aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/admin.php33
-rw-r--r--mod/attach.php45
-rw-r--r--mod/contacts.php10
-rw-r--r--mod/dfrn_confirm.php2
-rw-r--r--mod/dfrn_notify.php25
-rw-r--r--mod/display.php37
-rw-r--r--mod/events.php9
-rw-r--r--mod/friendika.php2
-rw-r--r--mod/fsuggest.php111
-rw-r--r--mod/group.php16
-rw-r--r--mod/item.php29
-rw-r--r--mod/lostpass.php8
-rw-r--r--mod/match.php9
-rw-r--r--mod/msearch.php5
-rw-r--r--mod/network.php49
-rw-r--r--mod/notifications.php75
-rw-r--r--mod/photo.php36
-rw-r--r--mod/photos.php72
-rw-r--r--mod/ping.php10
-rw-r--r--mod/profile.php43
-rw-r--r--mod/profperm.php17
-rw-r--r--mod/register.php3
-rw-r--r--mod/regmod.php3
-rw-r--r--mod/salmon.php15
-rw-r--r--mod/search.php31
-rw-r--r--mod/starred.php35
-rw-r--r--mod/webfinger.php4
-rw-r--r--mod/xrd.php2
28 files changed, 413 insertions, 323 deletions
diff --git a/mod/admin.php b/mod/admin.php
index 920adf05d..8f0b2c93d 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -327,11 +327,8 @@ function admin_page_site(&$a) {
* Users admin page
*/
function admin_page_users_post(&$a){
- $users=array(); $pending=array();
- foreach($_POST as $k=>$v){
- if (substr($k,0,5)=="user_") $users[] = substr($k,5,strlen($k)-5);
- if (substr($k,0,8)=="pending_") $users[] = substr($k,8,strlen($k)-8);
- }
+ $pending = ( x(£_POST, 'pending') ? $_POST['pending'] : Array() );
+ $users = ( x($_POST, 'user') ? $_POST['user'] : Array() );
if (x($_POST,'page_users_block')){
foreach($users as $uid){
@@ -350,13 +347,13 @@ function admin_page_users_post(&$a){
}
if (x($_POST,'page_users_approve')){
- require_once("include/regmod.php");
+ require_once("mod/regmod.php");
foreach($pending as $hash){
user_allow($hash);
}
}
if (x($_POST,'page_users_deny')){
- require_once("include/regmod.php");
+ require_once("mod/regmod.php");
foreach($pending as $hash){
user_deny($hash);
}
@@ -409,22 +406,22 @@ function admin_page_users(&$a){
$a->set_pager_itemspage(100);
}
- $users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro` , `lastitem`.`lastitem_date`
- FROM (
- SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid`
+ $users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro`, `lastitem`.`lastitem_date`
+ FROM
+ (SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid`
FROM `item`
WHERE `item`.`type` = 'wall'
- GROUP BY `item`.`uid`
- ) AS `lastitem` , `user`
- LEFT JOIN `contact` ON `user`.`uid` = `contact`.`uid`
- WHERE `user`.`verified` =1
- AND `contact`.`self` =1
- AND `lastitem`.`uid` = `user`.`uid`
+ GROUP BY `item`.`uid`) AS `lastitem`
+ RIGHT OUTER JOIN `user` ON `user`.`uid` = `lastitem`.`uid`,
+ `contact`
+ WHERE
+ `user`.`uid` = `contact`.`uid`
+ AND `user`.`verified` =1
+ AND `contact`.`self` =1
ORDER BY `contact`.`name` LIMIT %d, %d
",
intval($a->pager['start']),
intval($a->pager['itemspage'])
-
);
function _setup_users($e){
@@ -459,7 +456,7 @@ function admin_page_users(&$a){
'$unblock' => t('Unblock'),
'$h_users' => t('Users'),
- '$th_users' => array( t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Account') ),
+ '$th_users' => array( t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Account') ),
'$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
'$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
diff --git a/mod/attach.php b/mod/attach.php
index 3953d3aa1..ae6540201 100644
--- a/mod/attach.php
+++ b/mod/attach.php
@@ -1,5 +1,7 @@
<?php
+require_once('include/security.php');
+
function attach_init(&$a) {
if($a->argc != 2) {
@@ -9,6 +11,8 @@ function attach_init(&$a) {
$item_id = intval($a->argv[1]);
+ // Check for existence, which will also provide us the owner uid
+
$r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1",
intval($item_id)
);
@@ -17,39 +21,7 @@ function attach_init(&$a) {
return;
}
- $owner = $r[0]['uid'];
-
- $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
- if(local_user() && ($owner == $_SESSION['uid'])) {
-
- // Owner can always see his/her photos
- $sql_extra = '';
-
- }
- elseif(remote_user()) {
-
- // authenticated visitor - here lie dragons
-
- $groups = init_groups_visitor($_SESSION['visitor_id']);
- $gs = '<<>>'; // should be impossible to match
- if(count($groups)) {
- foreach($groups as $g)
- $gs .= '|<' . intval($g) . '>';
- }
-
- $sql_extra = sprintf(
- " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
- AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
- AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
- AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
-
- intval($_SESSION['visitor_id']),
- intval($_SESSION['visitor_id']),
- dbesc($gs),
- dbesc($gs)
- );
- }
+ $sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
@@ -57,17 +29,14 @@ function attach_init(&$a) {
dbesc($item_id)
);
- if(count($r)) {
- $data = $r[0]['data'];
- }
- else {
+ if(! count($r)) {
notice( t('Permission denied.') . EOL);
return;
}
header('Content-type: ' . $r[0]['filetype']);
header('Content-disposition: attachment; filename=' . $r[0]['filename']);
- echo $data;
+ echo $r[0]['data'];
killme();
// NOTREACHED
} \ No newline at end of file
diff --git a/mod/contacts.php b/mod/contacts.php
index e7a800500..7a97b53d2 100644
--- a/mod/contacts.php
+++ b/mod/contacts.php
@@ -11,8 +11,9 @@ function contacts_init(&$a) {
if($a->config['register_policy'] != REGISTER_CLOSED)
$a->page['aside'] .= '<div class="side-link" id="side-invite-link" ><a href="invite" >' . t("Invite Friends") . '</a></div>';
- if(strlen(get_config('system','directory_submit_url')))
- $a->page['aside'] .= '<div class="side-link" id="side-match-link"><a href="match" >' . t('Find People With Shared Interests') . '</a></div>';
+
+ $a->page['aside'] .= '<div class="side-link" id="side-match-link"><a href="match" >'
+ . t('Find People With Shared Interests') . '</a></div>';
$tpl = get_markup_template('follow.tpl');
$a->page['aside'] .= replace_macros($tpl,array(
@@ -268,6 +269,10 @@ function contacts_content(&$a) {
if($r[0]['last-update'] !== '0000-00-00 00:00:00')
$last_update .= ' ' . (($r[0]['last-update'] == $r[0]['success_update']) ? t("\x28Update was successful\x29") : t("\x28Update was not successful\x29"));
+ $lblsuggest = (($r[0]['network'] === NETWORK_DFRN)
+ ? '<div id="contact-suggest-wrapper"><a href="fsuggest/' . $r[0]['id'] . '" id="contact-suggest">' . t('Suggest friends') . '</a></div>' : '');
+
+
$o .= replace_macros($tpl,array(
'$header' => t('Contact Editor'),
'$submit' => t('Submit'),
@@ -284,6 +289,7 @@ function contacts_content(&$a) {
'$altcrepair' => t('Repair contact URL settings'),
'$lblcrepair' => t("Repair contact URL settings \x28WARNING: Advanced\x29"),
'$lblrecent' => t('View conversations'),
+ '$lblsuggest' => $lblsuggest,
'$grps' => $grps,
'$delete' => t('Delete contact'),
'$poll_interval' => contact_poll_interval($r[0]['priority']),
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 7c11b78d5..e2094b1f3 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -507,7 +507,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$local_uid = $r[0]['uid'];
- if(! strstr($my_prvkey,'BEGIN RSA PRIVATE KEY')) {
+ if(! strstr($my_prvkey,'PRIVATE KEY')) {
$message = t('Our site encryption key is apparently messed up.');
xml_status(3,$message);
}
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index f6d1f2be5..64b5ec479 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -1,6 +1,6 @@
<?php
-require_once('simplepie/simplepie.inc');
+require_once('library/simplepie/simplepie.inc');
require_once('include/items.php');
require_once('include/event.php');
@@ -165,13 +165,14 @@ function dfrn_notify_post(&$a) {
$fsugg['name'] = notags(unxmlify($base['name'][0]['data']));
$fsugg['photo'] = notags(unxmlify($base['photo'][0]['data']));
$fsugg['url'] = notags(unxmlify($base['url'][0]['data']));
+ $fsugg['request'] = notags(unxmlify($base['request'][0]['data']));
$fsugg['body'] = escape_tags(unxmlify($base['note'][0]['data']));
// Does our member already have a friend matching this description?
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `url` = '%s' AND `uid` = %d LIMIT 1",
dbesc($fsugg['name']),
- dbesc($fsuff['url']),
+ dbesc($fsugg['url']),
intval($fsugg['uid'])
);
if(count($r))
@@ -180,24 +181,25 @@ function dfrn_notify_post(&$a) {
// Do we already have an fcontact record for this person?
$fid = 0;
- $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `photo` = '%s' LIMIT 1",
+ $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1",
dbesc($fsugg['url']),
- dbesc($fsuff['name']),
- dbesc($fsugg['photo'])
+ dbesc($fsugg['name']),
+ dbesc($fsugg['request'])
);
if(count($r)) {
$fid = $r[0]['id'];
}
if(! $fid)
- $r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo` ) VALUES ( '%s', '%s', '%s' ) ",
- dbesc($fsuff['name']),
+ $r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ",
+ dbesc($fsugg['name']),
dbesc($fsugg['url']),
- dbesc($fsugg['photo'])
+ dbesc($fsugg['photo']),
+ dbesc($fsugg['request'])
);
- $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `photo` = '%s' LIMIT 1",
+ $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1",
dbesc($fsugg['url']),
- dbesc($fsuff['name']),
- dbesc($fsugg['photo'])
+ dbesc($fsugg['name']),
+ dbesc($fsugg['request'])
);
if(count($r)) {
$fid = $r[0]['id'];
@@ -676,6 +678,7 @@ function dfrn_notify_post(&$a) {
$ev['cid'] = $importer['id'];
$ev['uid'] = $importer['uid'];
$ev['uri'] = $item_id;
+ $ev['edited'] = $datarray['edited'];
$r = q("SELECT * FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($item_id),
diff --git a/mod/display.php b/mod/display.php
index fdb93e480..305a21825 100644
--- a/mod/display.php
+++ b/mod/display.php
@@ -59,42 +59,7 @@ function display_content(&$a) {
if(count($r))
$a->page_contact = $r[0];
- $sql_extra = "
- AND `allow_cid` = ''
- AND `allow_gid` = ''
- AND `deny_cid` = ''
- AND `deny_gid` = ''
- ";
-
-
- // Profile owner - everything is visible
-
- if(local_user() && (local_user() == $a->profile['uid'])) {
- $sql_extra = '';
- }
-
- // authenticated visitor - here lie dragons
- // If $remotecontact is true, we know that not only is this a remotely authenticated
- // person, but that it is *our* contact, which is important in multi-user mode.
-
- elseif($remote_contact) {
- $gs = '<<>>'; // should be impossible to match
- if(count($groups)) {
- foreach($groups as $g)
- $gs .= '|<' . intval($g) . '>';
- }
- $sql_extra = sprintf(
- " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
- AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
- AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
- AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
-
- intval($_SESSION['visitor_id']),
- intval($_SESSION['visitor_id']),
- dbesc($gs),
- dbesc($gs)
- );
- }
+ $sql_extra = permissions_sql($a->profile['uid'],$remote_contact,$groups);
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
diff --git a/mod/events.php b/mod/events.php
index 642da3cb7..b0b54601f 100644
--- a/mod/events.php
+++ b/mod/events.php
@@ -183,7 +183,8 @@ function events_content(&$a) {
$adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish);
- $r = q("SELECT `event`.*, `item`.`id` AS `itemid`,`item`.`plink` FROM `event` LEFT JOIN `item` ON `item`.`event-id` = `event`.`id`
+ $r = q("SELECT `event`.*, `item`.`id` AS `itemid`,`item`.`plink`,
+ `item`.`author-name`, `item`.`author-avatar`, `item`.`author-link` FROM `event` LEFT JOIN `item` ON `item`.`event-id` = `event`.`id`
WHERE `event`.`uid` = %d
AND (( `adjust` = 0 AND `start` >= '%s' AND `start` <= '%s' )
OR ( `adjust` = 1 AND `start` >= '%s' AND `start` <= '%s' )) ",
@@ -218,10 +219,6 @@ function events_content(&$a) {
-
-
-
-
$last_date = '';
$fmt = t('l, F j');
@@ -235,7 +232,7 @@ function events_content(&$a) {
$o .= '<hr /><a name="link-' . $j . '" ><div class="event-list-date">' . $d . '</div></a>';
$last_date = $d;
$o .= format_event_html($rr);
- $o .= '<a href="' . $a->get_baseurl() . '/events/event/' . $rr['id'] . '" title="' . t('Edit event') . '" class="edit-event-link icon pencil"></a>';
+ $o .= ((! $rr['cid']) ? '<a href="' . $a->get_baseurl() . '/events/event/' . $rr['id'] . '" title="' . t('Edit event') . '" class="edit-event-link icon pencil"></a>' : '');
if($rr['plink'])
$o .= '<a href="' . $rr['plink'] . '" title="' . t('link to source') . '" target="external-link" class="plink-event-link icon remote-link"></a></div>';
diff --git a/mod/friendika.php b/mod/friendika.php
index 7762bfbb5..8c034c4ac 100644
--- a/mod/friendika.php
+++ b/mod/friendika.php
@@ -21,7 +21,7 @@ function friendika_init(&$a) {
'register_policy' => $register_policy[$a->config['register_policy']],
'admin' => $admin,
'site_name' => $a->config['sitename'],
-
+ 'info' => ((x($a->config,'info')) ? $a->config['info'] : '')
);
echo json_encode($data);
diff --git a/mod/fsuggest.php b/mod/fsuggest.php
new file mode 100644
index 000000000..9ef8f4c55
--- /dev/null
+++ b/mod/fsuggest.php
@@ -0,0 +1,111 @@
+<?php
+
+
+function fsuggest_post(&$a) {
+
+ if(! local_user()) {
+ return;
+ }
+
+ if($a->argc != 2)
+ return;
+
+ $contact_id = intval($a->argv[1]);
+
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($contact_id),
+ intval(local_user())
+ );
+ if(! count($r)) {
+ notice( t('Contact not found.') . EOL);
+ return;
+ }
+ $contact = $r[0];
+
+ $new_contact = intval($_POST['suggest']);
+
+ $hash = random_string();
+
+ $note = escape_tags(trim($_POST['note']));
+
+ if($new_contact) {
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($new_contact),
+ intval(local_user())
+ );
+ if(count($r)) {
+
+ $x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`)
+ VALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')",
+ intval(local_user()),
+ intval($contact_id),
+ dbesc($r[0]['name']),
+ dbesc($r[0]['url']),
+ dbesc($r[0]['request']),
+ dbesc($r[0]['photo']),
+ dbesc($hash),
+ dbesc(datetime_convert())
+ );
+ $r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1",
+ dbesc($hash),
+ intval(local_user())
+ );
+ if(count($r)) {
+ $fsuggest_id = $r[0]['id'];
+ q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ dbesc($note),
+ intval($fsuggest_id),
+ intval(local_user())
+ );
+ proc_run('php', 'include/notifier.php', 'suggest' , $fsuggest_id);
+ }
+
+ info( t('Friend suggestion sent.') . EOL);
+ }
+
+ }
+
+
+}
+
+
+
+function fsuggest_content(&$a) {
+
+ require_once('include/acl_selectors.php');
+
+ if(! local_user()) {
+ notice( t('Permission denied.') . EOL);
+ return;
+ }
+
+ if($a->argc != 2)
+ return;
+
+ $contact_id = intval($a->argv[1]);
+
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($contact_id),
+ intval(local_user())
+ );
+ if(! count($r)) {
+ notice( t('Contact not found.') . EOL);
+ return;
+ }
+ $contact = $r[0];
+
+ $o = '<h3>' . t('Suggest Friends') . '</h3>';
+
+ $o .= '<div id="fsuggest-desc" >' . sprintf( t('Suggest a friend for %s'), $contact['name']) . '</div>';
+
+ $o .= '<form id="fsuggest-form" action="fsuggest/' . $contact_id . '" method="post" >';
+
+ $o .= contact_selector('suggest','suggest-select', false,
+ array('size' => 4, 'exclude' => $contact_id, 'networks' => 'DFRN_ONLY', 'single' => true));
+
+
+ $o .= '<div id="fsuggest-submit-wrapper"><input id="fsuggest-submit" type="submit" name="submit" value="' . t('Submit') . '" /></div>';
+ $o .= '</form>';
+
+ return $o;
+} \ No newline at end of file
diff --git a/mod/group.php b/mod/group.php
index 2d7ea8c11..981796f67 100644
--- a/mod/group.php
+++ b/mod/group.php
@@ -7,7 +7,7 @@ function validate_members(&$item) {
function group_init(&$a) {
if(local_user()) {
require_once('include/group.php');
- $a->page['aside'] = group_side();
+ $a->page['aside'] = group_side('contacts','group',false,(($a->argc > 1) ? intval($a->argv[1]) : 0));
}
}
@@ -68,6 +68,14 @@ function group_content(&$a) {
return;
}
+ // Switch to text mod interface if we have more than 'n' contacts or group members
+
+ $switchtotext = get_pconfig(local_user(),'system','groupedit_image_limit');
+ if($switchtotext === false)
+ $switchtotext = get_config('system','groupedit_image_limit');
+ if($switchtotext === false)
+ $switchtotext = 400;
+
if(($a->argc == 2) && ($a->argv[1] === 'new')) {
$tpl = get_markup_template('group_new.tpl');
$o .= replace_macros($tpl,array(
@@ -170,10 +178,11 @@ function group_content(&$a) {
$o .= '<div id="group-members">';
$o .= '<h3>' . t('Members') . '</h3>';
+ $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
foreach($members as $member) {
if($member['url']) {
$member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;';
- $o .= micropro($member,true,'mpgroup');
+ $o .= micropro($member,true,'mpgroup', $textmode);
}
else
group_rmv_member(local_user(),$group['name'],$member['id']);
@@ -189,10 +198,11 @@ function group_content(&$a) {
);
if(count($r)) {
+ $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
foreach($r as $member) {
if(! in_array($member['id'],$preselected)) {
$member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;';
- $o .= micropro($member,true,'mpall');
+ $o .= micropro($member,true,'mpall', $textmode);
}
}
}
diff --git a/mod/item.php b/mod/item.php
index 84fe237b3..8a4f8293c 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -61,7 +61,7 @@ function item_post(&$a) {
$profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0);
$post_id = ((x($_POST['post_id'])) ? intval($_POST['post_id']) : 0);
- $app = ((x($_POST['source'])) ? notags($_POST['source']) : '');
+ $app = ((x($_POST['source'])) ? strip_tags($_POST['source']) : '');
if(! can_write_wall($a,$profile_uid)) {
notice( t('Permission denied.') . EOL) ;
@@ -244,6 +244,10 @@ function item_post(&$a) {
}
+ /**
+ * Next link in any attachment references we find in the post.
+ */
+
$match = false;
if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) {
@@ -265,10 +269,6 @@ function item_post(&$a) {
}
}
-
-
-
-
/**
* Fold multi-line [code] sequences
*/
@@ -285,13 +285,21 @@ function item_post(&$a) {
$tags = get_tags($body);
- if(($parent_contact) && ($parent_contact['network'] === 'stat') && ($parent_contact['nick']) && (! in_array('@' . $parent_contact['nick'],$tags))) {
+ /**
+ * add a statusnet style reply tag if the original post was from there
+ * and we are replying, and there isn't one already
+ */
+
+ if(($parent_contact) && ($parent_contact['network'] === 'stat')
+ && ($parent_contact['nick']) && (! in_array('@' . $parent_contact['nick'],$tags))) {
$body = '@' . $parent_contact['nick'] . ' ' . $body;
$tags[] = '@' . $parent_contact['nick'];
}
if(count($tags)) {
foreach($tags as $tag) {
+ if(isset($profile))
+ unset($profile);
if(strpos($tag,'#') === 0) {
if(strpos($tag,'[url='))
continue;
@@ -325,7 +333,7 @@ function item_post(&$a) {
else {
$newname = $name;
$alias = '';
- if(strstr($name,'_')) {
+ if(strstr($name,'_') || strstr($name,' ')) {
$newname = str_replace('_',' ',$name);
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
@@ -419,6 +427,7 @@ function item_post(&$a) {
$datarray['author-avatar'] = $author['thumb'];
$datarray['created'] = datetime_convert();
$datarray['edited'] = datetime_convert();
+ $datarray['received'] = datetime_convert();
$datarray['changed'] = datetime_convert();
$datarray['uri'] = $uri;
$datarray['title'] = $title;
@@ -445,6 +454,7 @@ function item_post(&$a) {
$datarray['parent'] = $parent;
$datarray['self'] = $self;
+ $datarray['prvnets'] = $user['prvnets'];
if($orig_post)
$datarray['edit'] = true;
@@ -472,9 +482,9 @@ function item_post(&$a) {
$r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`,
- `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `app`, `location`, `coord`,
+ `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `received`, `changed`, `uri`, `title`, `body`, `app`, `location`, `coord`,
`tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach` )
- VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )",
+ VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )",
intval($datarray['uid']),
dbesc($datarray['type']),
intval($datarray['wall']),
@@ -488,6 +498,7 @@ function item_post(&$a) {
dbesc($datarray['author-avatar']),
dbesc($datarray['created']),
dbesc($datarray['edited']),
+ dbesc($datarray['received']),
dbesc($datarray['changed']),
dbesc($datarray['uri']),
dbesc($datarray['title']),
diff --git a/mod/lostpass.php b/mod/lostpass.php
index e0bf6eed7..3453a0db4 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -7,12 +7,16 @@ function lostpass_post(&$a) {
if(! $email)
goaway($a->get_baseurl());
- $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
+ $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
dbesc($email),
dbesc($email)
);
- if(! count($r))
+
+ if(! count($r)) {
+ notice( t('No valid account found.') . EOL);
goaway($a->get_baseurl());
+ }
+
$uid = $r[0]['uid'];
$username = $r[0]['username'];
diff --git a/mod/match.php b/mod/match.php
index 2d6456b54..5dd80fe3e 100644
--- a/mod/match.php
+++ b/mod/match.php
@@ -15,7 +15,7 @@ function match_content(&$a) {
if(! count($r))
return;
if(! $r[0]['pub_keywords'] && (! $r[0]['prv_keywords'])) {
- notice('No keywords to match. Please add keywords to your default profile.');
+ notice( t('No keywords to match. Please add keywords to your default profile.') . EOL);
return;
}
@@ -27,7 +27,10 @@ function match_content(&$a) {
if($a->pager['page'] != 1)
$params['p'] = $a->pager['page'];
- $x = post_url('http://dir.friendika.com/msearch', $params);
+ if(strlen(get_config('system','directory_submit_url')))
+ $x = post_url('http://dir.friendika.com/msearch', $params);
+ else
+ $x = post_url($a->get_baseurl() . '/msearch', $params);
$j = json_decode($x);
@@ -40,7 +43,7 @@ function match_content(&$a) {
foreach($j->results as $jj) {
$o .= '<div class="profile-match-wrapper"><div class="profile-match-photo">';
- $o .= '<a href="' . $jj->url . '">' . '<img src="' . $jj->photo . '" alt="' . $jj->name . '" title="' . $jj->name . '[' . $jj->url . ']' . '" /></a></div>';
+ $o .= '<a href="' . $jj->url . '">' . '<img src="' . $jj->photo . '" alt="' . $jj->name . '" title="' . $jj->name . '[' . $jj->tags . ']' . '" /></a></div>';
$o .= '<div class="profile-match-break"></div>';
$o .= '<div class="profile-match-name"><a href="' . $jj->url . '" title="' . $jj->name . '[' . $jj->url .']' . '">' . $jj->name . '</a></div>';
$o .= '<div class="profile-match-end"></div></div>';
diff --git a/mod/msearch.php b/mod/msearch.php
index dc9496295..7d9bbe9e7 100644
--- a/mod/msearch.php
+++ b/mod/msearch.php
@@ -16,7 +16,7 @@ function msearch_post(&$a) {
if(count($r))
$total = $r[0]['total'];
- $r = q("SELECT `username`, `nickname`, `user`.`uid` FROM `user` LEFT JOIN `profile` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `hidewall` = 0 AND MATCH `pub_keywords` AGAINST ('%s') LIMIT %d , %d ",
+ $r = q("SELECT `pub_keywords`, `username`, `nickname`, `user`.`uid` FROM `user` LEFT JOIN `profile` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `hidewall` = 0 AND MATCH `pub_keywords` AGAINST ('%s') LIMIT %d , %d ",
dbesc($search),
intval($startrec),
intval($perpage)
@@ -28,7 +28,8 @@ function msearch_post(&$a) {
$results[] = array(
'name' => $rr['name'],
'url' => $a->get_baseurl() . '/profile/' . $rr['nickname'],
- 'photo' => $a->get_baseurl() . '/photo/avatar/' . $rr['uid'] . 'jpg'
+ 'photo' => $a->get_baseurl() . '/photo/avatar/' . $rr['uid'] . 'jpg',
+ 'tags' => str_replace(array(',',' '),array(' ',' '),$rr['pub_keywords'])
);
}
diff --git a/mod/network.php b/mod/network.php
index 75775ba50..28e540283 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -7,13 +7,14 @@ function network_init(&$a) {
return;
}
-
+ $group_id = (($a->argc > 1 && intval($a->argv[1])) ? intval($a->argv[1]) : 0);
+
require_once('include/group.php');
if(! x($a->page,'aside'))
$a->page['aside'] = '';
$search = ((x($_GET,'search')) ? escape_tags($_GET['search']) : '');
- $srchurl = '/network' . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '');
+ $srchurl = '/network' . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . ((x($_GET,'star')) ? '?star=' . $_GET['star'] : '');
$a->page['aside'] .= search($search,'netsearch-box',$srchurl);
@@ -21,15 +22,33 @@ function network_init(&$a) {
$a->page['aside'] .= '<div id="network-new-link">';
-
+ $a->page['aside'] .= '<div id="network-view-link">';
if(($a->argc > 1 && $a->argv[1] === 'new') || ($a->argc > 2 && $a->argv[2] === 'new') || x($_GET,'search'))
- $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . '">' . t('Normal View') . '</a>';
- else
- $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . $a->cmd . '/new' . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">' . t('New Item View') . '</a>';
+ $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . '">' . t('View Conversations') . '</a></div>';
+ else {
+ $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . $a->cmd . '/new' . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">' . t('View New Items') . '</a></div>';
+
+ if(x($_GET,'star'))
+ $a->page['aside'] .= '<div id="network-star-link">'
+ . '<a class="network-star" href="' . $a->get_baseurl() . '/' . $a->cmd
+ . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">'
+ . t('View Any Items') . '</a>'
+ . '<span class="network-star icon starred"></span>'
+ . '<span class="network-star icon unstarred"></span>'
+ . '<div class="clear"></div></div>';
+ else
+ $a->page['aside'] .= '<div id="network-star-link">'
+ . '<a class="network-star" href="' . $a->get_baseurl() . '/' . $a->cmd
+ . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '&star=1" >'
+ . t('View Starred Items') . '</a>'
+ . '<span class="network-star icon starred"></span>'
+ . '<div class="clear"></div></div>';
+
+ }
$a->page['aside'] .= '</div>';
- $a->page['aside'] .= group_side('network','network',true);
+ $a->page['aside'] .= group_side('network','network',true,$group_id);
}
@@ -50,6 +69,7 @@ function network_content(&$a, $update = 0) {
require_once('include/acl_selectors.php');
$cid = ((x($_GET['cid'])) ? intval($_GET['cid']) : 0);
+ $star = ((x($_GET['star'])) ? intval($_GET['star']) : 0);
if(($a->argc > 2) && $a->argv[2] === 'new')
$nouveau = true;
@@ -108,6 +128,7 @@ function network_content(&$a, $update = 0) {
. "; var netargs = '" . substr($a->cmd,8)
. ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '')
. ((x($_GET,'search')) ? '?search=' . $_GET['search'] : '')
+ . ((x($_GET,'star')) ? '?star=' . $_GET['star'] : '')
. "'; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
}
@@ -116,7 +137,7 @@ function network_content(&$a, $update = 0) {
// level which items you've seen and which you haven't. If you're looking
// at the top level network page just mark everything seen.
- if((! $group) && (! $cid)) {
+ if((! $group) && (! $cid) && (! $star)) {
$r = q("UPDATE `item` SET `unseen` = 0
WHERE `unseen` = 1 AND `uid` = %d",
intval($_SESSION['uid'])
@@ -127,7 +148,9 @@ function network_content(&$a, $update = 0) {
// that belongs to you, hence you can see all of it. We will filter by group if
// desired.
- $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
+ $star_sql = (($star) ? " AND `starred` = 1 " : '');
+
+ $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` $star_sql ) ";
if($group) {
$r = q("SELECT `name`, `id` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
@@ -151,7 +174,8 @@ function network_content(&$a, $update = 0) {
info( t('Group is empty'));
}
- $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` REGEXP '<" . intval($group) . ">' )) ";
+
+ $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` $star_sql AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` REGEXP '<" . intval($group) . ">' )) ";
$o = '<h2>' . t('Group: ') . $r[0]['name'] . '</h2>' . $o;
}
elseif($cid) {
@@ -161,7 +185,7 @@ function network_content(&$a, $update = 0) {
intval($cid)
);
if(count($r)) {
- $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` AND `contact-id` IN ( " . intval($cid) . " )) ";
+ $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` $star_sql AND `contact-id` IN ( " . intval($cid) . " )) ";
$o = '<h2>' . t('Contact: ') . $r[0]['name'] . '</h2>' . $o;
if($r[0]['network'] !== NETWORK_MAIL && $r[0]['network'] !== NETWORK_DFRN && $r[0]['network'] !== NETWORK_FACEBOOK && $r[0]['writable'] && (! get_pconfig(local_user(),'system','nowarn_insecure'))) {
notice( t('Private messages to this person are at risk of public disclosure.') . EOL);
@@ -183,6 +207,7 @@ function network_content(&$a, $update = 0) {
if(x($_GET,'search'))
$sql_extra .= " AND `item`.`body` REGEXP '" . dbesc(escape_tags($_GET['search'])) . "' ";
+
$r = q("SELECT COUNT(*) AS `total`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
@@ -212,7 +237,7 @@ function network_content(&$a, $update = 0) {
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
- ORDER BY `item`.`created` DESC LIMIT %d ,%d ",
+ ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($_SESSION['uid']),
intval($a->pager['start']),
intval($a->pager['itemspage'])
diff --git a/mod/notifications.php b/mod/notifications.php
index a3339199e..c6f073058 100644
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -13,11 +13,9 @@ function notifications_post(&$a) {
if($request_id) {
- $r = q("SELECT * FROM `intro`
- WHERE `id` = %d
- AND `uid` = %d LIMIT 1",
- intval($request_id),
- intval(local_user())
+ $r = q("SELECT * FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($request_id),
+ intval(local_user())
);
if(count($r)) {
@@ -28,14 +26,22 @@ function notifications_post(&$a) {
notice( t('Invalid request identifier.') . EOL);
return;
}
+
+ // If it is a friend suggestion, the contact is not a new friend but an existing friend
+ // that should not be deleted.
+
+ $fid = $r[0]['fid'];
+
if($_POST['submit'] == t('Discard')) {
$r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
intval($intro_id)
);
- $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1",
- intval($contact_id),
- intval(local_user())
- );
+ if(! $fid) {
+ $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1",
+ intval($contact_id),
+ intval(local_user())
+ );
+ }
return;
}
if($_POST['submit'] == t('Ignore')) {
@@ -81,18 +87,41 @@ function notifications_content(&$a) {
$a->set_pager_itemspage(20);
}
- $r = q("SELECT `intro`.`id` AS `intro_id`, `intro`.*, `contact`.*
- FROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id`
+ $r = q("SELECT `intro`.`id` AS `intro_id`, `intro`.*, `contact`.*, `fcontact`.`name` AS `fname`,`fcontact`.`url` AS `furl`,`fcontact`.`photo` AS `fphoto`,`fcontact`.`request` AS `frequest`
+ FROM `intro` LEFT JOIN `contact` ON `contact`.`id` = `intro`.`contact-id` LEFT JOIN `fcontact` ON `intro`.`fid` = `fcontact`.`id`
WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ",
intval($_SESSION['uid']));
if(($r !== false) && (count($r))) {
-
+ $sugg = get_markup_template('suggestions.tpl');
$tpl = get_markup_template("intros.tpl");
foreach($r as $rr) {
+ if($rr['fid']) {
+
+ $return_addr = bin2hex($a->user['nickname'] . '@' . $a->get_hostname() . (($a->path) ? '/' . $a->path : ''));
+ $o .= replace_macros($sugg,array(
+ '$str_notifytype' => t('Notification type: '),
+ '$notify_type' => t('Friend Suggestion'),
+ '$intro_id' => $rr['intro_id'],
+ '$madeby' => sprintf( t('suggested by %s'),$rr['name']),
+ '$contact_id' => $rr['contact-id'],
+ '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/default-profile.jpg"),
+ '$fullname' => $rr['fname'],
+ '$url' => $rr['furl'],
+ '$knowyou' => $knowyou,
+ '$approve' => t('Approve'),
+ '$note' => $rr['note'],
+ '$request' => $rr['frequest'] . '?addr=' . $return_addr,
+ '$ignore' => t('Ignore'),
+ '$discard' => t('Discard')
+
+ ));
+
+ continue;
+ }
$friend_selected = (($rr['network'] !== 'stat') ? ' checked="checked" ' : ' disabled ');
$fan_selected = (($rr['network'] === 'stat') ? ' checked="checked" disabled ' : '');
$dfrn_tpl = get_markup_template('netfriend.tpl');
@@ -138,28 +167,6 @@ function notifications_content(&$a) {
else
info( t('No notifications.') . EOL);
- if ($a->config['register_policy'] == REGISTER_APPROVE &&
- $a->config['admin_email'] === $a->user['email']){
- $o .= '<h1>' . t('User registrations waiting for confirm') . '</h1>' . "\r\n";
-
- $r = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
- FROM `register`
- LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid`
- LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;");
- if(($r !== false) && (count($r))) {
- $o .= '<ul>';
- foreach($r as $rr) {
- $o .= '<li>' . sprintf('%s (%s) : ', $rr['name'],$rr['email'])
- . '<a href="regmod/allow/' . $rr['hash'] .'">' . t('Approve')
- . '</a> - <a href="regmod/deny/' . $rr['hash'] . '">' . t('Deny') . '</a></li>' . "\r\n";
- }
- $o .= "</ul>";
- }
- else
- info( t('No registrations.') . EOL);
-
- }
-
$o .= paginate($a);
return $o;
}
diff --git a/mod/photo.php b/mod/photo.php
index 3bea7e72d..9809aa418 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -1,5 +1,7 @@
<?php
+require_once('include/security.php');
+
function photo_init(&$a) {
switch($a->argc) {
@@ -73,39 +75,7 @@ function photo_init(&$a) {
);
if(count($r)) {
- $owner = $r[0]['uid'];
-
- $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
- if(local_user() && ($owner == $_SESSION['uid'])) {
-
- // Owner can always see his/her photos
- $sql_extra = '';
-
- }
- elseif(remote_user()) {
-
- // authenticated visitor - here lie dragons
-
- $groups = init_groups_visitor($_SESSION['visitor_id']);
- $gs = '<<>>'; // should be impossible to match
- if(count($groups)) {
- foreach($groups as $g)
- $gs .= '|<' . intval($g) . '>';
- }
-
- $sql_extra = sprintf(
- " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
- AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
- AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
- AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
-
- intval($_SESSION['visitor_id']),
- intval($_SESSION['visitor_id']),
- dbesc($gs),
- dbesc($gs)
- );
- }
+ $sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
diff --git a/mod/photos.php b/mod/photos.php
index bbdb8b7e9..3e0ec5802 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -3,6 +3,7 @@ require_once('include/Photo.php');
require_once('include/items.php');
require_once('include/acl_selectors.php');
require_once('include/bbcode.php');
+require_once('include/security.php');
function photos_init(&$a) {
@@ -23,7 +24,9 @@ function photos_init(&$a) {
$a->data['user'] = $r[0];
- $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d",
+ $sql_extra = permissions_sql($a->data['user']['uid']);
+
+ $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ",
intval($a->data['user']['uid'])
);
@@ -35,7 +38,11 @@ function photos_init(&$a) {
$o .= '<ul>';
foreach($albums as $album) {
- if((! strlen($album['album'])) || ($album['album'] == t('Contact Photos')))
+
+ // don't show contact photos. We once trasnlated this name, but then you could still access it under
+ // a different language setting. Now we store the name in English and check in English (and translated for legacy albums).
+
+ if((! strlen($album['album'])) || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos')))
continue;
$o .= '<li>' . '<a href="photos/' . $a->argv[1] . '/album/' . bin2hex($album['album']) . '" />' . $album['album'] . '</a></li>';
}
@@ -133,7 +140,7 @@ function photos_post(&$a) {
if(($a->argc > 3) && ($a->argv[2] === 'album')) {
$album = hex2bin($a->argv[3]);
- if($album == t('Profile Photos') || $album == t('Contact Photos')) {
+ if($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return; // NOTREACHED
}
@@ -376,6 +383,8 @@ function photos_post(&$a) {
if(count($tags)) {
foreach($tags as $tag) {
+ if(isset($profile))
+ unset($profile);
if(strpos($tag,'@') === 0) {
$name = substr($tag,1);
if((strpos($name,'@')) || (strpos($name,'http://'))) {
@@ -397,7 +406,7 @@ function photos_post(&$a) {
}
else {
$newname = $name;
- if(strstr($name,'_')) {
+ if(strstr($name,'_') || strstr($name,' ')) {
$newname = str_replace('_',' ',$name);
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
@@ -590,6 +599,9 @@ function photos_post(&$a) {
$filesize = intval($_FILES['userfile']['size']);
}
+
+ logger('photos: upload: received file: ' . $filename . ' as ' . $src . ' ' . $filesize . ' bytes', LOGGER_DEBUG);
+
$maximagesize = get_config('system','maximagesize');
if(($maximagesize) && ($filesize > $maximagesize)) {
@@ -600,6 +612,14 @@ function photos_post(&$a) {
return;
}
+ if(! $filesize) {
+ notice( t('Image file is empty.') . EOL);
+ @unlink($src);
+ $foo = 0;
+ call_hooks('photo_post_end',$foo);
+ return;
+ }
+
logger('mod/photos.php: photos_post(): loading the contents of ' . $src , 'LOGGER_DEBUG');
$imagedata = @file_get_contents($src);
@@ -755,8 +775,6 @@ function photos_content(&$a) {
$owner_uid = $a->data['user']['uid'];
-
-
$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
if((local_user()) && (local_user() == $owner_uid))
@@ -807,34 +825,7 @@ function photos_content(&$a) {
return;
}
- // default permissions - anonymous user
-
- $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
- // Profile owner - everything is visible
-
- if(local_user() && (local_user() == $owner_uid)) {
- $sql_extra = '';
- }
- elseif(remote_user()) {
- // authenticated visitor - here lie dragons
- $gs = '<<>>'; // should be impossible to match
- if(count($groups)) {
- foreach($groups as $g)
- $gs .= '|<' . intval($g) . '>';
- }
- $sql_extra = sprintf(
- " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
- AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
- AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
- AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
-
- intval(remote_user()),
- intval(remote_user()),
- dbesc($gs),
- dbesc($gs)
- );
- }
+ $sql_extra = permissions_sql($owner_uid,$remote_contact,$groups);
$o = "";
@@ -867,7 +858,7 @@ function photos_content(&$a) {
$albumselect .= '<option value="" selected="selected" >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>';
if(count($a->data['albums'])) {
foreach($a->data['albums'] as $album) {
- if(($album['album'] === '') || ($album['album'] == t('Contact Photos')))
+ if(($album['album'] === '') || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos')))
continue;
$albumselect .= '<option value="' . $album['album'] . '">' . $album['album'] . '</option>';
}
@@ -936,7 +927,7 @@ function photos_content(&$a) {
$o .= '<h3>' . $album . '</h3>';
if($cmd === 'edit') {
- if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
+ if(($album !== t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) {
if($can_post) {
$edit_tpl = get_markup_template('album_edit.tpl');
$o .= replace_macros($edit_tpl,array(
@@ -951,7 +942,7 @@ function photos_content(&$a) {
}
}
else {
- if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
+ if(($album !== t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) {
if($can_post) {
$o .= '<div id="album-edit-link"><a href="'. $a->get_baseurl() . '/photos/'
. $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">'
@@ -1119,6 +1110,7 @@ function photos_content(&$a) {
}
$tags=Null;
+
if(count($linked_items) && strlen($link_item['tag'])) {
$arr = explode(',',$link_item['tag']);
// parse tags and add links
@@ -1337,9 +1329,10 @@ function photos_content(&$a) {
// Default - show recent photos with upload link (if applicable)
//$o = '';
- $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s'
+ $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
$sql_extra GROUP BY `resource-id`",
intval($a->data['user']['uid']),
+ dbesc('Contact Photos'),
dbesc( t('Contact Photos'))
);
if(count($r)) {
@@ -1348,9 +1341,10 @@ function photos_content(&$a) {
}
$r = q("SELECT `resource-id`, `id`, `filename`, `album`, max(`scale`) AS `scale` FROM `photo`
- WHERE `uid` = %d AND `album` != '%s'
+ WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'
$sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
intval($a->data['user']['uid']),
+ dbesc('Contact Photos'),
dbesc( t('Contact Photos')),
intval($a->pager['start']),
intval($a->pager['itemspage'])
diff --git a/mod/ping.php b/mod/ping.php
index 6e8618bbd..7c31f00c9 100644
--- a/mod/ping.php
+++ b/mod/ping.php
@@ -25,14 +25,6 @@ function ping_init(&$a) {
);
$intro = $r[0]['total'];
- if (($a->config['register_policy'] == REGISTER_APPROVE) && (is_site_admin())) {
- $r = q("SELECT COUNT(*) AS `total` FROM `register`");
- $register = $r[0]['total'];
- } else {
- $register = "0";
- }
-
-
$myurl = $a->get_baseurl() . '/profile/' . $a->user['nickname'] ;
$r = q("SELECT COUNT(*) AS `total` FROM `mail`
WHERE `uid` = %d AND `seen` = 0 AND `from-url` != '%s' ",
@@ -43,7 +35,7 @@ function ping_init(&$a) {
$mail = $r[0]['total'];
header("Content-type: text/xml");
- echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<result><register>$register</register><intro>$intro</intro><mail>$mail</mail><net>$network</net><home>$home</home></result>\r\n";
+ echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<result><intro>$intro</intro><mail>$mail</mail><net>$network</net><home>$home</home></result>\r\n";
killme();
}
diff --git a/mod/profile.php b/mod/profile.php
index f2dd7f4df..e9b144ffd 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -164,48 +164,19 @@ function profile_content(&$a, $update = 0) {
}
}
- // Construct permissions
-
- // default permissions - anonymous user
-
- $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
- // Profile owner - everything is visible
-
if($is_owner) {
- $sql_extra = '';
-
- // Oh - while we're here... reset the Unseen messages
-
$r = q("UPDATE `item` SET `unseen` = 0
WHERE `wall` = 1 AND `unseen` = 1 AND `uid` = %d",
- intval($_SESSION['uid'])
+ intval(local_user())
);
-
}
- // authenticated visitor - here lie dragons
- // If $remotecontact is true, we know that not only is this a remotely authenticated
- // person, but that it is *our* contact, which is important in multi-user mode.
-
- elseif($remote_contact) {
- $gs = '<<>>'; // should be impossible to match
- if(count($groups)) {
- foreach($groups as $g)
- $gs .= '|<' . intval($g) . '>';
- }
- $sql_extra = sprintf(
- " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
- AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
- AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
- AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
-
- intval($_SESSION['visitor_id']),
- intval($_SESSION['visitor_id']),
- dbesc($gs),
- dbesc($gs)
- );
- }
+ /**
+ * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
+ */
+
+ $sql_extra = permissions_sql($a->profile['profile_uid'],$remote_contact,$groups);
+
$r = q("SELECT COUNT(*) AS `total`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
diff --git a/mod/profperm.php b/mod/profperm.php
index e70992a2b..33479cad1 100644
--- a/mod/profperm.php
+++ b/mod/profperm.php
@@ -26,6 +26,15 @@ function profperm_content(&$a) {
return;
}
+ // Switch to text mod interface if we have more than 'n' contacts or group members
+
+ $switchtotext = get_pconfig(local_user(),'system','groupedit_image_limit');
+ if($switchtotext === false)
+ $switchtotext = get_config('system','groupedit_image_limit');
+ if($switchtotext === false)
+ $switchtotext = 400;
+
+
if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
$r = q("SELECT `id` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `self` = 0
AND `network` = 'dfrn' AND `id` = %d AND `uid` = %d LIMIT 1",
@@ -103,10 +112,13 @@ function profperm_content(&$a) {
$o .= '<div id="prof-members">';
$o .= '<h3>' . t('Visible To') . '</h3>';
+
+ $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
+
foreach($members as $member) {
if($member['url']) {
$member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['id'] . '); return true;';
- $o .= micropro($member,true,'mpprof');
+ $o .= micropro($member,true,'mpprof', $textmode);
}
}
$o .= '</div><div id="prof-members-end"></div>';
@@ -120,10 +132,11 @@ function profperm_content(&$a) {
);
if(count($r)) {
+ $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
foreach($r as $member) {
if(! in_array($member['id'],$ingroup)) {
$member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['id'] . '); return true;';
- $o .= micropro($member,true,'mpprof');
+ $o .= micropro($member,true,'mpprof',$textmode);
}
}
}
diff --git a/mod/register.php b/mod/register.php
index 78dc75f77..7aaf74792 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -71,6 +71,8 @@ function register_post(&$a) {
$err = '';
+ // collapse multiple spaces in name
+ $username = preg_replace('/ +/',' ',$username);
if(mb_strlen($username) > 48)
$err .= t('Please use a shorter name.') . EOL;
@@ -93,6 +95,7 @@ function register_post(&$a) {
$err .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
}
+
if(! allowed_email($email))
$err .= t('Your email domain is not among those allowed on this site.') . EOL;
diff --git a/mod/regmod.php b/mod/regmod.php
index 8e6a577d4..76ea4062e 100644
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -1,6 +1,9 @@
<?php
function user_allow($hash) {
+
+ $a = get_app();
+
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
dbesc($hash)
);
diff --git a/mod/salmon.php b/mod/salmon.php
index c2f76aa0a..721eae437 100644
--- a/mod/salmon.php
+++ b/mod/salmon.php
@@ -1,14 +1,11 @@
<?php
-// TODO:
-// add relevant contacts so they can use this
-
// There is a lot of debug stuff in here because this is quite a
// complicated process to try and sort out.
require_once('include/salmon.php');
-require_once('simplepie/simplepie.inc');
+require_once('library/simplepie/simplepie.inc');
function salmon_return($val) {
@@ -133,9 +130,9 @@ function salmon_post(&$a) {
// Setup RSA stuff to verify the signature
- set_include_path(get_include_path() . PATH_SEPARATOR . 'phpsec');
+ set_include_path(get_include_path() . PATH_SEPARATOR . 'library' . PATH_SEPARATOR . 'phpsec');
- require_once('phpsec/Crypt/RSA.php');
+ require_once('library/phpsec/Crypt/RSA.php');
$key_info = explode('.',$key);
@@ -186,7 +183,11 @@ function salmon_post(&$a) {
if(! count($r)) {
logger('mod-salmon: Author unknown to us.');
}
- if((count($r)) && ($r[0]['readonly'])) {
+
+ // is this a follower? Or have we ignored the person?
+ // If so we can not accept this post.
+
+ if((count($r)) && (($r[0]['readonly']) || ($r[0]['rel'] == REL_VIP) || ($r[0]['blocked']))) {
logger('mod-salmon: Ignoring this author.');
salmon_return(202);
// NOTREACHED
diff --git a/mod/search.php b/mod/search.php
index 9c82b38e8..c20d1274e 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -35,13 +35,9 @@ function search_content(&$a) {
if(! $search)
return $o;
-
- $sql_extra = "
- AND `item`.`allow_cid` = ''
- AND `item`.`allow_gid` = ''
- AND `item`.`deny_cid` = ''
- AND `item`.`deny_gid` = ''
- ";
+ // Here is the way permissions work in the search module...
+ // Only public wall posts can be shown
+ // OR your own posts if you are a logged in member
$s_bool = "AND MATCH (`item`.`body`) AGAINST ( '%s' IN BOOLEAN MODE )";
$s_regx = "AND `item`.`body` REGEXP '%s' ";
@@ -52,12 +48,12 @@ function search_content(&$a) {
$search_alg = $s_regx;
$r = q("SELECT COUNT(*) AS `total`
- FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
+ FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `profile` ON `profile`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0
- AND ( `wall` = 1 OR `contact`.`uid` = %d )
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- $search_alg
- $sql_extra ",
+ AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `profile`.`hidewall` = 0)
+ OR `item`.`uid` = %d )
+ AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `profile`.`is-default` = 1
+ $search_alg ",
intval(local_user()),
dbesc($search)
);
@@ -74,14 +70,15 @@ function search_content(&$a) {
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,
- `user`.`nickname`
+ `user`.`nickname`, `profile`.`hidewall`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
- LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
+ LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
+ LEFT JOIN `profile` ON `profile`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0
- AND ( `wall` = 1 OR `contact`.`uid` = %d )
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `profile`.`hidewall` = 0 )
+ OR `item`.`uid` = %d )
+ AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `profile`.`is-default` = 1
$search_alg
- $sql_extra
ORDER BY `parent` DESC ",
intval(local_user()),
dbesc($search)
diff --git a/mod/starred.php b/mod/starred.php
new file mode 100644
index 000000000..035b81e76
--- /dev/null
+++ b/mod/starred.php
@@ -0,0 +1,35 @@
+<?php
+
+
+function starred_init(&$a) {
+
+ $starred = 0;
+
+ if(! local_user())
+ killme();
+ if($a->argc > 1)
+ $message_id = intval($a->argv[1]);
+ if(! $message_id)
+ killme();
+
+ $r = q("SELECT starred FROM item WHERE uid = %d AND id = %d LIMIT 1",
+ intval(local_user()),
+ intval($message_id)
+ );
+ if(! count($r))
+ killme();
+
+ if(! intval($r[0]['starred']))
+ $starred = 1;
+
+ $r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d LIMIT 1",
+ intval($starred),
+ intval(local_user()),
+ intval($message_id)
+ );
+
+ // the json doesn't really matter, it will either be 0 or 1
+
+ echo json_encode($starred);
+ killme();
+}
diff --git a/mod/webfinger.php b/mod/webfinger.php
index dd6d72a13..f6d6026b4 100644
--- a/mod/webfinger.php
+++ b/mod/webfinger.php
@@ -13,12 +13,14 @@ function webfinger_content(&$a) {
$o .= '<br /><br />';
if(x($_GET,'addr')) {
- $addr = $_GET['addr'];
+ $addr = trim($_GET['addr']);
if(strpos($addr,'@' !== false))
$res = webfinger($addr);
else
$res = lrdd($addr);
+ $o .= '<pre>';
$o .= str_replace("\n",'<br />',print_r($res,true));
+ $o .= '</pre>';
}
return $o;
} \ No newline at end of file
diff --git a/mod/xrd.php b/mod/xrd.php
index 8ac6ff7cf..de0c20ea5 100644
--- a/mod/xrd.php
+++ b/mod/xrd.php
@@ -24,7 +24,7 @@ function xrd_content(&$a) {
$salmon_key = salmon_key($r[0]['spubkey']);
-
+ header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
$tpl = file_get_contents('view/xrd_person.tpl');