diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/contacts.php | 99 | ||||
-rw-r--r-- | mod/dfrn_confirm.php | 101 | ||||
-rw-r--r-- | mod/dfrn_notify.php | 72 | ||||
-rw-r--r-- | mod/dfrn_poll.php | 17 | ||||
-rw-r--r-- | mod/dfrn_request.php | 19 | ||||
-rw-r--r-- | mod/display.php | 198 | ||||
-rw-r--r-- | mod/group.php | 43 | ||||
-rw-r--r-- | mod/invite.php | 6 | ||||
-rw-r--r-- | mod/item.php | 56 | ||||
-rw-r--r-- | mod/message.php | 2 | ||||
-rw-r--r-- | mod/notifications.php | 11 | ||||
-rw-r--r-- | mod/photos.php | 118 | ||||
-rw-r--r-- | mod/ping.php | 8 | ||||
-rw-r--r-- | mod/profile.php | 15 | ||||
-rw-r--r-- | mod/profiles.php | 2 | ||||
-rw-r--r-- | mod/settings.php | 84 |
16 files changed, 478 insertions, 373 deletions
diff --git a/mod/contacts.php b/mod/contacts.php index 7baeb3e14..2469e0c6f 100644 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -1,5 +1,7 @@ <?php +require_once('include/Contact.php'); + function contacts_init(&$a) { require_once('include/group.php'); $a->page['aside'] .= group_side(); @@ -9,7 +11,6 @@ function contacts_init(&$a) { } function contacts_post(&$a) { - if(! local_user()) return; @@ -20,11 +21,11 @@ function contacts_post(&$a) { $orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), - intval($_SESSION['uid']) + intval(get_uid()) ); if(! count($orig_record)) { - notice("Could not access contact record." . EOL); + notice( t('Could not access contact record.') . EOL); goaway($a->get_baseurl() . '/contacts'); return; // NOTREACHED } @@ -33,7 +34,7 @@ function contacts_post(&$a) { if($profile_id) { $r = q("SELECT `id` FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($profile_id), - intval($_SESSION['uid']) + intval(get_uid()) ); if(! count($r)) { notice( t('Could not locate selected profile.') . EOL); @@ -57,7 +58,7 @@ function contacts_post(&$a) { intval($rating), dbesc($reason), intval($contact_id), - intval($_SESSION['uid']) + intval(get_uid()) ); if($r) notice( t('Contact updated.') . EOL); @@ -86,7 +87,7 @@ function contacts_content(&$a) { $orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), - intval($_SESSION['uid']) + intval(get_uid()) ); if(! count($orig_record)) { @@ -101,13 +102,12 @@ function contacts_content(&$a) { $r = q("UPDATE `contact` SET `blocked` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($blocked), intval($contact_id), - intval($_SESSION['uid']) + intval(get_uid()) ); if($r) { - $msg = t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL ; - notice($msg); + notice( t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL ); } - goaway($a->get_baseurl() ."/contacts/$contact_id"); + goaway($a->get_baseurl() . '/contacts/' . $contact_id); return; // NOTREACHED } @@ -116,32 +116,17 @@ function contacts_content(&$a) { $r = q("UPDATE `contact` SET `readonly` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($readonly), intval($contact_id), - intval($_SESSION['uid']) + intval(get_uid()) ); if($r) { - $msg = t('Contact has been ') . (($readonly) ? t('ignored') : t('unignored')) . EOL ; - notice($msg); + notice( t('Contact has been ') . (($readonly) ? t('ignored') : t('unignored')) . EOL ); } - goaway($a->get_baseurl() ."/contacts/$contact_id"); + goaway($a->get_baseurl() . '/contacts/' . $contact_id); return; // NOTREACHED } if($cmd == 'drop') { - $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($_SESSION['uid']) - ); - - q("DELETE FROM `item` WHERE `contact-id` = %d AND `uid` = %d ", - intval($contact_id), - intval($_SESSION['uid']) - ); - q("DELETE FROM `photo` WHERE `contact-id` = %d AND `uid` = %d ", - - intval($contact_id), - intval($_SESSION['uid']) - ); - + contact_remove($contact_id); notice( t('Contact has been removed.') . EOL ); goaway($a->get_baseurl() . '/contacts'); return; // NOTREACHED @@ -152,7 +137,7 @@ function contacts_content(&$a) { $contact_id = intval($a->argv[1]); $r = q("SELECT * FROM `contact` WHERE `uid` = %d and `id` = %d LIMIT 1", - $_SESSION['uid'], + intval(get_uid()), intval($contact_id) ); if(! count($r)) { @@ -164,23 +149,22 @@ function contacts_content(&$a) { $tpl = file_get_contents("view/contact_edit.tpl"); - $direction = ''; - if(strlen($r[0]['issued-id'])) { - if(strlen($r[0]['dfrn-id'])) { - $direction = DIRECTION_BOTH; + switch($r[0]['rel']) { + case DIRECTION_BOTH: $dir_icon = 'images/lrarrow.gif'; $alt_text = t('Mutual Friendship'); - } - else { - $direction = DIRECTION_IN; + break; + case DIRECTION_IN; $dir_icon = 'images/larrow.gif'; $alt_text = t('is a fan of yours'); - } - } - else { - $direction = DIRECTION_OUT; - $dir_icon = 'images/rarrow.gif'; - $alt_text = t('you are a fan of'); + break; + + case DIRECTION_OUT; + $dir_icon = 'images/rarrow.gif'; + $alt_text = t('you are a fan of'); + break; + default: + break; } $o .= replace_macros($tpl,array( @@ -201,7 +185,7 @@ function contacts_content(&$a) { '$name' => $r[0]['name'], '$dir_icon' => $dir_icon, '$alt_text' => $alt_text, - '$url' => (($direction != DIRECTION_OUT) ? "redir/{$r[0]['id']}" : $r[0]['url'] ) + '$url' => (($r[0]['rel'] != DIRECTION_OUT) ? "redir/{$r[0]['id']}" : $r[0]['url'] ) )); @@ -269,23 +253,22 @@ function contacts_content(&$a) { foreach($r as $rr) { if($rr['self']) continue; - $direction = ''; - if(strlen($rr['issued-id'])) { - if(strlen($rr['dfrn-id'])) { - $direction = DIRECTION_BOTH; + + switch($rr['rel']) { + case DIRECTION_BOTH: $dir_icon = 'images/lrarrow.gif'; $alt_text = t('Mutual Friendship'); - } - else { - $direction = DIRECTION_IN; + break; + case DIRECTION_IN; $dir_icon = 'images/larrow.gif'; $alt_text = t('is a fan of yours'); - } - } - else { - $direction = DIRECTION_OUT; - $dir_icon = 'images/rarrow.gif'; - $alt_text = t('you are a fan of'); + break; + case DIRECTION_OUT; + $dir_icon = 'images/rarrow.gif'; + $alt_text = t('you are a fan of'); + break; + default: + break; } $o .= replace_macros($tpl, array( @@ -296,7 +279,7 @@ function contacts_content(&$a) { '$dir_icon' => $dir_icon, '$thumb' => $rr['thumb'], '$name' => $rr['name'], - '$url' => (($direction != DIRECTION_OUT) ? "redir/{$rr['id']}" : $rr['url'] ) + '$url' => (($rr['rel'] != DIRECTION_OUT) ? "redir/{$rr['id']}" : $rr['url'] ) )); } $o .= '<div id="contact-edit-end"></div>'; diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 69c93abd6..86227d537 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -12,9 +12,12 @@ function dfrn_confirm_post(&$a) { // We are processing an external confirmation to an introduction created by our user. $public_key = $_POST['public_key']; - $dfrn_id = $_POST['dfrn_id']; + $dfrn_id = $_POST['dfrn_id']; $source_url = $_POST['source_url']; - $aes_key = $_POST['aes_key']; + $aes_key = $_POST['aes_key']; + $duplex = $_POST['duplex']; + $version_id = $_POST['dfrn_version']; + // Find our user's account @@ -23,15 +26,15 @@ function dfrn_confirm_post(&$a) { if(! count($r)) { xml_status(3); // failure + return; // NOTREACHED } $my_prvkey = $r[0]['prvkey']; $local_uid = $r[0]['uid']; - $decrypted_source_url = ""; - // verify everything + $decrypted_source_url = ""; openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey); @@ -41,15 +44,17 @@ function dfrn_confirm_post(&$a) { if(! count($ret)) { // this is either a bogus confirmation or we deleted the original introduction. - xml_status(3); + xml_status(3); + return; // NOTREACHED } - $relation = $r[0]['rel']; + $relation = $ret[0]['rel']; // Decrypt all this stuff we just received $foreign_pubkey = $ret[0]['site-pubkey']; - $dfrn_record = $ret[0]['id']; + $dfrn_record = $ret[0]['id']; + $decrypted_dfrn_id = ""; openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey); @@ -64,14 +69,18 @@ function dfrn_confirm_post(&$a) { $r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1", dbesc($decrypted_dfrn_id), - intval($local_uid)); - if(count($r)) + intval($local_uid) + ); + if(count($r)) { xml_status(1); // Birthday paradox - duplicate dfrn-id + return; // NOTREACHED + } $r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1", dbesc($decrypted_dfrn_id), dbesc($dfrn_pubkey), - intval($dfrn_record)); + intval($dfrn_record) + ); if($r) { // We're good but now we have to scrape the profile photo and send notifications. @@ -118,13 +127,29 @@ function dfrn_confirm_post(&$a) { $thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg'; } - $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `rel` = %d, `name-date` = '%s', `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, `pending` = 0, `network` = 'dfrn' WHERE `id` = %d LIMIT 1", + $new_relation = DIRECTION_OUT; + if(($relation == DIRECTION_IN) || ($duplex)) + $new_relation = DIRECTION_BOTH; + + $r = q("UPDATE `contact` SET + `photo` = '%s', + `thumb` = '%s', + `rel` = %d, + `name-date` = '%s', + `uri-date` = '%s', + `avatar-date` = '%s', + `blocked` = 0, + `pending` = 0, + `duplex` = %d, + `network` = 'dfrn' WHERE `id` = %d LIMIT 1 + ", dbesc($photo), dbesc($thumb), - intval(($relation == DIRECTION_IN) ? DIRECTION_BOTH: DIRECTION_OUT), + intval($new_relation), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), + intval($duplex), intval($dfrn_record) ); if($r === false) @@ -135,7 +160,8 @@ function dfrn_confirm_post(&$a) { $r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `contact`.`id` = %d LIMIT 1", - intval($dfrn_record)); + intval($dfrn_record) + ); if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) { $tpl = file_get_contents('view/intro_complete_eml.tpl'); @@ -151,13 +177,12 @@ function dfrn_confirm_post(&$a) { ); $res = mail($r[0]['email'], t("Introduction accepted at ") . $a->config['sitename'], - $email_tpl,t("From: Administrator@") . $_SERVER[SERVER_NAME] ); + $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] ); if(!$res) { notice( t("Email notification failed.") . EOL ); } } xml_status(0); // Success - return; // NOTREACHED } else { @@ -171,43 +196,44 @@ function dfrn_confirm_post(&$a) { // We are processing a local confirmation initiated on this system by our user to an external introduction. - $uid = $_SESSION['uid']; + $uid = get_uid(); if(! $uid) { notice( t("Permission denied.") . EOL ); return; } - $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ""); + $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ""); $intro_id = intval($_POST['intro_id']); + $duplex = intval($_POST['duplex']); $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($dfrn_id), intval($uid) ); - if((! $r) || (! count($r))) { + if(! count($r)) { notice( t('Node does not exist.') . EOL ); return; } - $contact_id = $r[0]['id']; - $relation = $r[0]['rel']; - $site_pubkey = $r[0]['site-pubkey']; + $contact_id = $r[0]['id']; + $relation = $r[0]['rel']; + $site_pubkey = $r[0]['site-pubkey']; $dfrn_confirm = $r[0]['confirm']; - $aes_allow = $r[0]['aes_allow']; + $aes_allow = $r[0]['aes_allow']; - $res=openssl_pkey_new(array( + $res = openssl_pkey_new(array( 'digest_alg' => 'whirlpool', 'private_key_bits' => 4096, - 'encrypt_key' => false )); + 'encrypt_key' => false ) + ); $private_key = ''; openssl_pkey_export($res, $private_key); - $pubkey = openssl_pkey_get_details($res); $public_key = $pubkey["key"]; @@ -222,8 +248,8 @@ function dfrn_confirm_post(&$a) { $params = array(); $src_aes_key = random_string(); - $result = ""; + $result = ''; openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']); $params['dfrn_id'] = $result; @@ -237,6 +263,10 @@ function dfrn_confirm_post(&$a) { $params['public_key'] = openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key); } + $params['dfrn_version'] = '2.0'; + if($duplex == 1) + $params['duplex'] = 1; + $res = post_url($dfrn_confirm,$params); // uncomment the following two lines and comment the following xml/status lines @@ -329,10 +359,23 @@ function dfrn_confirm_post(&$a) { $thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg'; } - $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `rel` = %d, `name-date` = '%s', `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, `pending` = 0, `network` = 'dfrn' WHERE `id` = %d LIMIT 1", + $new_relation = DIRECTION_IN; + if(($relation == DIRECTION_OUT) || ($duplex)) + $new_relation = DIRECTION_BOTH; + + $r = q("UPDATE `contact` SET `photo` = '%s', + `thumb` = '%s', + `rel` = %d, + `name-date` = '%s', + `uri-date` = '%s', + `avatar-date` = '%s', + `blocked` = 0, + `pending` = 0, + `network` = 'dfrn' WHERE `id` = %d LIMIT 1 + ", dbesc($photo), dbesc($thumb), - intval(($relation == DIRECTION_OUT) ? DIRECTION_BOTH: DIRECTION_IN), + intval($new_relation), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -343,8 +386,6 @@ function dfrn_confirm_post(&$a) { goaway($a->get_baseurl() . '/contacts/' . intval($contact_id)); return; //NOTREACHED - } - return; } diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 7cab98eb8..433f69d11 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -185,43 +185,45 @@ function dfrn_notify_post(&$a) { $datarray['contact-id'] = $importer['id']; $posted_id = post_remote($a,$datarray); - $r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($posted_id), - intval($importer['importer_uid']) - ); - if(count($r)) { - $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d", - dbesc(datetime_convert()), - intval($importer['importer_uid']), - intval($r[0]['parent']) + if($posted_id) { + $r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($posted_id), + intval($importer['importer_uid']) + ); + if(count($r)) { + $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d", + dbesc(datetime_convert()), + intval($importer['importer_uid']), + intval($r[0]['parent']) + ); + } + $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", + dbesc(datetime_convert()), + intval($importer['importer_uid']), + intval($posted_id) ); - } - $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", - dbesc(datetime_convert()), - intval($importer['importer_uid']), - intval($posted_id) - ); - $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); - - proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &", - array(),$foo)); - - if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) { - require_once('bbcode.php'); - $from = stripslashes($datarray['author-name']); - $tpl = file_get_contents('view/cmnt_received_eml.tpl'); - $email_tpl = replace_macros($tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $importer['username'], - '$email' => $importer['email'], - '$from' => $from, + $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); + + proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &", + array(),$foo)); + + if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) { + require_once('bbcode.php'); + $from = stripslashes($datarray['author-name']); + $tpl = file_get_contents('view/cmnt_received_eml.tpl'); + $email_tpl = replace_macros($tpl, array( + '$sitename' => $a->config['sitename'], + '$siteurl' => $a->get_baseurl(), + '$username' => $importer['username'], + '$email' => $importer['email'], + '$from' => $from, '$body' => strip_tags(bbcode(stripslashes($datarray['body']))) - )); + )); - $res = mail($importer['email'], $from . t(" commented on your item at ") . $a->config['sitename'], - $email_tpl,t("From: Administrator@") . $a->get_hostname() ); + $res = mail($importer['email'], $from . t(" commented on your item at ") . $a->config['sitename'], + $email_tpl,t("From: Administrator@") . $a->get_hostname() ); + } } xml_status(0); return; @@ -356,7 +358,7 @@ function dfrn_notify_content(&$a) { $encrypted_id = ''; $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); - if($r[0]['duplex']) { + if(($r[0]['duplex']) && strlen($r[0]['pubkey'])) { openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); } @@ -368,7 +370,7 @@ function dfrn_notify_content(&$a) { $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); - echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ; + echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_version>2.0</dfrn_version><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ; session_write_close(); exit; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 84cb58da0..aa60abff8 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -14,6 +14,8 @@ function dfrn_poll_init(&$a) { $type = $a->config['dfrn_poll_type'] = $_GET['type']; if(x($_GET,'last_update')) $last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update']; + $dfrn_version = ((x($_GET,'dfrn_version')) ? $_GET['dfrn_version'] : '1.0'); + $destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : ''); if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) { $o = get_feed_for($a,'*', $a->argv[1],$last_update); @@ -25,7 +27,7 @@ function dfrn_poll_init(&$a) { $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` - WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex `= 1 )) LIMIT 1", + WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) LIMIT 1", dbesc($dfrn_id), dbesc($dfrn_id) ); @@ -46,10 +48,11 @@ function dfrn_poll_init(&$a) { dbesc($session_id)); } } - $profile = ((strlen($r[0]['nickname'])) ? $r[0]['nickname'] : $r[0]['uid']); - goaway($a->get_baseurl() . "/profile/$profile/visit"); + $profile = $r[0]['nickname']; + goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); } goaway($a->get_baseurl()); + } if((x($type)) && ($type == 'profile-check')) { @@ -57,8 +60,10 @@ function dfrn_poll_init(&$a) { q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time())); $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC", dbesc($dfrn_id)); - if(count($r)) + if(count($r)) { xml_status(1); + return; // NOTREACHED + } xml_status(0); return; // NOTREACHED } @@ -182,7 +187,7 @@ function dfrn_poll_content(&$a) { $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); - if($r[0]['duplex']) { + if($r[0]['duplex'] && strlen($r[0]['pubkey'])) { openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); } @@ -198,7 +203,7 @@ function dfrn_poll_content(&$a) { $status = 1; } - echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' + echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_version>2.0</dfrn_version><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ; session_write_close(); exit; diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 0fb718ab6..617d4b2d8 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -45,7 +45,7 @@ function dfrn_request_post(&$a) { if(x($dfrn_url)) { $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' LIMIT 1", - intval($_SESSION['uid']), + intval(get_uid()), dbesc($dfrn_url) ); @@ -99,7 +99,7 @@ function dfrn_request_post(&$a) { $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`, `request`, `confirm`, `notify`, `poll`, `aes_allow`) VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)", - intval($_SESSION['uid']), + intval(get_uid()), datetime_convert(), dbesc($dfrn_url), $parms['fn'], @@ -214,14 +214,19 @@ function dfrn_request_post(&$a) { ); } else { - + if(! validate_url($url)) { + notice( t('Invalid profile URL.') . EOL); + goaway($a->get_baseurl() . '/' . $a->cmd); + return; // NOTREACHED + } + require_once('Scrape.php'); $parms = scrape_dfrn($url); if(! count($parms)) { notice( t('Profile location is not valid or does not contain profile information.') . EOL ); - killme(); + goaway($a->get_baseurl() . '/' . $a->cmd); } else { if(! x($parms,'fn')) @@ -274,7 +279,7 @@ function dfrn_request_post(&$a) { } if($r === false) { - notice( 'Failed to update contact record.' . EOL ); + notice( t('Failed to update contact record.') . EOL ); return; } @@ -300,7 +305,7 @@ function dfrn_request_post(&$a) { // "Homecoming" - send the requestor back to their site to record the introduction. - $dfrn_url = bin2hex($a->get_baseurl() . "/profile/$nickname"); + $dfrn_url = bin2hex($a->get_baseurl() . '/profile/' . $nickname); $aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0); goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" . '&confirm_key=' . $hash . (($aes_allow) ? "&aes_allow=1" : "")); @@ -387,7 +392,7 @@ function dfrn_request_content(&$a) { $res = mail($r[0]['email'], t("Introduction received at ") . $a->config['sitename'], $email, - t('From: Administrator@') . $_SERVER[SERVER_NAME] ); + 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] ); // This is a redundant notification - no point throwing errors if it fails. } } diff --git a/mod/display.php b/mod/display.php new file mode 100644 index 000000000..2125e1696 --- /dev/null +++ b/mod/display.php @@ -0,0 +1,198 @@ +<?php + + +function display_content(&$a) { + + require_once('mod/profile.php'); + profile_init($a); + + $item_id = (($a->argc > 2) ? intval($a->argv[2]) : 0); + + if(! $item_id) { + $a->error = 404; + notice( t('Item not found.') . EOL); + return; + } + + require_once("include/bbcode.php"); + require_once('include/security.php'); + + + $groups = array(); + + $tab = 'posts'; + + + $contact = null; + $remote_contact = false; + + if(remote_user()) { + $contact_id = $_SESSION['visitor_id']; + $groups = init_groups_visitor($contact_id); + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval($a->profile['uid']) + ); + if(count($r)) { + $contact = $r[0]; + $remote_contact = true; + } + } + + if(! $remote_contact) { + if(local_user()) { + $contact_id = $_SESSION['cid']; + $contact = $a->contact; + } + } + + + $sql_extra = " + AND `allow_cid` = '' + AND `allow_gid` = '' + AND `deny_cid` = '' + AND `deny_gid` = '' + "; + + + // Profile owner - everything is visible + + if(local_user() && (get_uid() == $a->profile['uid'])) { + $sql_extra = ''; + } + + // authenticated visitor - here lie dragons + // If $remotecontact is true, we know that not only is this a remotely authenticated + // person, but that it is *our* contact, which is important in multi-user mode. + + elseif($remote_contact) { + $gs = '<<>>'; // should be impossible to match + if(count($groups)) { + foreach($groups as $g) + $gs .= '|<' . intval($g) . '>'; + } + $sql_extra = sprintf( + " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) + AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) + AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) + AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", + + intval($_SESSION['visitor_id']), + intval($_SESSION['visitor_id']), + dbesc($gs), + dbesc($gs) + ); + } + + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + `contact`.`name`, `contact`.`photo`, `contact`.`url`, + `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, + `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` + FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND `item`.`parent` = ( SELECT `parent` FROM `item` WHERE `id` = %d ) + $sql_extra + ORDER BY `parent` DESC, `id` ASC ", + intval($a->profile['uid']), + intval($item_id) + ); + + + $cmnt_tpl = file_get_contents('view/comment_item.tpl'); + + $tpl = file_get_contents('view/wall_item.tpl'); + + $return_url = $_SESSION['return_url'] = $a->cmd; + + if(count($r)) { + foreach($r as $item) { + $comment = ''; + $template = $tpl; + + $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ; + + + if(can_write_wall($a,$a->profile['uid'])) { + if($item['last-child']) { + $comment = replace_macros($cmnt_tpl,array( + '$return_path' => $_SESSION['return_url'], + '$type' => 'wall-comment', + '$id' => $item['item_id'], + '$parent' => $item['parent'], + '$profile_uid' => $a->profile['uid'], + '$mylink' => $contact['url'], + '$mytitle' => t('Me'), + '$myphoto' => $contact['thumb'], + '$ww' => '' + )); + } + } + + + $profile_url = $item['url']; + + + $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ; + + + // Top-level wall post not written by the wall owner (wall-to-wall) + // First figure out who owns it. + + if(($item['parent'] == $item['item_id']) && (! $item['self'])) { + + if($item['type'] == 'wall') { + // I do. Put me on the left of the wall-to-wall notice. + $owner_url = $a->contact['url']; + $owner_photo = $a->contact['thumb']; + $owner_name = $a->contact['name']; + $template = $wallwall; + $commentww = 'ww'; + } + if($item['type'] == 'remote' && ($item['owner-link'] != $item['author-link'])) { + // Could be anybody. + $owner_url = $item['owner-link']; + $owner_photo = $item['owner-avatar']; + $owner_name = $item['owner-name']; + $template = $wallwall; + $commentww = 'ww'; + // If it is our contact, use a friendly redirect link + if(($item['owner-link'] == $item['url']) && ($item['rel'] == DIRECTION_IN || $item['rel'] == DIRECTION_BOTH)) + $owner_url = $redirect_url; + $owner_url = $redirect_url; + + } + } + + + + + $profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']); + $profile_avatar = ((strlen($item['author-avatar'])) ? $item['author-avatar'] : $item['thumb']); + $profile_link = $profile_url; + + $drop = ''; + + if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == get_uid())) + $drop = replace_macros(file_get_contents('view/wall_item_drop.tpl'), array('$id' => $item['id'])); + + + $o .= replace_macros($template,array( + '$id' => $item['item_id'], + '$profile_url' => $profile_link, + '$name' => $profile_name, + '$thumb' => $profile_avatar, + '$title' => $item['title'], + '$body' => bbcode($item['body']), + '$ago' => relative_date($item['created']), + '$location' => (($item['location']) ? '<a target="map" href="http://maps.google.com/?q=' . urlencode($item['location']) . '">' . $item['location'] . '</a>' : ''), + '$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''), + '$drop' => $drop, + '$comment' => $comment + )); + + } + } + + return $o; +}
\ No newline at end of file diff --git a/mod/group.php b/mod/group.php index fbd38bfeb..201c61f2a 100644 --- a/mod/group.php +++ b/mod/group.php @@ -5,9 +5,10 @@ function validate_members(&$item) { } function group_init(&$a) { - require_once('include/group.php'); - $a->page['aside'] = group_side(); - + if(local_user()) { + require_once('include/group.php'); + $a->page['aside'] = group_side(); + } } @@ -21,10 +22,10 @@ function group_post(&$a) { if(($a->argc == 2) && ($a->argv[1] == 'new')) { $name = notags(trim($_POST['groupname'])); - $r = group_add($_SESSION['uid'],$name); + $r = group_add(get_uid(),$name); if($r) { notice( t('Group created.') . EOL ); - $r = group_byname($_SESSION['uid'],$name); + $r = group_byname(get_uid(),$name); if($r) goaway($a->get_baseurl() . '/group/' . $r); } @@ -36,18 +37,19 @@ function group_post(&$a) { if(($a->argc == 2) && (intval($a->argv[1]))) { $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), - intval($_SESSION['uid']) + intval(get_uid()) ); if(! count($r)) { notice( t('Group not found.') . EOL ); goaway($a->get_baseurl() . '/contacts'); + return; // NOTREACHED } $group = $r[0]; $groupname = notags(trim($_POST['groupname'])); if((strlen($groupname)) && ($groupname != $group['name'])) { $r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($groupname), - intval($_SESSION['uid']), + intval(get_uid()), intval($group['id']) ); if($r) @@ -57,14 +59,14 @@ function group_post(&$a) { array_walk($members,'validate_members'); $r = q("DELETE FROM `group_member` WHERE `gid` = %d AND `uid` = %d", intval($a->argv[1]), - intval($_SESSION['uid']) + intval(get_uid()) ); $result = true; if(count($members)) { foreach($members as $member) { $r = q("INSERT INTO `group_member` ( `uid`, `gid`, `contact-id`) VALUES ( %d, %d, %d )", - intval($_SESSION['uid']), + intval(get_uid()), intval($group['id']), intval($member) ); @@ -74,9 +76,9 @@ function group_post(&$a) { } if($result) notice( t('Membership list updated.') . EOL); - $a->page['aside'] = group_side(); + $a->page['aside'] = group_side(); } - + return; } function group_content(&$a) { @@ -88,20 +90,18 @@ function group_content(&$a) { if(($a->argc == 2) && ($a->argv[1] == 'new')) { $tpl = file_get_contents('view/group_new.tpl'); - $o .= replace_macros($tpl,array( - - )); - + $o .= replace_macros($tpl,array()); + return $o; } if(($a->argc == 3) && ($a->argv[1] == 'drop')) { if(intval($a->argv[2])) { $r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[2]), - intval($_SESSION['uid']) + intval(get_uid()) ); if(count($r)) - $result = group_rmv($_SESSION['uid'],$r[0]['name']); + $result = group_rmv(get_uid(),$r[0]['name']); if($result) notice( t('Group removed.') . EOL); else @@ -116,10 +116,10 @@ function group_content(&$a) { require_once('view/acl_selectors.php'); $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), - intval($_SESSION['uid']) + intval(get_uid()) ); if(! count($r)) { - notice( t("Group not found.") . EOL ); + notice( t('Group not found.') . EOL ); goaway($a->get_baseurl() . '/contacts'); } $group = $r[0]; @@ -145,11 +145,6 @@ function group_content(&$a) { )); } - - - - - return $o; }
\ No newline at end of file diff --git a/mod/invite.php b/mod/invite.php index c63eb568b..efe0a59b1 100644 --- a/mod/invite.php +++ b/mod/invite.php @@ -32,9 +32,7 @@ function invite_post(&$a) { } notice( $total . t(' messages sent.') . EOL); - - - + return; } @@ -58,6 +56,4 @@ function invite_content(&$a) { )); return $o; - - }
\ No newline at end of file diff --git a/mod/item.php b/mod/item.php index c790d31da..08f65dca1 100644 --- a/mod/item.php +++ b/mod/item.php @@ -29,7 +29,7 @@ function item_post(&$a) { if(! can_write_wall($a,$profile_uid)) { - notice("Permission denied." . EOL) ; + notice( t('Permission denied.') . EOL) ; return; } @@ -42,37 +42,14 @@ function item_post(&$a) { $user = $r[0]; - $str_group_allow = ''; - $group_allow = $_POST['group_allow']; - if(is_array($group_allow)) { - array_walk($group_allow,'sanitise_acl'); - $str_group_allow = implode('',$group_allow); - } - - $str_contact_allow = ''; - $contact_allow = $_POST['contact_allow']; - if(is_array($contact_allow)) { - array_walk($contact_allow,'sanitise_acl'); - $str_contact_allow = implode('',$contact_allow); - } + $str_group_allow = perms2str($_POST['group_allow']); + $str_contact_allow = perms2str($_POST['contact_allow']); + $str_group_deny = perms2str($_POST['group_deny']); + $str_contact_deny = perms2str($_POST['contact_deny']); - $str_group_deny = ''; - $group_deny = $_POST['group_deny']; - if(is_array($group_deny)) { - array_walk($group_deny,'sanitise_acl'); - $str_group_deny = implode('',$group_deny); - } - - $str_contact_deny = ''; - $contact_deny = $_POST['contact_deny']; - if(is_array($contact_deny)) { - array_walk($contact_deny,'sanitise_acl'); - $str_contact_deny = implode('',$contact_deny); - } - - $title = notags(trim($_POST['title'])); - $body = escape_tags(trim($_POST['body'])); - $location = notags(trim($_POST['location'])); + $title = notags(trim($_POST['title'])); + $body = escape_tags(trim($_POST['body'])); + $location = notags(trim($_POST['location'])); if(! strlen($body)) { notice( t('Empty post discarded.') . EOL ); @@ -128,18 +105,7 @@ function item_post(&$a) { $notify_type = (($parent) ? 'comment-new' : 'wall-new' ); - do { - $dups = false; - $hash = random_string(); - - $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $profile_uid . ':' . $hash; - - $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", - dbesc($uri)); - if(count($r)) - $dups = true; - } while($dups == true); - + $uri = item_new_uri($a->get_hostname(),$profile_uid); $r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `author-name`, `author-link`, `author-avatar`, `created`, @@ -246,7 +212,7 @@ function item_post(&$a) { $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); - proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"$notify_type\" \"$post_id\" &", + proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"$notify_type\" \"$post_id\" > notify.out &", array(),$foo)); goaway($a->get_baseurl() . "/" . $_POST['return'] ); @@ -335,7 +301,7 @@ function item_content(&$a) { // send the notification upstream/downstream as the case may be - proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" &", + proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" > drop.out &", array(), $foo)); goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); diff --git a/mod/message.php b/mod/message.php index b8236641a..2048cff1f 100644 --- a/mod/message.php +++ b/mod/message.php @@ -70,7 +70,7 @@ function message_post(&$a) { $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php'); if($post_id) { - proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"mail\" \"$post_id\" &", + proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"mail\" \"$post_id\" > mail.out &", array(),$foo)); notice( t('Message sent.') . EOL ); } diff --git a/mod/notifications.php b/mod/notifications.php index b5b97cc94..6422b3b00 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -17,7 +17,7 @@ function notifications_post(&$a) { WHERE `request-id` = %d AND `uid` = %d LIMIT 1", intval($request_id), - intval($_SESSION['uid']) + intval(get_uid()) ); if(count($r)) { @@ -28,10 +28,13 @@ function notifications_post(&$a) { return; } if($_POST['submit'] == t('Discard')) { - $r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", intval($intro_id)); - $r = q("DELETE `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", + intval($intro_id) + ); + $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($request_id), - intval($_SESSION['uid'])); + intval(get_uid()) + ); return; } if($_POST['submit'] == t('Ignore')) { diff --git a/mod/photos.php b/mod/photos.php index 0558f746a..01a9e5f54 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -36,8 +36,7 @@ function photos_init(&$a) { } $a->page['aside'] .= $o; } - - + return; } @@ -53,7 +52,7 @@ function photos_post(&$a) { - $r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` + $r = q("SELECT `contact`.* `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid']) ); @@ -95,7 +94,7 @@ function photos_post(&$a) { $res = array(); $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", - intval($_SESSION['uid']), + intval(get_uid()), dbesc($album) ); if(count($r)) { @@ -110,17 +109,17 @@ function photos_post(&$a) { $str_res = implode(',', $res); q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d", - intval($_SESSION['uid']) + intval(get_uid()) ); $r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d", - intval($_SESSION['uid']) + intval(get_uid()) ); if(count($r)) { foreach($r as $rr) { q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc($rr['parent-uri']), - intval($_SESSION['uid']) + intval(get_uid()) ); $drop_id = intval($rr['id']); @@ -141,24 +140,24 @@ function photos_post(&$a) { if(($a->argc > 1) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) { $r = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", - intval($_SESSION['uid']), + intval(get_uid()), dbesc($a->argv[1]) ); if(count($r)) { q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", - intval($_SESSION['uid']), + intval(get_uid()), dbesc($r[0]['resource-id']) ); $i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($r[0]['resource-id']), - intval($_SESSION['uid']) + intval(get_uid()) ); if(count($i)) { q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($i[0]['uri']), - intval($_SESSION['uid']) + intval(get_uid()) ); $url = $a->get_baseurl(); @@ -187,13 +186,13 @@ function photos_post(&$a) { $p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", dbesc($resource_id), - intval($_SESSION['uid']) + intval(get_uid()) ); if(count($r)) { $r = q("UPDATE `photo` SET `desc` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($resource_id), - intval($_SESSION['uid']) + intval(get_uid()) ); } if(! $item_id) { @@ -207,24 +206,13 @@ function photos_post(&$a) { . '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]' . '[/url]'; - do { - $dups = false; - $item_hash = random_string(); - - $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $_SESSION['uid'] . ':' . $item_hash; - - $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", - dbesc($uri)); - if(count($r)) - $dups = true; - } while($dups == true); - + $uri = item_new_uri($a->get_hostname(),get_uid()); $r = q("INSERT INTO `item` (`uid`, `type`, `resource-id`, `contact-id`, `owner-name`,`owner-link`,`owner-avatar`, `created`, `edited`, `changed`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`) VALUES( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", - intval($_SESSION['uid']), + intval(get_uid()), dbesc('photo'), dbesc($p[0]['resource-id']), intval($contact_record['id']), @@ -263,7 +251,7 @@ function photos_post(&$a) { dbesc(datetime_convert()), dbesc(datetime_convert()), intval($item_id), - intval($_SESSION['uid']) + intval(get_uid()) ); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); @@ -293,45 +281,22 @@ function photos_post(&$a) { $r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d", dbesc($album), - intval($_SESSION['uid']) + intval(get_uid()) ); if((! count($r)) || ($album == t('Profile Photos'))) $visible = 1; else $visibile = 0; - $str_group_allow = ''; - $group_allow = $_POST['group_allow']; - if(is_array($group_allow)) { - array_walk($group_allow,'sanitise_acl'); - $str_group_allow = implode('',$group_allow); - } - - $str_contact_allow = ''; - $contact_allow = $_POST['contact_allow']; - if(is_array($contact_allow)) { - array_walk($contact_allow,'sanitise_acl'); - $str_contact_allow = implode('',$contact_allow); - } - $str_group_deny = ''; - $group_deny = $_POST['group_deny']; - if(is_array($group_deny)) { - array_walk($group_deny,'sanitise_acl'); - $str_group_deny = implode('',$group_deny); - } - - $str_contact_deny = ''; - $contact_deny = $_POST['contact_deny']; - if(is_array($contact_deny)) { - array_walk($contact_deny,'sanitise_acl'); - $str_contact_deny = implode('',$contact_deny); - } + $str_group_allow = perms2str($_POST['group_allow']); + $str_contact_allow = perms2str($_POST['contact_allow']); + $str_group_deny = perms2str($_POST['group_deny']); + $str_contact_deny = perms2str($_POST['contact_deny']); - - $src = $_FILES['userfile']['tmp_name']; - $filename = basename($_FILES['userfile']['name']); - $filesize = intval($_FILES['userfile']['size']); + $src = $_FILES['userfile']['tmp_name']; + $filename = basename($_FILES['userfile']['name']); + $filesize = intval($_FILES['userfile']['size']); $imagedata = @file_get_contents($src); $ph = new Photo($imagedata); @@ -351,7 +316,7 @@ function photos_post(&$a) { $photo_hash = hash('md5',uniqid(mt_rand(),true)); - $r = $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $r = $ph->store(get_uid(), 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); if(! $r) { notice( t('Image upload failed.') . EOL ); @@ -360,13 +325,13 @@ function photos_post(&$a) { if($width > 640 || $height > 640) { $ph->scaleImage(640); - $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $ph->store(get_uid(), 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 1; } if($width > 320 || $height > 320) { $ph->scaleImage(320); - $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $ph->store(get_uid(), 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 2; } @@ -378,23 +343,12 @@ function photos_post(&$a) { . '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]' . '[/url]'; - do { - $dups = false; - $item_hash = random_string(); - - $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $_SESSION['uid'] . ':' . $item_hash; - - $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", - dbesc($uri)); - if(count($r)) - $dups = true; - } while($dups == true); - + $uri = item_new_uri($a->get_hostname(), get_uid()); $r = q("INSERT INTO `item` (`uid`, `type`, `resource-id`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`, `edited`, `changed`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `visible`) VALUES( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )", - intval($_SESSION['uid']), + intval(get_uid()), dbesc('photo'), dbesc($photo_hash), intval($contact_record['id']), @@ -492,7 +446,7 @@ function photos_content(&$a) { // Profile owner - everything is visible - if(local_user() && ($_SESSION['uid'] == $owner_uid)) { + if(local_user() && (get_uid() == $owner_uid)) { $sql_extra = ''; } elseif(remote_user()) { @@ -521,7 +475,7 @@ function photos_content(&$a) { if($datatype == 'upload') { - if( ! (local_user() && ($_SESSION['uid'] == $a->data['user']['uid']))) { + if( ! (local_user() && (get_uid() == $a->data['user']['uid']))) { notice( t('Permission denied.')); return; } @@ -581,7 +535,7 @@ function photos_content(&$a) { if($cmd == 'edit') { if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) { - if(local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) { + if(local_user() && (get_uid() == $a->data['user']['uid'])) { $edit_tpl = file_get_contents('view/album_edit.tpl'); $o .= replace_macros($edit_tpl,array( '$nametext' => t('New album name: '), @@ -595,7 +549,7 @@ function photos_content(&$a) { } else { if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) { - if(local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) { + if(local_user() && (get_uid() == $a->data['user']['uid'])) { $o .= '<div id="album-edit-link"><a href="'. $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>'; @@ -654,7 +608,7 @@ function photos_content(&$a) { $o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']) . '">' . $ph[0]['album'] . '</a></h3>'; - if(local_user() && ($ph[0]['uid'] == $_SESSION['uid'])) { + if(local_user() && ($ph[0]['uid'] == get_uid())) { $o .= '<div id="photo-edit-link-wrap" ><a id="photo-edit-link" href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit' . '">' . t('Edit photo') . '</a></div>'; } @@ -773,7 +727,7 @@ function photos_content(&$a) { $profile_url = $item['url']; - if(local_user() && ($item['contact-uid'] == $_SESSION['uid']) + if(local_user() && ($item['contact-uid'] == get_uid()) && ($item['rel'] == DIRECTION_IN || $item['rel'] == DIRECTION_BOTH) && (! $item['self'] )) $profile_url = $redirect_url; @@ -783,7 +737,7 @@ function photos_content(&$a) { $drop = ''; - if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == $_SESSION['uid'])) + if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == get_uid())) $drop = replace_macros(file_get_contents('view/wall_item_drop.tpl'), array('$id' => $item['id'])); @@ -828,7 +782,7 @@ function photos_content(&$a) { $o .= '<h3>' . t('Recent Photos') . '</h3>'; - if( local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) { + if( local_user() && (get_uid() == $a->data['user']['uid'])) { $o .= '<div id="photo-top-links"><a id="photo-top-upload-link" href="'. $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload' . '">' . t('Upload New Photos') . '</a></div>'; } diff --git a/mod/ping.php b/mod/ping.php index 7e96b7121..9f7191758 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -9,26 +9,26 @@ function ping_init(&$a) { $r = q("SELECT COUNT(*) AS `total` FROM `item` WHERE `unseen` = 1 AND `visible` = 1 AND `deleted` = 0 AND `uid` = %d", - intval($_SESSION['uid']) + intval(get_uid()) ); $network = $r[0]['total']; $r = q("SELECT COUNT(*) AS `total` FROM `item` WHERE `unseen` = 1 AND `visible` = 1 AND `deleted` = 0 AND `uid` = %d AND `type` != 'remote' ", - intval($_SESSION['uid']) + intval(get_uid()) ); $home = $r[0]['total']; $r = q("SELECT COUNT(*) AS `total` FROM `intro` WHERE `uid` = %d AND `blocked` = 0 AND `ignore` = 0 ", - intval($_SESSION['uid']) + intval(get_uid()) ); $intro = $r[0]['total']; $myurl = $a->get_baseurl() . '/profile/' . $user['nickname'] ; $r = q("SELECT COUNT(*) AS `total` FROM `mail` WHERE `uid` = %d AND `seen` = 0 AND `from-url` != '%s' ", - intval($_SESSION['uid']), + intval(get_uid()), dbesc($myurl) ); diff --git a/mod/profile.php b/mod/profile.php index c5047d615..1520afff7 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -24,7 +24,7 @@ function profile_load(&$a, $username, $profile = 0) { ); if(($r === false) || (! count($r))) { - notice("No profile" . EOL ); + notice( t('No profile') . EOL ); $a->error = 404; return; } @@ -44,20 +44,11 @@ function profile_init(&$a) { if($a->argc > 1) $which = $a->argv[1]; else { - notice("No profile" . EOL ); + notice( t('No profile') . EOL ); $a->error = 404; return; } - if((remote_user()) && ($a->argc > 2) && ($a->argv[2] == 'visit')) - $_SESSION['is_visitor'] = 1; -// else { -// unset($_SESSION['is_visitor']); -// unset($_SESSION['visitor_id']); -// if(! $_SESSION['uid']) -// unset($_SESSION['authenticated']); -// } - $profile = 0; if((local_user()) && ($a->argc > 2) && ($a->argv[2] == 'view')) { $which = $a->user['nickname']; @@ -173,7 +164,7 @@ function profile_content(&$a, $update = false) { // Profile owner - everything is visible - if(local_user() && ($_SESSION['uid'] == $a->profile['uid'])) { + if(local_user() && ($_SESSION['uid'] == $a->profile['profile_uid'])) { $sql_extra = ''; // Oh - while we're here... reset the Unseen messages diff --git a/mod/profiles.php b/mod/profiles.php index 3cf2aca80..5ee9a3e96 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -163,7 +163,7 @@ function profiles_content(&$a) { } if(($a->argc > 2) && ($a->argv[1] == "drop") && intval($a->argv[2])) { - $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is-default` = 0 LIMIT 1", + $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is-default` = 0 AND `self` = 0 LIMIT 1", intval($a->argv[2]), intval($_SESSION['uid']) ); diff --git a/mod/settings.php b/mod/settings.php index f9cc429df..9e7a6654e 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -2,25 +2,20 @@ function settings_init(&$a) { - - if(! local_user()) { - notice("Permission denied." . EOL); - $a->error = 404; - return; + if(local_user()) { + require_once("mod/profile.php"); + profile_load($a,$a->user['nickname']); } - require_once("mod/profile.php"); - profile_load($a,$a->user['nickname']); } function settings_post(&$a) { - if(! local_user()) { notice( t('Permission denied.') . EOL); return; } - if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) { + if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != get_uid()) { notice( t('Permission denied.') . EOL); return; } @@ -44,7 +39,7 @@ function settings_post(&$a) { $password = hash('whirlpool',$newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($password), - intval($_SESSION['uid'])); + intval(get_uid()); if($r) notice( t('Password changed.') . EOL); else @@ -52,15 +47,15 @@ function settings_post(&$a) { } } - $theme = notags(trim($_POST['theme'])); - $username = notags(trim($_POST['username'])); - $email = notags(trim($_POST['email'])); - $timezone = notags(trim($_POST['timezone'])); - $defloc = notags(trim($_POST['defloc'])); + $theme = notags(trim($_POST['theme'])); + $username = notags(trim($_POST['username'])); + $email = notags(trim($_POST['email'])); + $timezone = notags(trim($_POST['timezone'])); + $defloc = notags(trim($_POST['defloc'])); - $publish = (($_POST['profile_in_directory'] == 1) ? 1: 0); - $net_publish = (($_POST['profile_in_netdirectory'] == 1) ? 1: 0); - $old_visibility = ((intval($_POST['visibility']) == 1) ? 1 : 0); + $publish = (($_POST['profile_in_directory'] == 1) ? 1: 0); + $net_publish = (($_POST['profile_in_netdirectory'] == 1) ? 1: 0); + $old_visibility = ((intval($_POST['visibility']) == 1) ? 1 : 0); $notify = 0; @@ -75,13 +70,11 @@ function settings_post(&$a) { if($_POST['notify5']) $notify += intval($_POST['notify5']); - $username_changed = false; $email_changed = false; - $zone_changed = false; + $err = ''; if($username != $a->user['username']) { - $username_changed = true; if(strlen($username) > 40) $err .= t(' Please use a shorter name.'); if(strlen($username) < 3) @@ -104,38 +97,15 @@ function settings_post(&$a) { return; } if($timezone != $a->user['timezone']) { - $zone_changed = true; if(strlen($timezone)) date_default_timezone_set($timezone); } - $str_group_allow = ''; - $group_allow = $_POST['group_allow']; - if(is_array($group_allow)) { - array_walk($group_allow,'sanitise_acl'); - $str_group_allow = implode('',$group_allow); - } - - $str_contact_allow = ''; - $contact_allow = $_POST['contact_allow']; - if(is_array($contact_allow)) { - array_walk($contact_allow,'sanitise_acl'); - $str_contact_allow = implode('',$contact_allow); - } - $str_group_deny = ''; - $group_deny = $_POST['group_deny']; - if(is_array($group_deny)) { - array_walk($group_deny,'sanitise_acl'); - $str_group_deny = implode('',$group_deny); - } - - $str_contact_deny = ''; - $contact_deny = $_POST['contact_deny']; - if(is_array($contact_deny)) { - array_walk($contact_deny,'sanitise_acl'); - $str_contact_deny = implode('',$contact_deny); - } + $str_group_allow = perms2str($_POST['group_allow']); + $str_contact_allow = perms2str($_POST['contact_allow']); + $str_group_deny = perms2str($_POST['group_deny']); + $str_contact_deny = perms2str($_POST['contact_deny']); $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `default-location` = '%s', `theme` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($username), @@ -148,7 +118,7 @@ function settings_post(&$a) { intval($notify), dbesc($defloc), dbesc($theme), - intval($_SESSION['uid']) + intval(get_uid()) ); if($r) notice( t('Settings updated.') . EOL); @@ -158,7 +128,7 @@ function settings_post(&$a) { WHERE `is-default` = 1 AND `uid` = %d LIMIT 1", intval($publish), intval($net_publish), - intval($_SESSION['uid']) + intval(get_uid()) ); if($old_visibility != $net_publish) { @@ -178,6 +148,7 @@ function settings_post(&$a) { } goaway($a->get_baseurl() . '/settings' ); + return; // NOTREACHED } @@ -210,28 +181,23 @@ function settings_content(&$a) { $opt_tpl = file_get_contents("view/profile-in-directory.tpl"); $profile_in_dir = replace_macros($opt_tpl,array( - '$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""), - '$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "") + '$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""), + '$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "") )); if(strlen(get_config('system','directory_submit_url'))) { $opt_tpl = file_get_contents("view/profile-in-netdir.tpl"); $profile_in_net_dir = replace_macros($opt_tpl,array( - '$yes_selected' => (($profile['net-publish']) ? " checked=\"checked\" " : ""), - '$no_selected' => (($profile['net-publish'] == 0) ? " checked=\"checked\" " : "") + '$yes_selected' => (($profile['net-publish']) ? " checked=\"checked\" " : ""), + '$no_selected' => (($profile['net-publish'] == 0) ? " checked=\"checked\" " : "") )); } else $profile_in_net_dir = ''; - - - - $nickname_block = file_get_contents("view/settings_nick_set.tpl"); - $nickname_subdir = ''; if(strlen($a->get_path())) { $subdir_tpl = file_get_contents('view/settings_nick_subdir.tpl'); |