aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/acl.php2
-rw-r--r--mod/dfrn_confirm.php9
-rw-r--r--mod/dfrn_notify.php10
-rw-r--r--mod/dfrn_request.php16
-rw-r--r--mod/item.php37
-rw-r--r--mod/network.php4
-rw-r--r--mod/register.php328
-rw-r--r--mod/search.php9
-rw-r--r--mod/settings.php18
9 files changed, 90 insertions, 343 deletions
diff --git a/mod/acl.php b/mod/acl.php
index 168b1f59f..1e8898ab6 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -135,7 +135,7 @@ function acl_init(&$a){
foreach($r as $g) {
$x['photos'][] = $g['micro'];
$x['links'][] = $g['url'];
- $x['suggestions'][] = $g['name']; // sprintf( t('%s [%s]'),$g['name'],$g['url']);
+ $x['suggestions'][] = $g['name'];
$x['data'][] = intval($g['id']);
}
}
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 564ae5ca2..76b99cbca 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -202,6 +202,8 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if($user[0]['page-flags'] == PAGE_COMMUNITY)
$params['page'] = 1;
+ if($user[0]['page-flags'] == PAGE_PRVGROUP)
+ $params['page'] = 2;
logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA);
@@ -537,6 +539,9 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 );
$version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
+ $forum = (($page == 1) ? 1 : 0);
+ $prv = (($page == 2) ? 1 : 0);
+
logger('dfrn_confirm: requestee contacted: ' . $node);
logger('dfrn_confirm: request: POST=' . print_r($_POST,true), LOGGER_DATA);
@@ -691,6 +696,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
`pending` = 0,
`duplex` = %d,
`forum` = %d,
+ `prv` = %d,
`network` = '%s' WHERE `id` = %d LIMIT 1
",
dbesc($photos[0]),
@@ -701,7 +707,8 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($duplex),
- intval($page),
+ intval($forum),
+ intval($prv),
dbesc(NETWORK_DFRN),
intval($dfrn_record)
);
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 65d39d5fe..e55da5572 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -17,6 +17,9 @@ function dfrn_notify_post(&$a) {
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
$page = ((x($_POST,'page')) ? intval($_POST['page']) : 0);
+ $forum = (($page == 1) ? 1 : 0);
+ $prv = (($page == 2) ? 1 : 0);
+
$writable = (-1);
if($dfrn_version >= 2.21) {
$writable = (($perm === 'rw') ? 1 : 0);
@@ -88,10 +91,11 @@ function dfrn_notify_post(&$a) {
$importer = $r[0];
- if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $page)) {
- q("UPDATE `contact` SET `writable` = %d, forum = %d WHERE `id` = %d LIMIT 1",
+ if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $forum) || ($importer['prv'] != $prv)) {
+ q("UPDATE `contact` SET `writable` = %d, forum = %d, prv = %d WHERE `id` = %d LIMIT 1",
intval(($writable == (-1)) ? $importer['writable'] : $writable),
- intval($page),
+ intval($forum),
+ intval($prv),
intval($importer['id'])
);
if($writable != (-1))
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index b809929d7..896fe1792 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -68,7 +68,7 @@ function dfrn_request_post(&$a) {
$dfrn_url = notags(trim($_POST['dfrn_url']));
$aes_allow = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
$confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : "");
-
+ $hidden = ((x($_POST,'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
$contact_record = null;
if(x($dfrn_url)) {
@@ -98,8 +98,9 @@ function dfrn_request_post(&$a) {
}
if(is_array($contact_record)) {
- $r = q("UPDATE `contact` SET `ret-aes` = %d WHERE `id` = %d LIMIT 1",
+ $r = q("UPDATE `contact` SET `ret-aes` = %d, hidden = %d WHERE `id` = %d LIMIT 1",
intval($aes_allow),
+ intval($hidden),
intval($contact_record['id'])
);
}
@@ -144,8 +145,8 @@ function dfrn_request_post(&$a) {
*/
$r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `name`, `nick`, `photo`, `site-pubkey`,
- `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`)
- VALUES ( %d, '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d)",
+ `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`, `hidden`)
+ VALUES ( %d, '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d)",
intval(local_user()),
datetime_convert(),
dbesc($dfrn_url),
@@ -160,7 +161,8 @@ function dfrn_request_post(&$a) {
$parms['dfrn-poll'],
$parms['dfrn-poco'],
dbesc(NETWORK_DFRN),
- intval($aes_allow)
+ intval($aes_allow),
+ intval($hidden)
);
}
@@ -649,6 +651,8 @@ function dfrn_request_content(&$a) {
$o = replace_macros($tpl,array(
'$dfrn_url' => $dfrn_url,
'$aes_allow' => (($aes_allow) ? '<input type="hidden" name="aes_allow" value="1" />' : "" ),
+ '$hidethem' => t('Hide this contact'),
+ '$hidechecked' => '',
'$confirm_key' => $confirm_key,
'$welcome' => sprintf( t('Welcome home %s.'), $a->user['username']),
'$please' => sprintf( t('Please confirm your introduction/connection request to %s.'), $dfrn_url),
@@ -680,7 +684,7 @@ function dfrn_request_content(&$a) {
$auto_confirm = false;
if(count($r)) {
- if($r[0]['page-flags'] != PAGE_NORMAL)
+ if(($r[0]['page-flags'] != PAGE_NORMAL) && ($r[0]['page-flags'] != PAGE_PRVGROUP))
$auto_confirm = true;
if(! $auto_confirm) {
diff --git a/mod/item.php b/mod/item.php
index df242d6f7..497cf5daa 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -262,17 +262,17 @@ function item_post(&$a) {
}
}
- if(strlen($categories)) {
- // get the "fileas" tags for this post
- $filedas = file_tag_file_to_list($categories, 'file');
+ if(strlen($categories)) {
+ // get the "fileas" tags for this post
+ $filedas = file_tag_file_to_list($categories, 'file');
}
- // save old and new categories, so we can determine what needs to be deleted from pconfig
- $categories_old = $categories;
- $categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category');
- $categories_new = $categories;
- if(strlen($filedas)) {
- // append the fileas stuff to the new categories list
- $categories .= file_tag_list_to_file($filedas, 'file');
+ // save old and new categories, so we can determine what needs to be deleted from pconfig
+ $categories_old = $categories;
+ $categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category');
+ $categories_new = $categories;
+ if(strlen($filedas)) {
+ // append the fileas stuff to the new categories list
+ $categories .= file_tag_list_to_file($filedas, 'file');
}
// Work around doubled linefeeds in Tinymce 3.5b2
@@ -453,6 +453,7 @@ function item_post(&$a) {
$tagged = array();
+ $private_forum = false;
if(count($tags)) {
foreach($tags as $tag) {
@@ -471,11 +472,22 @@ function item_post(&$a) {
continue;
$success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag);
- if($success)
+ if($success['replaced'])
$tagged[] = $tag;
+ if(is_array($success['contact']) && intval($success['contact']['prv'])) {
+ $private_forum = true;
+ $private_id = $success['contact']['id'];
+ }
}
}
+ if(($private_forum) && (! $parent) && (! $private)) {
+ // we tagged a private forum in a top level post and the message was public.
+ // Restrict it.
+ $private = 1;
+ $str_contact_allow = '<' . $private_id . '>';
+ }
+
$attachments = '';
$match = false;
@@ -893,6 +905,7 @@ function item_content(&$a) {
function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
$replaced = false;
+ $r = null;
//is it a hash tag?
if(strpos($tag,'#') === 0) {
@@ -1023,5 +1036,5 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
}
}
- return $replaced;
+ return array('replaced' => $replaced, 'contact' => $r[0]);
}
diff --git a/mod/network.php b/mod/network.php
index a94272a42..7c4c1ac04 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -437,8 +437,8 @@ function network_content(&$a, $update = 0) {
else
$sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
dbesc(protect_sprintf('%' . $myurl)),
- dbesc(protect_sprintf('%' . $myurl . '\\]%')),
- dbesc(protect_sprintf('%' . $diasp_url . '\\]%'))
+ dbesc(protect_sprintf('%' . $myurl . ']%')),
+ dbesc(protect_sprintf('%' . $diasp_url . ']%'))
);
}
diff --git a/mod/register.php b/mod/register.php
index 58bba8533..b162f62be 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -43,326 +43,44 @@ function register_post(&$a) {
break;
}
- $using_invites = get_config('system','invitation_only');
- $num_invites = get_config('system','number_invites');
-
-
- $invite_id = ((x($_POST,'invite_id')) ? notags(trim($_POST['invite_id'])) : '');
- $username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : '');
- $nickname = ((x($_POST,'nickname')) ? notags(trim($_POST['nickname'])) : '');
- $email = ((x($_POST,'email')) ? notags(trim($_POST['email'])) : '');
- $openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
- $photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : '');
- $publish = ((x($_POST,'profile_publish_reg') && intval($_POST['profile_publish_reg'])) ? 1 : 0);
-
- $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
-
- $tmp_str = $openid_url;
-
- if($using_invites) {
- if(! $invite_id) {
- notice( t('An invitation is required.') . EOL);
- return;
- }
- $r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
- if(! results($r)) {
- notice( t('Invitation could not be verified.') . EOL);
- return;
- }
- }
-
- if((! x($username)) || (! x($email)) || (! x($nickname))) {
- if($openid_url) {
- if(! validate_url($tmp_str)) {
- notice( t('Invalid OpenID url') . EOL);
- return;
- }
- $_SESSION['register'] = 1;
- $_SESSION['openid'] = $openid_url;
- require_once('library/openid.php');
- $openid = new LightOpenID;
- $openid->identity = $openid_url;
- $openid->returnUrl = $a->get_baseurl() . '/openid';
- $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
- $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
- goaway($openid->authUrl());
- // NOTREACHED
- }
-
- notice( t('Please enter the required information.') . EOL );
- return;
- }
-
- if(! validate_url($tmp_str))
- $openid_url = '';
-
-
- $err = '';
-
- // collapse multiple spaces in name
- $username = preg_replace('/ +/',' ',$username);
-
- if(mb_strlen($username) > 48)
- $err .= t('Please use a shorter name.') . EOL;
- if(mb_strlen($username) < 3)
- $err .= t('Name too short.') . EOL;
-
- // I don't really like having this rule, but it cuts down
- // on the number of auto-registrations by Russian spammers
-
- // Using preg_match was completely unreliable, due to mixed UTF-8 regex support
- // $no_utf = get_config('system','no_utf');
- // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
+ require_once('include/user.php');
- // So now we are just looking for a space in the full name.
-
- $loose_reg = get_config('system','no_regfullname');
- if(! $loose_reg) {
- $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
- if(! strpos($username,' '))
- $err .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
- }
-
-
- if(! allowed_email($email))
- $err .= t('Your email domain is not among those allowed on this site.') . EOL;
-
- if((! valid_email($email)) || (! validate_email($email)))
- $err .= t('Not a valid email address.') . EOL;
-
- // Disallow somebody creating an account using openid that uses the admin email address,
- // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
-
- if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
- $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
- dbesc($email)
- );
- if(count($r))
- $err .= t('Cannot use that email.') . EOL;
- }
+ $result = create_user($_POST);
- $nickname = $_POST['nickname'] = strtolower($nickname);
-
- if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
- $err .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
- $r = q("SELECT `uid` FROM `user`
- WHERE `nickname` = '%s' LIMIT 1",
- dbesc($nickname)
- );
- if(count($r))
- $err .= t('Nickname is already registered. Please choose another.') . EOL;
-
- // Check deleted accounts that had this nickname. Doesn't matter to us,
- // but could be a security issue for federated platforms.
-
- $r = q("SELECT * FROM `userd`
- WHERE `username` = '%s' LIMIT 1",
- dbesc($nickname)
- );
- if(count($r))
- $err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
-
- if(strlen($err)) {
- notice( $err );
+ if(! $result['success']) {
+ notice($result['message']);
return;
}
-
- $new_password = autoname(6) . mt_rand(100,9999);
- $new_password_encoded = hash('whirlpool',$new_password);
-
- require_once('include/crypto.php');
-
- $result = new_keypair(1024);
-
- if($result === false) {
- notice( t('SERIOUS ERROR: Generation of security keys failed.') . EOL);
- return;
- }
-
- $prvkey = $result['prvkey'];
- $pubkey = $result['pubkey'];
-
- /**
- *
- * Create another keypair for signing/verifying
- * salmon protocol messages. We have to use a slightly
- * less robust key because this won't be using openssl
- * but the phpseclib. Since it is PHP interpreted code
- * it is not nearly as efficient, and the larger keys
- * will take several minutes each to process.
- *
- */
-
- $sres = new_keypair(512);
- $sprvkey = $sres['prvkey'];
- $spubkey = $sres['pubkey'];
-
- $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
- `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` )
- VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )",
- dbesc(generate_user_guid()),
- dbesc($username),
- dbesc($new_password_encoded),
- dbesc($email),
- dbesc($openid_url),
- dbesc($nickname),
- dbesc($pubkey),
- dbesc($prvkey),
- dbesc($spubkey),
- dbesc($sprvkey),
- dbesc(datetime_convert()),
- intval($verified),
- intval($blocked)
- );
-
- if($r) {
- $r = q("SELECT `uid` FROM `user`
- WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
- dbesc($username),
- dbesc($new_password_encoded)
- );
- if($r !== false && count($r))
- $newuid = intval($r[0]['uid']);
- }
- else {
- notice( t('An error occurred during registration. Please try again.') . EOL );
- return;
- }
-
- /**
- * if somebody clicked submit twice very quickly, they could end up with two accounts
- * due to race condition. Remove this one.
- */
-
- $r = q("SELECT `uid` FROM `user`
- WHERE `nickname` = '%s' ",
- dbesc($nickname)
- );
- if((count($r) > 1) && $newuid) {
- $err .= t('Nickname is already registered. Please choose another.') . EOL;
- q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1",
- intval($newuid)
- );
- notice ($err);
- return;
- }
-
- if(x($newuid) !== false) {
- $r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )
- VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ",
- intval($newuid),
- 'default',
- 1,
- dbesc($username),
- dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
- dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
- intval($publish),
- intval($netpublish)
-
- );
- if($r === false) {
- notice( t('An error occurred creating your default profile. Please try again.') . EOL );
- // Start fresh next time.
- $r = q("DELETE FROM `user` WHERE `uid` = %d",
- intval($newuid));
- return;
- }
- $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
- `request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` )
- VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
- intval($newuid),
- datetime_convert(),
- dbesc($username),
- dbesc($nickname),
- dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
- dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
- dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"),
- dbesc($a->get_baseurl() . "/profile/$nickname"),
- dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")),
- dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
- dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
- dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
- dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
- dbesc($a->get_baseurl() . "/poco/$nickname"),
- dbesc(datetime_convert()),
- dbesc(datetime_convert()),
- dbesc(datetime_convert())
- );
-
-
- }
-
- // if we have no OpenID photo try to look up an avatar
- if(! strlen($photo))
- $photo = avatar_img($email);
-
- // unless there is no avatar-plugin loaded
- if(strlen($photo)) {
- require_once('include/Photo.php');
- $photo_failure = false;
-
- $filename = basename($photo);
- $img_str = fetch_url($photo,true);
- $img = new Photo($img_str);
- if($img->is_valid()) {
-
- $img->scaleImageSquare(175);
-
- $hash = photo_new_resource();
-
- $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
-
- if($r === false)
- $photo_failure = true;
-
- $img->scaleImage(80);
-
- $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 );
-
- if($r === false)
- $photo_failure = true;
-
- $img->scaleImage(48);
-
- $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 );
-
- if($r === false)
- $photo_failure = true;
-
- if(! $photo_failure) {
- q("UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' ",
- dbesc($hash)
- );
- }
- }
- }
-
+ $user = $result['user'];
+
if($netpublish && $a->config['register_policy'] != REGISTER_APPROVE) {
- $url = $a->get_baseurl() . "/profile/$nickname";
+ $url = $a->get_baseurl() . '/profile/' . $user['nickname'];
proc_run('php',"include/directory.php","$url");
}
+ $using_invites = get_config('system','invitation_only');
+ $num_invites = get_config('system','number_invites');
+ $invite_id = ((x($_POST,'invite_id')) ? notags(trim($_POST['invite_id'])) : '');
- call_hooks('register_account', $newuid);
if( $a->config['register_policy'] == REGISTER_OPEN ) {
if($using_invites && $invite_id) {
q("delete * from register where hash = '%s' limit 1", dbesc($invite_id));
- set_pconfig($newuid,'system','invites_remaining',$num_invites);
+ set_pconfig($user['uid'],'system','invites_remaining',$num_invites);
}
$email_tpl = get_intltext_template("register_open_eml.tpl");
$email_tpl = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
- '$username' => $username,
- '$email' => $email,
- '$password' => $new_password,
- '$uid' => $newuid ));
+ '$username' => $user['username'],
+ '$email' => $user['email'],
+ '$password' => $result['password'],
+ '$uid' => $user['uid'] ));
- $res = mail($email, sprintf(t('Registration details for %s'), $a->config['sitename']),
+ $res = mail($user['email'], sprintf(t('Registration details for %s'), $a->config['sitename']),
$email_tpl,
'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
. 'Content-type: text/plain; charset=UTF-8' . "\n"
@@ -387,8 +105,8 @@ function register_post(&$a) {
$r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language` ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ",
dbesc($hash),
dbesc(datetime_convert()),
- intval($newuid),
- dbesc($new_password),
+ intval($user['uid']),
+ dbesc($result['password']),
dbesc($lang)
);
@@ -402,17 +120,17 @@ function register_post(&$a) {
if($using_invites && $invite_id) {
q("delete * from register where hash = '%s' limit 1", dbesc($invite_id));
- set_pconfig($newuid,'system','invites_remaining',$num_invites);
+ set_pconfig($user['uid'],'system','invites_remaining',$num_invites);
}
$email_tpl = get_intltext_template("register_verify_eml.tpl");
$email_tpl = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
- '$username' => $username,
- '$email' => $email,
- '$password' => $new_password,
- '$uid' => $newuid,
+ '$username' => $user['username'],
+ '$email' => $user['email'],
+ '$password' => $result['password'],
+ '$uid' => $user['uid'],
'$hash' => $hash
));
diff --git a/mod/search.php b/mod/search.php
index d4cd9d967..466ffc4c3 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -110,18 +110,19 @@ function search_content(&$a) {
if (get_config('system','use_fulltext_engine')) {
if($tag)
- $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.preg_quote($search));
+ $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search)));
else
- $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(preg_quote($search)));
+ $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search)));
} else {
if($tag)
- $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . preg_quote($search) . '\\['));
+ $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . protect_sprintf(preg_quote($search)) . '\\['));
else
- $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(preg_quote($search)));
+ $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
}
+
// Here is the way permissions work in the search module...
// Only public posts can be shown
// OR your own posts if you are a logged in member
diff --git a/mod/settings.php b/mod/settings.php
index b5214e917..92593d7a8 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -445,7 +445,7 @@ function settings_post(&$a) {
if($page_flags == PAGE_PRVGROUP) {
$hidewall = 1;
- if((! str_contact_allow) && (! str_group_allow) && (! str_contact_deny) && (! $str_group_deny)) {
+ if((! $str_contact_allow) && (! $str_group_allow) && (! $str_contact_deny) && (! $str_group_deny)) {
if($def_gid) {
info( t('Private forum has no privacy permissions. Using default privacy group.'). EOL);
$str_group_allow = '<' . $def_gid . '>';
@@ -837,27 +837,26 @@ function settings_content(&$a) {
$pageset_tpl = get_markup_template('pagetypes.tpl');
$pagetype = replace_macros($pageset_tpl,array(
- '$page_normal' => array('page-flags', t('Normal Account'), PAGE_NORMAL,
+ '$page_normal' => array('page-flags', t('Normal Account Page'), PAGE_NORMAL,
t('This account is a normal personal profile'),
($a->user['page-flags'] == PAGE_NORMAL)),
- '$page_soapbox' => array('page-flags', t('Soapbox Account'), PAGE_SOAPBOX,
+ '$page_soapbox' => array('page-flags', t('Soapbox Page'), PAGE_SOAPBOX,
t('Automatically approve all connection/friend requests as read-only fans'),
($a->user['page-flags'] == PAGE_SOAPBOX)),
- '$page_community' => array('page-flags', t('Community/Celebrity Account'), PAGE_COMMUNITY,
+ '$page_community' => array('page-flags', t('Community Forum/Celebrity Account'), PAGE_COMMUNITY,
t('Automatically approve all connection/friend requests as read-write fans'),
($a->user['page-flags'] == PAGE_COMMUNITY)),
- '$page_freelove' => array('page-flags', t('Automatic Friend Account'), PAGE_FREELOVE,
+ '$page_freelove' => array('page-flags', t('Automatic Friend Page'), PAGE_FREELOVE,
t('Automatically approve all connection/friend requests as friends'),
($a->user['page-flags'] == PAGE_FREELOVE)),
- '$page_prvgroup' => array('page-flags', t('Private Forum'), PAGE_PRVGROUP,
- t('Private forum - approved members only [Experimental]'),
+ '$page_prvgroup' => array('page-flags', t('Private Forum [Experimental]'), PAGE_PRVGROUP,
+ t('Private forum - approved members only'),
($a->user['page-flags'] == PAGE_PRVGROUP)),
- '$experimental' => ( (intval(get_config('system','prvgroup_testing'))) ? 'true' : ''),
));
@@ -1026,7 +1025,8 @@ function settings_content(&$a) {
'$notify7' => array('notify7', t('You are tagged in a post'), ($notify & NOTIFY_TAGSELF), NOTIFY_TAGSELF, ''),
- '$h_advn' => t('Advanced Page Settings'),
+ '$h_advn' => t('Advanced Account/Page Type Settings'),
+ '$h_descadvn' => t('Change the behaviour of this account for special situations'),
'$pagetype' => $pagetype,