diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/achievements.php | 84 | ||||
| -rw-r--r-- | mod/acl.php | 45 | ||||
| -rw-r--r-- | mod/chanview.php | 12 | ||||
| -rw-r--r-- | mod/cloud.php | 28 | ||||
| -rw-r--r-- | mod/contactgroup.php | 2 | ||||
| -rw-r--r-- | mod/directory.php | 3 | ||||
| -rw-r--r-- | mod/dirprofile.php | 182 | ||||
| -rw-r--r-- | mod/dirsearch.php | 22 | ||||
| -rwxr-xr-x | mod/events.php | 2 | ||||
| -rw-r--r-- | mod/fbrowser.php | 2 | ||||
| -rw-r--r-- | mod/group.php | 8 | ||||
| -rw-r--r-- | mod/help.php | 1 | ||||
| -rw-r--r-- | mod/import.php | 2 | ||||
| -rw-r--r-- | mod/invite.php | 2 | ||||
| -rw-r--r-- | mod/item.php | 181 | ||||
| -rw-r--r-- | mod/lockview.php | 4 | ||||
| -rw-r--r-- | mod/mail.php | 349 | ||||
| -rw-r--r-- | mod/network.php | 2 | ||||
| -rw-r--r-- | mod/photos.php | 71 | ||||
| -rw-r--r-- | mod/post.php | 5 | ||||
| -rw-r--r-- | mod/profiles.php | 2 | ||||
| -rw-r--r-- | mod/register.php | 15 | ||||
| -rw-r--r-- | mod/sslify.php | 24 | ||||
| -rw-r--r-- | mod/thing.php | 158 | ||||
| -rw-r--r-- | mod/xref.php | 20 | ||||
| -rw-r--r-- | mod/zfinger.php | 6 |
26 files changed, 1046 insertions, 186 deletions
diff --git a/mod/achievements.php b/mod/achievements.php new file mode 100644 index 000000000..1910def73 --- /dev/null +++ b/mod/achievements.php @@ -0,0 +1,84 @@ +<?php + +function achievements_content(&$a) { + + if(argc() > 1) + $which = argv(1); + else { + notice( t('Requested profile is not available.') . EOL ); + return; +} + + $profile = 0; + $profile = argv(1); + profile_load($a,$which,$profile); + + $r = q("select channel_id from channel where channel_address = '%s'", + dbesc($which) + ); + if($r) { + $owner = intval($r[0]['channel_id']); + } + + $observer = $a->get_observer(); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + $perms = get_all_perms($owner,$ob_hash); + if(! $perms['view_profile']) { + notice( t('Permission denied.') . EOL); + return; + } + +// By default, all badges are false + $contactbadge = false; + $profilebadge = false; + $keywordsbadge = false; + +// Check number of contacts. Award a badge if over 10 +// We'll figure these out on each page load instead of +// writing them to the DB because that will mean one needs +// to retain their achievements - eg, you can't add +// a bunch of channels just to get your badge, and then +// delete them all again. If these become popular or +// used in profiles or something, we may need to reconsider +// and add a table for this - because this won't scale. + + $r = q("select * from abook where abook_channel = %d", + intval($owner) + ); + + if (count($r)) + $contacts = count($r); + // We're checking for 11 to adjust for the abook record for self + if ($contacts >= 11) + $contactbadge = true; + +// Check if an about field in the profile has been created. + + $r = q("select * from profile where uid = %d and about <> ''", + intval($owner) + ); + + if ($r) + $profilebadge = 1; + +// Check if keywords have been set + + $r = q("select * from profile where uid = %d and keywords <> ''", + intval($owner) + ); + + if($r) + $keywordsbadge = 1; + +// FIXME - stick ths in a template, and make it look pretty. + $o .= "Template not implemented"; + $o .= "If this is one, you get the profile badge" . $profilebadge . "<br>"; + $o .= "If this is one, you get the contact badge" . $contactbadge . "<br>"; + $o .= "If this is one you get the keywords badge" . $keywordsbadge . "<br>"; + $o .= "I haven't done the top level posts badge yet" . $toplevelpostsbadge . "<br>"; + $o .= "I haven't done the number of channels badge yet" . $channelsbadge; + + +return $o; + +} diff --git a/mod/acl.php b/mod/acl.php index bd19c4bb7..cd3e24367 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -39,7 +39,7 @@ function acl_init(&$a){ // count groups and contacts if ($type=='' || $type=='g'){ - $r = q("SELECT COUNT(`id`) AS g FROM `group` WHERE `deleted` = 0 AND `uid` = %d $sql_extra", + $r = q("SELECT COUNT(`id`) AS g FROM `groups` WHERE `deleted` = 0 AND `uid` = %d $sql_extra", intval(local_user()) ); $group_count = (int)$r[0]['g']; @@ -49,9 +49,10 @@ function acl_init(&$a){ if ($type=='' || $type=='c'){ $r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d AND not ( abook_flags & %d ) $sql_extra2" , + WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2" , intval(local_user()), - intval(ABOOK_FLAG_SELF|ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) + intval(ABOOK_FLAG_SELF|ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED), + intval(XCHAN_FLAGS_DELETED) ); $contact_count = (int)$r[0]['c']; } @@ -64,9 +65,11 @@ function acl_init(&$a){ $r = q("SELECT count(xchan_hash) as c FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) + and not ( xchan_flags & %d ) $sql_extra2 ", intval(local_user()), - intval(PERMS_W_MAIL) + intval(PERMS_W_MAIL), + intval(XCHAN_FLAGS_DELETED) ); if($r) @@ -78,8 +81,9 @@ function acl_init(&$a){ // autocomplete for Contacts $r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d $sql_extra2" , - intval(local_user()) + WHERE abook_channel = %d and not ( xchan_flags & %d ) $sql_extra2" , + intval(local_user()), + intval(XCHAN_FLAGS_DELETED) ); $contact_count = (int)$r[0]['c']; @@ -94,14 +98,14 @@ function acl_init(&$a){ if ($type=='' || $type=='g'){ - $r = q("SELECT `group`.`id`, `group`.`hash`, `group`.`name`, + $r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`name`, GROUP_CONCAT(DISTINCT `group_member`.`xchan` SEPARATOR ',') as uids - FROM `group`,`group_member` - WHERE `group`.`deleted` = 0 AND `group`.`uid` = %d - AND `group_member`.`gid`=`group`.`id` + FROM `groups`,`group_member` + WHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d + AND `group_member`.`gid`=`groups`.`id` $sql_extra - GROUP BY `group`.`id` - ORDER BY `group`.`name` + GROUP BY `groups`.`id` + ORDER BY `groups`.`name` LIMIT %d,%d", intval(local_user()), intval($start), @@ -121,32 +125,39 @@ function acl_init(&$a){ ); } } - + if ($type=='' || $type=='c') { $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d AND not ( abook_flags & %d ) $sql_extra2 order by xchan_name asc" , + WHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) $sql_extra2 order by xchan_name asc" , intval(local_user()), - intval(ABOOK_FLAG_SELF|ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED) + intval(ABOOK_FLAG_SELF|ABOOK_FLAG_BLOCKED|ABOOK_FLAG_PENDING|ABOOK_FLAG_ARCHIVED), + intval(XCHAN_FLAGS_DELETED) ); + } elseif($type == 'm') { $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) + and not (xchan_flags & %d) $sql_extra3 ORDER BY `xchan_name` ASC ", intval(local_user()), - intval(PERMS_W_MAIL) + intval(PERMS_W_MAIL), + intval(XCHAN_FLAGS_DELETED) ); } elseif($type == 'a') { $r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d + and not (xchan_flags & %d) $sql_extra3 ORDER BY xchan_name ASC ", - intval(local_user()) + intval(local_user()), + intval(XCHAN_FLAGS_DELETED) + ); } elseif($type == 'x') { diff --git a/mod/chanview.php b/mod/chanview.php index 55f7e95d6..c4942b938 100644 --- a/mod/chanview.php +++ b/mod/chanview.php @@ -78,10 +78,14 @@ function chanview_content(&$a) { return; } - $url = (($observer) - ? z_root() . '/magic?f=&dest=' . $a->poi['xchan_url'] . '&addr=' . $a->poi['xchan_addr'] - : $a->poi['xchan_url'] - ); + if(is_foreigner($a->poi['xchan_hash'])) + $url = $a->poi['xchan_url']; + else { + $url = (($observer) + ? z_root() . '/magic?f=&dest=' . $a->poi['xchan_url'] . '&addr=' . $a->poi['xchan_addr'] + : $a->poi['xchan_url'] + ); + } // let somebody over-ride the iframed viewport presentation diff --git a/mod/cloud.php b/mod/cloud.php index cdd926444..106379785 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -46,6 +46,11 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { + public $channel_name = ''; + public $channel_id = 0; + public $channel_hash = ''; + public $observer = ''; + protected function validateUserPass($username, $password) { require_once('include/auth.php'); $record = account_verify_password($email,$pass); @@ -56,10 +61,13 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { ); if($r) { $this->currentUser = $r[0]['channel_address']; + $this->channel_name = $r[0]['channel_address']; + $this->channel_id = $r[0]['channel_id']; + $this->channel_hash = $this->observer = $r[0]['channel_hash']; return true; } } - $r = q("select channel_account_id from channel where channel_address = '%s' limit 1", + $r = q("select * from channel where channel_address = '%s' limit 1", dbesc($username) ); if($r) { @@ -71,6 +79,9 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED) && (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) { logger('(DAV) RedBasicAuth: password verified for ' . $username); + $this->channel_name = $r[0]['channel_address']; + $this->channel_id = $r[0]['channel_id']; + $this->channel_hash = $this->observer = $r[0]['channel_hash']; return true; } } @@ -82,26 +93,31 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { } -function cloud_init() { +function cloud_init(&$a) { if(! get_config('system','enable_cloud')) killme(); - $rootDirectory = new DAV\FS\Directory('store'); + require_once('include/reddav.php'); + + $auth = new RedBasicAuth(); + + $rootDirectory = new RedDirectory('/',$auth); $server = new DAV\Server($rootDirectory); $lockBackend = new DAV\Locks\Backend\File('store/data/locks'); $lockPlugin = new DAV\Locks\Plugin($lockBackend); $server->addPlugin($lockPlugin); - $auth = new RedBasicAuth(); $auth->Authenticate($server,'Red Matrix'); + $browser = new DAV\Browser\Plugin(); + $server->addPlugin($browser); + // All we need to do now, is to fire up the server $server->exec(); - exit; - + killme(); }
\ No newline at end of file diff --git a/mod/contactgroup.php b/mod/contactgroup.php index 4b46605a6..8b23f9f10 100644 --- a/mod/contactgroup.php +++ b/mod/contactgroup.php @@ -20,7 +20,7 @@ function contactgroup_content(&$a) { if((argc() > 1) && (intval(argv(1)))) { - $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", + $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", intval(argv(1)), intval(local_user()) ); diff --git a/mod/directory.php b/mod/directory.php index 9e4c37fae..53542db60 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -168,6 +168,7 @@ function directory_content(&$a) { 'id' => ++$t, 'profile_link' => $profile_link, 'photo' => $rr['photo'], + 'hash' => $rr['hash'], 'alttext' => $rr['name'] . ' ' . $rr['address'], 'name' => $rr['name'], 'details' => $pdesc . $details, @@ -186,7 +187,7 @@ function directory_content(&$a) { call_hooks('directory_item', $arr); - $entries[] = $entry; + $entries[] = $arr['entry']; unset($profile); unset($location); diff --git a/mod/dirprofile.php b/mod/dirprofile.php new file mode 100644 index 000000000..ba056e864 --- /dev/null +++ b/mod/dirprofile.php @@ -0,0 +1,182 @@ +<?php + +require_once('include/dir_fns.php'); +require_once('include/bbcode.php'); + +function dirprofile_init(&$a) { + + if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { + notice( t('Public access denied.') . EOL); + return; + } + + $hash = $_REQUEST['hash']; + if(! $hash) + return ''; + + $o = ''; + + $dirmode = intval(get_config('system','directory_mode')); + + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { + $url = z_root() . '/dirsearch'; + } + if(! $url) { + $directory = find_upstream_directory($dirmode); + + if($directory) { + $url = $directory['url'] . '/dirsearch'; + } + else { + $url = DIRECTORY_FALLBACK_MASTER . '/dirsearch'; + } + } + logger('mod_directory: URL = ' . $url, LOGGER_DEBUG); + + $contacts = array(); + + if(local_user()) { + $x = q("select abook_xchan from abook where abook_channel = %d", + intval(local_user()) + ); + if($x) { + foreach($x as $xx) + $contacts[] = $xx['abook_xchan']; + } + } + + + + if($url) { + + $query = $url . '?f=&hash=' . $hash; + + $x = z_fetch_url($query); + logger('dirprofile: return from upstream: ' . print_r($x,true), LOGGER_DATA); + + if($x['success']) { + $t = 0; + $j = json_decode($x['body'],true); + if($j) { + + if($j['results']) { + + $entries = array(); + + $photo = 'thumb'; + + foreach($j['results'] as $rr) { + + $profile_link = chanlink_url($rr['url']); + + $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); + $connect_link = ((local_user()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); + + if(in_array($rr['hash'],$contacts)) + $connect_link = ''; + + $details = ''; + if(strlen($rr['locale'])) + $details .= $rr['locale']; + if(strlen($rr['region'])) { + if(strlen($rr['locale'])) + $details .= ', '; + $details .= $rr['region']; + } + if(strlen($rr['country'])) { + if(strlen($details)) + $details .= ', '; + $details .= $rr['country']; + } + if(strlen($rr['birthday'])) { + if(($years = age($rr['birthday'],'UTC','')) != 0) + $details .= '<br />' . t('Age: ') . $years ; + } + if(strlen($rr['gender'])) + $details .= '<br />' . t('Gender: ') . $rr['gender']; + + $page_type = ''; + + $profile = $rr; + + if ((x($profile,'locale') == 1) + || (x($profile,'region') == 1) + || (x($profile,'postcode') == 1) + || (x($profile,'country') == 1)) + $location = t('Location:'); + + + $marital = ((x($profile,'marital') == 1) ? t('Status: ') . $profile['marital'] : False); + $sexual = ((x($profile,'sexual') == 1) ? t('Sexual Preference: ') . $profile['sexual'] : False); + + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage: ') . linkify($profile['homepage']) : False); + $hometown = ((x($profile,'hometown') == 1) ? t('Hometown: ') . $profile['hometown'] : False); + + $about = ((x($profile,'about') == 1) ? t('About: ') . bbcode($profile['about']) : False); + + $keywords = ((x($profile,'keywords')) ? $profile['keywords'] : ''); + if($keywords) { + $keywords = str_replace(',',' ', $keywords); + $keywords = str_replace(' ',' ', $keywords); + $karr = explode(' ', $keywords); + $out = ''; + if($karr) { + if(local_user()) { + $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", + intval(local_user()) + ); + if($r) { + $keywords = str_replace(',',' ', $r[0]['keywords']); + $keywords = str_replace(' ',' ', $keywords); + $marr = explode(' ', $keywords); + } + } + foreach($karr as $k) { + if(strlen($out)) + $out .= ', '; + if($marr && in_arrayi($k,$marr)) + $out .= '<strong>' . $k . '</strong>'; + else + $out .= $k; + } + } + + } + $entry = replace_macros(get_markup_template('direntry_large.tpl'), array( + '$id' => ++$t, + '$profile_link' => $profile_link, + '$photo' => $rr['photo_l'], + '$alttext' => $rr['name'] . ' ' . $rr['address'], + '$name' => $rr['name'], + '$details' => $pdesc . $details, + '$profile' => $profile, + '$location' => $location, + '$gender' => $gender, + '$pdesc' => $pdesc, + '$marital' => $marital, + '$homepage' => $homepage, + '$hometown' => $hometown, + '$about' => $about, + '$kw' => (($out) ? t('Keywords: ') : ''), + '$keywords' => $out, + '$conn_label' => t('Connect'), + '$connect' => $connect_link, + )); + + + echo $entry; + killme(); + + } + } + else { + info( t("Not found.") . EOL); + } + } + } + } + + + + +}
\ No newline at end of file diff --git a/mod/dirsearch.php b/mod/dirsearch.php index 6315cae31..7d41ca1b7 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -27,9 +27,10 @@ function dirsearch_content(&$a) { json_return_and_die($ret); } + $hash = ((x($_REQUEST['hash'])) ? $_REQUEST['hash'] : ''); $name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''); - $hub = ((x($_REQUEST,'hub')) ? $_REQUEST['hub'] : ''); + $hub = ((x($_REQUEST,'hub')) ? $_REQUEST['hub'] : ''); $address = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : ''); $locale = ((x($_REQUEST,'locale')) ? $_REQUEST['locale'] : ''); $region = ((x($_REQUEST,'region')) ? $_REQUEST['region'] : ''); @@ -91,6 +92,13 @@ function dirsearch_content(&$a) { $sql_extra .= " AND xprof_age >= " . intval($agege) . ") "; } + + if($hash) { + $sql_extra = " AND xchan_hash = '" . dbesc($hash) . "' "; + } + + + $perpage = (($_REQUEST['n']) ? $_REQUEST['n'] : 80); $page = (($_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0); $startrec = (($page+1) * $perpage) - $perpage; @@ -112,6 +120,9 @@ function dirsearch_content(&$a) { $logic = ((strlen($sql_extra)) ? 0 : 1); + if($hash) + $logic = 1; + $safesql = (($safe > 0) ? " and not ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) " : ''); if($safe < 0) $safesql = " and ( xchan_flags & " . intval(XCHAN_FLAGS_CENSORED|XCHAN_FLAGS_SELFCENSORED) . " ) "; @@ -161,13 +172,11 @@ function dirsearch_content(&$a) { json_return_and_die($spkt); } else { - $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ", intval(XCHAN_FLAGS_HIDDEN), intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_DELETED) ); - } $ret['page'] = $page + 1; @@ -184,9 +193,8 @@ function dirsearch_content(&$a) { $entry['name'] = $rr['xchan_name']; $entry['hash'] = $rr['xchan_hash']; -// $entry['updated'] = (($rr['ud_date']) ? $rr['ud_date'] : '0000-00-00 00:00:00'); -// $entry['update_guid'] = (($rr['ud_guid']) ? $rr['ud_guid'] : ''); $entry['url'] = $rr['xchan_url']; + $entry['photo_l'] = $rr['xchan_photo_l']; $entry['photo'] = $rr['xchan_photo_m']; $entry['address'] = $rr['xchan_addr']; $entry['description'] = $rr['xprof_desc']; @@ -198,6 +206,10 @@ function dirsearch_content(&$a) { $entry['age'] = $rr['xprof_age']; $entry['gender'] = $rr['xprof_gender']; $entry['marital'] = $rr['xprof_marital']; + $entry['sexual'] = $rr['xprof_sexual']; + $entry['about'] = $rr['xprof_about']; + $entry['homepage'] = $rr['xprof_homepage']; + $entry['hometown'] = $rr['xprof_hometown']; $entry['keywords'] = $rr['xprof_keywords']; $entries[] = $entry; diff --git a/mod/events.php b/mod/events.php index 265c74fce..5cf0e425b 100755 --- a/mod/events.php +++ b/mod/events.php @@ -108,7 +108,7 @@ function events_post(&$a) { $datarray['start'] = $start; $datarray['finish'] = $finish; $datarray['summary'] = $summary; - $datarray['desc'] = $desc; + $datarray['description'] = $desc; $datarray['location'] = $location; $datarray['type'] = $type; $datarray['adjust'] = $adjust; diff --git a/mod/fbrowser.php b/mod/fbrowser.php index baacfe56b..19bd77914 100644 --- a/mod/fbrowser.php +++ b/mod/fbrowser.php @@ -45,7 +45,7 @@ function fbrowser_content($a){ $path[]=array($a->get_baseurl()."/fbrowser/image/".$a->argv[2]."/", $album); } - $r = q("SELECT `resource_id`, `id`, `filename`, type, min(`scale`) AS `hiq`,max(`scale`) AS `loq`, `desc` + $r = q("SELECT `resource_id`, `id`, `filename`, type, min(`scale`) AS `hiq`,max(`scale`) AS `loq`, `description` FROM `photo` WHERE `uid` = %d $sql_extra GROUP BY `resource_id` $sql_extra2", intval(local_user()) diff --git a/mod/group.php b/mod/group.php index 352484e25..66e5fbf8e 100644 --- a/mod/group.php +++ b/mod/group.php @@ -30,7 +30,7 @@ function group_post(&$a) { if((argc() == 2) && (intval(argv(1)))) { check_form_security_token_redirectOnErr('/group', 'group_edit'); - $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(argv(1)), intval(local_user()) ); @@ -44,7 +44,7 @@ function group_post(&$a) { $public = intval($_POST['public']); if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) { - $r = q("UPDATE `group` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d LIMIT 1", + $r = q("UPDATE `groups` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($groupname), intval($public), intval(local_user()), @@ -97,7 +97,7 @@ function group_content(&$a) { check_form_security_token_redirectOnErr('/group', 'group_drop', 't'); if(intval(argv(2))) { - $r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("SELECT `name` FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(argv(2)), intval(local_user()) ); @@ -132,7 +132,7 @@ function group_content(&$a) { if((argc() > 1) && (intval(argv(1)))) { require_once('include/acl_selectors.php'); - $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", + $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", intval(argv(1)), intval(local_user()) ); diff --git a/mod/help.php b/mod/help.php index cd2dfd87e..a4ccd1cfe 100644 --- a/mod/help.php +++ b/mod/help.php @@ -87,7 +87,6 @@ function help_content(&$a) { function preg_callback_help_include($matches) { - print_r($matches); if($matches[1]) return str_replace($matches[0],load_doc_file($matches[1]),$matches[0]); diff --git a/mod/import.php b/mod/import.php index 94d41455d..5b3b53156 100644 --- a/mod/import.php +++ b/mod/import.php @@ -314,7 +314,7 @@ function import_post(&$a) { . implode("', '", array_values($group)) . "')" ); } - $r = q("select * from `group` where uid = %d", + $r = q("select * from `groups` where uid = %d", intval($channel['channel_id']) ); if($r) { diff --git a/mod/invite.php b/mod/invite.php index e23ed7d2a..9e37d1e6d 100644 --- a/mod/invite.php +++ b/mod/invite.php @@ -42,6 +42,8 @@ function invite_post(&$a) { foreach($recips as $recip) { $recip = trim($recip); + if(! $recip) + continue; if(! valid_email($recip)) { notice( sprintf( t('%s : Not a valid email address.'), $recip) . EOL); diff --git a/mod/item.php b/mod/item.php index d3e88fdfa..2c0a36d52 100644 --- a/mod/item.php +++ b/mod/item.php @@ -66,8 +66,8 @@ function item_post(&$a) { $owner_hash = null; - $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); - + $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); + $created = ((x($_REQUEST,'created')) ? datetime_convert('UTC','UTC',$_REQUEST['created']) : datetime_convert()); $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); $app = ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''); @@ -274,6 +274,7 @@ function item_post(&$a) { $item_flags = $orig_post['item_flags']; $item_restrict = $orig_post['item_restrict']; $postopts = $orig_post['postopts']; + $created = $orig_post['created']; } else { @@ -489,8 +490,19 @@ function item_post(&$a) { if($fullnametagged) continue; - $success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag); - logger('handle_tag: ' . print_r($success,tue)); + $success = handle_tag($a, $body, $access_tag, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag); + logger('handle_tag: ' . print_r($success,tue), LOGGER_DEBUG); + if(($access_tag) && (! $parent_item)) { + logger('access_tag: ' . $tag . ' ' . print_r($access_tag,true), LOGGER_DEBUG); + if(strpos($access_tag,'cid:') === 0) { + $str_contact_allow .= '<' . substr($access_tag,4) . '>'; + $access_tag = ''; + } + elseif(strpos($access_tag,'gid:') === 0) { + $str_group_allow .= '<' . substr($access_tag,4) . '>'; + $access_tag = ''; + } + } if($success['replaced']) { $tagged[] = $tag; @@ -602,7 +614,7 @@ function item_post(&$a) { $datarray['owner_xchan'] = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']); $datarray['author_xchan'] = $observer['xchan_hash']; - $datarray['created'] = datetime_convert(); + $datarray['created'] = $created; $datarray['edited'] = datetime_convert(); $datarray['expires'] = $expires; $datarray['commented'] = datetime_convert(); @@ -639,6 +651,7 @@ function item_post(&$a) { $datarray['owner'] = $owner_xchan; $datarray['author'] = $observer; + $datarray['attach'] = json_encode($datarray['attach']); $o = conversation($a,array($datarray),'search',false,'preview'); logger('preview: ' . $o, LOGGER_DEBUG); echo json_encode(array('preview' => $o)); @@ -875,14 +888,14 @@ function item_content(&$a) { * the appropiate link. * * @param unknown_type $body the text to replace the tag in - * @param unknown_type $inform a comma-seperated string containing everybody to inform + * @param unknown_type $access_tag - used to return tag ACL exclusions e.g. @!foo * @param unknown_type $str_tags string to add the tag to * @param unknown_type $profile_uid * @param unknown_type $tag the tag to replace * * @return boolean true if replaced, false if not replaced */ -function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { +function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) { $replaced = false; $r = null; @@ -892,13 +905,14 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { //is it a hash tag? if(strpos($tag,'#') === 0) { - //if the tag is replaced... - if(strpos($tag,'[zrl=')) + // if the tag is replaced... + if(strpos($tag,'[zrl=')) { //...do nothing return $replaced; + } if($tag == '#getzot') { - $basetag = 'getzot'; - $url = 'http://getzot.com'; + $basetag = 'getzot'; + $url = 'https://redmatrix.me'; $newtag = '#[zrl=' . $url . ']' . $basetag . '[/zrl]'; $body = str_replace($tag,$newtag,$body); $replaced = true; @@ -922,107 +936,105 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { } return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $basetag, 'url' => $url, 'contact' => $r[0]); } + //is it a person tag? if(strpos($tag,'@') === 0) { + $exclusive = ((strpos($tag,'!') === 1) ? true : false); //is it already replaced? if(strpos($tag,'[zrl=')) return $replaced; $stat = false; //get the person's name - $name = substr($tag,1); - //is it a link or a full dfrn address? - if((strpos($name,'@')) || (strpos($name,'http://'))) { - $newname = $name; - //get the profile links - $links = @lrdd($name); - if(count($links)) { - //for all links, collect how is to inform and how's profile is to link - foreach($links as $link) { - if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') - $profile = $link['@attributes']['href']; - if($link['@attributes']['rel'] === 'salmon') { - if(strlen($inform)) - $inform .= ','; - $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']); - } - } + $name = substr($tag,(($exclusive) ? 2 : 1)); + $newname = $name; + $alias = ''; + $tagcid = 0; + + // is it some generated name? + + if(strrpos($newname,'+')) { + //get the id + $tagcid = intval(substr($newname,strrpos($newname,'+') + 1)); + //remove the next word from tag's name + if(strpos($name,' ')) { + $name = substr($name,0,strpos($name,' ')); } - } else { //if it is a name rather than an address - $newname = $name; - $alias = ''; - $tagcid = 0; - //is it some generated name? - if(strrpos($newname,'+')) { - //get the id - $tagcid = intval(substr($newname,strrpos($newname,'+') + 1)); - //remove the next word from tag's name - if(strpos($name,' ')) { - $name = substr($name,0,strpos($name,' ')); - } - } - if($tagcid) { //if there was an id - //select contact with that id from the logged in user's contact list + if($tagcid) { // if there was an id + // select channel with that id from the logged in user's address book $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($tagcid), intval($profile_uid) ); - } - else { - $newname = str_replace('_',' ',$name); + } + + else { + $newname = str_replace('_',' ',$name); + + //select someone from this user's contacts by name + $r = q("SELECT * FROM abook left join xchan on abook_xchan - xchan_hash + WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", + dbesc($newname), + intval($profile_uid) + ); - //select someone from this user's contacts by name + if(! $r) { + //select someone by attag or nick and the name passed in $r = q("SELECT * FROM abook left join xchan on abook_xchan - xchan_hash - WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", - dbesc($newname), + WHERE xchan_addr like ('%s') AND abook_channel = %d LIMIT 1", + dbesc($newname . '@%'), intval($profile_uid) ); + } + } - if(! $r) { - //select someone by attag or nick and the name passed in -/* $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", - dbesc($name), - dbesc($name), - intval($profile_uid) - ); -*/ } + // $r is set, if someone could be selected + + if($r) { + $profile = $r[0]['xchan_url']; + $newname = $r[0]['xchan_name']; + //add person's id to $access_tag if exclusive + if($exclusive) { + $access_tag .= 'cid:' . $r[0]['xchan_hash']; } -/* } elseif(strstr($name,'_') || strstr($name,' ')) { //no id - //get the real name - $newname = str_replace('_',' ',$name); - //select someone from this user's contacts by name - $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", - dbesc($newname), - intval($profile_uid) - ); - } else { - //select someone by attag or nick and the name passed in - $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", - dbesc($name), - dbesc($name), - intval($profile_uid) - ); - }*/ - //$r is set, if someone could be selected - if($r) { - $profile = $r[0]['xchan_url']; - $newname = $r[0]['xchan_name']; - //add person's id to $inform - if(strlen($inform)) - $inform .= ','; - $inform .= 'cid:' . $r[0]['id']; + } + else { + // check for a group/collection exclusion tag + + // note that we aren't setting $replaced even though we're replacing text. + // This tag isn't going to get a term attached to it. It's only used for + // access control. The link points to out own channel just so it doesn't look + // weird - as all the other tags are linked to something. + + if(local_user() && local_user() == $profile_uid) { + require_once('include/group.php'); + $grp = group_byname($profile_uid,$name); + if($grp) { + $g = q("select hash from groups where id = %d and visible = 1 limit 1", + intval($grp[0]['id']) + ); + if($g && $exclusive) { + $access_tag .= 'gid:' . $g[0]['hash']; + } + $channel = get_app()->get_channel(); + if($channel) { + $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $newname . '[/zrl]'; + $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); + } + } } } + //if there is an url for this persons profile if(isset($profile)) { $replaced = true; //create profile link $profile = str_replace(',','%2c',$profile); $url = $profile; - $newtag = '@[zrl=' . $profile . ']' . $newname . '[/zrl]'; - $body = str_replace('@' . $name, $newtag, $body); + $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . '[/zrl]'; + $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); //append tag to str_tags if(! stristr($str_tags,$newtag)) { if(strlen($str_tags)) @@ -1031,8 +1043,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { } } } - - return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $newname, 'url' => $url, 'contact' => $r[0]); + return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $newname, 'url' => $url, 'contact' => $r[0]); } diff --git a/mod/lockview.php b/mod/lockview.php index 7dda85623..32e7a3afb 100644 --- a/mod/lockview.php +++ b/mod/lockview.php @@ -49,7 +49,7 @@ function lockview_content(&$a) { stringify_array_elms($deny_users,true); if(count($allowed_groups)) { - $r = q("SELECT name FROM `group` WHERE hash IN ( " . implode(', ', $allowed_groups) . " )"); + $r = q("SELECT name FROM `groups` WHERE hash IN ( " . implode(', ', $allowed_groups) . " )"); if($r) foreach($r as $rr) $l[] = '<b>' . $rr['name'] . '</b>'; @@ -61,7 +61,7 @@ function lockview_content(&$a) { $l[] = $rr['xchan_name']; } if(count($deny_groups)) { - $r = q("SELECT name FROM `group` WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); + $r = q("SELECT name FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); if($r) foreach($r as $rr) $l[] = '<b><strike>' . $rr['name'] . '</strike></b>'; diff --git a/mod/mail.php b/mod/mail.php new file mode 100644 index 000000000..eb1b0ddc0 --- /dev/null +++ b/mod/mail.php @@ -0,0 +1,349 @@ +<?php + +require_once('include/acl_selectors.php'); +require_once('include/message.php'); +require_once('include/zot.php'); +require_once("include/bbcode.php"); +require_once('include/Contact.php'); + + +function mail_post(&$a) { + + if(! local_user()) + return; + + $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : ''); + $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : ''); + $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); + $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : ''); + $rstr = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : ''); + $expires = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : '0000-00-00 00:00:00'); + + // If we have a raw string for a recipient which hasn't been auto-filled, + // it means they probably aren't in our address book, hence we don't know + // if we have permission to send them private messages. + // finger them and find out before we try and send it. + + if(! $recipient) { + $channel = $a->get_channel(); + + $ret = zot_finger($rstr,$channel); + + if(! $ret['success']) { + notice( t('Unable to lookup recipient.') . EOL); + return; + } + $j = json_decode($ret['body'],true); + + logger('message_post: lookup: ' . $url . ' ' . print_r($j,true)); + + if(! ($j['success'] && $j['guid'])) { + notice( t('Unable to communicate with requested channel.')); + return; + } + + $x = import_xchan($j); + + if(! $x['success']) { + notice( t('Cannot verify requested channel.')); + return; + } + + $recipient = $x['hash']; + + $their_perms = 0; + + $global_perms = get_perms(); + + if($j['permissions']['data']) { + $permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']); + if($permissions) + $permissions = json_decode($permissions); + logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA); + } + else + $permissions = $j['permissions']; + + foreach($permissions as $k => $v) { + if($v) { + $their_perms = $their_perms | intval($global_perms[$k][1]); + } + } + + if(! ($their_perms & PERMS_W_MAIL)) { + notice( t('Selected channel has private message restrictions. Send failed.')); + return; + } + } + + if(feature_enabled(local_user(),'richtext')) { + $body = fix_mce_lf($body); + } + + if(! $recipient) { + notice('No recipient found.'); + $a->argc = 2; + $a->argv[1] = 'new'; + return; + } + + // We have a local_user, let send_message use the session channel and save a lookup + + $ret = send_message(0, $recipient, $body, $subject, $replyto, $expires); + + if(! $ret['success']) { + notice($ret['message']); + } + + goaway(z_root() . '/message'); + +} + +function mail_content(&$a) { + + $o = ''; + nav_set_selected('messages'); + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return login(); + } + + $channel = $a->get_channel(); + head_set_icon($channel['xchan_photo_s']); + + $cipher = get_pconfig(local_user(),'system','default_cipher'); + if(! $cipher) + $cipher = 'aes256'; + + $tpl = get_markup_template('mail_head.tpl'); + $header = replace_macros($tpl, array( + '$messages' => t('Messages'), + '$tab_content' => $tab_content + )); + + if((argc() == 3) && (argv(1) === 'drop')) { + if(! intval(argv(2))) + return; + $cmd = argv(1); + + $r = private_messages_drop(local_user(), argv(2)); + if($r) { + info( t('Message deleted.') . EOL ); + } + goaway($a->get_baseurl(true) . '/message' ); + } + + if((argc() == 3) && (argv(1) === 'recall')) { + if(! intval(argv(2))) + return; + $cmd = argv(1); + $r = q("update mail set mail_flags = mail_flags | %d where id = %d and channel_id = %d limit 1", + intval(MAIL_RECALLED), + intval(argv(2)), + intval(local_user()) + ); + proc_run('php','include/notifier.php','mail',intval(argv(2))); + + if($r) { + info( t('Message recalled.') . EOL ); + } + goaway($a->get_baseurl(true) . '/message' ); + + } + + if((argc() > 1) && (argv(1) === 'new')) { + + $o .= $header; + + $plaintext = false; + if(intval(get_pconfig(local_user(),'system','plaintext'))) + $plaintext = true; + if(! feature_enabled(local_user(),'richtext')) + $plaintext = true; + + $tpl = get_markup_template('msg-header.tpl'); + + $a->page['htmlhead'] .= replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(true), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$nickname' => $channel['channel_address'], + '$linkurl' => t('Please enter a link URL:'), + '$expireswhen' => t('Expires YYYY-MM-DD HH:MM') + )); + + $preselect = (isset($a->argv[2])?array($a->argv[2]):false); + + + $prename = $preurl = $preid = ''; + + if($preselect) { + $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash + where abook_channel = %d and abook_id = %d limit 1", + intval(local_user()), + intval(argv(2)) + ); + if($r) { + $prename = $r[0]['xchan_name']; + $preurl = $r[0]['xchan_url']; + $preid = $r[0]['abook_id']; + } + } + + $prefill = (($preselect) ? $prename : ''); + + if(! $prefill) { + if(array_key_exists('to',$_REQUEST)) + $prefill = $_REQUEST['to']; + } + + // the ugly select box + + $select = contact_select('messageto','message-to-select', $preselect, 4, true, false, false, 10); + + $tpl = get_markup_template('prv_message.tpl'); + $o .= replace_macros($tpl,array( + '$header' => t('Send Private Message'), + '$to' => t('To:'), + '$showinputs' => 'true', + '$prefill' => $prefill, + '$autocomp' => $autocomp, + '$preid' => $preid, + '$subject' => t('Subject:'), + '$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''), + '$text' => ((x($_REQUEST,'body')) ? htmlspecialchars($_REQUEST['body'], ENT_COMPAT, 'UTF-8') : ''), + '$readonly' => '', + '$yourmessage' => t('Your message:'), + '$select' => $select, + '$parent' => '', + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$insert' => t('Insert web link'), + '$wait' => t('Please wait'), + '$submit' => t('Submit'), + '$defexpire' => '', + '$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'), + '$expires' => t('Set expiration date'), + '$feature_encrypt' => ((feature_enabled(local_user(),'content_encrypt')) ? 'block' : 'none'), + '$encrypt' => t('Encrypt text'), + '$cipher' => $cipher, + + + )); + + return $o; + } + + + if((argc() > 1) && (intval(argv(1)))) { + + $o .= $header; + + $plaintext = true; + if( local_user() && feature_enabled(local_user(),'richtext') ) + $plaintext = false; + + $messages = private_messages_fetch_conversation(local_user(), argv(1), true); + + if(! $messages) { + info( t('Message not found.') . EOL); + return $o; + } + + if($messages[0]['to_xchan'] === $channel['channel_hash']) + $a->poi = $messages[0]['from']; + else + $a->poi = $messages[0]['to']; + +// require_once('include/Contact.php'); + +// $a->set_widget('mail_conversant',vcard_from_xchan($a->poi,$get_observer_hash,'mail')); + + + $tpl = get_markup_template('msg-header.tpl'); + + $a->page['htmlhead'] .= replace_macros($tpl, array( + '$nickname' => $channel['channel_addr'], + '$baseurl' => $a->get_baseurl(true), + '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), + '$linkurl' => t('Please enter a link URL:'), + '$expireswhen' => t('Expires YYYY-MM-DD HH:MM') + )); + + + $mails = array(); + $seen = 0; + $unknown = false; + + foreach($messages as $message) { + + $s = theme_attachments($message); + + $mails[] = array( + 'id' => $message['id'], + 'from_name' => $message['from']['xchan_name'], + 'from_url' => chanlink_hash($message['from_xchan']), + 'from_photo' => $message['from']['xchan_photo_m'], + 'to_name' => $message['to']['xchan_name'], + 'to_url' => chanlink_hash($message['to_xchan']), + 'to_photo' => $message['to']['xchan_photo_m'], + 'subject' => $message['title'], + 'body' => smilies(bbcode($message['body']) . $s), + 'delete' => t('Delete message'), + 'recall' => t('Recall message'), + 'can_recall' => (($channel['channel_hash'] == $message['from_xchan']) ? true : false), + 'is_recalled' => (($message['mail_flags'] & MAIL_RECALLED) ? t('Message has been recalled.') : ''), + 'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A'), + ); + + $seen = $message['seen']; + + } + + $recp = (($message['from_xchan'] === $channel['channel_hash']) ? 'to' : 'from'); + +// FIXME - move this HTML to template + + $select = $message[$recp]['xchan_name'] . '<input type="hidden" name="messageto" value="' . $message[$recp]['xchan_hash'] . '" />'; + $parent = '<input type="hidden" name="replyto" value="' . $message['parent_mid'] . '" />'; + + $tpl = get_markup_template('mail_display.tpl'); + $o = replace_macros($tpl, array( + '$prvmsg_header' => t('Private Conversation'), + '$thread_id' => $a->argv[1], + '$thread_subject' => $message['title'], + '$thread_seen' => $seen, + '$delete' => t('Delete conversation'), + '$canreply' => (($unknown) ? false : '1'), + '$unknown_text' => t("No secure communications available. You <strong>may</strong> be able to respond from the sender's profile page."), + '$mails' => $mails, + + // reply + '$header' => t('Send Reply'), + '$to' => t('To:'), + '$showinputs' => '', + '$subject' => t('Subject:'), + '$subjtxt' => $message['title'], + '$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ', + '$yourmessage' => t('Your message:'), + '$text' => '', + '$select' => $select, + '$parent' => $parent, + '$upload' => t('Upload photo'), + '$attach' => t('Attach file'), + '$insert' => t('Insert web link'), + '$submit' => t('Submit'), + '$wait' => t('Please wait'), + '$defexpire' => '', + '$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'), + '$expires' => t('Set expiration date'), + '$feature_encrypt' => ((feature_enabled(local_user(),'content_encrypt')) ? 'block' : 'none'), + '$encrypt' => t('Encrypt text'), + '$cipher' => $cipher, + + )); + + return $o; + } + +} diff --git a/mod/network.php b/mod/network.php index 072f718ec..7f67f62d0 100644 --- a/mod/network.php +++ b/mod/network.php @@ -69,7 +69,7 @@ function network_content(&$a, $update = 0, $load = false) { $_GET['order'] = 'post'; if($gid) { - $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1", + $r = q("SELECT * FROM `groups` WHERE id = %d AND uid = %d LIMIT 1", intval($gid), intval(local_user()) ); diff --git a/mod/photos.php b/mod/photos.php index 63806896b..85d3f50b0 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -157,23 +157,20 @@ function photos_post(&$a) { } if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) { -// FIXME + // same as above but remove single photo - if($visitor) { - $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource_id` = '%s' LIMIT 1", - intval($visitor), - intval($page_owner_uid), - dbesc($a->argv[2]) - ); - } - else { - $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' LIMIT 1", - intval(local_user()), - dbesc($a->argv[2]) - ); - } - if(count($r)) { + $ob_hash = get_observer_hash(); + if(! $ob_hash) + goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); + + $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", + dbesc($ob_hash), + intval(local_user()), + dbesc($a->argv[2]) + ); + + if($r) { q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource_id']) @@ -183,7 +180,7 @@ function photos_post(&$a) { intval($page_owner_uid) ); if(count($i)) { - q("UPDATE `item` SET item_restrict = (item_restrict & %d), `edited` = '%s', `changed` = '%s' WHERE `parent_mid` = '%s' AND `uid` = %d", + q("UPDATE `item` SET item_restrict = (item_restrict | %d), `edited` = '%s', `changed` = '%s' WHERE `parent_mid` = '%s' AND `uid` = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -200,7 +197,6 @@ function photos_post(&$a) { } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - return; // NOTREACHED } if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) { @@ -285,7 +281,7 @@ function photos_post(&$a) { ); if(count($p)) { $ext = $phototypes[$p[0]['type']]; - $r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", + $r = q("UPDATE `photo` SET `description` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($albname), dbesc($str_contact_allow), @@ -303,7 +299,7 @@ function photos_post(&$a) { /* Don't make the item visible if the only change was the album name */ $visibility = 0; - if($p[0]['desc'] !== $desc || strlen($rawtags)) + if($p[0]['description'] !== $desc || strlen($rawtags)) $visibility = 1; if(! $item_id) { @@ -511,7 +507,7 @@ function photos_post(&$a) { $arr['object'] .= xmlify('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n"); $arr['object'] .= '</link></object>' . "\n"; - $arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['desc'] . '</title><id>' + $arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['description'] . '</title><id>' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '</id>'; $arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource_id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource_id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>'; @@ -755,7 +751,7 @@ function photos_content(&$a) { else $order = 'DESC'; - $r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' + $r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s' AND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) $sql_extra GROUP BY `resource_id` ORDER BY `created` $order LIMIT %d , %d", intval($owner_uid), dbesc($album), @@ -821,25 +817,24 @@ function photos_content(&$a) { $ext = $phototypes[$rr['type']]; - if($a->get_template_engine() === 'internal') { - $imgalt_e = template_escape($rr['filename']); - $desc_e = template_escape($rr['desc']); - } - else { - $imgalt_e = $rr['filename']; - $desc_e = $rr['desc']; - } + $imgalt_e = $rr['filename']; + $desc_e = $rr['description']; + +// prettyphoto has potential license issues, so we can no longer include it in core +// The following lines would need to be modified so that they are provided in theme specific files +// instead of core modules for themes that wish to make use of prettyphoto. I would suggest +// the feature as a per-theme display option and putting the rel line inside a template. - if(feature_enabled($a->data['channel']['channel_id'],'prettyphoto')){ - $imagelink = ($a->get_baseurl() . '/photo/' . $rr['resource_id'] . '.' . $ext ); - $rel=("prettyPhoto[pp_gal]"); - } - else { +// if(feature_enabled($a->data['channel']['channel_id'],'prettyphoto')){ +// $imagelink = ($a->get_baseurl() . '/photo/' . $rr['resource_id'] . '.' . $ext ); +// $rel=("prettyPhoto[pp_gal]"); +// } +// else { $imagelink = ($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '')); $rel=("photo"); - } +// } $o .= replace_macros($tpl,array( '$id' => $rr['id'], @@ -868,7 +863,7 @@ function photos_content(&$a) { // fetch image, item containing image, then comments - $ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`desc`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' + $ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' and (photo_flags = %d or photo_flags = %d ) $sql_extra ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum), @@ -1024,7 +1019,7 @@ function photos_content(&$a) { if($can_post) { $album_e = $ph[0]['album']; - $caption_e = $ph[0]['desc']; + $caption_e = $ph[0]['description']; $aclselect_e = populate_acl($ph[0]); $edit = array( @@ -1194,7 +1189,7 @@ function photos_content(&$a) { '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, - '$desc' => $ph[0]['desc'], + '$desc' => $ph[0]['description'], '$tags' => $tags_e, '$edit' => $edit, '$likebuttons' => $likebuttons, diff --git a/mod/post.php b/mod/post.php index 7f495140e..965ba09a3 100644 --- a/mod/post.php +++ b/mod/post.php @@ -69,6 +69,7 @@ function post_init(&$a) { * "success":1, * "confirm":"q0Ysovd1u..." * "service_class":(optional) + * "level":(optional) * } * * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the @@ -150,6 +151,7 @@ function post_init(&$a) { $remote = remote_user(); $result = null; $remote_service_class = ''; + $remote_level = 0; $remote_hub = $x[0]['hubloc_url']; // Also check that they are coming from the same site as they authenticated with originally. @@ -210,6 +212,8 @@ function post_init(&$a) { } if(array_key_exists('service_class',$j)) $remote_service_class = $j['service_class']; + if(array_key_exists('level',$j)) + $remote_level = $j['level']; } // everything is good... maybe if(local_user()) { @@ -241,6 +245,7 @@ function post_init(&$a) { $_SESSION['visitor_id'] = $x[0]['xchan_hash']; $_SESSION['my_address'] = $address; $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_level'] = $remote_level; $_SESSION['remote_hub'] = $remote_hub; $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); diff --git a/mod/profiles.php b/mod/profiles.php index 4625a8805..b94e4bf03 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -610,6 +610,8 @@ function profiles_content(&$a) { $tpl_header = get_markup_template('profile_listing_header.tpl'); $o .= replace_macros($tpl_header,array( '$header' => t('Edit/Manage Profiles'), + '$addstuff' => t('Add profile things'), + '$stuff_desc' => t('Include desirable objects in your profile'), '$chg_photo' => t('Change profile photo'), '$cr_new' => t('Create New Profile'), '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new") diff --git a/mod/register.php b/mod/register.php index 2040732ff..990cce2ed 100644 --- a/mod/register.php +++ b/mod/register.php @@ -135,10 +135,17 @@ function register_post(&$a) { function register_content(&$a) { + $registration_is = ''; + $other_sites = ''; if(get_config('system','register_policy') == REGISTER_CLOSED) { - notice("Permission denied." . EOL); - return; + require_once('mod/pubsites.php'); + return pubsites_content($a); + } + + if(get_config('system','register_policy') == REGISTER_APPROVE) { + $registration_is = t('Registration on this site/hub is by approval only.'); + $other_sites = t('<a href="pubsites">Register at another affiliated site/hub</a>'); } $max_dailies = intval(get_config('system','max_daily_registrations')); @@ -175,10 +182,14 @@ function register_content(&$a) { $invite_code = ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "" ); + + $o = replace_macros(get_markup_template('register.tpl'), array( '$title' => t('Registration'), + '$reg_is' => $registration_is, '$registertext' => get_config('system','register_text'), + '$other_sites' => $other_sites, '$invitations' => get_config('system','invitation_only'), '$invite_desc' => t('Membership on this site is by invitation only.'), '$label_invite' => t('Please enter your invitation code'), diff --git a/mod/sslify.php b/mod/sslify.php new file mode 100644 index 000000000..ed06d87c1 --- /dev/null +++ b/mod/sslify.php @@ -0,0 +1,24 @@ +<?php + +function sslify_init(&$a) { + $x = z_fetch_url($_REQUEST['url']); + if($x['success']) { + $h = explode("\n",$x['headers']); + foreach ($h as $l) { + list($k,$v) = array_map("trim", explode(":", trim($l), 2)); + $hdrs[$k] = $v; + } + if (array_key_exists('Content-Type', $hdrs)) + $type = $hdrs['Content-Type']; + + header('Content-Type: ' . $type); + echo $x['body']; + killme(); + } + killme(); + // for some reason when this fallback is in place - it gets triggered + // often, (creating mixed content exceptions) even though there is + // nothing obvious missing on the page when we bypass it. + goaway($_REQUEST['url']); +} + diff --git a/mod/thing.php b/mod/thing.php index 91bdca78a..d3b47ebb9 100644 --- a/mod/thing.php +++ b/mod/thing.php @@ -1,6 +1,7 @@ <?php /** @file */ require_once('include/items.php'); +require_once('include/contact_selectors.php'); function thing_init(&$a) { @@ -11,12 +12,13 @@ function thing_init(&$a) { $account_id = $a->get_account(); $channel = $a->get_channel(); + $term_hash = (($_REQUEST['term_hash']) ? $_REQUEST['term_hash'] : ''); $name = escape_tags($_REQUEST['term']); $verb = escape_tags($_REQUEST['verb']); $profile_guid = escape_tags($_REQUEST['profile']); $url = $_REQUEST['link']; - $photo = $_REQUEST['photo']; + $photo = $_REQUEST['img']; $hash = random_string(); @@ -59,6 +61,40 @@ function thing_init(&$a) { if((! $name) || (! $translated_verb)) return; + + + + + if($term_hash) { + $t = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc($term_hash) + ); + if(! $t) { + notice( t('Item not found.') . EOL); + return; + } + $orig_record = $t[0]; + if($photo != $orig_record['imgurl']) { + $arr = import_profile_photo($photo,get_observer_hash(),true); + $local_photo = $arr[0]; + $local_photo_type = $arr[3]; + } + else + $local_photo = $orig_record['imgurl']; + + $r = q("update term set term = '%s', url = '%s', imgurl = '%s' where term_hash = '%s' and uid = %d limit 1", + dbesc($name), + dbesc(($url) ? $url : z_root() . '/thing/' . $term_hash), + dbesc($local_photo), + dbesc($term_hash), + intval(local_user()) + ); + + info( t('Thing updated') . EOL); + return; + } + $sql = (($profile_guid) ? " and profile_guid = '" . dbesc($profile_guid) . "' " : " and is_default = 1 "); $p = q("select profile_guid, is_default from profile where uid = %d $sql limit 1", intval(local_user()) @@ -68,6 +104,14 @@ function thing_init(&$a) { else return; + $local_photo = null; + + if($photo) { + $arr = import_profile_photo($photo,get_observer_hash(),true); + $local_photo = $arr[0]; + $local_photo_type = $arr[3]; + } + $r = q("select * from term where uid = %d and otype = %d and type = %d and term = '%s' limit 1", intval(local_user()), @@ -85,7 +129,7 @@ function thing_init(&$a) { intval(TERM_THING), dbesc($name), dbesc(($url) ? $url : z_root() . '/thing/' . $hash), - dbesc(($photo) ? $photo : ''), + dbesc(($photo) ? $local_photo : ''), dbesc($hash) ); $r = q("select * from term where uid = %d and otype = %d and type = %d and term = '%s' limit 1", @@ -110,11 +154,13 @@ function thing_init(&$a) { return; } - info( t('thing/stuff added')); + info( t('Thing added')); $arr = array(); - $links = array(array('rel' => 'alternate','type' => 'text/html', - 'href' => $term['url'])); + $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $term['url'])); + if($local_photo) + $links[] = array('rel' => 'photo', 'type' => $local_photo_type, 'href' => $local_photo); + $objtype = ACTIVITY_OBJ_THING; @@ -139,6 +185,9 @@ function thing_init(&$a) { $arr['body'] = sprintf( $bodyverb, $ulink, $translated_verb, $plink ); + if($local_photo) + $arr['body'] .= "\n\n[zmg]" . $local_photo . "[/zmg]"; + $arr['verb'] = $verb; $arr['obj_type'] = $objtype; $arr['object'] = $obj; @@ -161,32 +210,111 @@ function thing_init(&$a) { $ret = post_activity_item($arr); - if($ret['success']) - proc_run('php','include/notifier.php','tag',$ret['activity']['id']); } function thing_content(&$a) { - /* placeholders */ + if(argc() == 2) { + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc(argv(1)) + ); + + if($r) { + return replace_macros(get_markup_template('show_thing.tpl'), array( + '$header' => t('Show Thing'), + '$edit' => t('Edit'), + '$delete' => t('Delete'), + '$canedit' => ((local_user() && local_user() == $r[0]['obj_channel']) ? true : false), + '$thing' => $r[0] )); + } + else { + notice( t('item not found.') . EOL); + return; + } + } + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return; + } + + $thing_hash = ''; + + if(argc() == 3 && argv(1) === 'edit') { + $thing_hash = argv(2); + + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc($thing_hash) + ); + + if((! $r) || ($r[0]['obj_channel'] != local_user())) { + notice( t('Permission denied.') . EOL); + return ''; + } + - if(argc() > 1) { - return t('not yet implemented.'); + $o .= replace_macros(get_markup_template('thing_edit.tpl'),array( + '$thing_hdr' => t('Edit Thing'), + '$multiprof' => feature_enabled(local_user(),'multi_profiles'), + '$profile_lbl' => t('Select a profile'), + '$profile_select' => contact_profile_assign($r[0]['obj_page']), + '$verb_lbl' => t('Select a category of stuff. e.g. I ______ something'), + '$verb_select' => obj_verb_selector($r[0]['obj_verb']), + '$thing_hash' => $thing_hash, + '$thing_lbl' => t('Name of thing e.g. something'), + '$thething' => $r[0]['term'], + '$url_lbl' => t('URL of thing (optional)'), + '$theurl' => $r[0]['url'], + '$img_lbl' => t('URL for photo of thing (optional)'), + '$imgurl' => $r[0]['imgurl'], + '$submit' => t('Submit') + )); + + return $o; } - require_once('include/contact_selectors.php'); + if(argc() == 3 && argv(1) === 'drop') { + $thing_hash = argv(2); + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_type = %d and term_hash = '%s' limit 1", + intval(TERM_OBJ_THING), + dbesc($thing_hash) + ); + + if((! $r) || ($r[0]['obj_channel'] != local_user())) { + notice( t('Permission denied.') . EOL); + return ''; + } + + + $x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d limit 1", + dbesc($thing_hash), + intval(TERM_OBJ_THING), + intval(local_user()) + ); + $x = q("delete from term where term_hash = '%s' and uid = %d limit 1", + dbesc($thing_hash), + intval(local_user()) + ); + return $o; + } $o .= replace_macros(get_markup_template('thing_input.tpl'),array( - '$thing_hdr' => t('Add Stuff to your Profile'), + '$thing_hdr' => t('Add Thing to your Profile'), '$multiprof' => feature_enabled(local_user(),'multi_profiles'), '$profile_lbl' => t('Select a profile'), '$profile_select' => contact_profile_assign(''), '$verb_lbl' => t('Select a category of stuff. e.g. I ______ something'), '$verb_select' => obj_verb_selector(), - '$thing_lbl' => t('Name of thing or stuff e.g. something'), - '$url_lbl' => t('URL of thing or stuff (optional)'), - '$img_lbl' => t('URL for photo of thing or stuff (optional)'), + '$thing_lbl' => t('Name of thing e.g. something'), + '$url_lbl' => t('URL of thing (optional)'), + '$img_lbl' => t('URL for photo of thing (optional)'), '$submit' => t('Submit') )); diff --git a/mod/xref.php b/mod/xref.php new file mode 100644 index 000000000..95cc22aa7 --- /dev/null +++ b/mod/xref.php @@ -0,0 +1,20 @@ +<?php + +function xref_init(&$a) { + // Sets a referral URL using an xchan directly + // Link format: example.com/xref/[xchan]/[TargetURL] + // Target URL is optional. + // Cookie lasts 24 hours to survive a browser restart. Contains no personal + // information at all - just somebody else's xchan. + $referrer = argv(1); + $expire=time()+60*60*2; + $path = 'xref'; + setcookie($path, $referrer, $expire, "/"); + $url = ''; + + if (argc() > 2) + $url = argv(2); + + goaway (z_root() . '/' . $url); + +} diff --git a/mod/zfinger.php b/mod/zfinger.php index aad8e224d..94671271b 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -126,12 +126,16 @@ function zfinger_init(&$a) { $profile['region'] = $p[0]['region']; $profile['postcode'] = $p[0]['postal_code']; $profile['country'] = $p[0]['country_name']; + $profile['about'] = $p[0]['about']; + $profile['homepage'] = $p[0]['homepage']; + $profile['hometown'] = $p[0]['hometown']; + if($p[0]['keywords']) { $tags = array(); $k = explode(' ',$p[0]['keywords']); if($k) { foreach($k as $kk) { - if(trim($kk)) { + if(trim($kk," \t\n\r\0\x0B,")) { $tags[] = trim($kk," \t\n\r\0\x0B,"); } } |