aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/contacts.php99
-rw-r--r--mod/dfrn_confirm.php101
-rw-r--r--mod/dfrn_notify.php72
-rw-r--r--mod/dfrn_poll.php17
-rw-r--r--mod/dfrn_request.php19
-rw-r--r--mod/display.php198
-rw-r--r--mod/group.php43
-rw-r--r--mod/invite.php6
-rw-r--r--mod/item.php56
-rw-r--r--mod/message.php2
-rw-r--r--mod/notifications.php11
-rw-r--r--mod/photos.php118
-rw-r--r--mod/ping.php8
-rw-r--r--mod/profile.php15
-rw-r--r--mod/profiles.php2
-rw-r--r--mod/settings.php84
16 files changed, 478 insertions, 373 deletions
diff --git a/mod/contacts.php b/mod/contacts.php
index 7baeb3e14..2469e0c6f 100644
--- a/mod/contacts.php
+++ b/mod/contacts.php
@@ -1,5 +1,7 @@
<?php
+require_once('include/Contact.php');
+
function contacts_init(&$a) {
require_once('include/group.php');
$a->page['aside'] .= group_side();
@@ -9,7 +11,6 @@ function contacts_init(&$a) {
}
function contacts_post(&$a) {
-
if(! local_user())
return;
@@ -20,11 +21,11 @@ function contacts_post(&$a) {
$orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(! count($orig_record)) {
- notice("Could not access contact record." . EOL);
+ notice( t('Could not access contact record.') . EOL);
goaway($a->get_baseurl() . '/contacts');
return; // NOTREACHED
}
@@ -33,7 +34,7 @@ function contacts_post(&$a) {
if($profile_id) {
$r = q("SELECT `id` FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($profile_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(! count($r)) {
notice( t('Could not locate selected profile.') . EOL);
@@ -57,7 +58,7 @@ function contacts_post(&$a) {
intval($rating),
dbesc($reason),
intval($contact_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if($r)
notice( t('Contact updated.') . EOL);
@@ -86,7 +87,7 @@ function contacts_content(&$a) {
$orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(! count($orig_record)) {
@@ -101,13 +102,12 @@ function contacts_content(&$a) {
$r = q("UPDATE `contact` SET `blocked` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($blocked),
intval($contact_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if($r) {
- $msg = t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL ;
- notice($msg);
+ notice( t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL );
}
- goaway($a->get_baseurl() ."/contacts/$contact_id");
+ goaway($a->get_baseurl() . '/contacts/' . $contact_id);
return; // NOTREACHED
}
@@ -116,32 +116,17 @@ function contacts_content(&$a) {
$r = q("UPDATE `contact` SET `readonly` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($readonly),
intval($contact_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if($r) {
- $msg = t('Contact has been ') . (($readonly) ? t('ignored') : t('unignored')) . EOL ;
- notice($msg);
+ notice( t('Contact has been ') . (($readonly) ? t('ignored') : t('unignored')) . EOL );
}
- goaway($a->get_baseurl() ."/contacts/$contact_id");
+ goaway($a->get_baseurl() . '/contacts/' . $contact_id);
return; // NOTREACHED
}
if($cmd == 'drop') {
- $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($contact_id),
- intval($_SESSION['uid'])
- );
-
- q("DELETE FROM `item` WHERE `contact-id` = %d AND `uid` = %d ",
- intval($contact_id),
- intval($_SESSION['uid'])
- );
- q("DELETE FROM `photo` WHERE `contact-id` = %d AND `uid` = %d ",
-
- intval($contact_id),
- intval($_SESSION['uid'])
- );
-
+ contact_remove($contact_id);
notice( t('Contact has been removed.') . EOL );
goaway($a->get_baseurl() . '/contacts');
return; // NOTREACHED
@@ -152,7 +137,7 @@ function contacts_content(&$a) {
$contact_id = intval($a->argv[1]);
$r = q("SELECT * FROM `contact` WHERE `uid` = %d and `id` = %d LIMIT 1",
- $_SESSION['uid'],
+ intval(get_uid()),
intval($contact_id)
);
if(! count($r)) {
@@ -164,23 +149,22 @@ function contacts_content(&$a) {
$tpl = file_get_contents("view/contact_edit.tpl");
- $direction = '';
- if(strlen($r[0]['issued-id'])) {
- if(strlen($r[0]['dfrn-id'])) {
- $direction = DIRECTION_BOTH;
+ switch($r[0]['rel']) {
+ case DIRECTION_BOTH:
$dir_icon = 'images/lrarrow.gif';
$alt_text = t('Mutual Friendship');
- }
- else {
- $direction = DIRECTION_IN;
+ break;
+ case DIRECTION_IN;
$dir_icon = 'images/larrow.gif';
$alt_text = t('is a fan of yours');
- }
- }
- else {
- $direction = DIRECTION_OUT;
- $dir_icon = 'images/rarrow.gif';
- $alt_text = t('you are a fan of');
+ break;
+
+ case DIRECTION_OUT;
+ $dir_icon = 'images/rarrow.gif';
+ $alt_text = t('you are a fan of');
+ break;
+ default:
+ break;
}
$o .= replace_macros($tpl,array(
@@ -201,7 +185,7 @@ function contacts_content(&$a) {
'$name' => $r[0]['name'],
'$dir_icon' => $dir_icon,
'$alt_text' => $alt_text,
- '$url' => (($direction != DIRECTION_OUT) ? "redir/{$r[0]['id']}" : $r[0]['url'] )
+ '$url' => (($r[0]['rel'] != DIRECTION_OUT) ? "redir/{$r[0]['id']}" : $r[0]['url'] )
));
@@ -269,23 +253,22 @@ function contacts_content(&$a) {
foreach($r as $rr) {
if($rr['self'])
continue;
- $direction = '';
- if(strlen($rr['issued-id'])) {
- if(strlen($rr['dfrn-id'])) {
- $direction = DIRECTION_BOTH;
+
+ switch($rr['rel']) {
+ case DIRECTION_BOTH:
$dir_icon = 'images/lrarrow.gif';
$alt_text = t('Mutual Friendship');
- }
- else {
- $direction = DIRECTION_IN;
+ break;
+ case DIRECTION_IN;
$dir_icon = 'images/larrow.gif';
$alt_text = t('is a fan of yours');
- }
- }
- else {
- $direction = DIRECTION_OUT;
- $dir_icon = 'images/rarrow.gif';
- $alt_text = t('you are a fan of');
+ break;
+ case DIRECTION_OUT;
+ $dir_icon = 'images/rarrow.gif';
+ $alt_text = t('you are a fan of');
+ break;
+ default:
+ break;
}
$o .= replace_macros($tpl, array(
@@ -296,7 +279,7 @@ function contacts_content(&$a) {
'$dir_icon' => $dir_icon,
'$thumb' => $rr['thumb'],
'$name' => $rr['name'],
- '$url' => (($direction != DIRECTION_OUT) ? "redir/{$rr['id']}" : $rr['url'] )
+ '$url' => (($rr['rel'] != DIRECTION_OUT) ? "redir/{$rr['id']}" : $rr['url'] )
));
}
$o .= '<div id="contact-edit-end"></div>';
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 69c93abd6..86227d537 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -12,9 +12,12 @@ function dfrn_confirm_post(&$a) {
// We are processing an external confirmation to an introduction created by our user.
$public_key = $_POST['public_key'];
- $dfrn_id = $_POST['dfrn_id'];
+ $dfrn_id = $_POST['dfrn_id'];
$source_url = $_POST['source_url'];
- $aes_key = $_POST['aes_key'];
+ $aes_key = $_POST['aes_key'];
+ $duplex = $_POST['duplex'];
+ $version_id = $_POST['dfrn_version'];
+
// Find our user's account
@@ -23,15 +26,15 @@ function dfrn_confirm_post(&$a) {
if(! count($r)) {
xml_status(3); // failure
+ return; // NOTREACHED
}
$my_prvkey = $r[0]['prvkey'];
$local_uid = $r[0]['uid'];
- $decrypted_source_url = "";
-
// verify everything
+ $decrypted_source_url = "";
openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
@@ -41,15 +44,17 @@ function dfrn_confirm_post(&$a) {
if(! count($ret)) {
// this is either a bogus confirmation or we deleted the original introduction.
- xml_status(3);
+ xml_status(3);
+ return; // NOTREACHED
}
- $relation = $r[0]['rel'];
+ $relation = $ret[0]['rel'];
// Decrypt all this stuff we just received
$foreign_pubkey = $ret[0]['site-pubkey'];
- $dfrn_record = $ret[0]['id'];
+ $dfrn_record = $ret[0]['id'];
+
$decrypted_dfrn_id = "";
openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
@@ -64,14 +69,18 @@ function dfrn_confirm_post(&$a) {
$r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1",
dbesc($decrypted_dfrn_id),
- intval($local_uid));
- if(count($r))
+ intval($local_uid)
+ );
+ if(count($r)) {
xml_status(1); // Birthday paradox - duplicate dfrn-id
+ return; // NOTREACHED
+ }
$r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
dbesc($decrypted_dfrn_id),
dbesc($dfrn_pubkey),
- intval($dfrn_record));
+ intval($dfrn_record)
+ );
if($r) {
// We're good but now we have to scrape the profile photo and send notifications.
@@ -118,13 +127,29 @@ function dfrn_confirm_post(&$a) {
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
}
- $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `rel` = %d, `name-date` = '%s', `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, `pending` = 0, `network` = 'dfrn' WHERE `id` = %d LIMIT 1",
+ $new_relation = DIRECTION_OUT;
+ if(($relation == DIRECTION_IN) || ($duplex))
+ $new_relation = DIRECTION_BOTH;
+
+ $r = q("UPDATE `contact` SET
+ `photo` = '%s',
+ `thumb` = '%s',
+ `rel` = %d,
+ `name-date` = '%s',
+ `uri-date` = '%s',
+ `avatar-date` = '%s',
+ `blocked` = 0,
+ `pending` = 0,
+ `duplex` = %d,
+ `network` = 'dfrn' WHERE `id` = %d LIMIT 1
+ ",
dbesc($photo),
dbesc($thumb),
- intval(($relation == DIRECTION_IN) ? DIRECTION_BOTH: DIRECTION_OUT),
+ intval($new_relation),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
+ intval($duplex),
intval($dfrn_record)
);
if($r === false)
@@ -135,7 +160,8 @@ function dfrn_confirm_post(&$a) {
$r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`id` = %d LIMIT 1",
- intval($dfrn_record));
+ intval($dfrn_record)
+ );
if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {
$tpl = file_get_contents('view/intro_complete_eml.tpl');
@@ -151,13 +177,12 @@ function dfrn_confirm_post(&$a) {
);
$res = mail($r[0]['email'], t("Introduction accepted at ") . $a->config['sitename'],
- $email_tpl,t("From: Administrator@") . $_SERVER[SERVER_NAME] );
+ $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
if(!$res) {
notice( t("Email notification failed.") . EOL );
}
}
xml_status(0); // Success
-
return; // NOTREACHED
}
else {
@@ -171,43 +196,44 @@ function dfrn_confirm_post(&$a) {
// We are processing a local confirmation initiated on this system by our user to an external introduction.
- $uid = $_SESSION['uid'];
+ $uid = get_uid();
if(! $uid) {
notice( t("Permission denied.") . EOL );
return;
}
- $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
+ $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
$intro_id = intval($_POST['intro_id']);
+ $duplex = intval($_POST['duplex']);
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($dfrn_id),
intval($uid)
);
- if((! $r) || (! count($r))) {
+ if(! count($r)) {
notice( t('Node does not exist.') . EOL );
return;
}
- $contact_id = $r[0]['id'];
- $relation = $r[0]['rel'];
- $site_pubkey = $r[0]['site-pubkey'];
+ $contact_id = $r[0]['id'];
+ $relation = $r[0]['rel'];
+ $site_pubkey = $r[0]['site-pubkey'];
$dfrn_confirm = $r[0]['confirm'];
- $aes_allow = $r[0]['aes_allow'];
+ $aes_allow = $r[0]['aes_allow'];
- $res=openssl_pkey_new(array(
+ $res = openssl_pkey_new(array(
'digest_alg' => 'whirlpool',
'private_key_bits' => 4096,
- 'encrypt_key' => false ));
+ 'encrypt_key' => false )
+ );
$private_key = '';
openssl_pkey_export($res, $private_key);
-
$pubkey = openssl_pkey_get_details($res);
$public_key = $pubkey["key"];
@@ -222,8 +248,8 @@ function dfrn_confirm_post(&$a) {
$params = array();
$src_aes_key = random_string();
- $result = "";
+ $result = '';
openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']);
$params['dfrn_id'] = $result;
@@ -237,6 +263,10 @@ function dfrn_confirm_post(&$a) {
$params['public_key'] = openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key);
}
+ $params['dfrn_version'] = '2.0';
+ if($duplex == 1)
+ $params['duplex'] = 1;
+
$res = post_url($dfrn_confirm,$params);
// uncomment the following two lines and comment the following xml/status lines
@@ -329,10 +359,23 @@ function dfrn_confirm_post(&$a) {
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
}
- $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `rel` = %d, `name-date` = '%s', `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, `pending` = 0, `network` = 'dfrn' WHERE `id` = %d LIMIT 1",
+ $new_relation = DIRECTION_IN;
+ if(($relation == DIRECTION_OUT) || ($duplex))
+ $new_relation = DIRECTION_BOTH;
+
+ $r = q("UPDATE `contact` SET `photo` = '%s',
+ `thumb` = '%s',
+ `rel` = %d,
+ `name-date` = '%s',
+ `uri-date` = '%s',
+ `avatar-date` = '%s',
+ `blocked` = 0,
+ `pending` = 0,
+ `network` = 'dfrn' WHERE `id` = %d LIMIT 1
+ ",
dbesc($photo),
dbesc($thumb),
- intval(($relation == DIRECTION_OUT) ? DIRECTION_BOTH: DIRECTION_IN),
+ intval($new_relation),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
@@ -343,8 +386,6 @@ function dfrn_confirm_post(&$a) {
goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
return; //NOTREACHED
-
}
-
return;
}
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 7cab98eb8..433f69d11 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -185,43 +185,45 @@ function dfrn_notify_post(&$a) {
$datarray['contact-id'] = $importer['id'];
$posted_id = post_remote($a,$datarray);
- $r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($posted_id),
- intval($importer['importer_uid'])
- );
- if(count($r)) {
- $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d",
- dbesc(datetime_convert()),
- intval($importer['importer_uid']),
- intval($r[0]['parent'])
+ if($posted_id) {
+ $r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($posted_id),
+ intval($importer['importer_uid'])
+ );
+ if(count($r)) {
+ $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d",
+ dbesc(datetime_convert()),
+ intval($importer['importer_uid']),
+ intval($r[0]['parent'])
+ );
+ }
+ $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
+ dbesc(datetime_convert()),
+ intval($importer['importer_uid']),
+ intval($posted_id)
);
- }
- $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
- dbesc(datetime_convert()),
- intval($importer['importer_uid']),
- intval($posted_id)
- );
- $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
-
- proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &",
- array(),$foo));
-
- if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) {
- require_once('bbcode.php');
- $from = stripslashes($datarray['author-name']);
- $tpl = file_get_contents('view/cmnt_received_eml.tpl');
- $email_tpl = replace_macros($tpl, array(
- '$sitename' => $a->config['sitename'],
- '$siteurl' => $a->get_baseurl(),
- '$username' => $importer['username'],
- '$email' => $importer['email'],
- '$from' => $from,
+ $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
+
+ proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &",
+ array(),$foo));
+
+ if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) {
+ require_once('bbcode.php');
+ $from = stripslashes($datarray['author-name']);
+ $tpl = file_get_contents('view/cmnt_received_eml.tpl');
+ $email_tpl = replace_macros($tpl, array(
+ '$sitename' => $a->config['sitename'],
+ '$siteurl' => $a->get_baseurl(),
+ '$username' => $importer['username'],
+ '$email' => $importer['email'],
+ '$from' => $from,
'$body' => strip_tags(bbcode(stripslashes($datarray['body'])))
- ));
+ ));
- $res = mail($importer['email'], $from . t(" commented on your item at ") . $a->config['sitename'],
- $email_tpl,t("From: Administrator@") . $a->get_hostname() );
+ $res = mail($importer['email'], $from . t(" commented on your item at ") . $a->config['sitename'],
+ $email_tpl,t("From: Administrator@") . $a->get_hostname() );
+ }
}
xml_status(0);
return;
@@ -356,7 +358,7 @@ function dfrn_notify_content(&$a) {
$encrypted_id = '';
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
- if($r[0]['duplex']) {
+ if(($r[0]['duplex']) && strlen($r[0]['pubkey'])) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
}
@@ -368,7 +370,7 @@ function dfrn_notify_content(&$a) {
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id);
- echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ;
+ echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_version>2.0</dfrn_version><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ;
session_write_close();
exit;
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index 84cb58da0..aa60abff8 100644
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -14,6 +14,8 @@ function dfrn_poll_init(&$a) {
$type = $a->config['dfrn_poll_type'] = $_GET['type'];
if(x($_GET,'last_update'))
$last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
+ $dfrn_version = ((x($_GET,'dfrn_version')) ? $_GET['dfrn_version'] : '1.0');
+ $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
$o = get_feed_for($a,'*', $a->argv[1],$last_update);
@@ -25,7 +27,7 @@ function dfrn_poll_init(&$a) {
$r = q("SELECT `contact`.*, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
- WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex `= 1 )) LIMIT 1",
+ WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) LIMIT 1",
dbesc($dfrn_id),
dbesc($dfrn_id)
);
@@ -46,10 +48,11 @@ function dfrn_poll_init(&$a) {
dbesc($session_id));
}
}
- $profile = ((strlen($r[0]['nickname'])) ? $r[0]['nickname'] : $r[0]['uid']);
- goaway($a->get_baseurl() . "/profile/$profile/visit");
+ $profile = $r[0]['nickname'];
+ goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
}
goaway($a->get_baseurl());
+
}
if((x($type)) && ($type == 'profile-check')) {
@@ -57,8 +60,10 @@ function dfrn_poll_init(&$a) {
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
dbesc($dfrn_id));
- if(count($r))
+ if(count($r)) {
xml_status(1);
+ return; // NOTREACHED
+ }
xml_status(0);
return; // NOTREACHED
}
@@ -182,7 +187,7 @@ function dfrn_poll_content(&$a) {
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
- if($r[0]['duplex']) {
+ if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
}
@@ -198,7 +203,7 @@ function dfrn_poll_content(&$a) {
$status = 1;
}
- echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>'
+ echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_version>2.0</dfrn_version><dfrn_id>' . $encrypted_id . '</dfrn_id>'
. '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
session_write_close();
exit;
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 0fb718ab6..617d4b2d8 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -45,7 +45,7 @@ function dfrn_request_post(&$a) {
if(x($dfrn_url)) {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' LIMIT 1",
- intval($_SESSION['uid']),
+ intval(get_uid()),
dbesc($dfrn_url)
);
@@ -99,7 +99,7 @@ function dfrn_request_post(&$a) {
$r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`,
`request`, `confirm`, `notify`, `poll`, `aes_allow`)
VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)",
- intval($_SESSION['uid']),
+ intval(get_uid()),
datetime_convert(),
dbesc($dfrn_url),
$parms['fn'],
@@ -214,14 +214,19 @@ function dfrn_request_post(&$a) {
);
}
else {
-
+ if(! validate_url($url)) {
+ notice( t('Invalid profile URL.') . EOL);
+ goaway($a->get_baseurl() . '/' . $a->cmd);
+ return; // NOTREACHED
+ }
+
require_once('Scrape.php');
$parms = scrape_dfrn($url);
if(! count($parms)) {
notice( t('Profile location is not valid or does not contain profile information.') . EOL );
- killme();
+ goaway($a->get_baseurl() . '/' . $a->cmd);
}
else {
if(! x($parms,'fn'))
@@ -274,7 +279,7 @@ function dfrn_request_post(&$a) {
}
if($r === false) {
- notice( 'Failed to update contact record.' . EOL );
+ notice( t('Failed to update contact record.') . EOL );
return;
}
@@ -300,7 +305,7 @@ function dfrn_request_post(&$a) {
// "Homecoming" - send the requestor back to their site to record the introduction.
- $dfrn_url = bin2hex($a->get_baseurl() . "/profile/$nickname");
+ $dfrn_url = bin2hex($a->get_baseurl() . '/profile/' . $nickname);
$aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" . '&confirm_key=' . $hash . (($aes_allow) ? "&aes_allow=1" : ""));
@@ -387,7 +392,7 @@ function dfrn_request_content(&$a) {
$res = mail($r[0]['email'],
t("Introduction received at ") . $a->config['sitename'],
$email,
- t('From: Administrator@') . $_SERVER[SERVER_NAME] );
+ 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
// This is a redundant notification - no point throwing errors if it fails.
}
}
diff --git a/mod/display.php b/mod/display.php
new file mode 100644
index 000000000..2125e1696
--- /dev/null
+++ b/mod/display.php
@@ -0,0 +1,198 @@
+<?php
+
+
+function display_content(&$a) {
+
+ require_once('mod/profile.php');
+ profile_init($a);
+
+ $item_id = (($a->argc > 2) ? intval($a->argv[2]) : 0);
+
+ if(! $item_id) {
+ $a->error = 404;
+ notice( t('Item not found.') . EOL);
+ return;
+ }
+
+ require_once("include/bbcode.php");
+ require_once('include/security.php');
+
+
+ $groups = array();
+
+ $tab = 'posts';
+
+
+ $contact = null;
+ $remote_contact = false;
+
+ if(remote_user()) {
+ $contact_id = $_SESSION['visitor_id'];
+ $groups = init_groups_visitor($contact_id);
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($contact_id),
+ intval($a->profile['uid'])
+ );
+ if(count($r)) {
+ $contact = $r[0];
+ $remote_contact = true;
+ }
+ }
+
+ if(! $remote_contact) {
+ if(local_user()) {
+ $contact_id = $_SESSION['cid'];
+ $contact = $a->contact;
+ }
+ }
+
+
+ $sql_extra = "
+ AND `allow_cid` = ''
+ AND `allow_gid` = ''
+ AND `deny_cid` = ''
+ AND `deny_gid` = ''
+ ";
+
+
+ // Profile owner - everything is visible
+
+ if(local_user() && (get_uid() == $a->profile['uid'])) {
+ $sql_extra = '';
+ }
+
+ // authenticated visitor - here lie dragons
+ // If $remotecontact is true, we know that not only is this a remotely authenticated
+ // person, but that it is *our* contact, which is important in multi-user mode.
+
+ elseif($remote_contact) {
+ $gs = '<<>>'; // should be impossible to match
+ if(count($groups)) {
+ foreach($groups as $g)
+ $gs .= '|<' . intval($g) . '>';
+ }
+ $sql_extra = sprintf(
+ " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
+ AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
+ AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
+ AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
+
+ intval($_SESSION['visitor_id']),
+ intval($_SESSION['visitor_id']),
+ dbesc($gs),
+ dbesc($gs)
+ );
+ }
+
+ $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
+ `contact`.`name`, `contact`.`photo`, `contact`.`url`,
+ `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+ `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
+ FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
+ WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ AND `item`.`parent` = ( SELECT `parent` FROM `item` WHERE `id` = %d )
+ $sql_extra
+ ORDER BY `parent` DESC, `id` ASC ",
+ intval($a->profile['uid']),
+ intval($item_id)
+ );
+
+
+ $cmnt_tpl = file_get_contents('view/comment_item.tpl');
+
+ $tpl = file_get_contents('view/wall_item.tpl');
+
+ $return_url = $_SESSION['return_url'] = $a->cmd;
+
+ if(count($r)) {
+ foreach($r as $item) {
+ $comment = '';
+ $template = $tpl;
+
+ $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
+
+
+ if(can_write_wall($a,$a->profile['uid'])) {
+ if($item['last-child']) {
+ $comment = replace_macros($cmnt_tpl,array(
+ '$return_path' => $_SESSION['return_url'],
+ '$type' => 'wall-comment',
+ '$id' => $item['item_id'],
+ '$parent' => $item['parent'],
+ '$profile_uid' => $a->profile['uid'],
+ '$mylink' => $contact['url'],
+ '$mytitle' => t('Me'),
+ '$myphoto' => $contact['thumb'],
+ '$ww' => ''
+ ));
+ }
+ }
+
+
+ $profile_url = $item['url'];
+
+
+ $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
+
+
+ // Top-level wall post not written by the wall owner (wall-to-wall)
+ // First figure out who owns it.
+
+ if(($item['parent'] == $item['item_id']) && (! $item['self'])) {
+
+ if($item['type'] == 'wall') {
+ // I do. Put me on the left of the wall-to-wall notice.
+ $owner_url = $a->contact['url'];
+ $owner_photo = $a->contact['thumb'];
+ $owner_name = $a->contact['name'];
+ $template = $wallwall;
+ $commentww = 'ww';
+ }
+ if($item['type'] == 'remote' && ($item['owner-link'] != $item['author-link'])) {
+ // Could be anybody.
+ $owner_url = $item['owner-link'];
+ $owner_photo = $item['owner-avatar'];
+ $owner_name = $item['owner-name'];
+ $template = $wallwall;
+ $commentww = 'ww';
+ // If it is our contact, use a friendly redirect link
+ if(($item['owner-link'] == $item['url']) && ($item['rel'] == DIRECTION_IN || $item['rel'] == DIRECTION_BOTH))
+ $owner_url = $redirect_url;
+ $owner_url = $redirect_url;
+
+ }
+ }
+
+
+
+
+ $profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']);
+ $profile_avatar = ((strlen($item['author-avatar'])) ? $item['author-avatar'] : $item['thumb']);
+ $profile_link = $profile_url;
+
+ $drop = '';
+
+ if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == get_uid()))
+ $drop = replace_macros(file_get_contents('view/wall_item_drop.tpl'), array('$id' => $item['id']));
+
+
+ $o .= replace_macros($template,array(
+ '$id' => $item['item_id'],
+ '$profile_url' => $profile_link,
+ '$name' => $profile_name,
+ '$thumb' => $profile_avatar,
+ '$title' => $item['title'],
+ '$body' => bbcode($item['body']),
+ '$ago' => relative_date($item['created']),
+ '$location' => (($item['location']) ? '<a target="map" href="http://maps.google.com/?q=' . urlencode($item['location']) . '">' . $item['location'] . '</a>' : ''),
+ '$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
+ '$drop' => $drop,
+ '$comment' => $comment
+ ));
+
+ }
+ }
+
+ return $o;
+} \ No newline at end of file
diff --git a/mod/group.php b/mod/group.php
index fbd38bfeb..201c61f2a 100644
--- a/mod/group.php
+++ b/mod/group.php
@@ -5,9 +5,10 @@ function validate_members(&$item) {
}
function group_init(&$a) {
- require_once('include/group.php');
- $a->page['aside'] = group_side();
-
+ if(local_user()) {
+ require_once('include/group.php');
+ $a->page['aside'] = group_side();
+ }
}
@@ -21,10 +22,10 @@ function group_post(&$a) {
if(($a->argc == 2) && ($a->argv[1] == 'new')) {
$name = notags(trim($_POST['groupname']));
- $r = group_add($_SESSION['uid'],$name);
+ $r = group_add(get_uid(),$name);
if($r) {
notice( t('Group created.') . EOL );
- $r = group_byname($_SESSION['uid'],$name);
+ $r = group_byname(get_uid(),$name);
if($r)
goaway($a->get_baseurl() . '/group/' . $r);
}
@@ -36,18 +37,19 @@ function group_post(&$a) {
if(($a->argc == 2) && (intval($a->argv[1]))) {
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(! count($r)) {
notice( t('Group not found.') . EOL );
goaway($a->get_baseurl() . '/contacts');
+ return; // NOTREACHED
}
$group = $r[0];
$groupname = notags(trim($_POST['groupname']));
if((strlen($groupname)) && ($groupname != $group['name'])) {
$r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
dbesc($groupname),
- intval($_SESSION['uid']),
+ intval(get_uid()),
intval($group['id'])
);
if($r)
@@ -57,14 +59,14 @@ function group_post(&$a) {
array_walk($members,'validate_members');
$r = q("DELETE FROM `group_member` WHERE `gid` = %d AND `uid` = %d",
intval($a->argv[1]),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
$result = true;
if(count($members)) {
foreach($members as $member) {
$r = q("INSERT INTO `group_member` ( `uid`, `gid`, `contact-id`)
VALUES ( %d, %d, %d )",
- intval($_SESSION['uid']),
+ intval(get_uid()),
intval($group['id']),
intval($member)
);
@@ -74,9 +76,9 @@ function group_post(&$a) {
}
if($result)
notice( t('Membership list updated.') . EOL);
- $a->page['aside'] = group_side();
+ $a->page['aside'] = group_side();
}
-
+ return;
}
function group_content(&$a) {
@@ -88,20 +90,18 @@ function group_content(&$a) {
if(($a->argc == 2) && ($a->argv[1] == 'new')) {
$tpl = file_get_contents('view/group_new.tpl');
- $o .= replace_macros($tpl,array(
-
- ));
-
+ $o .= replace_macros($tpl,array());
+ return $o;
}
if(($a->argc == 3) && ($a->argv[1] == 'drop')) {
if(intval($a->argv[2])) {
$r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[2]),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(count($r))
- $result = group_rmv($_SESSION['uid'],$r[0]['name']);
+ $result = group_rmv(get_uid(),$r[0]['name']);
if($result)
notice( t('Group removed.') . EOL);
else
@@ -116,10 +116,10 @@ function group_content(&$a) {
require_once('view/acl_selectors.php');
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(! count($r)) {
- notice( t("Group not found.") . EOL );
+ notice( t('Group not found.') . EOL );
goaway($a->get_baseurl() . '/contacts');
}
$group = $r[0];
@@ -145,11 +145,6 @@ function group_content(&$a) {
));
}
-
-
-
-
-
return $o;
} \ No newline at end of file
diff --git a/mod/invite.php b/mod/invite.php
index c63eb568b..efe0a59b1 100644
--- a/mod/invite.php
+++ b/mod/invite.php
@@ -32,9 +32,7 @@ function invite_post(&$a) {
}
notice( $total . t(' messages sent.') . EOL);
-
-
-
+ return;
}
@@ -58,6 +56,4 @@ function invite_content(&$a) {
));
return $o;
-
-
} \ No newline at end of file
diff --git a/mod/item.php b/mod/item.php
index c790d31da..08f65dca1 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -29,7 +29,7 @@ function item_post(&$a) {
if(! can_write_wall($a,$profile_uid)) {
- notice("Permission denied." . EOL) ;
+ notice( t('Permission denied.') . EOL) ;
return;
}
@@ -42,37 +42,14 @@ function item_post(&$a) {
$user = $r[0];
- $str_group_allow = '';
- $group_allow = $_POST['group_allow'];
- if(is_array($group_allow)) {
- array_walk($group_allow,'sanitise_acl');
- $str_group_allow = implode('',$group_allow);
- }
-
- $str_contact_allow = '';
- $contact_allow = $_POST['contact_allow'];
- if(is_array($contact_allow)) {
- array_walk($contact_allow,'sanitise_acl');
- $str_contact_allow = implode('',$contact_allow);
- }
+ $str_group_allow = perms2str($_POST['group_allow']);
+ $str_contact_allow = perms2str($_POST['contact_allow']);
+ $str_group_deny = perms2str($_POST['group_deny']);
+ $str_contact_deny = perms2str($_POST['contact_deny']);
- $str_group_deny = '';
- $group_deny = $_POST['group_deny'];
- if(is_array($group_deny)) {
- array_walk($group_deny,'sanitise_acl');
- $str_group_deny = implode('',$group_deny);
- }
-
- $str_contact_deny = '';
- $contact_deny = $_POST['contact_deny'];
- if(is_array($contact_deny)) {
- array_walk($contact_deny,'sanitise_acl');
- $str_contact_deny = implode('',$contact_deny);
- }
-
- $title = notags(trim($_POST['title']));
- $body = escape_tags(trim($_POST['body']));
- $location = notags(trim($_POST['location']));
+ $title = notags(trim($_POST['title']));
+ $body = escape_tags(trim($_POST['body']));
+ $location = notags(trim($_POST['location']));
if(! strlen($body)) {
notice( t('Empty post discarded.') . EOL );
@@ -128,18 +105,7 @@ function item_post(&$a) {
$notify_type = (($parent) ? 'comment-new' : 'wall-new' );
- do {
- $dups = false;
- $hash = random_string();
-
- $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $profile_uid . ':' . $hash;
-
- $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
- dbesc($uri));
- if(count($r))
- $dups = true;
- } while($dups == true);
-
+ $uri = item_new_uri($a->get_hostname(),$profile_uid);
$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`,
`author-name`, `author-link`, `author-avatar`, `created`,
@@ -246,7 +212,7 @@ function item_post(&$a) {
$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
- proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"$notify_type\" \"$post_id\" &",
+ proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"$notify_type\" \"$post_id\" > notify.out &",
array(),$foo));
goaway($a->get_baseurl() . "/" . $_POST['return'] );
@@ -335,7 +301,7 @@ function item_content(&$a) {
// send the notification upstream/downstream as the case may be
- proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" &",
+ proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" > drop.out &",
array(), $foo));
goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
diff --git a/mod/message.php b/mod/message.php
index b8236641a..2048cff1f 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -70,7 +70,7 @@ function message_post(&$a) {
$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
if($post_id) {
- proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"mail\" \"$post_id\" &",
+ proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"mail\" \"$post_id\" > mail.out &",
array(),$foo));
notice( t('Message sent.') . EOL );
}
diff --git a/mod/notifications.php b/mod/notifications.php
index b5b97cc94..6422b3b00 100644
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -17,7 +17,7 @@ function notifications_post(&$a) {
WHERE `request-id` = %d
AND `uid` = %d LIMIT 1",
intval($request_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(count($r)) {
@@ -28,10 +28,13 @@ function notifications_post(&$a) {
return;
}
if($_POST['submit'] == t('Discard')) {
- $r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", intval($intro_id));
- $r = q("DELETE `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ $r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
+ intval($intro_id)
+ );
+ $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($request_id),
- intval($_SESSION['uid']));
+ intval(get_uid())
+ );
return;
}
if($_POST['submit'] == t('Ignore')) {
diff --git a/mod/photos.php b/mod/photos.php
index 0558f746a..01a9e5f54 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -36,8 +36,7 @@ function photos_init(&$a) {
}
$a->page['aside'] .= $o;
}
-
-
+ return;
}
@@ -53,7 +52,7 @@ function photos_post(&$a) {
- $r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
+ $r = q("SELECT `contact`.* `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
intval($_SESSION['uid'])
);
@@ -95,7 +94,7 @@ function photos_post(&$a) {
$res = array();
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
- intval($_SESSION['uid']),
+ intval(get_uid()),
dbesc($album)
);
if(count($r)) {
@@ -110,17 +109,17 @@ function photos_post(&$a) {
$str_res = implode(',', $res);
q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
- intval($_SESSION['uid'])
+ intval(get_uid())
);
$r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(count($r)) {
foreach($r as $rr) {
q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
dbesc(datetime_convert()),
dbesc($rr['parent-uri']),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
$drop_id = intval($rr['id']);
@@ -141,24 +140,24 @@ function photos_post(&$a) {
if(($a->argc > 1) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
$r = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
- intval($_SESSION['uid']),
+ intval(get_uid()),
dbesc($a->argv[1])
);
if(count($r)) {
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
- intval($_SESSION['uid']),
+ intval(get_uid()),
dbesc($r[0]['resource-id'])
);
$i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($r[0]['resource-id']),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(count($i)) {
q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($i[0]['uri']),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
$url = $a->get_baseurl();
@@ -187,13 +186,13 @@ function photos_post(&$a) {
$p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
dbesc($resource_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if(count($r)) {
$r = q("UPDATE `photo` SET `desc` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
dbesc($desc),
dbesc($resource_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
}
if(! $item_id) {
@@ -207,24 +206,13 @@ function photos_post(&$a) {
. '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]'
. '[/url]';
- do {
- $dups = false;
- $item_hash = random_string();
-
- $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $_SESSION['uid'] . ':' . $item_hash;
-
- $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
- dbesc($uri));
- if(count($r))
- $dups = true;
- } while($dups == true);
-
+ $uri = item_new_uri($a->get_hostname(),get_uid());
$r = q("INSERT INTO `item` (`uid`, `type`, `resource-id`, `contact-id`,
`owner-name`,`owner-link`,`owner-avatar`, `created`,
`edited`, `changed`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
VALUES( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
- intval($_SESSION['uid']),
+ intval(get_uid()),
dbesc('photo'),
dbesc($p[0]['resource-id']),
intval($contact_record['id']),
@@ -263,7 +251,7 @@ function photos_post(&$a) {
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($item_id),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
@@ -293,45 +281,22 @@ function photos_post(&$a) {
$r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
dbesc($album),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if((! count($r)) || ($album == t('Profile Photos')))
$visible = 1;
else
$visibile = 0;
- $str_group_allow = '';
- $group_allow = $_POST['group_allow'];
- if(is_array($group_allow)) {
- array_walk($group_allow,'sanitise_acl');
- $str_group_allow = implode('',$group_allow);
- }
-
- $str_contact_allow = '';
- $contact_allow = $_POST['contact_allow'];
- if(is_array($contact_allow)) {
- array_walk($contact_allow,'sanitise_acl');
- $str_contact_allow = implode('',$contact_allow);
- }
- $str_group_deny = '';
- $group_deny = $_POST['group_deny'];
- if(is_array($group_deny)) {
- array_walk($group_deny,'sanitise_acl');
- $str_group_deny = implode('',$group_deny);
- }
-
- $str_contact_deny = '';
- $contact_deny = $_POST['contact_deny'];
- if(is_array($contact_deny)) {
- array_walk($contact_deny,'sanitise_acl');
- $str_contact_deny = implode('',$contact_deny);
- }
+ $str_group_allow = perms2str($_POST['group_allow']);
+ $str_contact_allow = perms2str($_POST['contact_allow']);
+ $str_group_deny = perms2str($_POST['group_deny']);
+ $str_contact_deny = perms2str($_POST['contact_deny']);
-
- $src = $_FILES['userfile']['tmp_name'];
- $filename = basename($_FILES['userfile']['name']);
- $filesize = intval($_FILES['userfile']['size']);
+ $src = $_FILES['userfile']['tmp_name'];
+ $filename = basename($_FILES['userfile']['name']);
+ $filesize = intval($_FILES['userfile']['size']);
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata);
@@ -351,7 +316,7 @@ function photos_post(&$a) {
$photo_hash = hash('md5',uniqid(mt_rand(),true));
- $r = $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+ $r = $ph->store(get_uid(), 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
if(! $r) {
notice( t('Image upload failed.') . EOL );
@@ -360,13 +325,13 @@ function photos_post(&$a) {
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
- $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+ $ph->store(get_uid(), 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 1;
}
if($width > 320 || $height > 320) {
$ph->scaleImage(320);
- $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+ $ph->store(get_uid(), 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 2;
}
@@ -378,23 +343,12 @@ function photos_post(&$a) {
. '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]'
. '[/url]';
- do {
- $dups = false;
- $item_hash = random_string();
-
- $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $_SESSION['uid'] . ':' . $item_hash;
-
- $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
- dbesc($uri));
- if(count($r))
- $dups = true;
- } while($dups == true);
-
+ $uri = item_new_uri($a->get_hostname(), get_uid());
$r = q("INSERT INTO `item` (`uid`, `type`, `resource-id`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`,
`edited`, `changed`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `visible`)
VALUES( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )",
- intval($_SESSION['uid']),
+ intval(get_uid()),
dbesc('photo'),
dbesc($photo_hash),
intval($contact_record['id']),
@@ -492,7 +446,7 @@ function photos_content(&$a) {
// Profile owner - everything is visible
- if(local_user() && ($_SESSION['uid'] == $owner_uid)) {
+ if(local_user() && (get_uid() == $owner_uid)) {
$sql_extra = '';
}
elseif(remote_user()) {
@@ -521,7 +475,7 @@ function photos_content(&$a) {
if($datatype == 'upload') {
- if( ! (local_user() && ($_SESSION['uid'] == $a->data['user']['uid']))) {
+ if( ! (local_user() && (get_uid() == $a->data['user']['uid']))) {
notice( t('Permission denied.'));
return;
}
@@ -581,7 +535,7 @@ function photos_content(&$a) {
if($cmd == 'edit') {
if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
- if(local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
+ if(local_user() && (get_uid() == $a->data['user']['uid'])) {
$edit_tpl = file_get_contents('view/album_edit.tpl');
$o .= replace_macros($edit_tpl,array(
'$nametext' => t('New album name: '),
@@ -595,7 +549,7 @@ function photos_content(&$a) {
}
else {
if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
- if(local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
+ if(local_user() && (get_uid() == $a->data['user']['uid'])) {
$o .= '<div id="album-edit-link"><a href="'. $a->get_baseurl() . '/photos/'
. $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">'
. t('Edit Album') . '</a></div>';
@@ -654,7 +608,7 @@ function photos_content(&$a) {
$o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']) . '">' . $ph[0]['album'] . '</a></h3>';
- if(local_user() && ($ph[0]['uid'] == $_SESSION['uid'])) {
+ if(local_user() && ($ph[0]['uid'] == get_uid())) {
$o .= '<div id="photo-edit-link-wrap" ><a id="photo-edit-link" href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit' . '">' . t('Edit photo') . '</a></div>';
}
@@ -773,7 +727,7 @@ function photos_content(&$a) {
$profile_url = $item['url'];
- if(local_user() && ($item['contact-uid'] == $_SESSION['uid'])
+ if(local_user() && ($item['contact-uid'] == get_uid())
&& ($item['rel'] == DIRECTION_IN || $item['rel'] == DIRECTION_BOTH) && (! $item['self'] ))
$profile_url = $redirect_url;
@@ -783,7 +737,7 @@ function photos_content(&$a) {
$drop = '';
- if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == $_SESSION['uid']))
+ if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == get_uid()))
$drop = replace_macros(file_get_contents('view/wall_item_drop.tpl'), array('$id' => $item['id']));
@@ -828,7 +782,7 @@ function photos_content(&$a) {
$o .= '<h3>' . t('Recent Photos') . '</h3>';
- if( local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
+ if( local_user() && (get_uid() == $a->data['user']['uid'])) {
$o .= '<div id="photo-top-links"><a id="photo-top-upload-link" href="'. $a->get_baseurl() . '/photos/'
. $a->data['user']['nickname'] . '/upload' . '">' . t('Upload New Photos') . '</a></div>';
}
diff --git a/mod/ping.php b/mod/ping.php
index 7e96b7121..9f7191758 100644
--- a/mod/ping.php
+++ b/mod/ping.php
@@ -9,26 +9,26 @@ function ping_init(&$a) {
$r = q("SELECT COUNT(*) AS `total` FROM `item`
WHERE `unseen` = 1 AND `visible` = 1 AND `deleted` = 0 AND `uid` = %d",
- intval($_SESSION['uid'])
+ intval(get_uid())
);
$network = $r[0]['total'];
$r = q("SELECT COUNT(*) AS `total` FROM `item`
WHERE `unseen` = 1 AND `visible` = 1 AND `deleted` = 0 AND `uid` = %d AND `type` != 'remote' ",
- intval($_SESSION['uid'])
+ intval(get_uid())
);
$home = $r[0]['total'];
$r = q("SELECT COUNT(*) AS `total` FROM `intro`
WHERE `uid` = %d AND `blocked` = 0 AND `ignore` = 0 ",
- intval($_SESSION['uid'])
+ intval(get_uid())
);
$intro = $r[0]['total'];
$myurl = $a->get_baseurl() . '/profile/' . $user['nickname'] ;
$r = q("SELECT COUNT(*) AS `total` FROM `mail`
WHERE `uid` = %d AND `seen` = 0 AND `from-url` != '%s' ",
- intval($_SESSION['uid']),
+ intval(get_uid()),
dbesc($myurl)
);
diff --git a/mod/profile.php b/mod/profile.php
index c5047d615..1520afff7 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -24,7 +24,7 @@ function profile_load(&$a, $username, $profile = 0) {
);
if(($r === false) || (! count($r))) {
- notice("No profile" . EOL );
+ notice( t('No profile') . EOL );
$a->error = 404;
return;
}
@@ -44,20 +44,11 @@ function profile_init(&$a) {
if($a->argc > 1)
$which = $a->argv[1];
else {
- notice("No profile" . EOL );
+ notice( t('No profile') . EOL );
$a->error = 404;
return;
}
- if((remote_user()) && ($a->argc > 2) && ($a->argv[2] == 'visit'))
- $_SESSION['is_visitor'] = 1;
-// else {
-// unset($_SESSION['is_visitor']);
-// unset($_SESSION['visitor_id']);
-// if(! $_SESSION['uid'])
-// unset($_SESSION['authenticated']);
-// }
-
$profile = 0;
if((local_user()) && ($a->argc > 2) && ($a->argv[2] == 'view')) {
$which = $a->user['nickname'];
@@ -173,7 +164,7 @@ function profile_content(&$a, $update = false) {
// Profile owner - everything is visible
- if(local_user() && ($_SESSION['uid'] == $a->profile['uid'])) {
+ if(local_user() && ($_SESSION['uid'] == $a->profile['profile_uid'])) {
$sql_extra = '';
// Oh - while we're here... reset the Unseen messages
diff --git a/mod/profiles.php b/mod/profiles.php
index 3cf2aca80..5ee9a3e96 100644
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -163,7 +163,7 @@ function profiles_content(&$a) {
}
if(($a->argc > 2) && ($a->argv[1] == "drop") && intval($a->argv[2])) {
- $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is-default` = 0 LIMIT 1",
+ $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is-default` = 0 AND `self` = 0 LIMIT 1",
intval($a->argv[2]),
intval($_SESSION['uid'])
);
diff --git a/mod/settings.php b/mod/settings.php
index f9cc429df..9e7a6654e 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -2,25 +2,20 @@
function settings_init(&$a) {
-
- if(! local_user()) {
- notice("Permission denied." . EOL);
- $a->error = 404;
- return;
+ if(local_user()) {
+ require_once("mod/profile.php");
+ profile_load($a,$a->user['nickname']);
}
- require_once("mod/profile.php");
- profile_load($a,$a->user['nickname']);
}
function settings_post(&$a) {
-
if(! local_user()) {
notice( t('Permission denied.') . EOL);
return;
}
- if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) {
+ if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != get_uid()) {
notice( t('Permission denied.') . EOL);
return;
}
@@ -44,7 +39,7 @@ function settings_post(&$a) {
$password = hash('whirlpool',$newpass);
$r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($password),
- intval($_SESSION['uid']));
+ intval(get_uid());
if($r)
notice( t('Password changed.') . EOL);
else
@@ -52,15 +47,15 @@ function settings_post(&$a) {
}
}
- $theme = notags(trim($_POST['theme']));
- $username = notags(trim($_POST['username']));
- $email = notags(trim($_POST['email']));
- $timezone = notags(trim($_POST['timezone']));
- $defloc = notags(trim($_POST['defloc']));
+ $theme = notags(trim($_POST['theme']));
+ $username = notags(trim($_POST['username']));
+ $email = notags(trim($_POST['email']));
+ $timezone = notags(trim($_POST['timezone']));
+ $defloc = notags(trim($_POST['defloc']));
- $publish = (($_POST['profile_in_directory'] == 1) ? 1: 0);
- $net_publish = (($_POST['profile_in_netdirectory'] == 1) ? 1: 0);
- $old_visibility = ((intval($_POST['visibility']) == 1) ? 1 : 0);
+ $publish = (($_POST['profile_in_directory'] == 1) ? 1: 0);
+ $net_publish = (($_POST['profile_in_netdirectory'] == 1) ? 1: 0);
+ $old_visibility = ((intval($_POST['visibility']) == 1) ? 1 : 0);
$notify = 0;
@@ -75,13 +70,11 @@ function settings_post(&$a) {
if($_POST['notify5'])
$notify += intval($_POST['notify5']);
- $username_changed = false;
$email_changed = false;
- $zone_changed = false;
+
$err = '';
if($username != $a->user['username']) {
- $username_changed = true;
if(strlen($username) > 40)
$err .= t(' Please use a shorter name.');
if(strlen($username) < 3)
@@ -104,38 +97,15 @@ function settings_post(&$a) {
return;
}
if($timezone != $a->user['timezone']) {
- $zone_changed = true;
if(strlen($timezone))
date_default_timezone_set($timezone);
}
- $str_group_allow = '';
- $group_allow = $_POST['group_allow'];
- if(is_array($group_allow)) {
- array_walk($group_allow,'sanitise_acl');
- $str_group_allow = implode('',$group_allow);
- }
-
- $str_contact_allow = '';
- $contact_allow = $_POST['contact_allow'];
- if(is_array($contact_allow)) {
- array_walk($contact_allow,'sanitise_acl');
- $str_contact_allow = implode('',$contact_allow);
- }
- $str_group_deny = '';
- $group_deny = $_POST['group_deny'];
- if(is_array($group_deny)) {
- array_walk($group_deny,'sanitise_acl');
- $str_group_deny = implode('',$group_deny);
- }
-
- $str_contact_deny = '';
- $contact_deny = $_POST['contact_deny'];
- if(is_array($contact_deny)) {
- array_walk($contact_deny,'sanitise_acl');
- $str_contact_deny = implode('',$contact_deny);
- }
+ $str_group_allow = perms2str($_POST['group_allow']);
+ $str_contact_allow = perms2str($_POST['contact_allow']);
+ $str_group_deny = perms2str($_POST['group_deny']);
+ $str_contact_deny = perms2str($_POST['contact_deny']);
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `default-location` = '%s', `theme` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($username),
@@ -148,7 +118,7 @@ function settings_post(&$a) {
intval($notify),
dbesc($defloc),
dbesc($theme),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if($r)
notice( t('Settings updated.') . EOL);
@@ -158,7 +128,7 @@ function settings_post(&$a) {
WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",
intval($publish),
intval($net_publish),
- intval($_SESSION['uid'])
+ intval(get_uid())
);
if($old_visibility != $net_publish) {
@@ -178,6 +148,7 @@ function settings_post(&$a) {
}
goaway($a->get_baseurl() . '/settings' );
+ return; // NOTREACHED
}
@@ -210,28 +181,23 @@ function settings_content(&$a) {
$opt_tpl = file_get_contents("view/profile-in-directory.tpl");
$profile_in_dir = replace_macros($opt_tpl,array(
- '$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""),
- '$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "")
+ '$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""),
+ '$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "")
));
if(strlen(get_config('system','directory_submit_url'))) {
$opt_tpl = file_get_contents("view/profile-in-netdir.tpl");
$profile_in_net_dir = replace_macros($opt_tpl,array(
- '$yes_selected' => (($profile['net-publish']) ? " checked=\"checked\" " : ""),
- '$no_selected' => (($profile['net-publish'] == 0) ? " checked=\"checked\" " : "")
+ '$yes_selected' => (($profile['net-publish']) ? " checked=\"checked\" " : ""),
+ '$no_selected' => (($profile['net-publish'] == 0) ? " checked=\"checked\" " : "")
));
}
else
$profile_in_net_dir = '';
-
-
-
-
$nickname_block = file_get_contents("view/settings_nick_set.tpl");
-
$nickname_subdir = '';
if(strlen($a->get_path())) {
$subdir_tpl = file_get_contents('view/settings_nick_subdir.tpl');