5 files changed, 30 insertions, 100 deletions

diff --git a/mod/cloud.php b/mod/cloud.php
index 106379785..a72d0f108 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -1,23 +1,5 @@
 <?php
 
-	// This module is currently !!!HIGHLY EXPERIMENTAL!!!
-	// You should think twice before running this on a production server
-	// as security mechanisms are not yet implemented and those that
-	// are implemented probably don't work.
-
-	// DAV mounts will probably fail if you don't use SSL, because some platforms refuse to send
-	// basic auth over non-encrypted connections.
-	// One could use digest auth - but then one has to calculate the A1 digest and store it for
-	// all acounts. We aren't doing that. We have a stored password already. We don't need another
-	// one. The login unfortunately is the channel nickname (webbie) as we have no way of passing 
-	// the destination channel to DAV. You should be able to login with your account credentials 
-	// and be directed to your default channel. 
-
-	// This interface does not yet support Red stored files. Consider any content in your "store" 
-	// directory to be throw-away until advised otherwise.
-
-
-
 	use Sabre\DAV;
 
     require_once('vendor/autoload.php');
@@ -44,64 +26,28 @@
 
 
 
-class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
-
-	public $channel_name = '';
-	public $channel_id = 0;
-	public $channel_hash = '';
-	public $observer = '';
-
-    protected function validateUserPass($username, $password) {
-		require_once('include/auth.php');
-		$record = account_verify_password($email,$pass);
-		if($record && $record['account_default_channel']) {
-			$r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1",
-				intval($record['account_id']),
-				intval($record['account_default_channel'])
-			);
-			if($r) {
-				$this->currentUser = $r[0]['channel_address'];
-				$this->channel_name = $r[0]['channel_address'];
-				$this->channel_id = $r[0]['channel_id'];
-				$this->channel_hash = $this->observer = $r[0]['channel_hash'];
-				return true;
-			}
-		}
-		$r = q("select * from channel where channel_address = '%s' limit 1",
-			dbesc($username)
-		);
-		if($r) {
-			$x = q("select * from account where account_id = %d limit 1",
-				intval($r[0]['channel_account_id'])
-			);
-			if($x) {
-			    foreach($x as $record) {
-			        if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
-            		&& (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) {
-			            logger('(DAV) RedBasicAuth: password verified for ' . $username);
-						$this->channel_name = $r[0]['channel_address'];
-						$this->channel_id = $r[0]['channel_id'];
-						$this->channel_hash = $this->observer = $r[0]['channel_hash'];
-            			return true;
-        			}
-    			}
-			}
-		}
-	    logger('(DAV) RedBasicAuth: password failed for ' . $username);
-    	return false;
-	}
-}
 
 
 function cloud_init(&$a) {
 
-	if(! get_config('system','enable_cloud'))
-		killme();
-
 	require_once('include/reddav.php');
 
 	$auth = new RedBasicAuth();
 
+	$ob_hash = get_observer_hash();
+
+	if($ob_hash) {
+		if(local_user()) {
+			$channel = $a->get_channel();
+			$auth->setCurrentUser($channel['channel_address']);
+			$auth->channel_name = $channel['channel_address'];
+			$auth->channel_id = $channel['channel_id'];
+			$auth->channel_hash = $channel['channel_hash'];
+		}	
+		$auth->observer = $ob_hash;
+	}	
+
+
 	$rootDirectory = new RedDirectory('/',$auth);
 	$server = new DAV\Server($rootDirectory);
 	$lockBackend = new DAV\Locks\Backend\File('store/data/locks');
@@ -110,9 +56,15 @@ function cloud_init(&$a) {
 	$server->addPlugin($lockPlugin);
 
 
-	$auth->Authenticate($server,'Red Matrix');
+	if(! $auth->observer)
+		$auth->Authenticate($server,'Red Matrix');
+
+//	$browser = new DAV\Browser\Plugin();
+
+	$browser = new RedBrowser($auth);
+
+	$auth->setBrowserPlugin($browser);
 
-	$browser = new DAV\Browser\Plugin();
 	$server->addPlugin($browser);
 
 
diff --git a/mod/editblock.php b/mod/editblock.php
index 8b5b2d16c..e8f3e90f8 100644
--- a/mod/editblock.php
+++ b/mod/editblock.php
@@ -111,6 +111,7 @@ function editblock_content(&$a) {
 	$o .= replace_macros($tpl,array(
 		'$return_path' => $rp,
 		'$action' => 'item',
+		'$webpage' => ITEM_BUILDBLOCK,
 		'$share' => t('Edit'),
 		'$upload' => t('Upload photo'),
 		'$attach' => t('Attach file'),
diff --git a/mod/editlayout.php b/mod/editlayout.php
index 542bb8357..e6be1056f 100644
--- a/mod/editlayout.php
+++ b/mod/editlayout.php
@@ -97,6 +97,7 @@ function editlayout_content(&$a) {
 	$o .= replace_macros($tpl,array(
 		'$return_path' => $rp,
 		'$action' => 'item',
+		'$webpage' => ITEM_PDL,
 		'$share' => t('Edit'),
 		'$upload' => t('Upload photo'),
 		'$attach' => t('Attach file'),
diff --git a/mod/editwebpage.php b/mod/editwebpage.php
index 00659b4b7..e1de09e37 100644
--- a/mod/editwebpage.php
+++ b/mod/editwebpage.php
@@ -136,7 +136,7 @@ function editwebpage_content(&$a) {
 
 	$o .= replace_macros($tpl,array(
 		'$return_path' => $rp,
-		'$webpage' => true,
+		'$webpage' => ITEM_WEBPAGE,
 		'$placeholdpagetitle' => t('Page link title'),
 		'$pagetitle' => $page_title,
 
diff --git a/mod/item.php b/mod/item.php
index 2c0a36d52..037c24835 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -44,7 +44,7 @@ function item_post(&$a) {
 
 	call_hooks('post_local_start', $_REQUEST);
 
-//	logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
+	logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
 
 	$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
 
@@ -571,7 +571,7 @@ function item_post(&$a) {
 	}
 
 	$item_flags |= ITEM_UNSEEN;
-	$item_restrict |= ITEM_VISIBLE;
+//	$item_restrict |= ITEM_VISIBLE;
 	
 	if($post_type === 'wall' || $post_type === 'wall-comment')
 		$item_flags = $item_flags | ITEM_WALL;
@@ -705,6 +705,8 @@ function item_post(&$a) {
 
 		item_store_update($datarray,$execflag);
 
+		update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid);
+
 		proc_run('php', "include/notifier.php", 'edit_post', $post_id);
 		if((x($_REQUEST,'return')) && strlen($return_path)) {
 			logger('return: ' . $return_path);
@@ -808,34 +810,8 @@ function item_post(&$a) {
 		// NOTREACHED
 	}
 
-	$page_type = '';
-
-	if($webpage & ITEM_WEBPAGE)
-		$page_type = 'WEBPAGE';
-	elseif($webpage & ITEM_BUILDBLOCK)
-		$page_type = 'BUILDBLOCK';
-	elseif($webpage & ITEM_PDL)
-		$page_type = 'PDL';
-	elseif($namespace && $remote_id) {
-		$page_type = $namespace;
-		$pagetitle = $remote_id;
-	}
-
-	if($page_type) {	
 
-		// store page info as an alternate message_id so we can access it via 
-		//    https://sitename/page/$channelname/$pagetitle
-		// if no pagetitle was given or it couldn't be transliterated into a url, use the first 
-		// sixteen bytes of the mid - which makes the link portable and not quite as daunting
-		// as the entire mid. If it were the post_id the link would be less portable.
-
-		q("insert into item_id ( iid, uid, sid, service ) values ( %d, %d, '%s','%s' )",
-			intval($post_id),
-			intval($channel['channel_id']),
-			dbesc(($pagetitle) ? $pagetitle : substr($mid,0,16)),
-			dbesc($page_type)
-		);
-	}
+	update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid);
 
 	$datarray['id']    = $post_id;
 	$datarray['llink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id;