diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/acl.php | 97 | ||||
| -rw-r--r-- | mod/chanview.php | 60 | ||||
| -rw-r--r-- | mod/connections.php | 2 | ||||
| -rw-r--r-- | mod/contactgroup.php | 22 | ||||
| -rw-r--r-- | mod/directory.php | 215 | ||||
| -rw-r--r-- | mod/dirsearch.php | 61 | ||||
| -rw-r--r-- | mod/group.php | 4 | ||||
| -rw-r--r-- | mod/intro.php | 7 | ||||
| -rw-r--r-- | mod/item.php | 26 | ||||
| -rw-r--r-- | mod/lockview.php | 50 | ||||
| -rw-r--r-- | mod/magic.php | 122 | ||||
| -rw-r--r-- | mod/photos.php | 11 | ||||
| -rw-r--r-- | mod/poco.php | 3 | ||||
| -rw-r--r-- | mod/post.php | 152 | ||||
| -rw-r--r-- | mod/profile_photo.php | 11 | ||||
| -rw-r--r-- | mod/profiles.php | 2 | ||||
| -rw-r--r-- | mod/search.php | 12 | ||||
| -rw-r--r-- | mod/wall_attach.php | 71 | ||||
| -rw-r--r-- | mod/wall_upload.php | 159 | ||||
| -rw-r--r-- | mod/zfinger.php | 6 |
20 files changed, 679 insertions, 414 deletions
diff --git a/mod/acl.php b/mod/acl.php index 76be01ee6..2f1866f85 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -5,6 +5,7 @@ require_once("include/acl_selectors.php"); function acl_init(&$a){ +// logger('mod_acl: ' . print_r($_REQUEST,true)); $start = (x($_REQUEST,'start')?$_REQUEST['start']:0); $count = (x($_REQUEST,'count')?$_REQUEST['count']:100); @@ -21,12 +22,11 @@ function acl_init(&$a){ } - if(! (local_user() || $type == 'x')) - return ""; + if(!(local_user())) + if($type != 'x') + killme(); - - - if ($search!=""){ + if ($search != "") { $sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . ") "; @@ -150,18 +150,31 @@ function acl_init(&$a){ ); } elseif($type == 'x') { - $r = q("SELECT xchan_name as id, xchan_name as name, xchan_photo_s as micro, xchan_url as url from xchan - where 1 - $sql_extra3 - ORDER BY `xchan_name` ASC ", - intval(local_user()) - ); + + $r = navbar_complete($a); + $x = array(); + $x['query'] = $search; + $x['photos'] = array(); + $x['links'] = array(); + $x['suggestions'] = array(); + $x['data'] = array(); + if($r) { + foreach($r as $g) { + $x['photos'][] = $g['photo']; + $x['links'][] = $g['url']; + $x['suggestions'][] = '@' . $g['name']; + $x['data'][] = $g['name']; + } + } + echo json_encode($x); + killme(); + } else $r = array(); - if($type == 'm' || $type == 'a' || $type == 'x') { + if($type == 'm' || $type == 'a') { $x = array(); $x['query'] = $search; $x['photos'] = array(); @@ -172,7 +185,7 @@ function acl_init(&$a){ foreach($r as $g) { $x['photos'][] = $g['micro']; $x['links'][] = $g['url']; - $x['suggestions'][] = (($type === 'x') ? '@' : '') . $g['name']; + $x['suggestions'][] = $g['name']; $x['data'][] = $g['id']; } } @@ -188,8 +201,8 @@ function acl_init(&$a){ "name" => $g['name'], "id" => $g['id'], "xid" => $g['hash'], - "link" => $g['url'], - "nick" => $g['nick'], + "link" => $g['nick'], + "nick" => substr($g['nick'],0,strpos($g['nick'],'@')) ); } } @@ -209,3 +222,57 @@ function acl_init(&$a){ } +function navbar_complete(&$a) { + +// logger('navbar_complete'); + + $dirmode = intval(get_config('system','directory_mode')); + $search = ((x($_REQUEST,'query')) ? htmlentities($_REQUEST['query'],ENT_COMPAT,'UTF-8',false) : ''); + if(! $search || mb_strlen($search) < 2) + return array(); + + $star = false; + $address = false; + + if(substr($search,0,1) === '@') + $search = substr($search,1); + + if(substr($search,0,1) === '*') { + $star = true; + $search = substr($search,1); + } + + if(strpos($search,'@') !== false) { + $address = true; + } + + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { + $url = z_root() . '/dirsearch'; + } + + if(! $url) { + $directory = find_upstream_directory($dirmode); + + if($directory) { + $url = $directory['url']; + } + else { + $url = DIRECTORY_FALLBACK_MASTER . '/dirsearch'; + } + } + + if($url) { + $query = $url . '?f=' ; + $query .= '&name=' . urlencode($search) . '&limit=50' . (($address) ? '&address=' . urlencode($search) : ''); + + $x = z_fetch_url($query); + if($x['success']) { + $t = 0; + $j = json_decode($x['body'],true); + if($j && $j['results']) { + return $j['results']; + } + } + } + return array(); +}
\ No newline at end of file diff --git a/mod/chanview.php b/mod/chanview.php index 1de4f4e1b..92ed757f9 100644 --- a/mod/chanview.php +++ b/mod/chanview.php @@ -1,9 +1,11 @@ <?php require_once('include/Contact.php'); +require_once('include/zot.php'); function chanview_content(&$a) { + $observer = $a->get_observer(); $xchan = null; $r = null; @@ -13,6 +15,11 @@ function chanview_content(&$a) { dbesc($_REQUEST['hash']) ); } + if($_REQUEST['address']) { + $r = q("select * from xchan where xchan_addr = '%s' limit 1", + dbesc($_REQUEST['address']) + ); + } elseif(local_user() && intval($_REQUEST['cid'])) { $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash @@ -25,22 +32,61 @@ function chanview_content(&$a) { $r = q("select * from xchan where xchan_url = '%s' limit 1", dbesc($_REQUEST['url']) ); - if(! $r) - $r = array(array('xchan_url' => $_REQUEST['url'])); } if($r) { $xchan = $r[0]; - if($xchan['xchan_hash']) - $a->set_widget('vcard',vcard_from_xchan($xchan)); + } + + + + // Here, let's see if we have an xchan. If we don't, how we proceed is determined by what + // info we do have. If it's a URL, we can offer to visit it directly. If it's a webbie or + // address, we can and should try to import it. If it's just a hash, we can't continue, but we + // probably wouldn't have a hash if we don't already have an xchan for this channel. + if(! $xchan) { + logger('mod_chanview: fallback'); + // This is hackish - construct a zot address from the url + if($_REQUEST['url']) { + if(preg_match('/https?\:\/\/(.*?)(\/channel\/|\/profile\/)(.*?)$/ism',$_REQUEST['url'],$matches)) { + $_REQUEST['address'] = $matches[3] . '@' . $matches[1]; + } + logger('mod_chanview: constructed address ' . print_r($matches,true)); + } + + if($_REQUEST['address']) { + $ret = zot_finger($_REQUEST['address'],null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + $r = q("select * from xchan where xchan_addr = '%s' limit 1", + dbesc($_REQUEST['address']) + ); + if($r) + $xchan = $r[0]; + } + + } } - else { - notice( t('No valid channel provided.') . EOL); + + if(! $xchan) { + notice( t('Channel not found.') . EOL); return; } + if($xchan['xchan_hash']) + $a->set_widget('vcard',vcard_from_xchan($xchan)); + + $url = (($observer) + ? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] + : $xchan['xchan_url'] + ); + + + $o = replace_macros(get_markup_template('chanview.tpl'),array( - '$url' => z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] + '$url' => $url )); return $o; diff --git a/mod/connections.php b/mod/connections.php index a12f51e68..0a2edb4cd 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -34,7 +34,7 @@ function connections_aside(&$a) { $a->set_widget('follow', follow_widget()); } - $a->set_widget('collections', group_side('connnections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_id'] : ''))); + $a->set_widget('collections', group_side('connnections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : ''))); $a->set_widget('findpeople',findpeople_widget()); } diff --git a/mod/contactgroup.php b/mod/contactgroup.php index bf81afe07..4b46605a6 100644 --- a/mod/contactgroup.php +++ b/mod/contactgroup.php @@ -4,27 +4,27 @@ require_once('include/group.php'); function contactgroup_content(&$a) { - if(! local_user()) { killme(); } - if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) { - $r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1", - intval($a->argv[2]), - intval(local_user()) + if((argc() > 2) && (intval(argv(1))) && (argv(2))) { + $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1", + dbesc(argv(2)), + intval(local_user()), + intval(ABOOK_FLAG_SELF) ); - if(count($r)) - $change = intval($a->argv[2]); + if($r) + $change = $r[0]['abook_xchan']; } - if(($a->argc > 1) && (intval($a->argv[1]))) { + if((argc() > 1) && (intval(argv(1)))) { $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", - intval($a->argv[1]), + intval(argv(1)), intval(local_user()) ); - if(! count($r)) { + if(! $r) { killme(); } @@ -33,7 +33,7 @@ function contactgroup_content(&$a) { $preselected = array(); if(count($members)) { foreach($members as $member) - $preselected[] = $member['id']; + $preselected[] = $member['xchan_hash']; } if($change) { diff --git a/mod/directory.php b/mod/directory.php index c9332f447..f2d9e1e02 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -38,148 +38,145 @@ function directory_content(&$a) { $dirmode = intval(get_config('system','directory_mode')); -// if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { -// $localdir = true; -// return; -// } - -// FIXME -$localdir = true; - - - if(! $localdir) { + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { + $url = z_root() . '/dirsearch'; + } + if(! $url) { $directory = find_upstream_directory($dirmode); if($directory) { $url = $directory['url']; } else { - $url = DIRECTORY_FALLBACK_MASTER . '/post'; + $url = DIRECTORY_FALLBACK_MASTER . '/dirsearch'; } } - - - if($localdir) { + if($url) { + $query = $url . '?f=' ; if($search) - $search = dbesc($search); - $sql_extra = ((strlen($search)) ? " AND MATCH ( xchan_name, xchan_addr, xprof_desc, xprof_locale, xprof_region, xprof_country, xprof_gender, xprof_marital ) AGAINST ('$search' IN BOOLEAN MODE) " : ""); + $query .= '&name=' . urlencode($search); + if(strpos($search,'@')) + $query .= '&address=' . urlencode($search); - // group_concat(xtag_term separator ', ') as tags - $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash $sql_extra"); - if($r) - $a->set_pager_total($r[0]['total']); + if($a->pager['page'] != 1) + $query .= '&p=' . $a->pager['page']; - $order = " ORDER BY `xchan_name` ASC "; + logger('mod_directory: query: ' . $query); + $x = z_fetch_url($query); + logger('directory: return from upstream: ' . print_r($x,true)); - $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash $sql_extra $order LIMIT %d , %d ", - intval($a->pager['start']), - intval($a->pager['itemspage']) - ); + if($x['success']) { + $t = 0; + $j = json_decode($x['body'],true); + if($j) { + if($j['results']) { - if($r) { + $entries = array(); - $entries = array(); + $photo = 'thumb'; - $photo = 'thumb'; + foreach($j['results'] as $rr) { - foreach($r as $rr) { - - $profile_link = chanlink_hash($rr['xchan_hash']); + $profile_link = chanlink_url($rr['url']); - $pdesc = (($rr['xprof_desc']) ? $rr['xprof_desc'] . '<br />' : ''); - - $details = ''; - if(strlen($rr['xprof_locale'])) - $details .= $rr['xprof_locale']; - if(strlen($rr['xprof_region'])) { - if(strlen($rr['xprof_locale'])) - $details .= ', '; - $details .= $rr['xprof_region']; - } - if(strlen($rr['xprof_country'])) { - if(strlen($details)) - $details .= ', '; - $details .= $rr['xprof_country']; - } - if(strlen($rr['xprof_dob'])) { - if(($years = age($rr['xprof_dob'],'UTC','')) != 0) - $details .= '<br />' . t('Age: ') . $years ; - } - if(strlen($rr['xprof_gender'])) - $details .= '<br />' . t('Gender: ') . $rr['xprof_gender']; - - $page_type = ''; - - $profile = $rr; - - if ((x($profile,'xprof_locale') == 1) - || (x($profile,'xprof_region') == 1) - || (x($profile,'xprof_postcode') == 1) - || (x($profile,'xprof_country') == 1)) - $location = t('Location:'); + $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); + + $details = ''; + if(strlen($rr['locale'])) + $details .= $rr['locale']; + if(strlen($rr['region'])) { + if(strlen($rr['locale'])) + $details .= ', '; + $details .= $rr['region']; + } + if(strlen($rr['country'])) { + if(strlen($details)) + $details .= ', '; + $details .= $rr['country']; + } + if(strlen($rr['birthday'])) { + if(($years = age($rr['birthday'],'UTC','')) != 0) + $details .= '<br />' . t('Age: ') . $years ; + } + if(strlen($rr['gender'])) + $details .= '<br />' . t('Gender: ') . $rr['gender']; + + $page_type = ''; + + $profile = $rr; + + if ((x($profile,'locale') == 1) + || (x($profile,'region') == 1) + || (x($profile,'postcode') == 1) + || (x($profile,'country') == 1)) + $location = t('Location:'); + + $gender = ((x($profile,'gender') == 1) ? t('Gender:') : False); + + $marital = ((x($profile,'marital') == 1) ? t('Status:') : False); + + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False); - $gender = ((x($profile,'xprof_gender') == 1) ? t('Gender:') : False); + $about = ((x($profile,'about') == 1) ? t('About:') : False); + - $marital = ((x($profile,'marital') == 1) ? t('Status:') : False); + $entry = array( + 'id' => ++$t, + 'profile_link' => $profile_link, + 'photo' => $rr['photo'], + 'alttext' => $rr['name'] . ' ' . $rr['address'], + 'name' => $rr['name'], + 'details' => $pdesc . $details, + 'profile' => $profile, + 'location' => $location, + 'gender' => $gender, + 'pdesc' => $pdesc, + 'marital' => $marital, + 'homepage' => $homepage, + 'about' => $about, - $homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False); + ); - $about = ((x($profile,'about') == 1) ? t('About:') : False); - - $t = 0; - - $entry = array( - 'id' => ++$t, - 'profile_link' => $profile_link, - 'photo' => $rr[xchan_photo_m], - 'alttext' => $rr['xchan_name'], - 'name' => $rr['xchan_name'], - 'details' => $pdesc . $details, - 'profile' => $profile, - 'location' => $location, - 'gender' => $gender, - 'pdesc' => $pdesc, - 'marital' => $marital, - 'homepage' => $homepage, - 'about' => $about, - - ); - - $arr = array('contact' => $rr, 'entry' => $entry); - - call_hooks('directory_item', $arr); - - unset($profile); - unset($location); + $arr = array('contact' => $rr, 'entry' => $entry); - $entries[] = $entry; + call_hooks('directory_item', $arr); + + $entries[] = $entry; - } + unset($profile); + unset($location); - logger('entries: ' . print_r($entries,true)); - $o .= replace_macros($tpl, array( - '$search' => $search, - '$desc' => t('Find'), - '$finddsc' => t('Finding:'), - '$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'), - '$entries' => $entries, - '$dirlbl' => t('Directory'), - '$submit' => t('Find') - )); + } + logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA); - $o .= paginate($a); + $o .= replace_macros($tpl, array( + '$search' => $search, + '$desc' => t('Find'), + '$finddsc' => t('Finding:'), + '$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'), + '$entries' => $entries, + '$dirlbl' => t('Directory'), + '$submit' => t('Find') + )); - } - else - info( t("No entries (some entries may be hidden).") . EOL); + $o .= alt_pager($a,$j['records'], t('more'), t('back')); + } + else { + if($a->pager['page'] == 1 && $j['records'] == 0 && strpos($search,'@')) { + goaway(z_root() . '/chanview/?f=&address=' . $search); + } + info( t("No entries (some entries may be hidden).") . EOL); + } + } + } } - return $o; } + diff --git a/mod/dirsearch.php b/mod/dirsearch.php index 30a1fadae..1dbe60499 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -4,7 +4,7 @@ require_once('include/dir_fns.php'); function dirsearch_init(&$a) { - $a->set_pager_itemspage(60); + $a->set_pager_itemspage(80); } @@ -14,16 +14,12 @@ function dirsearch_content(&$a) { // If you've got a public directory server, you probably shouldn't block public access - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - $ret['message'] = t('Public access denied.'); - return; - } $dirmode = intval(get_config('system','directory_mode')); if($dirmode == DIRECTORY_MODE_NORMAL) { $ret['message'] = t('This site is not a directory server'); - return; + json_return_and_die($ret); } $name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''); @@ -36,49 +32,66 @@ function dirsearch_content(&$a) { $marital = ((x($_REQUEST,'marital')) ? $_REQUEST['marital'] : ''); $keywords = ((x($_REQUEST,'keywords')) ? $_REQUEST['keywords'] : ''); +// TODO - a meta search which joins all of these things to one search string $sql_extra = ''; if($name) - $sql_extra .= " AND xchan_name like '" . protect_sprintf( '%' . dbesc($name) . '%' ) . "' "; - if($addr) - $sql_extra .= " AND xchan_addr like '" . protect_sprintf( '%' . dbesc($addr) . '%' ) . "' "; + $sql_extra .= " OR xchan_name like '" . protect_sprintf( '%' . dbesc($name) . '%' ) . "' "; + if($address) + $sql_extra .= " OR xchan_addr like '" . protect_sprintf( '%' . dbesc($address) . '%' ) . "' "; if($city) - $sql_extra .= " AND xprof_locale like '" . protect_sprintf( '%' . dbesc($city) . '%' ) . "' "; + $sql_extra .= " OR xprof_locale like '" . protect_sprintf( '%' . dbesc($city) . '%' ) . "' "; if($region) - $sql_extra .= " AND xprof_region like '" . protect_sprintf( '%' . dbesc($region) . '%' ) . "' "; + $sql_extra .= " OR xprof_region like '" . protect_sprintf( '%' . dbesc($region) . '%' ) . "' "; if($post) - $sql_extra .= " AND xprof_postcode like '" . protect_sprintf( '%' . dbesc($post) . '%' ) . "' "; + $sql_extra .= " OR xprof_postcode like '" . protect_sprintf( '%' . dbesc($post) . '%' ) . "' "; if($country) - $sql_extra .= " AND xprof_country like '" . protect_sprintf( '%' . dbesc($country) . '%' ) . "' "; + $sql_extra .= " OR xprof_country like '" . protect_sprintf( '%' . dbesc($country) . '%' ) . "' "; if($gender) - $sql_extra .= " AND xprof_gender like '" . protect_sprintf( '%' . dbesc($gender) . '%' ) . "' "; + $sql_extra .= " OR xprof_gender like '" . protect_sprintf( '%' . dbesc($gender) . '%' ) . "' "; if($marital) - $sql_extra .= " AND xprof_marital like '" . protect_sprintf( '%' . dbesc($marital) . '%' ) . "' "; + $sql_extra .= " OR xprof_marital like '" . protect_sprintf( '%' . dbesc($marital) . '%' ) . "' "; if($keywords) - $sql_extra .= " AND xprof_keywords like '" . protect_sprintf( '%' . dbesc($keywords) . '%' ) . "' "; + $sql_extra .= " OR xprof_keywords like '" . protect_sprintf( '%' . dbesc($keywords) . '%' ) . "' "; $perpage = (($_REQUEST['n']) ? $_REQUEST['n'] : 80); $page = (($_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0); $startrec = (($page+1) * $perpage) - $perpage; + $limit = (($_REQUEST['limit']) ? intval($_REQUEST['limit']) : 0); + $return_total = ((x($_REQUEST,'return_total')) ? intval($_REQUEST['return_total']) : 0); // ok a separate tag table won't work. // merge them into xprof $ret['success'] = true; - $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra"); - if($r) { - $ret['total_items'] = $r[0]['total']; + // If &limit=n, return at most n entries + // If &return_total=1, we count matching entries and return that as 'total_items' for use in pagination. + // By default we return one page (default 80 items maximum) and do not count total entries + + $logic = ((strlen($sql_extra)) ? 0 : 1); +dbg(1); + if($limit) + $qlimit = " LIMIT $limit "; + else { + $qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage); + if($return_total) { + $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d) ", + intval(XCHAN_FLAGS_HIDDEN) + ); + if($r) { + $ret['total_items'] = $r[0]['total']; + } + } } - $order = " ORDER BY `xchan_name` ASC "; + $order = " ORDER BY `xchan_name` ASC "; - $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra $order LIMIT %d , %d ", - intval($startrec), - intval($perpage) + $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d ) $order $qlimit ", + intval(XCHAN_FLAGS_HIDDEN) ); - +dbg(0); $ret['page'] = $page + 1; $ret['records'] = count($r); diff --git a/mod/group.php b/mod/group.php index 91b9999dc..6c9b8d78c 100644 --- a/mod/group.php +++ b/mod/group.php @@ -201,7 +201,7 @@ function group_content(&$a) { $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); foreach($members as $member) { if($member['xchan_url']) { - $member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return true;'; + $member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return false;'; $groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode); } else @@ -219,7 +219,7 @@ function group_content(&$a) { $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); foreach($r as $member) { if(! in_array($member['xchan_hash'],$preselected)) { - $member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return true;'; + $member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return false;'; $groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode); } } diff --git a/mod/intro.php b/mod/intro.php index dd98a6c7b..5b660485a 100644 --- a/mod/intro.php +++ b/mod/intro.php @@ -6,9 +6,10 @@ function intro_post(&$a) { if(! intval($_REQUEST['contact_id'])) return; + $approved = false; $flags = 0; if($_REQUEST['submit'] == t('Approve')) { - ; + $approved = true; } elseif($_REQUEST['submit'] == t('Block')) { $flags = ABOOK_FLAG_BLOCKED; @@ -29,6 +30,10 @@ function intro_post(&$a) { else notice( t('Connection update failed.') . EOL); + if($approved) + goaway(z_root() . '/connections/' . $_REQUEST['contact_id']); + + } function intro_aside(&$a) { diff --git a/mod/item.php b/mod/item.php index f42de79f0..48715a0f4 100644 --- a/mod/item.php +++ b/mod/item.php @@ -889,29 +889,33 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { } } if($tagcid) { //if there was an id + //select contact with that id from the logged in user's contact list - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($tagcid), intval($profile_uid) ); + } else { $newname = str_replace('_',' ',$name); //select someone from this user's contacts by name - $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM abook left join xchan on abook_xchan - xchan_hash + WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname), intval($profile_uid) ); if(! $r) { //select someone by attag or nick and the name passed in - $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", +/* $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", dbesc($name), dbesc($name), intval($profile_uid) ); - } +*/ } } /* } elseif(strstr($name,'_') || strstr($name,' ')) { //no id //get the real name @@ -931,16 +935,8 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { }*/ //$r is set, if someone could be selected if(count($r)) { - $profile = $r[0]['url']; - //set newname to nick, find alias - if($r[0]['network'] === 'stat') { - $newname = $r[0]['nick']; - $stat = true; - if($r[0]['alias']) - $alias = $r[0]['alias']; - } - else - $newname = $r[0]['name']; + $profile = chanlink_url($r[0]['xchan_url']); + $newname = $r[0]['xchan_name']; //add person's id to $inform if(strlen($inform)) $inform .= ','; @@ -952,7 +948,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { $replaced = true; //create profile link $profile = str_replace(',','%2c',$profile); - $url = $profile; + $url = chanlink_url($profile); $newtag = '@[url=' . $profile . ']' . $newname . '[/url]'; $body = str_replace('@' . $name, $newtag, $body); //append tag to str_tags diff --git a/mod/lockview.php b/mod/lockview.php index 0307103f8..01a6997ee 100644 --- a/mod/lockview.php +++ b/mod/lockview.php @@ -3,12 +3,12 @@ function lockview_content(&$a) { - $type = (($a->argc > 1) ? $a->argv[1] : 0); + $type = ((argc() > 1) ? argv(1) : 0); if (is_numeric($type)) { $item_id = intval($type); $type='item'; } else { - $item_id = (($a->argc > 2) ? intval($a->argv[2]) : 0); + $item_id = ((argc() > 2) ? intval(argv(2)) : 0); } if(! $item_id) @@ -17,20 +17,20 @@ function lockview_content(&$a) { if (!in_array($type, array('item','photo','event'))) killme(); - $r = q("SELECT * FROM `%s` WHERE `id` = %d LIMIT 1", + $r = q("SELECT * FROM %s WHERE id = %d LIMIT 1", dbesc($type), intval($item_id) ); - if(! count($r)) + if(! $r) killme(); + $item = $r[0]; + if($item['uid'] != local_user()) killme(); - - if(($item['private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) + if(($item['item_private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) && (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) { - echo t('Remote privacy information not available.') . '<br />'; killme(); } @@ -43,40 +43,34 @@ function lockview_content(&$a) { $o = t('Visible to:') . '<br />'; $l = array(); + stringify_array_elms($allowed_groups,true); + stringify_array_elms($allowed_users,true); + stringify_array_elms($deny_groups,true); + stringify_array_elms($deny_users,true); + if(count($allowed_groups)) { - $r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )", - dbesc(implode(', ', $allowed_groups)) - ); - if(count($r)) + $r = q("SELECT name FROM group WHERE hash IN ( " . implode(', ', $allowed_groups) . " )"); + if($r) foreach($r as $rr) $l[] = '<b>' . $rr['name'] . '</b>'; } if(count($allowed_users)) { - $r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )", - dbesc(implode(', ',$allowed_users)) - ); - if(count($r)) + $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )"); + if($r) foreach($r as $rr) - $l[] = $rr['name']; - + $l[] = $rr['xchan_name']; } - if(count($deny_groups)) { - $r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )", - dbesc(implode(', ', $deny_groups)) - ); - if(count($r)) + $r = q("SELECT name FROM group WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); + if($r) foreach($r as $rr) $l[] = '<b><strike>' . $rr['name'] . '</strike></b>'; } if(count($deny_users)) { - $r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )", - dbesc(implode(', ',$deny_users)) - ); - if(count($r)) + $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )"); + if($r) foreach($r as $rr) - $l[] = '<strike>' . $rr['name'] . '</strike>'; - + $l[] = '<strike>' . $rr['xchan_name'] . '</strike>'; } echo $o . implode(', ', $l); diff --git a/mod/magic.php b/mod/magic.php index b74130005..c5aeb4c8e 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -4,58 +4,81 @@ function magic_init(&$a) { - $url = ((x($_REQUEST,'url')) ? $_REQUEST['url'] : ''); $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); $hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : ''); $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); + if($hash) { + $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash + where hublock_hash = '%s' and (hubloc_flags & %d) limit 1", + intval(HUBLOC_FLAGS_PRIMARY) + ); + } + elseif($addr) { + $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash + where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", + dbesc($addr), + intval(HUBLOC_FLAGS_PRIMARY) + ); + } - if(local_user()) { + if(! $x) { - if($hash) { - $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hublock_hash = '%s' and (hubloc_flags & %d) limit 1", - intval(HUBLOC_FLAGS_PRIMARY) - ); - } - elseif($addr) { - $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", - dbesc($addr), - intval(HUBLOC_FLAGS_PRIMARY) - ); - } + // Finger them if they've never been seen here before - if(! $x) { - notice( t('Channel not found.') . EOL); - return; + if($addr) { + $ret = zot_finger($addr,null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash + where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", + dbesc($addr), + intval(HUBLOC_FLAGS_PRIMARY) + ); + } } + } - if($x[0]['hubloc_url'] === z_root()) { - $webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr'])); - switch($dest) { - case 'channel': - $desturl = z_root() . '/channel/' . $webbie; - break; - case 'photos': - $desturl = z_root() . '/photos/' . $webbie; - break; - case 'profile': - $desturl = z_root() . '/profile/' . $webbie; - break; - default: - $desturl = $dest; - break; - } - // We are already authenticated on this site and a registered observer. - // Just redirect. - goaway($desturl); + if(! $x) { + notice( t('Channel not found.') . EOL); + return; + } + + if($x[0]['hubloc_url'] === z_root()) { + $webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr'])); + switch($dest) { + case 'channel': + $desturl = z_root() . '/channel/' . $webbie; + break; + case 'photos': + $desturl = z_root() . '/photos/' . $webbie; + break; + case 'profile': + $desturl = z_root() . '/profile/' . $webbie; + break; + default: + $desturl = $dest; + break; } + // We are already authenticated on this site and a registered observer. + // Just redirect. + goaway($desturl); + } + + if(local_user()) { + $channel = $a->get_channel(); $token = random_string(); + $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); + + $channel['token'] = $token; + $channel['token_sig'] = $token_sig; + $recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])); - $channel = $a->get_channel(); + $hash = random_string(); $r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')", @@ -66,25 +89,12 @@ function magic_init(&$a) { dbesc(datetime_convert()) ); - $packet = zot_build_packet($channel,'auth',$recip,$x[0]['hubloc_sitekey'],$hash); - $result = zot_zot($x[0]['hubloc_callback'],$packet); - if($result['success']) { - $j = json_decode($result['body'],true); - if($j['iv']) { - $y = aes_unencapsulate($j,$channel['prvkey']); - $j = json_decode($y,true); - } - if($j['token'] && $j['ticket'] && $j['token'] === $token) { - $r = q("delete from verify where token = '%s' and type = '%s' and channel = %d limit 1", - dbesc($token), - dbesc('auth'), - intval($channel['channel_id']) - ); - goaway($x[0]['callback'] . '?f=&ticket=' . $ticket . '&dest=' . $dest); - } - } - goaway($dest); + goaway($x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@')) + . '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname() + . '&sec=' . $token . '&dest=' . $dest . '&version=' . ZOT_REVISION); } + if(strpos($dest,'/')) + goaway($dest); goaway(z_root()); } diff --git a/mod/photos.php b/mod/photos.php index 90f436699..eaf35cc20 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -30,7 +30,7 @@ function photos_init(&$a) { $o .= '<div class="vcard">'; $o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>'; - $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>'; + $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id'] . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>'; $o .= '</div>'; @@ -790,7 +790,9 @@ function photos_post(&$a) { $photo_hash = photo_new_resource(); - $r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $page_owner_aid = $a->data['channel']['channel_account_id']; + + $r = $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); if(! $r) { logger('mod/photos.php: photos_post(): image store failed' , LOGGER_DEBUG); @@ -800,13 +802,13 @@ function photos_post(&$a) { if($width > 640 || $height > 640) { $ph->scaleImage(640); - $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 1; } if($width > 320 || $height > 320) { $ph->scaleImage(320); - $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 2; } @@ -928,6 +930,7 @@ function photos_content(&$a) { $contact_id = 0; $owner_uid = $a->data['channel']['channel_id']; + $owner_aid = $a->data['channel']['channel_account_id']; $community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false); diff --git a/mod/poco.php b/mod/poco.php index c0dc2e133..f87bd8a68 100644 --- a/mod/poco.php +++ b/mod/poco.php @@ -7,7 +7,6 @@ function poco_init(&$a) { if(intval(get_config('system','block_public'))) http_status_exit(401); - $observer = $a->get_observer(); if(argc() > 1) { @@ -15,7 +14,7 @@ function poco_init(&$a) { } if(! x($user)) { $c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1"); - if(! count($c)) + if(! $c) http_status_exit(401); $system_mode = true; } diff --git a/mod/post.php b/mod/post.php index 53180e1c1..36b2e1482 100644 --- a/mod/post.php +++ b/mod/post.php @@ -6,6 +6,111 @@ require_once('include/zot.php'); + + +function post_init(&$a) { + + // All other access to this endpoint is via the post method. + // Here we will pick out the magic auth params which arrive + // as a get request. + + if(argc() > 1) { + + $webbie = argv(1); + + if(array_key_exists('auth',$_REQUEST)) { + + $address = $_REQUEST['auth']; + $dest = $_REQUEST['dest']; + $sec = $_REQUEST['sec']; + $version = $_REQUEST['version']; + + switch($dest) { + case 'channel': + $desturl = z_root() . '/channel/' . $webbie; + break; + case 'photos': + $desturl = z_root() . '/photos/' . $webbie; + break; + case 'profile': + $desturl = z_root() . '/profile/' . $webbie; + break; + default: + $desturl = $dest; + break; + } + $c = q("select * from channel where channel_address = '%s' limit 1", + dbesc($webbie) + ); + if(! $c) { + logger('mod_zot: auth: unable to find channel ' . $webbie); + // They'll get a notice when they hit the page, we don't need two. + goaway($desturl); + } + + // Try and find a hubloc for the person attempting to auth + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", + dbesc($address) + ); + + if(! $x) { + // finger them if they can't be found. + $ret = zot_finger($addr,null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", + dbesc($address) + ); + } + } + if(! $x) + goaway($desturl); + + // check credentials and access + + // Auth packets MUST use ultra top-secret hush-hush mode + + $p = zot_build_packet($c[0],$type = 'auth_check',array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); + $result = zot_zot($x[0]['hubloc_callback'],$p); + + if($result['success']) { + $j = json_decode($result['body'],true); + if($j['result']) { + // everything is good... maybe + if(local_user()) { + notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry') . EOL); + goaway($desturl); + } + // log them in + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $x[0]['xchan_hash']; + $a->set_observer($x[0]); + require_once('include/security.php'); + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); + } + } + + + + + + + goaway($desturl); + } + + logger('mod_zot: invalid args: ' . print_r($a->argv,true)); + killme(); + } + + return; +} + + + + function post_post(&$a) { @@ -165,6 +270,51 @@ function post_post(&$a) { } -} + if($msgtype === 'auth_check') { + $arr = $data['sender']; + $sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); + + $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", + dbesc($sender_hash) + ); + if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { + logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); + json_return_and_die($ret); + } + if($data['recipients']) { + + $arr = $data['recipients'][0]; + $recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); + $c = q("select channel_id from channel where channel_hash = '%s' limit 1", + dbesc($recip_hash) + ); + if(! $c) { + logger('mod_zot: auth_check: recipient channel not found.'); + json_return_and_die($ret); + } + $z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' limit 1", + intval($c[0]['channel_id']), + dbesc($data['secret']) + ); + if(! $z) { + logger('mod_zot: auth_check: verification key not found.'); + json_return_and_die($ret); + } + $r = q("delete from verify where id = %d limit 1", + intval($z[0]['id']) + ); + + $ret['result'] = true; + json_return_and_die($ret); + } + json_return_and_die($ret); + } + + + // catchall + json_return_and_die($ret); + + +} diff --git a/mod/profile_photo.php b/mod/profile_photo.php index d1e24269a..1bee046d1 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -81,8 +81,9 @@ function profile_photo_post(&$a) { $im = new Photo($base_image['data'], $base_image['type']); if($im->is_valid()) { $im->cropImage(175,$srcX,$srcY,$srcW,$srcH); + $aid = get_account_id(); - $r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], + $r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], t('Profile Photos'), 4, $is_default_profile); if($r === false) @@ -90,7 +91,7 @@ function profile_photo_post(&$a) { $im->scaleImage(80); - $r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], + $r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], t('Profile Photos'), 5, $is_default_profile); if($r === false) @@ -98,7 +99,7 @@ function profile_photo_post(&$a) { $im->scaleImage(48); - $r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], + $r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], t('Profile Photos'), 6, $is_default_profile); if($r === false) @@ -308,7 +309,7 @@ function profile_photo_crop_ui_head(&$a, $ph){ $smallest = 0; - $r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 0 ); + $r = $ph->store(get_account_id(), local_user(), '', $hash, $filename, t('Profile Photos'), 0 ); if($r) info( t('Image uploaded successfully.') . EOL ); @@ -317,7 +318,7 @@ function profile_photo_crop_ui_head(&$a, $ph){ if($width > 640 || $height > 640) { $ph->scaleImage(640); - $r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 1 ); + $r = $ph->store(get_account_id(), local_user(), '' , $hash, $filename, t('Profile Photos'), 1 ); if($r === false) notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL ); diff --git a/mod/profiles.php b/mod/profiles.php index 12c86e3a2..e857c4216 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -620,7 +620,7 @@ function profiles_content(&$a) { foreach($r as $rr) { $o .= replace_macros($tpl, array( - '$photo' => $a->get_cached_avatar_image($rr['thumb']), + '$photo' => $rr['thumb'], '$id' => $rr['id'], '$alt' => t('Profile Image'), '$profile_name' => $rr['profile_name'], diff --git a/mod/search.php b/mod/search.php index 6f40ad4b0..7a0f4205d 100644 --- a/mod/search.php +++ b/mod/search.php @@ -113,8 +113,13 @@ function search_content(&$a) { $search = substr($search,1); } if(strpos($search,'@') === 0) { - require_once('mod/dirfind.php'); - return dirfind_content($a); + $search = substr($search,1); + goaway(z_root() . '/directory' . '?f=1&search=' . $search); + } + + // look for a naked webbie + if(strpos($search,'@') !== false) { + goaway(z_root() . '/directory' . '?f=1&search=' . $search); } if(! $search) @@ -186,11 +191,10 @@ function search_content(&$a) { if($load) { $r = q("SELECT distinct(uri), item.* from item WHERE item_restrict = 0 - AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND not ( item_flags & %d )) + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) OR ( `item`.`uid` = %d )) $sql_extra group by uri ORDER BY created DESC $pager_sql ", - intval(ITEM_PRIVATE), intval(local_user()), intval(ABOOK_FLAG_BLOCKED) diff --git a/mod/wall_attach.php b/mod/wall_attach.php index 5d9331ed0..865605313 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -13,13 +13,13 @@ function wall_attach_post(&$a) { $r = q("SELECT channel.* from channel where channel_address = '%s' limit 1", dbesc($nick) ); - if(! ($r && count($r))) - return; + if(! $r) + killme(); $channel = $r[0]; } else - return; + killme(); $can_post = false; @@ -29,43 +29,10 @@ function wall_attach_post(&$a) { $page_owner_uid = $channel['channel_id']; + $observer = $a->get_observer(); -// $page_owner_cid = $r[0]['id']; -// $page_owner_nick = $r[0]['nickname']; -// $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); - - if((local_user()) && (local_user() == $page_owner_uid)) - $can_post = true; - -// FIXME for forum and guests -// else { -// if($community_page && remote_user()) { -// $cid = 0; -// if(is_array($_SESSION['remote'])) { -// foreach($_SESSION['remote'] as $v) { -// if($v['uid'] == $page_owner_uid) { -// $cid = $v['cid']; -// break; -// } -// } -// } -// if($cid) {// - -// $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", -// intval($cid), -// intval($page_owner_uid) -// ); -// if(count($r)) { -// $can_post = true; -// $visitor = $cid; -// } -// } -// } -// } - - - if(! $can_post) { - notice( t('Permission denied.') . EOL ); + if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'write_storage')) { + notice( t('Permission denied.') . EOL); killme(); } @@ -81,28 +48,28 @@ function wall_attach_post(&$a) { if(($maxfilesize) && ($filesize > $maxfilesize)) { notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL); @unlink($src); - return; + killme(); } - $r = q("select sum(octet_length(data)) as total from attach where uid = %d ", - intval($page_owner_uid) - ); - $limit = service_class_fetch($page_owner_uid,'attach_upload_limit'); - - if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) { - echo upgrade_message(true) . EOL ; - @unlink($src); - killme(); + if($limit !== false) { + $r = q("select sum(filesize) as total from attach where uid = %d ", + intval($page_owner_uid) + ); + if(($r) && (($r[0]['total'] + strlen($imagedata)) > $limit)) { + echo upgrade_message(true) . EOL ; + @unlink($src); + killme(); + } } - $filedata = @file_get_contents($src); $mimetype = z_mime_content_type($filename); $hash = random_string(); $created = datetime_convert(); - $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` ) - VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO `attach` ( `aid`, `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` ) + VALUES ( %d, %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + intval($channel['channel_account_id']), intval($page_owner_uid), dbesc($hash), dbesc($filename), diff --git a/mod/wall_upload.php b/mod/wall_upload.php index c695f9b3e..a3dcf9a0b 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -2,72 +2,58 @@ require_once('Photo.php'); + + + function wall_upload_post(&$a) { - if(argc() > 1) { - if(! x($_FILES,'media')) { + $using_api = ((x($_FILES,'media')) ? true : false); + + if($using_api) { + require_once('include/api.php'); + $user_info = api_get_user($a); + $nick = $user_info['screen_name']; + } + else { + if(argc() > 1) $nick = argv(1); - } - else { - $user_info = api_get_user($a); - $nick = $user_info['screen_name']; - } + } + + $channel = null; + + if($nick) { $r = q("SELECT channel.* from channel where channel_address = '%s' limit 1", dbesc($nick) ); - if(! ($r && count($r))) - return; - $channel = $r[0]; + if($r) + $channel = $r[0]; } - else - return; + if(! $channel) { + if($using_api) + return; + else { + notice( t('Channel not found.') . EOL); + killme(); + } + } $can_post = false; $visitor = 0; + $page_owner_uid = $r[0]['channel_id']; -// $default_cid = $r[0]['id']; - - $page_owner_nick = $r[0]['channel_address']; - -// $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); - - if((local_user()) && (local_user() == $page_owner_uid)) - $can_post = true; - -// else { -// if($community_page && remote_user()) { -// $cid = 0; -// if(is_array($_SESSION['remote'])) { -// foreach($_SESSION['remote'] as $v) { -// if($v['uid'] == $page_owner_uid) { -// $cid = $v['cid']; -// break; -// } -// } -// } -// if($cid) { - -// $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", -// intval($cid), -// intval($page_owner_uid) -// ); -// if(count($r)) { -// $can_post = true; -// $visitor = $cid; -// } -// } -// } -// } - - if(! $can_post) { - notice( t('Permission denied.') . EOL ); - killme(); - } - - if(! x($_FILES,'userfile') && ! x($_FILES,'media')) - killme(); + + $observer = $a->get_observer(); + + if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'post_photos')) { + if($using_api) + return; + else { + notice( t('Permission denied.') . EOL); + killme(); + } + } if(x($_FILES,'userfile')) { $src = $_FILES['userfile']['tmp_name']; @@ -81,36 +67,58 @@ function wall_upload_post(&$a) { $filesize = intval($_FILES['media']['size']); $filetype = $_FILES['media']['type']; } + else { + if($using_api) + return; + else { + notice( t('Empty upload.') . EOL); + killme(); + } + } + - if ($filetype=="") $filetype=guess_image_type($filename); + if($filetype == "") + $filetype=guess_image_type($filename); $maximagesize = get_config('system','maximagesize'); if(($maximagesize) && ($filesize > $maximagesize)) { - echo sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL; @unlink($src); - killme(); + if($using_api) + return; + else { + echo sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL; + killme(); + } } - $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", - intval($page_owner_uid) - ); $limit = service_class_fetch($page_owner_uid,'photo_upload_limit'); - - if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) { - echo upgrade_message(true) . EOL ; - @unlink($src); - killme(); + if($limit !== false) { + $r = q("select sum(size) as total from photo where uid = %d and scale = 0 ", + intval($page_owner_uid) + ); + if(($r) && (($r[0]['total'] + strlen($imagedata)) > $limit)) { + @unlink($src); + if($using_api) + return; + else { + echo upgrade_message(true) . EOL ; + killme(); + } + } } - $imagedata = @file_get_contents($src); $ph = new Photo($imagedata, $filetype); if(! $ph->is_valid()) { - echo ( t('Unable to process image.') . EOL); @unlink($src); - killme(); + if($using_api) + return; + else { + echo ( t('Unable to process image.') . EOL); + killme(); + } } $ph->orient($src); @@ -130,31 +138,36 @@ function wall_upload_post(&$a) { $smallest = 0; $defperm = '<' . $channel['channel_hash'] . '>'; + $aid = $channel['channel_account_id']; + $visitor = ((remote_user()) ? remote_user() : ''); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm); + $r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm); if(! $r) { - echo ( t('Image upload failed.') . EOL); - killme(); + if($using_api) + return; + else { + echo ( t('Image upload failed.') . EOL); + killme(); + } } if($width > 640 || $height > 640) { $ph->scaleImage(640); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm); + $r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm); if($r) $smallest = 1; } if($width > 320 || $height > 320) { $ph->scaleImage(320); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm); + $r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm); if($r) $smallest = 2; } $basename = basename($filename); - if($_REQUEST['silent']) { $m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}.".$ph->getExt()."[/img][/url]"; return($m); diff --git a/mod/zfinger.php b/mod/zfinger.php index 3452db68c..b7a89b12b 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -72,9 +72,9 @@ function zfinger_init(&$a) { $id = $e['channel_id']; $searchable = (($e['channel_pageflags'] & PAGE_HIDDEN) ? false : true); - + if($e['xchan_flags'] & XCHAN_FLAGS_HIDDEN) + $searchable = false; - // This is for birthdays and keywords, but must check access permissions $p = q("select * from profile where uid = %d and is_default = 1", intval($e['channel_id']) @@ -180,7 +180,7 @@ function zfinger_init(&$a) { elseif($dirmode == DIRECTORY_MODE_STANDALONE) $ret['site']['directory_mode'] = 'standalone'; if($dirmode != DIRECTORY_MODE_NORMAL) - $ret['site']['directory_url'] = z_root() . '/dir'; + $ret['site']['directory_url'] = z_root() . '/dirsearch'; json_return_and_die($ret); |