + intval(local_channel()) + ); + + if(count($r)) { + $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); + foreach($r as $member) { + if(! in_array($member['xchan_hash'],$preselected)) { + $member['archived'] = (intval($member['abook_archived']) ? true : false); + $member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . base64url_encode($member['xchan_hash']) . '\',\'' . $sec_token . '\'); return false;'; + $groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode); + } + } + } + + $context['$groupeditor'] = $groupeditor; + $context['$desc'] = t('Click on a channel to add or remove.'); + + if($change) { + $tpl = get_markup_template('groupeditor.tpl'); + echo replace_macros($tpl, $context); + killme(); + } + + return replace_macros($tpl, $context); + +} + diff --git a/mod/hcard.php b/mod/hcard.php new file mode 100644 index 000000000..014a63b35 --- /dev/null +++ b/mod/hcard.php @@ -0,0 +1,54 @@ +<?php + +function hcard_init(&$a) { + + if(argc() > 1) + $which = argv(1); + else { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $profile = ''; + $channel = $a->get_channel(); + + if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + $profile = argv(1); + $r = q("select profile_guid from profile where id = %d and uid = %d limit 1", + intval($profile), + intval(local_channel()) + ); + if(! $r) + $profile = ''; + $profile = $r[0]['profile_guid']; + } + + $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which .'" />' . "\r\n" ; + + if(! $profile) { + $x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", + dbesc(argv(1)) + ); + if($x) { + $a->profile = $x[0]; + } + } + + profile_load($a,$which,$profile); + + +} + + +function hcard_content(&$a) { + + require_once('include/widgets.php'); + return widget_profile(array()); + + + +} + + diff --git a/mod/help.php b/mod/help.php new file mode 100644 index 000000000..694b356aa --- /dev/null +++ b/mod/help.php @@ -0,0 +1,122 @@ +<?php + +/** + * You can create local site resources in doc/Site.md and either link to doc/Home.md for the standard resources + * or use our include mechanism to include it on your local page. + * + * #include doc/Home.md; + * + * The syntax is somewhat strict. + * + */ + + +if(! function_exists('load_doc_file')) { +function load_doc_file($s) { + $lang = get_app()->language; + if(! isset($lang)) + $lang = 'en'; + $b = basename($s); + $d = dirname($s); + if(file_exists("$d/$lang/$b")) + return file_get_contents("$d/$lang/$b"); + if(file_exists($s)) + return file_get_contents($s); + return ''; +}} + + + +function help_content(&$a) { + nav_set_selected('help'); + + global $lang; + + $doctype = 'markdown'; + + $text = ''; + + if(argc() > 1) { + $path = ''; + for($x = 1; $x < argc(); $x ++) { + if(strlen($path)) + $path .= '/'; + $path .= argv($x); + } + $title = basename($path); + + $text = load_doc_file('doc/' . $path . '.md'); + $a->page['title'] = t('Help:') . ' ' . ucwords(str_replace('-',' ',notags($title))); + + if(! $text) { + $text = load_doc_file('doc/' . $path . '.bb'); + if($text) + $doctype = 'bbcode'; + $a->page['title'] = t('Help:') . ' ' . ucwords(str_replace('_',' ',notags($title))); + } + if(! $text) { + $text = load_doc_file('doc/' . $path . '.html'); + if($text) + $doctype = 'html'; + $a->page['title'] = t('Help:') . ' ' . ucwords(str_replace('-',' ',notags($title))); + } + } + + if(! $text) { + $text = load_doc_file('doc/Site.md'); + $a->page['title'] = t('Help'); + } + if(! $text) { + $doctype = 'bbcode'; + $text = load_doc_file('doc/main.bb'); + $a->page['title'] = t('Help'); + } + + if(! strlen($text)) { + header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found')); + $tpl = get_markup_template("404.tpl"); + return replace_macros($tpl, array( + '$message' => t('Page not found.' ) + )); + } + + if($doctype === 'html') + $content = $text; + if($doctype === 'markdown') { + require_once('library/markdown.php'); + # escape #include tags + $text = preg_replace('/#include/ism', '%%include', $text); + $content = Markdown($text); + $content = preg_replace('/%%include/ism', '#include', $content); + } + if($doctype === 'bbcode') { + require_once('include/bbcode.php'); + $content = bbcode($text); + } + + $content = preg_replace_callback("/#include (.*?)\;/ism", 'preg_callback_help_include', $content); + + return replace_macros(get_markup_template("help.tpl"), array( + '$title' => t('$Projectname Documentation'), + '$content' => translate_projectname($content) + )); + +} + + +function preg_callback_help_include($matches) { + + if($matches[1]) { + $include = str_replace($matches[0],load_doc_file($matches[1]),$matches[0]); + if(preg_match('/\.bb$/', $matches[1]) || preg_match('/\.txt$/', $matches[1])) { + require_once('include/bbcode.php'); + $include = bbcode($include); + } elseif(preg_match('/\.md$/', $matches[1])) { + require_once('library/markdown.php'); + $include = Markdown($include); + } + return $include; + } + +} + diff --git a/mod/home.php b/mod/home.php new file mode 100644 index 000000000..242b2dcec --- /dev/null +++ b/mod/home.php @@ -0,0 +1,81 @@ +<?php + +require_once('include/items.php'); +require_once('include/conversation.php'); + + +function home_init(&$a) { + + $ret = array(); + + call_hooks('home_init',$ret); + + $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); + + $channel = $a->get_channel(); + if(local_channel() && $channel && $channel['xchan_url'] && ! $splash) { + $dest = $channel['channel_startpage']; + if(! $dest) + $dest = get_pconfig(local_channel(),'system','startpage'); + if(! $dest) + $dest = get_config('system','startpage'); + if(! $dest) + $dest = z_root() . '/network'; + + goaway($dest); + } + + if(get_account_id() && ! $splash) { + goaway(z_root() . '/new_channel'); + } + +} + + +function home_content(&$a, $update = 0, $load = false) { + + $o = ''; + + + if(x($_SESSION,'theme')) + unset($_SESSION['theme']); + if(x($_SESSION,'mobile_theme')) + unset($_SESSION['mobile_theme']); + + $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); + + call_hooks('home_content',$o); + if($o) + return $o; + + $frontpage = get_config('system','frontpage'); + if($frontpage) { + if(strpos($frontpage,'include:') !== false) { + $file = trim(str_replace('include:' , '', $frontpage)); + if(file_exists($file)) { + $a->page['template'] = 'full'; + $a->page['title'] = t('$Projectname'); + $o .= file_get_contents($file); + return $o; + } + } + if(intval(get_config('system','mirror_frontpage'))) { + $o = '<html><head><title>' . t('$Projectname') . '</title></head><body style="margin: 0; padding: 0; border: none;" ><iframe src="' . z_root() . '/' . $frontpage . '" width="100%" height="100%" style="margin: 0; padding: 0; border: none;" ></iframe></body></html>'; + echo $o; + killme(); + } + goaway(z_root() . '/' . $frontpage); + } + + + $sitename = get_config('system','sitename'); + if($sitename) + $o .= '<h1>' . sprintf( t("Welcome to %s") ,$sitename) . '</h1>'; + + $loginbox = get_config('system','login_on_homepage'); + if(intval($loginbox) || $loginbox === false) + $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); + + return $o; + +} diff --git a/mod/hostxrd.php b/mod/hostxrd.php new file mode 100644 index 000000000..ef86f2dd9 --- /dev/null +++ b/mod/hostxrd.php @@ -0,0 +1,16 @@ +<?php + +function hostxrd_init(&$a) { + header('Access-Control-Allow-Origin: *'); + header("Content-type: text/xml"); + + $tpl = get_markup_template('xrd_host.tpl'); + $x = replace_macros(get_markup_template('xrd_host.tpl'), array( + '$zhost' => $a->get_hostname(), + '$zroot' => z_root() + )); + $arr = array('xrd' => $x); + call_hooks('hostxrd',$arr); + echo $arr['xrd']; + killme(); +} diff --git a/mod/id.php b/mod/id.php new file mode 100644 index 000000000..bd4c1fa89 --- /dev/null +++ b/mod/id.php @@ -0,0 +1,310 @@ +<?php +/** + * @file mod/id.php + * @brief OpenID implementation + */ + +require 'library/openid/provider/provider.php'; + + +$attrMap = array( + 'namePerson/first' => t('First Name'), + 'namePerson/last' => t('Last Name'), + 'namePerson/friendly' => t('Nickname'), + 'namePerson' => t('Full Name'), + 'contact/internet/email' => t('Email'), + 'contact/email' => t('Email'), + 'media/image/aspect11' => t('Profile Photo'), + 'media/image' => t('Profile Photo'), + 'media/image/default' => t('Profile Photo'), + 'media/image/16x16' => t('Profile Photo 16px'), + 'media/image/32x32' => t('Profile Photo 32px'), + 'media/image/48x48' => t('Profile Photo 48px'), + 'media/image/64x64' => t('Profile Photo 64px'), + 'media/image/80x80' => t('Profile Photo 80px'), + 'media/image/128x128' => t('Profile Photo 128px'), + 'timezone' => t('Timezone'), + 'contact/web/default' => t('Homepage URL'), + 'language/pref' => t('Language'), + 'birthDate/birthYear' => t('Birth Year'), + 'birthDate/birthMonth' => t('Birth Month'), + 'birthDate/birthday' => t('Birth Day'), + 'birthDate' => t('Birthdate'), + 'gender' => t('Gender'), +); + + +/** + * @brief Entrypoint for the OpenID implementation. + * + * @param App &$a + */ +function id_init(&$a) { + + logger('id: ' . print_r($_REQUEST, true)); + + if(argc() > 1) { + $which = argv(1); + } else { + $a->error = 404; + return; + } + + $profile = ''; + $channel = $a->get_channel(); + profile_load($a,$which,$profile); + + $op = new MysqlProvider; + $op->server(); +} + +/** + * @brief Returns user data needed for OpenID. + * + * If no $handle is provided we will use local_channel() by default. + * + * @param string $handle (default null) + * @return boolean|array + */ +function getUserData($handle = null) { + if (! local_channel()) { + notice( t('Permission denied.') . EOL); + get_app()->page['content'] = login(); + + return false; + } + +// logger('handle: ' . $handle); + + if ($handle) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", + dbesc($handle) + ); + } else { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d", + intval(local_channel()) + ); + } + + if (! r) + return false; + + $x = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if ($x) + $r[0]['email'] = $x[0]['account_email']; + + $p = q("select * from profile where is_default = 1 and uid = %d limit 1", + intval($r[0]['channel_account_id']) + ); + + $gender = ''; + if ($p[0]['gender'] == t('Male')) + $gender = 'M'; + if ($p[0]['gender'] == t('Female')) + $gender = 'F'; + + $r[0]['firstName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],0,strpos($r[0]['channel_name'],' ')) : $r[0]['channel_name']); + $r[0]['lastName'] = ((strpos($r[0]['channel_name'],' ')) ? substr($r[0]['channel_name'],strpos($r[0]['channel_name'],' ')+1) : ''); + $r[0]['namePerson'] = $r[0]['channel_name']; + $r[0]['pphoto'] = $r[0]['xchan_photo_l']; + $r[0]['pphoto16'] = z_root() . '/photo/profile/16/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto32'] = z_root() . '/photo/profile/32/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto48'] = z_root() . '/photo/profile/48/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto64'] = z_root() . '/photo/profile/64/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto80'] = z_root() . '/photo/profile/80/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['pphoto128'] = z_root() . '/photo/profile/128/' . $r[0]['channel_id'] . '.jpg'; + $r[0]['timezone'] = $r[0]['channel_timezone']; + $r[0]['url'] = $r[0]['xchan_url']; + $r[0]['language'] = (($x[0]['account_language']) ? $x[0]['account_language'] : 'en'); + $r[0]['birthyear'] = ((intval(substr($p[0]['dob'],0,4))) ? intval(substr($p[0]['dob'],0,4)) : ''); + $r[0]['birthmonth'] = ((intval(substr($p[0]['dob'],5,2))) ? intval(substr($p[0]['dob'],5,2)) : ''); + $r[0]['birthday'] = ((intval(substr($p[0]['dob'],8,2))) ? intval(substr($p[0]['dob'],8,2)) : ''); + $r[0]['birthdate'] = (($r[0]['birthyear'] && $r[0]['birthmonth'] && $r[0]['birthday']) ? $p[0]['dob'] : ''); + $r[0]['gender'] = $gender; + + return $r[0]; + +/* +* if(isset($_POST['login'],$_POST['password'])) { +* $login = mysql_real_escape_string($_POST['login']); +* $password = sha1($_POST['password']); +* $q = mysql_query("SELECT * FROM Users WHERE login = '$login' AND password = '$password'"); +* if($data = mysql_fetch_assoc($q)) { +* return $data; +* } +* if($handle) { +* echo 'Wrong login/password.'; +* } +* } +* if($handle) { +* ?> +* <form action="" method="post"> +* <input type="hidden" name="openid.assoc_handle" value="<?php echo $handle?>"> +* Login: <input type="text" name="login"><br> +* Password: <input type="password" name="password"><br> +* <button>Submit</button> +* </form> +* <?php +* die(); +* } +*/ + +} + + +/** + * @brief MySQL provider for OpenID implementation. + * + */ +class MysqlProvider extends LightOpenIDProvider { + + // See http://openid.net/specs/openid-attribute-properties-list-1_0-01.html + // This list contains a few variations of these attributes to maintain + // compatibility with legacy clients + + private $attrFieldMap = array( + 'namePerson/first' => 'firstName', + 'namePerson/last' => 'lastName', + 'namePerson/friendly' => 'channel_address', + 'namePerson' => 'namePerson', + 'contact/internet/email' => 'email', + 'contact/email' => 'email', + 'media/image/aspect11' => 'pphoto', + 'media/image' => 'pphoto', + 'media/image/default' => 'pphoto', + 'media/image/16x16' => 'pphoto16', + 'media/image/32x32' => 'pphoto32', + 'media/image/48x48' => 'pphoto48', + 'media/image/64x64' => 'pphoto64', + 'media/image/80x80' => 'pphoto80', + 'media/image/128x128' => 'pphoto128', + 'timezone' => 'timezone', + 'contact/web/default' => 'url', + 'language/pref' => 'language', + 'birthDate/birthYear' => 'birthyear', + 'birthDate/birthMonth' => 'birthmonth', + 'birthDate/birthday' => 'birthday', + 'birthDate' => 'birthdate', + 'gender' => 'gender', + ); + + function setup($identity, $realm, $assoc_handle, $attributes) { + global $attrMap; + +// logger('identity: ' . $identity); +// logger('realm: ' . $realm); +// logger('assoc_handle: ' . $assoc_handle); +// logger('attributes: ' . print_r($attributes,true)); + + $data = getUserData($assoc_handle); + + +/** @FIXME this needs to be a template with localised strings */ + + $o .= '<form action="" method="post">' + . '<input type="hidden" name="openid.assoc_handle" value="' . $assoc_handle . '">' + . '<input type="hidden" name="login" value="' . $_POST['login'] .'">' + . '<input type="hidden" name="password" value="' . $_POST['password'] .'">' + . "<b>$realm</b> wishes to authenticate you."; + if($attributes['required'] || $attributes['optional']) { + $o .= " It also requests following information (required fields marked with *):" + . '<ul>'; + + foreach($attributes['required'] as $attr) { + if(isset($this->attrMap[$attr])) { + $o .= '<li>' + . '<input type="checkbox" name="attributes[' . $attr . ']"> ' + . $this->attrMap[$attr] . ' <span class="required">*</span></li>'; + } + } + + foreach($attributes['optional'] as $attr) { + if(isset($this->attrMap[$attr])) { + $o .= '<li>' + . '<input type="checkbox" name="attributes[' . $attr . ']"> ' + . $this->attrMap[$attr] . '</li>'; + } + } + $o .= '</ul>'; + } + $o .= '<br>' + . '<button name="once">Allow once</button> ' + . '<button name="always">Always allow</button> ' + . '<button name="cancel">cancel</button> ' + . '</form>'; + + get_app()->page['content'] .= $o; + } + + function checkid($realm, &$attributes) { + + logger('checkid: ' . $realm); + logger('checkid attrs: ' . print_r($attributes,true)); + + if(isset($_POST['cancel'])) { + $this->cancel(); + } + + $data = getUserData(); + if(! $data) { + return false; + } + + $q = get_pconfig(local_channel(), 'openid', $realm); + + $attrs = array(); + if($q) { + $attrs = $q; + } elseif(isset($_POST['attributes'])) { + $attrs = array_keys($_POST['attributes']); + } elseif(!isset($_POST['once']) && !isset($_POST['always'])) { + return false; + } + + $attributes = array(); + foreach($attrs as $attr) { + if(isset($this->attrFieldMap[$attr])) { + $attributes[$attr] = $data[$this->attrFieldMap[$attr]]; + } + } + + if(isset($_POST['always'])) { + set_pconfig(local_channel(),'openid',$realm,array_keys($attributes)); + } + + return z_root() . '/id/' . $data['channel_address']; + } + + function assoc_handle() { + logger('assoc_handle'); + $channel = get_app()->get_channel(); + + return z_root() . '/channel/' . $channel['channel_address']; + } + + function setAssoc($handle, $data) { + logger('setAssoc'); + $channel = channelx_by_nick(basename($handle)); + if($channel) + set_pconfig($channel['channel_id'],'openid','associate',$data); + } + + function getAssoc($handle) { + logger('getAssoc: ' . $handle); + + $channel = channelx_by_nick(basename($handle)); + if($channel) + return get_pconfig($channel['channel_id'], 'openid', 'associate'); + + return false; + } + + function delAssoc($handle) { + logger('delAssoc'); + $channel = channelx_by_nick(basename($handle)); + if($channel) + return del_pconfig($channel['channel_id'], 'openid', 'associate'); + } +} diff --git a/mod/impel.php b/mod/impel.php new file mode 100644 index 000000000..da7138438 --- /dev/null +++ b/mod/impel.php @@ -0,0 +1,201 @@ +<?php /** @file */ + +// import page design element + +require_once('include/menu.php'); + +function impel_init(&$a) { + + $ret = array('success' => false); + + if(! local_channel()) + json_return_and_die($ret); + + logger('impel: ' . print_r($_REQUEST,true), LOGGER_DATA); + + $elm = $_REQUEST['element']; + $x = base64url_decode($elm); + if(! $x) + json_return_and_die($ret); + + $j = json_decode($x,true); + if(! $j) + json_return_and_die($ret); + + $channel = $a->get_channel(); + + $arr = array(); + $is_menu = false; + + // a portable menu has its links rewritten with the local baseurl + $portable_menu = false; + + switch($j['type']) { + case 'webpage': + $arr['item_type'] = ITEM_TYPE_WEBPAGE; + $namespace = 'WEBPAGE'; + $installed_type = t('webpage'); + break; + case 'block': + $arr['item_type'] = ITEM_TYPE_BLOCK; + $namespace = 'BUILDBLOCK'; + $installed_type = t('block'); + break; + case 'layout': + $arr['item_type'] = ITEM_TYPE_PDL; + $namespace = 'PDL'; + $installed_type = t('layout'); + break; + case 'portable-menu': + $portable_menu = true; + // fall through + case 'menu': + $is_menu = true; + $installed_type = t('menu'); + break; + default: + logger('mod_impel: unrecognised element type' . print_r($j,true)); + break; + } + + if($is_menu) { + $m = array(); + $m['menu_channel_id'] = local_channel(); + $m['menu_name'] = $j['pagetitle']; + $m['menu_desc'] = $j['desc']; + if($j['created']) + $m['menu_created'] = datetime_convert($j['created']); + if($j['edited']) + $m['menu_edited'] = datetime_convert($j['edited']); + + $m['menu_flags'] = 0; + if($j['flags']) { + if(in_array('bookmark',$j['flags'])) + $m['menu_flags'] |= MENU_BOOKMARK; + if(in_array('system',$j['flags'])) + $m['menu_flags'] |= MENU_SYSTEM; + + } + + $menu_id = menu_create($m); + + if($menu_id) { + if(is_array($j['items'])) { + foreach($j['items'] as $it) { + $mitem = array(); + + $mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']); + $mitem['mitem_desc'] = escape_tags($it['desc']); + $mitem['mitem_order'] = intval($it['order']); + if(is_array($it['flags'])) { + $mitem['mitem_flags'] = 0; + if(in_array('zid',$it['flags'])) + $mitem['mitem_flags'] |= MENU_ITEM_ZID; + if(in_array('new-window',$it['flags'])) + $mitem['mitem_flags'] |= MENU_ITEM_NEWWIN; + if(in_array('chatroom',$it['flags'])) + $mitem['mitem_flags'] |= MENU_ITEM_CHATROOM; + } + menu_add_item($menu_id,local_channel(),$mitem); + } + if($j['edited']) { + $x = q("update menu set menu_edited = '%s' where menu_id = %d and menu_channel_id = %d", + dbesc(datetime_convert('UTC','UTC',$j['edited'])), + intval($menu_id), + intval(local_channel()) + ); + } + } + $ret['success'] = true; + } + $x = $ret; + } + else { + $arr['uid'] = local_channel(); + $arr['aid'] = $channel['channel_account_id']; + $arr['title'] = $j['title']; + $arr['body'] = $j['body']; + $arr['term'] = $j['term']; + $arr['layout_mid'] = $j['layout_mid']; + $arr['created'] = datetime_convert('UTC','UTC', $j['created']); + $arr['edited'] = datetime_convert('UTC','UTC',$j['edited']); + $arr['owner_xchan'] = get_observer_hash(); + $arr['author_xchan'] = (($j['author_xchan']) ? $j['author_xchan'] : get_observer_hash()); + $arr['mimetype'] = (($j['mimetype']) ? $j['mimetype'] : 'text/bbcode'); + + if(! $j['mid']) + $j['mid'] = item_message_id(); + + $arr['mid'] = $arr['parent_mid'] = $j['mid']; + + + if($j['pagetitle']) { + require_once('library/urlify/URLify.php'); + $pagetitle = strtolower(URLify::transliterate($j['pagetitle'])); + } + + + + // Verify ability to use html or php!!! + + $execflag = false; + + if($arr['mimetype'] === 'application/x-php') { + $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + intval(local_channel()) + ); + + if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { + $execflag = true; + } + } + + $remote_id = 0; + + $z = q("select * from item_id where sid = '%s' and service = '%s' and uid = %d limit 1", + dbesc($pagetitle), + dbesc($namespace), + intval(local_channel()) + ); + + $i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1", + dbesc($arr['mid']), + intval(local_channel()) + ); + + if($z && $i) { + $remote_id = $z[0]['id']; + $arr['id'] = $i[0]['id']; + // don't update if it has the same timestamp as the original + if($arr['edited'] > $i[0]['edited']) + $x = item_store_update($arr,$execflag); + } + else { + if(($i) && (intval($i[0]['item_deleted']))) { + // was partially deleted already, finish it off + q("delete from item where mid = '%s' and uid = %d", + dbesc($arr['mid']), + intval(local_channel()) + ); + } + $x = item_store($arr,$execflag); + } + + if($x['success']) { + $item_id = $x['item_id']; + update_remote_id($channel,$item_id,$arr['item_type'],$pagetitle,$namespace,$remote_id,$arr['mid']); + } + } + + if($x['success']) { + $ret['success'] = true; + info( sprintf( t('%s element installed'), $installed_type)); + } + else { + notice( sprintf( t('%s element installation failed'), $installed_type)); + } + +//??? should perhaps return ret? + json_return_and_die(true); + +} diff --git a/mod/import.php b/mod/import.php new file mode 100644 index 000000000..f8ab8a0a2 --- /dev/null +++ b/mod/import.php @@ -0,0 +1,578 @@ +<?php + +// Import a channel, either by direct file upload or via +// connection to original server. + +require_once('include/Contact.php'); +require_once('include/zot.php'); +require_once('include/identity.php'); + +function import_post(&$a) { + + $account_id = get_account_id(); + if(! $account_id) + return; + + $max_identities = account_service_class_fetch($account_id,'total_identities'); + $max_friends = account_service_class_fetch($account_id,'total_channels'); + $max_feeds = account_service_class_fetch($account_id,'total_feeds'); + + if($max_identities !== false) { + $r = q("select channel_id from channel where channel_account_id = %d", + intval($account_id) + ); + if($r && count($r) > $max_identities) { + notice( sprintf( t('Your service plan only allows %d channels.'), $max_identities) . EOL); + return; + } + } + + + $data = null; + $seize = ((x($_REQUEST,'make_primary')) ? intval($_REQUEST['make_primary']) : 0); + $import_posts = ((x($_REQUEST,'import_posts')) ? intval($_REQUEST['import_posts']) : 0); + $src = $_FILES['filename']['tmp_name']; + $filename = basename($_FILES['filename']['name']); + $filesize = intval($_FILES['filename']['size']); + $filetype = $_FILES['filename']['type']; + + + if($src) { + + // This is OS specific and could also fail if your tmpdir isn't very large + // mostly used for Diaspora which exports gzipped files. + + if(strpos($filename,'.gz')){ + @rename($src,$src . '.gz'); + @system('gunzip ' . escapeshellarg($src . '.gz')); + } + + if($filesize) { + $data = @file_get_contents($src); + } + unlink($src); + } + + if(! $src) { + $old_address = ((x($_REQUEST,'old_address')) ? $_REQUEST['old_address'] : ''); + if(! $old_address) { + logger('mod_import: nothing to import.'); + notice( t('Nothing to import.') . EOL); + return; + } + + $email = ((x($_REQUEST,'email')) ? $_REQUEST['email'] : ''); + $password = ((x($_REQUEST,'password')) ? $_REQUEST['password'] : ''); + + $channelname = substr($old_address,0,strpos($old_address,'@')); + $servername = substr($old_address,strpos($old_address,'@')+1); + + $scheme = 'https://'; + $api_path = '/api/red/channel/export/basic?f=&channel=' . $channelname; + if($import_posts) + $api_path .= '&posts=1'; + $binary = false; + $redirects = 0; + $opts = array('http_auth' => $email . ':' . $password); + $url = $scheme . $servername . $api_path; + $ret = z_fetch_url($url, $binary, $redirects, $opts); + if(! $ret['success']) + $ret = z_fetch_url('http://' . $servername . $api_path, $binary, $redirects, $opts); + if($ret['success']) + $data = $ret['body']; + else + notice( t('Unable to download data from old server') . EOL); + + } + + if(! $data) { + logger('mod_import: empty file.'); + notice( t('Imported file is empty.') . EOL); + return; + } + + $data = json_decode($data,true); + +// logger('import: data: ' . print_r($data,true)); +// print_r($data); + + + if(array_key_exists('user',$data) && array_key_exists('version',$data)) { + require_once('include/Import/import_diaspora.php'); + import_diaspora($data); + return; + } + + if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) { + $v1 = substr($data['compatibility']['database'],-4); + $v2 = substr(DB_UPDATE_VERSION,-4); + if($v2 > $v1) { + $t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); + notice($t); + } + } + + // import channel + + $channel = $data['channel']; + + if(! array_key_exists('channel_system',$channel)) { + $channel['channel_system'] = (($channel['channel_pageflags'] & 0x1000) ? 1 : 0); + $channel['channel_removed'] = (($channel['channel_pageflags'] & 0x8000) ? 1 : 0); + } + + $r = q("select * from channel where (channel_guid = '%s' or channel_hash = '%s' or channel_address = '%s' ) limit 1", + dbesc($channel['channel_guid']), + dbesc($channel['channel_hash']), + dbesc($channel['channel_address']) + ); + + // We should probably also verify the hash + + if($r) { + if($r[0]['channel_guid'] === $channel['channel_guid'] || $r[0]['channel_hash'] === $channel['channel_hash']) { + logger('mod_import: duplicate channel. ', print_r($channel,true)); + notice( t('Cannot create a duplicate channel identifier on this system. Import failed.') . EOL); + return; + } + else { + // try at most ten times to generate a unique address. + $x = 0; + $found_unique = false; + do { + $tmp = $channel['channel_address'] . mt_rand(1000,9999); + $r = q("select * from channel where channel_address = '%s' limit 1", + dbesc($tmp) + ); + if(! $r) { + $channel['channel_address'] = $tmp; + $found_unique = true; + break; + } + $x ++; + } while ($x < 10); + if(! $found_unique) { + logger('mod_import: duplicate channel. randomisation failed.', print_r($channel,true)); + notice( t('Unable to create a unique channel address. Import failed.') . EOL); + return; + } + } + } + + unset($channel['channel_id']); + $channel['channel_account_id'] = get_account_id(); + $channel['channel_primary'] = (($seize) ? 1 : 0); + + dbesc_array($channel); + + $r = dbq("INSERT INTO channel (`" + . implode("`, `", array_keys($channel)) + . "`) VALUES ('" + . implode("', '", array_values($channel)) + . "')" ); + + if(! $r) { + logger('mod_import: channel clone failed. ', print_r($channel,true)); + notice( t('Channel clone failed. Import failed.') . EOL); + return; + } + + $r = q("select * from channel where channel_account_id = %d and channel_guid = '%s' limit 1", + intval(get_account_id()), + $channel['channel_guid'] // Already dbesc'd + ); + if(! $r) { + logger('mod_import: channel not found. ', print_r($channel,true)); + notice( t('Cloned channel not found. Import failed.') . EOL); + return; + } + // reset + $channel = $r[0]; + + set_default_login_identity(get_account_id(),$channel['channel_id'],false); + + + $configs = $data['config']; + if($configs) { + foreach($configs as $config) { + unset($config['id']); + $config['uid'] = $channel['channel_id']; + dbesc_array($config); + $r = dbq("INSERT INTO pconfig (`" + . implode("`, `", array_keys($config)) + . "`) VALUES ('" + . implode("', '", array_values($config)) + . "')" ); + } + } + + + if($data['photo']) { + require_once('include/photo/photo_driver.php'); + import_channel_photo(base64url_decode($data['photo']['data']),$data['photo']['type'],get_account_id(),$channel['channel_id']); + } + + $profiles = $data['profile']; + if($profiles) { + foreach($profiles as $profile) { + unset($profile['id']); + $profile['aid'] = get_account_id(); + $profile['uid'] = $channel['channel_id']; + + // we are going to reset all profile photos to the original + // somebody will have to fix this later and put all the applicable photos into the export + + $profile['photo'] = z_root() . '/photo/profile/l/' . $channel['channel_id']; + $profile['thumb'] = z_root() . '/photo/profile/m/' . $channel['channel_id']; + + + dbesc_array($profile); + $r = dbq("INSERT INTO profile (`" + . implode("`, `", array_keys($profile)) + . "`) VALUES ('" + . implode("', '", array_values($profile)) + . "')" ); + } + } + + + $hublocs = $data['hubloc']; + if($hublocs) { + foreach($hublocs as $hubloc) { + + if(! array_key_exists('hubloc_primary',$hublocs)) { + $hubloc['hubloc_primary'] = (($hubloc['hubloc_flags'] & 0x0001) ? 1 : 0); + $hubloc['hubloc_orphancheck'] = (($hubloc['hubloc_flags'] & 0x0004) ? 1 : 0); + $hubloc['hubloc_error'] = (($hubloc['hubloc_status'] & 0x0003) ? 1 : 0); + $hubloc['hubloc_deleted'] = (($hubloc['hubloc_flags'] & 0x1000) ? 1 : 0); + } + + $arr = array( + 'guid' => $hubloc['hubloc_guid'], + 'guid_sig' => $hubloc['guid_sig'], + 'url' => $hubloc['hubloc_url'], + 'url_sig' => $hubloc['hubloc_url_sig'] + ); + if(($hubloc['hubloc_hash'] === $channel['channel_hash']) && intval($hubloc['hubloc_primary']) && ($seize)) + $hubloc['hubloc_primary'] = 0; + + if(! zot_gethub($arr)) { + unset($hubloc['hubloc_id']); + dbesc_array($hubloc); + + $r = dbq("INSERT INTO hubloc (`" + . implode("`, `", array_keys($hubloc)) + . "`) VALUES ('" + . implode("', '", array_values($hubloc)) + . "')" ); + + } + + } + } + + // create new hubloc for the new channel at this site + + $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_network, hubloc_primary, + hubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey ) + values ( '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s' )", + dbesc($channel['channel_guid']), + dbesc($channel['channel_guid_sig']), + dbesc($channel['channel_hash']), + dbesc($channel['channel_address'] . '@' . get_app()->get_hostname()), + dbesc('zot'), + intval(($seize) ? 1 : 0), + dbesc(z_root()), + dbesc(base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey']))), + dbesc(get_app()->get_hostname()), + dbesc(z_root() . '/post'), + dbesc(get_config('system','pubkey')) + ); + + // reset the original primary hubloc if it is being seized + + if($seize) + $r = q("update hubloc set hubloc_primary = 0 where hubloc_primary = 1 and hubloc_hash = '%s' and hubloc_url != '%s' ", + dbesc($channel['channel_hash']), + dbesc(z_root()) + ); + + // import xchans and contact photos + + if($seize) { + + // replace any existing xchan we may have on this site if we're seizing control + + $r = q("delete from xchan where xchan_hash = '%s'", + dbesc($channel['channel_hash']) + ); + + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date, xchan_hidden, xchan_orphan, xchan_censored, xchan_selfcensored, xchan_system, xchan_pubforum, xchan_deleted ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, %d, %d )", + dbesc($channel['channel_hash']), + dbesc($channel['channel_guid']), + dbesc($channel['channel_guid_sig']), + dbesc($channel['channel_pubkey']), + dbesc($a->get_baseurl() . "/photo/profile/l/" . $channel['channel_id']), + dbesc($a->get_baseurl() . "/photo/profile/m/" . $channel['channel_id']), + dbesc($a->get_baseurl() . "/photo/profile/s/" . $channel['channel_id']), + dbesc($channel['channel_address'] . '@' . get_app()->get_hostname()), + dbesc(z_root() . '/channel/' . $channel['channel_address']), + dbesc(z_root() . '/follow?f=&url=%s'), + dbesc(z_root() . '/poco/' . $channel['channel_address']), + dbesc($channel['channel_name']), + dbesc('zot'), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + 0,0,0,0,0,0,0 + ); + } + + $xchans = $data['xchan']; + if($xchans) { + foreach($xchans as $xchan) { + if(! array_key_exists('xchan_hidden',$xchan)) { + $xchan['xchan_hidden'] = (($xchan['xchan_flags'] & 0x0001) ? 1 : 0); + $xchan['xchan_orphan'] = (($xchan['xchan_flags'] & 0x0002) ? 1 : 0); + $xchan['xchan_censored'] = (($xchan['xchan_flags'] & 0x0004) ? 1 : 0); + $xchan['xchan_selfcensored'] = (($xchan['xchan_flags'] & 0x0008) ? 1 : 0); + $xchan['xchan_system'] = (($xchan['xchan_flags'] & 0x0010) ? 1 : 0); + $xchan['xchan_pubforum'] = (($xchan['xchan_flags'] & 0x0020) ? 1 : 0); + $xchan['xchan_deleted'] = (($xchan['xchan_flags'] & 0x1000) ? 1 : 0); + } + + $r = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1", + dbesc($xchan['xchan_hash']) + ); + if($r) + continue; + + dbesc_array($xchan); + + $r = dbq("INSERT INTO xchan (`" + . implode("`, `", array_keys($xchan)) + . "`) VALUES ('" + . implode("', '", array_values($xchan)) + . "')" ); + + + require_once('include/photo/photo_driver.php'); + $photos = import_profile_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']); + if($photos[4]) + $photodate = NULL_DATE; + else + $photodate = $xchan['xchan_photo_date']; + + $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' + where xchan_hash = '%s'", + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc($photos[3]), + dbesc($photodate), + dbesc($xchan['xchan_hash']) + ); + + } + } + +// FIXME - ensure we have an xchan if somebody is trying to pull a fast one + + + $friends = 0; + $feeds = 0; + + // import contacts + $abooks = $data['abook']; + if($abooks) { + foreach($abooks as $abook) { + if($max_friends !== false && $friends > $max_friends) + continue; + if($max_feeds !== false && intval($abook['abook_feed']) && ($feeds > $max_feeds)) + continue; + + unset($abook['abook_id']); + $abook['abook_account'] = get_account_id(); + $abook['abook_channel'] = $channel['channel_id']; + if(! array_key_exists('abook_blocked',$abook)) { + $abook['abook_blocked'] = (($abook['abook_flags'] & 0x0001 ) ? 1 : 0); + $abook['abook_ignored'] = (($abook['abook_flags'] & 0x0002 ) ? 1 : 0); + $abook['abook_hidden'] = (($abook['abook_flags'] & 0x0004 ) ? 1 : 0); + $abook['abook_archived'] = (($abook['abook_flags'] & 0x0008 ) ? 1 : 0); + $abook['abook_pending'] = (($abook['abook_flags'] & 0x0010 ) ? 1 : 0); + $abook['abook_unconnected'] = (($abook['abook_flags'] & 0x0020 ) ? 1 : 0); + $abook['abook_self'] = (($abook['abook_flags'] & 0x0080 ) ? 1 : 0); + $abook['abook_feed'] = (($abook['abook_flags'] & 0x0100 ) ? 1 : 0); + } + + if($abook['abook_self']) { + $role = get_pconfig($channel['channel_id'],'system','permissions_role'); + if(($role === 'forum') || ($abook['abook_my_perms'] & PERMS_W_TAGWALL)) { + q("update xchan set xchan_pubforum = 1 where xchan_hash = '%s' ", + dbesc($abook['abook_xchan']) + ); + } + } + + dbesc_array($abook); + $r = dbq("INSERT INTO abook (`" + . implode("`, `", array_keys($abook)) + . "`) VALUES ('" + . implode("', '", array_values($abook)) + . "')" ); + + $friends ++; + if(intval($abook['abook_feed'])) + $feeds ++; + } + } + + + + $groups = $data['group']; + if($groups) { + $saved = array(); + foreach($groups as $group) { + $saved[$group['hash']] = array('old' => $group['id']); + unset($group['id']); + $group['uid'] = $channel['channel_id']; + dbesc_array($group); + $r = dbq("INSERT INTO groups (`" + . implode("`, `", array_keys($group)) + . "`) VALUES ('" + . implode("', '", array_values($group)) + . "')" ); + } + $r = q("select * from `groups` where uid = %d", + intval($channel['channel_id']) + ); + if($r) { + foreach($r as $rr) { + $saved[$rr['hash']]['new'] = $rr['id']; + } + } + } + + $group_members = $data['group_member']; + if($groups_members) { + foreach($group_members as $group_member) { + unset($group_member['id']); + $group_member['uid'] = $channel['channel_id']; + foreach($saved as $x) { + if($x['old'] == $group_member['gid']) + $group_member['gid'] = $x['new']; + } + dbesc_array($group_member); + $r = dbq("INSERT INTO group_member (`" + . implode("`, `", array_keys($group_member)) + . "`) VALUES ('" + . implode("', '", array_values($group_member)) + . "')" ); + } + } + + $saved_notification_flags = notifications_off($channel['channel_id']); + + if($import_posts && array_key_exists('item',$data) && $data['item']) { + + foreach($data['item'] as $i) { + $item = get_item_elements($i); + + $r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", + dbesc($item['mid']), + intval($channel['channel_id']) + ); + if($r) { + if($item['edited'] > $r[0]['edited']) { + $item['id'] = $r[0]['id']; + $item['uid'] = $channel['channel_id']; + item_store_update($item); + continue; + } + } + else { + $item['aid'] = $channel['channel_account_id']; + $item['uid'] = $channel['channel_id']; + $item_result = item_store($item); + } + + } + + } + + notifications_on($channel['channel_id'],$saved_notification_flags); + + if(array_key_exists('item_id',$data) && $data['item_id']) { + foreach($data['item_id'] as $i) { + $r = q("select id from item where mid = '%s' and uid = %d limit 1", + dbesc($i['mid']), + intval($channel['channel_id']) + ); + if(! $r) + continue; + $z = q("select * from item_id where service = '%s' and sid = '%s' and iid = %d and uid = %d limit 1", + dbesc($i['service']), + dbesc($i['sid']), + intval($r[0]['id']), + intval($channel['channel_id']) + ); + if(! $z) { + q("insert into item_id (iid,uid,sid,service) values(%d,%d,'%s','%s')", + intval($r[0]['id']), + intval($channel['channel_id']), + dbesc($i['sid']), + dbesc($i['service']) + ); + } + } + } + + + +// FIXME - ensure we have a self entry if somebody is trying to pull a fast one + + // send out refresh requests + // notify old server that it may no longer be primary. + + proc_run('php','include/notifier.php','location',$channel['channel_id']); + + // This will indirectly perform a refresh_all *and* update the directory + + proc_run('php', 'include/directory.php', $channel['channel_id']); + + + notice( t('Import completed.') . EOL); + + change_channel($channel['channel_id']); + + goaway(z_root() . '/network' ); + +} + + +function import_content(&$a) { + + if(! get_account_id()) { + notice( t('You must be logged in to use this feature.')); + return ''; + } + + $o = replace_macros(get_markup_template('channel_import.tpl'),array( + '$title' => t('Import Channel'), + '$desc' => t('Use this form to import an existing channel from a different server/hub. You may retrieve the channel identity from the old server/hub via the network or provide an export file.'), + '$label_filename' => t('File to Upload'), + '$choice' => t('Or provide the old server/hub details'), + '$label_old_address' => t('Your old identity address (xyz@example.com)'), + '$label_old_email' => t('Your old login email address'), + '$label_old_pass' => t('Your old login password'), + '$common' => t('For either option, please choose whether to make this hub your new primary address, or whether your old location should continue this role. You will be able to post from either location, but only one can be marked as the primary location for files, photos, and media.'), + '$label_import_primary' => t('Make this hub my primary location'), + '$label_import_posts' => t('Import existing posts if possible (experimental - limited by available memory'), + '$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'), + '$email' => '', + '$pass' => '', + '$submit' => t('Submit') + )); + + return $o; + +} diff --git a/mod/invite.php b/mod/invite.php new file mode 100644 index 000000000..1fdfbacc6 --- /dev/null +++ b/mod/invite.php @@ -0,0 +1,146 @@ +<?php + +/** + * module: invite.php + * + * send email invitations to join social network + * + */ + +function invite_post(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + check_form_security_token_redirectOnErr('/', 'send_invite'); + + $max_invites = intval(get_config('system','max_invites')); + if(! $max_invites) + $max_invites = 50; + + $current_invites = intval(get_pconfig(local_channel(),'system','sent_invites')); + if($current_invites > $max_invites) { + notice( t('Total invitation limit exceeded.') . EOL); + return; + }; + + + $recips = ((x($_POST,'recipients')) ? explode("\n",$_POST['recipients']) : array()); + $message = ((x($_POST,'message')) ? notags(trim($_POST['message'])) : ''); + + $total = 0; + + if(get_config('system','invitation_only')) { + $invonly = true; + $x = get_pconfig(local_channel(),'system','invites_remaining'); + if((! $x) && (! is_site_admin())) + return; + } + + foreach($recips as $recip) { + + $recip = trim($recip); + if(! $recip) + continue; + + if(! valid_email($recip)) { + notice( sprintf( t('%s : Not a valid email address.'), $recip) . EOL); + continue; + } + + if($invonly && ($x || is_site_admin())) { + $code = autoname(8) . srand(1000,9999); + $nmessage = str_replace('$invite_code',$code,$message); + + $r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ", + dbesc($code), + dbesc(datetime_convert()) + ); + + if(! is_site_admin()) { + $x --; + if($x >= 0) + set_pconfig(local_channel(),'system','invites_remaining',$x); + else + return; + } + } + else + $nmessage = $message; + + $account = $a->get_account(); + + + $res = mail($recip, sprintf( t('Please join us on Red'), $a->config['sitename']), + $nmessage, + "From: " . $account['account_email'] . "\n" + . 'Content-type: text/plain; charset=UTF-8' . "\n" + . 'Content-transfer-encoding: 8bit' ); + + if($res) { + $total ++; + $current_invites ++; + set_pconfig(local_channel(),'system','sent_invites',$current_invites); + if($current_invites > $max_invites) { + notice( t('Invitation limit exceeded. Please contact your site administrator.') . EOL); + return; + } + } + else { + notice( sprintf( t('%s : Message delivery failed.'), $recip) . EOL); + } + + } + notice( sprintf( tt("%d message sent.", "%d messages sent.", $total) , $total) . EOL); + return; +} + + +function invite_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $tpl = get_markup_template('invite.tpl'); + $invonly = false; + + if(get_config('system','invitation_only')) { + $invonly = true; + $x = get_pconfig(local_channel(),'system','invites_remaining'); + if((! $x) && (! is_site_admin())) { + notice( t('You have no more invitations available') . EOL); + return ''; + } + } + + + $ob = $a->get_observer(); + if(! $ob) + return $o; + + $channel = $a->get_channel(); + + $o = replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("send_invite"), + '$invite' => t('Send invitations'), + '$addr_text' => t('Enter email addresses, one per line:'), + '$msg_text' => t('Your message:'), + '$default_message' => t('Please join my community on $Projectname.') . "\r\n" . "\r\n" + . $linktxt + . (($invonly) ? "\r\n" . "\r\n" . t('You will need to supply this invitation code: ') . $invite_code . "\r\n" . "\r\n" : '') + . t('1. Register at any $Projectname location (they are all inter-connected)') + . "\r\n" . "\r\n" . z_root() . '/register' + . "\r\n" . "\r\n" . t('2. Enter my $Projectname network address into the site searchbar.') + . "\r\n" . "\r\n" . $ob['xchan_addr'] . ' (' . t('or visit ') . z_root() . '/channel/' . $channel['channel_address'] . ')' + . "\r\n" . "\r\n" + . t('3. Click [Connect]') + . "\r\n" . "\r\n" , + '$submit' => t('Submit') + )); + + return $o; +}
\ No newline at end of file diff --git a/mod/item.php b/mod/item.php new file mode 100644 index 000000000..57a905395 --- /dev/null +++ b/mod/item.php @@ -0,0 +1,1186 @@ +<?php + +/** + * + * This is the POST destination for most all locally posted + * text stuff. This function handles status, wall-to-wall status, + * local comments, and remote coments that are posted on this site + * (as opposed to being delivered in a feed). + * Also processed here are posts and comments coming through the + * statusnet/twitter API. + * All of these become an "item" which is our basic unit of + * information. + * Posts that originate externally or do not fall into the above + * posting categories go through item_store() instead of this function. + * + */ + +require_once('include/crypto.php'); +require_once('include/enotify.php'); +require_once('include/items.php'); +require_once('include/attach.php'); + +function item_post(&$a) { + + // This will change. Figure out who the observer is and whether or not + // they have permission to post here. Else ignore the post. + + if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'commenter'))) + return; + + require_once('include/security.php'); + + $uid = local_channel(); + $channel = null; + $observer = null; + + + /** + * Is this a reply to something? + */ + + $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0); + $parent_mid = ((x($_REQUEST,'parent_mid')) ? trim($_REQUEST['parent_mid']) : ''); + + $remote_xchan = ((x($_REQUEST,'remote_xchan')) ? trim($_REQUEST['remote_xchan']) : false); + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($remote_xchan) + ); + if($r) + $remote_observer = $r[0]; + else + $remote_xchan = $remote_observer = false; + + $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); + require_once('include/identity.php'); + $sys = get_sys_channel(); + if($sys && $profile_uid && ($sys['channel_id'] == $profile_uid) && is_site_admin()) { + $uid = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + + if(x($_REQUEST,'dropitems')) { + require_once('include/items.php'); + $arr_drop = explode(',',$_REQUEST['dropitems']); + drop_items($arr_drop); + $json = array('success' => 1); + echo json_encode($json); + killme(); + } + + call_hooks('post_local_start', $_REQUEST); + +// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); + + $api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false); + + $consensus = intval($_REQUEST['consensus']); + + // 'origin' (if non-zero) indicates that this network is where the message originated, + // for the purpose of relaying comments to other conversation members. + // If using the API from a device (leaf node) you must set origin to 1 (default) or leave unset. + // If the API is used from another network with its own distribution + // and deliveries, you may wish to set origin to 0 or false and allow the other + // network to relay comments. + + // If you are unsure, it is prudent (and important) to leave it unset. + + $origin = (($api_source && array_key_exists('origin',$_REQUEST)) ? intval($_REQUEST['origin']) : 1); + + // To represent message-ids on other networks - this will create an item_id record + + $namespace = (($api_source && array_key_exists('namespace',$_REQUEST)) ? strip_tags($_REQUEST['namespace']) : ''); + $remote_id = (($api_source && array_key_exists('remote_id',$_REQUEST)) ? strip_tags($_REQUEST['remote_id']) : ''); + + $owner_hash = null; + + $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); + $created = ((x($_REQUEST,'created')) ? datetime_convert('UTC','UTC',$_REQUEST['created']) : datetime_convert()); + $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); + $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''); + $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : ''); + $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); + $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : ''); + $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); + $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : ''); + $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); + $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); + $obj_type = ((x($_REQUEST,'obj_type')) ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE); + + // allow API to bulk load a bunch of imported items with sending out a bunch of posts. + $nopush = ((x($_REQUEST,'nopush')) ? intval($_REQUEST['nopush']) : 0); + + /* + * Check service class limits + */ + if ($uid && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) { + $ret = item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false)); + if (!$ret['success']) { + notice( t($ret['message']) . EOL) ; + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + } + + if($pagetitle) { + require_once('library/urlify/URLify.php'); + $pagetitle = strtolower(URLify::transliterate($pagetitle)); + } + + + $item_flags = $item_restrict = 0; + + $route = ''; + $parent_item = null; + $parent_contact = null; + $thr_parent = ''; + $parid = 0; + $r = false; + + if($parent || $parent_mid) { + + if(! x($_REQUEST,'type')) + $_REQUEST['type'] = 'net-comment'; + + if($obj_type == ACTIVITY_OBJ_POST) + $obj_type = ACTIVITY_OBJ_COMMENT; + + if($parent) { + $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", + intval($parent) + ); + } + elseif($parent_mid && $uid) { + // This is coming from an API source, and we are logged in + $r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1", + dbesc($parent_mid), + intval($uid) + ); + } + // if this isn't the real parent of the conversation, find it + if($r !== false && count($r)) { + $parid = $r[0]['parent']; + $parent_mid = $r[0]['mid']; + if($r[0]['id'] != $r[0]['parent']) { + $r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", + intval($parid) + ); + } + } + + if(($r === false) || (! count($r))) { + notice( t('Unable to locate original post.') . EOL); + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + + // can_comment_on_post() needs info from the following xchan_query + xchan_query($r); + + $parent_item = $r[0]; + $parent = $r[0]['id']; + + // multi-level threading - preserve the info but re-parent to our single level threading + + $thr_parent = $parent_mid; + + $route = $parent_item['route']; + + } + + if(! $observer) + $observer = $a->get_observer(); + + if($parent) { + logger('mod_item: item_post parent=' . $parent); + $can_comment = false; + if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])) + $can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments'); + else + $can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item); + + if(! $can_comment) { + notice( t('Permission denied.') . EOL) ; + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + } + else { + if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_wall')) { + notice( t('Permission denied.') . EOL) ; + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + } + + + // is this an edited post? + + $orig_post = null; + + if($namespace && $remote_id) { + // It wasn't an internally generated post - see if we've got an item matching this remote service id + $i = q("select iid from item_id where service = '%s' and sid = '%s' limit 1", + dbesc($namespace), + dbesc($remote_id) + ); + if($i) + $post_id = $i[0]['iid']; + } + + if($post_id) { + $i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval($profile_uid), + intval($post_id) + ); + if(! count($i)) + killme(); + $orig_post = $i[0]; + } + + + if(! $channel) { + if($uid && $uid == $profile_uid) { + $channel = $a->get_channel(); + } + else { + // posting as yourself but not necessarily to a channel you control + $r = q("select * from channel left join account on channel_account_id = account_id where channel_id = %d LIMIT 1", + intval($profile_uid) + ); + if($r) + $channel = $r[0]; + } + } + + + if(! $channel) { + logger("mod_item: no channel."); + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + + $owner_xchan = null; + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($channel['channel_hash']) + ); + if($r && count($r)) { + $owner_xchan = $r[0]; + } + else { + logger("mod_item: no owner."); + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + + $walltowall = false; + $walltowall_comment = false; + + if($remote_xchan) + $observer = $remote_observer; + + if($observer) { + logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG); + + // wall-to-wall detection. + // For top-level posts, if the author and owner are different it's a wall-to-wall + // For comments, We need to additionally look at the parent and see if it's a wall post that originated locally. + + if($observer['xchan_name'] != $owner_xchan['xchan_name']) { + if(($parent_item) && ($parent_item['item_wall'] && $parent_item['item_origin'])) { + $walltowall_comment = true; + $walltowall = true; + } + if(! $parent) { + $walltowall = true; + } + } + } + + + $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'],true)); + if($webpage) + $public_policy = ''; + if($public_policy) + $private = 1; + + if($orig_post) { + $private = 0; + // webpages are allowed to change ACLs after the fact. Normal conversation items aren't. + if($webpage) { + $str_group_allow = perms2str($_REQUEST['group_allow']); + $str_contact_allow = perms2str($_REQUEST['contact_allow']); + $str_group_deny = perms2str($_REQUEST['group_deny']); + $str_contact_deny = perms2str($_REQUEST['contact_deny']); + } + else { + $str_group_allow = $orig_post['allow_gid']; + $str_contact_allow = $orig_post['allow_cid']; + $str_group_deny = $orig_post['deny_gid']; + $str_contact_deny = $orig_post['deny_cid']; + $public_policy = $orig_post['public_policy']; + $private = $orig_post['item_private']; + } + + if((strlen($str_group_allow)) + || strlen($str_contact_allow) + || strlen($str_group_deny) + || strlen($str_contact_deny) + || strlen($public_policy) + || $private) { + $private = 1; + } + + $location = $orig_post['location']; + $coord = $orig_post['coord']; + $verb = $orig_post['verb']; + $app = $orig_post['app']; + $title = escape_tags(trim($_REQUEST['title'])); + $body = trim($_REQUEST['body']); + $item_flags = $orig_post['item_flags']; + + $item_origin = $orig_post['item_origin']; + $item_unseen = $orig_post['item_unseen']; + $item_starred = $orig_post['item_starred']; + $item_uplink = $orig_post['item_uplink']; + $item_consensus = $orig_post['item_consensus']; + $item_wall = $orig_post['item_wall']; + $item_thread_top = $orig_post['item_thread_top']; + $item_notshown = $orig_post['item_notshown']; + $item_nsfw = $orig_post['item_nsfw']; + $item_relay = $orig_post['item_relay']; + $item_mentionsme = $orig_post['item_mentionsme']; + $item_nocomment = $orig_post['item_nocomment']; + $item_obscured = $orig_post['item_obscured']; + $item_verified = $orig_post['item_verified']; + $item_retained = $orig_post['item_retained']; + $item_rss = $orig_post['item_rss']; + $item_deleted = $orig_post['item_deleted']; + $item_type = $orig_post['item_type']; + $item_hidden = $orig_post['item_hidden']; + $item_unpublished = $orig_post['item_unpublished']; + $item_delayed = $orig_post['item_delayed']; + $item_pending_remove = $orig_post['item_pending_remove']; + $item_blocked = $orig_post['item_blocked']; + + + + $postopts = $orig_post['postopts']; + $created = $orig_post['created']; + $mid = $orig_post['mid']; + $parent_mid = $orig_post['parent_mid']; + $plink = $orig_post['plink']; + + } + else { + + // if coming from the API and no privacy settings are set, + // use the user default permissions - as they won't have + // been supplied via a form. + + if(($api_source) + && (! array_key_exists('contact_allow',$_REQUEST)) + && (! array_key_exists('group_allow',$_REQUEST)) + && (! array_key_exists('contact_deny',$_REQUEST)) + && (! array_key_exists('group_deny',$_REQUEST))) { + $str_group_allow = $channel['channel_allow_gid']; + $str_contact_allow = $channel['channel_allow_cid']; + $str_group_deny = $channel['channel_deny_gid']; + $str_contact_deny = $channel['channel_deny_cid']; + } + elseif($walltowall) { + + // use the channel owner's default permissions + + $str_group_allow = $channel['channel_allow_gid']; + $str_contact_allow = $channel['channel_allow_cid']; + $str_group_deny = $channel['channel_deny_gid']; + $str_contact_deny = $channel['channel_deny_cid']; + } + else { + + // use the posted permissions + + $str_group_allow = perms2str($_REQUEST['group_allow']); + $str_contact_allow = perms2str($_REQUEST['contact_allow']); + $str_group_deny = perms2str($_REQUEST['group_deny']); + $str_contact_deny = perms2str($_REQUEST['contact_deny']); + } + + + $location = notags(trim($_REQUEST['location'])); + $coord = notags(trim($_REQUEST['coord'])); + $verb = notags(trim($_REQUEST['verb'])); + $title = escape_tags(trim($_REQUEST['title'])); + $body = trim($_REQUEST['body']); + $body .= trim($_REQUEST['attachment']); + $postopts = ''; + + $private = ( + ( strlen($str_group_allow) + || strlen($str_contact_allow) + || strlen($str_group_deny) + || strlen($str_contact_deny) + || strlen($public_policy) + ) ? 1 : 0); + + // If this is a comment, set the permissions from the parent. + + if($parent_item) { + $private = 0; + + if(($parent_item['item_private']) + || strlen($parent_item['allow_cid']) + || strlen($parent_item['allow_gid']) + || strlen($parent_item['deny_cid']) + || strlen($parent_item['deny_gid']) + || strlen($parent_item['public_policy'])) { + $private = (($parent_item['item_private']) ? $parent_item['item_private'] : 1); + } + + $public_policy = $parent_item['public_policy']; + $str_contact_allow = $parent_item['allow_cid']; + $str_group_allow = $parent_item['allow_gid']; + $str_contact_deny = $parent_item['deny_cid']; + $str_group_deny = $parent_item['deny_gid']; + $owner_hash = $parent_item['owner_xchan']; + } + + if(! strlen($body)) { + if($preview) + killme(); + info( t('Empty post discarded.') . EOL ); + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + } + + + $expires = NULL_DATE; + + if(feature_enabled($profile_uid,'content_expire')) { + if(x($_REQUEST,'expire')) { + $expires = datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expire']); + if($expires <= datetime_convert()) + $expires = NULL_DATE; + } + } + + $mimetype = notags(trim($_REQUEST['mimetype'])); + if(! $mimetype) + $mimetype = 'text/bbcode'; + + if($preview) { + $body = z_input_filter($profile_uid,$body,$mimetype); + } + + + // Verify ability to use html or php!!! + + $execflag = false; + + if($mimetype === 'application/x-php') { + $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + intval($profile_uid) + ); + if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { + if($uid && (get_account_id() == $z[0]['account_id'])) { + $execflag = true; + } + else { + notice( t('Executable content type not permitted to this channel.') . EOL); + if(x($_REQUEST,'return')) + goaway($a->get_baseurl() . "/" . $return_path ); + killme(); + } + } + } + + + if($mimetype === 'text/bbcode') { + + require_once('include/text.php'); + if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) { + require_once('include/bb2diaspora.php'); + $body = escape_tags($body); + $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body); + $body = diaspora2bb($body,true); + $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body); + } + + // BBCODE alert: the following functions assume bbcode input + // and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) + // we may need virtual or template classes to implement the possible alternatives + + // Work around doubled linefeeds in Tinymce 3.5b2 + // First figure out if it's a status post that would've been + // created using tinymce. Otherwise leave it alone. + + $plaintext = true; + +// $plaintext = ((feature_enabled($profile_uid,'richtext')) ? false : true); +// if((! $parent) && (! $api_source) && (! $plaintext)) { +// $body = fix_mce_lf($body); +// } + + + + // If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it, if our pconfig is set. + + + if((! $parent) && (get_pconfig($profile_uid,'system','tagifonlyrecip')) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) { + $x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)), + intval($profile_uid) + ); + if($x && ($x[0]['abook_their_perms'] & PERMS_W_TAGWALL)) + $body .= "\n\n@group+" . $x[0]['abook_id'] . "\n"; + } + + /** + * fix naked links by passing through a callback to see if this is a red site + * (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both. + * First protect any url inside certain bbcode tags so we don't double link it. + */ + + + $body = preg_replace_callback('/\[code(.*?)\[\/(code)\]/ism','red_escape_codeblock',$body); + $body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','red_escape_codeblock',$body); + $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','red_escape_codeblock',$body); + + $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'red_zrl_callback', $body); + + $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','red_unescape_codeblock',$body); + $body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','red_unescape_codeblock',$body); + $body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','red_unescape_codeblock',$body); + + + // fix any img tags that should be zmg + + $body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','red_zrlify_img_callback',$body); + + + + + + $body = bb_translate_video($body); + + /** + * Fold multi-line [code] sequences + */ + + $body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body); + + $body = scale_external_images($body,false); + + + // Look for tags and linkify them + $results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid); + + if($results) { + + // Set permissions based on tag replacements + set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private); + + $post_tags = array(); + foreach($results as $result) { + $success = $result['success']; + if($success['replaced']) { + $post_tags[] = array( + 'uid' => $profile_uid, + 'type' => $success['termtype'], + 'otype' => TERM_OBJ_POST, + 'term' => $success['term'], + 'url' => $success['url'] + ); + } + } + } + + + /** + * + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded photos and attachments that are in the + * post and set them to the same permissions as the post itself. + * + * If the post was end-to-end encrypted we can't find images and attachments in the body, + * use our media_str input instead which only contains these elements - but only do this + * when encrypted content exists because the photo/attachment may have been removed from + * the post and we should keep it private. If it's encrypted we have no way of knowing + * so we'll set the permissions regardless and realise that the media may not be + * referenced in the post. + * + * What is preventing us from being able to upload photos into comments is dealing with + * the photo and attachment permissions, since we don't always know who was in the + * distribution for the top level post. + * + * We might be able to provide this functionality with a lot of fiddling: + * - if the top level post is public (make the photo public) + * - if the top level post was written by us or a wall post that belongs to us (match the top level post) + * - if the top level post has privacy mentions, add those to the permissions. + * - otherwise disallow the photo *or* make the photo public. This is the part that gets messy. + */ + + if(! $preview) { + fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); + + fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); + + } + + + $attachments = ''; + $match = false; + + if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { + $attachments = array(); + foreach($match[2] as $mtch) { + $attach_link = ''; + $hash = substr($mtch,0,strpos($mtch,',')); + $rev = intval(substr($mtch,strpos($mtch,','))); + $r = attach_by_hash_nodata($hash,$rev); + if($r['success']) { + $attachments[] = array( + 'href' => $a->get_baseurl() . '/attach/' . $r['data']['hash'], + 'length' => $r['data']['filesize'], + 'type' => $r['data']['filetype'], + 'title' => urlencode($r['data']['filename']), + 'revision' => $r['data']['revision'] + ); + } + $ext = substr($r['data']['filename'],strrpos($r['data']['filename'],'.')); + if(strpos($r['data']['filetype'],'audio/') !== false) + $attach_link = '[audio]' . z_root() . '/attach/' . $r['data']['hash'] . '/' . $r['data']['revision'] . (($ext) ? $ext : '') . '[/audio]'; + elseif(strpos($r['data']['filetype'],'video/') !== false) + $attach_link = '[video]' . z_root() . '/attach/' . $r['data']['hash'] . '/' . $r['data']['revision'] . (($ext) ? $ext : '') . '[/video]'; + $body = str_replace($match[1],$attach_link,$body); + } + } + + } + +// BBCODE end alert + + if(strlen($categories)) { + $cats = explode(',',$categories); + foreach($cats as $cat) { + $post_tags[] = array( + 'uid' => $profile_uid, + 'type' => TERM_CATEGORY, + 'otype' => TERM_OBJ_POST, + 'term' => trim($cat), + 'url' => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)) + ); + } + } + + + $item_unseen = ((local_channel() != $profile_uid) ? 1 : 0); + $item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0); + $item_origin = (($origin) ? 1 : 0); + + + // determine if this is a wall post + + if($parent) { + $item_wall = $parent_item['item_wall']; + } + else { + if(! $webpage) { + $item_wall = 1; + } + } + + + if($moderated) + $item_blocked = ITEM_MODERATED; + + + if(! strlen($verb)) + $verb = ACTIVITY_POST ; + + $notify_type = (($parent) ? 'comment-new' : 'wall-new' ); + + if(! $mid) { + $mid = (($message_id) ? $message_id : item_message_id()); + } + if(! $parent_mid) { + $parent_mid = $mid; + } + + if($parent_item) + $parent_mid = $parent_item['mid']; + + // Fallback so that we alway have a thr_parent + + if(!$thr_parent) + $thr_parent = $mid; + + $datarray = array(); + + $item_thead_top = ((! $parent) ? 1 : 0); + + + if ((! $plink) && ($item_thread_top)) { + $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid; + } + + $datarray['aid'] = $channel['channel_account_id']; + $datarray['uid'] = $profile_uid; + + $datarray['owner_xchan'] = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']); + $datarray['author_xchan'] = $observer['xchan_hash']; + $datarray['created'] = $created; + $datarray['edited'] = (($orig_post) ? datetime_convert() : $created); + $datarray['expires'] = $expires; + $datarray['commented'] = (($orig_post) ? datetime_convert() : $created); + $datarray['received'] = (($orig_post) ? datetime_convert() : $created); + $datarray['changed'] = (($orig_post) ? datetime_convert() : $created); + $datarray['mid'] = $mid; + $datarray['parent_mid'] = $parent_mid; + $datarray['mimetype'] = $mimetype; + $datarray['title'] = $title; + $datarray['body'] = $body; + $datarray['app'] = $app; + $datarray['location'] = $location; + $datarray['coord'] = $coord; + $datarray['verb'] = $verb; + $datarray['obj_type'] = $obj_type; + $datarray['allow_cid'] = $str_contact_allow; + $datarray['allow_gid'] = $str_group_allow; + $datarray['deny_cid'] = $str_contact_deny; + $datarray['deny_gid'] = $str_group_deny; + $datarray['item_private'] = $private; + $datarray['item_wall'] = $item_wall; + $datarray['attach'] = $attachments; + $datarray['thr_parent'] = $thr_parent; + $datarray['postopts'] = $postopts; + $datarray['item_unseen'] = $item_unseen; + $datarray['item_wall'] = $item_wall; + $datarray['item_origin'] = $item_origin; + $datarray['item_type'] = $webpage; + $datarray['item_thread_top'] = $item_thread_top; + $datarray['item_unseen'] = $item_unseen; + $datarray['item_starred'] = $item_starred; + $datarray['item_uplink'] = $item_uplink; + $datarray['item_consensus'] = $item_consensus; + $datarray['item_notshown'] = $item_notshown; + $datarray['item_nsfw'] = $item_nsfw; + $datarray['item_relay'] = $item_relay; + $datarray['item_mentionsme'] = $item_mentionsme; + $datarray['item_nocomment'] = $item_nocomment; + $datarray['item_obscured'] = $item_obscured; + $datarray['item_verified'] = $item_verified; + $datarray['item_retained'] = $item_retained; + $datarray['item_rss'] = $item_rss; + $datarray['item_deleted'] = $item_deleted; + $datarray['item_hidden'] = $item_hidden; + $datarray['item_unpublished'] = $item_unpublished; + $datarray['item_delayed'] = $item_delayed; + $datarray['item_pending_remove'] = $item_pending_remove; + $datarray['item_blocked'] = $item_blocked; + + $datarray['layout_mid'] = $layout_mid; + $datarray['public_policy'] = $public_policy; + $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); + $datarray['term'] = $post_tags; + $datarray['plink'] = $plink; + $datarray['route'] = $route; + + // preview mode - prepare the body for display and send it via json + + if($preview) { + require_once('include/conversation.php'); + + $datarray['owner'] = $owner_xchan; + $datarray['author'] = $observer; + $datarray['attach'] = json_encode($datarray['attach']); + $o = conversation($a,array($datarray),'search',false,'preview'); +// logger('preview: ' . $o, LOGGER_DEBUG); + echo json_encode(array('preview' => $o)); + killme(); + } + if($orig_post) + $datarray['edit'] = true; + + call_hooks('post_local',$datarray); + + if(x($datarray,'cancel')) { + logger('mod_item: post cancelled by plugin.'); + if($return_path) { + goaway($a->get_baseurl() . "/" . $return_path); + } + + $json = array('cancel' => 1); + if(x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload'])) + $json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload']; + + echo json_encode($json); + killme(); + } + + + if(mb_strlen($datarray['title']) > 255) + $datarray['title'] = mb_substr($datarray['title'],0,255); + + if(array_key_exists('item_private',$datarray) && $datarray['item_private']) { + + $datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype'])); + + if($uid) { + if($channel['channel_hash'] === $datarray['author_xchan']) { + $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey'])); + $datarray['item_verified'] = 1; + } + } + } + + if($orig_post) { + $datarray['id'] = $post_id; + + item_store_update($datarray,$execflag); + + update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid); + + if(! $nopush) + proc_run('php', "include/notifier.php", 'edit_post', $post_id); + + if((x($_REQUEST,'return')) && strlen($return_path)) { + logger('return: ' . $return_path); + goaway($a->get_baseurl() . "/" . $return_path ); + } + killme(); + } + else + $post_id = 0; + + $post = item_store($datarray,$execflag); + + $post_id = $post['item_id']; + + if($post_id) { + logger('mod_item: saved item ' . $post_id); + + if($parent) { + + // only send comment notification if this is a wall-to-wall comment, + // otherwise it will happen during delivery + + if(($datarray['owner_xchan'] != $datarray['author_xchan']) && (intval($parent_item['item_wall']))) { + notification(array( + 'type' => NOTIFY_COMMENT, + 'from_xchan' => $datarray['author_xchan'], + 'to_xchan' => $datarray['owner_xchan'], + 'item' => $datarray, + 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], + 'verb' => ACTIVITY_POST, + 'otype' => 'item', + 'parent' => $parent, + 'parent_mid' => $parent_item['mid'] + )); + + } + } + else { + $parent = $post_id; + + if($datarray['owner_xchan'] != $datarray['author_xchan']) { + notification(array( + 'type' => NOTIFY_WALL, + 'from_xchan' => $datarray['author_xchan'], + 'to_xchan' => $datarray['owner_xchan'], + 'item' => $datarray, + 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], + 'verb' => ACTIVITY_POST, + 'otype' => 'item' + )); + } + + if($uid && $uid == $profile_uid && (is_item_normal($datarray))) { + q("update channel set channel_lastpost = '%s' where channel_id = %d", + dbesc(datetime_convert()), + intval($uid) + ); + } + } + + // photo comments turn the corresponding item visible to the profile wall + // This way we don't see every picture in your new photo album posted to your wall at once. + // They will show up as people comment on them. + + if(intval($parent_item['item_hidden'])) { + $r = q("UPDATE item SET item_hidden = 0 WHERE id = %d", + intval($parent_item['id']) + ); + } + } + else { + logger('mod_item: unable to retrieve post that was just stored.'); + notice( t('System error. Post not saved.') . EOL); + goaway($a->get_baseurl() . "/" . $return_path ); + // NOTREACHED + } + + if($parent) { + // Store the comment signature information in case we need to relay to Diaspora + $ditem = $datarray; + $ditem['author'] = $observer; + store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id, (($walltowall_comment) ? 1 : 0)); + } + + update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid); + + $datarray['id'] = $post_id; + $datarray['llink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id; + + call_hooks('post_local_end', $datarray); + + if(! $nopush) + proc_run('php', 'include/notifier.php', $notify_type, $post_id); + + logger('post_complete'); + + // figure out how to return, depending on from whence we came + + if($api_source) + return $post; + + if($return_path) { + goaway($a->get_baseurl() . "/" . $return_path); + } + + $json = array('success' => 1); + if(x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload'])) + $json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload']; + + logger('post_json: ' . print_r($json,true), LOGGER_DEBUG); + + echo json_encode($json); + killme(); + // NOTREACHED +} + + + + + +function item_content(&$a) { + + if((! local_channel()) && (! remote_channel())) + return; + + require_once('include/security.php'); + + if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) { + + require_once('include/items.php'); + $i = q("select id, uid, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1", + intval(argv(2)) + ); + + if($i) { + $can_delete = false; + $local_delete = false; + if(local_channel() && local_channel() == $i[0]['uid']) + $local_delete = true; + + $sys = get_sys_channel(); + if(is_site_admin() && $sys['channel_id'] == $i[0]['uid']) + $can_delete = true; + + $ob_hash = get_observer_hash(); + if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) + $can_delete = true; + + if(! ($can_delete || $local_delete)) { + notice( t('Permission denied.') . EOL); + return; + } + + // if this is a different page type or it's just a local delete + // but not by the item author or owner, do a simple deletion + + if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) { + drop_item($i[0]['id']); + } + else { + // complex deletion that needs to propagate and be performed in phases + drop_item($i[0]['id'],true,DROPITEM_PHASE1); + tag_deliver($i[0]['uid'],$i[0]['id']); + } + } + } +} + + +function fix_attached_photo_permissions($uid,$xchan_hash,$body, + $str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) { + + if(get_pconfig($uid,'system','force_public_uploads')) { + $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = ''; + } + + $match = null; + // match img and zmg image links + if(preg_match_all("/\[[zi]mg(.*?)\](.*?)\[\/[zi]mg\]/",$body,$match)) { + $images = $match[2]; + if($images) { + foreach($images as $image) { + if(! stristr($image,get_app()->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + if(strpos($image_uri,'-') !== false) + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + if(strpos($image_uri,'.') !== false) + $image_uri = substr($image_uri,0, strpos($image_uri,'.')); + if(! strlen($image_uri)) + continue; + $srch = '<' . $xchan_hash . '>'; + + $r = q("SELECT id FROM photo + WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' + AND resource_id = '%s' AND uid = %d LIMIT 1", + dbesc($srch), + dbesc($image_uri), + intval($uid) + ); + + if($r) { + $r = q("UPDATE photo SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' + WHERE resource_id = '%s' AND uid = %d ", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + dbesc($image_uri), + intval($uid) + ); + + // also update the linked item (which is probably invisible) + + $r = q("select id from item + WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' + AND resource_id = '%s' and resource_type = 'photo' AND uid = %d LIMIT 1", + dbesc($srch), + dbesc($image_uri), + intval($uid) + ); + if($r) { + $private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false); + + $r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d + WHERE id = %d AND uid = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($private), + intval($r[0]['id']), + intval($uid) + ); + } + $r = q("select id from attach where hash = '%s' and uid = %d limit 1", + dbesc($image_uri), + intval($uid) + ); + if($r) { + q("update attach SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' + WHERE id = %d AND uid = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($r[0]['id']), + intval($uid) + ); + } + } + } + } + } +} + + +function fix_attached_file_permissions($channel,$observer_hash,$body, + $str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) { + + if(get_pconfig($channel['channel_id'],'system','force_public_uploads')) { + $str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = ''; + } + + $match = false; + + if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) { + $attaches = $match[1]; + if($attaches) { + foreach($attaches as $attach) { + $hash = substr($attach,0,strpos($attach,',')); + $rev = intval(substr($attach,strpos($attach,','))); + attach_store($channel,$observer_hash,$options = 'update', array( + 'hash' => $hash, + 'revision' => $rev, + 'allow_cid' => $str_contact_allow, + 'allow_gid' => $str_group_allow, + 'deny_cid' => $str_contact_deny, + 'deny_gid' => $str_group_deny + )); + } + } + } +} + +function item_check_service_class($channel_id,$iswebpage) { + $ret = array('success' => false, 'message' => ''); + + if ($iswebpage) { + $r = q("select count(i.id) as total from item i + right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) + and i.parent=i.id and i.item_type = %d and i.item_deleted = 0 and i.uid= %d ", + intval(ITEM_TYPE_WEBPAGE), + intval($channel_id) + ); + } + else { + $r = q("select count(id) as total from item where parent = id and item_wall = 1 and uid = %d " . item_normal(), + intval($channel_id) + ); + } + + if(! $r) { + $ret['message'] = t('Unable to obtain post information from database.'); + return $ret; + } + + if (!$iswebpage) { + $max = service_class_fetch($channel_id,'total_items'); + if(! service_class_allows($channel_id,'total_items',$r[0]['total'])) { + $result['message'] .= upgrade_message() . sprintf( t('You have reached your limit of %1$.0f top level posts.'),$max); + return $result; + } + } + else { + $max = service_class_fetch($channel_id,'total_pages'); + if(! service_class_allows($channel_id,'total_pages',$r[0]['total'])) { + $result['message'] .= upgrade_message() . sprintf( t('You have reached your limit of %1$.0f webpages.'),$max); + return $result; + } + } + + $ret['success'] = true; + return $ret; +} + diff --git a/mod/lang.php b/mod/lang.php new file mode 100644 index 000000000..fba5f9c73 --- /dev/null +++ b/mod/lang.php @@ -0,0 +1,6 @@ +<?php + +function lang_content(&$a) { + return lang_selector(); +} + diff --git a/mod/layouts.php b/mod/layouts.php new file mode 100644 index 000000000..fd77cfc37 --- /dev/null +++ b/mod/layouts.php @@ -0,0 +1,192 @@ +<?php + +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + +function layouts_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} + + +function layouts_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $which = argv(1); + + $_SESSION['return_url'] = $a->query_string; + + $uid = local_channel(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + // Block design features from visitors + + if((! $uid) || ($uid != $owner)) { + notice( t('Permission denied.') . EOL); + return; + } + + // Get the observer, check their permissions + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + //This feature is not exposed in redbasic ui since it is not clear why one would want to + //download a json encoded pdl file - we dont have a possibility to import it. + //Use the buildin share/install feature instead. + if((argc() > 3) && (argv(2) === 'share') && (argv(3))) { + $r = q("select sid, service, mimetype, title, body from item_id + left join item on item.id = item_id.iid + where item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", + intval($owner), + dbesc(argv(3)) + ); + if($r) { + header('Content-type: application/x-hubzilla-layout'); + header('Content-disposition: attachment; filename="' . $r[0]['sid'] . '.pdl"'); + echo json_encode($r); + killme(); + } + } + + // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages + // Nickname is set to the observers xchan, and profile_uid to the owners. + // This lets you post pages at other people's channels. + + $x = array( + 'webpage' => ITEM_TYPE_PDL, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'bang' => '', + 'showacl' => false, + 'visitor' => false, + 'nopreview' => 1, + 'ptlabel' => t('Layout Name'), + 'profile_uid' => intval($owner), + 'expanded' => true, + 'placeholdertitle' => t('Layout Description (Optional)'), + 'novoting' => true + ); + + if($_REQUEST['title']) + $x['title'] = $_REQUEST['title']; + if($_REQUEST['body']) + $x['body'] = $_REQUEST['body']; + if($_REQUEST['pagetitle']) + $x['pagetitle'] = $_REQUEST['pagetitle']; + + $editor = status_editor($a,$x); + + $r = q("select iid, sid, mid, title, body, mimetype, created, edited, item_type from item_id left join item on item_id.iid = item.id + where item_id.uid = %d and service = 'PDL' and item_type = %d order by item.created desc", + intval($owner), + intval(ITEM_TYPE_PDL) + ); + + $pages = null; + + if($r) { + $pages = array(); + foreach($r as $rr) { + $element_arr = array( + 'type' => 'layout', + 'title' => $rr['title'], + 'body' => $rr['body'], + 'created' => $rr['created'], + 'edited' => $rr['edited'], + 'mimetype' => $rr['mimetype'], + 'pagetitle' => $rr['sid'], + 'mid' => $rr['mid'] + ); + $pages[$rr['iid']][] = array( + 'url' => $rr['iid'], + 'title' => $rr['sid'], + 'descr' => $rr['title'], + 'mid' => $rr['mid'], + 'created' => $rr['created'], + 'edited' => $rr['edited'], + 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]' + ); + } + } + + //Build the base URL for edit links + $url = z_root() . '/editlayout/' . $which; + + $o .= replace_macros(get_markup_template('layoutlist.tpl'), array( + '$title' => t('Layouts'), + '$create' => t('Create'), + '$help' => array('text' => t('Help'), 'url' => 'help/comanche', 'title' => t('Comanche page description language help')), + '$editor' => $editor, + '$baseurl' => $url, + '$name' => t('Layout Name'), + '$descr' => t('Layout Description'), + '$created' => t('Created'), + '$edited' => t('Edited'), + '$edit' => t('Edit'), + '$share' => t('Share'), + '$download' => t('Download PDL file'), + '$pages' => $pages, + '$channel' => $which, + '$view' => t('View'), + )); + + return $o; +} diff --git a/mod/like.php b/mod/like.php new file mode 100755 index 000000000..ffd302efa --- /dev/null +++ b/mod/like.php @@ -0,0 +1,507 @@ +<?php + +require_once('include/security.php'); +require_once('include/bbcode.php'); +require_once('include/items.php'); + + +function like_content(&$a) { + + $o = ''; + + $observer = $a->get_observer(); + $interactive = $_REQUEST['interactive']; + if($interactive) { + $o .= '<h1>' . t('Like/Dislike') . '</h1>'; + $o .= EOL . EOL; + + if(! $observer) { + $_SESSION['return_url'] = $a->query_string; + $o .= t('This action is restricted to members.') . EOL; + $o .= t('Please <a href="rmagic">login with your $Projectname ID</a> or <a href="register">register as a new $Projectname member</a> to continue.') . EOL; + return $o; + } + } + + $verb = notags(trim($_GET['verb'])); + + if(! $verb) + $verb = 'like'; + + switch($verb) { + case 'like': + case 'unlike': + $activity = ACTIVITY_LIKE; + break; + case 'dislike': + case 'undislike': + $activity = ACTIVITY_DISLIKE; + break; + case 'agree': + case 'unagree': + $activity = ACTIVITY_AGREE; + break; + case 'disagree': + case 'undisagree': + $activity = ACTIVITY_DISAGREE; + break; + case 'abstain': + case 'unabstain': + $activity = ACTIVITY_ABSTAIN; + break; + case 'attendyes': + case 'unattendyes': + $activity = ACTIVITY_ATTEND; + break; + case 'attendno': + case 'unattendno': + $activity = ACTIVITY_ATTENDNO; + break; + case 'attendmaybe': + case 'unattendmaybe': + $activity = ACTIVITY_ATTENDMAYBE; + break; + default: + return; + break; + } + + $extended_like = false; + $object = $target = null; + $post_type = ''; + $objtype = ''; + + if(argc() == 3) { + + if(! $observer) + killme(); + + $extended_like = true; + $obj_type = argv(1); + $obj_id = argv(2); + $public = true; + + if($obj_type == 'profile') { + $r = q("select * from profile where profile_guid = '%s' limit 1", + dbesc(argv(2)) + ); + if(! $r) + killme(); + $owner_uid = $r[0]['uid']; + if($r[0]['is_default']) + $public = true; + if(! $public) { + $d = q("select abook_xchan from abook where abook_profile = '%s' and abook_channel = %d", + dbesc($r[0]['profile_guid']), + intval($owner_uid) + ); + if(! $d) { + // forgery - illegal + if($interactive) { + notice( t('Invalid request.') . EOL); + return $o; + } + killme(); + } + // $d now contains a list of those who can see this profile - only send the status notification + // to them. + $allow_cid = $allow_gid = $deny_cid = $deny_gid = ''; + foreach($d as $dd) { + $allow_gid .= '<' . $dd['abook_xchan'] . '>'; + } + } + $post_type = t('channel'); + $objtype = ACTIVITY_OBJ_PROFILE; + + + } + elseif($obj_type == 'thing') { + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' + and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc(argv(2)) + ); + + if(! $r) { + if($interactive) { + notice( t('Invalid request.') . EOL); + return $o; + } + killme(); + } + + $owner_uid = $r[0]['obj_channel']; + + $allow_cid = $r[0]['allow_cid']; + $allow_gid = $r[0]['allow_gid']; + $deny_cid = $r[0]['deny_cid']; + $deny_gid = $r[0]['deny_gid']; + if($allow_cid || $allow_gid || $deny_cid || $deny_gid) + $public = false; + + $post_type = t('thing'); + $objtype = ACTIVITY_OBJ_PROFILE; + $tgttype = ACTIVITY_OBJ_THING; + + $links = array(); + $links[] = array('rel' => 'alternate', 'type' => 'text/html', + 'href' => z_root() . '/thing/' . $r[0]['term_hash']); + if($r[0]['imgurl']) + $links[] = array('rel' => 'photo', 'href' => $r[0]['imgurl']); + + $target = json_encode(array( + 'type' => $tgttype, + 'title' => $r[0]['term'], + 'id' => z_root() . '/thing/' . $r[0]['term_hash'], + 'link' => $links + )); + + $plink = '[zrl=' . z_root() . '/thing/' . $r[0]['term_hash'] . ']' . $r[0]['term'] . '[/zrl]'; + + } + + if(! ($owner_uid && $r)) { + if($interactive) { + notice( t('Invalid request.') . EOL); + return $o; + } + killme(); + } + + // The resultant activity is going to be a wall-to-wall post, so make sure this is allowed + + $perms = get_all_perms($owner_uid,$observer['xchan_hash']); + + if(! ($perms['post_like'] && $perms['view_profile'])) { + if($interactive) { + notice( t('Permission denied.') . EOL); + return $o; + } + killme(); + } + + $ch = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d limit 1", + intval($owner_uid) + ); + if(! $ch) { + if($interactive) { + notice( t('Channel unavailable.') . EOL); + return $o; + } + killme(); + } + + if(! $plink) + $plink = '[zrl=' . z_root() . '/profile/' . $ch[0]['channel_address'] . ']' . $post_type . '[/zrl]'; + + $links = array(); + $links[] = array('rel' => 'alternate', 'type' => 'text/html', + 'href' => z_root() . '/profile/' . $ch[0]['channel_address']); + $links[] = array('rel' => 'photo', 'type' => $ch[0]['xchan_photo_mimetype'], + 'href' => $ch[0]['xchan_photo_l']); + + $object = json_encode(array( + 'type' => ACTIVITY_OBJ_PROFILE, + 'title' => $ch[0]['channel_name'], + 'id' => $ch[0]['xchan_url'] . '/' . $ch[0]['xchan_hash'], + 'link' => $links + )); + + + // second like of the same thing is "undo" for the first like + + $z = q("select * from likes where channel_id = %d and liker = '%s' and verb = '%s' and target_type = '%s' and target_id = '%s' limit 1", + intval($ch[0]['channel_id']), + dbesc($observer['xchan_hash']), + dbesc($activity), + dbesc(($tgttype)?$tgttype:$objtype), + dbesc($obj_id) + ); + + if($z) { + q("delete from likes where id = %d limit 1", + intval($z[0]['id']) + ); + drop_item($z[0]['iid'],false); + if($interactive) { + notice( t('Previous action reversed.') . EOL); + return $o; + } + killme(); + } + } + else { + + // this is used to like an item or comment + + $item_id = ((argc() == 2) ? notags(trim(argv(1))) : 0); + + logger('like: verb ' . $verb . ' item ' . $item_id, LOGGER_DEBUG); + + // get the item. Allow linked photos (which are normally hidden) to be liked + + $r = q("SELECT * FROM item WHERE id = %d + and item_blocked = 0 and item_moderated = 0 and item_spam = 0 + and item_deleted = 0 and item_unpublished = 0 and item_delayed_publish = 0 LIMIT 1", + intval($item_id) + ); + + if(! $item_id || (! $r)) { + logger('like: no item ' . $item_id); + killme(); + } + + + $item = $r[0]; + $owner_uid = $item['uid']; + $owner_aid = $item['aid']; + + + $sys = get_sys_channel(); + + + // if this is a "discover" item, (item['uid'] is the sys channel), + // fallback to the item comment policy, which should've been + // respected when generating the conversation thread. + // Even if the activity is rejected by the item owner, it should still get attached + // to the local discover conversation on this site. + + if(($owner_uid != $sys['channel_id']) && (! perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_comments'))) { + notice( t('Permission denied') . EOL); + killme(); + } + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['owner_xchan']) + ); + if($r) + $thread_owner = $r[0]; + else + killme(); + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['author_xchan']) + ); + if($r) + $item_author = $r[0]; + else + killme(); + + + $verbs = " '".dbesc($activity)."' "; + $multi_undo = 0; + + // event participation and consensus items are essentially radio toggles. If you make a subsequent choice, + // we need to eradicate your first choice. + + if($activity === ACTIVITY_ATTEND || $activity === ACTIVITY_ATTENDNO || $activity === ACTIVITY_ATTENDMAYBE) { + $verbs = " '" . dbesc(ACTIVITY_ATTEND) . "','" . dbesc(ACTIVITY_ATTENDNO) . "','" . dbesc(ACTIVITY_ATTENDMAYBE) . "' "; + $multi_undo = 1; + } + if($activity === ACTIVITY_AGREE || $activity === ACTIVITY_DISAGREE || $activity === ACTIVITY_ABSTAIN) { + $verbs = " '" . dbesc(ACTIVITY_AGREE) . "','" . dbesc(ACTIVITY_DISAGREE) . "','" . dbesc(ACTIVITY_ABSTAIN) . "' "; + $multi_undo = 1; + } + + $item_normal = item_normal(); + + $r = q("SELECT id, parent, uid, verb FROM item WHERE verb in ( $verbs ) $item_normal + AND author_xchan = '%s' AND ( parent = %d OR thr_parent = '%s') and uid = %d ", + dbesc($observer['xchan_hash']), + intval($item_id), + dbesc($item['mid']), + intval($owner_uid) + ); + + if($r) { + // already liked it. Drop that item. + require_once('include/items.php'); + foreach($r as $rr) { + drop_item($rr['id'],false,DROPITEM_PHASE1); + // set the changed timestamp on the parent so we'll see the update without a page reload + $z = q("update item set changed = '%s' where id = %d and uid = %d", + dbesc(datetime_convert()), + intval($rr['parent']), + intval($rr['uid']) + ); + // Prior activity was a duplicate of the one we're submitting, just undo it; + // don't fall through and create another + if(activity_match($rr['verb'],$activity)) + $multi_undo = false; + } + + if($interactive) + return; + + if(! $multi_undo) + killme(); + } + } + + $mid = item_message_id(); + + $arr = array(); + + if($extended_like) { + $arr['item_thread_top'] = 1; + $arr['item_origin'] = 1; + $arr['item_wall'] = 1; + } + else { + $post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status')); + if($item['obj_type'] === ACTIVITY_OBJ_EVENT) + $post_type = t('event'); + + $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink'])); + $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + + $body = $item['body']; + + $object = json_encode(array( + 'type' => $objtype, + 'id' => $item['mid'], + 'parent' => (($item['thr_parent']) ? $item['thr_parent'] : $item['parent_mid']), + 'link' => $links, + 'title' => $item['title'], + 'content' => $item['body'], + 'created' => $item['created'], + 'edited' => $item['edited'], + 'author' => array( + 'name' => $item_author['xchan_name'], + 'address' => $item_author['xchan_addr'], + 'guid' => $item_author['xchan_guid'], + 'guid_sig' => $item_author['xchan_guid_sig'], + 'link' => array( + array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item_author['xchan_url']), + array('rel' => 'photo', 'type' => $item_author['xchan_photo_mimetype'], 'href' => $item_author['xchan_photo_m'])), + ), + )); + + if(! intval($item['item_thread_top'])) + $post_type = 'comment'; + + $arr['item_origin'] = 1; + $arr['item_notshown'] = 1; + + if(intval($item['item_wall'])) + $arr['item_wall'] = 1; + + // if this was a linked photo and was hidden, unhide it. + + if(intval($item['item_hidden'])) { + $r = q("update item set item_hidden = 0 where id = %d", + intval($item['id']) + ); + } + + } + + if($verb === 'like') + $bodyverb = t('%1$s likes %2$s\'s %3$s'); + if($verb === 'dislike') + $bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s'); + if($verb === 'agree') + $bodyverb = t('%1$s agrees with %2$s\'s %3$s'); + if($verb === 'disagree') + $bodyverb = t('%1$s doesn\'t agree with %2$s\'s %3$s'); + if($verb === 'abstain') + $bodyverb = t('%1$s abstains from a decision on %2$s\'s %3$s'); + if($verb === 'attendyes') + $bodyverb = t('%1$s is attending %2$s\'s %3$s'); + if($verb === 'attendno') + $bodyverb = t('%1$s is not attending %2$s\'s %3$s'); + if($verb === 'attendmaybe') + $bodyverb = t('%1$s may attend %2$s\'s %3$s'); + + if(! isset($bodyverb)) + killme(); + + + + if($extended_like) { + $ulink = '[zrl=' . $ch[0]['xchan_url'] . ']' . $ch[0]['xchan_name'] . '[/zrl]'; + $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; + $private = (($public) ? 0 : 1); + } + else { + $arr['parent'] = $item['id']; + $arr['thr_parent'] = $item['mid']; + $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; + $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; + $plink = '[zrl=' . $a->get_baseurl() . '/display/' . $item['mid'] . ']' . $post_type . '[/zrl]'; + $allow_cid = $item['allow_cid']; + $allow_gid = $item['allow_gid']; + $deny_cid = $item['deny_cid']; + $deny_gid = $item['deny_gid']; + $private = $item['private']; + + } + + + $arr['mid'] = $mid; + $arr['aid'] = (($extended_like) ? $ch[0]['channel_account_id'] : $owner_aid); + $arr['uid'] = $owner_uid; + $arr['item_flags'] = $item_flags; + $arr['item_wall'] = $item_wall; + $arr['parent_mid'] = (($extended_like) ? $mid : $item['mid']); + $arr['owner_xchan'] = (($extended_like) ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash']); + $arr['author_xchan'] = $observer['xchan_hash']; + + + $arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink ); + if($obj_type === 'thing' && $r[0]['imgurl']) { + $arr['body'] .= "\n\n[zmg=80x80]" . $r[0]['imgurl'] . '[/zmg]'; + } + + + $arr['verb'] = $activity; + $arr['obj_type'] = $objtype; + $arr['object'] = $object; + + if($target) { + $arr['tgt_type'] = $tgttype; + $arr['target'] = $target; + } + + $arr['allow_cid'] = $allow_cid; + $arr['allow_gid'] = $allow_gid; + $arr['deny_cid'] = $deny_cid; + $arr['deny_gid'] = $deny_gid; + $arr['item_private'] = $private; + + + $post = item_store($arr); + $post_id = $post['item_id']; + + $arr['id'] = $post_id; + + call_hooks('post_local_end', $arr); + + + if($extended_like) { + $r = q("insert into likes (channel_id,liker,likee,iid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s')", + intval($ch[0]['channel_id']), + dbesc($observer['xchan_hash']), + dbesc($ch[0]['channel_hash']), + intval($post_id), + dbesc($activity), + dbesc(($tgttype)?$tgttype:$objtype), + dbesc($obj_id), + dbesc(json_encode(($target)?$target:$object)) + ); + }; + + + proc_run('php',"include/notifier.php","like","$post_id"); + + if($interactive) { + notice( t('Action completed.') . EOL); + $o .= t('Thank you.'); + return $o; + } + + killme(); +} + + diff --git a/mod/lockview.php b/mod/lockview.php new file mode 100644 index 000000000..84c16f658 --- /dev/null +++ b/mod/lockview.php @@ -0,0 +1,95 @@ +<?php + + +function lockview_content(&$a) { + + $type = ((argc() > 1) ? argv(1) : 0); + if (is_numeric($type)) { + $item_id = intval($type); + $type='item'; + } else { + $item_id = ((argc() > 2) ? intval(argv(2)) : 0); + } + + if(! $item_id) + killme(); + + if (!in_array($type, array('item','photo','event', 'menu_item'))) + killme(); + + //we have different naming in in menu_item table + $id = (($type == 'menu_item') ? 'mitem_id' : 'id'); + + $r = q("SELECT * FROM %s WHERE $id = %d LIMIT 1", + dbesc($type), + intval($item_id) + ); + + if(! $r) + killme(); + + $item = $r[0]; + + //we have different naming in in menu_item table + $uid = (($type == 'menu_item') ? $item['mitem_channel_id'] : $item['uid']); + + if($uid != local_channel()) { + echo '<li>' . t('Remote privacy information not available.') . '</li>'; + killme(); + } + + if(($item['item_private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) + && (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) { + + // if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any + // specific recipients, we're the recipient of a post with "bcc" or targeted recipients; so we'll just show it + // as unknown specific recipients. The sender will have the visibility list and will fall through to the + // next section. + + echo '<li>' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</li>'; + killme(); + } + + $allowed_users = expand_acl($item['allow_cid']); + $allowed_groups = expand_acl($item['allow_gid']); + $deny_users = expand_acl($item['deny_cid']); + $deny_groups = expand_acl($item['deny_gid']); + + $o = '<li>' . t('Visible to:') . '</li>'; + $l = array(); + + stringify_array_elms($allowed_groups,true); + stringify_array_elms($allowed_users,true); + stringify_array_elms($deny_groups,true); + stringify_array_elms($deny_users,true); + + if(count($allowed_groups)) { + $r = q("SELECT name FROM `groups` WHERE hash IN ( " . implode(', ', $allowed_groups) . " )"); + if($r) + foreach($r as $rr) + $l[] = '<li><b>' . $rr['name'] . '</b></li>'; + } + if(count($allowed_users)) { + $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )"); + if($r) + foreach($r as $rr) + $l[] = '<li>' . $rr['xchan_name'] . '</li>'; + } + if(count($deny_groups)) { + $r = q("SELECT name FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); + if($r) + foreach($r as $rr) + $l[] = '<li><b><strike>' . $rr['name'] . '</strike></b></li>'; + } + if(count($deny_users)) { + $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )"); + if($r) + foreach($r as $rr) + $l[] = '<li><strike>' . $rr['xchan_name'] . '</strike></li>'; + } + + echo $o . implode($l); + killme(); + + +} diff --git a/mod/locs.php b/mod/locs.php new file mode 100644 index 000000000..3f8bd9029 --- /dev/null +++ b/mod/locs.php @@ -0,0 +1,106 @@ +<?php /** @file */ + + +function locs_post(&$a) { + + if(! local_channel()) + return; + + $channel = $a->get_channel(); + + if($_REQUEST['primary']) { + $hubloc_id = intval($_REQUEST['primary']); + if($hubloc_id) { + + $r = q("select hubloc_id from hubloc where hubloc_id = %d and hubloc_hash = '%s' limit 1", + intval($hubloc_id), + dbesc($channel['channel_hash']) + ); + + if(! $r) { + notice( t('Location not found.') . EOL); + return; + } + + $r = q("update hubloc set hubloc_primary = 0 where hubloc_primary = 1 and hubloc_hash = '%s' ", + dbesc($channel['channel_hash']) + ); + $r = q("update hubloc set hubloc_primary = 1 where hubloc_id = %d and hubloc_hash = '%s'", + intval($hubloc_id), + dbesc($channel['channel_hash']) + ); + + proc_run('php','include/notifier.php','location',$channel['channel_id']); + return; + } + } + + if($_REQUEST['drop']) { + $hubloc_id = intval($_REQUEST['drop']); + + if($hubloc_id) { + $r = q("select * from hubloc where hubloc_id = %d and hubloc_url != '%s' and hubloc_hash = '%s' limit 1", + intval($hubloc_id), + dbesc(z_root()), + dbesc($channel['channel_hash']) + ); + + if(! $r) { + notice( t('Location not found.') . EOL); + return; + } + if(intval($r[0]['hubloc_primary'])) { + notice( t('Primary location cannot be removed.') . EOL); + return; + } + + $r = q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d and hubloc_hash = '%s'", + intval($hubloc_id), + dbesc($channel['channel_hash']) + ); + proc_run('php','include/notifier.php','location',$channel['channel_id']); + return; + } + } +} + + + +function locs_content(&$a) { + + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $channel = $a->get_channel(); + + $r = q("select * from hubloc where hubloc_hash = '%s'", + dbesc($channel['channel_hash']) + ); + + if(! $r) { + notice( t('No locations found.') . EOL); + return; + } + + + for($x = 0; $x < count($r); $x ++) { + $r[$x]['primary'] = (intval($r[$x]['hubloc_primary']) ? true : false); + $r[$x]['deleted'] = (intval($r[$x]['hubloc_deleted']) ? true : false); + } + + + + $o = replace_macros(get_markup_template('locmanage.tpl'), array( + '$header' => t('Manage Channel Locations'), + '$loc' => t('Location (address)'), + '$mkprm' => t('Primary Location'), + '$drop' => t('Drop location'), + '$submit' => t('Submit'), + '$hubs' => $r + )); + + return $o; +}
\ No newline at end of file diff --git a/mod/login.php b/mod/login.php new file mode 100644 index 000000000..12c7d339e --- /dev/null +++ b/mod/login.php @@ -0,0 +1,7 @@ +<?php + +function login_content(&$a) { + if(local_channel()) + goaway(z_root()); + return login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? false : true); +} diff --git a/mod/lostpass.php b/mod/lostpass.php new file mode 100644 index 000000000..3269128f1 --- /dev/null +++ b/mod/lostpass.php @@ -0,0 +1,131 @@ +<?php + + +function lostpass_post(&$a) { + + $loginame = notags(trim($_POST['login-name'])); + if(! $loginame) + goaway(z_root()); + + $r = q("SELECT * FROM account WHERE account_email = '%s' LIMIT 1", + dbesc($loginame) + ); + + if(! $r) { + notice( t('No valid account found.') . EOL); + goaway(z_root()); + } + + $aid = $r[0]['account_id']; + $email = $r[0]['account_email']; + + $hash = random_string(); + + $r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d", + dbesc($hash), + intval($aid) + ); + if($r) + info( t('Password reset request issued. Check your email.') . EOL); + + $email_tpl = get_intltext_template("lostpass_eml.tpl"); + $message = replace_macros($email_tpl, array( + '$sitename' => get_config('system','sitename'), + '$siteurl' => $a->get_baseurl(), + '$username' => sprintf( t('Site Member (%s)'), $email), + '$email' => $email, + '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $hash + )); + + $subject = email_header_encode(sprintf( t('Password reset requested at %s'),get_config('system','sitename')), 'UTF-8'); + + $res = mail($email, $subject , + $message, + 'From: Administrator@' . $_SERVER['SERVER_NAME'] . "\n" + . 'Content-type: text/plain; charset=UTF-8' . "\n" + . 'Content-transfer-encoding: 8bit' ); + + + goaway(z_root()); +} + + +function lostpass_content(&$a) { + + + if(x($_GET,'verify')) { + $verify = $_GET['verify']; + + $r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", + dbesc($verify) + ); + if(! $r) { + notice( t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL); + goaway(z_root()); + return; + } + + $aid = $r[0]['account_id']; + $email = $r[0]['account_email']; + + $new_password = autoname(6) . mt_rand(100,9999); + + $salt = random_string(32); + $password_encoded = hash('whirlpool', $salt . $new_password); + + $r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d", + dbesc($salt), + dbesc($password_encoded), + intval($aid) + ); + + if($r) { + $tpl = get_markup_template('pwdreset.tpl'); + $o .= replace_macros($tpl,array( + '$lbl1' => t('Password Reset'), + '$lbl2' => t('Your password has been reset as requested.'), + '$lbl3' => t('Your new password is'), + '$lbl4' => t('Save or copy your new password - and then'), + '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', + '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), + '$newpass' => $new_password, + '$baseurl' => $a->get_baseurl() + + )); + + info("Your password has been reset." . EOL); + + $email_tpl = get_intltext_template("passchanged_eml.tpl"); + $message = replace_macros($email_tpl, array( + '$sitename' => $a->config['sitename'], + '$siteurl' => $a->get_baseurl(), + '$username' => sprintf( t('Site Member (%s)'), $email), + '$email' => $email, + '$new_password' => $new_password, + '$uid' => $newuid )); + + $subject = email_header_encode( sprintf( t('Your password has changed at %s'), get_config('system','sitename')), 'UTF-8'); + + $res = mail($email,$subject,$message, + 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n" + . 'Content-type: text/plain; charset=UTF-8' . "\n" + . 'Content-transfer-encoding: 8bit' ); + + return $o; + } + + } + else { + $tpl = get_markup_template('lostpass.tpl'); + + $o .= replace_macros($tpl,array( + '$title' => t('Forgot your Password?'), + '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), + '$name' => t('Email Address'), + '$submit' => t('Reset') + )); + + return $o; + } + +} diff --git a/mod/magic.php b/mod/magic.php new file mode 100644 index 000000000..2fee87241 --- /dev/null +++ b/mod/magic.php @@ -0,0 +1,169 @@ +<?php + +@require_once('include/zot.php'); + +function magic_init(&$a) { + + $ret = array('success' => false, 'url' => '', 'message' => ''); + logger('mod_magic: invoked', LOGGER_DEBUG); + + logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA); + + $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); + $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); + $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); + + $parsed = parse_url($dest); + if(! $parsed) { + if($test) { + $ret['message'] .= 'could not parse ' . $dest . EOL; + return($ret); + } + goaway($dest); + } + + $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); + + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", + dbesc($basepath) + ); + + if(! $x) { + + /* + * We have no records for, or prior communications with this hub. + * If an address was supplied, let's finger them to create a hub record. + * Otherwise we'll use the special address '[system]' which will return + * either a system channel or the first available normal channel. We don't + * really care about what channel is returned - we need the hub information + * from that response so that we can create signed auth packets destined + * for that hub. + * + */ + + $ret = zot_finger((($addr) ? $addr : '[system]@' . $parsed['host']),null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + + // Now try again + + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", + dbesc($basepath) + ); + } + } + + if(! $x) { + if($rev) + goaway($dest); + else { + logger('mod_magic: no channels found for requested hub.' . print_r($_REQUEST,true)); + if($test) { + $ret['message'] .= 'This site has no previous connections with ' . $basepath . EOL; + return $ret; + } + notice( t('Hub not found.') . EOL); + return; + } + } + + // This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. + // By default, we'll proceed without asking. + + $arr = array( + 'channel_id' => local_channel(), + 'xchan' => $x[0], + 'destination' => $dest, + 'proceed' => true + ); + + call_hooks('magic_auth',$arr); + $dest = $arr['destination']; + if(! $arr['proceed']) { + if($test) { + $ret['message'] .= 'cancelled by plugin.' . EOL; + return $ret; + } + goaway($dest); + } + + if((get_observer_hash()) && ($x[0]['hubloc_url'] === z_root())) { + // We are already authenticated on this site and a registered observer. + // Just redirect. + if($test) { + $ret['success'] = true; + $ret['message'] .= 'Local site - you are already authenticated.' . EOL; + return $ret; + } + + $delegation_success = false; + if($delegate) { + $r = q("select * from channel left join hubloc on channel_hash = hubloc_hash where hubloc_addr = '%s' limit 1", + dbesc($delegate) + ); + if($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],get_observer_hash(),'delegate'); + if($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = get_observer_hash(); + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + change_channel($r[0]['channel_id']); + $delegation_success = true; + } + } + } + + + + // FIXME: check and honour local delegation + + + goaway($dest); + } + + if(local_channel()) { + $channel = $a->get_channel(); + + $token = random_string(); + $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); + + $channel['token'] = $token; + $channel['token_sig'] = $token_sig; + $r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')", + dbesc('auth'), + intval($channel['channel_id']), + dbesc($token), + dbesc($x[0]['hubloc_url']), + dbesc(datetime_convert()) + ); + $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname()) + . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION; + + if($delegate) + $target_url .= '&delegate=' . urlencode($delegate); + + logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); + + if($test) { + $ret['success'] = true; + $ret['url'] = $target_url; + $ret['message'] = 'token ' . $token . ' created for channel ' . $channel['channel_id'] . ' for url ' . $x[0]['hubloc_url'] . EOL; + return $ret; + } + + goaway($target_url); + + } + + if($test) { + $ret['message'] = 'Not authenticated or invalid arguments to mod_magic' . EOL; + return $ret; + } + + goaway($dest); + +} diff --git a/mod/mail.php b/mod/mail.php new file mode 100644 index 000000000..152db3231 --- /dev/null +++ b/mod/mail.php @@ -0,0 +1,368 @@ +<?php + +require_once('include/acl_selectors.php'); +require_once('include/message.php'); +require_once('include/zot.php'); +require_once("include/bbcode.php"); +require_once('include/Contact.php'); + + +function mail_post(&$a) { + + if(! local_channel()) + return; + + $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : ''); + $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : ''); + $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); + $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : ''); + $rstr = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : ''); + $expires = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE); + + // If we have a raw string for a recipient which hasn't been auto-filled, + // it means they probably aren't in our address book, hence we don't know + // if we have permission to send them private messages. + // finger them and find out before we try and send it. + + if(! $recipient) { + $channel = $a->get_channel(); + + $ret = zot_finger($rstr,$channel); + + if(! $ret['success']) { + notice( t('Unable to lookup recipient.') . EOL); + return; + } + $j = json_decode($ret['body'],true); + + logger('message_post: lookup: ' . $url . ' ' . print_r($j,true)); + + if(! ($j['success'] && $j['guid'])) { + notice( t('Unable to communicate with requested channel.')); + return; + } + + $x = import_xchan($j); + + if(! $x['success']) { + notice( t('Cannot verify requested channel.')); + return; + } + + $recipient = $x['hash']; + + $their_perms = 0; + + $global_perms = get_perms(); + + if($j['permissions']['data']) { + $permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']); + if($permissions) + $permissions = json_decode($permissions); + logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA); + } + else + $permissions = $j['permissions']; + + foreach($permissions as $k => $v) { + if($v) { + $their_perms = $their_perms | intval($global_perms[$k][1]); + } + } + + if(! ($their_perms & PERMS_W_MAIL)) { + notice( t('Selected channel has private message restrictions. Send failed.')); + // reported issue: let's still save the message and continue. We'll just tell them + // that nothing useful is likely to happen. They might have spent hours on it. + // return; + + } + } + +// if(feature_enabled(local_channel(),'richtext')) { +// $body = fix_mce_lf($body); +// } + + require_once('include/text.php'); + linkify_tags($a, $body, local_channel()); + + if(! $recipient) { + notice('No recipient found.'); + $a->argc = 2; + $a->argv[1] = 'new'; + return; + } + + // We have a local_channel, let send_message use the session channel and save a lookup + + $ret = send_message(0, $recipient, $body, $subject, $replyto, $expires); + + if(! $ret['success']) { + notice($ret['message']); + } + + goaway(z_root() . '/message'); + +} + +function mail_content(&$a) { + + $o = ''; + nav_set_selected('messages'); + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return login(); + } + + $channel = $a->get_channel(); + + head_set_icon($channel['xchan_photo_s']); + + $cipher = get_pconfig(local_channel(),'system','default_cipher'); + if(! $cipher) + $cipher = 'aes256'; + + $tpl = get_markup_template('mail_head.tpl'); + $header = replace_macros($tpl, array( + '$messages' => t('Messages'), + '$tab_content' => $tab_content + )); + + if((argc() == 3) && (argv(1) === 'drop')) { + if(! intval(argv(2))) + return; + $cmd = argv(1); + + $r = private_messages_drop(local_channel(), argv(2)); + if($r) { + info( t('Message deleted.') . EOL ); + } + goaway($a->get_baseurl(true) . '/message' ); + } + + if((argc() == 3) && (argv(1) === 'recall')) { + if(! intval(argv(2))) + return; + $cmd = argv(1); + $r = q("update mail set mail_recalled = 1 where id = %d and channel_id = %d", + intval(argv(2)), + intval(local_channel()) + ); + proc_run('php','include/notifier.php','mail',intval(argv(2))); + + if($r) { + info( t('Message recalled.') . EOL ); + } + goaway($a->get_baseurl(true) . '/message' ); + + } + + if((argc() > 1) && (argv(1) === 'new')) { + + $o .= $header; + + $plaintext = true; + + $tpl = get_markup_template('msg-header.tpl'); + + $header = replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(true), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$nickname' => $channel['channel_address'], + '$linkurl' => t('Please enter a link URL:'), + '$expireswhen' => t('Expires YYYY-MM-DD HH:MM') + )); + + $a->page['htmlhead'] .= $header; + + + $preselect = (isset($a->argv[2])?array($a->argv[2]):false); + $prename = $preurl = $preid = ''; + + if(x($_REQUEST,'hash')) { + $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash + where abook_channel = %d and abook_xchan = '%s' limit 1", + intval(local_channel()), + dbesc($_REQUEST['hash']) + ); + if($r) { + $prename = $r[0]['xchan_name']; + $preurl = $r[0]['xchan_url']; + $preid = $r[0]['abook_id']; + $preselect = array($preid); + } + } + + + if($preselect) { + $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash + where abook_channel = %d and abook_id = %d limit 1", + intval(local_channel()), + intval(argv(2)) + ); + if($r) { + $prename = $r[0]['xchan_name']; + $preurl = $r[0]['xchan_url']; + $preid = $r[0]['abook_id']; + } + } + + $prefill = (($preselect) ? $prename : ''); + + if(! $prefill) { + if(array_key_exists('to',$_REQUEST)) + $prefill = $_REQUEST['to']; + } + + // the ugly select box + + $select = contact_select('messageto','message-to-select', $preselect, 4, true, false, false, 10); + + $tpl = get_markup_template('prv_message.tpl'); + $o .= replace_macros($tpl,array( + '$header' => t('Send Private Message'), + '$to' => t('To:'), + '$showinputs' => 'true', + '$prefill' => $prefill, + '$autocomp' => $autocomp, + '$preid' => $preid, + '$subject' => t('Subject:'), + '$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''), + '$text' => ((x($_REQUEST,'body')) ? htmlspecialchars($_REQUEST['body'], ENT_COMPAT, 'UTF-8') : ''), + '$readonly' => '', + '$yourmessage' => t('Your message:'), + '$select' => $select, + '$parent' => '', + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$insert' => t('Insert web link'), + '$wait' => t('Please wait'), + '$submit' => t('Send'), + '$defexpire' => '', + '$feature_expire' => ((feature_enabled(local_channel(),'content_expire')) ? true : false), + '$expires' => t('Set expiration date'), + '$feature_encrypt' => ((feature_enabled(local_channel(),'content_encrypt')) ? true : false), + '$encrypt' => t('Encrypt text'), + '$cipher' => $cipher, + + + )); + + return $o; + } + + + if((argc() > 1) && (intval(argv(1)))) { + + $o .= $header; + + $plaintext = true; + +// if( local_channel() && feature_enabled(local_channel(),'richtext') ) +// $plaintext = false; + + $messages = private_messages_fetch_conversation(local_channel(), argv(1), true); + + if(! $messages) { + info( t('Message not found.') . EOL); + return $o; + } + + if($messages[0]['to_xchan'] === $channel['channel_hash']) + $a->poi = $messages[0]['from']; + else + $a->poi = $messages[0]['to']; + +// require_once('include/Contact.php'); + +// $a->set_widget('mail_conversant',vcard_from_xchan($a->poi,$get_observer_hash,'mail')); + + + $tpl = get_markup_template('msg-header.tpl'); + + $a->page['htmlhead'] .= replace_macros($tpl, array( + '$nickname' => $channel['channel_address'], + '$baseurl' => $a->get_baseurl(true), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$linkurl' => t('Please enter a link URL:'), + '$expireswhen' => t('Expires YYYY-MM-DD HH:MM') + )); + + + $mails = array(); + $seen = 0; + $unknown = false; + + foreach($messages as $message) { + + $s = theme_attachments($message); + + $mails[] = array( + 'id' => $message['id'], + 'from_name' => $message['from']['xchan_name'], + 'from_url' => chanlink_hash($message['from_xchan']), + 'from_photo' => $message['from']['xchan_photo_m'], + 'to_name' => $message['to']['xchan_name'], + 'to_url' => chanlink_hash($message['to_xchan']), + 'to_photo' => $message['to']['xchan_photo_m'], + 'subject' => $message['title'], + 'body' => smilies(bbcode($message['body']) . $s), + 'delete' => t('Delete message'), + 'recall' => t('Recall message'), + 'can_recall' => (($channel['channel_hash'] == $message['from_xchan']) ? true : false), + 'is_recalled' => (intval($message['mail_recalled']) ? t('Message has been recalled.') : ''), + 'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A'), + ); + + $seen = $message['seen']; + + } + + $recp = (($message['from_xchan'] === $channel['channel_hash']) ? 'to' : 'from'); + +// FIXME - move this HTML to template + + $select = $message[$recp]['xchan_name'] . '<input type="hidden" name="messageto" value="' . $message[$recp]['xchan_hash'] . '" />'; + $parent = '<input type="hidden" name="replyto" value="' . $message['parent_mid'] . '" />'; + + $tpl = get_markup_template('mail_display.tpl'); + $o = replace_macros($tpl, array( + '$prvmsg_header' => t('Private Conversation'), + '$thread_id' => $a->argv[1], + '$thread_subject' => $message['title'], + '$thread_seen' => $seen, + '$delete' => t('Delete conversation'), + '$canreply' => (($unknown) ? false : '1'), + '$unknown_text' => t("No secure communications available. You <strong>may</strong> be able to respond from the sender's profile page."), + '$mails' => $mails, + + // reply + '$header' => t('Send Reply'), + '$to' => t('To:'), + '$showinputs' => '', + '$subject' => t('Subject:'), + '$subjtxt' => $message['title'], + '$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ', + '$yourmessage' => t('Your message:'), + '$text' => '', + '$select' => $select, + '$parent' => $parent, + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$insert' => t('Insert web link'), + '$submit' => t('Submit'), + '$wait' => t('Please wait'), + '$defexpire' => '', + '$feature_expire' => ((feature_enabled(local_channel(),'content_expire')) ? true : false), + '$expires' => t('Set expiration date'), + '$feature_encrypt' => ((feature_enabled(local_channel(),'content_encrypt')) ? true : false), + '$encrypt' => t('Encrypt text'), + '$cipher' => $cipher, + + )); + + return $o; + } + +} diff --git a/mod/manage.php b/mod/manage.php new file mode 100644 index 000000000..a7327697d --- /dev/null +++ b/mod/manage.php @@ -0,0 +1,179 @@ +<?php + +function manage_content(&$a) { + + if((! get_account_id()) || ($_SESSION['delegate'])) { + notice( t('Permission denied.') . EOL); + return; + } + + require_once('include/security.php'); + + $change_channel = ((argc() > 1) ? intval(argv(1)) : 0); + + if((argc() > 2) && (argv(2) === 'default')) { + $r = q("select channel_id from channel where channel_id = %d and channel_account_id = %d limit 1", + intval($change_channel), + intval(get_account_id()) + ); + if($r) { + q("update account set account_default_channel = %d where account_id = %d", + intval($change_channel), + intval(get_account_id()) + ); + } + goaway(z_root() . '/manage'); + } + + if($change_channel) { + $r = change_channel($change_channel); + + if((argc() > 2) && !(argv(2) === 'default')) { + goaway(z_root() . '/' . implode('/',array_slice($a->argv,2))); // Go to whatever is after /manage/, but with the new channel + } + else { + if($r && $r['channel_startpage']) + goaway(z_root() . '/' . $r['channel_startpage']); // If nothing extra is specified, go to the default page + } + goaway(z_root()); + } + + $channels = null; + + if(local_channel()) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and channel_removed = 0 order by channel_name ", + intval(get_account_id()) + ); + + $account = get_app()->get_account(); + + if($r && count($r)) { + $channels = $r; + for($x = 0; $x < count($channels); $x ++) { + $channels[$x]['link'] = 'manage/' . intval($channels[$x]['channel_id']); + $channels[$x]['default'] = (($channels[$x]['channel_id'] == $account['account_default_channel']) ? "1" : ''); + $channels[$x]['default_links'] = '1'; + + + $c = q("SELECT id, item_wall FROM item + WHERE item_unseen = 1 and uid = %d " . item_normal(), + intval($channels[$x]['channel_id']) + ); + + if($c) { + foreach ($c as $it) { + if(intval($it['item_wall'])) + $channels[$x]['home'] ++; + else + $channels[$x]['network'] ++; + } + } + + + $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 0 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ", + intval($channels[$x]['channel_id']) + ); + + if($intr) + $channels[$x]['intros'] = intval($intr[0]['total']); + + + $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND mail_seen = 0 and from_xchan != '%s' ", + intval($channels[$x]['channel_id']), + dbesc($channels[$x]['channel_hash']) + ); + + if($mails) + $channels[$x]['mail'] = intval($mails[0]['total']); + + + $events = q("SELECT type, start, adjust FROM `event` + WHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0 + ORDER BY `start` ASC ", + intval($channels[$x]['channel_id']), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) + ); + + if($events) { + $channels[$x]['all_events'] = count($events); + + if($channels[$x]['all_events']) { + $str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d'); + foreach($events as $e) { + $bd = false; + if($e['type'] === 'birthday') { + $channels[$x]['birthdays'] ++; + $bd = true; + } + else { + $channels[$x]['events'] ++; + } + if(datetime_convert('UTC', ((intval($e['adjust'])) ? date_default_timezone_get() : 'UTC'), $e['start'], 'Y-m-d') === $str_now) { + $channels[$x]['all_events_today'] ++; + if($bd) + $channels[$x]['birthdays_today'] ++; + else + $channels[$x]['events_today'] ++; + } + } + } + } + } + } + + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0", + intval(get_account_id()) + ); + $limit = account_service_class_fetch(get_account_id(),'total_identities'); + if($limit !== false) { + $channel_usage_message = sprintf( t("You have created %1$.0f of %2$.0f allowed channels."), $r[0]['total'], $limit); + } + else { + $channel_usage_message = ''; + } + } + + $links = array( + array( 'new_channel', t('Create a new channel'), t('Create a new channel')) + ); + + $delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where + abook_channel = %d and (abook_their_perms & %d) > 0", + intval(local_channel()), + intval(PERMS_A_DELEGATE) + ); + + if($delegates) { + for($x = 0; $x < count($delegates); $x ++) { + $delegates[$x]['link'] = 'magic?f=&dest=' . urlencode($delegates[$x]['xchan_url']) + . '&delegate=' . urlencode($delegates[$x]['xchan_addr']); + } + } + else { + $delegates = null; + } + + + + $o = replace_macros(get_markup_template('channels.tpl'), array( + '$header' => t('Channel Manager'), + '$msg_selected' => t('Current Channel'), + '$selected' => local_channel(), + '$desc' => t('Switch to one of your channels by selecting it.'), + '$msg_default' => t('Default Channel'), + '$msg_make_default' => t('Make Default'), + '$links' => $links, + '$all_channels' => $channels, + '$mail_format' => t('%d new messages'), + '$intros_format' => t('%d new introductions'), + '$channel_usage_message' => $channel_usage_message, + '$delegate_header' => t('Delegated Channels'), + '$delegates' => $delegates, + + )); + + + return $o; + +} diff --git a/mod/match.php b/mod/match.php new file mode 100644 index 000000000..fd739ba2c --- /dev/null +++ b/mod/match.php @@ -0,0 +1,78 @@ +<?php + +/** + * @brief Controller for /match. + * + * It takes keywords from your profile and queries the directory server for + * matching keywords from other profiles. + * + * @FIXME this has never been properly ported from Friendica. + * + * @param App &$a + * @return void|string + */ +function match_content(&$a) { + + $o = ''; + if (! local_channel()) + return; + + $_SESSION['return_url'] = $a->get_baseurl() . '/' . $a->cmd; + + $o .= '<h2>' . t('Profile Match') . '</h2>'; + + $r = q("SELECT `keywords` FROM `profile` WHERE `is_default` = 1 AND `uid` = %d LIMIT 1", + intval(local_channel()) + ); + if (! count($r)) + return; + + if (! $r[0]['keywords']) { + notice( t('No keywords to match. Please add keywords to your default profile.') . EOL); + return; + } + + $params = array(); + $tags = trim($r[0]['keywords']); + + if ($tags) { + $params['s'] = $tags; + if ($a->pager['page'] != 1) + $params['p'] = $a->pager['page']; + +// if(strlen(get_config('system','directory_submit_url'))) +// $x = post_url('http://dir.friendica.com/msearch', $params); +// else +// $x = post_url($a->get_baseurl() . '/msearch', $params); + + $j = json_decode($x); + + if ($j->total) { + $a->set_pager_total($j->total); + $a->set_pager_itemspage($j->items_page); + } + + if (count($j->results)) { + $tpl = get_markup_template('match.tpl'); + foreach ($j->results as $jj) { + $connlnk = $a->get_baseurl() . '/follow/?url=' . $jj->url; + $o .= replace_macros($tpl,array( + '$url' => zid($jj->url), + '$name' => $jj->name, + '$photo' => $jj->photo, + '$inttxt' => ' ' . t('is interested in:'), + '$conntxt' => t('Connect'), + '$connlnk' => $connlnk, + '$tags' => $jj->tags + )); + } + } else { + info( t('No matches') . EOL); + } + } + + $o .= cleardiv(); + $o .= paginate($a); + + return $o; +} diff --git a/mod/menu.php b/mod/menu.php new file mode 100644 index 000000000..f46dc9471 --- /dev/null +++ b/mod/menu.php @@ -0,0 +1,159 @@ +<?php + +require_once('include/menu.php'); +require_once('include/identity.php'); + +function menu_init(&$a) { + if (array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + $sys = get_sys_channel(); + if ($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } +} + +function menu_post(&$a) { + + $uid = local_channel(); + + if(array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $a->is_sys = true; + } + + if(! $uid) + return; + + $_REQUEST['menu_channel_id'] = $uid; + + if($_REQUEST['menu_bookmark']) + $_REQUEST['menu_flags'] |= MENU_BOOKMARK; + if($_REQUEST['menu_system']) + $_REQUEST['menu_flags'] |= MENU_SYSTEM; + + $menu_id = ((argc() > 1) ? intval(argv(1)) : 0); + if($menu_id) { + $_REQUEST['menu_id'] = intval(argv(1)); + $r = menu_edit($_REQUEST); + if($r) { + //info( t('Menu updated.') . EOL); + goaway(z_root() . '/mitem/' . $menu_id . (($a->is_sys) ? '?f=&sys=1' : '')); + } + else + notice( t('Unable to update menu.'). EOL); + } + else { + $r = menu_create($_REQUEST); + if($r) { + //info( t('Menu created.') . EOL); + goaway(z_root() . '/mitem/' . $r . (($a->is_sys) ? '?f=&sys=1' : '')); + } + else + notice( t('Unable to create menu.'). EOL); + + } +} + + +function menu_content(&$a) { + + $uid = local_channel(); + + if ($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + } + + if(! $uid) { + notice( t('Permission denied.') . EOL); + return ''; + } + + if(argc() == 1) { + + + + // list menus + $x = menu_list($uid); + if($x) { + for($y = 0; $y < count($x); $y ++) { + $m = menu_fetch($x[$y]['menu_name'],$uid,get_observer_hash()); + if($m) + $x[$y]['element'] = '[element]' . base64url_encode(json_encode(menu_element($m))) . '[/element]'; + $x[$y]['bookmark'] = (($x[$y]['menu_flags'] & MENU_BOOKMARK) ? true : false); + } + } + + $create = replace_macros(get_markup_template('menuedit.tpl'), array( + '$menu_name' => array('menu_name', t('Menu Name'), '', t('Unique name (not visible on webpage) - required'), '*'), + '$menu_desc' => array('menu_desc', t('Menu Title'), '', t('Visible on webpage - leave empty for no title'), ''), + '$menu_bookmark' => array('menu_bookmark', t('Allow Bookmarks'), 0 , t('Menu may be used to store saved bookmarks'), array(t('No'), t('Yes'))), + '$submit' => t('Submit and proceed'), + '$sys' => $a->is_sys, + '$display' => 'none' + )); + + $o = replace_macros(get_markup_template('menulist.tpl'),array( + '$title' => t('Menus'), + '$create' => $create, + '$menus' => $x, + '$nametitle' => t('Menu Name'), + '$desctitle' => t('Menu Title'), + '$edit' => t('Edit'), + '$drop' => t('Drop'), + '$created' => t('Created'), + '$edited' => t('Edited'), + '$new' => t('New'), + '$bmark' => t('Bookmarks allowed'), + '$hintnew' => t('Create'), + '$hintdrop' => t('Delete this menu'), + '$hintcontent' => t('Edit menu contents'), + '$hintedit' => t('Edit this menu'), + '$sys' => $a->is_sys + )); + + return $o; + + } + + if(argc() > 1) { + if(intval(argv(1))) { + + if(argc() == 3 && argv(2) == 'drop') { + $r = menu_delete_id(intval(argv(1)),$uid); + if(!$r) + notice( t('Menu could not be deleted.'). EOL); + + goaway(z_root() . '/menu' . (($a->is_sys) ? '?f=&sys=1' : '')); + } + + $m = menu_fetch_id(intval(argv(1)),$uid); + + if(! $m) { + notice( t('Menu not found.') . EOL); + return ''; + } + + $o = replace_macros(get_markup_template('menuedit.tpl'), array( + '$header' => t('Edit Menu'), + '$menu_id' => intval(argv(1)), + '$hintedit' => t('Add or remove entries to this menu'), + '$editcontents' => t('Edit menu contents'), + '$menu_name' => array('menu_name', t('Menu name'), $m['menu_name'], t('Must be unique, only seen by you'), '*'), + '$menu_desc' => array('menu_desc', t('Menu title'), $m['menu_desc'], t('Menu title as seen by others'), ''), + '$menu_bookmark' => array('menu_bookmark', t('Allow bookmarks'), (($m['menu_flags'] & MENU_BOOKMARK) ? 1 : 0), t('Menu may be used to store saved bookmarks'), array(t('No'), t('Yes'))), + '$menu_system' => (($m['menu_flags'] & MENU_SYSTEM) ? 1 : 0), + '$submit' => t('Submit and proceed') + )); + + return $o; + + } + else { + notice( t('Not found.') . EOL); + return; + } + } + +} diff --git a/mod/message.php b/mod/message.php new file mode 100644 index 000000000..9cf4b6987 --- /dev/null +++ b/mod/message.php @@ -0,0 +1,81 @@ +<?php + +require_once('include/acl_selectors.php'); +require_once('include/message.php'); +require_once('include/zot.php'); +require_once("include/bbcode.php"); +require_once('include/Contact.php'); + + +function message_content(&$a) { + + $o = ''; + nav_set_selected('messages'); + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return login(); + } + + $channel = $a->get_channel(); + head_set_icon($channel['xchan_photo_s']); + + $cipher = get_pconfig(local_channel(),'system','default_cipher'); + if(! $cipher) + $cipher = 'aes256'; + + + $tpl = get_markup_template('mail_head.tpl'); + $header = replace_macros($tpl, array( + '$messages' => t('Messages'), + '$tab_content' => $tab_content + )); + + if((argc() == 3) && (argv(1) === 'dropconv')) { + if(! intval(argv(2))) + return; + $cmd = argv(1); + $r = private_messages_drop(local_channel(), argv(2), true); + if($r) + info( t('Conversation removed.') . EOL ); + goaway($a->get_baseurl(true) . '/message' ); + } + if(argc() == 1) { + + // list messages + + $o .= $header; + + // private_messages_list() can do other more complicated stuff, for now keep it simple + + $r = private_messages_list(local_channel(), '', $a->pager['start'], $a->pager['itemspage']); + + if(! $r) { + info( t('No messages.') . EOL); + return $o; + } + + $tpl = get_markup_template('mail_list.tpl'); + foreach($r as $rr) { + + $o .= replace_macros($tpl, array( + '$id' => $rr['id'], + '$from_name' => $rr['from']['xchan_name'], + '$from_url' => chanlink_hash($rr['from_xchan']), + '$from_photo' => $rr['from']['xchan_photo_s'], + '$to_name' => $rr['to']['xchan_name'], + '$to_url' => chanlink_hash($rr['to_xchan']), + '$to_photo' => $rr['to']['xchan_photo_s'], + '$subject' => (($rr['seen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>'), + '$delete' => t('Delete conversation'), + '$body' => smilies(bbcode($rr['body'])), + '$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['created'], t('D, d M Y - g:i A')), + '$seen' => $rr['seen'] + )); + } + $o .= alt_pager($a,count($r)); + return $o; + } + + +} diff --git a/mod/mitem.php b/mod/mitem.php new file mode 100644 index 000000000..c4c293d1e --- /dev/null +++ b/mod/mitem.php @@ -0,0 +1,245 @@ +<?php + +require_once('include/menu.php'); +require_once('include/acl_selectors.php'); + +function mitem_init(&$a) { + + $uid = local_channel(); + + if(array_key_exists('sys',$_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $a->is_sys = true; + } + + if(! $uid) + return; + + if(argc() < 2) + return; + + $m = menu_fetch_id(intval(argv(1)),$uid); + if(! $m) { + notice( t('Menu not found.') . EOL); + return ''; + } + $a->data['menu'] = $m; + +} + +function mitem_post(&$a) { + + $uid = local_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + } + + if(! $uid) { + return; + } + + if(! $a->data['menu']) + return; + + + $channel = $a->get_channel(); + + if(!$_REQUEST['mitem_desc'] || !$_REQUEST['mitem_link']) { + notice( t('Unable to create element.') . EOL); + return; + } + + $_REQUEST['mitem_channel_id'] = $uid; + $_REQUEST['menu_id'] = $a->data['menu']['menu_id']; + + $_REQUEST['mitem_flags'] = 0; + if($_REQUEST['usezid']) + $_REQUEST['mitem_flags'] |= MENU_ITEM_ZID; + if($_REQUEST['newwin']) + $_REQUEST['mitem_flags'] |= MENU_ITEM_NEWWIN; + + + $mitem_id = ((argc() > 2) ? intval(argv(2)) : 0); + if($mitem_id) { + $_REQUEST['mitem_id'] = $mitem_id; + $r = menu_edit_item($_REQUEST['menu_id'],$uid,$_REQUEST); + if($r) { + //info( t('Menu element updated.') . EOL); + goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . (($a->is_sys) ? '?f=&sys=1' : '')); + } + else + notice( t('Unable to update menu element.') . EOL); + + } + else { + $r = menu_add_item($_REQUEST['menu_id'],$uid,$_REQUEST); + if($r) { + //info( t('Menu element added.') . EOL); + if($_REQUEST['submit']) { + goaway(z_root() . '/menu' . (($a->is_sys) ? '?f=&sys=1' : '')); + } + if($_REQUEST['submit-more']) { + goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . '?f=&display=block' . (($a->is_sys) ? '&sys=1' : '') ); + } + } + else + notice( t('Unable to add menu element.') . EOL); + + } + + + + +} + + +function mitem_content(&$a) { + + $uid = local_channel(); + $channel = $a->get_channel(); + $observer = $a->get_observer(); + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + $uid = intval($sys['channel_id']); + $channel = $sys; + $ob_hash = $sys['xchan_hash']; + } + + if(! $uid) { + notice( t('Permission denied.') . EOL); + return ''; + } + + if(argc() < 2 || (! $a->data['menu'])) { + notice( t('Not found.') . EOL); + return ''; + } + + $m = menu_fetch($a->data['menu']['menu_name'],$uid,$ob_hash); + $a->data['menu_item'] = $m; + + $menu_list = menu_list($uid); + + foreach($menu_list as $menus) { + if($menus['menu_name'] != $m['menu']['menu_name']) + $menu_names[] = $menus['menu_name']; + } + + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + $lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'); + + if(argc() == 2) { + $r = q("select * from menu_item where mitem_menu_id = %d and mitem_channel_id = %d order by mitem_order asc, mitem_desc asc", + intval($a->data['menu']['menu_id']), + intval($uid) + ); + + if($_GET['display']) { + $display = $_GET['display']; + } + else { + $display = (($r) ? 'none' : 'block'); + } + + $create = replace_macros(get_markup_template('mitemedit.tpl'), array( + '$menu_id' => $a->data['menu']['menu_id'], + '$permissions' => t('Menu Item Permissions'), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($perm_defaults,false), + '$mitem_desc' => array('mitem_desc', t('Link Name'), '', 'Visible name of the link','*'), + '$mitem_link' => array('mitem_link', t('Link or Submenu Target'), '', t('Enter URL of the link or select a menu name to create a submenu'), '*', 'list="menu-names"'), + '$usezid' => array('usezid', t('Use magic-auth if available'), true, '', array(t('No'), t('Yes'))), + '$newwin' => array('newwin', t('Open link in new window'), false,'', array(t('No'), t('Yes'))), + '$mitem_order' => array('mitem_order', t('Order in list'),'0',t('Higher numbers will sink to bottom of listing')), + '$submit' => t('Submit and finish'), + '$submit_more' => t('Submit and continue'), + '$display' => $display, + '$lockstate' => $lockstate, + '$menu_names' => $menu_names + )); + + $o .= replace_macros(get_markup_template('mitemlist.tpl'),array( + '$title' => t('Menu:'), + '$create' => $create, + '$nametitle' => t('Link Name'), + '$targettitle' => t('Link Target'), + '$menuname' => $a->data['menu']['menu_name'], + '$menudesc' => $a->data['menu']['menu_desc'], + '$edmenu' => t('Edit menu'), + '$menu_id' => $a->data['menu']['menu_id'], + '$mlist' => $r, + '$edit' => t('Edit element'), + '$drop' => t('Drop element'), + '$new' => t('New element'), + '$hintmenu' => t('Edit this menu container'), + '$hintnew' => t('Add menu element'), + '$hintdrop' => t('Delete this menu item'), + '$hintedit' => t('Edit this menu item'), + )); + + return $o; + } + + + if(argc() > 2) { + + if(intval(argv(2))) { + + $m = q("select * from menu_item where mitem_id = %d and mitem_channel_id = %d limit 1", + intval(argv(2)), + intval($uid) + ); + + if(! $m) { + notice( t('Menu item not found.') . EOL); + goaway(z_root() . '/menu'. (($a->is_sys) ? '?f=&sys=1' : '')); + } + + $mitem = $m[0]; + + $lockstate = (($mitem['allow_cid'] || $mitem['allow_gid'] || $mitem['deny_cid'] || $mitem['deny_gid']) ? 'lock' : 'unlock'); + + if(argc() == 4 && argv(3) == 'drop') { + $r = menu_del_item($mitem['mitem_menu_id'], $uid, intval(argv(2))); + if($r) + info( t('Menu item deleted.') . EOL); + else + notice( t('Menu item could not be deleted.'). EOL); + + goaway(z_root() . '/mitem/' . $mitem['mitem_menu_id'] . (($a->is_sys) ? '?f=&sys=1' : '')); + } + + // edit menu item + $o = replace_macros(get_markup_template('mitemedit.tpl'), array( + '$header' => t('Edit Menu Element'), + '$menu_id' => $a->data['menu']['menu_id'], + '$permissions' => t('Menu Item Permissions'), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($mitem,false), + '$mitem_id' => intval(argv(2)), + '$mitem_desc' => array('mitem_desc', t('Link text'), $mitem['mitem_desc'], '','*'), + '$mitem_link' => array('mitem_link', t('Link or Submenu Target'), $mitem['mitem_link'], 'Enter URL of the link or select a menu name to create a submenu', '*', 'list="menu-names"'), + '$usezid' => array('usezid', t('Use magic-auth if available'), (($mitem['mitem_flags'] & MENU_ITEM_ZID) ? 1 : 0), '', array(t('No'), t('Yes'))), + '$newwin' => array('newwin', t('Open link in new window'), (($mitem['mitem_flags'] & MENU_ITEM_NEWWIN) ? 1 : 0),'', array(t('No'), t('Yes'))), + '$mitem_order' => array('mitem_order', t('Order in list'),$mitem['mitem_order'],t('Higher numbers will sink to bottom of listing')), + '$submit' => t('Submit'), + '$lockstate' => $lockstate, + '$menu_names' => $menu_names + )); + + return $o; + } + } +} diff --git a/mod/mood.php b/mod/mood.php new file mode 100755 index 000000000..92a4f391b --- /dev/null +++ b/mod/mood.php @@ -0,0 +1,140 @@ +<?php + +require_once('include/security.php'); +require_once('include/bbcode.php'); +require_once('include/items.php'); + + +function mood_init(&$a) { + + if(! local_channel()) + return; + + $uid = local_channel(); + $channel = $a->get_channel(); + $verb = notags(trim($_GET['verb'])); + + if(! $verb) + return; + + $verbs = get_mood_verbs(); + + if(! array_key_exists($verb,$verbs)) + return; + + $activity = ACTIVITY_MOOD . '#' . urlencode($verb); + + $parent = ((x($_GET,'parent')) ? intval($_GET['parent']) : 0); + + + logger('mood: verb ' . $verb, LOGGER_DEBUG); + + + if($parent) { + $r = q("select mid, owner_xchan, private, allow_cid, allow_gid, deny_cid, deny_gid + from item where id = %d and parent = %d and uid = %d limit 1", + intval($parent), + intval($parent), + intval($uid) + ); + if(count($r)) { + $parent_mid = $r[0]['mid']; + $private = $r[0]['item_private']; + $allow_cid = $r[0]['allow_cid']; + $allow_gid = $r[0]['allow_gid']; + $deny_cid = $r[0]['deny_cid']; + $deny_gid = $r[0]['deny_gid']; + } + } + else { + + $private = 0; + + $allow_cid = $channel['channel_allow_cid']; + $allow_gid = $channel['channel_allow_gid']; + $deny_cid = $channel['channel_deny_cid']; + $deny_gid = $channel['channel_deny_gid']; + } + + $poster = $a->get_observer(); + + $mid = item_message_id(); + + $action = sprintf( t('%1$s is %2$s','mood'), '[zrl=' . $poster['xchan_url'] . ']' . $poster['xchan_name'] . '[/zrl]' , $verbs[$verb]); + + $arr = array(); + + $arr['aid'] = get_account_id(); + $arr['uid'] = $uid; + $arr['mid'] = $mid; + $arr['parent_mid'] = (($parent_mid) ? $parent_mid : $mid); + $arr['author_xchan'] = $poster['xchan_hash']; + $arr['owner_xchan'] = (($parent_mid) ? $r[0]['owner_xchan'] : $poster['xchan_hash']); + $arr['title'] = ''; + $arr['allow_cid'] = $allow_cid; + $arr['allow_gid'] = $allow_gid; + $arr['deny_cid'] = $deny_cid; + $arr['deny_gid'] = $deny_gid; + $arr['item_private'] = $private; + $arr['verb'] = $activity; + $arr['body'] = $action; + $arr['item_origin'] = 1; + $arr['item_wall'] = 1; + $arr['item_unseen'] = 1; + if(! $parent_mid) + $item['item_thread_top'] = 1; + + if ((! $arr['plink']) && intval($arr['item_thread_top'])) { + $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; + } + + + $post = item_store($arr); + $item_id = $post['item_id']; + + if($item_id) { + proc_run('php',"include/notifier.php","activity", $item_id); + } + + call_hooks('post_local_end', $arr); + + if($_SESSION['return_url']) + goaway(z_root() . '/' . $_SESSION['return_url']); + + return; +} + + + +function mood_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $parent = ((x($_GET,'parent')) ? intval($_GET['parent']) : '0'); + + + + $verbs = get_mood_verbs(); + + $shortlist = array(); + foreach($verbs as $k => $v) + if($v !== 'NOTRANSLATION') + $shortlist[] = array($k,$v); + + + $tpl = get_markup_template('mood_content.tpl'); + + $o = replace_macros($tpl,array( + '$title' => t('Mood'), + '$desc' => t('Set your current mood and tell your friends'), + '$verbs' => $shortlist, + '$parent' => $parent, + '$submit' => t('Submit'), + )); + + return $o; + +} diff --git a/mod/msearch.php b/mod/msearch.php new file mode 100644 index 000000000..b51c4e097 --- /dev/null +++ b/mod/msearch.php @@ -0,0 +1,42 @@ +<?php + +function msearch_post(&$a) { + + $perpage = (($_POST['n']) ? $_POST['n'] : 80); + $page = (($_POST['p']) ? intval($_POST['p'] - 1) : 0); + $startrec = (($page+1) * $perpage) - $perpage; + + $search = $_POST['s']; + if(! strlen($search)) + killme(); + + $r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is_default` = 1 AND `user`.`hidewall` = 0 AND MATCH `keywords` AGAINST ('%s') ", + dbesc($search) + ); + if(count($r)) + $total = $r[0]['total']; + + $r = q("SELECT `keywords`, `username`, `nickname`, `user`.`uid` FROM `user` LEFT JOIN `profile` ON `user`.`uid` = `profile`.`uid` WHERE `is_default` = 1 AND `user`.`hidewall` = 0 AND MATCH `keywords` AGAINST ('%s') LIMIT %d , %d ", + dbesc($search), + intval($startrec), + intval($perpage) + ); + + $results = array(); + if(count($r)) { + foreach($r as $rr) + $results[] = array( + 'name' => $rr['name'], + 'url' => $a->get_baseurl() . '/channel/' . $rr['nickname'], + 'photo' => $a->get_baseurl() . '/photo/avatar/' . $rr['uid'], + 'tags' => str_replace(array(',',' '),array(' ',' '),$rr['keywords']) + ); + } + + $output = array('total' => $total, 'items_page' => $perpage, 'page' => $page + 1, 'results' => $results); + + echo json_encode($output); + + killme(); + +}
\ No newline at end of file diff --git a/mod/network.php b/mod/network.php new file mode 100644 index 000000000..d5e305687 --- /dev/null +++ b/mod/network.php @@ -0,0 +1,511 @@ +<?php + +require_once('include/items.php'); +require_once('include/group.php'); +require_once('include/contact_widgets.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + + +function network_init(&$a) { + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + if((count($_GET) < 2) || (count($_GET) < 3 && $_GET['JS'])) { + $network_options = get_pconfig(local_channel(),'system','network_page_default'); + if($network_options) + goaway('network' . '?f=&' . $network_options); + } + + $channel = $a->get_channel(); + $a->profile_uid = local_channel(); + head_set_icon($channel['xchan_photo_s']); + +} + +function network_content(&$a, $update = 0, $load = false) { + + if(! local_channel()) { + $_SESSION['return_url'] = $a->query_string; + return login(false); + } + + if($load) + $_SESSION['loadtime'] = datetime_convert(); + + $arr = array('query' => $a->query_string); + + call_hooks('network_content_init', $arr); + + $channel = $a->get_channel(); + $item_normal = item_normal(); + + $datequery = $datequery2 = ''; + + $group = 0; + + $nouveau = false; + + $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); + $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); + $nouveau = ((x($_GET,'new')) ? intval($_GET['new']) : 0); + $gid = ((x($_GET,'gid')) ? intval($_GET['gid']) : 0); + $category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : ''); + $hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : ''); + $verb = ((x($_REQUEST,'verb')) ? $_REQUEST['verb'] : ''); + + $search = (($_GET['search']) ? $_GET['search'] : ''); + if($search) { + if(strpos($search,'@') === 0) { + $r = q("select abook_id from abook left join xchan on abook_xchan = xchan_hash where xchan_name = '%s' and abook_channel = %d limit 1", + dbesc(substr($search,1)), + intval(local_channel()) + ); + if($r) { + $_GET['cid'] = $r[0]['abook_id']; + $search = $_GET['search'] = ''; + } + } + elseif(strpos($search,'#') === 0) { + $hashtags = substr($search,1); + $search = $_GET['search'] = ''; + } + } + + if($datequery) + $_GET['order'] = 'post'; + + + // filter by collection (e.g. group) + + if($gid) { + $r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1", + intval($gid), + intval(local_channel()) + ); + if(! $r) { + if($update) + killme(); + notice( t('No such group') . EOL ); + goaway($a->get_baseurl(true) . '/network'); + // NOTREACHED + } + + $group = $gid; + $group_hash = $r[0]['hash']; + $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); + } + + $o = ''; + + + // if no tabs are selected, defaults to comments + + $cid = ((x($_GET,'cid')) ? intval($_GET['cid']) : 0); + $star = ((x($_GET,'star')) ? intval($_GET['star']) : 0); + $order = ((x($_GET,'order')) ? notags($_GET['order']) : 'comment'); + $liked = ((x($_GET,'liked')) ? intval($_GET['liked']) : 0); + $conv = ((x($_GET,'conv')) ? intval($_GET['conv']) : 0); + $spam = ((x($_GET,'spam')) ? intval($_GET['spam']) : 0); + $cmin = ((x($_GET,'cmin')) ? intval($_GET['cmin']) : 0); + $cmax = ((x($_GET,'cmax')) ? intval($_GET['cmax']) : 99); + $firehose = ((x($_GET,'fh')) ? intval($_GET['fh']) : 0); + $file = ((x($_GET,'file')) ? $_GET['file'] : ''); + + + if(x($_GET,'search') || x($_GET,'file')) + $nouveau = true; + if($cid) { + $r = q("SELECT abook_xchan FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + intval($cid), + intval(local_channel()) + ); + if(! $r) { + if($update) { + killme(); + } + notice( t('No such channel') . EOL ); + goaway($a->get_baseurl(true) . '/network'); + // NOTREACHED + } + $def_acl = array('allow_cid' => '<' . $r[0]['abook_xchan'] . '>'); + } + + if(! $update) { + $tabs = network_tabs(); + $o .= $tabs; + + // search terms header + if($search) { + $o .= replace_macros(get_markup_template("section_title.tpl"),array( + '$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') + )); + } + + nav_set_selected('network'); + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + $x = array( + 'is_owner' => true, + 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), + 'default_location' => $channel['channel_location'], + 'nickname' => $channel['channel_address'], + 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'acl' => populate_acl((($group || $cid) ? $def_acl : $channel_acl)), + 'bang' => (($group || $cid) ? '!' : ''), + 'visitor' => true, + 'profile_uid' => local_channel() + ); + + $status_editor = status_editor($a,$x); + $o .= $status_editor; + } + + + // We don't have to deal with ACL's on this page. You're looking at everything + // that belongs to you, hence you can see all of it. We will filter by group if + // desired. + + + $sql_options = (($star) + ? " and item_starred = 1 " + : ''); + + $sql_nets = ''; + + $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE item_thread_top = 1 $sql_options ) "; + + if($group) { + $contact_str = ''; + $contacts = group_get_members($group); + if($contacts) { + foreach($contacts as $c) { + if($contact_str) + $contact_str .= ','; + $contact_str .= "'" . $c['xchan'] . "'"; + } + } + else { + $contact_str = ' 0 '; + info( t('Collection is empty')); + } + + $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent $item_normal ) "; + + $x = group_rec_byhash(local_channel(), $group_hash); + + if($x) { + $title = replace_macros(get_markup_template("section_title.tpl"),array( + '$title' => t('Collection: ') . $x['name'] + )); + } + + $o = $tabs; + $o .= $title; + $o .= $status_editor; + + } + + elseif($cid) { + + $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and abook_blocked = 0 limit 1", + intval($cid), + intval(local_channel()) + ); + if($r) { + $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) $item_normal ) "; + $title = replace_macros(get_markup_template("section_title.tpl"),array( + '$title' => t('Connection: ') . $r[0]['xchan_name'] + )); + $o = $tabs; + $o .= $title; + $o .= $status_editor; + } + else { + notice( t('Invalid connection.') . EOL); + goaway($a->get_baseurl(true) . '/network'); + } + } + + if(x($category)) { + $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY)); + } + if(x($hashtags)) { + $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG)); + } + + if(! $update) { + // The special div is needed for liveUpdate to kick in for this page. + // We only launch liveUpdate if you aren't filtering in some incompatible + // way and also you aren't writing a comment (discovered in javascript). + + if($gid || $cid || $cmin || ($cmax != 99) || $star || $liked || $conv || $spam || $nouveau || $list) + $firehose = 0; + + $maxheight = get_pconfig(local_channel(),'system','network_divmore_height'); + if(! $maxheight) + $maxheight = 400; + + + $o .= '<div id="live-network"></div>' . "\r\n"; + $o .= "<script> var profile_uid = " . local_channel() + . "; var profile_page = " . $a->pager['page'] + . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; + + $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + '$baseurl' => z_root(), + '$pgtype' => 'network', + '$uid' => ((local_channel()) ? local_channel() : '0'), + '$gid' => (($gid) ? $gid : '0'), + '$cid' => (($cid) ? $cid : '0'), + '$cmin' => (($cmin) ? $cmin : '0'), + '$cmax' => (($cmax) ? $cmax : '0'), + '$star' => (($star) ? $star : '0'), + '$liked' => (($liked) ? $liked : '0'), + '$conv' => (($conv) ? $conv : '0'), + '$spam' => (($spam) ? $spam : '0'), + '$fh' => (($firehose) ? $firehose : '0'), + '$nouveau' => (($nouveau) ? $nouveau : '0'), + '$wall' => '0', + '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), + '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), + '$search' => (($search) ? $search : ''), + '$order' => $order, + '$file' => $file, + '$cats' => $category, + '$tags' => $hashtags, + '$dend' => $datequery, + '$mid' => '', + '$verb' => $verb, + '$dbegin' => $datequery2 + )); + } + + $sql_extra3 = ''; + + if($datequery) { + $sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery)))); + } + if($datequery2) { + $sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2)))); + } + + $sql_extra2 = (($nouveau) ? '' : " AND item.parent = item.id "); + $sql_extra3 = (($nouveau) ? '' : $sql_extra3); + + if(x($_GET,'search')) { + $search = escape_tags($_GET['search']); + if(strpos($search,'#') === 0) { + $sql_extra .= term_query('item',substr($search,1),TERM_HASHTAG); + } + else { + $sql_extra .= sprintf(" AND item.body like '%s' ", + dbesc(protect_sprintf('%' . $search . '%')) + ); + } + } + + if($verb) { + $sql_extra .= sprintf(" AND item.verb like '%s' ", + dbesc(protect_sprintf('%' . $verb . '%')) + ); + } + + if(strlen($file)) { + $sql_extra .= term_query('item',$file,TERM_FILE); + } + + if($conv) { + $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or item_mentionsme = 1 )) ", + dbesc(protect_sprintf($channel['channel_hash'])) + ); + } + + if($update && ! $load) { + + // only setup pagination on initial page view + $pager_sql = ''; + + } + else { + $itemspage = get_pconfig(local_channel(),'system','itemspage'); + $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); + } + + + if(($cmin != 0) || ($cmax != 99)) { + + // Not everybody who shows up in the network stream will be in your address book. + // By default those that aren't are assumed to have closeness = 99; but this isn't + // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in + // the stream with a NULL address book entry. + + $sql_nets .= " AND "; + + if($cmax == 99) + $sql_nets .= " ( "; + + $sql_nets .= "( abook.abook_closeness >= " . intval($cmin) . " "; + $sql_nets .= " AND abook.abook_closeness <= " . intval($cmax) . " ) "; + + if($cmax == 99) + $sql_nets .= " OR abook.abook_closeness IS NULL ) "; + + + } + + $abook_uids = " and abook.abook_channel = " . local_channel() . " "; + + if($firehose && (! get_config('system','disable_discover_tab'))) { + require_once('include/identity.php'); + $sys = get_sys_channel(); + $uids = " and item.uid = " . intval($sys['channel_id']) . " "; + $a->data['firehose'] = intval($sys['channel_id']); + } + else { + $uids = " and item.uid = " . local_channel() . " "; + } + + if(get_pconfig(local_channel(),'system','network_list_mode')) + $page_mode = 'list'; + else + $page_mode = 'client'; + + $simple_update = (($update) ? " and item_unseen = 1 " : ''); + + // This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day + // or three and look at your matrix page - after opening up your browser. The first page loads just as it + // should. All of a sudden a few seconds later, page 2 will get inserted at the beginning of the page + // (before the page 1 content). The update code is actually doing just what it's supposed + // to, it's fetching posts that have the ITEM_UNSEEN bit set. But the reason that page 2 content is being + // returned in an UPDATE is because you hadn't gotten that far yet - you're still on page 1 and everything + // that we loaded for page 1 is now marked as seen. But the stuff on page 2 hasn't been. So... it's being + // treated as "new fresh" content because it is unseen. We need to distinguish it somehow from content + // which "arrived as you were reading page 1". We're going to do this + // by storing in your session the current UTC time whenever you LOAD a network page, and only UPDATE items + // which are both ITEM_UNSEEN and have "changed" since that time. Cross fingers... + + if($update && $_SESSION['loadtime']) + $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; + if($load) + $simple_update = ''; + + if($nouveau && $load) { + // "New Item View" - show all items unthreaded in reverse created date order + + $items = q("SELECT item.*, item.id AS item_id, received FROM item + left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) + WHERE true $uids $item_normal + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $simple_update + $sql_extra $sql_nets + ORDER BY item.received DESC $pager_sql " + ); + + require_once('include/items.php'); + + xchan_query($items); + + $items = fetch_post_tags($items,true); + } + elseif($update) { + + // Normal conversation view + + if($order === 'post') + $ordering = "created"; + else + $ordering = "commented"; + + if($load) { + + // Fetch a page full of parent items for this page + + $r = q("SELECT distinct item.id AS item_id, $ordering FROM item + left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) + WHERE true $uids $item_normal + AND item.parent = item.id + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets + ORDER BY $ordering DESC $pager_sql " + ); + + } + else { + // this is an update + $r = q("SELECT item.parent AS item_id FROM item + left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) + WHERE true $uids $item_normal $simple_update + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets " + ); + $_SESSION['loadtime'] = datetime_convert(); + } + + // Then fetch all the children of the parents that are on this page + $parents_str = ''; + $update_unseen = ''; + + if($r) { + + $parents_str = ids_to_querystr($r,'item_id'); + + $items = q("SELECT item.*, item.id AS item_id FROM item + WHERE true $uids $item_normal + AND item.parent IN ( %s ) + $sql_extra ", + dbesc($parents_str) + ); + + xchan_query($items,true,(($firehose) ? local_channel() : 0)); + $items = fetch_post_tags($items,true); + $items = conv_sort($items,$ordering); + } + else { + $items = array(); + } + + if($page_mode === 'list') { + + /** + * in "list mode", only mark the parent item and any like activities as "seen". + * We won't distinguish between comment likes and post likes. The important thing + * is that the number of unseen comments will be accurate. The SQL to separate the + * comment likes could also get somewhat hairy. + */ + + if($parents_str) { + $update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )"; + $update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) "; + } + } + else { + if($parents_str) { + $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )"; + } + } + } + + if(($update_unseen) && (! $firehose)) + $r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ", + intval(local_channel()) + ); + + $mode = (($nouveau) ? 'network-new' : 'network'); + + $o .= conversation($a,$items,$mode,$update,$page_mode); + + if(($items) && (! $update)) + $o .= alt_pager($a,count($items)); + + return $o; +} diff --git a/mod/new_channel.php b/mod/new_channel.php new file mode 100644 index 000000000..047048f0a --- /dev/null +++ b/mod/new_channel.php @@ -0,0 +1,127 @@ +<?php + +require_once('include/identity.php'); +require_once('include/permissions.php'); + + +function new_channel_init(&$a) { + + $cmd = ((argc() > 1) ? argv(1) : ''); + + + if($cmd === 'autofill.json') { + require_once('library/urlify/URLify.php'); + $result = array('error' => false, 'message' => ''); + $n = trim($_REQUEST['name']); + + $x = strtolower(URLify::transliterate($n)); + + $test = array(); + + // first name + if(strpos($x,' ')) + $test[] = legal_webbie(substr($x,0,strpos($x,' '))); + if($test[0]) { + // first name plus first initial of last + $test[] = ((strpos($x,' ')) ? $test[0] . legal_webbie(trim(substr($x,strpos($x,' '),2))) : ''); + // first name plus random number + $test[] = $test[0] . mt_rand(1000,9999); + } + // fullname + $test[] = legal_webbie($x); + // fullname plus random number + $test[] = legal_webbie($x) . mt_rand(1000,9999); + + json_return_and_die(check_webbie($test)); + } + + if($cmd === 'checkaddr.json') { + require_once('library/urlify/URLify.php'); + $result = array('error' => false, 'message' => ''); + $n = trim($_REQUEST['nick']); + + $x = strtolower(URLify::transliterate($n)); + + $test = array(); + + $n = legal_webbie($x); + if(strlen($n)) { + $test[] = $n; + $test[] = $n . mt_rand(1000,9999); + } + + for($y = 0; $y < 100; $y ++) + $test[] = 'id' . mt_rand(1000,9999); + + json_return_and_die(check_webbie($test)); + } + + +} + + +function new_channel_post(&$a) { + + $arr = $_POST; + + if(($arr['account_id'] = get_account_id()) === false) { + notice( t('Permission denied.') . EOL ); + return; + } + + $result = create_identity($arr); + + if(! $result['success']) { + notice($result['message']); + return; + } + + $newuid = $result['channel']['channel_id']; + + change_channel($result['channel']['channel_id']); + + if(! strlen($next_page = get_config('system','workflow_channel_next'))) + $next_page = 'settings'; + + goaway(z_root() . '/' . $next_page); + +} + + + + + + + +function new_channel_content(&$a) { + + if(! get_account_id()) { + notice( t('Permission denied.') . EOL); + return; + } + + $name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : "" ); + $nickname = ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : "" ); + $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : "" ); + + $o = replace_macros(get_markup_template('new_channel.tpl'), array( + + '$title' => t('Add a Channel'), + '$desc' => t('A channel is your own collection of related web pages. A channel can be used to hold social network profiles, blogs, conversation groups and forums, celebrity pages, and much more. You may create as many channels as your service provider allows.'), + + '$label_name' => t('Channel Name'), + '$help_name' => t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group" '), + '$label_nick' => t('Choose a short nickname'), + '$nick_desc' => t('Your nickname will be used to create an easily remembered channel address (like an email address) which you can share with others.'), + '$label_import' => t('Or <a href="import">import an existing channel</a> from another location'), + '$name' => $name, + '$help_role' => t('Please choose a channel type (such as social networking or community forum) and privacy requirements so we can select the best permissions for you'), + '$role' => array('permissions_role' , t('Channel Type'), ($privacy_role) ? $privacy_role : 'social', '<a href="help/roles" target="_blank">'.t('Read more about roles').'</a>',get_roles()), + '$nickname' => $nickname, + '$submit' => t('Create') + )); + + return $o; + +} + diff --git a/mod/notes.php b/mod/notes.php new file mode 100644 index 000000000..4bb97fc9e --- /dev/null +++ b/mod/notes.php @@ -0,0 +1,24 @@ +<?php /** @file */ + +function notes_init(&$a) { + + if(! local_channel()) + return; + + $ret = array('success' => true); + if($_REQUEST['note_text'] || $_REQUEST['note_text'] == '') { + $body = escape_tags($_REQUEST['note_text']); + set_pconfig(local_channel(),'notes','text',$body); + } + + // push updates to channel clones + + if((argc() > 1) && (argv(1) === 'sync')) { + require_once('include/zot.php'); + build_sync_packet(); + } + + logger('notes saved.', LOGGER_DEBUG); + json_return_and_die($ret); + +} diff --git a/mod/notifications.php b/mod/notifications.php new file mode 100644 index 000000000..f679fbb3b --- /dev/null +++ b/mod/notifications.php @@ -0,0 +1,105 @@ +<?php + +function notifications_post(&$a) { + + if(! local_channel()) { + goaway(z_root()); + } + + $request_id = (($a->argc > 1) ? $a->argv[1] : 0); + + if($request_id === "all") + return; + + if($request_id) { + + $r = q("SELECT * FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($request_id), + intval(local_channel()) + ); + + if(count($r)) { + $intro_id = $r[0]['id']; + $contact_id = $r[0]['contact-id']; + } + else { + notice( t('Invalid request identifier.') . EOL); + return; + } + + // If it is a friend suggestion, the contact is not a new friend but an existing friend + // that should not be deleted. + + $fid = $r[0]['fid']; + + if($_POST['submit'] == t('Discard')) { + $r = q("DELETE FROM `intro` WHERE `id` = %d", + intval($intro_id) + ); + if(! $fid) { + + // The check for blocked and pending is in case the friendship was already approved + // and we just want to get rid of the now pointless notification + + $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1", + intval($contact_id), + intval(local_channel()) + ); + } + goaway($a->get_baseurl(true) . '/notifications/intros'); + } + if($_POST['submit'] == t('Ignore')) { + $r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d", + intval($intro_id)); + goaway($a->get_baseurl(true) . '/notifications/intros'); + } + } +} + + + + + +function notifications_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + nav_set_selected('notifications'); + + $o = ''; + + $notif_tpl = get_markup_template('notifications.tpl'); + + $not_tpl = get_markup_template('notify.tpl'); + require_once('include/bbcode.php'); + + $r = q("SELECT * from notify where uid = %d and seen = 0 order by date desc", + intval(local_channel()) + ); + + if (count($r) > 0) { + $notifications_available =1; + foreach ($r as $it) { + $notif_content .= replace_macros($not_tpl,array( + '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'], + '$item_image' => $it['photo'], + '$item_text' => strip_tags(bbcode($it['msg'])), + '$item_when' => relative_date($it['date']) + )); + } + } else { + $notif_content .= t('No more system notifications.'); + } + + $o .= replace_macros($notif_tpl,array( + '$notif_header' => t('System Notifications'), + '$notif_link_mark_seen' => t('Mark all system notifications seen'), + '$notif_content' => $notif_content, + '$notifications_available' => $notifications_available, + )); + + return $o; +} diff --git a/mod/notify.php b/mod/notify.php new file mode 100644 index 000000000..4c9d1977b --- /dev/null +++ b/mod/notify.php @@ -0,0 +1,64 @@ +<?php + + +function notify_init(&$a) { + if(! local_channel()) + return; + + if(argc() > 2 && argv(1) === 'view' && intval(argv(2))) { + $r = q("select * from notify where id = %d and uid = %d limit 1", + intval(argv(2)), + intval(local_channel()) + ); + if($r) { + q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d", + dbesc($r[0]['parent']), + dbesc($r[0]['otype']), + dbesc($r[0]['link']), + intval(local_channel()) + ); + goaway($r[0]['link']); + } + goaway($a->get_baseurl(true)); + } + + +} + + +function notify_content(&$a) { + if(! local_channel()) + return login(); + + $notif_tpl = get_markup_template('notifications.tpl'); + + $not_tpl = get_markup_template('notify.tpl'); + require_once('include/bbcode.php'); + + $r = q("SELECT * from notify where uid = %d and seen = 0 order by date desc", + intval(local_channel()) + ); + + if($r) { + foreach ($r as $it) { + $notif_content .= replace_macros($not_tpl,array( + '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'], + '$item_image' => $it['photo'], + '$item_text' => strip_tags(bbcode($it['msg'])), + '$item_when' => relative_date($it['date']) + )); + } + } + else { + $notif_content .= t('No more system notifications.'); + } + + $o .= replace_macros($notif_tpl,array( + '$notif_header' => t('System Notifications'), + '$tabs' => '', // $tabs, + '$notif_content' => $notif_content, + )); + + return $o; + +}
\ No newline at end of file diff --git a/mod/oembed.php b/mod/oembed.php new file mode 100644 index 000000000..d4a4424f5 --- /dev/null +++ b/mod/oembed.php @@ -0,0 +1,30 @@ +<?php +require_once("include/oembed.php"); + +function oembed_init(&$a){ + // logger('mod_oembed ' . $a->query_string, LOGGER_ALL); + + if(argc() > 1) { + if (argv(1) == 'b2h'){ + $url = array( "", trim(hex2bin($_REQUEST['url']))); + echo oembed_replacecb($url); + killme(); + } + + elseif (argv(1) == 'h2b'){ + $text = trim(hex2bin($_REQUEST['text'])); + echo oembed_html2bbcode($text); + killme(); + } + + else { + echo "<html><body>"; + $src = base64url_decode(argv(1)); + $j = oembed_fetch_url($src); + echo $j->html; +// logger('mod-oembed ' . $h, LOGGER_ALL); + echo "</body></html>"; + } + } + killme(); +} diff --git a/mod/oexchange.php b/mod/oexchange.php new file mode 100644 index 000000000..a684bd5d8 --- /dev/null +++ b/mod/oexchange.php @@ -0,0 +1,71 @@ +<?php + + +function oexchange_init(&$a) { + + if((argc() > 1) && (argv(1) === 'xrd')) { + $tpl = get_markup_template('oexchange_xrd.tpl'); + + $o = replace_macros($tpl, array('$base' => $a->get_baseurl())); + echo $o; + killme(); + } +} + +function oexchange_content(&$a) { + + if(! local_channel()) { + if(remote_channel()) { + $observer = $a->get_observer(); + if($observer && $observer['xchan_url']) { + $parsed = @parse_url($observer['xchan_url']); + if(! $parsed) { + notice( t('Unable to find your hub.') . EOL); + return; + } + $url = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); + $url .= '/oexchange'; + $result = z_post_url($url,$_REQUEST); + json_return_and_die($result); + } + } + + return login(false); + } + + if((argc() > 1) && argv(1) === 'done') { + info( t('Post successful.') . EOL); + return; + } + + $url = (((x($_REQUEST,'url')) && strlen($_REQUEST['url'])) + ? urlencode(notags(trim($_REQUEST['url']))) : ''); + $title = (((x($_REQUEST,'title')) && strlen($_REQUEST['title'])) + ? '&title=' . urlencode(notags(trim($_REQUEST['title']))) : ''); + $description = (((x($_REQUEST,'description')) && strlen($_REQUEST['description'])) + ? '&description=' . urlencode(notags(trim($_REQUEST['description']))) : ''); + $tags = (((x($_REQUEST,'tags')) && strlen($_REQUEST['tags'])) + ? '&tags=' . urlencode(notags(trim($_REQUEST['tags']))) : ''); + + $ret = z_fetch_url($a->get_baseurl() . '/parse_url?f=&url=' . $url . $title . $description . $tags); + + if($ret['success']) + $s = $ret['body']; + + if(! strlen($s)) + return; + + $post = array(); + + $post['profile_uid'] = local_channel(); + $post['return'] = '/oexchange/done' ; + $post['body'] = $s; + $post['type'] = 'wall'; + + $_REQUEST = $post; + require_once('mod/item.php'); + item_post($a); + +} + + diff --git a/mod/online.php b/mod/online.php new file mode 100644 index 000000000..c6500347a --- /dev/null +++ b/mod/online.php @@ -0,0 +1,11 @@ +<?php /** @file */ + +function online_init(&$a) { + + $ret = array('result' => false); + if(argc() != 2) + json_return_and_die($ret); + + $ret = get_online_status(argv(1)); + json_return_and_die($ret); +} diff --git a/mod/openid.php b/mod/openid.php new file mode 100644 index 000000000..70da2690a --- /dev/null +++ b/mod/openid.php @@ -0,0 +1,192 @@ +<?php + + +require_once('library/openid/openid.php'); +require_once('include/auth.php'); + +function openid_content(&$a) { + + $noid = get_config('system','disable_openid'); + if($noid) + goaway(z_root()); + + logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); + + if(x($_REQUEST,'openid_mode')) { + + $openid = new LightOpenID(z_root()); + + if($openid->validate()) { + + logger('openid: validate'); + + $authid = normalise_openid($_REQUEST['openid_identity']); + + if(! strlen($authid)) { + logger( t('OpenID protocol error. No ID returned.') . EOL); + goaway(z_root()); + } + + $x = match_openid($authid); + if($x) { + + $r = q("select * from channel where channel_id = %d limit 1", + intval($x) + ); + if($r) { + $y = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if($y) { + foreach($y as $record) { + if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) { + logger('mod_openid: openid success for ' . $x[0]['channel_name']); + $_SESSION['uid'] = $r[0]['channel_id']; + $_SESSION['account_id'] = $r[0]['channel_account_id']; + $_SESSION['authenticated'] = true; + authenticate_success($record,true,true,true,true); + goaway(z_root()); + } + } + } + } + } + + // Successful OpenID login - but we can't match it to an existing account. + // See if they've got an xchan + + $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", + dbesc($authid) + ); + + if($r) { + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $r[0]['xchan_hash']; + $_SESSION['my_url'] = $r[0]['xchan_url']; + $_SESSION['my_address'] = $r[0]['xchan_addr']; + $arr = array('xchan' => $r[0], 'session' => $_SESSION); + call_hooks('magic_auth_openid_success',$arr); + $a->set_observer($r[0]); + require_once('include/security.php'); + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name'])); + logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); + if($_SESSION['return_url']) + goaway($_SESSION['return_url']); + goaway(z_root()); + } + + // no xchan... + // create one. + // We should probably probe the openid url and figure out if they have any kind of social presence we might be able to + // scrape some identifying info from. + + $name = $authid; + $url = trim($_REQUEST['openid_identity'],'/'); + if(strpos($url,'http') === false) + $url = 'https://' . $url; + $pphoto = z_root() . '/' . get_default_profile_photo(); + $parsed = @parse_url($url); + if($parsed) { + $host = $parsed['host']; + } + + $attr = $openid->getAttributes(); + + if(is_array($attr) && count($attr)) { + foreach($attr as $k => $v) { + if($k === 'namePerson/friendly') + $nick = notags(trim($v)); + if($k === 'namePerson/first') + $first = notags(trim($v)); + if($k === 'namePerson') + $name = notags(trim($v)); + if($k === 'contact/email') + $addr = notags(trim($v)); + if($k === 'media/image/aspect11') + $photosq = trim($v); + if($k === 'media/image/default') + $photo_other = trim($v); + } + } + if(! $nick) { + if($first) + $nick = $first; + else + $nick = $name; + } + + require_once('library/urlify/URLify.php'); + $x = strtolower(URLify::transliterate($nick)); + if($nick & $host) + $addr = $nick . '@' . $host; + $network = 'unknown'; + + if($photosq) + $pphoto = $photosq; + elseif($photo_other) + $pphoto = $photo_other; + + $mimetype = guess_image_type($pphoto); + + $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype, + xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, + xchan_name_date, xchan_hidden) + values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", + dbesc($url), + dbesc(''), + dbesc(''), + dbesc(''), + dbesc($mimetype), + dbesc($pphoto), + dbesc($addr), + dbesc($url), + dbesc(''), + dbesc(''), + dbesc(''), + dbesc($name), + dbesc($network), + dbesc(datetime_convert()), + dbesc(datetime_convert()) + ); + if($x) { + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($url) + ); + if($r) { + + $photos = import_profile_photo($pphoto,$url); + if($photos) { + $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', + xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", + dbesc(datetime_convert()), + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc($photos[3]), + dbesc($url) + ); + } + + set_xconfig($url,'system','openid',$authid); + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $r[0]['xchan_hash']; + $_SESSION['my_url'] = $r[0]['xchan_url']; + $_SESSION['my_address'] = $r[0]['xchan_addr']; + $arr = array('xchan' => $r[0], 'session' => $_SESSION); + call_hooks('magic_auth_openid_success',$arr); + $a->set_observer($r[0]); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$r[0]['xchan_name'])); + logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']); + if($_SESSION['return_url']) + goaway($_SESSION['return_url']); + goaway(z_root()); + } + } + + } + } + notice( t('Login failed.') . EOL); + goaway(z_root()); + // NOTREACHED +} diff --git a/mod/opensearch.php b/mod/opensearch.php new file mode 100644 index 000000000..d28c4f1b8 --- /dev/null +++ b/mod/opensearch.php @@ -0,0 +1,18 @@ +<?php + +function opensearch_init(&$a) { + + $tpl = get_markup_template('opensearch.tpl'); + + header("Content-type: application/opensearchdescription+xml"); + + $o = replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(), + '$nodename' => $a->get_hostname(), + )); + + echo $o; + + killme(); + +} diff --git a/mod/p.php b/mod/p.php new file mode 100644 index 000000000..4e411a17b --- /dev/null +++ b/mod/p.php @@ -0,0 +1,51 @@ +<?php /** @file */ + +require_once('include/bb2diaspora.php'); + +// used in Diaspora communications to provide a server copy of a sent post in XML format. + +function p_init(&$a) { + + if(argc() < 2) + http_status_exit(401); + + $mid = str_replace('.xml','',argv(1)); + + $r = q("select * from item where mid = '%s' and item_wall = 1 and item_private = 0 limit 1", + dbesc($mid) + ); + + + if((! $r) || (! perm_is_allowed($r[0]['uid'],'','view_stream'))) + http_status_exit(404); + + + $c = q("select * from channel where channel_id = %d limit 1", + intval($r[0]['uid']) + ); + + if(! $c) + http_status_exit(404); + + $myaddr = $c[0]['channel_address'] . '@' . $a->get_hostname(); + + $item = $r[0]; + + $title = $item['title']; + $body = bb2diaspora_itembody($item); + $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C'); + + $tpl = get_markup_template('diaspora_post.tpl'); + $msg = replace_macros($tpl, array( + '$body' => xmlify($body), + '$guid' => $item['mid'], + '$handle' => xmlify($myaddr), + '$public' => 'true', + '$created' => $created, + '$provider' => (($item['app']) ? $item['app'] : t('$projectname')) + )); + + header('Content-type: text/xml'); + echo $msg; + killme(); +}
\ No newline at end of file diff --git a/mod/page.php b/mod/page.php new file mode 100644 index 000000000..b635a60f2 --- /dev/null +++ b/mod/page.php @@ -0,0 +1,137 @@ +<?php + +require_once('include/items.php'); +require_once('include/conversation.php'); +require_once('include/page_widgets.php'); + +function page_init(&$a) { + // We need this to make sure the channel theme is always loaded. + + $which = argv(1); + $profile = 0; + profile_load($a,$which,$profile); + + + + if($a->profile['profile_uid']) + head_set_icon($a->profile['thumb']); + + // load the item here in the init function because we need to extract + // the page layout and initialise the correct theme. + + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + + // perm_is_allowed is denied unconditionally when 'site blocked to unauthenticated members'. + // This bypasses that restriction for sys channel (public) content + + if((! perm_is_allowed($a->profile['profile_uid'],$ob_hash,'view_pages')) && (! is_sys_channel($a->profile['profile_uid']))) { + notice( t('Permission denied.') . EOL); + return; + } + + if(argc() < 3) { + notice( t('Invalid item.') . EOL); + return; + } + + $channel_address = argv(1); + + // The page link title was stored in a urlencoded format + // php or the browser may/will have decoded it, so re-encode it for our search + + $page_id = urlencode(argv(2)); + + $u = q("select channel_id from channel where channel_address = '%s' limit 1", + dbesc($channel_address) + ); + + if(! $u) { + notice( t('Channel not found.') . EOL); + return; + } + + if($_REQUEST['rev']) + $revision = " and revision = " . intval($_REQUEST['rev']) . " "; + else + $revision = " order by revision desc "; + + require_once('include/security.php'); + $sql_options = item_permissions_sql($u[0]['channel_id']); + + $r = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and (( service = 'WEBPAGE' and item_type = %d ) + OR ( service = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_TYPE_WEBPAGE), + intval(ITEM_TYPE_PDL) + ); + if(! $r) { + + // Check again with no permissions clause to see if it is a permissions issue + + $x = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and + item_type = %d $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_TYPE_WEBPAGE) + ); + + if($x) { + // Yes, it's there. You just aren't allowed to see it. + notice( t('Permission denied.') . EOL); + } + else { + notice( t('Page not found.') . EOL); + } + return; + } + + if($r[0]['item_type'] == ITEM_TYPE_PDL) { + require_once('include/comanche.php'); + comanche_parser(get_app(),$r[0]['body']); + get_app()->pdl = $r[0]['body']; + } + elseif($r[0]['layout_mid']) { + $l = q("select body from item where mid = '%s' and uid = %d limit 1", + dbesc($r[0]['layout_mid']), + intval($u[0]['channel_id']) + ); + + if($l) { + require_once('include/comanche.php'); + comanche_parser(get_app(),$l[0]['body']); + get_app()->pdl = $l[0]['body']; + } + } + + $a->data['webpage'] = $r; + +} + + + + +function page_content(&$a) { + + $r = $a->data['webpage']; + if(! $r) + return; + + if($r[0]['item_type'] == ITEM_TYPE_PDL) { + $r[0]['body'] = t('Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.'); + $r[0]['mimetype'] = 'text/plain'; + $r[0]['title'] = ''; + + } + + xchan_query($r); + $r = fetch_post_tags($r,true); + $o .= prepare_page($r[0]); + return $o; + +} diff --git a/mod/parse_url.php b/mod/parse_url.php new file mode 100644 index 000000000..2a6f7663e --- /dev/null +++ b/mod/parse_url.php @@ -0,0 +1,381 @@ +<?php + +require_once('include/oembed.php'); + +/* To-Do +https://developers.google.com/+/plugins/snippet/ + +<meta itemprop="name" content="Toller Titel"> +<meta itemprop="description" content="Eine tolle Beschreibung"> +<meta itemprop="image" content="http://maple.libertreeproject.org/images/tree-icon.png"> + +<body itemscope itemtype="http://schema.org/Product"> + <h1 itemprop="name">Shiny Trinket</h1> + <img itemprop="image" src="{image-url}" /> + <p itemprop="description">Shiny trinkets are shiny.</p> +</body> +*/ + +if(!function_exists('deletenode')) { + function deletenode(&$doc, $node) + { + $xpath = new DomXPath($doc); + $list = $xpath->query("//".$node); + foreach ($list as $child) + $child->parentNode->removeChild($child); + } +} + +function completeurl($url, $scheme) { + $urlarr = parse_url($url); + + if (isset($urlarr["scheme"])) + return($url); + + $schemearr = parse_url($scheme); + + $complete = $schemearr["scheme"]."://".$schemearr["host"]; + + if ($schemearr["port"] != "") + $complete .= ":".$schemearr["port"]; + + if(strpos($urlarr['path'],'/') !== 0) + $complete .= '/'; + + $complete .= $urlarr["path"]; + + if ($urlarr["query"] != "") + $complete .= "?".$urlarr["query"]; + + if ($urlarr["fragment"] != "") + $complete .= "#".$urlarr["fragment"]; + + return($complete); +} + +function parseurl_getsiteinfo($url) { + $siteinfo = array(); + + + $result = z_fetch_url($url,false,0,array('novalidate' => true)); + if(! $result['success']) + return $siteinfo; + + $header = $result['header']; + $body = $result['body']; + + $body = mb_convert_encoding($body, 'UTF-8', 'UTF-8'); + $body = mb_convert_encoding($body, 'HTML-ENTITIES', "UTF-8"); + + $doc = new DOMDocument(); + @$doc->loadHTML($body); + + deletenode($doc, 'style'); + deletenode($doc, 'script'); + deletenode($doc, 'option'); + deletenode($doc, 'h1'); + deletenode($doc, 'h2'); + deletenode($doc, 'h3'); + deletenode($doc, 'h4'); + deletenode($doc, 'h5'); + deletenode($doc, 'h6'); + deletenode($doc, 'ol'); + deletenode($doc, 'ul'); + + $xpath = new DomXPath($doc); + + //$list = $xpath->query("head/title"); + $list = $xpath->query("//title"); + foreach ($list as $node) + $siteinfo["title"] = html_entity_decode($node->nodeValue, ENT_QUOTES, "UTF-8"); + + //$list = $xpath->query("head/meta[@name]"); + $list = $xpath->query("//meta[@name]"); + foreach ($list as $node) { + $attr = array(); + if ($node->attributes->length) + foreach ($node->attributes as $attribute) + $attr[$attribute->name] = $attribute->value; + + $attr["content"] = html_entity_decode($attr["content"], ENT_QUOTES, "UTF-8"); + + switch (strtolower($attr["name"])) { + case 'generator': + $siteinfo['generator'] = $attr['content']; + break; + case "fulltitle": + $siteinfo["title"] = $attr["content"]; + break; + case "description": + $siteinfo["text"] = $attr["content"]; + break; + case "dc.title": + $siteinfo["title"] = $attr["content"]; + break; + case "dc.description": + $siteinfo["text"] = $attr["content"]; + break; + } + } + + //$list = $xpath->query("head/meta[@property]"); + $list = $xpath->query("//meta[@property]"); + foreach ($list as $node) { + $attr = array(); + if ($node->attributes->length) + foreach ($node->attributes as $attribute) + $attr[$attribute->name] = $attribute->value; + + $attr["content"] = html_entity_decode($attr["content"], ENT_QUOTES, "UTF-8"); + + switch (strtolower($attr["property"])) { + case "og:image": + $siteinfo["image"] = $attr["content"]; + break; + case "og:title": + $siteinfo["title"] = $attr["content"]; + break; + case "og:description": + $siteinfo["text"] = $attr["content"]; + break; + } + } + + if ($siteinfo["image"] == "") { + $list = $xpath->query("//img[@src]"); + foreach ($list as $node) { + $attr = array(); + if ($node->attributes->length) + foreach ($node->attributes as $attribute) + $attr[$attribute->name] = $attribute->value; + + $src = completeurl($attr["src"], $url); + $photodata = @getimagesize($src); + + if (($photodata) && ($photodata[0] > 150) and ($photodata[1] > 150)) { + if ($photodata[0] > 300) { + $photodata[1] = round($photodata[1] * (300 / $photodata[0])); + $photodata[0] = 300; + } + if ($photodata[1] > 300) { + $photodata[0] = round($photodata[0] * (300 / $photodata[1])); + $photodata[1] = 300; + } + $siteinfo["images"][] = array("src"=>$src, + "width"=>$photodata[0], + "height"=>$photodata[1]); + } + + } + } else { + $src = completeurl($siteinfo["image"], $url); + + unset($siteinfo["image"]); + + $photodata = @getimagesize($src); + + if (($photodata) && ($photodata[0] > 10) and ($photodata[1] > 10)) + $siteinfo["images"][] = array("src"=>$src, + "width"=>$photodata[0], + "height"=>$photodata[1]); + } + + if ($siteinfo["text"] == "") { + $text = ""; + + $list = $xpath->query("//div[@class='article']"); + foreach ($list as $node) + if (strlen($node->nodeValue) > 40) + $text .= " ".trim($node->nodeValue); + + if ($text == "") { + $list = $xpath->query("//div[@class='content']"); + foreach ($list as $node) + if (strlen($node->nodeValue) > 40) + $text .= " ".trim($node->nodeValue); + } + + // If none text was found then take the paragraph content + if ($text == "") { + $list = $xpath->query("//p"); + foreach ($list as $node) + if (strlen($node->nodeValue) > 40) + $text .= " ".trim($node->nodeValue); + } + + if ($text != "") { + $text = trim(str_replace(array("\n", "\r"), array(" ", " "), $text)); + + while (strpos($text, " ")) + $text = trim(str_replace(" ", " ", $text)); + + $siteinfo["text"] = html_entity_decode(substr($text,0,350), ENT_QUOTES, "UTF-8").'...'; + } + } + + return($siteinfo); +} + +function arr_add_hashes(&$item,$k) { + $item = '#' . $item; +} + +function parse_url_content(&$a) { + + $text = null; + $str_tags = ''; + + + $br = "\n"; + + if(x($_GET,'binurl')) + $url = trim(hex2bin($_GET['binurl'])); + else + $url = trim($_GET['url']); + + if((substr($url,0,1) != '/') && (substr($url,0,4) != 'http')) + $url = 'http://' . $url; + + + if($_GET['title']) + $title = strip_tags(trim($_GET['title'])); + + if($_GET['description']) + $text = strip_tags(trim($_GET['description'])); + + if($_GET['tags']) { + $arr_tags = str_getcsv($_GET['tags']); + if(count($arr_tags)) { + array_walk($arr_tags,'arr_add_hashes'); + $str_tags = $br . implode(' ',$arr_tags) . $br; + } + } + + logger('parse_url: ' . $url); + + $result = z_fetch_url($url,false,0,array('novalidate' => true, 'nobody' => true)); + if($result['success']) { + $hdrs=array(); + $h = explode("\n",$result['header']); + foreach ($h as $l) { + list($k,$v) = array_map("trim", explode(":", trim($l), 2)); + $hdrs[$k] = $v; + } + if (array_key_exists('Content-Type', $hdrs)) + $type = $hdrs['Content-Type']; + if($type) { + $zrl = is_matrix_url($url); + if(stripos($type,'image/') !== false) { + if($zrl) + echo $br . '[zmg]' . $url . '[/zmg]' . $br; + else + echo $br . '[img]' . $url . '[/img]' . $br; + killme(); + } + if(stripos($type,'video/') !== false) { + if($zrl) + echo $br . '[zvideo]' . $url . '[/zvideo]' . $br; + else + echo $br . '[video]' . $url . '[/video]' . $br; + killme(); + } + if(stripos($type,'audio/') !== false) { + if($zrl) + echo $br . '[zaudio]' . $url . '[/zaudio]' . $br; + else + echo $br . '[audio]' . $url . '[/audio]' . $br; + killme(); + } + } + } + + $template = $br . '#^[url=%s]%s[/url]%s' . $br; + + $arr = array('url' => $url, 'text' => ''); + + call_hooks('parse_link', $arr); + + if(strlen($arr['text'])) { + echo $arr['text']; + killme(); + } + + $x = oembed_process($url); + if($x) { + echo $x; + killme(); + } + + if($url && $title && $text) { + + + $text = $br . '[quote]' . trim($text) . '[/quote]' . $br; + + $title = str_replace(array("\r","\n"),array('',''),$title); + + $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags; + + logger('parse_url (unparsed): returns: ' . $result); + + echo $result; + killme(); + } + + $siteinfo = parseurl_getsiteinfo($url); + + // If this is a Red site, use zrl rather than url so they get zids sent to them by default + + if( x($siteinfo,'generator') && (strpos($siteinfo['generator'],PLATFORM_NAME . ' ') === 0)) + $template = str_replace('url','zrl',$template); + + if($siteinfo["title"] == "") { + echo sprintf($template,$url,$url,'') . $str_tags; + killme(); + } else { + $text = $siteinfo["text"]; + $title = $siteinfo["title"]; + } + + $image = ""; + + if(sizeof($siteinfo["images"]) > 0){ + /* Execute below code only if image is present in siteinfo */ + + $total_images = 0; + $max_images = get_config('system','max_bookmark_images'); + if($max_images === false) + $max_images = 2; + else + $max_images = intval($max_images); + + foreach ($siteinfo["images"] as $imagedata) { + if ($url) { + $image .= sprintf('[url=%s]', $url); + } + $image .= '[img='.$imagedata["width"].'x'.$imagedata["height"].']'.$imagedata["src"].'[/img]'; + if ($url) { + $image .= '[/url]'; + } + $image .= "\n"; + $total_images ++; + if($max_images && $max_images >= $total_images) + break; + } + } + + if(strlen($text)) { + $text = $br.'[quote]'.trim($text).'[/quote]'.$br ; + } + + if($image) { + $text = $br.$br.$image.$text; + } + $title = str_replace(array("\r","\n"),array('',''),$title); + + $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags; + + logger('parse_url: returns: ' . $result, LOGGER_DEBUG); + + echo trim($result); + killme(); +} diff --git a/mod/pconfig.php b/mod/pconfig.php new file mode 100755 index 000000000..413dd2911 --- /dev/null +++ b/mod/pconfig.php @@ -0,0 +1,113 @@ +<?php + + +function disallowed_pconfig() { + return array( + 'permissions_role' + ); +} + + +function pconfig_post(&$a) { + + if(! local_channel()) + return; + + + if($_SESSION['delegate']) + return; + + check_form_security_token_redirectOnErr('/pconfig', 'pconfig'); + + $cat = trim(escape_tags($_POST['cat'])); + $k = trim(escape_tags($_POST['k'])); + $v = trim($_POST['v']); + + if(in_array(argv(2),disallowed_pconfig())) { + notice( t('This setting requires special processing and editing has been blocked.') . EOL); + return; + } + + if(strpos($k,'password') !== false) { + $v = z_obscure($v); + } + + set_pconfig(local_channel(),$cat,$k,$v); + build_sync_packet(); + + goaway(z_root() . '/pconfig/' . $cat . '/' . $k); + +} + + +function pconfig_content(&$a) { + + if(! local_channel()) { + return login(); + } + + $content = '<h3>' . t('Configuration Editor') . '</h3>'; + $content .= '<div class="descriptive-paragraph">' . t('Warning: Changing some settings could render your channel inoperable. Please leave this page unless you are comfortable with and knowledgeable about how to correctly use this feature.') . '</div>' . EOL . EOL; + + + + if(argc() == 3) { + $content .= '<a href="pconfig">pconfig[' . local_channel() . ']</a>' . EOL; + $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '">pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . ']</a>' . EOL . EOL; + $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '/' . escape_tags(argv(2)) . '" >pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . escape_tags(argv(2)) . ']</a> = ' . get_pconfig(local_channel(),escape_tags(argv(1)),escape_tags(argv(2))) . EOL; + + if(in_array(argv(2),disallowed_pconfig())) { + notice( t('This setting requires special processing and editing has been blocked.') . EOL); + return $content; + } + else + $content .= pconfig_form(escape_tags(argv(1)),escape_tags(argv(2))); + } + + + if(argc() == 2) { + $content .= '<a href="pconfig">pconfig[' . local_channel() . ']</a>' . EOL; + load_pconfig(local_channel(),escape_tags(argv(1))); + foreach($a->config[local_channel()][escape_tags(argv(1))] as $k => $x) { + $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '/' . $k . '" >pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . $k . ']</a> = ' . escape_tags($x) . EOL; + } + } + + if(argc() == 1) { + + $r = q("select * from pconfig where uid = " . local_channel()); + if($r) { + foreach($r as $rr) { + $content .= '<a href="' . 'pconfig/' . escape_tags($rr['cat']) . '/' . escape_tags($rr['k']) . '" >pconfig[' . local_channel() . '][' . escape_tags($rr['cat']) . '][' . escape_tags($rr['k']) . ']</a> = ' . escape_tags($rr['v']) . EOL; + } + } + } + return $content; + +} + + +function pconfig_form($cat,$k) { + + $o = '<form action="pconfig" method="post" >'; + $o .= '<input type="hidden" name="form_security_token" value="' . get_form_security_token('pconfig') . '" />'; + + $v = get_pconfig(local_channel(),$cat,$k); + if(strpos($k,'password') !== false) + $v = z_unobscure($v); + + $o .= '<input type="hidden" name="cat" value="' . $cat . '" />'; + $o .= '<input type="hidden" name="k" value="' . $k . '" />'; + + if(strpos($v,"\n")) + $o .= '<textarea name="v" >' . escape_tags($v) . '</textarea>'; + else + $o .= '<input type="text" name="v" value="' . escape_tags($v) . '" />'; + + $o .= EOL . EOL; + $o .= '<input type="submit" name="submit" value="' . t('Submit') . '" />'; + $o .= '</form>'; + + return $o; + +} diff --git a/mod/pdledit.php b/mod/pdledit.php new file mode 100644 index 000000000..93b8d52e6 --- /dev/null +++ b/mod/pdledit.php @@ -0,0 +1,62 @@ +<?php + +function pdledit_post(&$a) { + if(! local_channel()) + return; + if(! $_REQUEST['module']) + return; + if(! trim($_REQUEST['content'])) { + del_pconfig(local_channel(),'system','mod_' . $_REQUEST['module'] . '.pdl'); + goaway(z_root() . '/pdledit/' . $_REQUEST['module']); + } + set_pconfig(local_channel(),'system','mod_' . $_REQUEST['module'] . '.pdl',escape_tags($_REQUEST['content'])); + info( t('Layout updated.') . EOL); + goaway(z_root() . '/pdledit/' . $_REQUEST['module']); +} + + +function pdledit_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + if(argc() > 1) + $module = 'mod_' . argv(1) . '.pdl'; + else { + $o .= '<h1>' . t('Edit System Page Description') . '</h1>'; + $files = glob('mod/*'); + if($files) { + foreach($files as $f) { + $name = basename($f,'.php'); + $x = theme_include('mod_' . $name . '.pdl'); + if($x) { + $o .= '<a href="pdledit/' . $name . '" >' . $name . '</a><br />'; + } + } + } + + // list module pdl files + return $o; + } + + $t = get_pconfig(local_channel(),'system',$module); + if(! $t) + $t = file_get_contents(theme_include($module)); + if(! $t) { + notice( t('Layout not found.') . EOL); + return ''; + } + + $o = replace_macros(get_markup_template('pdledit.tpl'),array( + '$header' => t('Edit System Page Description'), + '$mname' => t('Module Name:'), + '$help' => t('Layout Help'), + '$module' => argv(1), + '$content' => htmlspecialchars($t,ENT_COMPAT,'UTF-8'), + '$submit' => t('Submit') + )); + + return $o; +} diff --git a/mod/photo.php b/mod/photo.php new file mode 100644 index 000000000..2e16fc1d9 --- /dev/null +++ b/mod/photo.php @@ -0,0 +1,244 @@ +<?php + +require_once('include/security.php'); +require_once('include/photo/photo_driver.php'); + +function photo_init(&$a) { + + $prvcachecontrol = false; + + switch(argc()) { + case 4: + $person = argv(3); + $res = argv(2); + $type = argv(1); + break; + case 2: + $photo = argv(1); + break; + case 1: + default: + killme(); + // NOTREACHED + } + + $observer_xchan = get_observer_hash(); + + $default = get_default_profile_photo(); + + if(isset($type)) { + + /** + * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites. + * + */ + + if($type === 'profile') { + switch($res) { + + case 'm': + $resolution = 5; + $default = get_default_profile_photo(80); + break; + case 's': + $resolution = 6; + $default = get_default_profile_photo(48); + break; + case 'l': + default: + $resolution = 4; + break; + } + } + + $uid = $person; + + $r = q("SELECT * FROM photo WHERE scale = %d AND uid = %d AND photo_usage = %d LIMIT 1", + intval($resolution), + intval($uid), + intval(PHOTO_PROFILE) + ); + if(count($r)) { + $data = dbunescbin($r[0]['data']); + $mimetype = $r[0]['type']; + } + if(intval($r[0]['os_storage'])) + $data = file_get_contents($data); + if(! isset($data)) { + $data = file_get_contents($default); + $mimetype = 'image/png'; + } + } + else { + + /** + * Other photos + */ + + /* Check for a cookie to indicate display pixel density, in order to detect high-resolution + displays. This procedure was derived from the "Retina Images" by Jeremey Worboys, + used in accordance with the Creative Commons Attribution 3.0 Unported License. + Project link: https://github.com/Retina-Images/Retina-Images + License link: http://creativecommons.org/licenses/by/3.0/ + */ + $cookie_value = false; + if (isset($_COOKIE['devicePixelRatio'])) { + $cookie_value = intval($_COOKIE['devicePixelRatio']); + } + else { + // Force revalidation of cache on next request + $cache_directive = 'no-cache'; + $status = 'no cookie'; + } + + $resolution = 0; + + if(strpos($photo,'.') !== false) + $photo = substr($photo,0,strpos($photo,'.')); + + if(substr($photo,-2,1) == '-') { + $resolution = intval(substr($photo,-1,1)); + $photo = substr($photo,0,-2); + // If viewing on a high-res screen, attempt to serve a higher resolution image: + if ($resolution == 2 && ($cookie_value > 1)) + { + $resolution = 1; + } + } + + // If using resolution 1, make sure it exists before proceeding: + if ($resolution == 1) + { + $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND scale = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if (!($r)) + $resolution = 2; + } + + $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND scale = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if($r) { + + $allowed = (($r[0]['uid']) ? perm_is_allowed($r[0]['uid'],$observer_xchan,'view_photos') : true); + + $sql_extra = permissions_sql($r[0]['uid']); + + // Now we'll see if we can access the photo + + $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND scale = %d $sql_extra LIMIT 1", + dbesc($photo), + intval($resolution) + ); + + if($r && $allowed) { + $data = dbunescbin($r[0]['data']); + $mimetype = $r[0]['type']; + if(intval($r[0]['os_storage'])) + $data = file_get_contents($data); + } + else { + + // Does the picture exist? It may be a remote person with no credentials, + // but who should otherwise be able to view it. Show a default image to let + // them know permissions was denied. It may be possible to view the image + // through an authenticated profile visit. + // There won't be many completely unauthorised people seeing this because + // they won't have the photo link, so there's a reasonable chance that the person + // might be able to obtain permission to view it. + + $r = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + + if($r) { + logger('mod_photo: forbidden. ' . $a->query_string); + $observer = $a->get_observer(); + logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)')); + $data = file_get_contents('images/nosign.png'); + $mimetype = 'image/png'; + $prvcachecontrol = true; + } + } + } + } + + if(! isset($data)) { + if(isset($resolution)) { + switch($resolution) { + + case 4: + $data = file_get_contents(get_default_profile_photo()); + $mimetype = 'image/png'; + break; + case 5: + $data = file_get_contents(get_default_profile_photo(80)); + $mimetype = 'image/png'; + break; + case 6: + $data = file_get_contents(get_default_profile_photo(48)); + $mimetype = 'image/png'; + break; + default: + killme(); + // NOTREACHED + break; + } + } + } + + if(isset($res) && intval($res) && $res < 500) { + $ph = photo_factory($data, $mimetype); + if($ph->is_valid()) { + $ph->scaleImageSquare($res); + $data = $ph->imageString(); + $mimetype = $ph->getType(); + } + } + + // Writing in cachefile + if (isset($cachefile) && $cachefile != '') + file_put_contents($cachefile, $data); + + if(function_exists('header_remove')) { + header_remove('Pragma'); + header_remove('pragma'); + } + + header("Content-type: " . $mimetype); + + if($prvcachecontrol) { + + // it is a private photo that they have no permission to view. + // tell the browser not to cache it, in case they authenticate + // and subsequently have permission to see it + + header("Cache-Control: no-store, no-cache, must-revalidate"); + + } + else { + // The photo cache default is 1 day to provide a privacy trade-off, + // as somebody reducing photo permissions on a photo that is already + // "in the wild" won't be able to stop the photo from being viewed + // for this amount amount of time once it is in the browser cache. + // The privacy expectations of your site members and their perception + // of privacy where it affects the entire project may be affected. + // This has performance considerations but we highly recommend you + // leave it alone. + + $cache = get_config('system','photo_cache_time'); + if(! $cache) + $cache = (3600 * 24); // 1 day + + header("Expires: " . gmdate("D, d M Y H:i:s", time() + $cache) . " GMT"); + header("Cache-Control: max-age=" . $cache); + + } + echo $data; + killme(); + // NOTREACHED +} diff --git a/mod/photos.php b/mod/photos.php new file mode 100644 index 000000000..c65c87c27 --- /dev/null +++ b/mod/photos.php @@ -0,0 +1,1282 @@ +<?php +require_once('include/photo/photo_driver.php'); +require_once('include/photos.php'); +require_once('include/items.php'); +require_once('include/acl_selectors.php'); +require_once('include/bbcode.php'); +require_once('include/security.php'); +require_once('include/Contact.php'); +require_once('include/attach.php'); +require_once('include/text.php'); + + +function photos_init(&$a) { + + + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + return; + } + + $o = ''; + + if(argc() > 1) { + $nick = argv(1); + + profile_load($a,$nick); + + $channelx = channelx_by_nick($nick); + + if(! $channelx) + return; + + $a->data['channel'] = $channelx; + + $observer = $a->get_observer(); + $a->data['observer'] = $observer; + + $observer_xchan = (($observer) ? $observer['xchan_hash'] : ''); + + head_set_icon($a->data['channel']['xchan_photo_s']); + + $a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "'; var profile_uid = " . (($a->data['channel']) ? $a->data['channel']['channel_id'] : 0) . "; </script>" ; + + } + + return; +} + + + +function photos_post(&$a) { + + logger('mod-photos: photos_post: begin' , LOGGER_DEBUG); + + + logger('mod_photos: REQUEST ' . print_r($_REQUEST,true), LOGGER_DATA); + logger('mod_photos: FILES ' . print_r($_FILES,true), LOGGER_DATA); + + $ph = photo_factory(''); + + $phototypes = $ph->supportedTypes(); + + $can_post = false; + + $page_owner_uid = $a->data['channel']['channel_id']; + + if(perm_is_allowed($page_owner_uid,get_observer_hash(),'post_photos')) + $can_post = true; + + if(! $can_post) { + notice( t('Permission denied.') . EOL ); + if(is_ajax()) + killme(); + return; + } + + $s = abook_self($page_owner_uid); + + if(! $s) { + notice( t('Page owner information could not be retrieved.') . EOL); + logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid); + if(is_ajax()) + killme(); + return; + } + + $owner_record = $s[0]; + + + if((argc() > 3) && (argv(2) === 'album')) { + + $album = hex2bin(argv(3)); + + if($album === t('Profile Photos')) { + // not allowed + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + } + + if(! photos_album_exists($page_owner_uid,$album)) { + notice( t('Album not found.') . EOL); + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + } + + + /* + * RENAME photo album + */ + + $newalbum = notags(trim($_REQUEST['albumname'])); + if($newalbum != $album) { + $x = photos_album_rename($page_owner_uid,$album,$newalbum); + if($x) { + $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']); + goaway($a->get_baseurl() . '/' . $newurl); + } + } + + /* + * DELETE photo album and all its photos + */ + + if($_REQUEST['dropalbum'] == t('Delete Album')) { + + $res = array(); + + // get the list of photos we are about to delete + + if(remote_channel() && (! local_channel())) { + $str = photos_album_get_db_idstr($page_owner_uid,$album,remote_channel()); + } + elseif(local_channel()) { + $str = photos_album_get_db_idstr(local_channel(),$album); + } + else { + $str = null; + } + if(! $str) { + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + } + + $r = q("select id from item where resource_id in ( $str ) and resource_type = 'photo' and uid = %d " . item_normal(), + intval($page_owner_uid) + ); + if($r) { + foreach($r as $i) { + attach_delete($page_owner_uid, $i['resource_id'], 1 ); + drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */); + proc_run('php','include/notifier.php','drop',$i['id']); + } + } + + // remove the associated photos in case they weren't attached to an item + + q("delete from photo where resource_id in ( $str ) and uid = %d", + intval($page_owner_uid) + ); + + // @FIXME do the same for the linked attach + + } + + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']); + } + + if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) { + + // same as above but remove single photo + + $ob_hash = get_observer_hash(); + if(! $ob_hash) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", + dbesc($ob_hash), + intval(local_channel()), + dbesc($a->argv[2]) + ); + + if($r) { + q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'", + intval($page_owner_uid), + dbesc($r[0]['resource_id']) + ); + attach_delete($page_owner_uid, $r[0]['resource_id'], 1 ); + + $i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1", + dbesc($r[0]['resource_id']), + intval($page_owner_uid) + ); + if(count($i)) { + drop_item($i[0]['id'],true,DROPITEM_PHASE1); + $url = $a->get_baseurl(); + } + } + + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); + } + + if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) { + + + $desc = ((x($_POST,'desc')) ? notags(trim($_POST['desc'])) : ''); + $rawtags = ((x($_POST,'newtag')) ? notags(trim($_POST['newtag'])) : ''); + $item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0); + $albname = ((x($_POST,'albname')) ? notags(trim($_POST['albname'])) : ''); + $is_nsfw = ((x($_POST,'adult')) ? intval($_POST['adult']) : 0); + $str_group_allow = perms2str($_POST['group_allow']); + $str_contact_allow = perms2str($_POST['contact_allow']); + $str_group_deny = perms2str($_POST['group_deny']); + $str_contact_deny = perms2str($_POST['contact_deny']); + + $resource_id = $a->argv[2]; + + if(! strlen($albname)) + $albname = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y'); + + + if((x($_POST,'rotate') !== false) && + ( (intval($_POST['rotate']) == 1) || (intval($_POST['rotate']) == 2) )) { + logger('rotate'); + + $r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", + dbesc($resource_id), + intval($page_owner_uid) + ); + if(count($r)) { + $ph = photo_factory(dbunescbin($r[0]['data']), $r[0]['type']); + if($ph->is_valid()) { + $rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 ); + $ph->rotate($rotate_deg); + + $width = $ph->getWidth(); + $height = $ph->getHeight(); + + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", + dbescbin($ph->imageString()), + intval($height), + intval($width), + dbesc($resource_id), + intval($page_owner_uid) + ); + + if($width > 640 || $height > 640) { + $ph->scaleImage(640); + $width = $ph->getWidth(); + $height = $ph->getHeight(); + + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", + dbescbin($ph->imageString()), + intval($height), + intval($width), + dbesc($resource_id), + intval($page_owner_uid) + ); + } + + if($width > 320 || $height > 320) { + $ph->scaleImage(320); + $width = $ph->getWidth(); + $height = $ph->getHeight(); + + $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", + dbescbin($ph->imageString()), + intval($height), + intval($width), + dbesc($resource_id), + intval($page_owner_uid) + ); + } + } + } + } + + $p = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", + dbesc($resource_id), + intval($page_owner_uid) + ); + if($p) { + $ext = $phototypes[$p[0]['type']]; + + $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", + dbesc($desc), + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + dbesc($resource_id), + intval($page_owner_uid) + ); + } + + $item_private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false); + + $old_is_nsfw = $p[0]['is_nsfw']; + if($old_is_nsfw != $is_nsfw) { + $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", + intval($is_nsfw), + dbesc($resource_id), + intval($page_owner_uid) + ); + } + + /* Don't make the item visible if the only change was the album name */ + + $visibility = 0; + if($p[0]['description'] !== $desc || strlen($rawtags)) + $visibility = 1; + + if(! $item_id) { + $item_id = photos_create_item($a->data['channel'],get_observer_hash(),$p[0],$visibility); + + } + + if($item_id) { + $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($item_id), + intval($page_owner_uid) + ); + + if($r) { + $old_tag = $r[0]['tag']; + $old_inform = $r[0]['inform']; + } + } + + + // make sure the linked item has the same permissions as the photo regardless of any other changes + $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d + where id = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($item_private), + intval($item_id) + ); + + // make sure the attach has the same permissions as the photo regardless of any other changes + $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + dbesc($resource_id), + intval($page_owner_uid) + ); + + + + if(strlen($rawtags)) { + + $str_tags = ''; + $inform = ''; + + // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention + + $x = substr($rawtags,0,1); + if($x !== '@' && $x !== '#') + $rawtags = '@' . $rawtags; + + require_once('include/text.php'); + $profile_uid = $a->profile['profile_uid']; + + $results = linkify_tags($a, $rawtags, (local_channel()) ? local_channel() : $profile_uid); + + $success = $results['success']; + $post_tags = array(); + + foreach($results as $result) { + $success = $result['success']; + if($success['replaced']) { + $post_tags[] = array( + 'uid' => $profile_uid, + 'type' => $success['termtype'], + 'otype' => TERM_OBJ_POST, + 'term' => $success['term'], + 'url' => $success['url'] + ); + } + } + + $r = q("select * from item where id = %d and uid = %d limit 1", + intval($item_id), + intval($page_owner_uid) + ); + + if($r) { + $r = fetch_post_tags($r,true); + $datarray = $r[0]; + if($post_tags) { + if((! array_key_exists('term',$datarray)) || (! is_array($datarray['term']))) + $datarray['term'] = $post_tags; + else + $datarray['term'] = array_merge($datarray['term'],$post_tags); + } + item_store_update($datarray,$execflag); + } + + } + + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + return; // NOTREACHED + + } + + + /** + * default post action - upload a photo + */ + + $channel = $a->data['channel']; + $observer = $a->data['observer']; + + $_REQUEST['source'] = 'photos'; + require_once('include/attach.php'); + + if(!local_channel()) { + $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); + $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); + $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); + $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); + } + + $r = attach_store($a->channel,get_observer_hash(), '', $_REQUEST); + + if(! $r['success']) { + notice($r['message'] . EOL); + } + + if($_REQUEST['newalbum']) + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum'])); + else + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC',date_default_timezone_get(),'now', 'Y'))); + +} + + + +function photos_content(&$a) { + + // URLs: + // photos/name + // photos/name/album/xxxxx (xxxxx is album name) + // photos/name/image/xxxxx + + + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + notice( t('Public access denied.') . EOL); + return; + } + + $unsafe = ((array_key_exists('unsafe',$_REQUEST) && $_REQUEST['unsafe']) ? 1 : 0); + + require_once('include/bbcode.php'); + require_once('include/security.php'); + require_once('include/conversation.php'); + + if(! x($a->data,'channel')) { + notice( t('No photos selected') . EOL ); + return; + } + + $ph = photo_factory(''); + $phototypes = $ph->supportedTypes(); + + $_SESSION['photo_return'] = $a->cmd; + + // + // Parse arguments + // + + $can_comment = perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'post_comments'); + + if(argc() > 3) { + $datatype = argv(2); + $datum = argv(3); + } else { + $datatype = 'summary'; + } + + if(argc() > 4) + $cmd = argv(4); + else + $cmd = 'view'; + + // + // Setup permissions structures + // + + $can_post = false; + $visitor = 0; + + + $owner_uid = $a->data['channel']['channel_id']; + $owner_aid = $a->data['channel']['channel_account_id']; + + $observer = $a->get_observer(); + + $can_post = perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_photos'); + $can_view = perm_is_allowed($owner_uid,$observer['xchan_hash'],'view_photos'); + + if(! $can_view) { + notice( t('Access to this item is restricted.') . EOL); + return; + } + + $sql_extra = permissions_sql($owner_uid); + + $o = ""; + + $o .= "<script> var profile_uid = " . $a->profile['profile_uid'] + . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; + + // tabs + + $_is_owner = (local_channel() && (local_channel() == $owner_uid)); + $o .= profile_tabs($a,$_is_owner, $a->data['channel']['channel_address']); + + /** + * Display upload form + */ + + if( $can_post) { + + $uploader = ''; + + $ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'], + 'addon_text' => $uploader, + 'default_upload' => true); + + call_hooks('photo_upload_form',$ret); + + /* Show space usage */ + + $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", + intval($a->data['channel']['channel_account_id']) + ); + + + $limit = service_class_fetch($a->data['channel']['channel_id'],'photo_upload_limit'); + if($limit !== false) { + $usage_message = sprintf( t("%1$.2f MB of %2$.2f MB photo storage used."), $r[0]['total'] / 1024000, $limit / 1024000 ); + } + else { + $usage_message = sprintf( t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000 ); + } + + if($_is_owner) { + $channel = $a->get_channel(); + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + $lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'); + } + + $aclselect = (($_is_owner) ? populate_acl($channel_acl,false) : ''); + + $selname = (($datum) ? hex2bin($datum) : ''); + + $albums = ((array_key_exists('albums', $a->data)) ? $a->data['albums'] : photos_albums_list($a->data['channel'],$a->data['observer'])); + + $def_album = get_pconfig($a->data['channel']['channel_id'],'system','photo_path'); + if($def_album) { + $selname = filepath_macro($def_album); + $albums['album'][] = array('text' => $selname); + } + + $tpl = get_markup_template('photos_upload.tpl'); + $upload_form = replace_macros($tpl,array( + '$pagename' => t('Upload Photos'), + '$sessid' => session_id(), + '$usage' => $usage_message, + '$nickname' => $a->data['channel']['channel_address'], + '$newalbum_label' => t('Enter an album name'), + '$newalbum_placeholder' => t('or select an existing album (doubleclick)'), + '$visible' => array('visible', t('Create a status post for this upload'), 0, '', array(t('No'), t('Yes'))), + '$albums' => $albums['albums'], + '$selname' => $selname, + '$permissions' => t('Permissions'), + '$aclselect' => $aclselect, + '$lockstate' => $lockstate, + '$uploader' => $ret['addon_text'], + '$default' => (($ret['default_upload']) ? true : false), + '$uploadurl' => $ret['post_url'], + '$submit' => t('Submit') + + )); + + } + + // + // dispatch request + // + + /* + * Display a single photo album + */ + + if($datatype === 'album') { + + + + if((strlen($datum) & 1) || (! ctype_xdigit($datum))) { + notice( t('Album name could not be decoded') . EOL); + logger('mod_photos: illegal album encoding: ' . $datum); + $datum = ''; + } + + $album = hex2bin($datum); + + $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' + AND `scale` <= 4 and photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY `resource_id`", + intval($owner_uid), + dbesc($album), + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE), + intval($unsafe) + ); + if(count($r)) { + $a->set_pager_total(count($r)); + $a->set_pager_itemspage(60); + } else { + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']); + } + + if($_GET['order'] === 'posted') + $order = 'ASC'; + else + $order = 'DESC'; + + + $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN + (SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph + ON (p.resource_id = ph.resource_id AND p.scale = ph.scale) + ORDER BY created $order LIMIT %d OFFSET %d", + intval($owner_uid), + dbesc($album), + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE), + intval($unsafe), + intval($a->pager['itemspage']), + intval($a->pager['start']) + ); + + //edit album name + $album_edit = null; + if(($album !== t('Profile Photos')) && ($album !== 'Profile Photos') && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) { + if($can_post) { + if($a->get_template_engine() === 'internal') { + $album_e = template_escape($album); + } + else { + $album_e = $album; + } + $albums = ((array_key_exists('albums', $a->data)) ? $a->data['albums'] : photos_albums_list($a->data['channel'],$a->data['observer'])); + $edit_tpl = get_markup_template('album_edit.tpl'); + $album_edit = replace_macros($edit_tpl,array( + '$nametext' => t('Enter a new album name'), + '$name_placeholder' => t('or select an existing one (doubleclick)'), + '$nickname' => $a->data['channel']['channel_address'], + '$album' => $album_e, + '$albums' => $albums['albums'], + '$hexalbum' => bin2hex($album), + '$submit' => t('Submit'), + '$dropsubmit' => t('Delete Album') + )); + } + } + + if($_GET['order'] === 'posted') + $order = array(t('Show Newest First'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album)); + else + $order = array(t('Show Oldest First'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted'); + + $photos = array(); + if(count($r)) { + $twist = 'rotright'; + foreach($r as $rr) { + + if($twist == 'rotright') + $twist = 'rotleft'; + else + $twist = 'rotright'; + + $ext = $phototypes[$rr['type']]; + + $imgalt_e = $rr['filename']; + $desc_e = $rr['description']; + + $imagelink = ($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'] + . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '')); + + $photos[] = array( + 'id' => $rr['id'], + 'twist' => ' ' . $twist . rand(2,4), + 'link' => $imagelink, + 'title' => t('View Photo'), + 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['scale'] . '.' .$ext, + 'alt' => $imgalt_e, + 'desc'=> $desc_e, + 'ext' => $ext, + 'hash'=> $rr['resource_id'], + 'unknown' => t('Unknown') + ); + } + } + + if($_REQUEST['aj']) { + if($photos) { + $o = replace_macros(get_markup_template('photosajax.tpl'),array( + '$photos' => $photos, + )); + } + else { + $o = '<div id="content-complete"></div>'; + } + echo $o; + killme(); + } + else { + $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $tpl = get_markup_template('photo_album.tpl'); + $o .= replace_macros($tpl, array( + '$photos' => $photos, + '$album' => $album, + '$album_edit' => array(t('Edit Album'), $album_edit), + '$can_post' => $can_post, + '$upload' => array(t('Upload'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload/' . bin2hex($album)), + '$order' => $order, + '$upload_form' => $upload_form, + '$usage' => $usage_message + )); + + } + + if((! $photos) && ($_REQUEST['aj'])) { + $o .= '<div id="content-complete"></div>'; + echo $o; + killme(); + } + +// $o .= paginate($a); + + return $o; + + } + + /** + * Display one photo + */ + + if($datatype === 'image') { + + // fetch image, item containing image, then comments + + $ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' + $sql_extra ORDER BY `scale` ASC ", + intval($owner_uid), + dbesc($datum) + ); + + if(! $ph) { + + /* Check again - this time without specifying permissions */ + + $ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' LIMIT 1", + intval($owner_uid), + dbesc($datum) + ); + if($ph) + notice( t('Permission denied. Access to this item may be restricted.') . EOL); + else + notice( t('Photo not available') . EOL ); + return; + } + + + + $prevlink = ''; + $nextlink = ''; + + if($_GET['order'] === 'posted') + $order = 'ASC'; + else + $order = 'DESC'; + + + $prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 + $sql_extra ORDER BY `created` $order ", + dbesc($ph[0]['album']), + intval($owner_uid) + ); + + if(count($prvnxt)) { + for($z = 0; $z < count($prvnxt); $z++) { + if($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) { + $prv = $z - 1; + $nxt = $z + 1; + if($prv < 0) + $prv = count($prvnxt) - 1; + if($nxt >= count($prvnxt)) + $nxt = 0; + break; + } + } + + $prevlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''); + $nextlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''); + } + + + if(count($ph) == 1) + $hires = $lores = $ph[0]; + if(count($ph) > 1) { + if($ph[1]['scale'] == 2) { + // original is 640 or less, we can display it directly + $hires = $lores = $ph[0]; + } + else { + $hires = $ph[0]; + $lores = $ph[1]; + } + } + + $album_link = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']); + $tools = Null; + $lock = Null; + + if($can_post && ($ph[0]['uid'] == $owner_uid)) { + $tools = array( + 'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource_id'], t('Use as profile photo')), + ); + } + + // lockstate + $lockstate = ( ( (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) + || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ) + ? array('lock', t('Private Photo')) + : array('unlock', Null)); + + $a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n"; + if($prevlink) + $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n"; + if($nextlink) + $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n"; + $a->page['htmlhead'] .= '});</script>'; + + if($prevlink) + $prevlink = array($prevlink, t('Previous')); + + $photo = array( + 'href' => $a->get_baseurl() . '/photo/' . $hires['resource_id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], + 'title'=> t('View Full Size'), + 'src' => $a->get_baseurl() . '/photo/' . $lores['resource_id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('','','','ymdhis') + ); + + if($nextlink) + $nextlink = array($nextlink, t('Next')); + + + // Do we have an item for this photo? + + $linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' + $sql_extra LIMIT 1", + dbesc($datum) + ); + + $map = null; + + if($linked_items) { + + xchan_query($linked_items); + $linked_items = fetch_post_tags($linked_items,true); + + $link_item = $linked_items[0]; + $item_normal = item_normal(); + + $r = q("select * from item where parent_mid = '%s' + $item_normal and uid = %d $sql_extra ", + dbesc($link_item['mid']), + intval($link_item['uid']) + + ); + + if($r) { + xchan_query($r); + $r = fetch_post_tags($r,true); + $r = conv_sort($r,'commented'); + } + + $tags = array(); + if($link_item['term']) { + $cnt = 0; + foreach($link_item['term'] as $t) { + $tags[$cnt] = array(0 => format_term_for_display($t)); + if($can_post && ($ph[0]['uid'] == $owner_uid)) { + $tags[$cnt][1] = 'tagrm/drop/' . $link_item['id'] . '/' . bin2hex($t['term']); //?f=&item=' . $link_item['id']; + $tags[$cnt][2] = t('Remove'); + } + $cnt ++; + } + } + + if((local_channel()) && (local_channel() == $link_item['uid'])) { + q("UPDATE `item` SET item_unseen = 0 WHERE parent = %d and uid = %d and item_unseen = 1", + intval($link_item['parent']), + intval(local_channel()) + ); + } + + if($link_item['coord']) { + $map = generate_map($link_item['coord']); + } + } + +// logger('mod_photo: link_item' . print_r($link_item,true)); + + // FIXME - remove this when we move to conversation module + + $r = $r[0]['children']; + + $edit = null; + if($can_post) { + $album_e = $ph[0]['album']; + $caption_e = $ph[0]['description']; + $aclselect_e = (($_is_owner) ? populate_acl($ph[0]) : ''); + $albums = ((array_key_exists('albums', $a->data)) ? $a->data['albums'] : photos_albums_list($a->data['channel'],$a->data['observer'])); + + $_SESSION['album_return'] = bin2hex($ph[0]['album']); + + $edit = array( + 'edit' => t('Edit photo'), + 'id' => $link_item['id'], + 'rotatecw' => t('Rotate CW (right)'), + 'rotateccw' => t('Rotate CCW (left)'), + 'albums' => $albums['albums'], + 'album' => $album_e, + 'newalbum_label' => t('Enter a new album name'), + 'newalbum_placeholder' => t('or select an existing one (doubleclick)'), + 'nickname' => $a->data['channel']['channel_address'], + 'resource_id' => $ph[0]['resource_id'], + 'capt_label' => t('Caption'), + 'caption' => $caption_e, + 'tag_label' => t('Add a Tag'), + 'permissions' => t('Permissions'), + 'aclselect' => $aclselect_e, + 'lockstate' => $lockstate[0], + 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), + 'item_id' => ((count($linked_items)) ? $link_item['id'] : 0), + 'adult_enabled' => feature_enabled($owner_uid,'adult_photo_flagging'), + 'adult' => array('adult',t('Flag as adult in album view'), intval($ph[0]['is_nsfw']),''), + 'submit' => t('Submit'), + 'delete' => t('Delete Photo') + ); + } + + if(count($linked_items)) { + + $cmnt_tpl = get_markup_template('comment_item.tpl'); + $tpl = get_markup_template('photo_item.tpl'); + $return_url = $a->cmd; + + $like_tpl = get_markup_template('like_noshare.tpl'); + + $likebuttons = ''; + + if($can_post || $can_comment) { + $likebuttons = replace_macros($like_tpl,array( + '$id' => $link_item['id'], + '$likethis' => t("I like this \x28toggle\x29"), + '$nolike' => t("I don't like this \x28toggle\x29"), + '$share' => t('Share'), + '$wait' => t('Please wait') + )); + } + + $comments = ''; + if(! count($r)) { + if($can_post || $can_comment) { + $commentbox = replace_macros($cmnt_tpl,array( + '$return_path' => '', + '$mode' => 'photos', + '$jsreload' => $return_url, + '$type' => 'wall-comment', + '$id' => $link_item['id'], + '$parent' => $link_item['id'], + '$profile_uid' => $owner_uid, + '$mylink' => $observer['xchan_url'], + '$mytitle' => t('This is you'), + '$myphoto' => $observer['xchan_photo_s'], + '$comment' => t('Comment'), + '$submit' => t('Submit'), + '$preview' => t('Preview'), + '$ww' => '', + '$feature_encrypt' => false + )); + } + } + + $alike = array(); + $dlike = array(); + + $like = ''; + $dislike = ''; + + $conv_responses = array( + 'like' => array('title' => t('Likes','title')),'dislike' => array('title' => t('Dislikes','title')), + 'agree' => array('title' => t('Agree','title')),'disagree' => array('title' => t('Disagree','title')), 'abstain' => array('title' => t('Abstain','title')), + 'attendyes' => array('title' => t('Attending','title')), 'attendno' => array('title' => t('Not attending','title')), 'attendmaybe' => array('title' => t('Might attend','title')) + ); + + + + + if($r) { + + foreach($r as $item) { + builtin_activity_puller($item, $conv_responses); + } + + + $like_count = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid']] : ''); + $like_list = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid'] . '-l'] : ''); + if (count($like_list) > MAX_LIKERS) { + $like_list_part = array_slice($like_list, 0, MAX_LIKERS); + array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>'); + } else { + $like_list_part = ''; + } + $like_button_label = tt('Like','Likes',$like_count,'noun'); + + //if (feature_enabled($conv->get_profile_owner(),'dislike')) { + $dislike_count = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid']] : ''); + $dislike_list = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid'] . '-l'] : ''); + $dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun'); + if (count($dislike_list) > MAX_LIKERS) { + $dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS); + array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>'); + } else { + $dislike_list_part = ''; + } + //} + + + $like = ((isset($alike[$link_item['mid']])) ? format_like($alike[$link_item['mid']],$alike[$link_item['mid'] . '-l'],'like',$link_item['mid']) : ''); + $dislike = ((isset($dlike[$link_item['mid']])) ? format_like($dlike[$link_item['mid']],$dlike[$link_item['mid'] . '-l'],'dislike',$link_item['mid']) : ''); + + // display comments + + foreach($r as $item) { + $comment = ''; + $template = $tpl; + $sparkle = ''; + + if(((activity_match($item['verb'],ACTIVITY_LIKE)) || (activity_match($item['verb'],ACTIVITY_DISLIKE))) && ($item['id'] != $item['parent'])) + continue; + + $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ; + + + $profile_url = zid($item['author']['xchan_url']); + $sparkle = ''; + + + $profile_name = $item['author']['xchan_name']; + $profile_avatar = $item['author']['xchan_photo_m']; + + $profile_link = $profile_url; + + $drop = ''; + + if($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan']) + $drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete'))); + + + $name_e = $profile_name; + $title_e = $item['title']; + unobscure($item); + $body_e = prepare_text($item['body'],$item['mimetype']); + + $comments .= replace_macros($template,array( + '$id' => $item['id'], + '$mode' => 'photos', + '$profile_url' => $profile_link, + '$name' => $name_e, + '$thumb' => $profile_avatar, + '$sparkle' => $sparkle, + '$title' => $title_e, + '$body' => $body_e, + '$ago' => relative_date($item['created']), + '$indent' => (($item['parent'] != $item['id']) ? ' comment' : ''), + '$drop' => $drop, + '$comment' => $comment + )); + + } + + if($can_post || $can_comment) { + $commentbox = replace_macros($cmnt_tpl,array( + '$return_path' => '', + '$jsreload' => $return_url, + '$type' => 'wall-comment', + '$id' => $link_item['id'], + '$parent' => $link_item['id'], + '$profile_uid' => $owner_uid, + '$mylink' => $observer['xchan_url'], + '$mytitle' => t('This is you'), + '$myphoto' => $observer['xchan_photo_s'], + '$comment' => t('Comment'), + '$submit' => t('Submit'), + '$ww' => '' + )); + } + + } + $paginate = paginate($a); + } + + $album_e = array($album_link,$ph[0]['album']); + $like_e = $like; + $dislike_e = $dislike; + + + $response_verbs = array('like'); + if(feature_enabled($owner_uid,'dislike')) + $response_verbs[] = 'dislike'; + + + $responses = get_responses($conv_responses,$response_verbs,'',$link_item); + + $photo_tpl = get_markup_template('photo_view.tpl'); + $o .= replace_macros($photo_tpl, array( + '$id' => $link_item['id'], //$ph[0]['id'], + '$album' => $album_e, + '$tools' => $tools, + '$lock' => $lockstate[1], + '$photo' => $photo, + '$prevlink' => $prevlink, + '$nextlink' => $nextlink, + '$desc' => $ph[0]['description'], + '$filename' => $ph[0]['filename'], + '$unknown' => t('Unknown'), + '$tag_hdr' => t('In This Photo:'), + '$tags' => $tags, + 'responses' => $responses, + '$edit' => $edit, + '$map' => $map, + '$map_text' => t('Map'), + '$likebuttons' => $likebuttons, + '$like' => $like_e, + '$dislike' => $dislike_e, + '$like_count' => $like_count, + '$like_list' => $like_list, + '$like_list_part' => $like_list_part, + '$like_button_label' => $like_button_label, + '$like_modal_title' => t('Likes','noun'), + '$dislike_modal_title' => t('Dislikes','noun'), + '$dislike_count' => $dislike_count, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_count : ''), + '$dislike_list' => $dislike_list, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list : ''), + '$dislike_list_part' => $dislike_list_part, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list_part : ''), + '$dislike_button_label' => $dislike_button_label, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_button_label : ''), + '$modal_dismiss' => t('Close'), + '$comments' => $comments, + '$commentbox' => $commentbox, + '$paginate' => $paginate, + )); + + $a->data['photo_html'] = $o; + + return $o; + } + + // Default - show recent photos with upload link (if applicable) + //$o = ''; + + $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' + and photo_usage in ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY `resource_id`", + intval($a->data['channel']['channel_id']), + dbesc('Contact Photos'), + dbesc( t('Contact Photos')), + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE), + intval($unsafe) + ); + if(count($r)) { + $a->set_pager_total(count($r)); + $a->set_pager_itemspage(60); + } + + $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN + (SELECT resource_id, max(scale) scale FROM photo + WHERE uid=%d AND album != '%s' AND album != '%s' + AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra group by resource_id) ph + ON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d", + intval($a->data['channel']['channel_id']), + dbesc('Contact Photos'), + dbesc( t('Contact Photos')), + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE), + intval($unsafe), + intval($a->pager['itemspage']), + intval($a->pager['start']) + ); + + + + $photos = array(); + if(count($r)) { + $twist = 'rotright'; + foreach($r as $rr) { + if($twist == 'rotright') + $twist = 'rotleft'; + else + $twist = 'rotright'; + $ext = $phototypes[$rr['type']]; + + if($a->get_template_engine() === 'internal') { + $alt_e = template_escape($rr['filename']); + $name_e = template_escape($rr['album']); + } + else { + $alt_e = $rr['filename']; + $name_e = $rr['album']; + } + + $photos[] = array( + 'id' => $rr['id'], + 'twist' => ' ' . $twist . rand(2,4), + 'link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'], + 'title' => t('View Photo'), + 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . ((($rr['scale']) == 6) ? 4 : $rr['scale']) . '.' . $ext, + 'alt' => $alt_e, + 'album' => array( + 'link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']), + 'name' => $name_e, + 'alt' => t('View Album'), + ), + + ); + } + } + + if($_REQUEST['aj']) { + if($photos) { + $o = replace_macros(get_markup_template('photosajax.tpl'),array( + '$photos' => $photos, + )); + } + else { + $o = '<div id="content-complete"></div>'; + } + echo $o; + killme(); + } + else { + $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $tpl = get_markup_template('photos_recent.tpl'); + $o .= replace_macros($tpl, array( + '$title' => t('Recent Photos'), + '$can_post' => $can_post, + '$upload' => array(t('Upload'), $a->get_baseurl().'/photos/'.$a->data['channel']['channel_address'].'/upload'), + '$photos' => $photos, + '$upload_form' => $upload_form, + '$usage' => $usage_message + )); + + } + + if((! $photos) && ($_REQUEST['aj'])) { + $o .= '<div id="content-complete"></div>'; + echo $o; + killme(); + } + +// paginate($a); + return $o; +} + diff --git a/mod/ping.php b/mod/ping.php new file mode 100644 index 000000000..719183388 --- /dev/null +++ b/mod/ping.php @@ -0,0 +1,489 @@ +<?php +/** + * @file mod/ping.php + * + */ + +require_once('include/bbcode.php'); +require_once('include/notify.php'); + +/** + * @brief do several updates when pinged. + * + * This function does several tasks. Whenever called it checks for new messages, + * introductions, notifications, etc. and returns a json with the results. + * + * @param App &$a + * @result JSON + */ + +function ping_init(&$a) { + + $result = array(); + $notifs = array(); + + $result['notify'] = 0; + $result['home'] = 0; + $result['network'] = 0; + $result['intros'] = 0; + $result['mail'] = 0; + $result['register'] = 0; + $result['events'] = 0; + $result['events_today'] = 0; + $result['birthdays'] = 0; + $result['birthdays_today'] = 0; + $result['all_events'] = 0; + $result['all_events_today'] = 0; + $result['notice'] = array(); + $result['info'] = array(); + + $t0 = dba_timer(); + + header("content-type: application/json"); + + $vnotify = false; + + $item_normal = item_normal(); + + if(local_channel()) { + $vnotify = get_pconfig(local_channel(),'system','vnotify'); + $evdays = intval(get_pconfig(local_channel(),'system','evdays')); + $ob_hash = get_observer_hash(); + } + + // if unset show all visual notification types + if($vnotify === false) + $vnotify = (-1); + if($evdays < 1) + $evdays = 3; + + /** + * If you have several windows open to this site and switch to a different channel + * in one of them, the others may get into a confused state showing you a page or options + * on that page which were only valid under the old identity. You session has changed. + * Therefore we send a notification of this fact back to the browser where it is picked up + * in javascript and which reloads the page it is on so that it is valid under the context + * of the now current channel. + */ + + $result['invalid'] = ((intval($_GET['uid'])) && (intval($_GET['uid']) != local_channel()) ? 1 : 0); + + /** + * Send all system messages (alerts) to the browser. + * Some are marked as informational and some represent + * errors or serious notifications. These typically + * will popup on the current page (no matter what page it is) + */ + + if(x($_SESSION, 'sysmsg')){ + foreach ($_SESSION['sysmsg'] as $m){ + $result['notice'][] = array('message' => $m); + } + unset($_SESSION['sysmsg']); + } + if(x($_SESSION, 'sysmsg_info')){ + foreach ($_SESSION['sysmsg_info'] as $m){ + $result['info'][] = array('message' => $m); + } + unset($_SESSION['sysmsg_info']); + } + if(! ($vnotify & VNOTIFY_INFO)) + $result['info'] = array(); + if(! ($vnotify & VNOTIFY_ALERT)) + $result['notice'] = array(); + + + if($a->install) { + echo json_encode($result); + killme(); + } + + /** + * Update chat presence indication (if applicable) + */ + + if(get_observer_hash() && (! $result['invalid'])) { + $r = q("select cp_id, cp_room from chatpresence where cp_xchan = '%s' and cp_client = '%s' and cp_room = 0 limit 1", + dbesc(get_observer_hash()), + dbesc($_SERVER['REMOTE_ADDR']) + ); + $basic_presence = false; + if($r) { + $basic_presence = true; + q("update chatpresence set cp_last = '%s' where cp_id = %d", + dbesc(datetime_convert()), + intval($r[0]['cp_id']) + ); + } + if(! $basic_presence) { + q("insert into chatpresence ( cp_xchan, cp_last, cp_status, cp_client) + values( '%s', '%s', '%s', '%s' ) ", + dbesc(get_observer_hash()), + dbesc(datetime_convert()), + dbesc('online'), + dbesc($_SERVER['REMOTE_ADDR']) + ); + } + } + + /** + * Chatpresence continued... if somebody hasn't pinged recently, they've most likely left the page + * and shouldn't count as online anymore. We allow an expection for bots. + */ + + q("delete from chatpresence where cp_last < %s - INTERVAL %s and cp_client != 'auto' ", + db_utcnow(), db_quoteinterval('3 MINUTE') + ); + + if((! local_channel()) || ($result['invalid'])) { + echo json_encode($result); + killme(); + } + + /** + * Everything following is only permitted under the context of a locally authenticated site member. + */ + + + /** + * Handle "mark all xyz notifications read" requests. + */ + + // mark all items read + if(x($_REQUEST, 'markRead') && local_channel()) { + switch($_REQUEST['markRead']) { + case 'network': + $r = q("update item set item_unseen = 0 where item_unseen = 1 and uid = %d", + intval(local_channel()) + ); + break; + case 'home': + $r = q("update item set item_unseen = 0 where item_unseen = 1 and item_wall = 1 and uid = %d", + intval(local_channel()) + ); + break; + case 'messages': + $r = q("update mail set mail_seen = 1 where mail_seen = 0 and channel_id = %d ", + intval(local_channel()) + ); + break; + case 'all_events': + $r = q("update event set `ignore` = 1 where `ignore` = 0 and uid = %d AND start < '%s' AND start > '%s' ", + intval(local_channel()), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) + ); + break; + case 'notify': + $r = q("update notify set seen = 1 where uid = %d", + intval(local_channel()) + ); + break; + default: + break; + } + } + + if(x($_REQUEST, 'markItemRead') && local_channel()) { + $r = q("update item set item_unseen = 0 where parent = %d and uid = %d", + intval($_REQUEST['markItemRead']), + intval(local_channel()) + ); + } + + + + /** + * URL ping/something will return detail for "something", e.g. a json list with which to populate a notification + * dropdown menu. + */ + + if(argc() > 1 && argv(1) === 'notify') { + $t = q("select count(*) as total from notify where uid = %d and seen = 0", + intval(local_channel()) + ); + if($t && intval($t[0]['total']) > 49) { + $z = q("select * from notify where uid = %d + and seen = 0 order by date desc limit 50", + intval(local_channel()) + ); + } + else { + $z1 = q("select * from notify where uid = %d + and seen = 0 order by date desc limit 50", + intval(local_channel()) + ); + $z2 = q("select * from notify where uid = %d + and seen = 1 order by date desc limit %d", + intval(local_channel()), + intval(50 - intval($t[0]['total'])) + ); + $z = array_merge($z1,$z2); + } + + if(count($z)) { + foreach($z as $zz) { + $notifs[] = array( + 'notify_link' => $a->get_baseurl() . '/notify/view/' . $zz['id'], + 'name' => $zz['name'], + 'url' => $zz['url'], + 'photo' => $zz['photo'], + 'when' => relative_date($zz['date']), + 'hclass' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'), + 'message' => strip_tags(bbcode($zz['msg'])) + ); + } + } + + echo json_encode(array('notify' => $notifs)); + killme(); + } + + if(argc() > 1 && argv(1) === 'messages') { + $channel = $a->get_channel(); + $t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan + where channel_id = %d and mail_seen = 0 and mail_deleted = 0 + and from_xchan != '%s' order by created desc limit 50", + intval(local_channel()), + dbesc($channel['channel_hash']) + ); + + if($t) { + foreach($t as $zz) { + $notifs[] = array( + 'notify_link' => $a->get_baseurl() . '/mail/' . $zz['id'], + 'name' => $zz['xchan_name'], + 'url' => $zz['xchan_url'], + 'photo' => $zz['xchan_photo_s'], + 'when' => relative_date($zz['created']), + 'hclass' => (intval($zz['mail_seen']) ? 'notify-seen' : 'notify-unseen'), + 'message' => t('sent you a private message'), + ); + } + } + + echo json_encode(array('notify' => $notifs)); + killme(); + } + + if(argc() > 1 && (argv(1) === 'network' || argv(1) === 'home')) { + $result = array(); + + $r = q("SELECT * FROM item + WHERE item_unseen = 1 and uid = %d $item_normal + and author_xchan != '%s' ORDER BY created DESC limit 300", + intval(local_channel()), + dbesc($ob_hash) + ); + + if($r) { + xchan_query($r); + foreach($r as $item) { + if((argv(1) === 'home') && (! intval($item['item_wall']))) + continue; + $result[] = format_notification($item); + } + } +// logger('ping (network||home): ' . print_r($result, true), LOGGER_DATA); + echo json_encode(array('notify' => $result)); + killme(); + } + + if(argc() > 1 && (argv(1) === 'intros')) { + $result = array(); + + $r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ORDER BY abook_created DESC LIMIT 50", + intval(local_channel()) + ); + + if($r) { + foreach($r as $rr) { + $result[] = array( + 'notify_link' => $a->get_baseurl() . '/connedit/' . $rr['abook_id'], + 'name' => $rr['xchan_name'], + 'url' => $rr['xchan_url'], + 'photo' => $rr['xchan_photo_s'], + 'when' => relative_date($rr['abook_created']), + 'hclass' => ('notify-unseen'), + 'message' => t('added your channel') + ); + } + } + logger('ping (intros): ' . print_r($result, true), LOGGER_DATA); + echo json_encode(array('notify' => $result)); + killme(); + } + + if(argc() > 1 && (argv(1) === 'all_events')) { + $bd_format = t('g A l F d') ; // 8 AM Friday January 18 + + $result = array(); + + $r = q("SELECT * FROM event left join xchan on event_xchan = xchan_hash + WHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0 + ORDER BY `start` DESC LIMIT 1000", + intval(local_channel()), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) + ); + + if($r) { + foreach($r as $rr) { + if($rr['adjust']) + $md = datetime_convert('UTC', date_default_timezone_get(), $rr['start'], 'Y/m'); + else + $md = datetime_convert('UTC', 'UTC', $rr['start'], 'Y/m'); + + $strt = datetime_convert('UTC', (($rr['adjust']) ? date_default_timezone_get() : 'UTC'), $rr['start']); + $today = ((substr($strt, 0, 10) === datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d')) ? true : false); + + $when = day_translate(datetime_convert('UTC', (($rr['adjust']) ? date_default_timezone_get() : 'UTC'), $rr['start'], $bd_format)) . (($today) ? ' ' . t('[today]') : ''); + + $result[] = array( + 'notify_link' => $a->get_baseurl() . '/events', // FIXME this takes you to an edit page and it may not be yours, we really want to just view the single event --> '/events/event/' . $rr['event_hash'], + 'name' => $rr['xchan_name'], + 'url' => $rr['xchan_url'], + 'photo' => $rr['xchan_photo_s'], + 'when' => $when, + 'hclass' => ('notify-unseen'), + 'message' => t('posted an event') + ); + } + } + logger('ping (all_events): ' . print_r($result, true), LOGGER_DATA); + echo json_encode(array('notify' => $result)); + killme(); + } + + + + /** + * Normal ping - just the counts, no detail + */ + + if($vnotify & VNOTIFY_SYSTEM) { + $t = q("select count(*) as total from notify where uid = %d and seen = 0", + intval(local_channel()) + ); + if($t) + $result['notify'] = intval($t[0]['total']); + } + + $t1 = dba_timer(); + + if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) { + $r = q("SELECT id, item_wall FROM item + WHERE item_unseen = 1 and uid = %d + $item_normal + and author_xchan != '%s'", + intval(local_channel()), + dbesc($ob_hash) + ); + + if($r) { + $arr = array('items' => $r); + call_hooks('network_ping', $arr); + + foreach ($r as $it) { + if(intval($it['item_wall'])) + $result['home'] ++; + else + $result['network'] ++; + } + } + } + if(! ($vnotify & VNOTIFY_NETWORK)) + $result['network'] = 0; + if(! ($vnotify & VNOTIFY_CHANNEL)) + $result['home'] = 0; + + + $t2 = dba_timer(); + + if($vnotify & VNOTIFY_INTRO) { + $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ", + intval(local_channel()) + ); + + $t3 = dba_timer(); + + if($intr) + $result['intros'] = intval($intr[0]['total']); + } + + $t4 = dba_timer(); + $channel = get_app()->get_channel(); + + if($vnotify & VNOTIFY_MAIL) { + $mails = q("SELECT count(id) as total from mail + WHERE channel_id = %d AND mail_seen = 0 and from_xchan != '%s' ", + intval(local_channel()), + dbesc($channel['channel_hash']) + ); + if($mails) + $result['mail'] = intval($mails[0]['total']); + } + + if($vnotify & VNOTIFY_REGISTER) { + if ($a->config['system']['register_policy'] == REGISTER_APPROVE && is_site_admin()) { + $regs = q("SELECT count(account_id) as total from account where (account_flags & %d) > 0", + intval(ACCOUNT_PENDING) + ); + if($regs) + $result['register'] = intval($regs[0]['total']); + } + } + + $t5 = dba_timer(); + + if($vnotify & (VNOTIFY_EVENT|VNOTIFY_EVENTTODAY|VNOTIFY_BIRTHDAY)) { + $events = q("SELECT type, start, adjust FROM `event` + WHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0 + ORDER BY `start` ASC ", + intval(local_channel()), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')), + dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')) + ); + + if($events) { + $result['all_events'] = count($events); + + if($result['all_events']) { + $str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d'); + foreach($events as $x) { + $bd = false; + if($x['type'] === 'birthday') { + $result['birthdays'] ++; + $bd = true; + } + else { + $result['events'] ++; + } + if(datetime_convert('UTC', ((intval($x['adjust'])) ? date_default_timezone_get() : 'UTC'), $x['start'], 'Y-m-d') === $str_now) { + $result['all_events_today'] ++; + if($bd) + $result['birthdays_today'] ++; + else + $result['events_today'] ++; + } + } + } + } + } + if(! ($vnotify & VNOTIFY_EVENT)) + $result['all_events'] = $result['events'] = 0; + if(! ($vnotify & VNOTIFY_EVENTTODAY)) + $result['all_events_today'] = $result['events_today'] = 0; + if(! ($vnotify & VNOTIFY_BIRTHDAY)) + $result['birthdays'] = 0; + + + $x = json_encode($result); + + $t6 = dba_timer(); + +// logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0)); + + echo $x; + killme(); +} diff --git a/mod/poco.php b/mod/poco.php new file mode 100644 index 000000000..098c9a240 --- /dev/null +++ b/mod/poco.php @@ -0,0 +1,7 @@ +<?php + +require_once('include/socgraph.php'); + +function poco_init(&$a) { + poco($a,false); +} diff --git a/mod/poke.php b/mod/poke.php new file mode 100755 index 000000000..f66d28956 --- /dev/null +++ b/mod/poke.php @@ -0,0 +1,178 @@ +<?php /** @file */ + +/** + * + * Poke, prod, finger, or otherwise do unspeakable things to somebody - who must be a connection in your address book + * This function can be invoked with the required arguments (verb and cid and private and possibly parent) silently via ajax or + * other web request. You must be logged in and connected to a channel. + * If the required arguments aren't present, we'll display a simple form to choose a recipient and a verb. + * parent is a special argument which let's you attach this activity as a comment to an existing conversation, which + * may have started with somebody else poking (etc.) somebody, but this isn't necessary. This can be used in the adult + * plugin version to have entire conversations where Alice poked Bob, Bob fingered Alice, Alice hugged Bob, etc. + * + * private creates a private conversation with the recipient. Otherwise your channel's default post privacy is used. + * + */ + +require_once('include/items.php'); + +function poke_init(&$a) { + + if(! local_channel()) + return; + + $uid = local_channel(); + $channel = $a->get_channel(); + + $verb = notags(trim($_REQUEST['verb'])); + + if(! $verb) + return; + + $verbs = get_poke_verbs(); + + if(! array_key_exists($verb,$verbs)) + return; + + $activity = ACTIVITY_POKE . '#' . urlencode($verbs[$verb][0]); + + $contact_id = intval($_REQUEST['cid']); + if(! $contact_id) + return; + + $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0); + + logger('poke: verb ' . $verb . ' contact ' . $contact_id, LOGGER_DEBUG); + + + $r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where abook_id = %d and abook_channel = %d LIMIT 1", + intval($contact_id), + intval($uid) + ); + + if(! $r) { + logger('poke: no target ' . $contact_id); + return; + } + + $target = $r[0]; + $parent_item = null; + + if($parent) { + $r = q("select mid, item_private, owner_xchan, allow_cid, allow_gid, deny_cid, deny_gid + from item where id = %d and parent = %d and uid = %d limit 1", + intval($parent), + intval($parent), + intval($uid) + ); + if($r) { + $parent_item = $r[0]; + $parent_mid = $r[0]['mid']; + $item_private = $r[0]['item_private']; + $allow_cid = $r[0]['allow_cid']; + $allow_gid = $r[0]['allow_gid']; + $deny_cid = $r[0]['deny_cid']; + $deny_gid = $r[0]['deny_gid']; + } + } + else { + + $item_private = ((x($_GET,'private')) ? intval($_GET['private']) : 0); + + $allow_cid = (($item_private) ? '<' . $target['abook_xchan']. '>' : $channel['channel_allow_cid']); + $allow_gid = (($item_private) ? '' : $channel['channel_allow_gid']); + $deny_cid = (($item_private) ? '' : $channel['channel_deny_cid']); + $deny_gid = (($item_private) ? '' : $channel['channel_deny_gid']); + } + + + $arr = array(); + + $arr['item_wall'] = 1; + $arr['owner_xchan'] = (($parent_item) ? $parent_item['owner_xchan'] : $channel['channel_hash']); + $arr['parent_mid'] = (($parent_mid) ? $parent_mid : $mid); + $arr['title'] = ''; + $arr['allow_cid'] = $allow_cid; + $arr['allow_gid'] = $allow_gid; + $arr['deny_cid'] = $deny_cid; + $arr['deny_gid'] = $deny_gid; + $arr['verb'] = $activity; + $arr['item_private'] = $item_private; + $arr['obj_type'] = ACTIVITY_OBJ_PERSON; + $arr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t($verbs[$verb][0]) . ' ' . '[zrl=' . $target['xchan_url'] . ']' . $target['xchan_name'] . '[/zrl]'; + + $obj = array( + 'type' => ACTIVITY_OBJ_PERSON, + 'title' => $target['xchan_name'], + 'id' => $target['xchan_hash'], + 'link' => array( + array('rel' => 'alternate', 'type' => 'text/html', 'href' => $target['xchan_url']), + array('rel' => 'photo', 'type' => $target['xchan_photo_mimetype'], 'href' => $target['xchan_photo_l']) + ), + ); + + $arr['object'] = json_encode($obj); + + $arr['item_origin'] = 1; + $arr['item_wall'] = 1; + $arr['item_unseen'] = 1; + if(! $parent_item) + $item['item_thread_top'] = 1; + + + post_activity_item($arr); + + return; +} + + + +function poke_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $name = ''; + $id = ''; + + if(intval($_REQUEST['c'])) { + $r = q("select abook_id, xchan_name from abook left join xchan on abook_xchan = xchan_hash + where abook_id = %d and abook_channel = %d limit 1", + intval($_REQUEST['c']), + intval(local_channel()) + ); + if($r) { + $name = $r[0]['xchan_name']; + $id = $r[0]['abook_id']; + } + } + + $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : '0'); + + $verbs = get_poke_verbs(); + + $shortlist = array(); + foreach($verbs as $k => $v) + if($v[1] !== 'NOTRANSLATION') + $shortlist[] = array($k,$v[1]); + + $tpl = get_markup_template('poke_content.tpl'); + + $o = replace_macros($tpl,array( + '$title' => t('Poke/Prod'), + '$desc' => t('poke, prod or do other things to somebody'), + '$clabel' => t('Recipient'), + '$choice' => t('Choose what you wish to do to recipient'), + '$verbs' => $shortlist, + '$parent' => $parent, + '$prv_desc' => t('Make this post private'), + '$submit' => t('Submit'), + '$name' => $name, + '$id' => $id + )); + + return $o; + +}
\ No newline at end of file diff --git a/mod/post.php b/mod/post.php new file mode 100644 index 000000000..dfda7db9d --- /dev/null +++ b/mod/post.php @@ -0,0 +1,933 @@ +<?php + +/** + * @file mod/post.php + * + * @brief Zot endpoint. + * + */ + +require_once('include/zot.php'); + +/** + * @brief HTTP POST entry point for Zot. + * + * Most access to this endpoint is via the post method. + * Here we will pick out the magic auth params which arrive as a get request, + * and the only communications to arrive this way. + * + * Magic Auth + * ========== + * + * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), + * a redirection is made via $mysite/magic to the zot endpoint of the remote site ($remotesite) with special GET parameters. + * + * The endpoint is typically https://$remotesite/post - or whatever was specified as the callback url in prior communications + * (we will bootstrap an address and fetch a zot info packet if possible where no prior communications exist) + * + * Five GET parameters are supplied: + * * auth => the urlencoded webbie (channel@host.domain) of the channel requesting access + * * dest => the desired destination URL (urlencoded) + * * sec => a random string which is also stored on $mysite for use during the verification phase. + * * version => the zot revision + * * delegate => optional urlencoded webbie of a local channel to invoke delegation rights for + * + * When this packet is received, an "auth-check" zot message is sent to $mysite. + * (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post) + * If no information has been recorded about the requesting identity a zot information packet will be retrieved before + * continuing. + * + * The sender of this packet is an arbitrary/random site channel. The recipients will be a single recipient corresponding + * to the guid and guid_sig we have associated with the requesting auth identity + * + * \code{.json} + * { + * "type":"auth_check", + * "sender":{ + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TApz...", + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j..." + * }, + * "recipients":{ + * { + * "guid":"ZHSqb...", + * "guid_sig":"JsAAXi..." + * } + * } + * "callback":"\/post", + * "version":1, + * "secret":"1eaa661", + * "secret_sig":"eKV968b1..." + * } + * \endcode + * + * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see + * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the + * destination channel's private key and base64url encoded. If everything checks out, a json packet is returned: + * + * \code{.json} + * { + * "success":1, + * "confirm":"q0Ysovd1u...", + * "service_class":(optional) + * "level":(optional) + * } + * \endcode + * + * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the + * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. + * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful + * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. + * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is + * a string whose contents are not defined by protocol. Example: "basic" or "gold". + * + * @param[in,out] App &$a + */ +function post_init(&$a) { + + if (array_key_exists('auth', $_REQUEST)) { + + $ret = array('success' => false, 'message' => ''); + + logger('mod_zot: auth request received.'); + $address = $_REQUEST['auth']; + $desturl = $_REQUEST['dest']; + $sec = $_REQUEST['sec']; + $version = $_REQUEST['version']; + $delegate = $_REQUEST['delegate']; + + $test = ((x($_REQUEST, 'test')) ? intval($_REQUEST['test']) : 0); + + // They are authenticating ultimately to the site and not to a particular channel. + // Any channel will do, providing it's currently active. We just need to have an + // identity to attach to the packet we send back. So find one. + + $c = q("select * from channel where channel_removed = 0 limit 1"); + + if (! $c) { + // nobody here + logger('mod_zot: auth: unable to find a response channel'); + if ($test) { + $ret['message'] .= 'no local channels found.' . EOL; + json_return_and_die($ret); + } + + goaway($desturl); + } + + // Try and find a hubloc for the person attempting to auth + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + dbesc($address) + ); + + if (! $x) { + // finger them if they can't be found. + $ret = zot_finger($address, null); + if ($ret['success']) { + $j = json_decode($ret['body'], true); + if ($j) + import_xchan($j); + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + dbesc($address) + ); + } + } + if(! $x) { + logger('mod_zot: auth: unable to finger ' . $address); + + if($test) { + $ret['message'] .= 'no hubloc found for ' . $address . ' and probing failed.' . EOL; + json_return_and_die($ret); + } + + goaway($desturl); + } + + logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] ); + + // check credentials and access + + // If they are already authenticated and haven't changed credentials, + // we can save an expensive network round trip and improve performance. + + $remote = remote_channel(); + $result = null; + $remote_service_class = ''; + $remote_level = 0; + $remote_hub = $x[0]['hubloc_url']; + $DNT = 0; + + // Also check that they are coming from the same site as they authenticated with originally. + + $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + if($delegate && $delegate !== $_SESSION['delegate_channel']) + $already_authed = false; + + $j = array(); + + if (! $already_authed) { + + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key + // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender + // which can be verified + + $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); + if ($test) { + $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL; + $ret['message'] .= 'packet contents: ' . $p . EOL; + } + + $result = zot_zot($x[0]['hubloc_callback'],$p); + + if (! $result['success']) { + logger('mod_zot: auth_check callback failed.'); + if ($test) { + $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; + json_return_and_die($ret); + } + + goaway($desturl); + } + $j = json_decode($result['body'], true); + if (! $j) { + logger('mod_zot: auth_check json data malformed.'); + if($test) { + $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; + json_return_and_die($ret); + } + } + } + + if ($test) { + $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; + } + + if ($already_authed || $j['success']) { + if ($j['success']) { + // legit response, but we do need to check that this wasn't answered by a man-in-middle + if (! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { + logger('mod_zot: auth: final confirmation failed.'); + if ($test) { + $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true); + json_return_and_die($ret); + } + + goaway($desturl); + } + if (array_key_exists('service_class',$j)) + $remote_service_class = $j['service_class']; + if (array_key_exists('level',$j)) + $remote_level = $j['level']; + if (array_key_exists('DNT',$j)) + $DNT = $j['DNT']; + } + // everything is good... maybe + if(local_channel()) { + + // tell them to logout if they're logged in locally as anything but the target remote account + // in which case just shut up because they don't need to be doing this at all. + + if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) { + logger('mod_zot: auth: already authenticated locally as somebody else.'); + notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); + if ($test) { + $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; + json_return_and_die($ret); + } + } + goaway($desturl); + } + + // log them in + + if ($test) { + $ret['success'] = true; + $ret['message'] .= 'Authentication Success!' . EOL; + json_return_and_die($ret); + } + + $delegation_success = false; + if ($delegate) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($delegate) + ); + if ($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate'); + if ($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $x[0]['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + require_once('include/security.php'); + change_channel($r[0]['channel_id']); + $delegation_success = true; + } + } + } + + $_SESSION['authenticated'] = 1; + if (! $delegation_success) { + $_SESSION['visitor_id'] = $x[0]['xchan_hash']; + $_SESSION['my_url'] = $x[0]['xchan_url']; + $_SESSION['my_address'] = $address; + $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_level'] = $remote_level; + $_SESSION['remote_hub'] = $remote_hub; + $_SESSION['DNT'] = $DNT; + } + + $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); + call_hooks('magic_auth_success',$arr); + $a->set_observer($x[0]); + require_once('include/security.php'); + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); + logger('mod_zot: auth success from ' . $x[0]['xchan_addr']); + } + else { + if($test) { + $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + json_return_and_die($ret); + } + logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); + } + + /** + * @FIXME we really want to save the return_url in the session before we + * visit rmagic. This does however prevent a recursion if you visit + * rmagic directly, as it would otherwise send you back here again. + * But z_root() probably isn't where you really want to go. + */ + + if ($test) { + $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + json_return_and_die($ret); + } + + if(strstr($desturl,z_root() . '/rmagic')) + goaway(z_root()); + + goaway($desturl); + } +} + + +/** + * @brief zot communications and messaging. + * + * Sender HTTP posts to this endpoint ($site/post typically) with 'data' parameter set to json zot message packet. + * This packet is optionally encrypted, which we will discover if the json has an 'iv' element. + * $contents => array( 'alg' => 'aes256cbc', 'iv' => initialisation vector, 'key' => decryption key, 'data' => encrypted data); + * $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded. + * Currently only 'aes256cbc' is used, but this is extensible should that algorithm prove inadequate. + * + * Once decrypted, one will find the normal json_encoded zot message packet. + * + * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup + * + * Standard packet: (used by notify, purge, refresh, force_refresh, and auth_check) + * \code{.json} + * { + * "type": "notify", + * "sender":{ + * "guid":"kgVFf_1...", + * "guid_sig":"PT9-TApzp...", + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j5...", + * }, + * "recipients": { optional recipient array }, + * "callback":"\/post", + * "version":1, + * "secret":"1eaa...", + * "secret_sig": "df89025470fac8..." + * } + * \endcode + * + * Signature fields are all signed with the sender channel private key and base64url encoded. + * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private + * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates + * a public message or visible to all potential listeners on this site. + * + * "pickup" packet: + * The pickup packet is sent in response to a notify packet from another site + * \code{.json} + * { + * "type":"pickup", + * "url":"http:\/\/example.com", + * "callback":"http:\/\/example.com\/post", + * "callback_sig":"teE1_fLI...", + * "secret":"1eaa...", + * "secret_sig":"O7nB4_..." + * } + * \endcode + * + * In the pickup packet, the sig fields correspond to the respective data + * element signed with this site's system private key and then base64url encoded. + * The "secret" is the same as the original secret from the notify packet. + * + * If verification is successful, a json structure is returned containing a + * success indicator and an array of type 'pickup'. + * Each pickup element contains the original notify request and a message field + * whose contents are dependent on the message type. + * + * This JSON array is AES encapsulated using the site public key of the site + * that sent the initial zot pickup packet. + * Using the above example, this would be example.com. + * + * \code{.json} + * { + * "success":1, + * "pickup":{ + * "notify":{ + * "type":"notify", + * "sender":{ + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TApz...", + * "url":"http:\/\/z.podunk.edu", + * "url_sig":"T8Bp7j5D..." + * }, + * "callback":"\/post", + * "version":1, + * "secret":"1eaa661..." + * }, + * "message":{ + * "type":"activity", + * "message_id":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "message_top":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "message_parent":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "created":"2012-11-20 04:04:16", + * "edited":"2012-11-20 04:04:16", + * "title":"", + * "body":"Hi Nickordo", + * "app":"", + * "verb":"post", + * "object_type":"", + * "target_type":"", + * "permalink":"", + * "location":"", + * "longlat":"", + * "owner":{ + * "name":"Indigo", + * "address":"indigo@podunk.edu", + * "url":"http:\/\/podunk.edu", + * "photo":{ + * "mimetype":"image\/jpeg", + * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" + * }, + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TAp...", + * }, + * "author":{ + * "name":"Indigo", + * "address":"indigo@podunk.edu", + * "url":"http:\/\/podunk.edu", + * "photo":{ + * "mimetype":"image\/jpeg", + * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" + * }, + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TAp..." + * } + * } + * } + * } + * \endcode + * + * Currently defined message types are 'activity', 'mail', 'profile', 'location' + * and 'channel_sync', which each have different content schemas. + * + * Ping packet: + * A ping packet does not require any parameters except the type. It may or may + * not be encrypted. + * + * \code{.json} + * { + * "type": "ping" + * } + * \endcode + * + * On receipt of a ping packet a ping response will be returned: + * + * \code{.json} + * { + * "success" : 1, + * "site" { + * "url": "http:\/\/podunk.edu", + * "url_sig": "T8Bp7j5...", + * "sitekey": "-----BEGIN PUBLIC KEY----- + * MIICIjANBgkqhkiG9w0BAQE..." + * } + * } + * \endcode + * + * The ping packet can be used to verify that a site has not been re-installed, and to + * initiate corrective action if it has. The url_sig is signed with the site private key + * and base64url encoded - and this should verify with the enclosed sitekey. Failure to + * verify indicates the site is corrupt or otherwise unable to communicate using zot. + * This return packet is not otherwise verified, so should be compared with other + * results obtained from this site which were verified prior to taking action. For instance + * if you have one verified result with this signature and key, and other records for this + * url which have different signatures and keys, it indicates that the site was re-installed + * and corrective action may commence (remove or mark invalid any entries with different + * signatures). + * If you have no records which match this url_sig and key - no corrective action should + * be taken as this packet may have been returned by an imposter. + * + * @param[in,out] App &$a + */ +function post_post(&$a) { + + $encrypted_packet = false; + $ret = array('success' => false); + + $data = json_decode($_REQUEST['data'],true); + + /* + * Many message packets will arrive encrypted. The existence of an 'iv' + * element tells us we need to unencapsulate the AES-256-CBC content using + * the site private key. + */ + + if($data && array_key_exists('iv',$data)) { + $encrypted_packet = true; + $data = crypto_unencapsulate($data,get_config('system','prvkey')); + logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA); + $data = json_decode($data,true); + } + + if(! $data) { + + // possible Bleichenbacher's attack, just treat it as a + // message we have no handler for. It should fail a bit + // further along with "no hub". Our public key is public + // knowledge. There's no reason why anybody should get the + // encryption wrong unless they're fishing or hacking. If + // they're developing and made a goof, this can be discovered + // in the logs of the destination site. If they're fishing or + // hacking, the bottom line is we can't verify their hub. + // That's all we're going to tell them. + + $data = array('type' => 'bogus'); + } + + + $msgtype = ((array_key_exists('type',$data)) ? $data['type'] : ''); + + if($msgtype === 'ping') { + + // Useful to get a health check on a remote site. + // This will let us know if any important communication details + // that we may have stored are no longer valid, regardless of xchan details. + logger('POST: got ping send pong now back: ' . z_root() , LOGGER_DEBUG ); + + $ret['success'] = true; + $ret['site'] = array(); + $ret['site']['url'] = z_root(); + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),get_config('system','prvkey'))); + $ret['site']['sitekey'] = get_config('system','pubkey'); + json_return_and_die($ret); + } + + + if($msgtype === 'pickup') { + + /* + * The 'pickup' message arrives with a tracking ID which is associated with a particular outq_hash + * First verify that that the returned signatures verify, then check that we have an outbound queue item + * with the correct hash. + * If everything verifies, find any/all outbound messages in the queue for this hubloc and send them back + */ + + if((! $data['secret']) || (! $data['secret_sig'])) { + $ret['message'] = 'no verification signature'; + logger('mod_zot: pickup: ' . $ret['message'], LOGGER_DEBUG); + json_return_and_die($ret); + } + $r = q("select distinct hubloc_sitekey from hubloc where hubloc_url = '%s' and hubloc_callback = '%s' and hubloc_sitekey != '' group by hubloc_sitekey ", + dbesc($data['url']), + dbesc($data['callback']) + ); + if(! $r) { + $ret['message'] = 'site not found'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + + foreach ($r as $hubsite) { + + // verify the url_sig + // If the server was re-installed at some point, there could be multiple hubs with the same url and callback. + // Only one will have a valid key. + + $forgery = true; + $secret_fail = true; + + $sitekey = $hubsite['hubloc_sitekey']; + + logger('mod_zot: Checking sitekey: ' . $sitekey, LOGGER_DATA); + + if(rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) { + $forgery = false; + } + if(rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) { + $secret_fail = false; + } + if((! $forgery) && (! $secret_fail)) + break; + } + + if($forgery) { + $ret['message'] = 'possible site forgery'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + + if($secret_fail) { + $ret['message'] = 'secret validation failed'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + + /* + * If we made it to here, the signatures verify, but we still don't know if the tracking ID is valid. + * It wouldn't be an error if the tracking ID isn't found, because we may have sent this particular + * queue item with another pickup (after the tracking ID for the other pickup was verified). + */ + + $r = q("select outq_posturl from outq where outq_hash = '%s' and outq_posturl = '%s' limit 1", + dbesc($data['secret']), + dbesc($data['callback']) + ); + if(! $r) { + $ret['message'] = 'nothing to pick up'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + + /* + * Everything is good if we made it here, so find all messages that are going to this location + * and send them all. + */ + + $r = q("select * from outq where outq_posturl = '%s'", + dbesc($data['callback']) + ); + if($r) { + logger('mod_zot: successful pickup message received from ' . $data['callback'] . ' ' . count($r) . ' message(s) picked up', LOGGER_DEBUG); + + $ret['success'] = true; + $ret['pickup'] = array(); + foreach($r as $rr) { + if($rr['outq_msg']) { + $x = json_decode($rr['outq_msg'],true); + + if(! $x) + continue; + + if(array_key_exists('message_list',$x)) { + foreach($x['message_list'] as $xx) { + $ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => $xx); + } + } + else + $ret['pickup'][] = array('notify' => json_decode($rr['outq_notify'],true),'message' => $x); + + $x = q("delete from outq where outq_hash = '%s'", + dbesc($rr['outq_hash']) + ); + } + } + } + + $encrypted = crypto_encapsulate(json_encode($ret),$sitekey); + json_return_and_die($encrypted); + + /* pickup: end */ + } + + + /* + * All other message types require us to verify the sender. This is a generic check, so we + * will do it once here and bail if anything goes wrong. + */ + + if (array_key_exists('sender',$data)) { + $sender = $data['sender']; + } + + /* Check if the sender is already verified here */ + + $hub = zot_gethub($sender); + + if (! $hub) { + + /* Have never seen this guid or this guid coming from this location. Check it and register it. */ + + // (!!) this will validate the sender + $result = zot_register_hub($sender); + + if ((! $result['success']) || (! ($hub = zot_gethub($sender)))) { + $ret['message'] = 'Hub not available.'; + logger('mod_zot: no hub'); + json_return_and_die($ret); + } + } + + + // Update our DB to show when we last communicated successfully with this hub + // This will allow us to prune dead hubs from using up resources + + $r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d", + dbesc(datetime_convert()), + intval($hub['hubloc_id']) + ); + + // a dead hub came back to life - reset any tombstones we might have + + if(intval($hub['hubloc_error'])) { + q("update hubloc set hubloc_error = 0 where hubloc_id = %d", + intval($hub['hubloc_id']) + ); + if(intval($r[0]['hubloc_orphancheck'])) { + q("update hubloc set hubloc_orhpancheck = 0 where hubloc_id = %d", + intval($hub['hubloc_id']) + ); + } + q("update xchan set xchan_orphan = 0 where xchan_orphan = 1 and xchan_hash = '%s'", + dbesc($hub['hubloc_hash']) + ); + } + + + /* + * This hub has now been proven to be valid. + * Any hub with the same URL and a different sitekey cannot be valid. + * Get rid of them (mark them deleted). There's a good chance they were re-installs. + */ + + q("update hubloc set hubloc_deleted = 1 where hubloc_url = '%s' and hubloc_sitekey != '%s' ", + dbesc($hub['hubloc_url']), + dbesc($hub['hubloc_sitekey']) + ); + + /** @TODO check which hub is primary and take action if mismatched */ + + if (array_key_exists('recipients', $data)) + $recipients = $data['recipients']; + + + if ($msgtype === 'auth_check') { + + /* + * Requestor visits /magic/?dest=somewhere on their own site with a browser + * magic redirects them to $destsite/post [with auth args....] + * $destsite sends an auth_check packet to originator site + * The auth_check packet is handled here by the originator's site + * - the browser session is still waiting + * inside $destsite/post for everything to verify + * If everything checks out we'll return a token to $destsite + * and then $destsite will verify the token, authenticate the browser + * session and then redirect to the original destination. + * If authentication fails, the redirection to the original destination + * will still take place but without authentication. + */ + logger('mod_zot: auth_check', LOGGER_DEBUG); + + if (! $encrypted_packet) { + logger('mod_zot: auth_check packet was not encrypted.'); + $ret['message'] .= 'no packet encryption' . EOL; + json_return_and_die($ret); + } + + $arr = $data['sender']; + $sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); + + // garbage collect any old unused notifications + + // This was and should be 10 minutes but my hosting provider has time lag between the DB and + // the web server. We should probably convert this to webserver time rather than DB time so + // that the different clocks won't affect it and allow us to keep the time short. + + q("delete from verify where type = 'auth' and created < %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('30 MINUTE') + ); + + $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", + dbesc($sender_hash) + ); + + // We created a unique hash in mod/magic.php when we invoked remote auth, and stored it in + // the verify table. It is now coming back to us as 'secret' and is signed by a channel at the other end. + // First verify their signature. We will have obtained a zot-info packet from them as part of the sender + // verification. + + if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { + logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); + $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; + json_return_and_die($ret); + } + + // There should be exactly one recipient, the original auth requestor + + $ret['message'] .= 'recipients ' . print_r($recipients,true) . EOL; + + if ($data['recipients']) { + + $arr = $data['recipients'][0]; + $recip_hash = make_xchan_hash($arr['guid'], $arr['guid_sig']); + $c = q("select channel_id, channel_account_id, channel_prvkey from channel where channel_hash = '%s' limit 1", + dbesc($recip_hash) + ); + if (! $c) { + logger('mod_zot: auth_check: recipient channel not found.'); + $ret['message'] .= 'recipient not found.' . EOL; + json_return_and_die($ret); + } + + $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); + + // This additionally checks for forged sites since we already stored the expected result in meta + // and we've already verified that this is them via zot_gethub() and that their key signed our token + + $z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' and meta = '%s' limit 1", + intval($c[0]['channel_id']), + dbesc($data['secret']), + dbesc($data['sender']['url']) + ); + if (! $z) { + logger('mod_zot: auth_check: verification key not found.'); + $ret['message'] .= 'verification key not found' . EOL; + json_return_and_die($ret); + } + $r = q("delete from verify where id = %d", + intval($z[0]['id']) + ); + + $u = q("select account_service_class from account where account_id = %d limit 1", + intval($c[0]['channel_account_id']) + ); + + logger('mod_zot: auth_check: success', LOGGER_DEBUG); + $ret['success'] = true; + $ret['confirm'] = $confirm; + if ($u && $u[0]['account_service_class']) + $ret['service_class'] = $u[0]['account_service_class']; + + // Set "do not track" flag if this site or this channel's profile is restricted + // in some way + + if (intval(get_config('system','block_public'))) + $ret['DNT'] = true; + if (! perm_is_allowed($c[0]['channel_id'],'','view_profile')) + $ret['DNT'] = true; + if (get_pconfig($c[0]['channel_id'],'system','do_not_track')) + $ret['DNT'] = true; + if (get_pconfig($c[0]['channel_id'],'system','hide_online_status')) + $ret['DNT'] = true; + + json_return_and_die($ret); + } + json_return_and_die($ret); + } + + if ($msgtype === 'request') { + // request a particular post/conversation by message_id + $x = zot_process_message_request($data); + json_return_and_die($x); + } + + if ($msgtype === 'purge') { + if ($recipients) { + // basically this means "unfriend" + foreach ($recipients as $recip) { + $r = q("select channel.*,xchan.* from channel + left join xchan on channel_hash = xchan_hash + where channel_guid = '%s' and channel_guid_sig = '%s' limit 1", + dbesc($recip['guid']), + dbesc($recip['guid_sig']) + ); + if ($r) { + $r = q("select abook_id from abook where uid = %d and abook_xchan = '%s' limit 1", + intval($r[0]['channel_id']), + dbesc(make_xchan_hash($sender['guid'],$sender['guid_sig'])) + ); + if ($r) { + contact_remove($r[0]['channel_id'],$r[0]['abook_id']); + } + } + } + } else { + // Unfriend everybody - basically this means the channel has committed suicide + $arr = $data['sender']; + $sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']); + + require_once('include/Contact.php'); + remove_all_xchan_resources($sender_hash); + + $ret['success'] = true; + json_return_and_die($ret); + } + } + + if (($msgtype === 'refresh') || ($msgtype === 'force_refresh')) { + + // remote channel info (such as permissions or photo or something) + // has been updated. Grab a fresh copy and sync it. + // The difference between refresh and force_refresh is that + // force_refresh unconditionally creates a directory update record, + // even if no changes were detected upon processing. + + if ($recipients) { + + // This would be a permissions update, typically for one connection + + foreach ($recipients as $recip) { + $r = q("select channel.*,xchan.* from channel + left join xchan on channel_hash = xchan_hash + where channel_guid = '%s' and channel_guid_sig = '%s' limit 1", + dbesc($recip['guid']), + dbesc($recip['guid_sig']) + ); + + $x = zot_refresh(array( + 'xchan_guid' => $sender['guid'], + 'xchan_guid_sig' => $sender['guid_sig'], + 'hubloc_url' => $sender['url'] + ), $r[0], (($msgtype === 'force_refresh') ? true : false)); + } + } else { + + // system wide refresh + + $x = zot_refresh(array( + 'xchan_guid' => $sender['guid'], + 'xchan_guid_sig' => $sender['guid_sig'], + 'hubloc_url' => $sender['url'] + ), null, (($msgtype === 'force_refresh') ? true : false)); + } + $ret['success'] = true; + json_return_and_die($ret); + } + + if ($msgtype === 'notify') { + + logger('notify received from ' . $hub['hubloc_url']); + + + $async = get_config('system','queued_fetch'); + + if ($async) { + // add to receive queue + // qreceive_add($data); + } else { + $x = zot_fetch($data); + $ret['delivery_report'] = $x; + } + + $ret['success'] = true; + json_return_and_die($ret); + } + + // catchall + json_return_and_die($ret); +} diff --git a/mod/prate.php b/mod/prate.php new file mode 100644 index 000000000..b89d16f42 --- /dev/null +++ b/mod/prate.php @@ -0,0 +1,99 @@ +<?php + +function prate_init(&$a) { + if($_SERVER['REQUEST_METHOD'] === 'post') + return; + + if(! local_channel()) + return; + + $channel = $a->get_channel(); + + $target = argv(1); + if(! $target) + return; + + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", + dbesc($channel['channel_hash']), + dbesc($target) + ); + if($r) + json_return_and_die(array('rating' => $r[0]['xlink_rating'],'rating_text' => $r[0]['xlink_rating_text'])); + killme(); +} + +function prate_post(&$a) { + + if(! local_channel()) + return; + + $channel = $a->get_channel(); + + $target = trim($_REQUEST['target']); + if(! $target) + return; + + if($target === $channel['channel_hash']) + return; + + $rating = intval($_POST['rating']); + if($rating < (-10)) + $rating = (-10); + if($rating > 10) + $rating = 10; + + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); + + $signed = $target . '.' . $rating . '.' . $rating_text; + + $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); + + + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", + dbesc($channel['channel_hash']), + dbesc($target) + ); + if($z) { + $record = $z[0]['xlink_id']; + $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' + where xlink_id = %d", + intval($rating), + dbesc($rating_text), + dbesc($sig), + dbesc(datetime_convert()), + intval($record) + ); + } + else { + $w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", + dbesc($channel['channel_hash']), + dbesc($target), + intval($rating), + dbesc($rating_text), + dbesc($sig), + dbesc(datetime_convert()) + ); + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", + dbesc($channel['channel_hash']), + dbesc($orig_record[0]['abook_xchan']) + ); + if($z) + $record = $z[0]['xlink_id']; + } + if($record) { + proc_run('php','include/ratenotif.php','rating',$record); + } + + json_return_and_die(array('result' => true));; +} + + + + + + + + + + + diff --git a/mod/pretheme.php b/mod/pretheme.php new file mode 100644 index 000000000..1974f5f00 --- /dev/null +++ b/mod/pretheme.php @@ -0,0 +1,22 @@ +<?php + +function pretheme_init(&$a) { + + if($_REQUEST['theme']) { + $theme = $_REQUEST['theme']; + $info = get_theme_info($theme); + if($info) { + // unfortunately there will be no translation for this string + $desc = $info['description']; + $version = $info['version']; + $credits = $info['credits']; + } + else { + $desc = ''; + $version = ''; + $credits = ''; + } + echo json_encode(array('img' => get_theme_screenshot($theme), 'desc' => $desc, 'version' => $version, 'credits' => $credits)); + } + killme(); +} diff --git a/mod/probe.php b/mod/probe.php new file mode 100644 index 000000000..62a2227b0 --- /dev/null +++ b/mod/probe.php @@ -0,0 +1,41 @@ +<?php + +require_once('include/zot.php'); + +function probe_content(&$a) { + + $o .= '<h3>Probe Diagnostic</h3>'; + + $o .= '<form action="probe" method="get">'; + $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" />'; + $o .= '<input type="submit" name="submit" value="Submit" /></form>'; + + $o .= '<br /><br />'; + + if(x($_GET,'addr')) { + $channel = $a->get_channel(); + $addr = trim($_GET['addr']); + $do_import = ((intval($_GET['import']) && is_site_admin()) ? true : false); + $res = zot_finger($addr,$channel,false); + $o .= '<pre>'; + if($res['success']) + $j = json_decode($res['body'],true); + else { + $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n"); + $o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n"; + $res = zot_finger($addr,$channel,true); + if($res['success']) + $j = json_decode($res['body'],true); + else + $o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n"); + + } + if($do_import && $j) + $x = import_xchan($j); + if($j && $j['permissions'] && $j['permissions']['iv']) + $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); + $o .= str_replace("\n",'<br />',print_r($j,true)); + $o .= '</pre>'; + } + return $o; +} diff --git a/mod/profile.php b/mod/profile.php new file mode 100644 index 000000000..430d039e9 --- /dev/null +++ b/mod/profile.php @@ -0,0 +1,83 @@ +<?php /** @file */ + +require_once('include/contact_widgets.php'); +require_once('include/items.php'); +require_once("include/bbcode.php"); +require_once('include/security.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + + +function profile_init(&$a) { + + if(argc() > 1) + $which = argv(1); + else { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $profile = ''; + $channel = $a->get_channel(); + + if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + $profile = argv(1); + $r = q("select profile_guid from profile where id = %d and uid = %d limit 1", + intval($profile), + intval(local_channel()) + ); + if(! $r) + $profile = ''; + $profile = $r[0]['profile_guid']; + } + + $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which .'" />' . "\r\n" ; + + if(! $profile) { + $x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", + dbesc(argv(1)) + ); + if($x) { + $a->profile = $x[0]; + } + } + + profile_load($a,$which,$profile); + + +} + +function profile_content(&$a, $update = 0) { + + if(get_config('system','block_public') && (! get_account_id()) && (! remote_channel())) { + return login(); + } + + $groups = array(); + + $tab = 'profile'; + $o = ''; + + if(! (perm_is_allowed($a->profile['profile_uid'],get_observer_hash(), 'view_profile'))) { + notice( t('Permission denied.') . EOL); + return; + } + + + $is_owner = ((local_channel()) && (local_channel() == $a->profile['profile_uid']) ? true : false); + + if($a->profile['hidewall'] && (! $is_owner) && (! remote_channel())) { + notice( t('Permission denied.') . EOL); + return; + } + + $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); + + + $o .= advanced_profile($a); + call_hooks('profile_advanced',$o); + return $o; + +} diff --git a/mod/profile_photo.php b/mod/profile_photo.php new file mode 100644 index 000000000..de2a538f1 --- /dev/null +++ b/mod/profile_photo.php @@ -0,0 +1,427 @@ +<?php + +/* @file profile_photo.php + @brief Module-file with functions for handling of profile-photos + +*/ + +require_once('include/photo/photo_driver.php'); + +/* @brief Function for sync'ing permissions of profile-photos and their profile +* +* @param $profileid The id number of the profile to sync +* @return void +*/ + +function profile_photo_set_profile_perms($profileid = '') { + + $allowcid = ''; + if (x($profileid)) { + + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.id = %d OR profile.profile_guid = '%s' LIMIT 1", intval($profileid), dbesc($profileid)); + + } else { + + logger('Resetting permissions on default-profile-photo for user'.local_channel()); + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.uid = %d AND is_default = 1 LIMIT 1", intval(local_channel()) ); //If no profile is given, we update the default profile + } + + $profile = $r[0]; + if(x($profile['id']) && x($profile['photo'])) { + preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id); + $resource_id = $resource_id[0]; + + if (intval($profile['is_default']) != 1) { + $r0 = q("SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1", intval(local_channel()) ); + $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%d' ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. + $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid'])); + $allowcid = "<" . $r0[0]['channel_hash'] . ">"; + foreach ($r1 as $entry) { + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + foreach ($r2 as $entry) { + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + + q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['uid'])); + + } else { + q("UPDATE `photo` SET allow_cid = '' WHERE profile = 1 AND uid = %d",intval($profile['uid'])); //Reset permissions on default profile picture to public + } + } + + return; +} + +/* @brief Initalize the profile-photo edit view + * + * @param $a Current application + * @return void + * + */ + +function profile_photo_init(&$a) { + + if(! local_channel()) { + return; + } + + $channel = $a->get_channel(); + profile_load($a,$channel['channel_address']); + +} + +/* @brief Evaluate posted values + * + * @param $a Current application + * @return void + * + */ + +function profile_photo_post(&$a) { + + if(! local_channel()) { + return; + } + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + + if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { + + // unless proven otherwise + $is_default_profile = 1; + + if($_REQUEST['profile']) { + $r = q("select id, is_default from profile where id = %d and uid = %d limit 1", + intval($_REQUEST['profile']), + intval(local_channel()) + ); + if(($r) && (! intval($r[0]['is_default']))) + $is_default_profile = 0; + } + + + + // phase 2 - we have finished cropping + + if(argc() != 2) { + notice( t('Image uploaded but image cropping failed.') . EOL ); + return; + } + + $image_id = argv(1); + + if(substr($image_id,-2,1) == '-') { + $scale = substr($image_id,-1,1); + $image_id = substr($image_id,0,-2); + } + + + $srcX = $_POST['xstart']; + $srcY = $_POST['ystart']; + $srcW = $_POST['xfinal'] - $srcX; + $srcH = $_POST['yfinal'] - $srcY; + + $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND scale = %d LIMIT 1", + dbesc($image_id), + dbesc(local_channel()), + intval($scale)); + + if($r) { + + $base_image = $r[0]; + $base_image['data'] = dbunescbin($base_image['data']); + + $im = photo_factory($base_image['data'], $base_image['type']); + if($im->is_valid()) { + + $im->cropImage(175,$srcX,$srcY,$srcW,$srcH); + + $aid = get_account_id(); + + $p = array('aid' => $aid, 'uid' => local_channel(), 'resource_id' => $base_image['resource_id'], + 'filename' => $base_image['filename'], 'album' => t('Profile Photos')); + + $p['scale'] = 4; + $p['photo_usage'] = (($is_default_profile) ? PHOTO_PROFILE : PHOTO_NORMAL); + + $r1 = $im->save($p); + + $im->scaleImage(80); + $p['scale'] = 5; + + $r2 = $im->save($p); + + $im->scaleImage(48); + $p['scale'] = 6; + + $r3 = $im->save($p); + + if($r1 === false || $r2 === false || $r3 === false) { + // if one failed, delete them all so we can start over. + notice( t('Image resize failed.') . EOL ); + $x = q("delete from photo where resource_id = '%s' and uid = %d and scale >= 4 ", + dbesc($base_image['resource_id']), + local_channel() + ); + return; + } + + // If setting for the default profile, unset the profile photo flag from any other photos I own + + if($is_default_profile) { + $r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d + AND resource_id != '%s' AND `uid` = %d", + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE), + dbesc($base_image['resource_id']), + intval(local_channel()) + ); + } + else { + $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d", + dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-4'), + dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-5'), + intval($_REQUEST['profile']), + intval(local_channel()) + ); + } + + // We'll set the updated profile-photo timestamp even if it isn't the default profile, + // so that browsers will do a cache update unconditionally + + $channel = $a->get_channel(); + + $r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' + where xchan_hash = '%s'", + dbesc($im->getType()), + dbesc(datetime_convert()), + dbesc($channel['xchan_hash']) + ); + + info( t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL); + + // Update directory in background + proc_run('php',"include/directory.php",$channel['channel_id']); + + // Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures' + + profile_photo_set_profile_perms($_REQUEST['profile']); + + } + else + notice( t('Unable to process image') . EOL); + } + + goaway($a->get_baseurl() . '/profiles'); + return; // NOTREACHED + } + + + + $hash = photo_new_resource(); + $smallest = 0; + + require_once('include/attach.php'); + + $res = attach_store($a->get_channel(), get_observer_hash(), '', array('album' => t('Profile Photos'), 'hash' => $hash)); + + logger('attach_store: ' . print_r($res,true)); + + if($res && intval($res['data']['is_photo'])) { + $i = q("select * from photo where resource_id = '%s' and uid = %d order by scale", + dbesc($hash), + intval(local_channel()) + ); + + if(! $i) { + notice( t('Image upload failed.') . EOL ); + return; + } + foreach($i as $ii) { + if(intval($ii['scale']) < 2) { + $smallest = intval($ii['scale']); + $imagedata = $ii['data']; + $filetype = $ii['type']; + } + } + } + +// $imagedata = @file_get_contents($src); + $ph = photo_factory($imagedata, $filetype); + + if(! $ph->is_valid()) { + notice( t('Unable to process image.') . EOL ); + return; + } + + return profile_photo_crop_ui_head($a, $ph, $hash, $smallest); + +} + +/* @brief Generate content of profile-photo view + * + * @param $a Current application + * @return void + * + */ + + +function profile_photo_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL ); + return; + } + + $channel = $a->get_channel(); + + $newuser = false; + + if(argc() == 2 && argv(1) === 'new') + $newuser = true; + + if(argv(1) === 'use') { + if (argc() < 3) { + notice( t('Permission denied.') . EOL ); + return; + }; + +// check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + + $resource_id = argv(2); + + + $r = q("SELECT id, album, scale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY scale ASC", + intval(local_channel()), + dbesc($resource_id) + ); + if(! $r) { + notice( t('Photo not available.') . EOL ); + return; + } + $havescale = false; + foreach($r as $rr) { + if($rr['scale'] == 5) + $havescale = true; + } + + // set an already loaded photo as profile photo + + if(($r[0]['album'] == t('Profile Photos')) && ($havescale)) { + // unset any existing profile photos + $r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d AND uid = %d", + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE), + intval(local_channel())); + + $r = q("UPDATE photo SET photo_usage = %d WHERE uid = %d AND resource_id = '%s'", + intval(PHOTO_PROFILE), + intval(local_channel()), + dbesc($resource_id) + ); + + $r = q("UPDATE xchan set xchan_photo_date = '%s' + where xchan_hash = '%s'", + dbesc(datetime_convert()), + dbesc($channel['xchan_hash']) + ); + + profile_photo_set_profile_perms(); //Reset default photo permissions to public + proc_run('php','include/directory.php',local_channel()); + goaway($a->get_baseurl() . '/profiles'); + } + + $r = q("SELECT `data`, `type` FROM photo WHERE id = %d and uid = %d limit 1", + intval($r[0]['id']), + intval(local_channel()) + + ); + if(! $r) { + notice( t('Photo not available.') . EOL ); + return; + } + + $ph = photo_factory(dbunescbin($r[0]['data']), $r[0]['type']); + // go ahead as if we have just uploaded a new photo to crop + profile_photo_crop_ui_head($a, $ph); + } + + $profiles = q("select id, profile_name as name, is_default from profile where uid = %d", + intval(local_channel()) + ); + + if(! x($a->data,'imagecrop')) { + + $tpl = get_markup_template('profile_photo.tpl'); + + $o .= replace_macros($tpl,array( + '$user' => $a->channel['channel_address'], + '$lbl_upfile' => t('Upload File:'), + '$lbl_profiles' => t('Select a profile:'), + '$title' => t('Upload Profile Photo'), + '$submit' => t('Upload'), + '$profiles' => $profiles, + '$form_security_token' => get_form_security_token("profile_photo"), +// FIXME - yuk + '$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>') + )); + + call_hooks('profile_photo_content_end', $o); + + return $o; + } + else { + $filename = $a->data['imagecrop'] . '-' . $a->data['imagecrop_resolution']; + $resolution = $a->data['imagecrop_resolution']; + $tpl = get_markup_template("cropbody.tpl"); + $o .= replace_macros($tpl,array( + '$filename' => $filename, + '$profile' => intval($_REQUEST['profile']), + '$resource' => $a->data['imagecrop'] . '-' . $a->data['imagecrop_resolution'], + '$image_url' => $a->get_baseurl() . '/photo/' . $filename, + '$title' => t('Crop Image'), + '$desc' => t('Please adjust the image cropping for optimum viewing.'), + '$form_security_token' => get_form_security_token("profile_photo"), + '$done' => t('Done Editing') + )); + return $o; + } + + return; // NOTREACHED +} + +/* @brief Generate the UI for photo-cropping + * + * @param $a Current application + * @param $ph Photo-Factory + * @return void + * + */ + + + +function profile_photo_crop_ui_head(&$a, $ph, $hash, $smallest){ + + $max_length = get_config('system','max_image_length'); + if(! $max_length) + $max_length = MAX_IMAGE_LENGTH; + if($max_length > 0) + $ph->scaleImage($max_length); + + $width = $ph->getWidth(); + $height = $ph->getHeight(); + + if($width < 175 || $height < 175) { + $ph->scaleImageUp(200); + $width = $ph->getWidth(); + $height = $ph->getHeight(); + } + + + $a->data['imagecrop'] = $hash; + $a->data['imagecrop_resolution'] = $smallest; + $a->page['htmlhead'] .= replace_macros(get_markup_template("crophead.tpl"), array()); + return; +} + diff --git a/mod/profiles.php b/mod/profiles.php new file mode 100644 index 000000000..19e5ffc50 --- /dev/null +++ b/mod/profiles.php @@ -0,0 +1,798 @@ +<?php + + +function profiles_init(&$a) { + + nav_set_selected('profiles'); + + if(! local_channel()) { + return; + } + + if((argc() > 2) && (argv(1) === "drop") && intval(argv(2))) { + $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is_default` = 0 LIMIT 1", + intval(argv(2)), + intval(local_channel()) + ); + if(! count($r)) { + notice( t('Profile not found.') . EOL); + goaway($a->get_baseurl(true) . '/profiles'); + return; // NOTREACHED + } + $profile_guid = $r['profile_guid']; + + check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't'); + + // move every contact using this profile as their default to the user default + + $r = q("UPDATE abook SET abook_profile = (SELECT profile_guid AS FROM profile WHERE is_default = 1 AND uid = %d LIMIT 1) WHERE abook_profile = '%s' AND abook_channel = %d ", + intval(local_channel()), + dbesc($profile_guid), + intval(local_channel()) + ); + $r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d", + intval(argv(2)), + intval(local_channel()) + ); + if($r) + info( t('Profile deleted.') . EOL); + + goaway($a->get_baseurl(true) . '/profiles'); + return; // NOTREACHED + } + + + + + + if((argc() > 1) && (argv(1) === 'new')) { + +// check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't'); + + $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d", + intval(local_channel())); + $num_profiles = count($r0); + + $name = t('Profile-') . ($num_profiles + 1); + + $r1 = q("SELECT `name`, `photo`, `thumb` FROM `profile` WHERE `uid` = %d AND `is_default` = 1 LIMIT 1", + intval(local_channel())); + + $r2 = q("INSERT INTO `profile` (`aid`, `uid` , `profile_guid`, `profile_name` , `name`, `photo`, `thumb`) + VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s' )", + intval(get_account_id()), + intval(local_channel()), + dbesc(random_string()), + dbesc($name), + dbesc($r1[0]['name']), + dbesc($r1[0]['photo']), + dbesc($r1[0]['thumb']) + ); + + $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile_name` = '%s' LIMIT 1", + intval(local_channel()), + dbesc($name) + ); + + info( t('New profile created.') . EOL); + if(count($r3) == 1) + goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']); + + goaway($a->get_baseurl(true) . '/profiles'); + } + + if((argc() > 2) && (argv(1) === 'clone')) { + + check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't'); + + $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d", + intval(local_channel())); + $num_profiles = count($r0); + + $name = t('Profile-') . ($num_profiles + 1); + $r1 = q("SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval(local_channel()), + intval($a->argv[2]) + ); + if(! count($r1)) { + notice( t('Profile unavailable to clone.') . EOL); + $a->error = 404; + return; + } + unset($r1[0]['id']); + $r1[0]['is_default'] = 0; + $r1[0]['publish'] = 0; + $r1[0]['profile_name'] = dbesc($name); + $r1[0]['profile_guid'] = dbesc(random_string()); + + dbesc_array($r1[0]); + + $r2 = dbq("INSERT INTO `profile` (`" + . implode("`, `", array_keys($r1[0])) + . "`) VALUES ('" + . implode("', '", array_values($r1[0])) + . "')" ); + + $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile_name` = '%s' LIMIT 1", + intval(local_channel()), + dbesc($name) + ); + info( t('New profile created.') . EOL); + if(count($r3) == 1) + goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']); + + goaway($a->get_baseurl(true) . '/profiles'); + + return; // NOTREACHED + } + + if((argc() > 2) && (argv(1) === 'export')) { + + $r1 = q("SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d LIMIT 1", + intval(local_channel()), + intval(argv(2)) + ); + if(! $r1) { + notice( t('Profile unavailable to export.') . EOL); + $a->error = 404; + return; + } + header('content-type: application/octet_stream'); + header('content-disposition: attachment; filename="' . $r1[0]['profile_name'] . '.json"' ); + + unset($r1[0]['id']); + unset($r1[0]['aid']); + unset($r1[0]['uid']); + unset($r1[0]['is_default']); + unset($r1[0]['publish']); + unset($r1[0]['profile_name']); + unset($r1[0]['profile_guid']); + echo json_encode($r1[0]); + killme(); + } + + + + + // Run profile_load() here to make sure the theme is set before + // we start loading content + if(((argc() > 1) && (intval(argv(1)))) || !feature_enabled(local_channel(),'multi_profiles')) { + if(feature_enabled(local_channel(),'multi_profiles')) + $id = $a->argv[1]; + else { + $x = q("select id from profile where uid = %d and is_default = 1", + intval(local_channel()) + ); + if($x) + $id = $x[0]['id']; + } + $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($id), + intval(local_channel()) + ); + if(! count($r)) { + notice( t('Profile not found.') . EOL); + $a->error = 404; + return; + } + + $chan = $a->get_channel(); + + profile_load($a,$chan['channel_address'],$r[0]['id']); + } +} + +function profiles_post(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + require_once('include/activities.php'); + + $namechanged = false; + + call_hooks('profile_post', $_POST); + + // import from json export file. + // Only import fields that are allowed on this hub + + if(x($_FILES,'userfile')) { + $src = $_FILES['userfile']['tmp_name']; + $filesize = intval($_FILES['userfile']['size']); + if($filesize) { + $j = @json_decode(@file_get_contents($src),true); + @unlink($src); + if($j) { + $fields = get_profile_fields_advanced(); + if($fields) { + foreach($j as $jj => $v) { + foreach($fields as $f => $n) { + if($jj == $f) { + $_POST[$f] = $v; + break; + } + } + } + } + } + } + } + + + + if((argc() > 1) && (argv(1) !== "new") && intval(argv(1))) { + $orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($a->argv[1]), + intval(local_channel()) + ); + if(! count($orig)) { + notice( t('Profile not found.') . EOL); + return; + } + + check_form_security_token_redirectOnErr('/profiles', 'profile_edit'); + + $is_default = (($orig[0]['is_default']) ? 1 : 0); + + $profile_name = notags(trim($_POST['profile_name'])); + if(! strlen($profile_name)) { + notify( t('Profile Name is required.') . EOL); + return; + } + + $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; // FIXME: Needs to be validated? + + $y = substr($dob,0,4); + if((! ctype_digit($y)) || ($y < 1900)) + $ignore_year = true; + else + $ignore_year = false; + + if($dob != '0000-00-00') { + if(strpos($dob,'0000-') === 0) { + $ignore_year = true; + $dob = substr($dob,5); + } + $dob = datetime_convert('UTC','UTC',(($ignore_year) ? '1900-' . $dob : $dob),(($ignore_year) ? 'm-d' : 'Y-m-d')); + if($ignore_year) + $dob = '0000-' . $dob; + } + + $name = escape_tags(trim($_POST['name'])); + + if($orig[0]['name'] != $name) + $namechanged = true; + + $pdesc = escape_tags(trim($_POST['pdesc'])); + $gender = escape_tags(trim($_POST['gender'])); + $address = escape_tags(trim($_POST['address'])); + $locality = escape_tags(trim($_POST['locality'])); + $region = escape_tags(trim($_POST['region'])); + $postal_code = escape_tags(trim($_POST['postal_code'])); + $country_name = escape_tags(trim($_POST['country_name'])); + $keywords = escape_tags(trim($_POST['keywords'])); + $marital = escape_tags(trim($_POST['marital'])); + $howlong = escape_tags(trim($_POST['howlong'])); + $sexual = escape_tags(trim($_POST['sexual'])); + $homepage = escape_tags(trim($_POST['homepage'])); + $hometown = escape_tags(trim($_POST['hometown'])); + $politic = escape_tags(trim($_POST['politic'])); + $religion = escape_tags(trim($_POST['religion'])); + + $likes = fix_mce_lf(escape_tags(trim($_POST['likes']))); + $dislikes = fix_mce_lf(escape_tags(trim($_POST['dislikes']))); + + $about = fix_mce_lf(escape_tags(trim($_POST['about']))); + $interest = fix_mce_lf(escape_tags(trim($_POST['interest']))); + $contact = fix_mce_lf(escape_tags(trim($_POST['contact']))); + $channels = fix_mce_lf(escape_tags(trim($_POST['channels']))); + $music = fix_mce_lf(escape_tags(trim($_POST['music']))); + $book = fix_mce_lf(escape_tags(trim($_POST['book']))); + $tv = fix_mce_lf(escape_tags(trim($_POST['tv']))); + $film = fix_mce_lf(escape_tags(trim($_POST['film']))); + $romance = fix_mce_lf(escape_tags(trim($_POST['romance']))); + $work = fix_mce_lf(escape_tags(trim($_POST['work']))); + $education = fix_mce_lf(escape_tags(trim($_POST['education']))); + + $hide_friends = ((intval($_POST['hide_friends'])) ? 1: 0); + + require_once('include/text.php'); + linkify_tags($a, $likes, local_channel()); + linkify_tags($a, $dislikes, local_channel()); + linkify_tags($a, $about, local_channel()); + linkify_tags($a, $interest, local_channel()); + linkify_tags($a, $interest, local_channel()); + linkify_tags($a, $contact, local_channel()); + linkify_tags($a, $channels, local_channel()); + linkify_tags($a, $music, local_channel()); + linkify_tags($a, $book, local_channel()); + linkify_tags($a, $tv, local_channel()); + linkify_tags($a, $film, local_channel()); + linkify_tags($a, $romance, local_channel()); + linkify_tags($a, $work, local_channel()); + linkify_tags($a, $education, local_channel()); + + + $with = ((x($_POST,'with')) ? escape_tags(trim($_POST['with'])) : ''); + + if(! strlen($howlong)) + $howlong = NULL_DATE; + else + $howlong = datetime_convert(date_default_timezone_get(),'UTC',$howlong); + + // linkify the relationship target if applicable + + $withchanged = false; + + if(strlen($with)) { + if($with != strip_tags($orig[0]['with'])) { + $withchanged = true; + $prf = ''; + $lookup = $with; + if(strpos($lookup,'@') === 0) + $lookup = substr($lookup,1); + $lookup = str_replace('_',' ', $lookup); + $newname = $lookup; + + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", + dbesc($newname), + intval(local_channel()) + ); + if(! $r) { + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_addr = '%s' AND abook_channel = %d LIMIT 1", + dbesc($lookup . '@%'), + intval(local_channel()) + ); + } + if($r) { + $prf = $r[0]['xchan_url']; + $newname = $r[0]['xchan_name']; + } + + + if($prf) { + $with = str_replace($lookup,'<a href="' . $prf . '">' . $newname . '</a>', $with); + if(strpos($with,'@') === 0) + $with = substr($with,1); + } + } + else + $with = $orig[0]['with']; + } + + $profile_fields_basic = get_profile_fields_basic(); + $profile_fields_advanced = get_profile_fields_advanced(); + $advanced = ((feature_enabled(local_channel(),'advanced_profiles')) ? true : false); + if($advanced) + $fields = $profile_fields_advanced; + else + $fields = $profile_fields_basic; + + $z = q("select * from profdef where true"); + if($z) { + foreach($z as $zz) { + if(array_key_exists($zz['field_name'],$fields)) { + $w = q("select * from profext where channel_id = %d and hash = '%s' and k = '%s' limit 1", + intval(local_channel()), + dbesc($orig[0]['profile_guid']), + dbesc($zz['field_name']) + ); + if($w) { + q("update profext set v = '%s' where id = %d", + dbesc(escape_tags(trim($_POST[$zz['field_name']]))), + intval($w[0]['id']) + ); + } + else { + q("insert into profext ( channel_id, hash, k, v ) values ( %d, '%s', '%s', '%s') ", + intval(local_channel()), + dbesc($orig[0]['profile_guid']), + dbesc($zz['field_name']), + dbesc(escape_tags(trim($_POST[$zz['field_name']]))) + ); + } + } + } + } + + $changes = array(); + $value = ''; + if($is_default) { + if($marital != $orig[0]['marital']) { + $changes[] = '[color=#ff0000]♥[/color] ' . t('Marital Status'); + $value = $marital; + } + if($withchanged) { + $changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner'); + $value = strip_tags($with); + } + if($likes != $orig[0]['likes']) { + $changes[] = t('Likes'); + $value = $likes; + } + if($dislikes != $orig[0]['dislikes']) { + $changes[] = t('Dislikes'); + $value = $dislikes; + } + if($work != $orig[0]['work']) { + $changes[] = t('Work/Employment'); + } + if($religion != $orig[0]['religion']) { + $changes[] = t('Religion'); + $value = $religion; + } + if($politic != $orig[0]['politic']) { + $changes[] = t('Political Views'); + $value = $politic; + } + if($gender != $orig[0]['gender']) { + $changes[] = t('Gender'); + $value = $gender; + } + if($sexual != $orig[0]['sexual']) { + $changes[] = t('Sexual Preference'); + $value = $sexual; + } + if($homepage != $orig[0]['homepage']) { + $changes[] = t('Homepage'); + $value = $homepage; + } + if($interest != $orig[0]['interest']) { + $changes[] = t('Interests'); + $value = $interest; + } + if($address != $orig[0]['address']) { + $changes[] = t('Address'); + // New address not sent in notifications, potential privacy issues + // in case this leaks to unintended recipients. Yes, it's in the public + // profile but that doesn't mean we have to broadcast it to everybody. + } + if($locality != $orig[0]['locality'] || $region != $orig[0]['region'] + || $country_name != $orig[0]['country_name']) { + $changes[] = t('Location'); + $comma1 = ((($locality) && ($region || $country_name)) ? ', ' : ' '); + $comma2 = (($region && $country_name) ? ', ' : ''); + $value = $locality . $comma1 . $region . $comma2 . $country_name; + } + + profile_activity($changes,$value); + + } + + $r = q("UPDATE `profile` + SET `profile_name` = '%s', + `name` = '%s', + `pdesc` = '%s', + `gender` = '%s', + `dob` = '%s', + `address` = '%s', + `locality` = '%s', + `region` = '%s', + `postal_code` = '%s', + `country_name` = '%s', + `marital` = '%s', + `with` = '%s', + `howlong` = '%s', + `sexual` = '%s', + `homepage` = '%s', + `hometown` = '%s', + `politic` = '%s', + `religion` = '%s', + `keywords` = '%s', + `likes` = '%s', + `dislikes` = '%s', + `about` = '%s', + `interest` = '%s', + `contact` = '%s', + `channels` = '%s', + `music` = '%s', + `book` = '%s', + `tv` = '%s', + `film` = '%s', + `romance` = '%s', + `work` = '%s', + `education` = '%s', + `hide_friends` = %d + WHERE `id` = %d AND `uid` = %d", + dbesc($profile_name), + dbesc($name), + dbesc($pdesc), + dbesc($gender), + dbesc($dob), + dbesc($address), + dbesc($locality), + dbesc($region), + dbesc($postal_code), + dbesc($country_name), + dbesc($marital), + dbesc($with), + dbesc($howlong), + dbesc($sexual), + dbesc($homepage), + dbesc($hometown), + dbesc($politic), + dbesc($religion), + dbesc($keywords), + dbesc($likes), + dbesc($dislikes), + dbesc($about), + dbesc($interest), + dbesc($contact), + dbesc($channels), + dbesc($music), + dbesc($book), + dbesc($tv), + dbesc($film), + dbesc($romance), + dbesc($work), + dbesc($education), + intval($hide_friends), + intval(argv(1)), + intval(local_channel()) + ); + + if($r) + info( t('Profile updated.') . EOL); + + $r = q("select * from profile where id = %d and uid = %d limit 1", + intval(argv(1)), + intval(local_channel()) + ); + if($r) { + require_once('include/zot.php'); + build_sync_packet(local_channel(),array('profile' => $r)); + } + + $channel = $a->get_channel(); + + if($namechanged && $is_default) { + $r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'", + dbesc($name), + dbesc(datetime_convert()), + dbesc($channel['xchan_hash']) + ); + } + + if($is_default) { + // reload the info for the sidebar widget - why does this not work? + profile_load($a,$channel['channel_address']); + proc_run('php','include/directory.php',local_channel()); + } + } +} + + + + +function profiles_content(&$a) { + + $o = ''; + + $channel = $a->get_channel(); + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + require_once('include/identity.php'); + + $profile_fields_basic = get_profile_fields_basic(); + $profile_fields_advanced = get_profile_fields_advanced(); + + if(((argc() > 1) && (intval(argv(1)))) || !feature_enabled(local_channel(),'multi_profiles')) { + if(feature_enabled(local_channel(),'multi_profiles')) + $id = $a->argv[1]; + else { + $x = q("select id from profile where uid = %d and is_default = 1", + intval(local_channel()) + ); + if($x) + $id = $x[0]['id']; + } + $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($id), + intval(local_channel()) + ); + if(! count($r)) { + notice( t('Profile not found.') . EOL); + return; + } + + require_once('include/profile_selectors.php'); + + + $editselect = 'none'; +// if(feature_enabled(local_channel(),'richtext')) +// $editselect = 'textareas'; + + $a->page['htmlhead'] .= replace_macros(get_markup_template('profed_head.tpl'), array( + '$baseurl' => $a->get_baseurl(true), + '$editselect' => $editselect, + )); + + $advanced = ((feature_enabled(local_channel(),'advanced_profiles')) ? true : false); + if($advanced) + $fields = $profile_fields_advanced; + else + $fields = $profile_fields_basic; + + + $opt_tpl = get_markup_template("profile_hide_friends.tpl"); + $hide_friends = replace_macros($opt_tpl,array('$field' => array( + 'hide_friends', + t('Hide your contact/friend list from viewers of this profile?'), + $r[0]['hide_friends'], + '', + ))); + + $q = q("select * from profdef where true"); + if($q) { + $extra_fields = array(); + + foreach($q as $qq) { + $mine = q("select v from profext where k = '%s' and hash = '%s' and channel_id = %d limit 1", + dbesc($qq['field_name']), + dbesc($r[0]['profile_guid']), + intval(local_channel()) + ); + + if(array_key_exists($qq['field_name'],$fields)) { + $extra_fields[] = array($qq['field_name'],$qq['field_desc'],(($mine) ? $mine[0]['v'] : ''), $qq['field_help']); + } + } + } + +//logger('extra_fields: ' . print_r($extra_fields,true)); + + $f = get_config('system','birthday_input_format'); + if(! $f) + $f = 'ymd'; + + $is_default = (($r[0]['is_default']) ? 1 : 0); + $tpl = get_markup_template("profile_edit.tpl"); + $o .= replace_macros($tpl,array( + + '$form_security_token' => get_form_security_token("profile_edit"), + '$profile_clone_link' => ((feature_enabled(local_channel(),'multi_profiles')) ? 'profiles/clone/' . $r[0]['id'] . '?t=' + . get_form_security_token("profile_clone") : ''), + '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' + . get_form_security_token("profile_drop"), + + '$fields' => $fields, + '$guid' => $r[0]['profile_guid'], + '$banner' => t('Edit Profile Details'), + '$submit' => t('Submit'), + '$viewprof' => t('View this profile'), + '$editvis' => t('Edit visibility'), + '$profpic' => t('Change Profile Photo'), + '$cr_prof' => t('Create a new profile using these settings'), + '$cl_prof' => t('Clone this profile'), + '$del_prof' => t('Delete this profile'), + '$exportable' => feature_enabled(local_channel(),'profile_export'), + '$lbl_import' => t('Import profile from file'), + '$lbl_export' => t('Export profile to file'), + '$lbl_profname' => t('Profile Name:'), + '$lbl_fullname' => t('Your Full Name:'), + '$lbl_title' => t('Title/Description:'), + '$lbl_gender' => t('Your Gender:'), + '$lbl_bd' => t("Birthday :"), + '$lbl_address' => t('Street Address:'), + '$lbl_city' => t('Locality/City:'), + '$lbl_zip' => t('Postal/Zip Code:'), + '$lbl_country' => t('Country:'), + '$lbl_region' => t('Region/State:'), + '$lbl_marital' => t('<span class="heart">♥</span> Marital Status:'), + '$lbl_with' => t("Who: \x28if applicable\x29"), + '$lbl_ex1' => t('Examples: cathy123, Cathy Williams, cathy@example.com'), + '$lbl_howlong' => t('Since [date]:'), + '$lbl_sexual' => t('Sexual Preference:'), + '$lbl_homepage' => t('Homepage URL:'), + '$lbl_hometown' => t('Hometown:'), + '$lbl_politic' => t('Political Views:'), + '$lbl_religion' => t('Religious Views:'), + '$lbl_pubkey' => t('Keywords:'), + '$lbl_likes' => t('Likes:'), + '$lbl_dislikes' => t('Dislikes:'), + '$lbl_ex2' => t('Example: fishing photography software'), + '$lbl_pubdsc' => t("Used in directory listings"), + '$lbl_about' => t('Tell us about yourself...'), + '$lbl_hobbies' => t('Hobbies/Interests'), + '$lbl_social' => t('Contact information and Social Networks'), + '$lbl_channels' => t('My other channels'), + '$lbl_music' => t('Musical interests'), + '$lbl_book' => t('Books, literature'), + '$lbl_tv' => t('Television'), + '$lbl_film' => t('Film/dance/culture/entertainment'), + '$lbl_love' => t('Love/romance'), + '$lbl_work' => t('Work/employment'), + '$lbl_school' => t('School/education'), + '$disabled' => (($is_default) ? 'onclick="return false;" style="color: #BBBBFF;"' : ''), + '$baseurl' => $a->get_baseurl(true), + '$profile_id' => $r[0]['id'], + '$profile_name' => $r[0]['profile_name'], + '$is_default' => $is_default, + '$default' => t('This is your default profile.') . EOL . translate_scope(map_scope($channel['channel_r_profile'])), + '$advanced' => $advanced, + '$name' => $r[0]['name'], + '$pdesc' => $r[0]['pdesc'], + '$dob' => dob($r[0]['dob']), + '$hide_friends' => $hide_friends, + '$address' => $r[0]['address'], + '$locality' => $r[0]['locality'], + '$region' => $r[0]['region'], + '$postal_code' => $r[0]['postal_code'], + '$country_name' => $r[0]['country_name'], + '$age' => ((intval($r[0]['dob'])) ? '(' . t('Age: ') . age($r[0]['dob'],$a->user['timezone'],$a->user['timezone']) . ')' : ''), + '$gender' => gender_selector($r[0]['gender']), + '$gender_min' => gender_selector_min($r[0]['gender']), + '$marital' => marital_selector($r[0]['marital']), + '$marital_min' => marital_selector_min($r[0]['marital']), + '$with' => $r[0]['with'], + '$howlong' => ($r[0]['howlong'] === NULL_DATE ? '' : datetime_convert('UTC',date_default_timezone_get(),$r[0]['howlong'])), + '$sexual' => sexpref_selector($r[0]['sexual']), + '$sexual_min' => sexpref_selector_min($r[0]['sexual']), + '$about' => $r[0]['about'], + '$homepage' => $r[0]['homepage'], + '$hometown' => $r[0]['hometown'], + '$politic' => $r[0]['politic'], + '$religion' => $r[0]['religion'], + '$keywords' => $r[0]['keywords'], + '$likes' => $r[0]['likes'], + '$dislikes' => $r[0]['dislikes'], + '$music' => $r[0]['music'], + '$book' => $r[0]['book'], + '$tv' => $r[0]['tv'], + '$film' => $r[0]['film'], + '$interest' => $r[0]['interest'], + '$romance' => $r[0]['romance'], + '$work' => $r[0]['work'], + '$education' => $r[0]['education'], + '$contact' => $r[0]['contact'], + '$channels' => $r[0]['channels'], + '$extra_fields' => $extra_fields, + )); + + $arr = array('profile' => $r[0], 'entry' => $o); + call_hooks('profile_edit', $arr); + + return $o; + } + else { + + $r = q("SELECT * FROM `profile` WHERE `uid` = %d", + local_channel()); + if(count($r)) { + + $tpl_header = get_markup_template('profile_listing_header.tpl'); + $o .= replace_macros($tpl_header,array( + '$header' => t('Edit/Manage Profiles'), + '$addstuff' => t('Add profile things'), + '$stuff_desc' => t('Include desirable objects in your profile'), + '$chg_photo' => t('Change profile photo'), + '$cr_new' => t('Create New Profile'), + '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new") + )); + + + $tpl = get_markup_template('profile_entry.tpl'); + + foreach($r as $rr) { + $o .= replace_macros($tpl, array( + '$photo' => $rr['thumb'], + '$id' => $rr['id'], + '$alt' => t('Profile Image'), + '$profile_name' => $rr['profile_name'], + '$visible' => (($rr['is_default']) + ? '<strong>' . translate_scope(map_scope($channel['channel_r_profile'])) . '</strong>' + : '<a href="' . $a->get_baseurl(true) . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>') + )); + } + + } + return $o; + } + +} diff --git a/mod/profperm.php b/mod/profperm.php new file mode 100644 index 000000000..4556119a4 --- /dev/null +++ b/mod/profperm.php @@ -0,0 +1,165 @@ +<?php + +require_once('include/Contact.php'); + +function profperm_init(&$a) { + + if(! local_channel()) + return; + + $channel = $a->get_channel(); + $which = $channel['channel_address']; + + $profile = $a->argv[1]; + + profile_load($a,$which,$profile); + +} + + +function profperm_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied') . EOL); + return; + } + + + if(argc() < 2) { + notice( t('Invalid profile identifier.') . EOL ); + return; + } + + // Switch to text mod interface if we have more than 'n' contacts or group members + + $switchtotext = get_pconfig(local_channel(),'system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = get_config('system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = 400; + + + if((argc() > 2) && intval(argv(1)) && intval(argv(2))) { + $r = q("SELECT abook_id FROM abook WHERE abook_id = %d and abook_channel = %d limit 1", + intval(argv(2)), + intval(local_channel()) + ); + if($r) + $change = intval(argv(2)); + } + + + if((argc() > 1) && (intval(argv(1)))) { + $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is_default` = 0 LIMIT 1", + intval(argv(1)), + intval(local_channel()) + ); + if(! $r) { + notice( t('Invalid profile identifier.') . EOL ); + return; + } + + $profile = $r[0]; + + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", + intval(local_channel()), + dbesc($profile['profile_guid']) + ); + + $ingroup = array(); + if($r) + foreach($r as $member) + $ingroup[] = $member['abook_id']; + + $members = $r; + + if($change) { + if(in_array($change,$ingroup)) { + q("UPDATE abook SET abook_profile = '' WHERE abook_id = %d AND abook_channel = %d", + intval($change), + intval(local_channel()) + ); + } + else { + q("UPDATE abook SET abook_profile = '%s' WHERE abook_id = %d AND abook_channel = %d", + dbesc($profile['profile_guid']), + intval($change), + intval(local_channel()) + ); + + } + + + //Time to update the permissions on the profile-pictures as well + require_once('mod/profile_photo.php'); + profile_photo_set_profile_perms($profile['id']); + + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_profile = '%s'", + intval(local_channel()), + dbesc($profile['profile_guid']) + ); + + $members = $r; + + $ingroup = array(); + if(count($r)) + foreach($r as $member) + $ingroup[] = $member['abook_id']; + } + + $o .= '<h2>' . t('Profile Visibility Editor') . '</h2>'; + + $o .= '<h3>' . t('Profile') . ' \'' . $profile['profile_name'] . '\'</h3>'; + + $o .= '<div id="prof-edit-desc">' . t('Click on a contact to add or remove.') . '</div>'; + + } + + $o .= '<div id="prof-update-wrapper">'; + if($change) + $o = ''; + + $o .= '<div id="prof-members-title">'; + $o .= '<h3>' . t('Visible To') . '</h3>'; + $o .= '</div>'; + $o .= '<div id="prof-members">'; + + $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); + + foreach($members as $member) { + if($member['xchan_url']) { + $member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['abook_id'] . '); return false;'; + $o .= micropro($member,true,'mpprof', $textmode); + } + } + $o .= '</div><div id="prof-members-end"></div>'; + $o .= '<hr id="prof-separator" />'; + + $o .= '<div id="prof-all-contcts-title">'; + $o .= '<h3>' . t("All Connections") . '</h3>'; + $o .= '</div>'; + $o .= '<div id="prof-all-contacts">'; + + $r = abook_connections(local_channel()); + + if($r) { + $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); + foreach($r as $member) { + if(! in_array($member['abook_id'],$ingroup)) { + $member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['abook_id'] . '); return false;'; + $o .= micropro($member,true,'mpprof',$textmode); + } + } + } + + $o .= '</div><div id="prof-all-contacts-end"></div>'; + + if($change) { + echo $o; + killme(); + } + $o .= '</div>'; + return $o; + +} + diff --git a/mod/public.php b/mod/public.php new file mode 100644 index 000000000..2106be7a6 --- /dev/null +++ b/mod/public.php @@ -0,0 +1,161 @@ +<?php + +require_once('include/conversation.php'); + +function public_content(&$a, $update = 0, $load = false) { + + if($load) + $_SESSION['loadtime'] = datetime_convert(); + + + if(get_config('system','block_public') && (! get_account_id()) && (! remote_channel())) { + return login(); + } + + + if(get_config('system','disable_discover_tab')) + return; + + $item_normal = item_normal(); + + if(! $update) { + + $maxheight = get_config('system','home_divmore_height'); + if(! $maxheight) + $maxheight = 75; + + $o .= '<div id="live-public"></div>' . "\r\n"; + $o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1)) + . "; var profile_page = " . $a->pager['page'] + . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; + + $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + '$baseurl' => z_root(), + '$pgtype' => 'public', + '$uid' => ((local_channel()) ? local_channel() : '0'), + '$gid' => '0', + '$cid' => '0', + '$cmin' => '0', + '$cmax' => '99', + '$star' => '0', + '$liked' => '0', + '$conv' => '0', + '$spam' => '0', + '$fh' => '1', + '$nouveau' => '0', + '$wall' => '0', + '$list' => '0', + '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), + '$search' => '', + '$order' => 'comment', + '$file' => '', + '$cats' => '', + '$tags' => '', + '$dend' => '', + '$mid' => '', + '$verb' => '', + '$dbegin' => '' + )); + } + + if($update && ! $load) { + // only setup pagination on initial page view + $pager_sql = ''; + } + else { + $a->set_pager_itemspage(20); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); + } + + require_once('include/identity.php'); + require_once('include/security.php'); + + if(get_config('system','site_firehose')) { + $uids = " and item.uid in ( " . stream_perms_api_uids(PERMS_PUBLIC) . " ) and item_private = 0 and item_wall = 1 "; + } + else { + $sys = get_sys_channel(); + $uids = " and item.uid = " . intval($sys['channel_id']) . " "; + $sql_extra = item_permissions_sql($sys['channel_id']); + $a->data['firehose'] = intval($sys['channel_id']); + } + + + + $page_mode = 'list'; + + $simple_update = (($update) ? " and item.item_unseen = 1 " : ''); + + if($update && $_SESSION['loadtime']) + $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; + if($load) + $simple_update = ''; + + //logger('update: ' . $update . ' load: ' . $load); + + if($update) { + + $ordering = "commented"; + + if($load) { + + // Fetch a page full of parent items for this page + + $r = q("SELECT distinct item.id AS item_id, $ordering FROM item + left join abook on item.author_xchan = abook.abook_xchan + WHERE true $uids $item_normal + AND item.parent = item.id + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets + ORDER BY $ordering DESC $pager_sql " + ); + + + } + elseif($update) { + + $r = q("SELECT distinct item.id AS item_id, $ordering FROM item + left join abook on item.author_xchan = abook.abook_xchan + WHERE true $uids $item_normal + AND item.parent = item.id $simple_update + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets" + ); + $_SESSION['loadtime'] = datetime_convert(); + } + // Then fetch all the children of the parents that are on this page + $parents_str = ''; + $update_unseen = ''; + + if($r) { + + $parents_str = ids_to_querystr($r,'item_id'); + + $items = q("SELECT item.*, item.id AS item_id FROM item + WHERE true $uids $item_normal + AND item.parent IN ( %s ) + $sql_extra ", + dbesc($parents_str) + ); + + xchan_query($items,true,(-1)); + $items = fetch_post_tags($items,true); + $items = conv_sort($items,$ordering); + } + else { + $items = array(); + } + + } + + // fake it + $mode = ('network'); + + $o .= conversation($a,$items,$mode,$update,$page_mode); + + if(($items) && (! $update)) + $o .= alt_pager($a,count($items)); + + return $o; + +}
\ No newline at end of file diff --git a/mod/pubsites.php b/mod/pubsites.php new file mode 100644 index 000000000..62990c70c --- /dev/null +++ b/mod/pubsites.php @@ -0,0 +1,39 @@ +<?php + +function pubsites_content(&$a) { + require_once('include/dir_fns.php'); + $dirmode = intval(get_config('system','directory_mode')); + + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { + $url = z_root() . '/dirsearch'; + } + if(! $url) { + $directory = find_upstream_directory($dirmode); + $url = $directory['url'] . '/dirsearch'; + } + $url .= '/sites'; + + $o .= '<h1>' . t('Public Sites') . '</h1>'; + + $o .= '<div class="descriptive-text">' . + t('The listed sites allow public registration for the $Projectname network. All sites in the network are interlinked so membership on any of them conveys membership in the network as a whole. Some sites may require subscription or provide tiered service plans. The provider links <strong>may</strong> provide additional details.') . '</div>' . EOL; + + $ret = z_fetch_url($url); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) { + $rate_meta = ((local_channel()) ? '<td>' . t('Rate this hub') . '</td>' : ''); + $o .= '<table border="1"><tr><td>' . t('Site URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><td>' . t('Location') . '</td><td>' . t('View hub ratings') . '</td>' . $rate_meta . '</tr>'; + if($j['sites']) { + foreach($j['sites'] as $jj) { + $host = strtolower(substr($jj['url'],strpos($jj['url'],'://')+3)); + $rate_links = ((local_channel()) ? '<td><a href="rate?f=&target=' . $host . '" class="btn-btn-default"><i class="icon-check"></i> ' . t('Rate') . '</a></td>' : ''); + $o .= '<tr><td>' . '<a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url'] . '/register' ) . '" >' . $jj['url'] . '</a>' . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . $jj['location'] . '</td><td><a href="ratings/' . $host . '" class="btn-btn-default"><i class="icon-eye-open"></i> ' . t('View ratings') . '</a></td>' . $rate_links . '</tr>'; + } + } + + $o .= '</table>'; + } + } + return $o; +} diff --git a/mod/randprof.php b/mod/randprof.php new file mode 100644 index 000000000..9817685c8 --- /dev/null +++ b/mod/randprof.php @@ -0,0 +1,12 @@ +<?php + + +function randprof_init(&$a) { + require_once('include/Contact.php'); + $x = random_profile(); + if($x) + goaway(chanlink_url($x)); + + /** FIXME this doesn't work at the moment as a fallback */ + goaway($a->get_baseurl() . '/profile'); +} diff --git a/mod/rate.php b/mod/rate.php new file mode 100644 index 000000000..a3a36b4a9 --- /dev/null +++ b/mod/rate.php @@ -0,0 +1,172 @@ +<?php + + +function rate_init(&$a) { + + if(! local_channel()) + return; + + $channel = $a->get_channel(); + + $target = $_REQUEST['target']; + if(! $target) + return; + + $a->data['target'] = $target; + + if($target) { + $r = q("SELECT * FROM xchan where xchan_hash like '%s' LIMIT 1", + dbesc($target) + ); + if($r) { + $a->poi = $r[0]; + } + else { + $r = q("select * from site where site_url like '%s' ", + dbesc('%' . $target) + ); + if($r) { + $a->data['site'] = $r[0]; + $a->data['site']['site_url'] = strtolower($r[0]['site_url']); + } + } + } + + + return; + +} + + +function rate_post(&$a) { + + if(! local_channel()) + return; + + if(! $a->data['target']) + return; + + if(! $_REQUEST['execute']) + return; + + $channel = $a->get_channel(); + + $rating = intval($_POST['rating']); + if($rating < (-10)) + $rating = (-10); + if($rating > 10) + $rating = 10; + + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); + + $signed = $a->data['target'] . '.' . $rating . '.' . $rating_text; + + $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); + + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", + dbesc($channel['channel_hash']), + dbesc($a->data['target']) + ); + + if($z) { + $record = $z[0]['xlink_id']; + $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' + where xlink_id = %d", + intval($rating), + dbesc($rating_text), + dbesc($sig), + dbesc(datetime_convert()), + intval($record) + ); + } + else { + $w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", + dbesc($channel['channel_hash']), + dbesc($a->data['target']), + intval($rating), + dbesc($rating_text), + dbesc($sig), + dbesc(datetime_convert()) + ); + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", + dbesc($channel['channel_hash']), + dbesc($a->data['target']) + ); + if($z) + $record = $z[0]['xlink_id']; + } + + if($record) { + proc_run('php','include/ratenotif.php','rating',$record); + } + +} + + + +function rate_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + +// if(! $a->data['target']) { +// notice( t('No recipients.') . EOL); +// return; +// } + + $poco_rating = get_config('system','poco_rating_enable'); + if((! $poco_rating) && ($poco_rating !== false)) { + notice('Ratings are disabled on this site.'); + return; + } + + $channel = $a->get_channel(); + + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", + dbesc($channel['channel_hash']), + dbesc($a->data['target']) + ); + if($r) { + $a->data['xlink'] = $r[0]; + $rating_val = $r[0]['xlink_rating']; + $rating_text = $r[0]['xlink_rating_text']; + } + else { + $rating_val = 0; + $rating_text = ''; + } + + // if unset default to enabled + if($poco_rating === false) + $poco_rating = true; + + if($poco_rating) { + $rating = replace_macros(get_markup_template('rating_slider.tpl'),array( + '$min' => -10, + '$val' => $rating_val + )); + } + else { + $rating = false; + } + + $o = replace_macros(get_markup_template('rating_form.tpl'),array( + '$header' => t('Rating'), + '$website' => t('Website:'), + '$site' => (($a->data['site']) ? '<a href="' . $a->data['site']['site_url'] . '" >' . $a->data['site']['site_url'] . '</a>' : ''), + 'target' => $a->data['target'], + '$tgt_name' => (($a->poi && $a->poi['xchan_name']) ? $a->poi['xchan_name'] : sprintf( t('Remote Channel [%s] (not yet known on this site)'), substr($a->data['target'],0,16))), + '$lbl_rating' => t('Rating (this information is public)'), + '$lbl_rating_txt' => t('Optionally explain your rating (this information is public)'), + '$rating_txt' => $rating_text, + '$rating' => $rating, + '$rating_val' => $rating_val, + '$slide' => $slide, + '$submit' => t('Submit') + )); + + return $o; + +}
\ No newline at end of file diff --git a/mod/ratings.php b/mod/ratings.php new file mode 100644 index 000000000..dc98eb238 --- /dev/null +++ b/mod/ratings.php @@ -0,0 +1,110 @@ +<?php + +require_once('include/dir_fns.php'); + +function ratings_init(&$a) { + + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + return; + } + + if(local_channel()) + load_contact_links(local_channel()); + + $dirmode = intval(get_config('system','directory_mode')); + + $x = find_upstream_directory($dirmode); + if($x) + $url = $x['url']; + + $poco_rating = get_config('system','poco_rating_enable'); + // if unset default to enabled + if($poco_rating === false) + $poco_rating = true; + + if(! $poco_rating) + return; + + if(argc() > 1) + $hash = argv(1); + + if(! $hash) { + notice('Must supply a channel identififier.'); + return; + } + + $results = false; + + $x = z_fetch_url($url . '/ratingsearch/' . urlencode($hash)); + + + if($x['success']) + $results = json_decode($x['body'],true); + + + if((! $results) || (! $results['success'])) { + + notice('No results.'); + return; + } + + if(array_key_exists('xchan_hash',$results['target'])) + $a->poi = $results['target']; + + $friends = array(); + $others = array(); + + if($results['ratings']) { + foreach($results['ratings'] as $n) { + if(is_array($a->contacts) && array_key_exists($n['xchan_hash'],$a->contacts)) + $friends[] = $n; + else + $others[] = $n; + } + } + + $a->data = array('target' => $results['target'], 'results' => array_merge($friends,$others)); + + if(! $a->data['results']) { + notice( t('No ratings') . EOL); + } + + return; +} + + + + + +function ratings_content(&$a) { + + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + notice( t('Public access denied.') . EOL); + return; + } + + $poco_rating = get_config('system','poco_rating_enable'); + // if unset default to enabled + if($poco_rating === false) + $poco_rating = true; + + if(! $poco_rating) + return; + + $site_target = ((array_key_exists('target',$a->data) && array_key_exists('site_url',$a->data['target'])) ? + '<a href="' . $a->data['target']['site_url'] . '" >' . $a->data['target']['site_url'] . '</a>' : ''); + + + $o = replace_macros(get_markup_template('prep.tpl'),array( + '$header' => t('Ratings'), + '$rating_lbl' => t('Rating: ' ), + '$website' => t('Website: '), + '$site' => $site_target, + '$rating_text_lbl' => t('Description: '), + '$raters' => $a->data['results'] + )); + + return $o; +} + +
\ No newline at end of file diff --git a/mod/ratingsearch.php b/mod/ratingsearch.php new file mode 100644 index 000000000..9c4f2f827 --- /dev/null +++ b/mod/ratingsearch.php @@ -0,0 +1,69 @@ +<?php + + +function ratingsearch_init(&$a) { + + $ret = array('success' => false); + + $dirmode = intval(get_config('system','directory_mode')); + + if($dirmode == DIRECTORY_MODE_NORMAL) { + $ret['message'] = 'This site is not a directory server.'; + json_return_and_die($ret); + } + + if(argc() > 1) + $hash = argv(1); + + if(! $hash) { + $ret['message'] = 'No channel identifier'; + json_return_and_die($ret); + } + + if(strpos($hash,'@')) { + $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + dbesc($hash) + ); + if($r) + $hash = $r[0]['hubloc_hash']; + } + + $p = q("select * from xchan where xchan_hash like '%s'", + dbesc($hash . '%') + ); + + if($p) + $target = $p[0]['xchan_hash']; + else { + $p = q("select * from site where site_url like '%s' ", + dbesc('%' . $hash) + ); + if($p) { + $target = strtolower($hash); + } + else { + $ret['message'] = 'Rating target not found'; + json_return_and_die($ret); + } + } + + if($p) + $ret['target'] = $p[0]; + + $ret['success'] = true; + + $r = q("select * from xlink left join xchan on xlink_xchan = xchan_hash + where xlink_link = '%s' and xlink_rating != 0 and xlink_static = 1 order by xchan_name asc", + dbesc($target) + ); + + if($r) { + $ret['ratings'] = $r; + } + else + $ret['ratings'] = array(); + + json_return_and_die($ret); + +} + diff --git a/mod/rbmark.php b/mod/rbmark.php new file mode 100644 index 000000000..cbd32098b --- /dev/null +++ b/mod/rbmark.php @@ -0,0 +1,113 @@ +<?php /** @file */ + +require_once('acl_selectors.php'); +require_once('include/crypto.php'); +require_once('include/items.php'); +require_once('include/taxonomy.php'); +require_once('include/conversation.php'); +require_once('include/zot.php'); +require_once('include/bookmarks.php'); + +/** + * remote bookmark + * + * https://yoursite/rbmark?f=&title=&url=&private=&remote_return= + * + * This can be called via either GET or POST, use POST for long body content as suhosin often limits GET parameter length + * + * f= placeholder, often required + * title= link text + * url= URL to bookmark + * ischat=1 if this bookmark is a chatroom + * private= Don't share this link + * remote_return= absolute URL to return after posting is finished + * + */ + +function rbmark_post(&$a) { + if($_POST['submit'] !== t('Save')) + return; + + logger('rbmark_post: ' . print_r($_REQUEST,true)); + + $channel = $a->get_channel(); + + $t = array('url' => escape_tags($_REQUEST['url']),'term' => escape_tags($_REQUEST['title'])); + bookmark_add($channel,$channel,$t,((x($_REQUEST,'private')) ? intval($_REQUEST['private']) : 0), + array('menu_id' => ((x($_REQUEST,'menu_id')) ? intval($_REQUEST['menu_id']) : 0), + 'menu_name' => ((x($_REQUEST,'menu_name')) ? escape_tags($_REQUEST['menu_name']) : ''), + 'ischat' => ((x($_REQUEST['ischat'])) ? intval($_REQUEST['ischat']) : 0) + )); + + goaway(z_root() . '/bookmarks'); + +} + + +function rbmark_content(&$a) { + + $o = ''; + + if(! local_channel()) { + + // The login procedure is going to bugger our $_REQUEST variables + // so save them in the session. + + if(array_key_exists('url',$_REQUEST)) { + $_SESSION['bookmark'] = $_REQUEST; + } + return login(); + } + + // If we have saved rbmark session variables, but nothing in the current $_REQUEST, recover the saved variables + + if((! array_key_exists('url',$_REQUEST)) && (array_key_exists('bookmark',$_SESSION))) { + $_REQUEST = $_SESSION['bookmark']; + unset($_SESSION['bookmark']); + } + + if($_REQUEST['remote_return']) { + $_SESSION['remote_return'] = $_REQUEST['remote_return']; + } + if(argc() > 1 && argv(1) === 'return') { + if($_SESSION['remote_return']) + goaway($_SESSION['remote_return']); + goaway(z_root() . '/bookmarks'); + } + + $channel = $a->get_channel(); + + $m = menu_list($channel,'',MENU_BOOKMARK); + $menus = array(); + if($m) { + $menus = array(0 => ''); + foreach($m as $n) { + $menus[$n['menu_id']] = $n['menu_name']; + } + } + $menu_select = array('menu_id',t('Select a bookmark folder'),false,'',$menus); + + + $o .= replace_macros(get_markup_template('rbmark.tpl'), array( + + '$header' => t('Save Bookmark'), + '$url' => array('url',t('URL of bookmark'),escape_tags($_REQUEST['url'])), + '$title' => array('title',t('Description'),escape_tags($_REQUEST['title'])), + '$ischat' => ((x($_REQUEST,'ischat')) ? intval($_REQUEST['ischat']) : 0), + '$private' => ((x($_REQUEST,'private')) ? intval($_REQUEST['private']) : 0), + '$submit' => t('Save'), + '$menu_name' => array('menu_name',t('Or enter new bookmark folder name'),'',''), + '$menus' => $menu_select + + )); + + + + + + + return $o; + +} + + diff --git a/mod/receive.php b/mod/receive.php new file mode 100644 index 000000000..571f736ed --- /dev/null +++ b/mod/receive.php @@ -0,0 +1,76 @@ +<?php + +/** + * Diaspora endpoint + */ + +require_once('include/crypto.php'); +require_once('include/diaspora.php'); + + +function receive_post(&$a) { + + + $enabled = intval(get_config('system','diaspora_enabled')); + if(! $enabled) { + logger('mod-diaspora: disabled'); + http_status_exit(500); + } + + $public = false; + + if((argc() == 2) && (argv(1) === 'public')) { + $public = true; + } + else { + + if(argc() != 3 || argv(1) !== 'users') + http_status_exit(500); + + $guid = argv(2); + + // Diaspora sites *may* provide a truncated guid. + + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND channel_removed = 0 LIMIT 1", + dbesc($guid . '%') + ); + if(! $r) + http_status_exit(500); + + $importer = $r[0]; + } + + // It is an application/x-www-form-urlencoded that has been urlencoded twice. + + logger('mod-diaspora: receiving post', LOGGER_DEBUG); + + $xml = urldecode($_POST['xml']); + + logger('mod-diaspora: new salmon ' . $xml, LOGGER_DATA); + + if(! $xml) + http_status_exit(500); + + logger('mod-diaspora: message is okay', LOGGER_DEBUG); + + $msg = diaspora_decode($importer,$xml); + + logger('mod-diaspora: decoded', LOGGER_DEBUG); + + logger('mod-diaspora: decoded msg: ' . print_r($msg,true), LOGGER_DATA); + + if(! is_array($msg)) + http_status_exit(500); + + logger('mod-diaspora: dispatching', LOGGER_DEBUG); + + $ret = 0; + if($public) + diaspora_dispatch_public($msg); + else + $ret = diaspora_dispatch($importer,$msg); + + http_status_exit(($ret) ? $ret : 200); + // NOTREACHED +} + diff --git a/mod/regdir.php b/mod/regdir.php new file mode 100644 index 000000000..dce50e76a --- /dev/null +++ b/mod/regdir.php @@ -0,0 +1,103 @@ +<?php + +/** + * With args, register a directory server for this realm. + * With no args, return a JSON array of directory servers for this realm. + * + * @FIXME Not yet implemented: Some realms may require authentication to join their realm. + * The RED_GLOBAL realm does not require authentication. + * We would then need a flag in the site table to indicate that they've been + * validated by the PRIMARY directory for that realm. Sites claiming to be PRIMARY + * but are not the realm PRIMARY will be marked invalid. + * + * @param App &$a + */ +function regdir_init(&$a) { + + $result = array('success' => false); + + $url = $_REQUEST['url']; + $access_token = $_REQUEST['t']; + $valid = 0; + + // we probably don't need the realm as we will find out in the probe. + // What we may want to die is throw an error if you're trying to register in a different realm + // so this configuration issue can be discovered. + + $realm = $_REQUEST['realm']; + if(! $realm) + $realm = DIRECTORY_REALM; + + if($realm === DIRECTORY_REALM) { + $valid = 1; + } else { + $token = get_config('system','realm_token'); + if($token && $access_token != $token) { + $result['message'] = 'This realm requires an access token'; + return; + } + $valid = 1; + } + + $dirmode = intval(get_config('system','directory_mode')); + + if ($dirmode == DIRECTORY_MODE_NORMAL) { + $ret['message'] = t('This site is not a directory server'); + json_return_and_die($ret); + } + + $m = null; + if ($url) { + $m = parse_url($url); + + if ((! $m) || ((! @dns_get_record($m['host'], DNS_A + DNS_CNAME + DNS_PTR)) && (! filter_var($m['host'], FILTER_VALIDATE_IP) ))) { + + $result['message'] = 'unparseable url'; + json_return_and_die($result); + } + + $f = zot_finger('[system]@' . $m['host']); + if($f['success']) { + $j = json_decode($f['body'],true); + if($j['success'] && $j['guid']) { + $x = import_xchan($j); + if($x['success']) { + $result['success'] = true; + } + } + } + + if(! $result['success']) + $valid = 0; + + q("update site set site_valid = %d where site_url = '%s' limit 1", + intval($valid), + strtolower($url) + ); + + json_return_and_die($result); + } else { + + // We can put this in the sql without the condition after 31 august 2015 assuming + // most directory servers will have updated by then + // This just makes sure it happens if I forget + + $sql_extra = ((datetime_convert() > datetime_convert('UTC','UTC','2015-08-31')) ? ' and site_valid = 1 ' : '' ); + if ($dirmode == DIRECTORY_MODE_STANDALONE) { + $r = array(array('site_url' => z_root())); + } else { + $r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s' $sql_extra ", + dbesc(get_directory_realm()) + ); + } + if ($r) { + $result['success'] = true; + $result['directories'] = array(); + foreach ($r as $rr) + $result['directories'][] = $rr['site_url']; + + json_return_and_die($result); + } + } + json_return_and_die($result); +}
\ No newline at end of file diff --git a/mod/register.php b/mod/register.php new file mode 100644 index 000000000..70bdcf350 --- /dev/null +++ b/mod/register.php @@ -0,0 +1,230 @@ +<?php + + +function register_init(&$a) { + + $result = null; + $cmd = ((argc() > 1) ? argv(1) : ''); + + // Provide a stored request for somebody desiring a connection + // when they first need to register someplace. Once they've + // created a channel, we'll try to revive the connection request + // and process it. + + if($_REQUEST['connect']) + $_SESSION['connect'] = $_REQUEST['connect']; + + switch($cmd) { + case 'invite_check.json': + $result = check_account_invite($_REQUEST['invite_code']); + break; + case 'email_check.json': + $result = check_account_email($_REQUEST['email']); + break; + case 'password_check.json': + $result = check_account_password($_REQUEST['password']); + break; + default: + break; + } + if($result) { + json_return_and_die($result); + } +} + + +function register_post(&$a) { + + $max_dailies = intval(get_config('system','max_daily_registrations')); + if($max_dailies) { + $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 day') + ); + if($r && $r[0]['total'] >= $max_dailies) { + notice( t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL); + return; + } + } + + if(! x($_POST,'tos')) { + notice( t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL); + return; + } + + $policy = get_config('system','register_policy'); + + $email_verify = get_config('system','verify_email'); + + + switch($policy) { + + case REGISTER_OPEN: + $flags = ACCOUNT_OK; + break; + + case REGISTER_APPROVE: + $flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING; + break; + + default: + case REGISTER_CLOSED: + if(! is_site_admin()) { + notice( t('Permission denied.') . EOL ); + return; + } + $flags = ACCOUNT_BLOCKED; + break; + } + + if($email_verify && $policy == REGISTER_OPEN) + $flags = $flags | ACCOUNT_UNVERIFIED; + + + if((! $_POST['password']) || ($_POST['password'] !== $_POST['password2'])) { + notice( t('Passwords do not match.') . EOL); + return; + } + + $arr = $_POST; + $arr['account_flags'] = $flags; + + $result = create_account($arr); + + if(! $result['success']) { + notice($result['message']); + return; + } + require_once('include/security.php'); + + + $using_invites = intval(get_config('system','invitation_only')); + $num_invites = intval(get_config('system','number_invites')); + $invite_code = ((x($_POST,'invite_code')) ? notags(trim($_POST['invite_code'])) : ''); + + if($using_invites && $invite_code) { + q("delete * from register where hash = '%s'", dbesc($invite_code)); + set_pconfig($result['account']['account_id'],'system','invites_remaining',$num_invites); + } + + if($policy == REGISTER_OPEN ) { + if($email_verify) { + $res = verify_email_address($result); + } + else { + $res = send_verification_email($result['email'],$result['password']); + } + if($res) { + info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ; + } + } + elseif($policy == REGISTER_APPROVE) { + $res = send_reg_approval_email($result); + if($res) { + info( t('Your registration is pending approval by the site owner.') . EOL ) ; + } + else { + notice( t('Your registration can not be processed.') . EOL); + } + goaway(z_root()); + } + + if($email_verify) { + goaway(z_root()); + } + + authenticate_success($result['account'],true,false,true); + + if(! strlen($next_page = get_config('system','workflow_register_next'))) + $next_page = 'new_channel'; + + $_SESSION['workflow'] = true; + + goaway(z_root() . '/' . $next_page); + +} + + + + + + + +function register_content(&$a) { + + $registration_is = ''; + $other_sites = ''; + + if(get_config('system','register_policy') == REGISTER_CLOSED) { + require_once('mod/pubsites.php'); + return pubsites_content($a); + } + + if(get_config('system','register_policy') == REGISTER_APPROVE) { + $registration_is = t('Registration on this site/hub is by approval only.'); + $other_sites = t('<a href="pubsites">Register at another affiliated site/hub</a>'); + } + + $max_dailies = intval(get_config('system','max_daily_registrations')); + if($max_dailies) { + $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 day') + ); + if($r && $r[0]['total'] >= $max_dailies) { + logger('max daily registrations exceeded.'); + notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL); + return; + } + } + + // Configurable terms of service link + + $tosurl = get_config('system','tos_url'); + if(! $tosurl) + $tosurl = $a->get_baseurl() . '/help/TermsOfService'; + + $toslink = '<a href="' . $tosurl . '" >' . t('Terms of Service') . '</a>'; + + // Configurable whether to restrict age or not - default is based on international legal requirements + // This can be relaxed if you are on a restricted server that does not share with public servers + + if(get_config('system','no_age_restriction')) + $label_tos = sprintf( t('I accept the %s for this website'), $toslink); + else + $label_tos = sprintf( t('I am over 13 years of age and accept the %s for this website'), $toslink); + + $enable_tos = 1 - intval(get_config('system','no_termsofservice')); + + $email = ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : "" ); + $password = ((x($_REQUEST,'password')) ? trim($_REQUEST['password']) : "" ); + $password2 = ((x($_REQUEST,'password2')) ? trim($_REQUEST['password2']) : "" ); + $invite_code = ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "" ); + + + require_once('include/bbcode.php'); + + $o = replace_macros(get_markup_template('register.tpl'), array( + + '$title' => t('Registration'), + '$reg_is' => $registration_is, + '$registertext' => bbcode(get_config('system','register_text')), + '$other_sites' => $other_sites, + '$invitations' => get_config('system','invitation_only'), + '$invite_desc' => t('Membership on this site is by invitation only.'), + '$label_invite' => t('Please enter your invitation code'), + '$invite_code' => $invite_code, + + '$label_email' => t('Your email address'), + '$label_pass1' => t('Choose a password'), + '$label_pass2' => t('Please re-enter your password'), + '$label_tos' => $label_tos, + '$enable_tos' => $enable_tos, + '$email' => $email, + '$pass1' => $password, + '$pass2' => $password2, + '$submit' => t('Register') + )); + + return $o; + +} + diff --git a/mod/regmod.php b/mod/regmod.php new file mode 100644 index 000000000..c0a75ef48 --- /dev/null +++ b/mod/regmod.php @@ -0,0 +1,34 @@ +<?php + + +function regmod_content(&$a) { + + global $lang; + + $_SESSION['return_url'] = $a->cmd; + + if(! local_channel()) { + info( t('Please login.') . EOL); + $o .= '<br /><br />' . login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); + return $o; + } + + if(! is_site_admin()) { + notice( t('Permission denied.') . EOL); + return ''; + } + + if(argc() != 3) + killme(); + + $cmd = argv(1); + $hash = argv(2); + + if($cmd === 'deny') { + if (!user_deny($hash)) killme(); + } + + if($cmd === 'allow') { + if (!user_allow($hash)) killme(); + } +} diff --git a/mod/regver.php b/mod/regver.php new file mode 100644 index 000000000..c3ade2ee1 --- /dev/null +++ b/mod/regver.php @@ -0,0 +1,22 @@ +<?php + +function regver_content(&$a) { + + global $lang; + + $_SESSION['return_url'] = $a->cmd; + + if(argc() != 3) + killme(); + + $cmd = argv(1); + $hash = argv(2); + + if($cmd === 'deny') { + if (!user_deny($hash)) killme(); + } + + if($cmd === 'allow') { + if (!user_approve($hash)) killme(); + } +} diff --git a/mod/removeaccount.php b/mod/removeaccount.php new file mode 100644 index 000000000..f3fa53f75 --- /dev/null +++ b/mod/removeaccount.php @@ -0,0 +1,66 @@ +<?php + +function removeaccount_post(&$a) { + + if(! local_channel()) + return; + + if($_SESSION['delegate']) + return; + + if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password'])))) + return; + + if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify'])))) + return; + + if($_POST['verify'] !== $_SESSION['remove_account_verify']) + return; + + + $account = $a->get_account(); + $account_id = get_account_id(); + + if(! account_verify_password($account['account_email'],$_POST['qxz_password'])) + return; + + if($account['account_password_changed'] != NULL_DATE) { + $d1 = datetime_convert('UTC','UTC','now - 48 hours'); + if($account['account_password_changed'] > d1) { + notice( t('Account removals are not allowed within 48 hours of changing the account password.') . EOL); + return; + } + } + + require_once('include/Contact.php'); + + $global_remove = intval($_POST['global']); + + account_remove($account_id,true); + +} + + + +function removeaccount_content(&$a) { + + if(! local_channel()) + goaway(z_root()); + + $hash = random_string(); + + $_SESSION['remove_account_verify'] = $hash; + $tpl = get_markup_template('removeaccount.tpl'); + $o .= replace_macros($tpl, array( + '$basedir' => $a->get_baseurl(), + '$hash' => $hash, + '$title' => t('Remove This Account'), + '$desc' => array(t('WARNING: '), t('This account and all its channels will be completely removed from the network. '), t('This action is permanent and can not be undone!')), + '$passwd' => t('Please enter your password for verification:'), + '$global' => array('global', t('Remove this account, all its channels and all its channel clones from the network'), false, t('By default only the instances of the channels located on this hub will be removed from the network')), + '$submit' => t('Remove Account') + )); + + return $o; + +} diff --git a/mod/removeme.php b/mod/removeme.php new file mode 100644 index 000000000..b604bc7db --- /dev/null +++ b/mod/removeme.php @@ -0,0 +1,66 @@ +<?php + +function removeme_post(&$a) { + + if(! local_channel()) + return; + + if($_SESSION['delegate']) + return; + + if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password'])))) + return; + + if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify'])))) + return; + + if($_POST['verify'] !== $_SESSION['remove_account_verify']) + return; + + + $account = $a->get_account(); + + if(! account_verify_password($account['account_email'],$_POST['qxz_password'])) + return; + + if($account['account_password_changed'] != NULL_DATE) { + $d1 = datetime_convert('UTC','UTC','now - 48 hours'); + if($account['account_password_changed'] > d1) { + notice( t('Channel removals are not allowed within 48 hours of changing the account password.') . EOL); + return; + } + } + + require_once('include/Contact.php'); + + $global_remove = intval($_POST['global']); + + channel_remove(local_channel(),1 - $global_remove,true); + +} + + + +function removeme_content(&$a) { + + if(! local_channel()) + goaway(z_root()); + + $hash = random_string(); + + $_SESSION['remove_account_verify'] = $hash; + + $tpl = get_markup_template('removeme.tpl'); + $o .= replace_macros($tpl, array( + '$basedir' => $a->get_baseurl(), + '$hash' => $hash, + '$title' => t('Remove This Channel'), + '$desc' => array(t('WARNING: '), t('This channel will be completely removed from the network. '), t('This action is permanent and can not be undone!')), + '$passwd' => t('Please enter your password for verification:'), + '$global' => array('global', t('Remove this channel and all its clones from the network'), false, t('By default only the instance of the channel located on this hub will be removed from the network'), array(t('No'),t('Yes'))), + '$submit' => t('Remove Channel') + )); + + return $o; + +} diff --git a/mod/rmagic.php b/mod/rmagic.php new file mode 100644 index 000000000..597c6ed9c --- /dev/null +++ b/mod/rmagic.php @@ -0,0 +1,90 @@ +<?php + + +function rmagic_init(&$a) { + + if(local_channel()) + goaway(z_root()); + + $me = get_my_address(); + if($me) { + $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", + dbesc($me) + ); + if($r) { + if($r[0]['hubloc_url'] === z_root()) + goaway(z_root() . '/login'); + $dest = z_root() . '/' . str_replace('zid=','zid_=',get_app()->query_string); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&dest=' . $dest); + } + } +} + +function rmagic_post(&$a) { + + $address = trim($_REQUEST['address']); + + if(strpos($address,'@') === false) { + $arr = array('address' => $address); + call_hooks('reverse_magic_auth', $arr); + + try { + require_once('library/openid/openid.php'); + $openid = new LightOpenID(z_root()); + $openid->identity = $address; + $openid->returnUrl = z_root() . '/openid'; + $openid->required = array('namePerson/friendly', 'namePerson'); + $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); + goaway($openid->authUrl()); + } catch (Exception $e) { + notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage()); + } + + // if they're still here... + notice( t('Authentication failed.') . EOL); + return; + } + else { + + // Presumed Red identity. Perform reverse magic auth + + if(strpos($address,'@') === false) { + notice('Invalid address.'); + return; + } + + $r = null; + if($address) { + $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", + dbesc($address) + ); + } + if($r) { + $url = $r[0]['hubloc_url']; + } + else { + $url = 'https://' . substr($address,strpos($address,'@')+1); + } + + if($url) { + if($_SESSION['return_url']) + $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url'])); + else + $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',$a->query_string)); + + goaway($url . '/magic' . '?f=&dest=' . $dest); + } + } +} + + +function rmagic_content(&$a) { + + $o = replace_macros(get_markup_template('rmagic.tpl'),array( + '$title' => t('Remote Authentication'), + '$desc' => t('Enter your channel address (e.g. channel@example.com)'), + '$submit' => t('Authenticate') + )); + return $o; + +}
\ No newline at end of file diff --git a/mod/rpost.php b/mod/rpost.php new file mode 100644 index 000000000..0c0916646 --- /dev/null +++ b/mod/rpost.php @@ -0,0 +1,139 @@ +<?php /** @file */ + +require_once('acl_selectors.php'); +require_once('include/crypto.php'); +require_once('include/items.php'); +require_once('include/taxonomy.php'); +require_once('include/conversation.php'); +require_once('include/zot.php'); + +/** + * remote post + * + * https://yoursite/rpost?f=&title=&body=&remote_return= + * + * This can be called via either GET or POST, use POST for long body content as suhosin often limits GET parameter length + * + * f= placeholder, often required + * title= Title of post + * body= Body of post + * url= URL which will be parsed and the results appended to the body + * source= Source application + * remote_return= absolute URL to return after posting is finished + * type= choices are 'html' or 'bbcode', default is 'bbcode' + * + */ + + + +function rpost_content(&$a) { + + $o = ''; + + if(! local_channel()) { + if(remote_channel()) { + // redirect to your own site. + // We can only do this with a GET request so you'll need to keep the text short or risk getting truncated + // by the wretched beast called 'suhosin'. All the browsers now allow long GET requests, but suhosin + // blocks them. + + $url = get_rpost_path($a->get_observer()); + // make sure we're not looping to our own hub + if(($url) && (! stristr($url, $a->get_hostname()))) { + foreach($_REQUEST as $key => $arg) { + $url .= '&' . $key . '=' . $arg; + } + goaway($url); + } + } + + // The login procedure is going to bugger our $_REQUEST variables + // so save them in the session. + + if(array_key_exists('body',$_REQUEST)) { + $_SESSION['rpost'] = $_REQUEST; + } + return login(); + } + + // If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables + + if((! array_key_exists('body',$_REQUEST)) && (array_key_exists('rpost',$_SESSION))) { + $_REQUEST = $_SESSION['rpost']; + unset($_SESSION['rpost']); + } + + if(array_key_exists('channel',$_REQUEST)) { + $r = q("select channel_id from channel where channel_account_id = %d and channel_address = '%s' limit 1", + intval(get_account_id()), + dbesc($_REQUEST['channel']) + ); + if($r) { + require_once('include/security.php'); + $change = change_channel($r[0]['channel_id']); + } + } + + if($_REQUEST['remote_return']) { + $_SESSION['remote_return'] = $_REQUEST['remote_return']; + } + if(argc() > 1 && argv(1) === 'return') { + if($_SESSION['remote_return']) + goaway($_SESSION['remote_return']); + goaway(z_root() . '/network'); + } + + $plaintext = true; +// if(feature_enabled(local_channel(),'richtext')) +// $plaintext = false; + + if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') { + require_once('include/html2bbcode.php'); + $_REQUEST['body'] = html2bbcode($_REQUEST['body']); + } + + $channel = $a->get_channel(); + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + if($_REQUEST['url']) { + $x = z_fetch_url(z_root() . '/parse_url?f=&url=' . urlencode($_REQUEST['url'])); + if($x['success']) + $_REQUEST['body'] = $_REQUEST['body'] . $x['body']; + } + + $x = array( + 'is_owner' => true, + 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), + 'default_location' => $channel['channel_location'], + 'nickname' => $channel['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] + || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'acl' => populate_acl($channel_acl), + 'bang' => '', + 'visitor' => true, + 'profile_uid' => local_channel(), + 'title' => $_REQUEST['title'], + 'body' => $_REQUEST['body'], + 'attachment' => $_REQUEST['attachment'], + 'source' => ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''), + 'return_path' => 'rpost/return' + ); + + $editor = status_editor($a,$x); + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit post'), + '$editor' => $editor + )); + + return $o; + +} + + diff --git a/mod/rsd_xml.php b/mod/rsd_xml.php new file mode 100644 index 000000000..6fd9514cd --- /dev/null +++ b/mod/rsd_xml.php @@ -0,0 +1,24 @@ +<?php + +// What do we need this for? + +function rsd_xml_content(&$a) { + header ("Content-Type: text/xml"); + echo '<?xml version="1.0" encoding="UTF-8"?> + <rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd"> + <service> + <engineName>Red</engineName> + <engineLink>http://friendica.com/</engineLink> + <apis> + <api name="Twitter" preferred="true" apiLink="'.$a->get_baseurl().'/api/" blogID=""> + <settings> + <docs>http://status.net/wiki/TwitterCompatibleAPI</docs> + <setting name="OAuth">false</setting> + </settings> + </api> + </apis> + </service> + </rsd> + '; +die(); +}
\ No newline at end of file diff --git a/mod/search.php b/mod/search.php new file mode 100644 index 000000000..dceb7d72a --- /dev/null +++ b/mod/search.php @@ -0,0 +1,213 @@ +<?php + +function search_init(&$a) { + if(x($_REQUEST,'search')) + $a->data['search'] = $_REQUEST['search']; +} + + +function search_content(&$a,$update = 0, $load = false) { + + if((get_config('system','block_public')) || (get_config('system','block_public_search'))) { + if ((! local_channel()) && (! remote_channel())) { + notice( t('Public access denied.') . EOL); + return; + } + } + + if($load) + $_SESSION['loadtime'] = datetime_convert(); + + nav_set_selected('search'); + + require_once("include/bbcode.php"); + require_once('include/security.php'); + require_once('include/conversation.php'); + require_once('include/items.php'); + + $format = (($_REQUEST['format']) ? $_REQUEST['format'] : ''); + if($format !== '') { + $update = $load = 1; + } + + $observer = $a->get_observer(); + $observer_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $o = '<div id="live-search"></div>' . "\r\n"; + + $o .= '<h3>' . t('Search') . '</h3>'; + + if(x($a->data,'search')) + $search = trim($a->data['search']); + else + $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); + + $tag = false; + if(x($_GET,'tag')) { + $tag = true; + $search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : ''); + } + + if((! local_channel()) || (! feature_enabled(local_channel(),'savedsearch'))) + $o .= search($search,'search-box','/search',((local_channel()) ? true : false)); + + if(strpos($search,'#') === 0) { + $tag = true; + $search = substr($search,1); + } + if(strpos($search,'@') === 0) { + $search = substr($search,1); + goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); + } + + // look for a naked webbie + if(strpos($search,'@') !== false) { + goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); + } + + if(! $search) + return $o; + + if($tag) { + $sql_extra = sprintf(" AND `item`.`id` IN (select `oid` from term where otype = %d and type = %d and term = '%s') ", + intval(TERM_OBJ_POST), + intval(TERM_HASHTAG), + dbesc(protect_sprintf($search)) + ); + } + else { + $regstr = db_getfunc('REGEXP'); + $sql_extra = sprintf(" AND `item`.`body` $regstr '%s' ", dbesc(protect_sprintf(preg_quote($search)))); + } + + // Here is the way permissions work in the search module... + // Only public posts can be shown + // OR your own posts if you are a logged in member + // No items will be shown if the member has a blocked profile wall. + + if((! $update) && (! $load)) { + + // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, + // because browser prefetching might change it on us. We have to deliver it with the page. + + $o .= '<div id="live-search"></div>' . "\r\n"; + $o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1)) + . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; + + $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + '$baseurl' => z_root(), + '$pgtype' => 'search', + '$uid' => (($a->profile['profile_uid']) ? $a->profile['profile_uid'] : '0'), + '$gid' => '0', + '$cid' => '0', + '$cmin' => '0', + '$cmax' => '0', + '$star' => '0', + '$liked' => '0', + '$conv' => '0', + '$spam' => '0', + '$fh' => '0', + '$nouveau' => '0', + '$wall' => '0', + '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), + '$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1), + '$search' => (($tag) ? urlencode('#') : '') . $search, + '$order' => '', + '$file' => '', + '$cats' => '', + '$tags' => '', + '$mid' => '', + '$verb' => '', + '$dend' => '', + '$dbegin' => '' + )); + + + } + + $item_normal = item_normal(); + $pub_sql = public_permissions_sql($observer_hash); + + require_once('include/identity.php'); + + $sys = get_sys_channel(); + + if(($update) && ($load)) { + $itemspage = get_pconfig(local_channel(),'system','itemspage'); + $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start'])); + + // in case somebody turned off public access to sys channel content with permissions + + if(! perm_is_allowed($sys['channel_id'],$observer_hash,'view_stream')) + $sys['xchan_hash'] .= 'disabled'; + + if($load) { + $r = null; + + if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) { + $prefix = 'distinct on (created, mid)'; + $suffix = 'ORDER BY created DESC, mid'; + } else { + $prefix = 'distinct'; + $suffix = 'group by mid ORDER BY created DESC'; + } + if(local_channel()) { + $r = q("SELECT $prefix mid, item.id as item_id, item.* from item + WHERE ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) + OR ( `item`.`uid` = %d )) OR item.owner_xchan = '%s' ) + $item_normal + $sql_extra + $suffix $pager_sql ", + intval(local_channel()), + dbesc($sys['xchan_hash']) + ); + } + if($r === null) { + $r = q("SELECT $prefix mid, item.id as item_id, item.* from item + WHERE (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' + AND `item`.`deny_gid` = '' AND item_private = 0 ) + and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + $pub_sql ) OR owner_xchan = '%s') + $item_normal + $sql_extra + $suffix $pager_sql", + dbesc($sys['xchan_hash']) + ); + } + } + else { + $r = array(); + } + } + + if($r) { + xchan_query($r); + $items = fetch_post_tags($r,true); + } else { + $items = array(); + } + + + if($format == 'json') { + $result = array(); + require_once('include/conversation.php'); + foreach($items as $item) { + $item['html'] = bbcode($item['body']); + $x = encode_item($item); + $x['html'] = prepare_text($item['body'],$item['mimetype']); + $result[] = $x; + } + json_return_and_die(array('success' => true,'messages' => $result)); + } + + if($tag) + $o .= '<h2>' . sprintf( t('Items tagged with: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>'; + else + $o .= '<h2>' . sprintf( t('Search results for: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>'; + + $o .= conversation($a,$items,'search',$update,'client'); + + return $o; +} + diff --git a/mod/search_ac.php b/mod/search_ac.php new file mode 100644 index 000000000..e42945d43 --- /dev/null +++ b/mod/search_ac.php @@ -0,0 +1,75 @@ +<?php + +// Autocomplete for saved searches. Should probably be put in the same place as the other autocompletes +function search_ac_init(&$a){ + if(!local_channel()) + killme(); + + + $start = (x($_REQUEST,'start')?$_REQUEST['start']:0); + $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); + $search = (x($_REQUEST,'search')?$_REQUEST['search']:""); + + if(x($_REQUEST,'query') && strlen($_REQUEST['query'])) { + $search = $_REQUEST['query']; + } + + // Priority to people searches + + if ($search) { + $people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%". dbesc($search) . "%' "); + $tag_sql_extra = protect_sprintf(" AND term LIKE '%". dbesc($search) . "%' "); + } + + + $r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d + $people_sql_extra + ORDER BY `xchan_name` ASC ", + intval(local_channel()) + ); + + $results = array(); + if($r) { + foreach($r as $g) { + $results[] = array( + "photo" => $g['xchan_photo_s'], + "name" => '@'.$g['xchan_name'], + "id" => $g['abook_id'], + "link" => $g['xchan_url'], + "label" => '', + "nick" => '', + ); + } + } + + $r = q("select distinct term, tid, url from term where type = %d $tag_sql_extra group by term order by term asc", + intval(TERM_HASHTAG) + ); + + if(count($r)) { + foreach($r as $g) { + $results[] = array( + "photo" => $a->get_baseurl() . '/images/hashtag.png', + "name" => '#'.$g['term'], + "id" => $g['tid'], + "link" => $g['url'], + "label" => '', + "nick" => '', + ); + } + } + + header("content-type: application/json"); + $o = array( + 'start' => $start, + 'count' => $count, + 'items' => $results, + ); + echo json_encode($o); + + logger('search_ac: ' . print_r($x,true)); + + killme(); +} + + diff --git a/mod/service_limits.php b/mod/service_limits.php new file mode 100644 index 000000000..ac96668ab --- /dev/null +++ b/mod/service_limits.php @@ -0,0 +1,23 @@ +<?php /** @file */ + + +function service_limits_content(&$a) { + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $account = $a->get_account(); + if($account['account_service_class']) { + $x = get_config('service_class',$account['account_service_class']); + if($x) { + $o = print_r($x,true); + return $o; + } + } + return t('No service class restrictions found.'); +} + + +
\ No newline at end of file diff --git a/mod/settings.php b/mod/settings.php new file mode 100644 index 000000000..f26182dc6 --- /dev/null +++ b/mod/settings.php @@ -0,0 +1,1150 @@ +<?php /** @file */ + +require_once('include/zot.php'); + +function get_theme_config_file($theme){ + + $base_theme = get_app()->theme_info['extends']; + + if (file_exists("view/theme/$theme/php/config.php")){ + return "view/theme/$theme/php/config.php"; + } + if (file_exists("view/theme/$base_theme/php/config.php")){ + return "view/theme/$base_theme/php/config.php"; + } + return null; +} + +function settings_init(&$a) { + if(! local_channel()) + return; + + if($_SESSION['delegate']) + return; + + $a->profile_uid = local_channel(); + + // default is channel settings in the absence of other arguments + + if(argc() == 1) { + // We are setting these values - don't use the argc(), argv() functions here + $a->argc = 2; + $a->argv[] = 'channel'; + } + + + +} + + +function settings_post(&$a) { + + if(! local_channel()) + return; + + if($_SESSION['delegate']) + return; + + $channel = $a->get_channel(); + + logger('mod_settings: ' . print_r($_REQUEST,true)); + + + if((argc() > 1) && (argv(1) === 'oauth') && x($_POST,'remove')){ + check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); + + $key = $_POST['remove']; + q("DELETE FROM tokens WHERE id='%s' AND uid=%d", + dbesc($key), + local_channel()); + goaway($a->get_baseurl(true)."/settings/oauth/"); + return; + } + + if((argc() > 2) && (argv(1) === 'oauth') && (argv(2) === 'edit'||(argv(2) === 'add')) && x($_POST,'submit')) { + + check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); + + $name = ((x($_POST,'name')) ? $_POST['name'] : ''); + $key = ((x($_POST,'key')) ? $_POST['key'] : ''); + $secret = ((x($_POST,'secret')) ? $_POST['secret'] : ''); + $redirect = ((x($_POST,'redirect')) ? $_POST['redirect'] : ''); + $icon = ((x($_POST,'icon')) ? $_POST['icon'] : ''); + $ok = true; + if($name == '') { + $ok = false; + notice( t('Name is required') . EOL); + } + if($key == '' || $secret == '') { + $ok = false; + notice( t('Key and Secret are required') . EOL); + } + + if($ok) { + if ($_POST['submit']==t("Update")){ + $r = q("UPDATE clients SET + client_id='%s', + pw='%s', + name='%s', + redirect_uri='%s', + icon='%s', + uid=%d + WHERE client_id='%s'", + dbesc($key), + dbesc($secret), + dbesc($name), + dbesc($redirect), + dbesc($icon), + intval(local_channel()), + dbesc($key)); + } else { + $r = q("INSERT INTO clients (client_id, pw, name, redirect_uri, icon, uid) + VALUES ('%s','%s','%s','%s','%s',%d)", + dbesc($key), + dbesc($secret), + dbesc($name), + dbesc($redirect), + dbesc($icon), + intval(local_channel()) + ); + $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", + dbesc($key), + intval(local_channel()), + dbesc('all') + ); + } + } + goaway($a->get_baseurl(true)."/settings/oauth/"); + return; + } + + if((argc() > 1) && (argv(1) == 'featured')) { + check_form_security_token_redirectOnErr('/settings/featured', 'settings_featured'); + + call_hooks('feature_settings_post', $_POST); + + if($_POST['dspr-submit']) { + set_pconfig(local_channel(),'system','diaspora_allowed',intval($_POST['dspr_allowed'])); + set_pconfig(local_channel(),'system','diaspora_public_comments',intval($_POST['dspr_pubcomment'])); + set_pconfig(local_channel(),'system','prevent_tag_hijacking',intval($_POST['dspr_hijack'])); + info( t('Diaspora Policy Settings updated.') . EOL); + } + + build_sync_packet(); + return; + } + + + + if((argc() > 1) && (argv(1) === 'features')) { + check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); + + // Build list of features and check which are set + $features = get_features(); + $all_features = array(); + foreach($features as $k => $v) { + foreach($v as $f) + $all_features[] = $f[0]; + } + foreach($all_features as $k) { + if(x($_POST,"feature_$k")) + set_pconfig(local_channel(),'feature',$k, 1); + else + set_pconfig(local_channel(),'feature',$k, 0); + } + build_sync_packet(); + return; + } + + if((argc() > 1) && (argv(1) == 'display')) { + + check_form_security_token_redirectOnErr('/settings/display', 'settings_display'); + + $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : $a->channel['channel_theme']); + $mobile_theme = ((x($_POST,'mobile_theme')) ? notags(trim($_POST['mobile_theme'])) : ''); + $user_scalable = ((x($_POST,'user_scalable')) ? intval($_POST['user_scalable']) : 0); + $nosmile = ((x($_POST,'nosmile')) ? intval($_POST['nosmile']) : 0); + $title_tosource = ((x($_POST,'title_tosource')) ? intval($_POST['title_tosource']) : 0); + $channel_list_mode = ((x($_POST,'channel_list_mode')) ? intval($_POST['channel_list_mode']) : 0); + $network_list_mode = ((x($_POST,'network_list_mode')) ? intval($_POST['network_list_mode']) : 0); + + $channel_divmore_height = ((x($_POST,'channel_divmore_height')) ? intval($_POST['channel_divmore_height']) : 400); + if($channel_divmore_height < 50) + $channel_divmore_height = 50; + $network_divmore_height = ((x($_POST,'network_divmore_height')) ? intval($_POST['network_divmore_height']) : 400); + if($network_divmore_height < 50) + $network_divmore_height = 50; + + $browser_update = ((x($_POST,'browser_update')) ? intval($_POST['browser_update']) : 0); + $browser_update = $browser_update * 1000; + if($browser_update < 10000) + $browser_update = 10000; + + $itemspage = ((x($_POST,'itemspage')) ? intval($_POST['itemspage']) : 20); + if($itemspage > 100) + $itemspage = 100; + + + if ($mobile_theme == "---") + del_pconfig(local_channel(),'system','mobile_theme'); + else { + set_pconfig(local_channel(),'system','mobile_theme',$mobile_theme); + } + + set_pconfig(local_channel(),'system','user_scalable',$user_scalable); + set_pconfig(local_channel(),'system','update_interval', $browser_update); + set_pconfig(local_channel(),'system','itemspage', $itemspage); + set_pconfig(local_channel(),'system','no_smilies',1-intval($nosmile)); + set_pconfig(local_channel(),'system','title_tosource',$title_tosource); + set_pconfig(local_channel(),'system','channel_list_mode', $channel_list_mode); + set_pconfig(local_channel(),'system','network_list_mode', $network_list_mode); + set_pconfig(local_channel(),'system','channel_divmore_height', $channel_divmore_height); + set_pconfig(local_channel(),'system','network_divmore_height', $network_divmore_height); + + if ($theme == $a->channel['channel_theme']){ + // call theme_post only if theme has not been changed + if( ($themeconfigfile = get_theme_config_file($theme)) != null){ + require_once($themeconfigfile); + theme_post($a); + } + } + + $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", + dbesc($theme), + intval(local_channel()) + ); + + call_hooks('display_settings_post', $_POST); + build_sync_packet(); + goaway($a->get_baseurl(true) . '/settings/display' ); + return; // NOTREACHED + } + + + if(argc() > 1 && argv(1) === 'account') { + + check_form_security_token_redirectOnErr('/settings/account', 'settings_account'); + + call_hooks('settings_account', $_POST); + + $errs = array(); + + if((x($_POST,'npassword')) || (x($_POST,'confirm'))) { + + $newpass = $_POST['npassword']; + $confirm = $_POST['confirm']; + + if($newpass != $confirm ) { + $errs[] = t('Passwords do not match. Password unchanged.'); + } + + if((! x($newpass)) || (! x($confirm))) { + $errs[] = t('Empty passwords are not allowed. Password unchanged.'); + } + + if(! $errs) { + $salt = random_string(32); + $password_encoded = hash('whirlpool', $salt . $newpass); + $r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s' + where account_id = %d", + dbesc($salt), + dbesc($password_encoded), + dbesc(datetime_convert()), + intval(get_account_id()) + ); + if($r) + info( t('Password changed.') . EOL); + else + $errs[] = t('Password update failed. Please try again.'); + } + } + + if($errs) { + foreach($errs as $err) + notice($err . EOL); + $errs = array(); + } + + $email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : ''); + $account = $a->get_account(); + if($email != $account['account_email']) { + if(! valid_email($email)) + $errs[] = t('Not valid email.'); + $adm = trim(get_config('system','admin_email')); + if(($adm) && (strcasecmp($email,$adm) == 0)) { + $errs[] = t('Protected email address. Cannot change to that email.'); + $email = $a->user['email']; + } + if(! $errs) { + $r = q("update account set account_email = '%s' where account_id = %d", + dbesc($email), + intval($account['account_id']) + ); + if(! $r) + $errs[] = t('System failure storing new email. Please try again.'); + } + } + + if($errs) { + foreach($errs as $err) + notice($err . EOL); + } + goaway($a->get_baseurl(true) . '/settings/account' ); + } + + + check_form_security_token_redirectOnErr('/settings', 'settings'); + + call_hooks('settings_post', $_POST); + + $set_perms = ''; + + $role = ((x($_POST,'permissions_role')) ? notags(trim($_POST['permissions_role'])) : ''); + $oldrole = get_pconfig(local_channel(),'system','permissions_role'); + + if(($role != $oldrole) || ($role === 'custom')) { + + if($role === 'custom') { + $hide_presence = (((x($_POST,'hide_presence')) && (intval($_POST['hide_presence']) == 1)) ? 1: 0); + $publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); + $def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : ''); + $r = q("update channel set channel_default_group = '%s' where channel_id = %d", + dbesc($def_group), + intval(local_channel()) + ); + + $global_perms = get_perms(); + + foreach($global_perms as $k => $v) { + $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' '; + } + + $str_group_allow = perms2str($_POST['group_allow']); + $str_contact_allow = perms2str($_POST['contact_allow']); + $str_group_deny = perms2str($_POST['group_deny']); + $str_contact_deny = perms2str($_POST['contact_deny']); + $r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' + where channel_id = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval(local_channel()) + ); + } + else { + $role_permissions = get_role_perms($_POST['permissions_role']); + if(! $role_permissions) { + notice('Permissions category could not be found.'); + return; + } + $hide_presence = 1 - (intval($role_permissions['online'])); + if($role_permissions['default_collection']) { + $r = q("select hash from groups where uid = %d and name = '%s' limit 1", + intval(local_channel()), + dbesc( t('Friends') ) + ); + if(! $r) { + require_once('include/group.php'); + group_add(local_channel(), t('Friends')); + group_add_member(local_channel(),t('Friends'),$channel['channel_hash']); + $r = q("select hash from groups where uid = %d and name = '%s' limit 1", + intval(local_channel()), + dbesc( t('Friends') ) + ); + } + if($r) { + q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", + dbesc($r[0]['hash']), + dbesc('<' . $r[0]['hash'] . '>'), + intval(local_channel()) + ); + } + else { + notice( sprintf('Default privacy collection \'%s\' not found. Please create and re-submit permission change.', t('Friends')) . EOL); + return; + } + } + // no default collection + else { + q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', + channel_deny_cid = '' where channel_id = %d", + intval(local_channel()) + ); + } + + $r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1", + intval(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0), + intval(local_channel()) + ); + set_pconfig(local_channel(),'system','autoperms',(($role_permissions['perms_auto']) ? intval($role_permissions['perms_accept']) : 0)); + + foreach($role_permissions as $p => $v) { + if(strpos($p,'channel_') !== false) { + $set_perms .= ', ' . $p . ' = ' . intval($v) . ' '; + } + if($p === 'directory_publish') { + $publish = intval($v); + } + } + } + + set_pconfig(local_channel(),'system','hide_online_status',$hide_presence); + set_pconfig(local_channel(),'system','permissions_role',$role); + } + + $username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : ''); + $timezone = ((x($_POST,'timezone_select')) ? notags(trim($_POST['timezone_select'])) : ''); + $defloc = ((x($_POST,'defloc')) ? notags(trim($_POST['defloc'])) : ''); + $openid = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); + $maxreq = ((x($_POST,'maxreq')) ? intval($_POST['maxreq']) : 0); + $expire = ((x($_POST,'expire')) ? intval($_POST['expire']) : 0); + $evdays = ((x($_POST,'evdays')) ? intval($_POST['evdays']) : 3); + $photo_path = ((x($_POST,'photo_path')) ? escape_tags(trim($_POST['photo_path'])) : ''); + $attach_path = ((x($_POST,'attach_path')) ? escape_tags(trim($_POST['attach_path'])) : ''); + + $channel_menu = ((x($_POST['channel_menu'])) ? htmlspecialchars_decode(trim($_POST['channel_menu']),ENT_QUOTES) : ''); + + $expire_items = ((x($_POST,'expire_items')) ? intval($_POST['expire_items']) : 0); + $expire_starred = ((x($_POST,'expire_starred')) ? intval($_POST['expire_starred']) : 0); + $expire_photos = ((x($_POST,'expire_photos'))? intval($_POST['expire_photos']) : 0); + $expire_network_only = ((x($_POST,'expire_network_only'))? intval($_POST['expire_network_only']) : 0); + + $allow_location = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0); + + + $blocktags = (((x($_POST,'blocktags')) && (intval($_POST['blocktags']) == 1)) ? 0: 1); // this setting is inverted! + $unkmail = (((x($_POST,'unkmail')) && (intval($_POST['unkmail']) == 1)) ? 1: 0); + $cntunkmail = ((x($_POST,'cntunkmail')) ? intval($_POST['cntunkmail']) : 0); + $suggestme = ((x($_POST,'suggestme')) ? intval($_POST['suggestme']) : 0); + + $post_newfriend = (($_POST['post_newfriend'] == 1) ? 1: 0); + $post_joingroup = (($_POST['post_joingroup'] == 1) ? 1: 0); + $post_profilechange = (($_POST['post_profilechange'] == 1) ? 1: 0); + $adult = (($_POST['adult'] == 1) ? 1 : 0); + + $channel = $a->get_channel(); + $pageflags = $channel['channel_pageflags']; + $existing_adult = (($pageflags & PAGE_ADULT) ? 1 : 0); + if($adult != $existing_adult) + $pageflags = ($pageflags ^ PAGE_ADULT); + + + $notify = 0; + + if(x($_POST,'notify1')) + $notify += intval($_POST['notify1']); + if(x($_POST,'notify2')) + $notify += intval($_POST['notify2']); + if(x($_POST,'notify3')) + $notify += intval($_POST['notify3']); + if(x($_POST,'notify4')) + $notify += intval($_POST['notify4']); + if(x($_POST,'notify5')) + $notify += intval($_POST['notify5']); + if(x($_POST,'notify6')) + $notify += intval($_POST['notify6']); + if(x($_POST,'notify7')) + $notify += intval($_POST['notify7']); + if(x($_POST,'notify8')) + $notify += intval($_POST['notify8']); + + + $vnotify = 0; + + if(x($_POST,'vnotify1')) + $vnotify += intval($_POST['vnotify1']); + if(x($_POST,'vnotify2')) + $vnotify += intval($_POST['vnotify2']); + if(x($_POST,'vnotify3')) + $vnotify += intval($_POST['vnotify3']); + if(x($_POST,'vnotify4')) + $vnotify += intval($_POST['vnotify4']); + if(x($_POST,'vnotify5')) + $vnotify += intval($_POST['vnotify5']); + if(x($_POST,'vnotify6')) + $vnotify += intval($_POST['vnotify6']); + if(x($_POST,'vnotify7')) + $vnotify += intval($_POST['vnotify7']); + if(x($_POST,'vnotify8')) + $vnotify += intval($_POST['vnotify8']); + if(x($_POST,'vnotify9')) + $vnotify += intval($_POST['vnotify9']); + if(x($_POST,'vnotify10')) + $vnotify += intval($_POST['vnotify10']); + if(x($_POST,'vnotify11')) + $vnotify += intval($_POST['vnotify11']); + + $always_show_in_notices = x($_POST,'always_show_in_notices') ? 1 : 0; + + $channel = $a->get_channel(); + + $err = ''; + + $name_change = false; + + if($username != $channel['channel_name']) { + $name_change = true; + require_once('include/identity.php'); + $err = validate_channelname($username); + if($err) { + notice($err); + return; + } + } + + if($timezone != $channel['channel_timezone']) { + if(strlen($timezone)) + date_default_timezone_set($timezone); + } + + set_pconfig(local_channel(),'system','use_browser_location',$allow_location); + set_pconfig(local_channel(),'system','suggestme', $suggestme); + set_pconfig(local_channel(),'system','post_newfriend', $post_newfriend); + set_pconfig(local_channel(),'system','post_joingroup', $post_joingroup); + set_pconfig(local_channel(),'system','post_profilechange', $post_profilechange); + set_pconfig(local_channel(),'system','blocktags',$blocktags); + set_pconfig(local_channel(),'system','channel_menu',$channel_menu); + set_pconfig(local_channel(),'system','vnotify',$vnotify); + set_pconfig(local_channel(),'system','always_show_in_notices',$always_show_in_notices); + set_pconfig(local_channel(),'system','evdays',$evdays); + set_pconfig(local_channel(),'system','photo_path',$photo_path); + set_pconfig(local_channel(),'system','attach_path',$attach_path); + + $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d", + dbesc($username), + intval($pageflags), + dbesc($timezone), + dbesc($defloc), + intval($notify), + intval($unkmail), + intval($maxreq), + intval($expire), + intval(local_channel()) + ); + if($r) + info( t('Settings updated.') . EOL); + + if(! is_null($publish)) { + $r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", + intval($publish), + intval(local_channel()) + ); + } + + if($name_change) { + $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", + dbesc($username), + dbesc(datetime_convert()), + dbesc($channel['channel_hash']) + ); + $r = q("update profile set name = '%s' where uid = %d and is_default = 1", + dbesc($username), + intval($channel['channel_id']) + ); + } + + proc_run('php','include/directory.php',local_channel()); + + build_sync_packet(); + + + //$_SESSION['theme'] = $theme; + if($email_changed && $a->config['system']['register_policy'] == REGISTER_VERIFY) { + + // FIXME - set to un-verified, blocked and redirect to logout + // Why? Are we verifying people or email addresses? + + } + + goaway($a->get_baseurl(true) . '/settings' ); + return; // NOTREACHED +} + + + +function settings_content(&$a) { + + $o = ''; + nav_set_selected('settings'); + + + if((! local_channel()) || ($_SESSION['delegate'])) { + notice( t('Permission denied.') . EOL ); + return login(); + } + + + $channel = $a->get_channel(); + if($channel) + head_set_icon($channel['xchan_photo_s']); + + $yes_no = array(t('No'),t('Yes')); + + if((argc() > 1) && (argv(1) === 'oauth')) { + + if((argc() > 2) && (argv(2) === 'add')) { + $tpl = get_markup_template("settings_oauth_edit.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth"), + '$title' => t('Add application'), + '$submit' => t('Submit'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), '', t('Name of application')), + '$key' => array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')), + '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), + '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), + '$icon' => array('icon', t('Icon url'), '', t('Optional')), + )); + return $o; + } + + if((argc() > 3) && (argv(2) === 'edit')) { + $r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", + dbesc(argv(3)), + local_channel()); + + if (!count($r)){ + notice(t("You can't edit this application.")); + return; + } + $app = $r[0]; + + $tpl = get_markup_template("settings_oauth_edit.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth"), + '$title' => t('Add application'), + '$submit' => t('Update'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), $app['name'] , ''), + '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), + '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), + '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), + '$icon' => array('icon', t('Icon url'), $app['icon'], ''), + )); + return $o; + } + + if((argc() > 3) && (argv(2) === 'delete')) { + check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't'); + + $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", + dbesc(argv(3)), + local_channel()); + goaway($a->get_baseurl(true)."/settings/oauth/"); + return; + } + + + $r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my + FROM clients + LEFT JOIN tokens ON clients.client_id=tokens.client_id + WHERE clients.uid IN (%d,0)", + local_channel(), + local_channel()); + + + $tpl = get_markup_template("settings_oauth.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth"), + '$baseurl' => $a->get_baseurl(true), + '$title' => t('Connected Apps'), + '$add' => t('Add application'), + '$edit' => t('Edit'), + '$delete' => t('Delete'), + '$consumerkey' => t('Client key starts with'), + '$noname' => t('No name'), + '$remove' => t('Remove authorization'), + '$apps' => $r, + )); + return $o; + + } + if((argc() > 1) && (argv(1) === 'featured')) { + $settings_addons = ""; + + $o = ''; + $diaspora_enabled = get_config('system','diaspora_enabled'); + + $r = q("SELECT * FROM `hook` WHERE `hook` = 'feature_settings' "); + if((! $r) && (! $diaspora_enabled)) + $settings_addons = t('No feature settings configured'); + + if($diaspora_enabled) { + $dspr_allowed = get_pconfig(local_channel(),'system','diaspora_allowed'); + $pubcomments = get_pconfig(local_channel(),'system','diaspora_public_comments'); + if($pubcomments === false) + $pubcomments = 1; + $hijacking = get_pconfig(local_channel(),'system','prevent_tag_hijacking'); + } + + call_hooks('feature_settings', $settings_addons); + + $tpl = get_markup_template("settings_addons.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_featured"), + '$title' => t('Feature/Addon Settings'), + '$diaspora_enabled' => $diaspora_enabled, + '$dsprdesc' => t('Settings for the built-in Diaspora emulator'), + '$pubcomments' => array('dspr_pubcomment', t('Allow any Diaspora member to comment on your public posts'), $pubcomments, '', $yes_no), + '$dspr_allowed' => array('dspr_allowed', t('Enable the Diaspora protocol for this channel'), $dspr_allowed, '', $yes_no), + '$dsprtitle' => t('Diaspora Policy Settings'), + '$hijacking' => array('dspr_hijack', t('Prevent your hashtags from being redirected to other sites'), $hijacking, '', $yes_no), + '$dsprsubmit' => t('Submit'), + '$settings_addons' => $settings_addons + )); + return $o; + } + + + /* + * ACCOUNT SETTINGS + */ + + + if((argc() > 1) && (argv(1) === 'account')) { + $account_settings = ""; + + call_hooks('account_settings', $account_settings); + + $email = $a->account['account_email']; + + + $tpl = get_markup_template("settings_account.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_account"), + '$title' => t('Account Settings'), + '$password1'=> array('npassword', t('Enter New Password:'), '', ''), + '$password2'=> array('confirm', t('Confirm New Password:'), '', t('Leave password fields blank unless changing')), + '$submit' => t('Submit'), + '$email' => array('email', t('Email Address:'), $email, ''), + '$removeme' => t('Remove Account'), + '$removeaccount' => t('Remove this account including all its channels'), + '$account_settings' => $account_settings + )); + return $o; + } + + + + if((argc() > 1) && (argv(1) === 'features')) { + $arr = array(); + $features = get_features(); + + foreach($features as $fname => $fdata) { + $arr[$fname] = array(); + $arr[$fname][0] = $fdata[0]; + foreach(array_slice($fdata,1) as $f) { + $arr[$fname][1][] = array('feature_' .$f[0],$f[1],((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On'))); + } + } + + $tpl = get_markup_template("settings_features.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_features"), + '$title' => t('Additional Features'), + '$features' => $arr, + '$submit' => t('Submit'), + )); + + return $o; + } + + + + + + if((argc() > 1) && (argv(1) === 'connectors')) { + + $settings_connectors = ""; + + call_hooks('connector_settings', $settings_connectors); + + $r = null; + + $tpl = get_markup_template("settings_connectors.tpl"); + + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_connectors"), + '$title' => t('Connector Settings'), + '$submit' => t('Submit'), + '$settings_connectors' => $settings_connectors + )); + + call_hooks('display_settings', $o); + return $o; + } + + /* + * DISPLAY SETTINGS + */ + + if((argc() > 1) && (argv(1) === 'display')) { + $default_theme = get_config('system','theme'); + if(! $default_theme) + $default_theme = 'default'; + $default_mobile_theme = get_config('system','mobile_theme'); + if(! $mobile_default_theme) + $mobile_default_theme = 'none'; + + $allowed_themes_str = get_config('system','allowed_themes'); + $allowed_themes_raw = explode(',',$allowed_themes_str); + $allowed_themes = array(); + if(count($allowed_themes_raw)) + foreach($allowed_themes_raw as $x) + if(strlen(trim($x)) && is_dir("view/theme/$x")) + $allowed_themes[] = trim($x); + + + $themes = array(); + $files = glob('view/theme/*'); + if($allowed_themes) { + foreach($allowed_themes as $th) { + $f = $th; + $is_experimental = file_exists('view/theme/' . $th . '/experimental'); + $unsupported = file_exists('view/theme/' . $th . '/unsupported'); + $is_mobile = file_exists('view/theme/' . $th . '/mobile'); + $is_library = file_exists('view/theme/'. $th . '/library'); + $mobile_themes["---"] = t("No special theme for mobile devices"); + + if (!$is_experimental or ($is_experimental && (get_config('experimentals','exp_themes')==1 or get_config('experimentals','exp_themes')===false))){ + $theme_name = (($is_experimental) ? sprintf(t('%s - (Experimental)'), $f) : $f); + if (! $is_library) { + if($is_mobile) { + $mobile_themes[$f] = $themes[$f] = $theme_name . ' (' . t('mobile') . ')'; + } + else { + $mobile_themes[$f] = $themes[$f] = $theme_name; + } + } + } + + } + } + $theme_selected = (!x($_SESSION,'theme')? $default_theme : $_SESSION['theme']); + $mobile_theme_selected = (!x($_SESSION,'mobile_theme')? $default_mobile_theme : $_SESSION['mobile_theme']); + + $user_scalable = get_pconfig(local_channel(),'system','user_scalable'); + $user_scalable = (($user_scalable===false)? '1': $user_scalable); // default if not set: 1 + + $browser_update = intval(get_pconfig(local_channel(), 'system','update_interval')); + $browser_update = (($browser_update == 0) ? 80 : $browser_update / 1000); // default if not set: 40 seconds + + $itemspage = intval(get_pconfig(local_channel(), 'system','itemspage')); + $itemspage = (($itemspage > 0 && $itemspage < 101) ? $itemspage : 20); // default if not set: 20 items + + $nosmile = get_pconfig(local_channel(),'system','no_smilies'); + $nosmile = (($nosmile===false)? '0': $nosmile); // default if not set: 0 + + $title_tosource = get_pconfig(local_channel(),'system','title_tosource'); + $title_tosource = (($title_tosource===false)? '0': $title_tosource); // default if not set: 0 + + $theme_config = ""; + if( ($themeconfigfile = get_theme_config_file($theme_selected)) != null){ + require_once($themeconfigfile); + $theme_config = theme_content($a); + } + + $tpl = get_markup_template("settings_display.tpl"); + $o = replace_macros($tpl, array( + '$ptitle' => t('Display Settings'), + '$d_tset' => t('Theme Settings'), + '$d_ctset' => t('Custom Theme Settings'), + '$d_cset' => t('Content Settings'), + '$form_security_token' => get_form_security_token("settings_display"), + '$submit' => t('Submit'), + '$baseurl' => $a->get_baseurl(true), + '$uid' => local_channel(), + + '$theme' => (($themes) ? array('theme', t('Display Theme:'), $theme_selected, '', $themes, 'preview') : false), + '$mobile_theme' => (($mobile_themes) ? array('mobile_theme', t('Mobile Theme:'), $mobile_theme_selected, '', $mobile_themes, '') : false), + '$user_scalable' => array('user_scalable', t("Enable user zoom on mobile devices"), $user_scalable, '', $yes_no), + '$ajaxint' => array('browser_update', t("Update browser every xx seconds"), $browser_update, t('Minimum of 10 seconds, no maximum')), + '$itemspage' => array('itemspage', t("Maximum number of conversations to load at any time:"), $itemspage, t('Maximum of 100 items')), + '$nosmile' => array('nosmile', t("Show emoticons (smilies) as images"), 1-intval($nosmile), '', $yes_no), + '$title_tosource' => array('title_tosource', t("Link post titles to source"), $title_tosource, '', $yes_no), + '$layout_editor' => t('System Page Layout Editor - (advanced)'), + '$theme_config' => $theme_config, + '$expert' => feature_enabled(local_channel(),'expert'), + '$channel_list_mode' => array('channel_list_mode', t('Use blog/list mode on channel page'), get_pconfig(local_channel(),'system','channel_list_mode'), t('(comments displayed separately)'), $yes_no), + '$network_list_mode' => array('network_list_mode', t('Use blog/list mode on matrix page'), get_pconfig(local_channel(),'system','network_list_mode'), t('(comments displayed separately)'), $yes_no), + '$channel_divmore_height' => array('channel_divmore_height', t('Channel page max height of content (in pixels)'), ((get_pconfig(local_channel(),'system','channel_divmore_height')) ? get_pconfig(local_channel(),'system','channel_divmore_height') : 400), t('click to expand content exceeding this height')), + '$network_divmore_height' => array('network_divmore_height', t('Matrix page max height of content (in pixels)'), ((get_pconfig(local_channel(),'system','network_divmore_height')) ? get_pconfig(local_channel(),'system','network_divmore_height') : 400) , t('click to expand content exceeding this height')), + + + )); + + return $o; + } + + + + + + if(argv(1) === 'channel') { + + require_once('include/acl_selectors.php'); + require_once('include/permissions.php'); + + + $p = q("SELECT * FROM `profile` WHERE `is_default` = 1 AND `uid` = %d LIMIT 1", + intval(local_channel()) + ); + if(count($p)) + $profile = $p[0]; + + load_pconfig(local_channel(),'expire'); + + $channel = $a->get_channel(); + + + $global_perms = get_perms(); + + $permiss = array(); + + $perm_opts = array( + array( t('Nobody except yourself'), 0), + array( t('Only those you specifically allow'), PERMS_SPECIFIC), + array( t('Approved connections'), PERMS_CONTACTS), + array( t('Any connections'), PERMS_PENDING), + array( t('Anybody on this website'), PERMS_SITE), + array( t('Anybody in this network'), PERMS_NETWORK), + array( t('Anybody authenticated'), PERMS_AUTHED), + array( t('Anybody on the internet'), PERMS_PUBLIC) + ); + + + foreach($global_perms as $k => $perm) { + $options = array(); + foreach($perm_opts as $opt) { + if((! $perm[2]) && $opt[1] == PERMS_PUBLIC) + continue; + $options[$opt[1]] = $opt[0]; + } + $permiss[] = array($k,$perm[3],$channel[$perm[0]],$perm[4],$options); + } + + +// logger('permiss: ' . print_r($permiss,true)); + + + + $username = $channel['channel_name']; + $nickname = $channel['channel_address']; + $timezone = $channel['channel_timezone']; + $notify = $channel['channel_notifyflags']; + $defloc = $channel['channel_location']; + + $maxreq = $channel['channel_max_friend_req']; + $expire = $channel['channel_expire_days']; + $adult_flag = intval($channel['channel_pageflags'] & PAGE_ADULT); + +// $unkmail = $a->user['unkmail']; +// $cntunkmail = $a->user['cntunkmail']; + + $hide_presence = intval(get_pconfig(local_channel(), 'system','hide_online_status')); + + + $expire_items = get_pconfig(local_channel(), 'expire','items'); + $expire_items = (($expire_items===false)? '1' : $expire_items); // default if not set: 1 + + $expire_notes = get_pconfig(local_channel(), 'expire','notes'); + $expire_notes = (($expire_notes===false)? '1' : $expire_notes); // default if not set: 1 + + $expire_starred = get_pconfig(local_channel(), 'expire','starred'); + $expire_starred = (($expire_starred===false)? '1' : $expire_starred); // default if not set: 1 + + $expire_photos = get_pconfig(local_channel(), 'expire','photos'); + $expire_photos = (($expire_photos===false)? '0' : $expire_photos); // default if not set: 0 + + $expire_network_only = get_pconfig(local_channel(), 'expire','network_only'); + $expire_network_only = (($expire_network_only===false)? '0' : $expire_network_only); // default if not set: 0 + + + $suggestme = get_pconfig(local_channel(), 'system','suggestme'); + $suggestme = (($suggestme===false)? '0': $suggestme); // default if not set: 0 + + $post_newfriend = get_pconfig(local_channel(), 'system','post_newfriend'); + $post_newfriend = (($post_newfriend===false)? '0': $post_newfriend); // default if not set: 0 + + $post_joingroup = get_pconfig(local_channel(), 'system','post_joingroup'); + $post_joingroup = (($post_joingroup===false)? '0': $post_joingroup); // default if not set: 0 + + $post_profilechange = get_pconfig(local_channel(), 'system','post_profilechange'); + $post_profilechange = (($post_profilechange===false)? '0': $post_profilechange); // default if not set: 0 + + $blocktags = get_pconfig(local_channel(),'system','blocktags'); + $blocktags = (($blocktags===false) ? '0' : $blocktags); + + $timezone = date_default_timezone_get(); + + $opt_tpl = get_markup_template("field_checkbox.tpl"); + if(get_config('system','publish_all')) { + $profile_in_dir = '<input type="hidden" name="profile_in_directory" value="1" />'; + } + else { + $profile_in_dir = replace_macros($opt_tpl,array( + '$field' => array('profile_in_directory', t('Publish your default profile in the network directory'), $profile['publish'], '', $yes_no), + )); + } + + $suggestme = replace_macros($opt_tpl,array( + '$field' => array('suggestme', t('Allow us to suggest you as a potential friend to new members?'), $suggestme, '', $yes_no), + + )); + + $subdir = ((strlen($a->get_path())) ? '<br />' . t('or') . ' ' . $a->get_baseurl(true) . '/channel/' . $nickname : ''); + + $tpl_addr = get_markup_template("settings_nick_set.tpl"); + + $prof_addr = replace_macros($tpl_addr,array( + '$desc' => t('Your channel address is'), + '$nickname' => $nickname, + '$subdir' => $subdir, + '$basepath' => $a->get_hostname() + )); + + $stpl = get_markup_template('settings.tpl'); + + $celeb = false; + + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + require_once('include/group.php'); + $group_select = mini_group_select(local_channel(),$channel['channel_default_group']); + + require_once('include/menu.php'); + $m1 = menu_list(local_channel()); + $menu = false; + if($m1) { + $menu = array(); + $current = get_pconfig(local_channel(),'system','channel_menu'); + $menu[] = array('name' => '', 'selected' => ((! $current) ? true : false)); + foreach($m1 as $m) { + $menu[] = array('name' => htmlspecialchars($m['menu_name'],ENT_COMPAT,'UTF-8'), 'selected' => (($m['menu_name'] === $current) ? ' selected="selected" ' : false)); + } + } + + $evdays = get_pconfig(local_channel(),'system','evdays'); + if(! $evdays) + $evdays = 3; + + $permissions_role = get_pconfig(local_channel(),'system','permissions_role'); + if(! $permissions_role) + $permissions_role = 'custom'; + + $permissions_set = (($permissions_role != 'custom') ? true : false); + $vnotify = get_pconfig(local_channel(),'system','vnotify'); + $always_show_in_notices = get_pconfig(local_channel(),'system','always_show_in_notices'); + if($vnotify === false) + $vnotify = (-1); + + $o .= replace_macros($stpl,array( + '$ptitle' => t('Channel Settings'), + + '$submit' => t('Submit'), + '$baseurl' => $a->get_baseurl(true), + '$uid' => local_channel(), + '$form_security_token' => get_form_security_token("settings"), + '$nickname_block' => $prof_addr, + '$h_basic' => t('Basic Settings'), + '$username' => array('username', t('Full Name:'), $username,''), + '$email' => array('email', t('Email Address:'), $email, ''), + '$timezone' => array('timezone_select' , t('Your Timezone:'), $timezone, '', get_timezones()), + '$defloc' => array('defloc', t('Default Post Location:'), $defloc, t('Geographical location to display on your posts')), + '$allowloc' => array('allow_location', t('Use Browser Location:'), ((get_pconfig(local_channel(),'system','use_browser_location')) ? 1 : ''), '', $yes_no), + + '$adult' => array('adult', t('Adult Content'), $adult_flag, t('This channel frequently or regularly publishes adult content. (Please tag any adult material and/or nudity with #NSFW)'), $yes_no), + + '$h_prv' => t('Security and Privacy Settings'), + '$permissions_set' => $permissions_set, + '$perms_set_msg' => t('Your permissions are already configured. Click to view/adjust'), + + '$hide_presence' => array('hide_presence', t('Hide my online presence'),$hide_presence, t('Prevents displaying in your profile that you are online'), $yes_no), + + '$lbl_pmacro' => t('Simple Privacy Settings:'), + '$pmacro3' => t('Very Public - <em>extremely permissive (should be used with caution)</em>'), + '$pmacro2' => t('Typical - <em>default public, privacy when desired (similar to social network permissions but with improved privacy)</em>'), + '$pmacro1' => t('Private - <em>default private, never open or public</em>'), + '$pmacro0' => t('Blocked - <em>default blocked to/from everybody</em>'), + '$permiss_arr' => $permiss, + '$blocktags' => array('blocktags',t('Allow others to tag your posts'), 1-$blocktags, t('Often used by the community to retro-actively flag inappropriate content'), $yes_no), + + '$lbl_p2macro' => t('Advanced Privacy Settings'), + + '$expire' => array('expire',t('Expire other channel content after this many days'),$expire,t('0 or blank prevents expiration')), + '$maxreq' => array('maxreq', t('Maximum Friend Requests/Day:'), intval($channel['channel_max_friend_req']) , t('May reduce spam activity')), + '$permissions' => t('Default Post Permissions'), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($perm_defaults,false), + '$suggestme' => $suggestme, + '$group_select' => $group_select, + '$role' => array('permissions_role' , t('Channel permissions category:'), $permissions_role, '', get_roles()), + + '$profile_in_dir' => $profile_in_dir, + '$hide_friends' => $hide_friends, + '$hide_wall' => $hide_wall, + '$unkmail' => $unkmail, + '$cntunkmail' => array('cntunkmail', t('Maximum private messages per day from unknown people:'), intval($channel['channel_max_anon_mail']) ,t("Useful to reduce spamming")), + + + '$h_not' => t('Notification Settings'), + '$activity_options' => t('By default post a status message when:'), + '$post_newfriend' => array('post_newfriend', t('accepting a friend request'), $post_newfriend, '', $yes_no), + '$post_joingroup' => array('post_joingroup', t('joining a forum/community'), $post_joingroup, '', $yes_no), + '$post_profilechange' => array('post_profilechange', t('making an <em>interesting</em> profile change'), $post_profilechange, '', $yes_no), + '$lbl_not' => t('Send a notification email when:'), + '$notify1' => array('notify1', t('You receive a connection request'), ($notify & NOTIFY_INTRO), NOTIFY_INTRO, '', $yes_no), + '$notify2' => array('notify2', t('Your connections are confirmed'), ($notify & NOTIFY_CONFIRM), NOTIFY_CONFIRM, '', $yes_no), + '$notify3' => array('notify3', t('Someone writes on your profile wall'), ($notify & NOTIFY_WALL), NOTIFY_WALL, '', $yes_no), + '$notify4' => array('notify4', t('Someone writes a followup comment'), ($notify & NOTIFY_COMMENT), NOTIFY_COMMENT, '', $yes_no), + '$notify5' => array('notify5', t('You receive a private message'), ($notify & NOTIFY_MAIL), NOTIFY_MAIL, '', $yes_no), + '$notify6' => array('notify6', t('You receive a friend suggestion'), ($notify & NOTIFY_SUGGEST), NOTIFY_SUGGEST, '', $yes_no), + '$notify7' => array('notify7', t('You are tagged in a post'), ($notify & NOTIFY_TAGSELF), NOTIFY_TAGSELF, '', $yes_no), + '$notify8' => array('notify8', t('You are poked/prodded/etc. in a post'), ($notify & NOTIFY_POKE), NOTIFY_POKE, '', $yes_no), + + + '$lbl_vnot' => t('Show visual notifications including:'), + + '$vnotify1' => array('vnotify1', t('Unseen matrix activity'), ($vnotify & VNOTIFY_NETWORK), VNOTIFY_NETWORK, '', $yes_no), + '$vnotify2' => array('vnotify2', t('Unseen channel activity'), ($vnotify & VNOTIFY_CHANNEL), VNOTIFY_CHANNEL, '', $yes_no), + '$vnotify3' => array('vnotify3', t('Unseen private messages'), ($vnotify & VNOTIFY_MAIL), VNOTIFY_MAIL, t('Recommended'), $yes_no), + '$vnotify4' => array('vnotify4', t('Upcoming events'), ($vnotify & VNOTIFY_EVENT), VNOTIFY_EVENT, '', $yes_no), + '$vnotify5' => array('vnotify5', t('Events today'), ($vnotify & VNOTIFY_EVENTTODAY), VNOTIFY_EVENTTODAY, '', $yes_no), + '$vnotify6' => array('vnotify6', t('Upcoming birthdays'), ($vnotify & VNOTIFY_BIRTHDAY), VNOTIFY_BIRTHDAY, t('Not available in all themes'), $yes_no), + '$vnotify7' => array('vnotify7', t('System (personal) notifications'), ($vnotify & VNOTIFY_SYSTEM), VNOTIFY_SYSTEM, '', $yes_no), + '$vnotify8' => array('vnotify8', t('System info messages'), ($vnotify & VNOTIFY_INFO), VNOTIFY_INFO, t('Recommended'), $yes_no), + '$vnotify9' => array('vnotify9', t('System critical alerts'), ($vnotify & VNOTIFY_ALERT), VNOTIFY_ALERT, t('Recommended'), $yes_no), + '$vnotify10' => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended'), $yes_no), + '$vnotify11' => array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no), + '$always_show_in_notices' => array('always_show_in_notices', t('Also show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no), + + '$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')), + + '$h_advn' => t('Advanced Account/Page Type Settings'), + '$h_descadvn' => t('Change the behaviour of this account for special situations'), + '$pagetype' => $pagetype, + '$expert' => feature_enabled(local_channel(),'expert'), + '$hint' => t('Please enable expert mode (in <a href="settings/features">Settings > Additional features</a>) to adjust!'), + '$lbl_misc' => t('Miscellaneous Settings'), + '$photo_path' => array('photo_path', t('Default photo upload folder'), get_pconfig(local_channel(),'system','photo_path'), '%Y - current year, %m - current month'), + '$attach_path' => array('attach_path', t('Default file upload folder'), get_pconfig(local_channel(),'system','attach_path'), '%Y - current year, %m - current month'), + '$menus' => $menu, + '$menu_desc' => t('Personal menu to display in your channel pages'), + '$removeme' => t('Remove Channel'), + '$removechannel' => t('Remove this channel.'), + )); + + call_hooks('settings_form',$o); + + $o .= '</form>' . "\r\n"; + + return $o; + } +} + diff --git a/mod/setup.php b/mod/setup.php new file mode 100755 index 000000000..d88cf73f1 --- /dev/null +++ b/mod/setup.php @@ -0,0 +1,734 @@ +<?php +/** + * @file mod/setup.php + * + * Controller for the initial setup/installation. + * + * @todo This setup module could need some love and improvements. + */ + +$install_wizard_pass = 1; + +/** + * @brief Initialisation for the setup module. + * + * @param[in,out] App &$a + */ +function setup_init(&$a){ + + // Ensure that if somebody hasn't read the install documentation and doesn't have all + // the required modules or has a totally borked shared hosting provider and they can't + // figure out what the hell is going on - that we at least spit out an error message which + // we can inquire about when they write to tell us that our software doesn't work. + + // The worst thing we can do at this point is throw a white screen of death and rely on + // them knowing about servers and php modules and logfiles enough so that we can guess + // at the source of the problem. As ugly as it may be, we need to throw a technically worded + // PHP error message in their face. Once installation is complete application errors will + // throw a white screen because these error messages divulge information which can + // potentially be useful to hackers. + + error_reporting(E_ERROR | E_WARNING | E_PARSE ); + ini_set('log_errors', '0'); + ini_set('display_errors', '1'); + + // $baseurl/setup/testrwrite to test if rewite in .htaccess is working + if (argc() == 2 && argv(1) == "testrewrite") { + echo 'ok'; + killme(); + } + + global $install_wizard_pass; + if (x($_POST, 'pass')) + $install_wizard_pass = intval($_POST['pass']); +} + +/** + * @brief Handle the actions of the different setup steps. + * + * @param[in,out] App &$a + */ +function setup_post(&$a) { + global $install_wizard_pass, $db; + + switch($install_wizard_pass) { + case 1: + case 2: + return; + break; // just in case return don't return :) + case 3: + $urlpath = $a->get_path(); + $dbhost = trim($_POST['dbhost']); + $dbport = intval(trim($_POST['dbport'])); + $dbuser = trim($_POST['dbuser']); + $dbpass = trim($_POST['dbpass']); + $dbdata = trim($_POST['dbdata']); + $dbtype = intval(trim($_POST['dbtype'])); + $phpath = trim($_POST['phpath']); + $adminmail = trim($_POST['adminmail']); + $siteurl = trim($_POST['siteurl']); + + require_once('include/dba/dba_driver.php'); + unset($db); + $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); + + if(! $db->connected) { + echo 'Database Connect failed: ' . $db->error; + killme(); + $a->data['db_conn_failed']=true; + } + /*if(get_db_errno()) { + unset($db); + $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, '', true); + + if(! get_db_errno()) { + $r = q("CREATE DATABASE '%s'", + dbesc($dbdata) + ); + if($r) { + unset($db); + $db = new dba($dbhost, $dbport, $dbuser, $dbpass, $dbdata, true); + } else { + $a->data['db_create_failed']=true; + } + } else { + $a->data['db_conn_failed']=true; + return; + } + }*/ + //if(get_db_errno()) { + + //} + + return; + break; + case 4: + $urlpath = $a->get_path(); + $dbhost = notags(trim($_POST['dbhost'])); + $dbport = intval(notags(trim($_POST['dbport']))); + $dbuser = notags(trim($_POST['dbuser'])); + $dbpass = notags(trim($_POST['dbpass'])); + $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); + $phpath = notags(trim($_POST['phpath'])); + $timezone = notags(trim($_POST['timezone'])); + $adminmail = notags(trim($_POST['adminmail'])); + $siteurl = notags(trim($_POST['siteurl'])); + + if($siteurl != z_root()) { + $test = z_fetch_url($siteurl."/setup/testrewrite"); + if((! $test['success']) || ($test['body'] != 'ok')) { + $a->data['url_fail'] = true; + $a->data['url_error'] = $test['error']; + return; + } + } + + // connect to db + $db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); + + if(! $db->connected) { + echo 'CRITICAL: DB not connected.'; + killme(); + } + + $tpl = get_intltext_template('htconfig.tpl'); + $txt = replace_macros($tpl,array( + '$dbhost' => $dbhost, + '$dbport' => $dbport, + '$dbuser' => $dbuser, + '$dbpass' => $dbpass, + '$dbdata' => $dbdata, + '$dbtype' => $dbtype, + '$timezone' => $timezone, + '$siteurl' => $siteurl, + '$site_id' => random_string(), + '$phpath' => $phpath, + '$adminmail' => $adminmail + )); + + $result = file_put_contents('.htconfig.php', $txt); + if(! $result) { + $a->data['txt'] = $txt; + } + + $errors = load_database($db); + + if($errors) + $a->data['db_failed'] = $errors; + else + $a->data['db_installed'] = true; + + return; + break; + } +} + +function get_db_errno() { + if(class_exists('mysqli')) + return mysqli_connect_errno(); + else + return mysql_errno(); +} + +/** + * @brief Get output for the setup page. + * + * Depending on the state we are currently in it returns different content. + * + * @param App &$a + * @return string parsed HTML output + */ +function setup_content(&$a) { + global $install_wizard_pass, $db; + + $o = ''; + $wizard_status = ''; + $install_title = t('$Projectname Server - Setup'); + + if(x($a->data, 'db_conn_failed')) { + $install_wizard_pass = 2; + $wizard_status = t('Could not connect to database.'); + } + if(x($a->data, 'url_fail')) { + $install_wizard_pass = 3; + $wizard_status = t('Could not connect to specified site URL. Possible SSL certificate or DNS issue.'); + if($a->data['url_error']) + $wizard_status .= ' ' . $a->data['url_error']; + } + + if(x($a->data, 'db_create_failed')) { + $install_wizard_pass = 2; + $wizard_status = t('Could not create table.'); + } + $db_return_text = ''; + if(x($a->data, 'db_installed')) { + $txt = '<p style="font-size: 130%;">'; + $txt .= t('Your site database has been installed.') . EOL; + $db_return_text .= $txt; + } + if(x($a->data, 'db_failed')) { + $txt = t('You may need to import the file "install/schema_xxx.sql" manually using a database client.') . EOL; + $txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ; + $txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ; + $db_return_text .= $txt; + } + if($db && $db->connected) { + $r = q("SELECT COUNT(*) as `total` FROM `account`"); + if($r && count($r) && $r[0]['total']) { + $tpl = get_markup_template('install.tpl'); + return replace_macros($tpl, array( + '$title' => $install_title, + '$pass' => '', + '$status' => t('Permission denied.'), + '$text' => '', + )); + } + } + + if(x($a->data, 'txt') && strlen($a->data['txt'])) { + $db_return_text .= manual_config($a); + } + + if ($db_return_text != "") { + $tpl = get_markup_template('install.tpl'); + return replace_macros($tpl, array( + '$title' => $install_title, + '$pass' => '', + '$text' => $db_return_text . what_next(), + )); + } + + switch ($install_wizard_pass){ + case 1: { // System check + + $checks = array(); + + check_funcs($checks); + + check_htconfig($checks); + + check_store($checks); + + check_smarty3($checks); + + check_keys($checks); + + if (x($_POST, 'phpath')) + $phpath = notags(trim($_POST['phpath'])); + + check_php($phpath, $checks); + + check_phpconfig($checks); + + check_htaccess($checks); + + function check_passed($v, $c) { + if ($c['required']) + $v = $v && $c['status']; + + return $v; + } + $checkspassed = array_reduce($checks, "check_passed", true); + + $tpl = get_markup_template('install_checks.tpl'); + $o .= replace_macros($tpl, array( + '$title' => $install_title, + '$pass' => t('System check'), + '$checks' => $checks, + '$passed' => $checkspassed, + '$see_install' => t('Please see the file "install/INSTALL.txt".'), + '$next' => t('Next'), + '$reload' => t('Check again'), + '$phpath' => $phpath, + '$baseurl' => $a->get_baseurl(), + )); + return $o; + }; break; + + case 2: { // Database config + + $dbhost = ((x($_POST,'dbhost')) ? notags(trim($_POST['dbhost'])) : 'localhost'); + $dbuser = notags(trim($_POST['dbuser'])); + $dbport = intval(notags(trim($_POST['dbport']))); + $dbpass = notags(trim($_POST['dbpass'])); + $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); + $phpath = notags(trim($_POST['phpath'])); + $adminmail = notags(trim($_POST['adminmail'])); + $siteurl = notags(trim($_POST['siteurl'])); + + $tpl = get_markup_template('install_db.tpl'); + $o .= replace_macros($tpl, array( + '$title' => $install_title, + '$pass' => t('Database connection'), + '$info_01' => t('In order to install $Projectname we need to know how to connect to your database.'), + '$info_02' => t('Please contact your hosting provider or site administrator if you have questions about these settings.'), + '$info_03' => t('The database you specify below should already exist. If it does not, please create it before continuing.'), + + '$status' => $wizard_status, + + '$dbhost' => array('dbhost', t('Database Server Name'), $dbhost, t('Default is localhost')), + '$dbport' => array('dbport', t('Database Port'), $dbport, t('Communication port number - use 0 for default')), + '$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''), + '$dbpass' => array('dbpass', t('Database Login Password'), $dbpass, ''), + '$dbdata' => array('dbdata', t('Database Name'), $dbdata, ''), + '$dbtype' => array('dbtype', t('Database Type'), $dbtype, '', array( 0=>'MySQL', 1=>'PostgreSQL' )), + + '$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')), + '$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')), + + '$lbl_10' => t('Please select a default timezone for your website'), + + '$baseurl' => $a->get_baseurl(), + + '$phpath' => $phpath, + + '$submit' => t('Submit'), + )); + return $o; + }; break; + case 3: { // Site settings + require_once('include/datetime.php'); + $dbhost = ((x($_POST,'dbhost')) ? notags(trim($_POST['dbhost'])) : 'localhost'); + $dbport = intval(notags(trim($_POST['dbuser']))); + $dbuser = notags(trim($_POST['dbuser'])); + $dbpass = notags(trim($_POST['dbpass'])); + $dbdata = notags(trim($_POST['dbdata'])); + $dbtype = intval(notags(trim($_POST['dbtype']))); + $phpath = notags(trim($_POST['phpath'])); + + $adminmail = notags(trim($_POST['adminmail'])); + $siteurl = notags(trim($_POST['siteurl'])); + $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles'); + + $tpl = get_markup_template('install_settings.tpl'); + $o .= replace_macros($tpl, array( + '$title' => $install_title, + '$pass' => t('Site settings'), + '$status' => $wizard_status, + + '$dbhost' => $dbhost, + '$dbport' => $dbport, + '$dbuser' => $dbuser, + '$dbpass' => $dbpass, + '$dbdata' => $dbdata, + '$phpath' => $phpath, + '$dbtype' => $dbtype, + + '$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')), + + '$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')), + + '$timezone' => array('timezone', t('Please select a default timezone for your website'), $timezone, '', get_timezones()), + + '$baseurl' => $a->get_baseurl(), + + '$submit' => t('Submit'), + )); + return $o; + }; break; + } +} + +/** + * @brief Add a check result to the array for output. + * + * @param[in,out] array &$checks array passed to template + * @param string $title a title for the check + * @param boolean $status + * @param boolean $required + * @param[optional] string $help optional help string + */ +function check_add(&$checks, $title, $status, $required, $help = '') { + $checks[] = array( + 'title' => $title, + 'status' => $status, + 'required' => $required, + 'help' => $help + ); +} + +/** + * @brief Checks the PHP environment. + * + * @param[in,out] string &$phpath + * @param[out] array &$checks + */ +function check_php(&$phpath, &$checks) { + $help = ''; + + if (strlen($phpath)) { + $passed = file_exists($phpath); + } else { + if(is_windows()) + $phpath = trim(shell_exec('where php')); + else + $phpath = trim(shell_exec('which php')); + + $passed = strlen($phpath); + } + + if(!$passed) { + $help .= t('Could not find a command line version of PHP in the web server PATH.'). EOL; + $help .= t('If you don\'t have a command line version of PHP installed on server, you will not be able to run background polling via cron.') . EOL; + $help .= EOL . EOL ; + $tpl = get_markup_template('field_input.tpl'); + $help .= replace_macros($tpl, array( + '$field' => array('phpath', t('PHP executable path'), $phpath, t('Enter full path to php executable. You can leave this blank to continue the installation.')), + )); + $phpath = ''; + } + + check_add($checks, t('Command line PHP').($passed?" (<tt>$phpath</tt>)":""), $passed, false, $help); + + if($passed) { + $str = autoname(8); + $cmd = "$phpath install/testargs.php $str"; + $result = trim(shell_exec($cmd)); + $passed2 = $result == $str; + $help = ''; + if(!$passed2) { + $help .= t('The command line version of PHP on your system does not have "register_argc_argv" enabled.'). EOL; + $help .= t('This is required for message delivery to work.'); + } + + check_add($checks, t('PHP register_argc_argv'), $passed, true, $help); + } +} + +/** + * @brief Some PHP configuration checks. + * + * @todo Change how we display such informational text. Add more description + * how to change them. + * + * @param[out] array &$checks + */ +function check_phpconfig(&$checks) { + require_once 'include/environment.php'; + + $help = ''; + + $result = getPhpiniUploadLimits(); + $help = sprintf(t('Your max allowed total upload size is set to %s. Maximum size of one file to upload is set to %s. You are allowed to upload up to %d files at once.'), + userReadableSize($result['post_max_size']), + userReadableSize($result['max_upload_filesize']), + $result['max_file_uploads'] + ); + $help .= '<br>' . t('You can adjust these settings in the servers php.ini.'); + + check_add($checks, t('PHP upload limits'), true, false, $help); +} + +/** + * @brief Check if the openssl implementation can generate keys. + * + * @param[out] array $checks + */ +function check_keys(&$checks) { + $help = ''; + $res = false; + + if (function_exists('openssl_pkey_new')) { + $res = openssl_pkey_new(array( + 'digest_alg' => 'sha1', + 'private_key_bits' => 4096, + 'encrypt_key' => false) + ); + } + + // Get private key + + if (! $res) { + $help .= t('Error: the "openssl_pkey_new" function on this system is not able to generate encryption keys'). EOL; + $help .= t('If running under Windows, please see "http://www.php.net/manual/en/openssl.installation.php".'); + } + + check_add($checks, t('Generate encryption keys'), $res, true, $help); +} + +/** + * @brief Check for some PHP functions and modules. + * + * @param[in,out] array &$checks + */ +function check_funcs(&$checks) { + $ck_funcs = array(); + + // add check metadata, the real check is done bit later and return values set + check_add($ck_funcs, t('libCurl PHP module'), true, true); + check_add($ck_funcs, t('GD graphics PHP module'), true, true); + check_add($ck_funcs, t('OpenSSL PHP module'), true, true); + check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true); + check_add($ck_funcs, t('mb_string PHP module'), true, true); + check_add($ck_funcs, t('mcrypt PHP module'), true, true); + check_add($ck_funcs, t('xml PHP module'), true, true); + + if(function_exists('apache_get_modules')){ + if (! in_array('mod_rewrite', apache_get_modules())) { + check_add($ck_funcs, t('Apache mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.')); + } else { + check_add($ck_funcs, t('Apache mod_rewrite module'), true, true); + } + } + if((! function_exists('proc_open')) || strstr(ini_get('disable_functions'),'proc_open')) { + check_add($ck_funcs, t('proc_open'), false, true, t('Error: proc_open is required but is either not installed or has been disabled in php.ini')); + } + else { + check_add($ck_funcs, t('proc_open'), true, true); + } + + if(! function_exists('curl_init')) { + $ck_funcs[0]['status'] = false; + $ck_funcs[0]['help'] = t('Error: libCURL PHP module required but not installed.'); + } + if(! function_exists('imagecreatefromjpeg')) { + $ck_funcs[1]['status'] = false; + $ck_funcs[1]['help'] = t('Error: GD graphics PHP module with JPEG support required but not installed.'); + } + if(! function_exists('openssl_public_encrypt')) { + $ck_funcs[2]['status'] = false; + $ck_funcs[2]['help'] = t('Error: openssl PHP module required but not installed.'); + } + if(! function_exists('mysqli_connect') && !function_exists('pg_connect')) { + $ck_funcs[3]['status'] = false; + $ck_funcs[3]['help'] = t('Error: mysqli or postgres PHP module required but neither are installed.'); + } + if(! function_exists('mb_strlen')) { + $ck_funcs[4]['status'] = false; + $ck_funcs[4]['help'] = t('Error: mb_string PHP module required but not installed.'); + } + if(! function_exists('mcrypt_encrypt')) { + $ck_funcs[5]['status'] = false; + $ck_funcs[5]['help'] = t('Error: mcrypt PHP module required but not installed.'); + } + if(! extension_loaded('xml')) { + $ck_funcs[6]['status'] = false; + $ck_funcs[6]['help'] = t('Error: xml PHP module required for DAV but not installed.'); + } + + $checks = array_merge($checks, $ck_funcs); +} + +/** + * @brief Check for .htconfig requirements. + * + * @param[out] array &$checks + */ +function check_htconfig(&$checks) { + $status = true; + $help = ''; + + if( (file_exists('.htconfig.php') && !is_writable('.htconfig.php')) || + (!file_exists('.htconfig.php') && !is_writable('.')) ) { + $status = false; + $help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL; + $help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL; + $help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL; + $help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL; + } + + check_add($checks, t('.htconfig.php is writable'), $status, false, $help); +} + +/** + * @brief Checks for our templating engine Smarty3 requirements. + * + * @param[out] array &$checks + */ +function check_smarty3(&$checks) { + $status = true; + $help = ''; + + if(! is_writable(TEMPLATE_BUILD_PATH) ) { + $status = false; + $help = t('Red uses the Smarty3 template engine to render its web views. Smarty3 compiles templates to PHP to speed up rendering.') .EOL; + $help .= sprintf( t('In order to store these compiled templates, the web server needs to have write access to the directory %s under the Red top level folder.'), TEMPLATE_BUILD_PATH) . EOL; + $help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL; + $help .= sprintf( t('Note: as a security measure, you should give the web server write access to %s only--not the template files (.tpl) that it contains.'), TEMPLATE_BUILD_PATH) . EOL; + } + + check_add($checks, sprintf( t('%s is writable'), TEMPLATE_BUILD_PATH), $status, true, $help); +} + +/** + * @brief Check for store directory. + * + * @param[out] array &$checks + */ +function check_store(&$checks) { + $status = true; + $help = ''; + + @os_mkdir(TEMPLATE_BUILD_PATH, STORAGE_DEFAULT_PERMISSIONS, true); + + if(! is_writable('store')) { + $status = false; + $help = t('Red uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL; + $help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL; + } + + check_add($checks, t('store is writable'), $status, true, $help); +} + +/** + * @brief Check URL rewrite und SSL certificate. + * + * @param[out] array &$checks + */ +function check_htaccess(&$checks) { + $a = get_app(); + $status = true; + $help = ''; + $ssl_error = false; + + $url = $a->get_baseurl() . '/setup/testrewrite'; + + if (function_exists('curl_init')){ + $test = z_fetch_url($url); + if(! $test['success']) { + if(strstr($url,'https://')) { + $test = z_fetch_url($url,false,0,array('novalidate' => true)); + if($test['success']) { + $ssl_error = true; + } + } + else { + $test = z_fetch_url(str_replace('http://','https://',$url),false,0,array('novalidate' => true)); + if($test['success']) { + $ssl_error = true; + } + } + + if($ssl_error) { + $help = t('SSL certificate cannot be validated. Fix certificate or disable https access to this site.') . EOL; + $help .= t('If you have https access to your website or allow connections to TCP port 443 (the https: port), you MUST use a browser-valid certificate. You MUST NOT use self-signed certificates!') . EOL; + $help .= t('This restriction is incorporated because public posts from you may for example contain references to images on your own hub.') . EOL; + $help .= t('If your certificate is not recognized, members of other sites (who may themselves have valid certificates) will get a warning message on their own site complaining about security issues.') . EOL; + $help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL; + $help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL; + + check_add($checks, t('SSL certificate validation'), false, true, $help); + } + } + + if ((! $test['success']) || ($test['body'] != "ok")) { + $status = false; + $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true)); + } + + check_add($checks, t('Url rewrite is working'), $status, true, $help); + } else { + // cannot check modrewrite if libcurl is not installed + } +} + + +function manual_config(&$a) { + $data = htmlspecialchars($a->data['txt'], ENT_COMPAT, 'UTF-8'); + $o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.'); + $o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>"; + + return $o; +} + +function load_database_rem($v, $i){ + $l = trim($i); + if (strlen($l)>1 && ($l[0]=="-" || ($l[0]=="/" && $l[1]=="*"))){ + return $v; + } else { + return $v."\n".$i; + } +} + + +function load_database($db) { + $str = file_get_contents($db->get_install_script()); + $arr = explode(';',$str); + $errors = false; + foreach($arr as $a) { + if(strlen(trim($a))) { + $r = @$db->q(trim($a)); + if(! $r) { + $errors .= t('Errors encountered creating database tables.') . $a . EOL; + } + } + } + + return $errors; +} + +function what_next() { + $a = get_app(); + // install the standard theme + set_config('system', 'allowed_themes', 'redbasic'); + + // Set a lenient list of ciphers if using openssl. Other ssl engines + // (e.g. NSS used in RedHat) require different syntax, so hopefully + // the default curl cipher list will work for most sites. If not, + // this can set via config. Many distros are now disabling RC4, + // but many Red sites still use it and are unable to change it. + // We do not use SSL for encryption, only to protect session cookies. + // z_fetch_url() is also used to import shared links and other content + // so in theory most any cipher could show up and we should do our best + // to make the content available rather than tell folks that there's a + // weird SSL error which they can't do anything about. + + $x = curl_version(); + if(stristr($x['ssl_version'],'openssl')) + set_config('system','curl_ssl_ciphers','ALL:!eNULL'); + + // Create a system channel + require_once ('include/identity.php'); + create_sys_channel(); + + $baseurl = $a->get_baseurl(); + return + t('<h1>What next</h1>') + ."<p>".t('IMPORTANT: You will need to [manually] setup a scheduled task for the poller.') + .t('Please see the file "install/INSTALL.txt".') + ."</p><p>" + .t("Go to your new Red node <a href='$baseurl/register'>registration page</a> and register as new user. Remember to use the same email you have entered as administrator email. This will allow you to enter the site admin panel.") + ."</p>"; +} diff --git a/mod/share.php b/mod/share.php new file mode 100644 index 000000000..d5a389bdf --- /dev/null +++ b/mod/share.php @@ -0,0 +1,81 @@ +<?php + +require_once('include/security.php'); +require_once('bbcode.php'); + +function share_init(&$a) { + + $post_id = ((argc() > 1) ? intval(argv(1)) : 0); + + if(! $post_id) + killme(); + + if(! (local_channel() || remote_channel())) + killme(); + + $r = q("SELECT * from item left join xchan on author_xchan = xchan_hash WHERE id = %d LIMIT 1", + intval($post_id) + ); + if(! $r) + killme(); + if(($r[0]['item_private']) && ($r[0]['xchan_network'] !== 'rss')) + killme(); + + $sql_extra = item_permissions_sql($r[0]['uid']); + + $r = q("select * from item where id = %d $sql_extra", + intval($post_id) + ); + if(! $r) + killme(); + + /** @FIXME we only share bbcode */ + + if($r[0]['mimetype'] !== 'text/bbcode') + killme(); + + /** @FIXME eventually we want to post remotely via rpost on your home site */ + // When that works remove this next bit: + + if(! local_channel()) + killme(); + + xchan_query($r); + + if (strpos($r[0]['body'], "[/share]") !== false) { + $pos = strpos($r[0]['body'], "[share"); + $o = substr($r[0]['body'], $pos); + } else { + $o = "[share author='".urlencode($r[0]['author']['xchan_name']). + "' profile='".$r[0]['author']['xchan_url'] . + "' avatar='".$r[0]['author']['xchan_photo_s']. + "' link='".$r[0]['plink']. + "' posted='".$r[0]['created']. + "' message_id='".$r[0]['mid']."']"; + if($r[0]['title']) + $o .= '[b]'.$r[0]['title'].'[/b]'."\n"; + $o .= $r[0]['body']; + $o.= "[/share]"; + } + + if(local_channel()) { + echo $o; + killme(); + } + + $observer = $a->get_observer(); + $parsed = $observer['xchan_url']; + if($parsed) { + $post_url = $parsed['scheme'] . ':' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '') + . '/rpost'; + + /** + * @FIXME we were probably called from JS so we don't know the return page. + * In fact we won't be able to load the remote page. + * we might need an iframe + */ + + $x = z_post_url($post_url, array('f' => '', 'body' => $o )); + killme(); + } +} diff --git a/mod/sharedwithme.php b/mod/sharedwithme.php new file mode 100644 index 000000000..bee072ea7 --- /dev/null +++ b/mod/sharedwithme.php @@ -0,0 +1,107 @@ +<?php +require_once('include/conversation.php'); +require_once('include/text.php'); + +function sharedwithme_content(&$a) { + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $channel = $a->get_channel(); + + $is_owner = (local_channel() && (local_channel() == $channel['channel_id'])); + + //check for updated items and remove them + require_once('include/sharedwithme.php'); + apply_updates(); + + //drop single file - localuser + if((argc() > 2) && (argv(2) === 'drop')) { + + $id = intval(argv(1)); + + q("DELETE FROM item WHERE id = %d AND uid = %d", + intval($id), + intval(local_channel()) + ); + + goaway(z_root() . '/sharedwithme'); + } + + //drop all files - localuser + if((argc() > 1) && (argv(1) === 'dropall')) { + + q("DELETE FROM item WHERE verb = '%s' AND obj_type = '%s' AND uid = %d", + dbesc(ACTIVITY_POST), + dbesc(ACTIVITY_OBJ_FILE), + intval(local_channel()) + ); + + goaway(z_root() . '/sharedwithme'); + } + + //list files + $r = q("SELECT id, uid, object, item_unseen FROM item WHERE verb = '%s' AND obj_type = '%s' AND uid = %d AND owner_xchan != '%s'", + dbesc(ACTIVITY_POST), + dbesc(ACTIVITY_OBJ_FILE), + intval(local_channel()), + dbesc($channel['channel_hash']) + ); + + $items =array(); + $ids = ''; + + if($r) { + + foreach($r as $rr) { + $object = json_decode($rr['object'],true); + + $item = array(); + $item['id'] = $rr['id']; + $item['objfiletype'] = $object['filetype']; + $item['objfiletypeclass'] = getIconFromType($object['filetype']); + $item['objurl'] = rawurldecode(get_rel_link($object['link'],'alternate')) . '?f=&zid=' . $channel['xchan_addr']; + $item['objfilename'] = $object['filename']; + $item['objfilesize'] = userReadableSize($object['filesize']); + $item['objedited'] = $object['edited']; + $item['unseen'] = $rr['item_unseen']; + + $items[] = $item; + + if($item['unseen'] > 0) { + $ids .= " '" . $rr['id'] . "',"; + } + + } + + } + + if($ids) { + + //remove trailing , + $ids = rtrim($ids, ","); + + q("UPDATE item SET item_unseen = 0 WHERE id IN ( $ids ) AND uid = %d", + intval(local_channel()) + ); + + } + + $o = profile_tabs($a, $is_owner, $channel['channel_address']); + + $o .= replace_macros(get_markup_template('sharedwithme.tpl'), array( + '$header' => t('Files: shared with me'), + '$name' => t('Name'), + '$label_new' => t('NEW'), + '$size' => t('Size'), + '$lastmod' => t('Last Modified'), + '$dropall' => t('Remove all files'), + '$drop' => t('Remove this file'), + '$items' => $items + )); + + return $o; + +} + diff --git a/mod/siteinfo.php b/mod/siteinfo.php new file mode 100644 index 000000000..61c20d66f --- /dev/null +++ b/mod/siteinfo.php @@ -0,0 +1,180 @@ +<?php + +function siteinfo_init(&$a) { + global $db; + + if ($a->argv[1]=="json"){ + $register_policy = Array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN'); + $directory_mode = Array('DIRECTORY_MODE_NORMAL', 'DIRECTORY_MODE_SECONDARY','DIRECTORY_MODE_PRIMARY', 'DIRECTORY_MODE_STANDALONE'); + + $sql_extra = ''; + + $r = q("select * from channel left join account on account_id = channel_account_id where ( account_roles & 4096 )>0 and account_default_channel = channel_id"); + + + if($r) { + $admin = array(); + foreach($r as $rr) { + if($rr['channel_pageflags'] & PAGE_HUBADMIN) + $admin[] = array( 'name' => $rr['channel_name'], 'address' => $rr['channel_address'] . '@' . get_app()->get_hostname(), 'channel' => z_root() . '/channel/' . $rr['channel_address']); + } + if(! $admin) { + foreach($r as $rr) { + $admin[] = array( 'name' => $rr['channel_name'], 'address' => $rr['channel_address'] . '@' . get_app()->get_hostname(), 'channel' => z_root() . '/channel/' . $rr['channel_address']); + } + } + } + else { + $admin = false; + } + + $def_service_class = get_config('system','default_service_class'); + if($def_service_class) + $service_class = get_config('service_class',$def_service_class); + else + $service_class = false; + + $visible_plugins = array(); + if(is_array($a->plugins) && count($a->plugins)) { + $r = q("select * from addon where hidden = 0"); + if(count($r)) + foreach($r as $rr) + $visible_plugins[] = $rr['name']; + } + sort($visible_plugins); + + if(@is_dir('.git') && function_exists('shell_exec')) + $commit = trim(@shell_exec('git log -1 --format="%h"')); + if(! isset($commit) || strlen($commit) > 16) + $commit = ''; + + $site_info = get_config('system','info'); + $site_name = get_config('system','sitename'); + if(! get_config('system','hidden_version_siteinfo')) { + $version = RED_VERSION; + if(@is_dir('.git') && function_exists('shell_exec')) { + $commit = trim( @shell_exec('git log -1 --format="%h"')); + if(! get_config('system','hidden_tag_siteinfo')) + $tag = trim( @shell_exec('git describe --tags --abbrev=0')); + else + $tag = ''; + } + if(! isset($commit) || strlen($commit) > 16) + $commit = ''; + } + else { + $version = $commit = ''; + } + + //Statistics + $channels_total_stat = intval(get_config('system','channels_total_stat')); + $channels_active_halfyear_stat = intval(get_config('system','channels_active_halfyear_stat')); + $channels_active_monthly_stat = intval(get_config('system','channels_active_monthly_stat')); + $local_posts_stat = intval(get_config('system','local_posts_stat')); + $hide_in_statistics = intval(get_config('system','hide_in_statistics')); + $site_expire = intval(get_config('system', 'default_expire_days')); + + + $data = Array( + 'version' => $version, + 'version_tag' => $tag, + 'commit' => $commit, + 'url' => z_root(), + 'plugins' => $visible_plugins, + 'register_policy' => $register_policy[$a->config['system']['register_policy']], + 'directory_mode' => $directory_mode[$a->config['system']['directory_mode']], + 'language' => get_config('system','language'), + 'diaspora_emulation' => get_config('system','diaspora_enabled'), + 'rss_connections' => get_config('system','feed_contacts'), + 'expiration' => $site_expire, + 'default_service_restrictions' => $service_class, + 'admin' => $admin, + 'site_name' => (($site_name) ? $site_name : ''), + 'platform' => PLATFORM_NAME, + 'dbdriver' => $db->getdriver(), + 'lastpoll' => get_config('system','lastpoll'), + 'info' => (($site_info) ? $site_info : ''), + 'channels_total' => $channels_total_stat, + 'channels_active_halfyear' => $channels_active_halfyear_stat, + 'channels_active_monthly' => $channels_active_monthly_stat, + 'local_posts' => $local_posts_stat, + 'hide_in_statistics' => $hide_in_statistics + ); + json_return_and_die($data); + } +} + + + +function siteinfo_content(&$a) { + + if(! get_config('system','hidden_version_siteinfo')) { + $version = sprintf( t('Version %s'), RED_VERSION ); + if(@is_dir('.git') && function_exists('shell_exec')) { + $commit = @shell_exec('git log -1 --format="%h"'); + $tag = @shell_exec('git describe --tags --abbrev=0'); + } + if(! isset($commit) || strlen($commit) > 16) + $commit = ''; + } + else { + $version = $commit = ''; + } + $visible_plugins = array(); + if(is_array($a->plugins) && count($a->plugins)) { + $r = q("select * from addon where hidden = 0"); + if(count($r)) + foreach($r as $rr) + $visible_plugins[] = $rr['name']; + } + + $plugins_list = ''; + if(count($visible_plugins)) { + $plugins_text = t('Installed plugins/addons/apps:'); + $sorted = $visible_plugins; + $s = ''; + sort($sorted); + foreach($sorted as $p) { + if(strlen($p)) { + if(strlen($s)) $s .= ', '; + $s .= $p; + } + } + $plugins_list .= $s; + } + else + $plugins_text = t('No installed plugins/addons/apps'); + + $txt = get_config('system','admininfo'); + $admininfo = bbcode($txt); + + if(file_exists('doc/site_donate.html')) + $donate .= file_get_contents('doc/site_donate.html'); + + $o = replace_macros(get_markup_template('siteinfo.tpl'), array( + '$title' => t('$Projectname'), + '$description' => t('This is a hub of $Projectname - a global cooperative network of decentralized privacy enhanced websites.'), + '$version' => $version, + '$tag_txt' => t('Tag: '), + '$tag' => $tag, + '$polled' => t('Last background fetch: '), + '$lastpoll' => get_poller_runtime(), + '$commit' => $commit, + '$web_location' => t('Running at web location') . ' ' . z_root(), + '$visit' => t('Please visit <a href="https://redmatrix.me">redmatrix.me</a> to learn more about $Projectname.'), + '$bug_text' => t('Bug reports and issues: please visit'), + '$bug_link_url' => 'https://github.com/redmatrix/hubzilla/issues', + '$bug_link_text' => t('$projectname issues'), + '$contact' => t('Suggestions, praise, etc. - please email "redmatrix" at librelist - dot com'), + '$donate' => $donate, + '$adminlabel' => t('Site Administrators'), + '$admininfo' => $admininfo, + '$plugins_text' => $plugins_text, + '$plugins_list' => $plugins_list + )); + + call_hooks('about_hook', $o); + + return $o; + +} diff --git a/mod/sitelist.php b/mod/sitelist.php new file mode 100644 index 000000000..12911cbd4 --- /dev/null +++ b/mod/sitelist.php @@ -0,0 +1,58 @@ +<?php /** @file */ + +function sitelist_init(&$a) { + + $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0); + $limit = ((intval($_REQUEST['limit'])) ? intval($_REQUEST['limit']) : 30); + $order = (($_REQUEST['order']) ? $_REQUEST['order'] : 'random'); + $open = (($_REQUEST['open']) ? intval($_REQUEST['open']) : false); + + + $sql_order = " order by site_url "; + $rand = db_getfunc('rand'); + if($order == 'random') + $sql_order = " order by $rand "; + + $sql_limit = " LIMIT $limit OFFSET $start "; + + $sql_extra = ""; + if($open) + $sql_extra = " and site_register = " . intval(REGISTER_OPEN) . " "; + + $realm = get_directory_realm(); + if($realm == DIRECTORY_REALM) { + $sql_extra .= " and ( site_realm = '" . dbesc($realm) . "' or site_realm = '') "; + } + else + $sql_extra .= " and site_realm = '" . dbesc($realm) . "' "; + + $result = array('success' => false); + + $r = q("select count(site_url) as total from site where true $sql_extra "); + + if($r) + $result['total'] = intval($r[0]['total']); + + $result['start'] = $start; + $result['limit'] = $limit; + + $r = q("select * from site where true $sql_extra $sql_order $sql_limit"); + + $result['results'] = 0; + $result['entries'] = array(); + + if($r) { + $result['success'] = true; + $result['results'] = count($r); + + foreach($r as $rr) { + $result['entries'][] = array('url' => $rr['site_url']); + } + + } + + echo json_encode($result); + killme(); + + +}
\ No newline at end of file diff --git a/mod/smilies.php b/mod/smilies.php new file mode 100644 index 000000000..b22d0c6d2 --- /dev/null +++ b/mod/smilies.php @@ -0,0 +1,15 @@ +<?php + +function smilies_content(&$a) { + if ($a->argv[1]==="json"){ + $tmp = list_smilies(); + $results = array(); + for($i = 0; $i < count($tmp['texts']); $i++) { + $results[] = array('text' => $tmp['texts'][$i], 'icon' => $tmp['icons'][$i]); + } + json_return_and_die($results); + } + else { + return smilies('',true); + } +} diff --git a/mod/sources.php b/mod/sources.php new file mode 100644 index 000000000..0aaaa82b1 --- /dev/null +++ b/mod/sources.php @@ -0,0 +1,168 @@ +<?php /** @file */ + +function sources_post(&$a) { + if(! local_channel()) + return; + + if(! feature_enabled(local_channel(),'channel_sources')) + return ''; + + $source = intval($_REQUEST['source']); + $xchan = $_REQUEST['xchan']; + $abook = intval($_REQUEST['abook']); + $words = $_REQUEST['words']; + $frequency = $_REQUEST['frequency']; + $name = $_REQUEST['name']; + + $channel = $a->get_channel(); + + if($name == '*') + $xchan = '*'; + + if($abook) { + $r = q("select abook_xchan from abook where abook_id = %d and abook_channel = %d limit 1", + intval($abook), + intval(local_channel()) + ); + if($r) + $xchan = $r[0]['abook_xchan']; + } + + if(! $xchan) { + notice ( t('Failed to create source. No channel selected.') . EOL); + return; + } + + if(! $source) { + $r = q("insert into source ( src_channel_id, src_channel_xchan, src_xchan, src_patt ) + values ( %d, '%s', '%s', '%s' ) ", + intval(local_channel()), + dbesc($channel['channel_hash']), + dbesc($xchan), + dbesc($words) + ); + if($r) { + info( t('Source created.') . EOL); + } + goaway(z_root() . '/sources'); + } + else { + $r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d", + dbesc($xchan), + dbesc($words), + intval(local_channel()), + intval($source) + ); + if($r) { + info( t('Source updated.') . EOL); + } + + } +} + + +function sources_content(&$a) { + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return ''; + } + + if(! feature_enabled(local_channel(),'channel_sources')) { + return ''; + } + + // list sources + if(argc() == 1) { + $r = q("select source.*, xchan.* from source left join xchan on src_xchan = xchan_hash where src_channel_id = %d", + intval(local_channel()) + ); + if($r) { + for($x = 0; $x < count($r); $x ++) { + if($r[$x]['src_xchan'] == '*') { + $r[$x]['xchan_name'] = t('*'); + } + $r[$x]['src_patt'] = htmlspecialchars($r[$x]['src_patt'], ENT_COMPAT,'UTF-8'); + } + } + $o = replace_macros(get_markup_template('sources_list.tpl'), array( + '$title' => t('Channel Sources'), + '$desc' => t('Manage remote sources of content for your channel.'), + '$new' => t('New Source'), + '$sources' => $r + )); + return $o; + } + + if(argc() == 2 && argv(1) === 'new') { + // TODO add the words 'or RSS feed' and corresponding code to manage feeds and frequency + + $o = replace_macros(get_markup_template('sources_new.tpl'), array( + '$title' => t('New Source'), + '$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'), + '$words' => array( 'words', t('Only import content with these words (one per line)'),'',t('Leave blank to import all public content')), + '$name' => array( 'name', t('Channel Name'), '', ''), + '$submit' => t('Submit') + )); + return $o; + + } + + if(argc() == 2 && intval(argv(1))) { + // edit source + $r = q("select source.*, xchan.* from source left join xchan on src_xchan = xchan_hash where src_id = %d and src_channel_id = %d limit 1", + intval(argv(1)), + intval(local_channel()) + ); + if($r) { + $x = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($r[0]['src_xchan']), + intval(local_channel()) + ); + } + if(! $r) { + notice( t('Source not found.') . EOL); + return ''; + } + + $r[0]['src_patt'] = htmlspecialchars($r[0]['src_patt'], ENT_QUOTES,'UTF-8'); + + $o = replace_macros(get_markup_template('sources_edit.tpl'), array( + '$title' => t('Edit Source'), + '$drop' => t('Delete Source'), + '$id' => $r[0]['src_id'], + '$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'), + '$words' => array( 'words', t('Only import content with these words (one per line)'),$r[0]['src_patt'],t('Leave blank to import all public content')), + '$xchan' => $r[0]['src_xchan'], + '$abook' => $x[0]['abook_id'], + '$name' => array( 'name', t('Channel Name'), $r[0]['xchan_name'], ''), + '$submit' => t('Submit') + )); + return $o; + + } + + if(argc() == 3 && intval(argv(1)) && argv(2) === 'drop') { + $r = q("select * from source where src_id = %d and src_channel_id = %d limit 1", + intval(argv(1)), + intval(local_channel()) + ); + if(! $r) { + notice( t('Source not found.') . EOL); + return ''; + } + $r = q("delete from source where src_id = %d and src_channel_id = %d", + intval(argv(1)), + intval(local_channel()) + ); + if($r) + info( t('Source removed') . EOL); + else + notice( t('Unable to remove source.') . EOL); + + goaway(z_root() . '/sources'); + + } + + // shouldn't get here. + +}
\ No newline at end of file diff --git a/mod/sslify.php b/mod/sslify.php new file mode 100644 index 000000000..f37a8e23e --- /dev/null +++ b/mod/sslify.php @@ -0,0 +1,24 @@ +<?php + +function sslify_init(&$a) { + $x = z_fetch_url($_REQUEST['url']); + if($x['success']) { + $h = explode("\n",$x['header']); + foreach ($h as $l) { + list($k,$v) = array_map("trim", explode(":", trim($l), 2)); + $hdrs[$k] = $v; + } + if (array_key_exists('Content-Type', $hdrs)) + $type = $hdrs['Content-Type']; + + header('Content-Type: ' . $type); + echo $x['body']; + killme(); + } + killme(); + // for some reason when this fallback is in place - it gets triggered + // often, (creating mixed content exceptions) even though there is + // nothing obvious missing on the page when we bypass it. + goaway($_REQUEST['url']); +} + diff --git a/mod/starred.php b/mod/starred.php new file mode 100644 index 000000000..103e5f4b4 --- /dev/null +++ b/mod/starred.php @@ -0,0 +1,33 @@ +<?php + + +function starred_init(&$a) { + + $starred = 0; + + if(! local_channel()) + killme(); + if(argc() > 1) + $message_id = intval(argv(1)); + if(! $message_id) + killme(); + + $r = q("SELECT item_flags FROM item WHERE uid = %d AND id = %d LIMIT 1", + intval(local_channel()), + intval($message_id) + ); + if(! count($r)) + killme(); + + $item_starred = (intval($r[0]['item_starred']) ? 0 : 1); + + $r = q("UPDATE item SET item_starred = %d WHERE uid = %d and id = %d", + intval($item_starred), + intval(local_channel()), + intval($message_id) + ); + + header('Content-type: application/json'); + echo json_encode(array('result' => $item_starred)); + killme(); +} diff --git a/mod/subthread.php b/mod/subthread.php new file mode 100755 index 000000000..9cfe5c24d --- /dev/null +++ b/mod/subthread.php @@ -0,0 +1,243 @@ +<?php + +require_once('include/security.php'); +require_once('include/bbcode.php'); +require_once('include/items.php'); + + +function subthread_content(&$a) { + + if((! local_channel()) && (! remote_channel())) { + return; + } + + $activity = ACTIVITY_FOLLOW; + + $item_id = ((argc() > 1) ? notags(trim(argv(1))) : 0); + + $r = q("SELECT * FROM `item` WHERE `parent` = '%s' OR `parent_mid` = '%s' and parent = id LIMIT 1", + dbesc($item_id), + dbesc($item_id) + ); + + if((! $item_id) || (! $r)) { + logger('subthread: no item ' . $item_id); + return; + } + + $item = $r[0]; + + $owner_uid = $item['uid']; + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner_uid,$ob_hash,'post_comments')) + return; + + $sys = get_sys_channel(); + + $owner_uid = $item['uid']; + $owner_aid = $item['aid']; + + // if this is a "discover" item, (item['uid'] is the sys channel), + // fallback to the item comment policy, which should've been + // respected when generating the conversation thread. + // Even if the activity is rejected by the item owner, it should still get attached + // to the local discover conversation on this site. + + if(($owner_uid != $sys['channel_id']) && (! perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_comments'))) { + notice( t('Permission denied') . EOL); + killme(); + } + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['owner_xchan']) + ); + if($r) + $thread_owner = $r[0]; + else + killme(); + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['author_xchan']) + ); + if($r) + $item_author = $r[0]; + else + killme(); + + + $mid = item_message_id(); + + $post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status')); + + $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink'])); + $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + + $body = $item['body']; + + $obj = json_encode(array( + 'type' => $objtype, + 'id' => $item['mid'], + 'parent' => (($item['thr_parent']) ? $item['thr_parent'] : $item['parent_mid']), + 'link' => $links, + 'title' => $item['title'], + 'content' => $item['body'], + 'created' => $item['created'], + 'edited' => $item['edited'], + 'author' => array( + 'name' => $item_author['xchan_name'], + 'address' => $item_author['xchan_addr'], + 'guid' => $item_author['xchan_guid'], + 'guid_sig' => $item_author['xchan_guid_sig'], + 'link' => array( + array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item_author['xchan_url']), + array('rel' => 'photo', 'type' => $item_author['xchan_photo_mimetype'], 'href' => $item_author['xchan_photo_m'])), + ), + )); + + if(! intval($item['item_thread_top'])) + $post_type = 'comment'; + + $bodyverb = t('%1$s is following %2$s\'s %3$s'); + + $arr = array(); + + $arr['mid'] = $mid; + $arr['aid'] = $owner_aid; + $arr['uid'] = $owner_uid; + $arr['parent'] = $item['id']; + $arr['parent_mid'] = $item['mid']; + $arr['thr_parent'] = $item['mid']; + $arr['owner_xchan'] = $thread_owner['xchan_hash']; + $arr['author_xchan'] = $observer['xchan_hash']; + $arr['item_origin'] = 1; + $arr['item_notshown'] = 1; + if(intval($item['item_wall'])) + $arr['item_wall'] = 1; + else + $arr['item_wall'] = 0; + + $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; + $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; + $plink = '[zrl=' . $a->get_baseurl() . '/display/' . $item['mid'] . ']' . $post_type . '[/zrl]'; + + $arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink ); + + $arr['verb'] = $activity; + $arr['obj_type'] = $objtype; + $arr['object'] = $obj; + + $arr['allow_cid'] = $item['allow_cid']; + $arr['allow_gid'] = $item['allow_gid']; + $arr['deny_cid'] = $item['deny_cid']; + $arr['deny_gid'] = $item['deny_gid']; + + + $post = item_store($arr); + $post_id = $post['item_id']; + + $arr['id'] = $post_id; + + call_hooks('post_local_end', $arr); + + killme(); + + + + + + + + + + + + + + + + + + + + + + + + + + + + $post_type = (($item['resource_id']) ? t('photo') : t('status')); + $objtype = (($item['resource_id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + + $link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ; + $body = $item['body']; + + $obj = <<< EOT + + <object> + <type>$objtype</type> + <local>1</local> + <id>{$item['mid']}</id> + <link>$link</link> + <title></title> + <content>$body</content> + </object> +EOT; + + $arr = array(); + + $arr['mid'] = $mid; + $arr['uid'] = $owner_uid; + $arr['contact-id'] = $contact['id']; + $arr['type'] = 'activity'; + $arr['wall'] = $item['wall']; + $arr['origin'] = 1; + $arr['gravity'] = GRAVITY_LIKE; + $arr['parent'] = $item['id']; + $arr['parent-mid'] = $item['mid']; + $arr['thr_parent'] = $item['mid']; + $arr['owner-name'] = $remote_owner['name']; + $arr['owner-link'] = $remote_owner['url']; + $arr['owner-avatar'] = $remote_owner['thumb']; + $arr['author-name'] = $contact['name']; + $arr['author-link'] = $contact['url']; + $arr['author-avatar'] = $contact['thumb']; + + $ulink = '[zrl=' . $contact['url'] . ']' . $contact['name'] . '[/zrl]'; + $alink = '[zrl=' . $item['author-link'] . ']' . $item['author-name'] . '[/zrl]'; + $plink = '[zrl=' . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . ']' . $post_type . '[/zrl]'; + $arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink ); + + $arr['verb'] = $activity; + $arr['object-type'] = $objtype; + $arr['object'] = $obj; + $arr['allow_cid'] = $item['allow_cid']; + $arr['allow_gid'] = $item['allow_gid']; + $arr['deny_cid'] = $item['deny_cid']; + $arr['deny_gid'] = $item['deny_gid']; + $arr['visible'] = 1; + $arr['unseen'] = 1; + $arr['last-child'] = 0; + + $post = item_store($arr); + $post_id = $post['item_id']; + + if(! $item['visible']) { + $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d", + intval($item['id']), + intval($owner_uid) + ); + } + + $arr['id'] = $post_id; + + call_hooks('post_local_end', $arr); + + killme(); + +} + + diff --git a/mod/suggest.php b/mod/suggest.php new file mode 100644 index 000000000..438d884ca --- /dev/null +++ b/mod/suggest.php @@ -0,0 +1,66 @@ +<?php + +require_once('include/socgraph.php'); +require_once('include/contact_widgets.php'); +require_once('include/widgets.php'); + + +function suggest_init(&$a) { + if(! local_channel()) + return; + + if(x($_GET,'ignore')) { + q("insert into xign ( uid, xchan ) values ( %d, '%s' ) ", + intval(local_channel()), + dbesc($_GET['ignore']) + ); + } + +} + + +function suggest_content(&$a) { + + $o = ''; + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + $_SESSION['return_url'] = $a->get_baseurl() . '/' . $a->cmd; + + $r = suggestion_query(local_channel(),get_observer_hash()); + + if(! $r) { + info( t('No suggestions available. If this is a new site, please try again in 24 hours.')); + return; + } + + $arr = array(); + + foreach($r as $rr) { + + $connlnk = $a->get_baseurl() . '/follow/?url=' . $rr['xchan_addr']; + + $arr[] = array( + 'url' => chanlink_url($rr['xchan_url']), + 'common' => $rr['total'], + 'profile' => $rr['xchan_url'], + 'name' => $rr['xchan_name'], + 'photo' => $rr['xchan_photo_m'], + 'ignlnk' => $a->get_baseurl() . '/suggest?ignore=' . $rr['xchan_hash'], + 'conntxt' => t('Connect'), + 'connlnk' => $connlnk, + 'ignore' => t('Ignore/Hide') + ); + } + + + $o = replace_macros(get_markup_template('suggest_page.tpl'),array( + '$title' => t('Channel Suggestions'), + '$entries' => $arr + )); + + return $o; + +} diff --git a/mod/tagger.php b/mod/tagger.php new file mode 100644 index 000000000..9f9855ed8 --- /dev/null +++ b/mod/tagger.php @@ -0,0 +1,134 @@ +<?php + +require_once('include/security.php'); +require_once('include/bbcode.php'); +require_once('include/items.php'); + + +function tagger_content(&$a) { + + if(! local_channel() && ! remote_channel()) { + return; + } + + $observer_hash = get_observer_hash(); + //strip html-tags + $term = notags(trim($_GET['term'])); + //check if empty + if(! $term) + return; + + $item_id = ((argc() > 1) ? notags(trim(argv(1))) : 0); + + logger('tagger: tag ' . $term . ' item ' . $item_id); + + + $r = q("SELECT * FROM item left join xchan on xchan_hash = author_xchan WHERE id = '%s' and uid = %d LIMIT 1", + dbesc($item_id), + intval(local_channel()) + ); + + if((! $item_id) || (! $r)) { + logger('tagger: no item ' . $item_id); + return; + } + + $item = $r[0]; + + $owner_uid = $item['uid']; + + switch($item['resource_type']) { + case 'photo': + $targettype = ACTIVITY_OBJ_PHOTO; + $post_type = t('photo'); + break; + case 'event': + $targgettype = ACTIVITY_OBJ_EVENT; + $post_type = t('event'); + break; + default: + $targettype = ACTIVITY_OBJ_NOTE; + $post_type = t('post'); + if($item['mid'] != $item['parent_mid']) + $post_type = t('comment'); + break; + } + + + $links = array(array('rel' => 'alternate','type' => 'text/html', + 'href' => z_root() . '/display/' . $item['mid'])); + + $target = json_encode(array( + 'type' => $targettype, + 'id' => $item['mid'], + 'link' => $links, + 'title' => $item['title'], + 'content' => $item['body'], + 'created' => $item['created'], + 'edited' => $item['edited'], + 'author' => array( + 'name' => $item['xchan_name'], + 'address' => $item['xchan_addr'], + 'guid' => $item['xchan_guid'], + 'guid_sig' => $item['xchan_guid_sig'], + 'link' => array( + array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item['xchan_url']), + array('rel' => 'photo', 'type' => $item['xchan_photo_mimetype'], 'href' => $item['xchan_photo_m'])), + ), + )); + + + + $link = xmlify('<link rel="alternate" type="text/html" href="' + . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ; + + $tagid = $a->get_baseurl() . '/search?tag=' . $term; + $objtype = ACTIVITY_OBJ_TAGTERM; + + $obj = json_encode(array( + 'type' => $objtype, + 'id' => $tagid, + 'link' => array(array('rel' => 'alternate','type' => 'text/html', 'href' => $tagid)), + 'title' => $term, + 'content' => $term + )); + + $bodyverb = t('%1$s tagged %2$s\'s %3$s with %4$s'); + + // saving here for reference + // also check out x22d5 and x2317 and x0d6b and x0db8 and x24d0 and xff20 !!! + + $termlink = html_entity_decode('⋕') . '[zrl=' . $a->get_baseurl() . '/search?tag=' . urlencode($term) . ']'. $term . '[/zrl]'; + + $channel = $a->get_channel(); + + $arr = array(); + + $arr['owner_xchan'] = $item['owner_xchan']; + $arr['author_xchan'] = $channel['channel_hash']; + + $arr['item_origin'] = 1; + $arr['item_wall'] = ((intval($item['item_wall'])) ? 1 : 0); + + $ulink = '[zrl=' . $channel['xchan_url'] . ']' . $channel['channel_name'] . '[/zrl]'; + $alink = '[zrl=' . $item['xchan_url'] . ']' . $item['xchan_name'] . '[/zrl]'; + $plink = '[zrl=' . $item['plink'] . ']' . $post_type . '[/zrl]'; + + $arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink, $termlink ); + + $arr['verb'] = ACTIVITY_TAG; + $arr['tgt_type'] = $targettype; + $arr['target'] = $target; + $arr['obj_type'] = $objtype; + $arr['object'] = $obj; + $arr['parent_mid'] = $item['mid']; + + store_item_tag($item['uid'],$item['id'],TERM_OBJ_POST,TERM_HASHTAG,$term,$tagid); + $ret = post_activity_item($arr); + + if($ret['success']) + proc_run('php','include/notifier.php','tag',$ret['activity']['id']); + + killme(); + +} diff --git a/mod/tagrm.php b/mod/tagrm.php new file mode 100644 index 000000000..56e842fb8 --- /dev/null +++ b/mod/tagrm.php @@ -0,0 +1,141 @@ +<?php + +require_once('bbcode.php'); + +function tagrm_post(&$a) { + + if(! local_channel()) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + + if((x($_POST,'submit')) && ($_POST['submit'] === t('Cancel'))) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $tag = ((x($_POST,'tag')) ? trim($_POST['tag']) : ''); + $item = ((x($_POST,'item')) ? intval($_POST['item']) : 0 ); + + $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($item), + intval(local_channel()) + ); + + if(! $r) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $r = fetch_post_tags($r,true); + + $item = $r[0]; + $new_tags = array(); + + if($item['term']) { + for($x = 0; $x < count($item['term']); $x ++) { + if($item['term'][$x]['term'] !== hex2bin($tag)) + $new_tags[] = $item['term'][$x]; + } + } + + if($new_tags) + $item['term'] = $new_tags; + else + unset($item['term']); + + item_store_update($item); + + info( t('Tag removed') . EOL ); + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + // NOTREACHED + +} + + + +function tagrm_content(&$a) { + + if(! local_channel()) { + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + // NOTREACHED + } + + // remove tag on the fly if item and tag are provided + if((argc() == 4) && (argv(1) === 'drop') && intval(argv(2))) { + + $item = intval(argv(2)); + $tag = argv(3); + + $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($item), + intval(local_channel()) + ); + + if(! $r) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $r = fetch_post_tags($r,true); + + $item = $r[0]; + + $new_tags = array(); + + if($item['term']) { + for($x = 0; $x < count($item['term']); $x ++) { + if($item['term'][$x]['term'] !== hex2bin($tag)) + $new_tags[] = $item['term'][$x]; + } + } + + if($new_tags) + $item['term'] = $new_tags; + else + unset($item['term']); + + item_store_update($item); + + info( t('Tag removed') . EOL ); + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + } + + //if we got only the item print a list of tags to select + if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) { + + $o = ''; + + $item = intval(argv(2)); + + $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($item), + intval(local_channel()) + ); + + if(! $r) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $r = fetch_post_tags($r,true); + + if(! count($r[0]['term'])) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $o .= '<h3>' . t('Remove Item Tag') . '</h3>'; + + $o .= '<p id="tag-remove-desc">' . t('Select a tag to remove: ') . '</p>'; + + $o .= '<form id="tagrm" action="tagrm" method="post" >'; + $o .= '<input type="hidden" name="item" value="' . $item . '" />'; + $o .= '<ul>'; + + + foreach($r[0]['term'] as $x) { + $o .= '<li><input type="checkbox" name="tag" value="' . bin2hex($x['term']) . '" >' . bbcode($x['term']) . '</input></li>'; + } + + $o .= '</ul>'; + $o .= '<input id="tagrm-submit" type="submit" name="submit" value="' . t('Remove') .'" />'; + $o .= '<input id="tagrm-cancel" type="submit" name="submit" value="' . t('Cancel') .'" />'; + $o .= '</form>'; + + return $o; + + } + +} diff --git a/mod/thing.php b/mod/thing.php new file mode 100644 index 000000000..b4b8ad027 --- /dev/null +++ b/mod/thing.php @@ -0,0 +1,324 @@ +<?php +/** + * @file mod/thing.php + * @brief + */ + +require_once('include/items.php'); +require_once('include/contact_selectors.php'); + + +function thing_init(&$a) { + + if(! local_channel()) + return; + + $account_id = $a->get_account(); + $channel = $a->get_channel(); + + $term_hash = (($_REQUEST['term_hash']) ? $_REQUEST['term_hash'] : ''); + + $name = escape_tags($_REQUEST['term']); + $verb = escape_tags($_REQUEST['verb']); + $activity = intval($_REQUEST['activity']); + $profile_guid = escape_tags($_REQUEST['profile_assign']); + $url = $_REQUEST['link']; + $photo = $_REQUEST['img']; + + $hash = random_string(); + + $verbs = obj_verbs(); + + /** + * verbs: [0] = first person singular, e.g. "I want", [1] = 3rd person singular, e.g. "Bill wants" + * We use the first person form when creating an activity, but the third person for use in activities + * @FIXME There is no accounting for verb gender for languages where this is significant. We may eventually + * require obj_verbs() to provide full conjugations and specify which form to use in the $_REQUEST params to this module. + */ + + $translated_verb = $verbs[$verb][1]; + + /* + * The site administrator can do things that normals cannot. + * This is restricted because it will likely cause + * an activitystreams protocol violation and the activity might + * choke in some other network and result in unnecessary + * support requests. It isn't because we're trying to be heavy-handed + * about what you can and can't do. + */ + + if(! $translated_verb) { + if(is_site_admin()) + $translated_verb = $verb; + } + + /* + * Things, objects: We do not provide definite (a, an) or indefinite (the) articles or singular/plural designators + * That needs to be specified in your thing. e.g. Mike has "a carrot", Greg wants "balls", Bob likes "the Boston Red Sox". + */ + + /* + * Future work on this module might produce more complex activities with targets, e.g. Phillip likes Karen's moustache + * and to describe other non-thing objects like channels, such as Karl wants Susan - where Susan represents a channel profile. + */ + + if((! $name) || (! $translated_verb)) + return; + + if($term_hash) { + $t = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc($term_hash) + ); + if(! $t) { + notice( t('Item not found.') . EOL); + return; + } + $orig_record = $t[0]; + if($photo != $orig_record['imgurl']) { + $arr = import_profile_photo($photo,get_observer_hash(),true); + $local_photo = $arr[0]; + $local_photo_type = $arr[3]; + } + else + $local_photo = $orig_record['imgurl']; + + $r = q("update term set term = '%s', url = '%s', imgurl = '%s' where term_hash = '%s' and uid = %d", + dbesc($name), + dbesc(($url) ? $url : z_root() . '/thing/' . $term_hash), + dbesc($local_photo), + dbesc($term_hash), + intval(local_channel()) + ); + + info( t('Thing updated') . EOL); + return; + } + + $sql = (($profile_guid) ? " and profile_guid = '" . dbesc($profile_guid) . "' " : " and is_default = 1 "); + $p = q("select profile_guid, is_default from profile where uid = %d $sql limit 1", + intval(local_channel()) + ); + + if($p) + $profile = $p[0]; + else + return; + + $local_photo = null; + + if($photo) { + $arr = import_profile_photo($photo,get_observer_hash(),true); + $local_photo = $arr[0]; + $local_photo_type = $arr[3]; + } + + $r = q("select * from term where uid = %d and otype = %d and type = %d and term = '%s' limit 1", + intval(local_channel()), + intval(TERM_OBJ_THING), + intval(TERM_THING), + dbesc($name) + ); + if(! $r) { + $r = q("insert into term ( aid, uid, oid, otype, type, term, url, imgurl, term_hash ) + values( %d, %d, %d, %d, %d, '%s', '%s', '%s', '%s' ) ", + intval($account_id), + intval(local_channel()), + 0, + intval(TERM_OBJ_THING), + intval(TERM_THING), + dbesc($name), + dbesc(($url) ? $url : z_root() . '/thing/' . $hash), + dbesc(($photo) ? $local_photo : ''), + dbesc($hash) + ); + $r = q("select * from term where uid = %d and otype = %d and type = %d and term = '%s' limit 1", + intval(local_channel()), + intval(TERM_OBJ_THING), + intval(TERM_THING), + dbesc($name) + ); + } + $term = $r[0]; + + $r = q("insert into obj ( obj_page, obj_verb, obj_type, obj_channel, obj_obj) values ('%s','%s', %d, %d, '%s') ", + dbesc($profile['profile_guid']), + dbesc($verb), + intval(TERM_OBJ_THING), + intval(local_channel()), + dbesc($term['term_hash']) + ); + + if(! $r) { + notice( t('Object store: failed')); + return; + } + + info( t('Thing added')); + + if($activity) { + $arr = array(); + $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $term['url'])); + if($local_photo) + $links[] = array('rel' => 'photo', 'type' => $local_photo_type, 'href' => $local_photo); + + $objtype = ACTIVITY_OBJ_THING; + + $obj = json_encode(array( + 'type' => $objtype, + 'id' => $term['url'], + 'link' => $links, + 'title' => $term['term'], + 'content' => $term['term'] + )); + + $bodyverb = str_replace('OBJ: ', '',t('OBJ: %1$s %2$s %3$s')); + + $arr['owner_xchan'] = $channel['channel_hash']; + $arr['author_xchan'] = $channel['channel_hash']; + + $arr['item_origin'] = 1; + $arr['item_wall'] = 1; + $arr['item_thread_top'] = 1; + + $ulink = '[zrl=' . $channel['xchan_url'] . ']' . $channel['channel_name'] . '[/zrl]'; + $plink = '[zrl=' . $term['url'] . ']' . $term['term'] . '[/zrl]'; + + $arr['body'] = sprintf( $bodyverb, $ulink, $translated_verb, $plink ); + + if($local_photo) + $arr['body'] .= "\n\n[zmg]" . $local_photo . "[/zmg]"; + + $arr['verb'] = $verb; + $arr['obj_type'] = $objtype; + $arr['object'] = $obj; + + if(! $profile['is_default']) { + $arr['item_private'] = true; + $str = ''; + $r = q("select abook_xchan from abook where abook_channel = %d and abook_profile = '%s'", + intval(local_channel()), + dbesc($profile_guid) + ); + if($r) { + $arr['allow_cid'] = ''; + foreach($r as $rr) + $arr['allow_cid'] .= '<' . $rr['abook_xchan'] . '>'; + } + else + $arr['allow_cid'] = '<' . get_observer_hash() . '>'; + } + + $ret = post_activity_item($arr); + } +} + + +function thing_content(&$a) { + + if(argc() == 2) { + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc(argv(1)) + ); + + if($r) { + return replace_macros(get_markup_template('show_thing.tpl'), array( + '$header' => t('Show Thing'), + '$edit' => t('Edit'), + '$delete' => t('Delete'), + '$canedit' => ((local_channel() && local_channel() == $r[0]['obj_channel']) ? true : false), + '$thing' => $r[0] )); + } + else { + notice( t('item not found.') . EOL); + return; + } + } + + $channel = $a->get_channel(); + + if(! (local_channel() && $channel)) { + notice( t('Permission denied.') . EOL); + return; + } + + $thing_hash = ''; + + if(argc() == 3 && argv(1) === 'edit') { + $thing_hash = argv(2); + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc($thing_hash) + ); + + if((! $r) || ($r[0]['obj_channel'] != local_channel())) { + notice( t('Permission denied.') . EOL); + return ''; + } + + $o .= replace_macros(get_markup_template('thing_edit.tpl'),array( + '$thing_hdr' => t('Edit Thing'), + '$multiprof' => feature_enabled(local_channel(),'multi_profiles'), + '$profile_lbl' => t('Select a profile'), + '$profile_select' => contact_profile_assign($r[0]['obj_page']), + '$verb_lbl' => $channel['channel_name'], + '$verb_select' => obj_verb_selector($r[0]['obj_verb']), + '$activity' => array('activity',t('Post an activity'),true,t('Only sends to viewers of the applicable profile')), + '$thing_hash' => $thing_hash, + '$thing_lbl' => t('Name of thing e.g. something'), + '$thething' => $r[0]['term'], + '$url_lbl' => t('URL of thing (optional)'), + '$theurl' => $r[0]['url'], + '$img_lbl' => t('URL for photo of thing (optional)'), + '$imgurl' => $r[0]['imgurl'], + '$submit' => t('Submit') + )); + + return $o; + } + + if(argc() == 3 && argv(1) === 'drop') { + $thing_hash = argv(2); + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc($thing_hash) + ); + + if((! $r) || ($r[0]['obj_channel'] != local_channel())) { + notice( t('Permission denied.') . EOL); + return ''; + } + + $x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d", + dbesc($thing_hash), + intval(TERM_OBJ_THING), + intval(local_channel()) + ); + $x = q("delete from term where term_hash = '%s' and uid = %d", + dbesc($thing_hash), + intval(local_channel()) + ); + + return $o; + } + + $o .= replace_macros(get_markup_template('thing_input.tpl'),array( + '$thing_hdr' => t('Add Thing to your Profile'), + '$multiprof' => feature_enabled(local_channel(),'multi_profiles'), + '$profile_lbl' => t('Select a profile'), + '$profile_select' => contact_profile_assign(''), + '$verb_lbl' => $channel['channel_name'], + '$activity' => array('activity',t('Post an activity'),((array_key_exists('activity',$_REQUEST)) ? $_REQUEST['activity'] : true),t('Only sends to viewers of the applicable profile')), + '$verb_select' => obj_verb_selector(), + '$thing_lbl' => t('Name of thing e.g. something'), + '$url_lbl' => t('URL of thing (optional)'), + '$img_lbl' => t('URL for photo of thing (optional)'), + '$submit' => t('Submit') + )); + + return $o; +} diff --git a/mod/toggle_mobile.php b/mod/toggle_mobile.php new file mode 100644 index 000000000..06dadca04 --- /dev/null +++ b/mod/toggle_mobile.php @@ -0,0 +1,17 @@ +<?php + +function toggle_mobile_init(&$a) { + + if(isset($_GET['off'])) + $_SESSION['show_mobile'] = false; + else + $_SESSION['show_mobile'] = true; + + if(isset($_GET['address'])) + $address = $_GET['address']; + else + $address = $a->get_baseurl(); + + goaway($address); +} + diff --git a/mod/toggle_safesearch.php b/mod/toggle_safesearch.php new file mode 100644 index 000000000..3c800c4f3 --- /dev/null +++ b/mod/toggle_safesearch.php @@ -0,0 +1,25 @@ +<?php + +function toggle_safesearch_init(&$a) { + +$observer = get_observer_hash(); +if (! $observer) + return; + +if($observer) + $safe_mode = get_xconfig($observer,'directory','safe_mode'); +if ($safe_mode == '') + set_xconfig($observer,'directory','safe_mode', '0'); +elseif($safe_mode == '0') + set_xconfig($observer,'directory','safe_mode', '1'); +elseif($safe_mode == '1') + set_xconfig($observer,'directory','safe_mode', '0'); + +if(isset($_GET['address'])) + $address = $_GET['address']; +else + $address = z_root() . '/directory'; + + goaway($address); +} + diff --git a/mod/uexport.php b/mod/uexport.php new file mode 100644 index 000000000..edcb2fa84 --- /dev/null +++ b/mod/uexport.php @@ -0,0 +1,40 @@ +<?php + +function uexport_init(&$a) { + if(! local_channel()) + killme(); + + if(argc() > 1) { + $channel = $a->get_channel(); + + require_once('include/identity.php'); + + header('content-type: application/octet_stream'); + header('content-disposition: attachment; filename="' . $channel['channel_address'] . '.json"' ); + + + if(argc() > 1 && argv(1) === 'basic') { + echo json_encode(identity_basic_export(local_channel())); + killme(); + } + + // FIXME - this basically doesn't work in the wild with a channel more than a few months old due to memory and execution time limits. + // It probably needs to be built at the CLI and offered to download as a tarball. Maybe stored in the members dav. + + if(argc() > 1 && argv(1) === 'complete') { + echo json_encode(identity_basic_export(local_channel(),true)); + killme(); + } + } +} + +function uexport_content(&$a) { + $o = replace_macros(get_markup_template('uexport.tpl'), array( + '$title' => t('Export Channel'), + '$basictitle' => t('Export Channel'), + '$basic' => t('Export your basic channel information to a small file. This acts as a backup of your connections, permissions, profile and basic data, which can be used to import your data to a new hub, but does not contain your content.'), + '$fulltitle' => t('Export Content'), + '$full' => t('Export your channel information and all the content to a JSON backup. This backs up all of your connections, permissions, profile data and all of your content, but is generally not suitable for importing a channel to a new hub as this file may be VERY large. Please be patient - it may take several minutes for this download to begin.') + )); +return $o; +} diff --git a/mod/update_channel.php b/mod/update_channel.php new file mode 100644 index 000000000..5f4436d59 --- /dev/null +++ b/mod/update_channel.php @@ -0,0 +1,63 @@ +<?php + +/** + * Module: update_profile + * Purpose: AJAX synchronisation of profile page + * + */ + + +require_once('mod/channel.php'); + +function update_channel_content(&$a) { + + $profile_uid = intval($_GET['p']); + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body>\r\n"; + + /** + * We can remove this hack once Internet Explorer recognises HTML5 natively + */ + + echo (($_GET['msie'] == 1) ? '<div>' : '<section>'); + + /** + * + * Grab the page inner contents by calling the content function from the profile module directly, + * but move any image src attributes to another attribute name. This is because + * some browsers will prefetch all the images for the page even if we don't need them. + * The only ones we need to fetch are those for new page additions, which we'll discover + * on the client side and then swap the image back. + * + */ + + $text = channel_content($a,$profile_uid,$load); + + $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; + $replace = "<img\${1} dst=\"\${2}\""; +// $text = preg_replace($pattern, $replace, $text); + + if(! $load) { + $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; + $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; + $text = preg_replace($pattern, $replace, $text); + } + + /** + * reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well + */ + + echo str_replace("\t",' ',$text); + echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; + killme(); + +}
\ No newline at end of file diff --git a/mod/update_display.php b/mod/update_display.php new file mode 100644 index 000000000..d41e2e5cb --- /dev/null +++ b/mod/update_display.php @@ -0,0 +1,42 @@ +<?php + +// See update_profile.php for documentation + +require_once('mod/display.php'); +require_once('include/group.php'); + +function update_display_content(&$a) { + + $profile_uid = intval($_GET['p']); + if(! $profile_uid) + $profile_uid = (-1); + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body>\r\n"; + echo (($_GET['msie'] == 1) ? '<div>' : '<section>'); + + + $text = display_content($a,$profile_uid, $load); + $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; + $replace = "<img\${1} dst=\"\${2}\""; +// $text = preg_replace($pattern, $replace, $text); + + if(! $load) { + $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; + $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; + $text = preg_replace($pattern, $replace, $text); + } + + echo str_replace("\t",' ',$text); + echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; +// logger('update_display: ' . $text); + killme(); + +}
\ No newline at end of file diff --git a/mod/update_home.php b/mod/update_home.php new file mode 100644 index 000000000..80ae2438f --- /dev/null +++ b/mod/update_home.php @@ -0,0 +1,38 @@ +<?php + +// See update_profile.php for documentation + +require_once('mod/home.php'); + +function update_home_content(&$a) { + + $profile_uid = ((intval($_GET['p'])) ? intval($_GET['p']) : (-1)); + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body>\r\n"; + echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '<div>' : '<section>'); + + $text = home_content($a,$profile_uid, $load); + $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; + $replace = "<img\${1} dst=\"\${2}\""; +// $text = preg_replace($pattern, $replace, $text); + + if(! $load) { + $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; + $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; + $text = preg_replace($pattern, $replace, $text); + } + + echo str_replace("\t",' ',$text); + echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; +// logger('update_home: ' . $text); + killme(); + +}
\ No newline at end of file diff --git a/mod/update_network.php b/mod/update_network.php new file mode 100644 index 000000000..acd5ccdc8 --- /dev/null +++ b/mod/update_network.php @@ -0,0 +1,40 @@ +<?php + +// See update_profile.php for documentation + +require_once('mod/network.php'); +require_once('include/group.php'); + +function update_network_content(&$a) { + + $profile_uid = intval($_GET['p']); + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body>\r\n"; + echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '<div>' : '<section>'); + + + $text = network_content($a,$profile_uid, $load); + $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; + $replace = "<img\${1} dst=\"\${2}\""; +// $text = preg_replace($pattern, $replace, $text); + + if(! $load) { + $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; + $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; + $text = preg_replace($pattern, $replace, $text); + } + + echo str_replace("\t",' ',$text); + echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; +// logger('update_network: ' . $text); + killme(); + +}
\ No newline at end of file diff --git a/mod/update_public.php b/mod/update_public.php new file mode 100644 index 000000000..bac1ccf15 --- /dev/null +++ b/mod/update_public.php @@ -0,0 +1,37 @@ +<?php + +// See update_profile.php for documentation + +require_once('mod/public.php'); + +function update_public_content(&$a) { + + $profile_uid = ((intval($_GET['p'])) ? intval($_GET['p']) : (-1)); + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body>\r\n"; + echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '<div>' : '<section>'); + + $text = public_content($a,$profile_uid, $load); + $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; + $replace = "<img\${1} dst=\"\${2}\""; +// $text = preg_replace($pattern, $replace, $text); + + if(! $load) { + $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; + $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; + $text = preg_replace($pattern, $replace, $text); + } + + echo str_replace("\t",' ',$text); + echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; + killme(); + +}
\ No newline at end of file diff --git a/mod/update_search.php b/mod/update_search.php new file mode 100644 index 000000000..de29e89bd --- /dev/null +++ b/mod/update_search.php @@ -0,0 +1,66 @@ +<?php + +/** + * Module: update_profile + * Purpose: AJAX synchronisation of search page + * + */ + + +require_once('mod/search.php'); + +function update_search_content(&$a) { + + $profile_uid = intval($_GET['p']); + if(! $profile_uid) + $profile_uid = (-1); + + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body>\r\n"; + + /** + * We can remove this hack once Internet Explorer recognises HTML5 natively + */ + + echo (($_GET['msie'] == 1) ? '<div>' : '<section>'); + + /** + * + * Grab the page inner contents by calling the content function from the profile module directly, + * but move any image src attributes to another attribute name. This is because + * some browsers will prefetch all the images for the page even if we don't need them. + * The only ones we need to fetch are those for new page additions, which we'll discover + * on the client side and then swap the image back. + * + */ + + $text = search_content($a,$profile_uid,$load); + + $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; + $replace = "<img\${1} dst=\"\${2}\""; +// $text = preg_replace($pattern, $replace, $text); + + if(! $load) { + $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; + $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; + $text = preg_replace($pattern, $replace, $text); + $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; + $text = preg_replace($pattern, $replace, $text); + } + + /** + * reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well + */ + + echo str_replace("\t",' ',$text); + echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; + killme(); + +}
\ No newline at end of file diff --git a/mod/view.php b/mod/view.php new file mode 100644 index 000000000..d4381743c --- /dev/null +++ b/mod/view.php @@ -0,0 +1,15 @@ +<?php +/** + * load view/theme/$current_theme/style.php with Red context + */ + +function view_init($a){ + + header("Content-Type: text/css"); + + $theme = argv(2); + $THEMEPATH = "view/theme/$theme"; + if(file_exists("view/theme/$theme/php/style.php")) + require_once("view/theme/$theme/php/style.php"); + killme(); +} diff --git a/mod/viewconnections.php b/mod/viewconnections.php new file mode 100644 index 000000000..d9a9aecc1 --- /dev/null +++ b/mod/viewconnections.php @@ -0,0 +1,111 @@ +<?php +require_once('include/contact_selectors.php'); +require_once('include/Contact.php'); + +function viewconnections_init(&$a) { + + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + return; + } + if(argc() > 1) + profile_load($a,argv(1)); +} + +function viewconnections_content(&$a) { + + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + notice( t('Public access denied.') . EOL); + return; + } + + if(((! count($a->profile)) || ($a->profile['hide_friends']))) { + notice( t('Permission denied.') . EOL); + return; + } + + if(! perm_is_allowed($a->profile['uid'], get_observer_hash(),'view_contacts')) { + notice( t('Permission denied.') . EOL); + return; + } + + if(! $_REQUEST['aj']) + $_SESSION['return_url'] = $a->query_string; + + + $is_owner = ((local_channel() && local_channel() == $a->profile['uid']) ? true : false); + + $abook_flags = " and abook_pending = 0 and abook_self = 0 "; + $sql_extra = ''; + + if(! $is_owner) { + $abook_flags = " and abook_hidden = 0 "; + $sql_extra = " and xchan_hidden = 0 "; + } + + $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d $abook_flags and xchan_orphan = 0 and xchan_deleted = 0 $sql_extra ", + intval($a->profile['uid']) + ); + if($r) { + $a->set_pager_total($r[0]['total']); + } + + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d $abook_flags and xchan_orphan = 0 and xchan_deleted = 0 $sql_extra order by xchan_name LIMIT %d OFFSET %d ", + intval($a->profile['uid']), + intval($a->pager['itemspage']), + intval($a->pager['start']) + ); + + if((! $r) && (! $_REQUEST['aj'])) { + info( t('No connections.') . EOL ); + return $o; + } + + $contacts = array(); + + foreach($r as $rr) { + + $url = chanlink_url($rr['xchan_url']); + if($url) { + $contacts[] = array( + 'id' => $rr['abook_id'], + 'archived' => (intval($rr['abook_archived']) ? true : false), + 'img_hover' => sprintf( t('Visit %s\'s profile [%s]'), $rr['xchan_name'], $rr['xchan_url']), + 'thumb' => $rr['xchan_photo_m'], + 'name' => substr($rr['xchan_name'],0,20), + 'username' => $rr['xchan_addr'], + 'link' => $url, + 'sparkle' => '', + 'itemurl' => $rr['url'], + 'network' => '', + ); + } + } + + + if($_REQUEST['aj']) { + if($contacts) { + $o = replace_macros(get_markup_template('viewcontactsajax.tpl'),array( + '$contacts' => $contacts + )); + } + else { + $o = '<div id="content-complete"></div>'; + } + echo $o; + killme(); + } + else { + $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $tpl = get_markup_template("viewcontact_template.tpl"); + $o .= replace_macros($tpl, array( + '$title' => t('View Connections'), + '$contacts' => $contacts, +// '$paginate' => paginate($a), + )); + } + + if(! $contacts) + $o .= '<div id="content-complete"></div>'; + + return $o; +} diff --git a/mod/viewsrc.php b/mod/viewsrc.php new file mode 100644 index 000000000..cffb01b6e --- /dev/null +++ b/mod/viewsrc.php @@ -0,0 +1,47 @@ +<?php + + +function viewsrc_content(&$a) { + + $o = ''; + + $sys = get_sys_channel(); + + $item_id = ((argc() > 1) ? intval(argv(1)) : 0); + $json = ((argc() > 2 && argv(2) === 'json') ? true : false); + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + } + + + if(! $item_id) { + $a->error = 404; + notice( t('Item not found.') . EOL); + } + + $item_normal = item_normal(); + + if(local_channel() && $item_id) { + $r = q("select id, item_flags, item_obscured, body from item where uid in (%d , %d) and id = %d $item_normal limit 1", + intval(local_channel()), + intval($sys['channel_id']), + intval($item_id) + ); + + if($r) { + if(intval($r[0]['item_obscured'])) + $r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); + $o = (($json) ? json_encode($r[0]['body']) : str_replace("\n",'<br />',$r[0]['body'])); + } + } + + if(is_ajax()) { + print '<div><i class="icon-pencil"> ' . t('Source of Item') . ' ' . $r[0]['id'] . '</i></div>'; + echo $o; + killme(); + } + + return $o; +} + diff --git a/mod/wall_attach.php b/mod/wall_attach.php new file mode 100644 index 000000000..f08f931c2 --- /dev/null +++ b/mod/wall_attach.php @@ -0,0 +1,59 @@ +<?php + +require_once('include/attach.php'); +require_once('include/identity.php'); +require_once('include/photos.php'); + +function wall_attach_post(&$a) { + + if(argc() > 1) + $channel = get_channel_by_nick(argv(1)); + elseif($_FILES['media']) { + require_once('include/api.php'); + $user_info = api_get_user($a); + $nick = $user_info['screen_name']; + $channel = get_channel_by_nick($user_info['screen_name']); + } + + if(! $channel) + killme(); + + $observer = $a->get_observer(); + + +// if($_FILES['userfile']['tmp_name']) { +// $x = @getimagesize($_FILES['userfile']['tmp_name']); +// logger('getimagesize: ' . print_r($x,true), LOGGER_DATA); +// if(($x) && ($x[2] === IMAGETYPE_GIF || $x[2] === IMAGETYPE_JPEG || $x[2] === IMAGETYPE_PNG)) { +// $args = array( 'source' => 'editor', 'visible' => 0, 'contact_allow' => array($channel['channel_hash'])); +// $ret = photo_upload($channel,$observer,$args); +// if($ret['success']) { +// echo "\n\n" . $ret['body'] . "\n\n"; +// killme(); +// } +// if($using_api) +// return; +// notice($ret['message']); +// killme(); +// } +// } + + $def_album = get_pconfig($channel['channel_id'],'system','photo_path'); + $def_attach = get_pconfig($channel['channel_id'],'system','attach_path'); + + $r = attach_store($channel,(($observer) ? $observer['xchan_hash'] : ''),'', array('source' => 'editor', 'visible' => 0, 'album' => $def_album, 'directory' => $def_attach, 'allow_cid' => '<' . $channel['channel_hash'] . '>')); + + if(! $r['success']) { + notice( $r['message'] . EOL); + killme(); + } + + if(intval($r['data']['is_photo'])) { + echo "\n\n" . $r['body'] . "\n\n"; + if($using_api) + return; + } + echo "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n"; + killme(); + +} diff --git a/mod/wall_upload.php b/mod/wall_upload.php new file mode 100644 index 000000000..31a497f0f --- /dev/null +++ b/mod/wall_upload.php @@ -0,0 +1,51 @@ +<?php + +require_once('include/photo/photo_driver.php'); +require_once('include/identity.php'); +require_once('include/photos.php'); + + + +function wall_upload_post(&$a) { + + + $using_api = ((x($_FILES,'media')) ? true : false); + + if($using_api) { + require_once('include/api.php'); + $user_info = api_get_user($a); + $nick = $user_info['screen_name']; + } + else { + if(argc() > 1) + $nick = argv(1); + } + + $channel = (($nick) ? get_channel_by_nick($nick) : false); + + if(! $channel) { + if($using_api) + return; + notice( t('Channel not found.') . EOL); + killme(); + } + + $observer = $a->get_observer(); + + $args = array( 'source' => 'editor', 'visible' => 0, 'contact_allow' => array($channel['channel_hash'])); + + $ret = photo_upload($channel,$observer,$args); + + if(! $ret['success']) { + if($using_api) + return; + notice($ret['message']); + killme(); + } + + if($using_api) + return("\n\n" . $ret['body'] . "\n\n"); + else + echo "\n\n" . $ret['body'] . "\n\n"; + killme(); +} diff --git a/mod/webfinger.php b/mod/webfinger.php new file mode 100644 index 000000000..a646961a8 --- /dev/null +++ b/mod/webfinger.php @@ -0,0 +1,31 @@ +<?php + + + +function webfinger_content(&$a) { + + $o .= '<h3>Webfinger Diagnostic</h3>'; + + $o .= '<form action="webfinger" method="get">'; + $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" />'; + $o .= '<input type="submit" name="submit" value="Submit" /></form>'; + + $o .= '<br /><br />'; + + if(x($_GET,'addr')) { + $addr = trim($_GET['addr']); + if(strpos($addr,'@') !== false) { + $res = webfinger_rfc7033($addr); + if(! $res) + $res = old_webfinger($addr); + } + else { + if(function_exists('lrdd')) + $res = lrdd($addr); + } + $o .= '<pre>'; + $o .= str_replace("\n",'<br />',print_r($res,true)); + $o .= '</pre>'; + } + return $o; +} diff --git a/mod/webpages.php b/mod/webpages.php new file mode 100644 index 000000000..8e12b5910 --- /dev/null +++ b/mod/webpages.php @@ -0,0 +1,197 @@ +<?php + +require_once('include/identity.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + +function webpages_init(&$a) { + + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $a->is_sys = true; + } + } + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($a,$which); + +} + + +function webpages_content(&$a) { + + if(! $a->profile) { + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + $which = argv(1); + + $_SESSION['return_url'] = $a->query_string; + + $uid = local_channel(); + $owner = 0; + $channel = null; + $observer = $a->get_observer(); + + $channel = $a->get_channel(); + + if($a->is_sys && is_site_admin()) { + $sys = get_sys_channel(); + if($sys && intval($sys['channel_id'])) { + $uid = $owner = intval($sys['channel_id']); + $channel = $sys; + $observer = $sys; + } + } + + if(! $owner) { + // Figure out who the page owner is. + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + $perms = get_all_perms($owner,$ob_hash); + + if(! $perms['write_pages']) { + notice( t('Permission denied.') . EOL); + return; + } + + $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); + + if(! $mimetype) { + $mimetype = 'choose'; + } + + $layout = (($_REQUEST['layout']) ? $_REQUEST['layout'] : get_pconfig($owner,'system','page_layout')); + if(! $layout) + $layout = 'choose'; + + // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages + // Nickname is set to the observers xchan, and profile_uid to the owner's. + // This lets you post pages at other people's channels. + + if((! $channel) && ($uid) && ($uid == $a->profile_uid)) { + $channel = $a->get_channel(); + } + if($channel) { + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + } + else + $channel_acl = array(); + + $is_owner = ($uid && $uid == $owner); + $o = profile_tabs($a, $is_owner, $a->profile['channel_address']); + + $x = array( + 'webpage' => ITEM_TYPE_WEBPAGE, + 'is_owner' => true, + 'nickname' => $a->profile['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'bang' => '', + 'acl' => (($is_owner) ? populate_acl($channel_acl,false) : ''), + 'showacl' => (($is_owner) ? true : false), + 'visitor' => true, + 'profile_uid' => intval($owner), + 'mimetype' => $mimetype, + 'layout' => $layout, + 'expanded' => true, + 'novoting' => true + ); + + if($_REQUEST['title']) + $x['title'] = $_REQUEST['title']; + if($_REQUEST['body']) + $x['body'] = $_REQUEST['body']; + if($_REQUEST['pagetitle']) + $x['pagetitle'] = $_REQUEST['pagetitle']; + + $editor = status_editor($a,$x); + + // Get a list of webpages. We can't display all them because endless scroll makes that unusable, + // so just list titles and an edit link. + /** @TODO - this should be replaced with pagelist_widget */ + + $sql_extra = item_permissions_sql($owner); + + $r = q("select * from item_id left join item on item_id.iid = item.id + where item_id.uid = %d and service = 'WEBPAGE' and item_type = %d $sql_extra order by item.created desc", + intval($owner), + intval(ITEM_TYPE_WEBPAGE) + ); + + $pages = null; + + if($r) { + $pages = array(); + foreach($r as $rr) { + unobscure($rr); + + $lockstate = (($rr['allow_cid'] || $rr['allow_gid'] || $rr['deny_cid'] || $rr['deny_gid']) ? 'lock' : 'unlock'); + + $element_arr = array( + 'type' => 'webpage', + 'title' => $rr['title'], + 'body' => $rr['body'], + 'created' => $rr['created'], + 'edited' => $rr['edited'], + 'mimetype' => $rr['mimetype'], + 'pagetitle' => $rr['sid'], + 'mid' => $rr['mid'], + 'layout_mid' => $rr['layout_mid'] + ); + $pages[$rr['iid']][] = array( + 'url' => $rr['iid'], + 'pagetitle' => $rr['sid'], + 'title' => $rr['title'], + 'created' => datetime_convert('UTC',date_default_timezone_get(),$rr['created']), + 'edited' => datetime_convert('UTC',date_default_timezone_get(),$rr['edited']), + 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]', + 'lockstate' => $lockstate + ); + } + } + + + //Build the base URL for edit links + $url = z_root() . '/editwebpage/' . $which; + + $o .= replace_macros(get_markup_template('webpagelist.tpl'), array( + '$listtitle' => t('Webpages'), + '$baseurl' => $url, + '$create' => t('Create'), + '$edit' => t('Edit'), + '$share' => t('Share'), + '$delete' => t('Delete'), + '$pages' => $pages, + '$channel' => $which, + '$editor' => $editor, + '$view' => t('View'), + '$preview' => t('Preview'), + '$actions_txt' => t('Actions'), + '$pagelink_txt' => t('Page Link'), + '$title_txt' => t('Page Title'), + '$created_txt' => t('Created'), + '$edited_txt' => t('Edited') + )); + + return $o; +} diff --git a/mod/wfinger.php b/mod/wfinger.php new file mode 100644 index 000000000..1493dd6ba --- /dev/null +++ b/mod/wfinger.php @@ -0,0 +1,120 @@ +<?php + +function wfinger_init(&$a) { + + $result = array(); + + $scheme = ''; + + if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS']) + $scheme = 'https'; + elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) + $scheme = 'https'; + + // Don't complain to me - I'm just implementing the spec. + + if($scheme !== 'https') { + header($_SERVER["SERVER_PROTOCOL"] . ' ' . 500 . ' ' . 'Webfinger requires HTTPS'); + killme(); + } + + $resource = $_REQUEST['resource']; + + + $r = null; + + if($resource) { + + if(strpos($resource,'acct:') === 0) { + $channel = str_replace('acct:','',$resource); + if(strpos($channel,'@') !== false) { + $host = substr($channel,strpos($channel,'@')+1); + if(strcasecmp($host,get_app()->get_hostname())) { + goaway('https://' . $host . '/.well-known/webfinger?resource=' . $resource); + } + $channel = substr($channel,0,strpos($channel,'@')); + } + } + if(strpos($resource,'http') === 0) { + $channel = str_replace('~','',basename($resource)); + } + + $r = q("select * from channel left join xchan on channel_hash = xchan_hash + where channel_address = '%s' limit 1", + dbesc($channel) + ); + + } + + + header('Access-Control-Allow-Origin: *'); + + header('Content-type: application/jrd+json'); + + + + if($resource && $r) { + + $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s'", + dbesc($r[0]['channel_hash']) + ); + + $result['subject'] = $resource; + + $aliases = array( + z_root() . '/channel/' . $r[0]['channel_address'], + z_root() . '/~' . $r[0]['channel_address'] + ); + + if($h) { + foreach($h as $hh) { + $aliases[] = 'acct:' . $hh['hubloc_addr']; + } + } + + $result['aliases'] = array(); + + $result['properties'] = array('http://webfinger.net/ns/name' => $r[0]['channel_name']); + + foreach($aliases as $alias) + if($alias != $resource) + $result['aliases'][] = $alias; + + + $result['links'] = array( + + array( + 'rel' => 'http://webfinger.net/rel/avatar', + 'type' => $r[0]['xchan_photo_mimetype'], + 'href' => $r[0]['xchan_photo_l'] + ), + + array( + 'rel' => 'http://webfinger.net/rel/profile-page', + 'href' => z_root() . '/profile/' . $r[0]['channel_address'], + ), + + array( + 'rel' => 'http://webfinger.net/rel/blog', + 'href' => z_root() . '/channel/' . $r[0]['channel_address'], + ), + + array( + 'rel' => 'http://purl.org/zot/protocol', + 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'], + ) + ); + + } + else { + header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); + killme(); + } + + $arr = array('channel' => $r[0], 'request' => $_REQUEST, 'result' => $result); + call_hooks('webfinger',$arr); + + echo json_encode($arr['result']); + killme(); + +}
\ No newline at end of file diff --git a/mod/xchan.php b/mod/xchan.php new file mode 100644 index 000000000..69fbdb77d --- /dev/null +++ b/mod/xchan.php @@ -0,0 +1,41 @@ +<?php + + +function xchan_content(&$a) { + + $o = '<h3>' . t('Xchan Lookup') . '</h3>'; + + $o .= '<form action="xchan" method="get">'; + $o .= t('Lookup xchan beginning with (or webbie): '); + $o .= '<input type="text" style="width:250px;" name="addr" value="' . $_GET['addr'] .'">'; + $o .= '<input type="submit" name="submit" value="' . t('Submit') .'"></form>'; + $o .= '<br><br>'; + + if(x($_GET, 'addr')) { + $addr = trim($_GET['addr']); + + $r = q("select * from xchan where xchan_hash like '%s%%' or xchan_addr = '%s' group by xchan_hash", + dbesc($addr), + dbesc($addr) + ); + + if($r) { + foreach($r as $rr) { + $o .= str_replace(array("\n", " "), array("<br>", " "), print_r($rr, true)) . EOL; + + $s = q("select * from hubloc where hubloc_hash like '%s'", + dbesc($r[0]['xchan_hash']) + ); + + if($s) { + foreach($s as $rrr) + $o .= str_replace(array("\n", " "), array("<br>", " "), print_r($rrr, true)) . EOL; + } + } + } + else + notice( t('Not found.') . EOL); + + } + return $o; +} diff --git a/mod/xpoco.php b/mod/xpoco.php new file mode 100644 index 000000000..560966750 --- /dev/null +++ b/mod/xpoco.php @@ -0,0 +1,7 @@ +<?php + +require_once('include/socgraph.php'); + +function xpoco_init(&$a) { + poco($a,true); +} diff --git a/mod/xrd.php b/mod/xrd.php new file mode 100644 index 000000000..4fa81c7f3 --- /dev/null +++ b/mod/xrd.php @@ -0,0 +1,62 @@ +<?php + +require_once('include/crypto.php'); + +function xrd_init(&$a) { + + $uri = urldecode(notags(trim($_GET['uri']))); + + if(substr($uri,0,4) === 'http') + $name = basename($uri); + else { + $local = str_replace('acct:', '', $uri); + if(substr($local,0,2) == '//') + $local = substr($local,2); + + $name = substr($local,0,strpos($local,'@')); + } + + $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", + dbesc($name) + ); + if(! $r) + killme(); + + $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'),array( + '$baseurl' => $a->get_baseurl(), + '$dspr_guid' => $r[0]['channel_guid'], + '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey'])) + )); + + $salmon_key = salmon_key($r[0]['channel_pubkey']); + + header('Access-Control-Allow-Origin: *'); + header("Content-type: text/xml"); + + + $tpl = get_markup_template('view/xrd_person.tpl'); + + $o = replace_macros(get_markup_template('xrd_person.tpl'), array( + '$nick' => $r[0]['channel_address'], + '$accturi' => $uri, + '$profile_url' => $a->get_baseurl() . '/channel/' . $r[0]['channel_address'], + '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['channel_address'], + '$atom' => $a->get_baseurl() . '/feed/' . $r[0]['channel_address'], + '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['channel_address'], + '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['channel_address'], + '$photo' => $a->get_baseurl() . '/photo/profile/l/' . $r[0]['channel_id'], + '$dspr' => $dspr, +// '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['channel_address'], +// '$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['channel_address'] . '/mention', + '$modexp' => 'data:application/magic-public-key,' . $salmon_key, +// '$bigkey' => salmon_key($r[0]['pubkey']) + )); + + + $arr = array('user' => $r[0], 'xml' => $o); + call_hooks('personal_xrd', $arr); + + echo $arr['xml']; + killme(); + +} diff --git a/mod/xref.php b/mod/xref.php new file mode 100644 index 000000000..95cc22aa7 --- /dev/null +++ b/mod/xref.php @@ -0,0 +1,20 @@ +<?php + +function xref_init(&$a) { + // Sets a referral URL using an xchan directly + // Link format: example.com/xref/[xchan]/[TargetURL] + // Target URL is optional. + // Cookie lasts 24 hours to survive a browser restart. Contains no personal + // information at all - just somebody else's xchan. + $referrer = argv(1); + $expire=time()+60*60*2; + $path = 'xref'; + setcookie($path, $referrer, $expire, "/"); + $url = ''; + + if (argc() > 2) + $url = argv(2); + + goaway (z_root() . '/' . $url); + +} diff --git a/mod/zfinger.php b/mod/zfinger.php new file mode 100644 index 000000000..8ddd92f3d --- /dev/null +++ b/mod/zfinger.php @@ -0,0 +1,301 @@ +<?php + +function zfinger_init(&$a) { + + require_once('include/zot.php'); + require_once('include/crypto.php'); + + $ret = array('success' => false); + + $zhash = ((x($_REQUEST,'guid_hash')) ? $_REQUEST['guid_hash'] : ''); + $zguid = ((x($_REQUEST,'guid')) ? $_REQUEST['guid'] : ''); + $zguid_sig = ((x($_REQUEST,'guid_sig')) ? $_REQUEST['guid_sig'] : ''); + $zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : ''); + $ztarget = ((x($_REQUEST,'target')) ? $_REQUEST['target'] : ''); + $zsig = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : ''); + $zkey = ((x($_REQUEST,'key')) ? $_REQUEST['key'] : ''); + $mindate = ((x($_REQUEST,'mindate')) ? $_REQUEST['mindate'] : ''); + $feed = ((x($_REQUEST,'feed')) ? intval($_REQUEST['feed']) : 0); + + if($ztarget) { + if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) { + logger('zfinger: invalid target signature'); + $ret['message'] = t("invalid target signature"); + json_return_and_die($ret); + } + } + + // allow re-written domains so bob@foo.example.com can provide an address of bob@example.com + // The top-level domain also needs to redirect .well-known/zot-info to the sub-domain with a 301 or 308 + + // TODO: Make 308 work in include/network.php for zot_fetch_url and zot_post_url + + if(($zaddr) && ($s = get_config('system','zotinfo_domainrewrite'))) { + $arr = explode('^',$s); + if(count($arr) == 2) + $zaddr = str_replace($arr[0],$arr[1],$zaddr); + } + + $r = null; + + if(strlen($zhash)) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where channel_hash = '%s' limit 1", + dbesc($zhash) + ); + } + elseif(strlen($zguid) && strlen($zguid_sig)) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where channel_guid = '%s' and channel_guid_sig = '%s' limit 1", + dbesc($zguid), + dbesc($zguid_sig) + ); + } + elseif(strlen($zaddr)) { + if(strpos($zaddr,'[system]') === false) { /* normal address lookup */ + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", + dbesc($zaddr), + dbesc($zaddr) + ); + } + + else { + + /** + * The special address '[system]' will return a system channel if one has been defined, + * Or the first valid channel we find if there are no system channels. + * + * This is used by magic-auth if we have no prior communications with this site - and + * returns an identity on this site which we can use to create a valid hub record so that + * we can exchange signed messages. The precise identity is irrelevant. It's the hub + * information that we really need at the other end - and this will return it. + * + */ + + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where channel_system = 1 order by channel_id limit 1"); + if(! $r) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where channel_removed = 0 order by channel_id limit 1"); + } + } + } + else { + $ret['message'] = 'Invalid request'; + json_return_and_die($ret); + } + + if(! $r) { + $ret['message'] = 'Item not found.'; + json_return_and_die($ret); + } + + $e = $r[0]; + + $id = $e['channel_id']; + + $sys_channel = (intval($e['channel_system']) ? true : false); + $special_channel = (($e['channel_pageflags'] & PAGE_PREMIUM) ? true : false); + $adult_channel = (($e['channel_pageflags'] & PAGE_ADULT) ? true : false); + $censored = (($e['channel_pageflags'] & PAGE_CENSORED) ? true : false); + $searchable = (($e['channel_pageflags'] & PAGE_HIDDEN) ? false : true); + $deleted = (intval($e['xchan_deleted']) ? true : false); + + if($deleted || $censored || $sys_channel) + $searchable = false; + + $public_forum = false; + + $role = get_pconfig($e['channel_id'],'system','permissions_role'); + if($role === 'forum') { + $public_forum = true; + } + else { + // check if it has characteristics of a public forum based on custom permissions. + $t = q("select abook_my_perms from abook where abook_channel = %d and abook_self = 1 limit 1", + intval($e['channel_id']) + ); + if($t && ($t[0]['abook_my_perms'] & PERMS_W_TAGWALL)) + $public_forum = true; + } + + + // This is for birthdays and keywords, but must check access permissions + $p = q("select * from profile where uid = %d and is_default = 1", + intval($e['channel_id']) + ); + + $profile = array(); + + if($p) { + + if(! intval($p[0]['publish'])) + $searchable = false; + + $profile['description'] = $p[0]['pdesc']; + $profile['birthday'] = $p[0]['dob']; + if(($profile['birthday'] != '0000-00-00') && (($bd = z_birthday($p[0]['dob'],$e['channel_timezone'])) !== '')) + $profile['next_birthday'] = $bd; + + if($age = age($p[0]['dob'],$e['channel_timezone'],'')) + $profile['age'] = $age; + $profile['gender'] = $p[0]['gender']; + $profile['marital'] = $p[0]['marital']; + $profile['sexual'] = $p[0]['sexual']; + $profile['locale'] = $p[0]['locality']; + $profile['region'] = $p[0]['region']; + $profile['postcode'] = $p[0]['postal_code']; + $profile['country'] = $p[0]['country_name']; + $profile['about'] = $p[0]['about']; + $profile['homepage'] = $p[0]['homepage']; + $profile['hometown'] = $p[0]['hometown']; + + if($p[0]['keywords']) { + $tags = array(); + $k = explode(' ',$p[0]['keywords']); + if($k) { + foreach($k as $kk) { + if(trim($kk," \t\n\r\0\x0B,")) { + $tags[] = trim($kk," \t\n\r\0\x0B,"); + } + } + } + if($tags) + $profile['keywords'] = $tags; + } + } + + $ret['success'] = true; + + // Communication details + + $ret['guid'] = $e['xchan_guid']; + $ret['guid_sig'] = $e['xchan_guid_sig']; + $ret['key'] = $e['xchan_pubkey']; + $ret['name'] = $e['xchan_name']; + $ret['name_updated'] = $e['xchan_name_date']; + $ret['address'] = $e['xchan_addr']; + $ret['photo_mimetype'] = $e['xchan_photo_mimetype']; + $ret['photo'] = $e['xchan_photo_l']; + $ret['photo_updated'] = $e['xchan_photo_date']; + $ret['url'] = $e['xchan_url']; + $ret['connections_url']= (($e['xchan_connurl']) ? $e['xchan_connurl'] : z_root() . '/poco/' . $e['channel_address']); + $ret['target'] = $ztarget; + $ret['target_sig'] = $zsig; + $ret['searchable'] = $searchable; + $ret['adult_content'] = $adult_channel; + $ret['public_forum'] = $public_forum; + if($deleted) + $ret['deleted'] = $deleted; + + // premium or other channel desiring some contact with potential followers before connecting. + // This is a template - %s will be replaced with the follow_url we discover for the return channel. + + if($special_channel) + $ret['connect_url'] = z_root() . '/connect/' . $e['channel_address']; + + // This is a template for our follow url, %s will be replaced with a webbie + + $ret['follow_url'] = z_root() . '/follow?f=&url=%s'; + + $ztarget_hash = (($ztarget && $zsig) + ? make_xchan_hash($ztarget,$zsig) + : '' ); + + $permissions = get_all_perms($e['channel_id'],$ztarget_hash,false); + + if($ztarget_hash) { + $permissions['connected'] = false; + $b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($ztarget_hash), + intval($e['channel_id']) + ); + if($b) + $permissions['connected'] = true; + } + + $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey) : $permissions); + + if($permissions['view_profile']) + $ret['profile'] = $profile; + + // array of (verified) hubs this channel uses + + $x = zot_encode_locations($e); + if($x) + $ret['locations'] = $x; + + $ret['site'] = array(); + $ret['site']['url'] = z_root(); + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$e['channel_prvkey'])); + + $dirmode = get_config('system','directory_mode'); + if(($dirmode === false) || ($dirmode == DIRECTORY_MODE_NORMAL)) + $ret['site']['directory_mode'] = 'normal'; + + if($dirmode == DIRECTORY_MODE_PRIMARY) + $ret['site']['directory_mode'] = 'primary'; + elseif($dirmode == DIRECTORY_MODE_SECONDARY) + $ret['site']['directory_mode'] = 'secondary'; + elseif($dirmode == DIRECTORY_MODE_STANDALONE) + $ret['site']['directory_mode'] = 'standalone'; + if($dirmode != DIRECTORY_MODE_NORMAL) + $ret['site']['directory_url'] = z_root() . '/dirsearch'; + + + // hide detailed site information if you're off the grid + + if($dirmode != DIRECTORY_MODE_STANDALONE) { + + $register_policy = intval(get_config('system','register_policy')); + + if($register_policy == REGISTER_CLOSED) + $ret['site']['register_policy'] = 'closed'; + if($register_policy == REGISTER_APPROVE) + $ret['site']['register_policy'] = 'approve'; + if($register_policy == REGISTER_OPEN) + $ret['site']['register_policy'] = 'open'; + + + $access_policy = intval(get_config('system','access_policy')); + + if($access_policy == ACCESS_PRIVATE) + $ret['site']['access_policy'] = 'private'; + if($access_policy == ACCESS_PAID) + $ret['site']['access_policy'] = 'paid'; + if($access_policy == ACCESS_FREE) + $ret['site']['access_policy'] = 'free'; + if($access_policy == ACCESS_TIERED) + $ret['site']['access_policy'] = 'tiered'; + + $ret['site']['accounts'] = account_total(); + + require_once('include/identity.php'); + $ret['site']['channels'] = channel_total(); + + + $ret['site']['version'] = PLATFORM_NAME . ' ' . RED_VERSION . '[' . DB_UPDATE_VERSION . ']'; + + $ret['site']['admin'] = get_config('system','admin_email'); + + $visible_plugins = array(); + if(is_array($a->plugins) && count($a->plugins)) { + $r = q("select * from addon where hidden = 0"); + if($r) + foreach($r as $rr) + $visible_plugins[] = $rr['name']; + } + + $ret['site']['plugins'] = $visible_plugins; + $ret['site']['sitehash'] = get_config('system','location_hash'); + $ret['site']['sitename'] = get_config('system','sitename'); + $ret['site']['sellpage'] = get_config('system','sellpage'); + $ret['site']['location'] = get_config('system','site_location'); + $ret['site']['realm'] = get_directory_realm(); + + } + call_hooks('zot_finger',$ret); + json_return_and_die($ret); + +} diff --git a/mod/zotfeed.php b/mod/zotfeed.php new file mode 100644 index 000000000..fffb0e4ab --- /dev/null +++ b/mod/zotfeed.php @@ -0,0 +1,46 @@ +<?php + +require_once('include/items.php'); +require_once('include/zot.php'); + +function zotfeed_init(&$a) { + + $result = array('success' => false); + + $mindate = (($_REQUEST['mindate']) ? datetime_convert('UTC','UTC',$_REQUEST['mindate']) : ''); + if(! $mindate) + $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); + + if(get_config('system','block_public') && (! get_account_id()) && (! remote_channel())) { + $result['message'] = 'Public access denied'; + json_return_and_die($result); + } + + $observer = $a->get_observer(); + + + $channel_address = ((argc() > 1) ? argv(1) : ''); + if($channel_address) { + $r = q("select channel_id, channel_name from channel where channel_address = '%s' and channel_removed = 0 limit 1", + dbesc(argv(1)) + ); + } + else { + $x = get_sys_channel(); + if($x) + $r = array($x); + $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); + } + if(! $r) { + $result['message'] = 'Channel not found.'; + json_return_and_die($result); + } + + logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); + + $result['messages'] = zot_feed($r[0]['channel_id'],$observer['xchan_hash'],array('mindate' => $mindate)); + $result['success'] = true; + json_return_and_die($result); + + +} diff --git a/mod/zping.php b/mod/zping.php new file mode 100644 index 000000000..311517701 --- /dev/null +++ b/mod/zping.php @@ -0,0 +1,28 @@ +<?php /** @file */ + +require_once('include/zot.php'); + +function zping_content(&$a) { + + // This is just a test utility function and may go away once we build these tools into + // the address book and directory to do dead site discovery. + + // The response packet include the current URL and key so we can discover if the server + // has been re-installed and clean up (e.g. get rid of) any old hublocs and xchans. + + // Remember to add '/post' to the url + + if(! local_channel()) + return; + + $url = $_REQUEST['url']; + + if(! $url) + return; + + + $m = zot_build_packet($a->get_channel(),'ping'); + $r = zot_zot($url,$m); + return print_r($r,true); + +}
\ No newline at end of file |