From 65542460456a13b8619c1175ed8a5b0d9a1acc83 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 16:01:14 -0800
Subject: add versioning info to basic identity export, create skeleton
 function for import

---
 include/identity.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 version.inc          |  2 +-
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/include/identity.php b/include/identity.php
index 94de192c6..a66929b63 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -201,6 +201,9 @@ function identity_basic_export($channel_id) {
 	 */
 
 	$ret = array();
+
+	$ret['compatibility'] = array('project' => FRIENDICA_PLATFORM, 'version' => FRIENDICA_VERSION, 'database' => DB_UPDATE_VERSION);
+
 	$r = q("select * from channel where channel_id = %d limit 1",
 		intval($channel_id)
 	);
@@ -240,4 +243,49 @@ function identity_basic_export($channel_id) {
 
 
 
+function identity_basic_import($arr, $seize_primary = false) {
+
+	$ret = array('result' => false );
+
+	if($arr['channel']) {
+		// import channel		
+
+		// create a new xchan (if necessary)
+
+		// create a new hubloc and seize control if applicable
+
+
+	}
+	if($arr['profile']) {
+		// FIXME - change profile assignment to a hash instead of an id we have to fix
+
+
+	}
+
+	if($arr['xchan']) {
+
+		// import any xchan and hubloc which are not yet available on this site
+		// Unset primary for all other hubloc on our own record if $seize_primary
+
+
+	}
+
+	if($arr['abook']) {
+		// import the abook entries
+
+
+	}
+
+
+	if($seize_primary) {
+
+		// send a refresh message to all our friends, telling them we've moved
+
+	}
+
+
+	$ret['result'] = true ;
+	return $ret;
+
 
+}
\ No newline at end of file
diff --git a/version.inc b/version.inc
index f7f909959..290052448 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-16.202
+2013-01-18.204
-- 
cgit v1.2.3


From af5666b791c10aaee68c82009c18e4b55a373937 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 18:03:15 -0800
Subject: unescaped apostrophe in single quoted string

---
 boot.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/boot.php b/boot.php
index f4c48dd3d..63c7325ea 100644
--- a/boot.php
+++ b/boot.php
@@ -1258,7 +1258,7 @@ function profile_load(&$a, $nickname, $profile = 0) {
 	require_once('include/permissions.php');
 	if(! perm_is_allowed($user[0]['channel_id'],$observer['xchan_hash'],'view_profile')) {
 		// permission denied
-		notice( t(' Sorry, you don't have the permission to view this profile. ') . EOL);
+		notice( t(' Sorry, you don\'t have the permission to view this profile. ') . EOL);
 		return;
 	}
 
-- 
cgit v1.2.3


From a168c628a2d1fd30bb5138fc7d0101963c4c5139 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 19:00:41 -0800
Subject: directory client mode

---
 mod/directory.php | 205 ++++++++++++++++++++++++++----------------------------
 mod/dirsearch.php |   1 -
 2 files changed, 98 insertions(+), 108 deletions(-)

diff --git a/mod/directory.php b/mod/directory.php
index c9332f447..550e60522 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -38,148 +38,139 @@ function directory_content(&$a) {
 
 	$dirmode = intval(get_config('system','directory_mode'));
 
-//	if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
-//		$localdir = true;
-//		return;
-//	}
-
-// FIXME
-$localdir = true;
-
-
-	if(! $localdir) {
+	if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
+		$url = z_root() . '/dirsearch';
+	}
+	if(! $url) {
 		$directory = find_upstream_directory($dirmode);
 
 		if($directory) {
 			$url = $directory['url'];
 		}
 		else {
-			$url = DIRECTORY_FALLBACK_MASTER . '/post';
+			$url = DIRECTORY_FALLBACK_MASTER . '/dirsearch';
 		}
 	}
 
-
-
-	if($localdir) {
+	if($url) {
+		$query = $url . ' ?f=' ;
 		if($search)
-			$search = dbesc($search);
-		$sql_extra = ((strlen($search)) ? " AND MATCH ( xchan_name, xchan_addr, xprof_desc, xprof_locale, xprof_region, xprof_country, xprof_gender, xprof_marital ) AGAINST ('$search' IN BOOLEAN MODE) " : "");
+			$query .= '$name=' . urlencode($search);
 
-		// group_concat(xtag_term separator ', ') as tags
-		$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash $sql_extra");
-		if($r)
-			$a->set_pager_total($r[0]['total']);
+		}
+		if($a->pager['page'] != 1)
+			$query .= '&p=' . $a->pager['page'];
 
-		$order = " ORDER BY `xchan_name` ASC "; 
 
+		$x = z_fetch_url($query);
+		if($x['success']) {
+			$t = 0;
+			$j = json_decode($x['body'],true);
+			if($j && $j['results']) {
 
-		$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash $sql_extra $order LIMIT %d , %d ",
-			intval($a->pager['start']),
-			intval($a->pager['itemspage'])
-		);
+				$entries = array();
 
+				$photo = 'thumb';
 
-		if($r) {
+				foreach($j['results'] as $rr) {
 
-			$entries = array();
 
-			$photo = 'thumb';
 
-			foreach($r as $rr) {
 
-				$profile_link = chanlink_hash($rr['xchan_hash']);
+					$profile_link = chanlink_url($rr['url']);
 		
-				$pdesc = (($rr['xprof_desc']) ? $rr['xprof_desc'] . '<br />' : '');
-
-				$details = '';
-				if(strlen($rr['xprof_locale']))
-					$details .= $rr['xprof_locale'];
-				if(strlen($rr['xprof_region'])) {
-					if(strlen($rr['xprof_locale']))
-						$details .= ', ';
-					$details .= $rr['xprof_region'];
-				}
-				if(strlen($rr['xprof_country'])) {
-					if(strlen($details))
-						$details .= ', ';
-					$details .= $rr['xprof_country'];
-				}
-				if(strlen($rr['xprof_dob'])) {
-					if(($years = age($rr['xprof_dob'],'UTC','')) != 0)
-						$details .= '<br />' . t('Age: ') . $years ; 
-				}
-				if(strlen($rr['xprof_gender']))
-					$details .= '<br />' . t('Gender: ') . $rr['xprof_gender'];
-
-				$page_type = '';
-
-				$profile = $rr;
-
-				if ((x($profile,'xprof_locale') == 1)
-					|| (x($profile,'xprof_region') == 1)
-					|| (x($profile,'xprof_postcode') == 1)
-					|| (x($profile,'xprof_country') == 1))
-				$location = t('Location:');
+					$pdesc = (($rr['description']) ? $rr['description'] . '<br />' : '');
+	
+					$details = '';
+					if(strlen($rr['locale']))
+						$details .= $rr['locale'];
+					if(strlen($rr['region'])) {
+						if(strlen($rr['locale']))
+							$details .= ', ';
+						$details .= $rr['region'];
+					}
+					if(strlen($rr['country'])) {
+						if(strlen($details))
+							$details .= ', ';
+						$details .= $rr['country'];
+					}
+					if(strlen($rr['birthday'])) {
+						if(($years = age($rr['birthday'],'UTC','')) != 0)
+							$details .= '<br />' . t('Age: ') . $years ; 
+					}
+					if(strlen($rr['gender']))
+						$details .= '<br />' . t('Gender: ') . $rr['gender'];
+
+					$page_type = '';
+
+					$profile = $rr;
+
+					if ((x($profile,'locale') == 1)
+						|| (x($profile,'region') == 1)
+						|| (x($profile,'postcode') == 1)
+						|| (x($profile,'country') == 1))
+					$location = t('Location:');
+
+					$gender = ((x($profile,'gender') == 1) ? t('Gender:') : False);
+	
+					$marital = ((x($profile,'marital') == 1) ?  t('Status:') : False);
+		
+					$homepage = ((x($profile,'homepage') == 1) ?  t('Homepage:') : False);
 
-				$gender = ((x($profile,'xprof_gender') == 1) ? t('Gender:') : False);
+					$about = ((x($profile,'about') == 1) ?  t('About:') : False);
+			
 
-				$marital = ((x($profile,'marital') == 1) ?  t('Status:') : False);
+					$entry = array(
+						'id' => ++$t,
+						'profile_link' => $profile_link,
+						'photo' => $rr['photo'],
+						'alttext' => $rr['name'] . ' ' . $rr['address'],
+						'name' => $rr['name'],
+						'details' => $pdesc . $details,
+						'profile' => $profile,
+						'location' => $location,
+						'gender'   => $gender,
+						'pdesc'	=> $pdesc,
+						'marital'  => $marital,
+						'homepage' => $homepage,
+						'about' => $about,
 	
-				$homepage = ((x($profile,'homepage') == 1) ?  t('Homepage:') : False);
+					);
 
-				$about = ((x($profile,'about') == 1) ?  t('About:') : False);
-			
-				$t = 0;
-
-				$entry = array(
-					'id' => ++$t,
-					'profile_link' => $profile_link,
-					'photo' => $rr[xchan_photo_m],
-					'alttext' => $rr['xchan_name'],
-					'name' => $rr['xchan_name'],
-					'details' => $pdesc . $details,
-					'profile' => $profile,
-					'location' => $location,
-					'gender'   => $gender,
-					'pdesc'	=> $pdesc,
-					'marital'  => $marital,
-					'homepage' => $homepage,
-					'about' => $about,
-
-				);
-
-				$arr = array('contact' => $rr, 'entry' => $entry);
-
-				call_hooks('directory_item', $arr);
+					$arr = array('contact' => $rr, 'entry' => $entry);
+
+					call_hooks('directory_item', $arr);
 			
-				unset($profile);
-				unset($location);
+					$entries[] = $entry;
 
-				$entries[] = $entry;
+					unset($profile);
+					unset($location);
 
-			}
 
-			logger('entries: ' . print_r($entries,true));
+				}
+
+				logger('entries: ' . print_r($entries,true));
 
-			$o .= replace_macros($tpl, array(
-				'$search' => $search,
-				'$desc' => t('Find'),
-				'$finddsc' => t('Finding:'),
-				'$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'),
-				'$entries' => $entries,
-				'$dirlbl' => t('Directory'),
-				'$submit' => t('Find')
-			));
+				$o .= replace_macros($tpl, array(
+					'$search' => $search,
+					'$desc' => t('Find'),
+					'$finddsc' => t('Finding:'),
+					'$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'),
+					'$entries' => $entries,
+					'$dirlbl' => t('Directory'),
+					'$submit' => t('Find')
+				));
 
 
-			$o .= paginate($a);
+				$o .= alt_pager($a,$j['records']);
 
-		}
+			}
 
-	else
-		info( t("No entries (some entries may be hidden).") . EOL);
+			else
+				info( t("No entries (some entries may be hidden).") . EOL);
 
-	}
+		}
 
 	return $o;
 }
+
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 30a1fadae..1b1ad0877 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -36,7 +36,6 @@ function dirsearch_content(&$a) {
 	$marital = ((x($_REQUEST,'marital')) ? $_REQUEST['marital'] : '');
 	$keywords = ((x($_REQUEST,'keywords')) ? $_REQUEST['keywords'] : '');
 
-
 	$sql_extra = '';
 
 	if($name)
-- 
cgit v1.2.3


From 4378cf6fd505a6b5f7c7ab341ac8b5fe79b5776c Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 19:07:32 -0800
Subject: disable magic auth for now since it isn't finished

---
 mod/chanview.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mod/chanview.php b/mod/chanview.php
index 1de4f4e1b..b2a8e12d2 100644
--- a/mod/chanview.php
+++ b/mod/chanview.php
@@ -40,7 +40,9 @@ function chanview_content(&$a) {
 	}
 
 	$o = replace_macros(get_markup_template('chanview.tpl'),array(
-		'$url' => z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr']
+		'$url' => $xchan['xchan_url']
+// FIXME when magic auth is finished replace here and check that against the chanview page when unauthenticated any place
+//		'$url' => z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr']
 	));
 
 	return $o;
-- 
cgit v1.2.3


From d22069ad2227597f4a2289ff3ec14d46cd30b0b3 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 19:15:08 -0800
Subject: link people search from navbar

---
 mod/search.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mod/search.php b/mod/search.php
index 6f40ad4b0..64a1318b2 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -113,8 +113,8 @@ function search_content(&$a) {
 		$search = substr($search,1);
 	}
 	if(strpos($search,'@') === 0) {
-		require_once('mod/dirfind.php');
-		return dirfind_content($a);
+		$search = substr($search,1);
+		goaway(z_root() . '/directory' . '$f=1&search=' . $search);
 	}
 
 	if(! $search)
-- 
cgit v1.2.3


From 8fd40fc1c033401c7cb1004a55ceb9e086eb6443 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 19:16:27 -0800
Subject: typo

---
 mod/search.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod/search.php b/mod/search.php
index 64a1318b2..0a7c404b6 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -114,7 +114,7 @@ function search_content(&$a) {
 	}
 	if(strpos($search,'@') === 0) {
 		$search = substr($search,1);
-		goaway(z_root() . '/directory' . '$f=1&search=' . $search);
+		goaway(z_root() . '/directory' . '?f=1&search=' . $search);
 	}
 
 	if(! $search)
-- 
cgit v1.2.3


From 258ca20ee3dbc587e49694f979bbddb69aaa20a3 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 19:18:36 -0800
Subject: did it again

---
 mod/directory.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod/directory.php b/mod/directory.php
index 550e60522..27b05704c 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -55,7 +55,7 @@ function directory_content(&$a) {
 	if($url) {
 		$query = $url . ' ?f=' ;
 		if($search)
-			$query .= '$name=' . urlencode($search);
+			$query .= '&name=' . urlencode($search);
 
 		}
 		if($a->pager['page'] != 1)
-- 
cgit v1.2.3


From 27ada18dc5c13591d918cf1bb9132a039f6fb751 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 19:28:16 -0800
Subject: fix people search

---
 mod/directory.php | 3 ++-
 mod/dirsearch.php | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/mod/directory.php b/mod/directory.php
index 27b05704c..cd0ab4a48 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -53,7 +53,7 @@ function directory_content(&$a) {
 	}
 
 	if($url) {
-		$query = $url . ' ?f=' ;
+		$query = $url . '?f=' ;
 		if($search)
 			$query .= '&name=' . urlencode($search);
 
@@ -61,6 +61,7 @@ function directory_content(&$a) {
 		if($a->pager['page'] != 1)
 			$query .= '&p=' . $a->pager['page'];
 
+		logger('mod_directory: query: ' . $query);
 
 		$x = z_fetch_url($query);
 		if($x['success']) {
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 1b1ad0877..50348bc4a 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -72,11 +72,12 @@ function dirsearch_content(&$a) {
 	}
 
 	$order = " ORDER BY `xchan_name` ASC "; 
-
+dbg(1);
 	$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra $order LIMIT %d , %d ",
 		intval($startrec),
 		intval($perpage)
 	);
+dbg(0);
 
 	$ret['page'] = $page + 1;
 	$ret['records'] = count($r);		
-- 
cgit v1.2.3


From b274422867a11f14a1a2bfcf57b1de4961361e15 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 19:54:37 -0800
Subject: if chanview is provided a url - always load it even if there's no
 xchan available on this site.

---
 mod/chanview.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/mod/chanview.php b/mod/chanview.php
index b2a8e12d2..a9f3969d1 100644
--- a/mod/chanview.php
+++ b/mod/chanview.php
@@ -26,7 +26,7 @@ function chanview_content(&$a) {
 			dbesc($_REQUEST['url'])
 		);
 		if(! $r)
-			$r = array(array('xchan_url' => $_REQUEST['url']));
+			$xchan = array(array('xchan_url' => $_REQUEST['url']));
 	}
 	if($r) {
 		$xchan = $r[0];
@@ -39,10 +39,15 @@ function chanview_content(&$a) {
 		return;
 	}
 
+	$observer = get_observer();
+
+	$url = (($observer) 
+		? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] 
+		: $xchan['xchan_url']
+	);
+
 	$o = replace_macros(get_markup_template('chanview.tpl'),array(
-		'$url' => $xchan['xchan_url']
-// FIXME when magic auth is finished replace here and check that against the chanview page when unauthenticated any place
-//		'$url' => z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr']
+		'$url' => $url
 	));
 
 	return $o;
-- 
cgit v1.2.3


From 33b6d916611f6b9ec214fff38f60df128fbc940a Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 18 Jan 2013 20:00:04 -0800
Subject: allow chanview by address

---
 mod/chanview.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/mod/chanview.php b/mod/chanview.php
index a9f3969d1..d3e902f60 100644
--- a/mod/chanview.php
+++ b/mod/chanview.php
@@ -13,6 +13,11 @@ function chanview_content(&$a) {
 			dbesc($_REQUEST['hash'])
 		);
 	}
+	if($_REQUEST['address']) {
+		$r = q("select * from xchan where xchan_addr = '%s' limit 1",
+			dbesc($_REQUEST['address'])
+		);
+	}
 	elseif(local_user() && intval($_REQUEST['cid'])) {
 		$r = q("SELECT abook.*, xchan.* 
 			FROM abook left join xchan on abook_xchan = xchan_hash
@@ -26,7 +31,7 @@ function chanview_content(&$a) {
 			dbesc($_REQUEST['url'])
 		);
 		if(! $r)
-			$xchan = array(array('xchan_url' => $_REQUEST['url']));
+			$r = array(array('xchan_url' => $_REQUEST['url']));
 	}
 	if($r) {
 		$xchan = $r[0];
-- 
cgit v1.2.3


From 9725dcf41dce7b03828a29b7f6def11ef120a88f Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sat, 19 Jan 2013 00:43:05 -0800
Subject: distributed directory search from the navbar

---
 include/text.php                        |  29 +++++----
 library/jquery_ac/friendica.complete.js |   2 +
 mod/acl.php                             | 100 ++++++++++++++++++++++++++++----
 mod/directory.php                       |   2 +-
 mod/dirsearch.php                       |  42 ++++++++------
 view/theme/redbasic/css/style.css       |   7 +++
 view/tpl/nav.tpl                        |   1 +
 view/tpl/smarty3/nav.tpl                |   1 +
 8 files changed, 142 insertions(+), 42 deletions(-)

diff --git a/include/text.php b/include/text.php
index 9db22d9ed..1cfc89cae 100644
--- a/include/text.php
+++ b/include/text.php
@@ -302,26 +302,33 @@ function paginate(&$a) {
 }}
 
 if(! function_exists('alt_pager')) {
-function alt_pager(&$a, $i) {
-        $o = '';
+function alt_pager(&$a, $i, $more = '', $less = '') {
+
+	$o = '';
+
+	if(! $more)
+		$more = t('older');
+	if(! $less)
+		$less = t('newer');
+
 	$stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
 	$stripped = str_replace('q=','',$stripped);
 	$stripped = trim($stripped,'/');
 	$pagenum = $a->pager['page'];
-        $url = $a->get_baseurl() . '/' . $stripped;
+	$url = $a->get_baseurl() . '/' . $stripped;
 
-        $o .= '<div class="pager">';
+	$o .= '<div class="pager">';
 
-	if($a->pager['page']>1)
-	  $o .= "<a href=\"$url"."&page=".($a->pager['page'] - 1).'">' . t('newer') . '</a>';
-        if($i>0) {
-          if($a->pager['page']>1)
-	          $o .= "&nbsp;-&nbsp;";
-	  $o .= "<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . t('older') . '</a>';
+	if($a->pager['page'] > 1)
+	  $o .= "<a href=\"$url"."&page=".($a->pager['page'] - 1).'">' . $less . '</a>';
+	if($i > 0 && $i == $a->pager['itemspage']) {
+		if($a->pager['page']>1)
+			$o .= " | ";
+		$o .= "<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . $more . '</a>';
 	}
 
 
-        $o .= '</div>'."\r\n";
+	$o .= '</div>'."\r\n";
 
 	return $o;
 }}
diff --git a/library/jquery_ac/friendica.complete.js b/library/jquery_ac/friendica.complete.js
index 4599c7bc1..c8a28c0a7 100644
--- a/library/jquery_ac/friendica.complete.js
+++ b/library/jquery_ac/friendica.complete.js
@@ -242,6 +242,7 @@
       } else if (!this.isBadQuery(q)) {
         me = this;
         me.options.params.query = q;
+		$('#nav-search-spinner').show();
         $.get(this.serviceUrl, me.options.params, function(txt) { me.processResponse(txt); }, 'text');
       }
     },
@@ -304,6 +305,7 @@
         this.data = response.data;
         this.suggest(); 
       }
+	  $('#nav-search-spinner').hide();
     },
 
     activate: function(index) {
diff --git a/mod/acl.php b/mod/acl.php
index 76be01ee6..16945d1a9 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -5,6 +5,7 @@ require_once("include/acl_selectors.php");
 
 function acl_init(&$a){
 
+	logger('mod_acl: ' . print_r($_REQUEST,true));
 
 	$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
 	$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
@@ -21,12 +22,13 @@ function acl_init(&$a){
 	}
 
 
-	if(! (local_user() || $type == 'x'))
-		return "";
+	if(!(local_user()))
+		if($type != 'x')
+			killme();
 
+	logger('continue');
 
-
-	if ($search!=""){
+	if ($search != "") {
 		$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
 		$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . ") ";
 
@@ -150,18 +152,40 @@ function acl_init(&$a){
 		);
 	}
 	elseif($type == 'x') {
-		$r = q("SELECT xchan_name as id, xchan_name as name, xchan_photo_s as micro, xchan_url as url from xchan
-			where 1
-			$sql_extra3
-			ORDER BY `xchan_name` ASC ",
-			intval(local_user())
-		);
+
+		$r = navbar_complete($a);
+		$x = array();
+		$x['query']       = $search;
+		$x['photos']      = array();
+		$x['links']       = array();
+		$x['suggestions'] = array();
+		$x['data']        = array();
+		if($r) {
+			foreach($r as $g) {
+				$x['photos'][]      = $g['photo'];
+				$x['links'][]       = $g['url'];
+				$x['suggestions'][] = '@' .  $g['name'];
+				$x['data'][]        = $g['name'];
+			}
+		}
+		echo json_encode($x);
+		killme();
+		
+
+
+
+//		$r = q("SELECT xchan_name as id, xchan_name as name, xchan_photo_s as micro, xchan_url as url from xchan
+//			where 1
+//			$sql_extra3
+//			ORDER BY `xchan_name` ASC ",
+//			intval(local_user())
+//		);
 	}
 	else
 		$r = array();
 
 
-	if($type == 'm' || $type == 'a' || $type == 'x') {
+	if($type == 'm' || $type == 'a') {
 		$x = array();
 		$x['query']       = $search;
 		$x['photos']      = array();
@@ -209,3 +233,57 @@ function acl_init(&$a){
 }
 
 
+function navbar_complete(&$a) {
+
+	logger('navbar_complete');
+
+	$dirmode = intval(get_config('system','directory_mode'));
+	$search = ((x($_REQUEST,'query')) ? htmlentities($_REQUEST['query'],ENT_COMPAT,'UTF-8',false) : '');
+	if(! $search || mb_strlen($search) < 2)
+		return array();
+
+	$star = false;
+	$address = false;
+
+	if(substr($search,0,1) === '@')
+		$search = substr($search,1);
+
+	if(substr($search,0,1) === '*') {
+		$star = true;
+		$search = substr($search,1);
+	}
+
+	if(strpos($search,'@') !== false) {
+		$address = true;
+	}
+
+	if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
+		$url = z_root() . '/dirsearch';
+	}
+
+	if(! $url) {
+		$directory = find_upstream_directory($dirmode);
+
+		if($directory) {
+			$url = $directory['url'];
+		}
+		else {
+			$url = DIRECTORY_FALLBACK_MASTER . '/dirsearch';
+		}
+	}
+
+	if($url) {
+		$query = $url . '?f=' ;
+		$query .= '&name=' . urlencode($search) . '&limit=50' . (($address) ? '&address=' . urlencode($search) : '');
+
+		$x = z_fetch_url($query);
+		if($x['success']) {
+			$t = 0;
+			$j = json_decode($x['body'],true);
+			if($j && $j['results']) {
+				return $j['results'];
+			}
+		}
+	}
+	return array();
+}
\ No newline at end of file
diff --git a/mod/directory.php b/mod/directory.php
index cd0ab4a48..99687a373 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -163,7 +163,7 @@ function directory_content(&$a) {
 				));
 
 
-				$o .= alt_pager($a,$j['records']);
+				$o .= alt_pager($a,$j['records'], t('more'), t('back'));
 
 			}
 
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 50348bc4a..b3b824b24 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -39,46 +39,50 @@ function dirsearch_content(&$a) {
 	$sql_extra = '';
 
 	if($name)
-		$sql_extra .= " AND xchan_name like '" . protect_sprintf( '%' . dbesc($name) . '%' ) . "' ";
-	if($addr)
-		$sql_extra .= " AND xchan_addr like '" . protect_sprintf( '%' . dbesc($addr) . '%' ) . "' ";
+		$sql_extra .= " OR xchan_name like '" . protect_sprintf( '%' . dbesc($name) . '%' ) . "' ";
+	if($address)
+		$sql_extra .= " OR xchan_addr like '" . protect_sprintf( '%' . dbesc($address) . '%' ) . "' ";
 	if($city)
-		$sql_extra .= " AND xprof_locale like '" . protect_sprintf( '%' . dbesc($city) . '%' ) . "' ";
+		$sql_extra .= " OR xprof_locale like '" . protect_sprintf( '%' . dbesc($city) . '%' ) . "' ";
 	if($region)
-		$sql_extra .= " AND xprof_region like '" . protect_sprintf( '%' . dbesc($region) . '%' ) . "' ";
+		$sql_extra .= " OR xprof_region like '" . protect_sprintf( '%' . dbesc($region) . '%' ) . "' ";
 	if($post)
-		$sql_extra .= " AND xprof_postcode like '" . protect_sprintf( '%' . dbesc($post) . '%' ) . "' ";
+		$sql_extra .= " OR xprof_postcode like '" . protect_sprintf( '%' . dbesc($post) . '%' ) . "' ";
 	if($country)
-		$sql_extra .= " AND xprof_country like '" . protect_sprintf( '%' . dbesc($country) . '%' ) . "' ";
+		$sql_extra .= " OR xprof_country like '" . protect_sprintf( '%' . dbesc($country) . '%' ) . "' ";
 	if($gender)
-		$sql_extra .= " AND xprof_gender like '" . protect_sprintf( '%' . dbesc($gender) . '%' ) . "' ";
+		$sql_extra .= " OR xprof_gender like '" . protect_sprintf( '%' . dbesc($gender) . '%' ) . "' ";
 	if($marital)
-		$sql_extra .= " AND xprof_marital like '" . protect_sprintf( '%' . dbesc($marital) . '%' ) . "' ";
+		$sql_extra .= " OR xprof_marital like '" . protect_sprintf( '%' . dbesc($marital) . '%' ) . "' ";
 	if($keywords)
-		$sql_extra .= " AND xprof_keywords like '" . protect_sprintf( '%' . dbesc($keywords) . '%' ) . "' ";
+		$sql_extra .= " OR xprof_keywords like '" . protect_sprintf( '%' . dbesc($keywords) . '%' ) . "' ";
 
     $perpage = (($_REQUEST['n']) ? $_REQUEST['n'] : 80);
     $page = (($_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0);
     $startrec = (($page+1) * $perpage) - $perpage;
+	$limit = (($_REQUEST['limit']) ? intval($_REQUEST['limit']) : 0);
 
 	// ok a separate tag table won't work. 
 	// merge them into xprof
 
 	$ret['success'] = true;
 
-	$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra");
-	if($r) {
-		$ret['total_items'] = $r[0]['total'];
+
+	if($limit) 
+		$qlimit = " LIMIT $limit ";
+	else {
+		$qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage);
+		$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra");
+		if($r) {
+			$ret['total_items'] = $r[0]['total'];
+		}
 	}
 
-	$order = " ORDER BY `xchan_name` ASC "; 
+	$order = " ORDER BY `xchan_name` ASC ";
+	$logic = ((strlen($sql_extra)) ? 0 : 1);
 dbg(1);
-	$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra $order LIMIT %d , %d ",
-		intval($startrec),
-		intval($perpage)
-	);
+	$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra $order $qlimit ");
 dbg(0);
-
 	$ret['page'] = $page + 1;
 	$ret['records'] = count($r);		
 
diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index 21704e21c..fd989554b 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -2569,6 +2569,13 @@ aside input[type='text'] {
 	margin-top: 4px;
 }
 
+#nav-search-spinner {
+	float: right;
+	margin-top: 8px;
+	margin-left: 5px;
+	margin-right: 5px;
+}
+
 #nav-search-text:hover {
 	background-color: #FFF;
 	color: #000; 
diff --git a/view/tpl/nav.tpl b/view/tpl/nav.tpl
index b0eb098aa..b0c2393cd 100644
--- a/view/tpl/nav.tpl
+++ b/view/tpl/nav.tpl
@@ -133,6 +133,7 @@
 				<input id="nav-search-text" type="text" value="" placeholder="$nav.search.1" name="search" title="$nav.search.3" onclick="this.submit();" />
 			</form>
 		</li>
+		<img src="images/rotator.gif" id="nav-search-spinner" style="display: none;" alt="$pleasewait" />
 
 	</ul>
 </nav>
diff --git a/view/tpl/smarty3/nav.tpl b/view/tpl/smarty3/nav.tpl
index da50bc7bb..0b8344b07 100644
--- a/view/tpl/smarty3/nav.tpl
+++ b/view/tpl/smarty3/nav.tpl
@@ -133,6 +133,7 @@
 				<input id="nav-search-text" type="text" value="" placeholder="{{$nav.search.1}}" name="search" title="{{$nav.search.3}}" onclick="this.submit();" />
 			</form>
 		</li>
+		<img src="images/rotator.gif" id="nav-search-spinner" style="display: none;" alt="{{$pleasewait}}" />
 
 	</ul>
 </nav>
-- 
cgit v1.2.3


From d8d8dd5ceda475f56a8c6ed2324f2eae94658d3a Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sat, 19 Jan 2013 01:07:35 -0800
Subject: directory services cleanup

---
 include/nav.php          |  5 +++--
 mod/acl.php              | 17 +++--------------
 mod/dirsearch.php        | 12 +++++++++---
 view/tpl/nav.tpl         |  1 +
 view/tpl/smarty3/nav.tpl |  1 +
 5 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/include/nav.php b/include/nav.php
index 644264a92..b65577e0f 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -118,9 +118,9 @@ EOT;
 
 	$nav['search'] = array('search', t('Search'), "", t('Search site content'));
 
-	$gdirpath = 'directory';
 
-	$nav['directory'] = array($gdirpath, t('Directory'), "", t('People directory')); 
+	$nav['directory'] = array('directory', t('Channel Directory'), "", t('Channel Locator')); 
+
 
 	/**
 	 *
@@ -199,6 +199,7 @@ EOT;
 		'$localuser' => local_user(),
 		'$sel' => 	$a->nav_sel,
 		'$apps' => $a->get_apps(),
+		'$pleasewait' => t('Please wait...')
 	));
 
 	call_hooks('page_header', $a->page['nav']);
diff --git a/mod/acl.php b/mod/acl.php
index 16945d1a9..0290edca8 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -5,7 +5,7 @@ require_once("include/acl_selectors.php");
 
 function acl_init(&$a){
 
-	logger('mod_acl: ' . print_r($_REQUEST,true));
+//	logger('mod_acl: ' . print_r($_REQUEST,true));
 
 	$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
 	$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
@@ -26,8 +26,6 @@ function acl_init(&$a){
 		if($type != 'x')
 			killme();
 
-	logger('continue');
-
 	if ($search != "") {
 		$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
 		$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . ") ";
@@ -170,16 +168,7 @@ function acl_init(&$a){
 		}
 		echo json_encode($x);
 		killme();
-		
-
-
 
-//		$r = q("SELECT xchan_name as id, xchan_name as name, xchan_photo_s as micro, xchan_url as url from xchan
-//			where 1
-//			$sql_extra3
-//			ORDER BY `xchan_name` ASC ",
-//			intval(local_user())
-//		);
 	}
 	else
 		$r = array();
@@ -196,7 +185,7 @@ function acl_init(&$a){
 			foreach($r as $g) {
 				$x['photos'][]      = $g['micro'];
 				$x['links'][]       = $g['url'];
-				$x['suggestions'][] = (($type === 'x') ? '@' : '') . $g['name'];
+				$x['suggestions'][] = $g['name'];
 				$x['data'][]        = $g['id'];
 			}
 		}
@@ -235,7 +224,7 @@ function acl_init(&$a){
 
 function navbar_complete(&$a) {
 
-	logger('navbar_complete');
+//	logger('navbar_complete');
 
 	$dirmode = intval(get_config('system','directory_mode'));
 	$search = ((x($_REQUEST,'query')) ? htmlentities($_REQUEST['query'],ENT_COMPAT,'UTF-8',false) : '');
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index b3b824b24..07af90ffb 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -4,7 +4,7 @@ require_once('include/dir_fns.php');
 
 
 function dirsearch_init(&$a) {
-	$a->set_pager_itemspage(60);
+	$a->set_pager_itemspage(80);
 
 }
 
@@ -36,6 +36,8 @@ function dirsearch_content(&$a) {
 	$marital = ((x($_REQUEST,'marital')) ? $_REQUEST['marital'] : '');
 	$keywords = ((x($_REQUEST,'keywords')) ? $_REQUEST['keywords'] : '');
 
+// TODO - a meta search which joins all of these things to one search string
+
 	$sql_extra = '';
 
 	if($name)
@@ -61,12 +63,16 @@ function dirsearch_content(&$a) {
     $page = (($_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0);
     $startrec = (($page+1) * $perpage) - $perpage;
 	$limit = (($_REQUEST['limit']) ? intval($_REQUEST['limit']) : 0);
+	$return_total = ((x($_REQUEST,'return_total')) ? intval($_REQUEST['return_total']) : 0);
 
 	// ok a separate tag table won't work. 
 	// merge them into xprof
 
 	$ret['success'] = true;
 
+	// If &limit=n, return at most n entries
+	// If &return_total=1, we count matching entries and return that as 'total_items' for use in pagination.
+	// By default we return one page (default 80 items maximum) and do not count total entries
 
 	if($limit) 
 		$qlimit = " LIMIT $limit ";
@@ -80,9 +86,9 @@ function dirsearch_content(&$a) {
 
 	$order = " ORDER BY `xchan_name` ASC ";
 	$logic = ((strlen($sql_extra)) ? 0 : 1);
-dbg(1);
+
 	$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra $order $qlimit ");
-dbg(0);
+
 	$ret['page'] = $page + 1;
 	$ret['records'] = count($r);		
 
diff --git a/view/tpl/nav.tpl b/view/tpl/nav.tpl
index b0c2393cd..3b997e215 100644
--- a/view/tpl/nav.tpl
+++ b/view/tpl/nav.tpl
@@ -86,6 +86,7 @@
 		<li id="nav-site-linkmenu" class="nav-menu-icon"><a href="#" rel="#nav-site-menu"><span class="icon s22 gear">$nav.settings.1</span></a>
 			<ul id="nav-site-menu" class="menu-popup">
 				{{ if $nav.settings }}<li><a class="$nav.settings.2" href="$nav.settings.0" title="$nav.settings.3">$nav.settings.1</a></li>{{ endif }}
+				{{ if $nav.directory }}<li><a class="$nav.directory.2" href="$nav.directory.0" title="$nav.directory.3">$nav.directory.1</a></li>{{ endif }}
 
 				{{ if $nav.admin }}<li><a class="$nav.admin.2" href="$nav.admin.0" title="$nav.admin.3" >$nav.admin.1</a></li>{{ endif }}
 
diff --git a/view/tpl/smarty3/nav.tpl b/view/tpl/smarty3/nav.tpl
index 0b8344b07..6e441e915 100644
--- a/view/tpl/smarty3/nav.tpl
+++ b/view/tpl/smarty3/nav.tpl
@@ -86,6 +86,7 @@
 		<li id="nav-site-linkmenu" class="nav-menu-icon"><a href="#" rel="#nav-site-menu"><span class="icon s22 gear">{{$nav.settings.1}}</span></a>
 			<ul id="nav-site-menu" class="menu-popup">
 				{{if $nav.settings}}<li><a class="{{$nav.settings.2}}" href="{{$nav.settings.0}}" title="{{$nav.settings.3}}">{{$nav.settings.1}}</a></li>{{/if}}
+				{{if $nav.directory}}<li><a class="{{$nav.directory.2}}" href="{{$nav.directory.0}}" title="{{$nav.directory.3}}">{{$nav.directory.1}}</a></li>{{/if}}
 
 				{{if $nav.admin}}<li><a class="{{$nav.admin.2}}" href="{{$nav.admin.0}}" title="{{$nav.admin.3}}" >{{$nav.admin.1}}</a></li>{{/if}}
 
-- 
cgit v1.2.3


From 994f322d471ff2271055db9344a31c7caef3c0db Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sat, 19 Jan 2013 06:08:13 -0800
Subject: more hard slogging on the api

---
 include/api.php | 239 +++++++++++++++++++++++++-------------------------------
 1 file changed, 108 insertions(+), 131 deletions(-)

diff --git a/include/api.php b/include/api.php
index 1864d511e..16acc64f5 100644
--- a/include/api.php
+++ b/include/api.php
@@ -1,10 +1,11 @@
 <?php
-	require_once("bbcode.php");
-	require_once("datetime.php");
-	require_once("conversation.php");
-	require_once("oauth.php");
-	require_once("html2plain.php");
-	require_once('include/security.php');
+
+require_once("bbcode.php");
+require_once("datetime.php");
+require_once("conversation.php");
+require_once("oauth.php");
+require_once("html2plain.php");
+require_once('include/security.php');
 
 	/*
 	 *
@@ -12,7 +13,13 @@
 	 *
 	 */
 
-	$API = Array();
+
+	/**
+	 ** TWITTER API
+	 */
+
+	$API = array();
+
 	$called_api = Null;
 
 	// All commands which require authentication accept a "channel" parameter
@@ -114,6 +121,7 @@
 	/**************************
 	 *  MAIN API ENTRY POINT  *
 	 **************************/
+
 	function api_call(&$a){
 		GLOBAL $API, $called_api;
 
@@ -373,6 +381,7 @@
 		
 	}
 
+// FIXME
 	function api_item_get_user(&$a, $item) {
 		global $usercache;
 
@@ -387,6 +396,7 @@
             if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
 				return api_get_user($a,$a->contacts[$normalised]['id']);
 		}
+
 		// We don't know this person directly.
 		
 		list($nick, $name) = array_map("trim",explode("(",$item['author-name']));
@@ -466,9 +476,6 @@
 		return $ret;
 	}
 	
-	/**
-	 ** TWITTER API
-	 */
 	
 	/**
 	 * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful; 
@@ -524,27 +531,27 @@
 
 
     function api_statuses_mediap(&$a, $type) {
-                if (api_user()===false) {
-                        logger('api_statuses_update: no user');
-                        return false;
-                }
-                $user_info = api_get_user($a);
-
-                $_REQUEST['type'] = 'wall';
-                $_REQUEST['profile_uid'] = api_user();
-                $_REQUEST['api_source'] = true;
-                $txt = requestdata('status');
-                //$txt = urldecode(requestdata('status'));
-
-                require_once('library/HTMLPurifier.auto.php');
-                require_once('include/html2bbcode.php');
-
-                if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
+		if (api_user() === false) {
+			logger('api_statuses_update: no user');
+			return false;
+		}
+		$user_info = api_get_user($a);
+
+		$_REQUEST['type'] = 'wall';
+		$_REQUEST['profile_uid'] = api_user();
+		$_REQUEST['api_source'] = true;
+                
+		$txt = requestdata('status');
+
+		require_once('library/HTMLPurifier.auto.php');
+		require_once('include/html2bbcode.php');
+
+		if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
 			$txt = html2bb_video($txt);
 			$config = HTMLPurifier_Config::createDefault();
-                        $config->set('Cache.DefinitionImpl', null);
+			$config->set('Cache.DefinitionImpl', null);
 			$purifier = new HTMLPurifier($config);
-                        $txt = $purifier->purify($txt);
+			$txt = $purifier->purify($txt);
 		}
 		$txt = html2bbcode($txt);
 		
@@ -552,10 +559,10 @@
 		
 		$_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
 		require_once('mod/wall_upload.php');
-		$bebop = wall_upload_post($a);
+		$posted = wall_upload_post($a);
                 
 		//now that we have the img url in bbcode we can add it to the status and insert the wall item.
-		$_REQUEST['body']=$txt."\n\n".$bebop;
+		$_REQUEST['body']=$txt."\n\n".$posted;
 		require_once('mod/item.php');
 		item_post($a);
 
@@ -564,8 +571,6 @@
 	}
 	api_register_func('api/statuses/mediap','api_statuses_mediap', true);
 
-
-
 	function api_statuses_update(&$a, $type) {
 		if (api_user() === false) {
 			logger('api_statuses_update: no user');
@@ -784,18 +789,20 @@
 	 */
 
 	function api_statuses_home_timeline(&$a, $type){
-		if (api_user()===false) return false;
+		if (api_user() === false) 
+			return false;
 
 		$user_info = api_get_user($a);
-		// get last newtork messages
+		// get last network messages
 
 
 		// params
-		$count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
-		$page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
-		if ($page<0) $page=0;
-		$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
-		$max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0);
+		$count           = (x($_REQUEST,'count')?$_REQUEST['count']:20);
+		$page            = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
+		if($page < 0) 
+			$page = 0;
+		$since_id        = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
+		$max_id          = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0);
 		$exclude_replies = (x($_REQUEST,'exclude_replies')?1:0);
 		//$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
 
@@ -809,31 +816,28 @@
 		if ($exclude_replies > 0)
 			$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
 
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
-			`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
-			FROM `item`, `contact`
-			WHERE `item`.`uid` = %d
-			AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
-			AND `contact`.`id` = `item`.`contact-id`
-			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+		$r = q("SELECT * from item WHERE uid = %d and item_restrict = 0
 			$sql_extra
-			AND `item`.`id`>%d
-			ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
+			AND id > %d
+			ORDER BY received DESC LIMIT %d ,%d ",
 			intval($user_info['uid']),
 			intval($since_id),
-			intval($start),	intval($count)
+			intval($start),	
+			intval($count)
 		);
 
+		xchan_query($r);
+
 		$ret = api_format_items($r,$user_info);
 
 		// We aren't going to try to figure out at the item, group, and page
 		// level which items you've seen and which you haven't. If you're looking
 		// at the network timeline just mark everything seen. 
 	
-		$r = q("UPDATE `item` SET `unseen` = 0 
-			WHERE `unseen` = 1 AND `uid` = %d",
+		$r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d )
+			WHERE item_flags & %d and uid = %d",
+			intval(ITEM_UNSEEN),
+			intval(ITEM_UNSEEN),
 			intval($user_info['uid'])
 		);
 
@@ -879,41 +883,21 @@
 		if ($max_id > 0)
 			$sql_extra = 'AND `item`.`id` <= '.intval($max_id);
 
-		/*$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
-			`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
-			FROM `item`, `contact`
-			WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
-			AND `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' 
-			AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' 
-			AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
-			AND `contact`.`id` = `item`.`contact-id`
-			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
-			$sql_extra
-			AND `item`.`id`>%d
-			ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
-			intval($since_id),
-			intval($start),	intval($count)
-		);*/
-	        $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
-	                `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-        	        `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
-                	`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,
-                	`user`.`nickname`, `user`.`hidewall`
-                	FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
-                	LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
-                	WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
-                	AND `item`.`allow_cid` = ''  AND `item`.`allow_gid` = ''
-                	AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = ''
-                	AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
-                	AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+        $r = q("SELECT * from item where id in (select distinct(uri) from item where item_restrict = 0
+			and allow_cid = ''  and allow_gid = ''
+			and deny_cid  = ''  and deny_gid  = ''
+            and not ( item_flags & %d ) and ( item_flags & %d )
 			$sql_extra
-			AND `item`.`id`>%d
-                	ORDER BY `received` DESC LIMIT %d, %d ",
+			AND id > %d)
+            ORDER BY received DESC LIMIT %d, %d ",
+			intval(ITEM_PRIVATE),
+			intval(ITEM_WALL),
 			intval($since_id),
-                	intval($start),
-                	intval($count));
+			intval($start),
+			intval($count)
+		);
+
+		xchan_query($r);
 
 		$ret = api_format_items($r,$user_info);
 
@@ -926,7 +910,7 @@
 				break;
 			case "as":
 				$as = api_format_as($a, $ret, $user_info);
-				$as['title'] = $a->config['sitename']." Public Timeline";
+				$as['title'] = $a->config['sitename']. " " . t('Public Timeline');
 				$as['link']['url'] = $a->get_baseurl()."/";
 				return($as);
 				break;
@@ -938,6 +922,7 @@
 
 	/**
 	 * 
+
 	 */
 	function api_statuses_show(&$a, $type){
 		if (api_user()===false) return false;
@@ -945,7 +930,7 @@
 		$user_info = api_get_user($a);
 
 		// params
-		$id = intval($a->argv[3]);
+		$id = intval(argv(3));
 
 		logger('API: api_statuses_show: '.$id);
 
@@ -958,17 +943,10 @@
 		else
 			$sql_extra .= " AND `item`.`id` = %d";
 
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
-			`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
-			FROM `item`, `contact`
-			WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
-			AND `contact`.`id` = `item`.`contact-id`
-			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
-			$sql_extra",
+		$r = q("select * from item where item_restrict = 0 $sql_extra",
 			intval($id)
 		);
+		xchan_query($r);
 
 		$ret = api_format_items($r,$user_info);
 
@@ -1325,7 +1303,7 @@
 
 	function api_format_messages($item, $recipient, $sender) {
 		// standard meta information
-		$ret=Array(
+		$ret = array(
 				'id'                    => $item['id'],
 				'created_at'            => api_date($item['created']),
 				'sender_id'             => $sender['id'] ,
@@ -1364,25 +1342,26 @@
 		//logger('api_format_items: ' . print_r($user_info,true));
 
 		$a = get_app();
-		$ret = Array();
+		$ret = array();
 
 		foreach($r as $item) {
 			localize_item($item);
 			$status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
 
-			if ($item['parent']!=$item['id']) {
-				$r = q("select id from item where parent=%s and id<%s order by id desc limit 1",
-					intval($item['parent']), intval($item['id']));
+			if($item['parent'] != $item['id']) {
+				$r = q("select id from item where parent= %d and id < %d order by id desc limit 1",
+					intval($item['parent']), 
+					intval($item['id'])
+				);
 				if ($r)
 					$in_reply_to_status_id = $r[0]['id'];
 				else
 					$in_reply_to_status_id = $item['parent'];
 
-				$r = q("select `item`.`contact-id`, `contact`.nick, `item`.`author-name` from item, contact
-					where `contact`.`id` = `item`.`contact-id` and `item`.id=%d", intval($in_reply_to_status_id));
+				xchan_query($r);
 
-				$in_reply_to_screen_name = $r[0]['author-name'];
-				$in_reply_to_user_id = $r[0]['contact-id'];
+				$in_reply_to_screen_name = $r[0]['author']['xchan_name'];
+				$in_reply_to_user_id = $r[0]['author']['abook_id'];
 
 			} else {
 				$in_reply_to_screen_name = '';
@@ -1399,41 +1378,39 @@
 			else
 				$statustext = trim($statustitle."\n\n".$statusbody);
 
-			if (($item["network"] == NETWORK_FEED) and (strlen($statustext)> 1000))
-				$statustext = substr($statustext, 0, 1000)."... \n".$item["plink"];
 
 			$status = array(
-				'text'		=> $statustext,
-				'truncated' => False,
-				'created_at'=> api_date($item['created']),
-				'in_reply_to_status_id' => $in_reply_to_status_id,
-				'source'    => (($item['app']) ? $item['app'] : 'web'),
-				'id'		=> intval($item['id']),
-				'in_reply_to_user_id' => $in_reply_to_user_id,
-				'in_reply_to_screen_name' => $in_reply_to_screen_name,
-				'geo' => '',
-				'favorited' => $item['starred'] ? true : false,
-				'user' =>  $status_user ,
-				'statusnet_html'		=> trim(bbcode($item['body'])),
+				'text'		                => $statustext,
+				'truncated'                 => False,
+				'created_at'                => api_date($item['created']),
+				'in_reply_to_status_id'     => $in_reply_to_status_id,
+				'source'                    => (($item['app']) ? $item['app'] : 'web'),
+				'id'		                => intval($item['id']),
+				'in_reply_to_user_id'       => $in_reply_to_user_id,
+				'in_reply_to_screen_name'   => $in_reply_to_screen_name,
+				'geo'                       => '',
+				'favorited'                 => (($item['item_flags'] & ITEM_STARRED) ? true : false),
+				'user'                      =>  $status_user ,
+				'statusnet_html'		    => trim(bbcode($item['body'])),
 				'statusnet_conversation_id'	=> $item['parent'],
 			);
 
 			// Seesmic doesn't like the following content
 			if ($_SERVER['HTTP_USER_AGENT'] != 'Seesmic') {
 				$status2 = array(
-					'updated'   => api_date($item['edited']),
-					'published' => api_date($item['created']),
-					'message_id' => $item['uri'],
-					'url'		=> ($item['plink']!=''?$item['plink']:$item['author-link']),
-					'coordinates' => $item['coord'],
-					'place' => $item['location'],
+					'updated'      => api_date($item['edited']),
+					'published'    => api_date($item['created']),
+					'message_id'   => $item['uri'],
+					'url'		   => $item['plink'],
+					'coordinates'  => $item['coord'],
+					'place'        => $item['location'],
 					'contributors' => '',
 					'annotations'  => '',
-					'entities'  => '',
-					'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE),
-					'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
-					'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
-					'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
+					'entities'     => '',
+					'objecttype'   => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE),
+					'verb'         => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
+					'self'         => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
+					'edit'         => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
 				);
 
 				$status = array_merge($status, $status2);
-- 
cgit v1.2.3


From 45be26dd81a1679853763bc79c387bf0c6fdfe57 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sat, 19 Jan 2013 22:21:00 -0800
Subject: more heavy lifting on API - though need to re-visit events and give
 them all message_ids from the origination site.

---
 include/api.php      | 59 ++++++++++++++++++++--------------------------------
 include/event.php    |  8 +++----
 include/items.php    |  5 ++---
 include/security.php | 35 ++++++++++++++++++++++++++++++-
 include/text.php     | 16 +++++++++++---
 mod/search.php       |  3 +--
 version.inc          |  2 +-
 7 files changed, 78 insertions(+), 50 deletions(-)

diff --git a/include/api.php b/include/api.php
index 16acc64f5..9ed025564 100644
--- a/include/api.php
+++ b/include/api.php
@@ -381,32 +381,20 @@ require_once('include/security.php');
 		
 	}
 
-// FIXME
+
 	function api_item_get_user(&$a, $item) {
 		global $usercache;
 
 		// The author is our direct contact, in a conversation with us.
-		if(link_compare($item['url'],$item['author-link'])) {
-			return api_get_user($a,$item['cid']);
-		}
-		else {
-			// The author may be a contact of ours, but is replying to somebody else. 
-			// Figure out if we know him/her.
-			$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
-            if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
-				return api_get_user($a,$a->contacts[$normalised]['id']);
-		}
 
+		if($item['author']['abook_id']) {
+			return api_get_user($a,$item['author']['abook_id']);
+		}	
+		
 		// We don't know this person directly.
 		
-		list($nick, $name) = array_map("trim",explode("(",$item['author-name']));
-		$name=str_replace(")","",$name);
-
-		if ($name == '')
-			$name = $nick;
-
-		if ($nick == '')
-			$nick = $name;
+		$nick = substr($item['author']['xchan_addr'],0,strpos($item['author']['xchan_addr'],'@'));
+		$name = $item['author']['xchan_name'];
 
 		// Generating a random ID
 		if (is_null($usercache[$nick]) or !array_key_exists($nick, $usercache))
@@ -418,8 +406,8 @@ require_once('include/security.php');
 			'screen_name' => $nick,
 			'location' => '', //$uinfo[0]['default-location'],
 			'description' => '',
-			'profile_image_url' => $item['author-avatar'],
-			'url' => $item['author-link'],
+			'profile_image_url' => $item['author']['xchan_photo_m'],
+			'url' => $item['author']['xchan_url'],
 			'protected' => false,	#
 			'followers_count' => 0,
 			'friends_count' => 0,
@@ -653,12 +641,11 @@ require_once('include/security.php');
 		// get last public message
 
 		$lastwall = q("SELECT * from item where 1
-			and not ( item_flags & %d ) and item_restrict = 0
+			and item_private != 0 and item_restrict = 0
 			and author_xchan = '%s'
 			and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
 			and verb = '%s'
 			order by created desc limit 1",
-			intval(ITEM_PRIVATE),
 			dbesc($user_info['guid']),
 			dbesc(ACTIVITY_POST)
 		);
@@ -723,12 +710,11 @@ require_once('include/security.php');
 		$user_info = api_get_user($a);
 
 		$lastwall = q("SELECT * from item where 1
-			and not ( item_flags & %d ) and item_restrict = 0
+			and item_private != 0 and item_restrict = 0
 			and author_xchan = '%s'
 			and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
 			and verb = '%s'
 			order by created desc limit 1",
-			intval(ITEM_PRIVATE),
 			dbesc($user_info['guid']),
 			dbesc(ACTIVITY_POST)
 		);
@@ -826,7 +812,7 @@ require_once('include/security.php');
 			intval($count)
 		);
 
-		xchan_query($r);
+		xchan_query($r,true);
 
 		$ret = api_format_items($r,$user_info);
 
@@ -882,22 +868,22 @@ require_once('include/security.php');
 
 		if ($max_id > 0)
 			$sql_extra = 'AND `item`.`id` <= '.intval($max_id);
+		require_once('include/security.php');
 
-        $r = q("SELECT * from item where id in (select distinct(uri) from item where item_restrict = 0
+        $r = q("select * from item where item_restrict = 0
 			and allow_cid = ''  and allow_gid = ''
 			and deny_cid  = ''  and deny_gid  = ''
-            and not ( item_flags & %d ) and ( item_flags & %d )
+            and item_private = 0
+			and uid in ( " . stream_perms_api_uids() . " )
 			$sql_extra
-			AND id > %d)
-            ORDER BY received DESC LIMIT %d, %d ",
-			intval(ITEM_PRIVATE),
-			intval(ITEM_WALL),
+			AND id > %d group by uri
+            order by received desc LIMIT %d, %d ",
 			intval($since_id),
 			intval($start),
 			intval($count)
 		);
 
-		xchan_query($r);
+		xchan_query($r,true);
 
 		$ret = api_format_items($r,$user_info);
 
@@ -946,7 +932,7 @@ require_once('include/security.php');
 		$r = q("select * from item where item_restrict = 0 $sql_extra",
 			intval($id)
 		);
-		xchan_query($r);
+		xchan_query($r,true);
 
 		$ret = api_format_items($r,$user_info);
 
@@ -1346,7 +1332,8 @@ require_once('include/security.php');
 
 		foreach($r as $item) {
 			localize_item($item);
-			$status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
+
+			$status_user = (($item['author_xchan']==$user_info['guid'])?$user_info: api_item_get_user($a,$item));
 
 			if($item['parent'] != $item['id']) {
 				$r = q("select id from item where parent= %d and id < %d order by id desc limit 1",
@@ -1358,7 +1345,7 @@ require_once('include/security.php');
 				else
 					$in_reply_to_status_id = $item['parent'];
 
-				xchan_query($r);
+				xchan_query($r,true);
 
 				$in_reply_to_screen_name = $r[0]['author']['xchan_name'];
 				$in_reply_to_user_id = $r[0]['author']['abook_id'];
diff --git a/include/event.php b/include/event.php
index 685842fc3..73a050cec 100644
--- a/include/event.php
+++ b/include/event.php
@@ -291,7 +291,7 @@ function event_store($arr) {
 
 			$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
 
-			q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d WHERE id = %d AND uid = %d LIMIT 1",
+			q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d  WHERE id = %d AND uid = %d LIMIT 1",
 				dbesc($arr['summary']),
 				dbesc(format_event_bbcode($arr)),
 				dbesc($object),
@@ -300,7 +300,8 @@ function event_store($arr) {
 				dbesc($arr['deny_cid']),
 				dbesc($arr['deny_gid']),
 				dbesc($arr['edited']),
-				intval(($private && ($r[0]['item_flags'] & ITEM_PRIVATE)) ? $r[0]['item_flags'] : $r[0]['item_flags'] ^ ITEM_PRIVATE),
+				intval($r[0]['item_flags']),
+				intval($private),
 				intval($r[0]['id']),
 				intval($arr['uid'])
 			);
@@ -368,8 +369,6 @@ function event_store($arr) {
 		$uri = item_message_id();
 
 		$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
-		if($private)
-			$item_flags |= ITEM_PRIVATE;
 				
 		$item_arr = array();
 
@@ -387,6 +386,7 @@ function event_store($arr) {
 		$item_arr['allow_gid']     = $arr['allow_gid'];
 		$item_arr['deny_cid']      = $arr['deny_cid'];
 		$item_arr['deny_gid']      = $arr['deny_gid'];
+		$item_arr['private']       = (($arr['private'] || $private) ? 1 : 0);
 		$item_arr['verb']          = ACTIVITY_POST;
 
 		$item_arr['resource_type'] = 'event';
diff --git a/include/items.php b/include/items.php
index 0217884fd..fe8aadcbf 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1598,17 +1598,16 @@ function tag_deliver($uid,$item_id) {
 	$private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0;
 
 	$flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK;
-	if($private)
-		$flag_bits = $flag_bits | ITEM_PRIVATE;
 
 	$r = q("update item set item_flags = ( $item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', 
-		deny_cid = '%s', deny_gid = '%s'  where id = %d limit 1",
+		deny_cid = '%s', deny_gid = '%s', item_private = %d  where id = %d limit 1",
 		intval($flag_bits),
 		dbesc($u[0]['channel_hash']),
 		dbesc($u[0]['allow_cid']),
 		dbesc($u[0]['allow_gid']),
 		dbesc($u[0]['deny_cid']),
 		dbesc($u[0]['deny_gid']),
+		intval($private),
 		intval($item_id)
 	);
 	if($r)
diff --git a/include/security.php b/include/security.php
index 0783a3c20..25318b3e8 100644
--- a/include/security.php
+++ b/include/security.php
@@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 	 * default permissions - anonymous user
 	 */
 
-	$sql = " AND not (item_flags & " . ITEM_PRIVATE . ") ";  
+	$sql = " AND not item_private ";
 			
 
 	/**
@@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) {
 }}
 
 
+
+
+
+// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the 
+// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. 
+// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
+// We always include yourself if logged in because you can always see your own posts
+// resolving granular permissions for the observer against every person and every post on the site
+// will likely be too expensive. 
+// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
+
+function stream_perms_api_uids($perms_min = PERMS_SITE) {
+	$ret = array();
+	if(local_user())
+		$ret[] = local_user();
+	$r = q("select channel_id from channel where channel_r_stream <= %d",
+		intval($perms_min)
+	);
+	if($r)
+		foreach($r as $rr)
+			if(! in_array($rr['channel_id'],$ret))
+				$ret[] = $rr['channel_id']; 
+
+	$str = '';
+	if($ret)
+		foreach($ret as $rr) {
+			if($str)
+				$str .= ',';
+			$str .= intval($rr); 
+		}
+	return $str;
+}
+
diff --git a/include/text.php b/include/text.php
index 1cfc89cae..6f2caa510 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1718,7 +1718,11 @@ function ids_to_querystr($arr,$idx = 'id') {
 	return(implode(',', $t));
 }
 
-function xchan_query(&$items) {
+// Fetches xchan and hubloc data for an array of items with only an 
+// author_xchan and owner_xchan. If $abook is true also include the abook info. 
+// This is needed in the API to save extra per item lookups there.
+
+function xchan_query(&$items,$abook = false) {
 	$arr = array();
 	if($items && count($items)) {
 		foreach($items as $item) {
@@ -1729,8 +1733,14 @@ function xchan_query(&$items) {
 		}
 	}
 	if(count($arr)) {
-		$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
-			where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+		if($abook) {
+			$chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash
+				where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+		}
+		else {
+			$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
+				where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
+		}
 	}
 	if($items && count($items) && $chans && count($chans)) {
 		for($x = 0; $x < count($items); $x ++) {
diff --git a/mod/search.php b/mod/search.php
index 0a7c404b6..a9f2df069 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -186,11 +186,10 @@ function search_content(&$a) {
 		if($load) {
 			$r = q("SELECT distinct(uri), item.* from item
 				WHERE item_restrict = 0
-				AND (( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' AND not ( item_flags & %d )) 
+				AND (( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' AND item_private = 0 ) 
 				OR ( `item`.`uid` = %d ))
 				$sql_extra
 				group by uri ORDER BY created DESC $pager_sql ",
-				intval(ITEM_PRIVATE),
 				intval(local_user()),
 				intval(ABOOK_FLAG_BLOCKED)
 
diff --git a/version.inc b/version.inc
index 290052448..cf9145384 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-18.204
+2013-01-19.205
-- 
cgit v1.2.3


From 127b605f32f8b01900d300cd869c3848e6bebb9b Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 20 Jan 2013 15:36:04 -0800
Subject: preserve event item[uri] if present

---
 include/api.php        | 31 +++++++++++++++++--------
 include/event.php      | 62 ++++++++++++++++++++++++++++----------------------
 include/html2plain.php |  2 +-
 include/zot.php        | 10 ++++----
 version.inc            |  2 +-
 5 files changed, 65 insertions(+), 42 deletions(-)

diff --git a/include/api.php b/include/api.php
index 9ed025564..140e75f29 100644
--- a/include/api.php
+++ b/include/api.php
@@ -802,6 +802,14 @@ require_once('include/security.php');
 		if ($exclude_replies > 0)
 			$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
 
+		if (api_user() != $user_info['uid']) {
+			$observer = get_app()->get_observer();
+			require_once('include/permissions.php');
+			if(! perm_is_allowed($user_info['uid'],(($observer) ? $observer['xchan_hash'] : ''),'view_stream'))
+				return '';
+			$sql_extra .= " and item_private = 0 ";
+		}
+
 		$r = q("SELECT * from item WHERE uid = %d and item_restrict = 0
 			$sql_extra
 			AND id > %d
@@ -820,12 +828,14 @@ require_once('include/security.php');
 		// level which items you've seen and which you haven't. If you're looking
 		// at the network timeline just mark everything seen. 
 	
-		$r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d )
-			WHERE item_flags & %d and uid = %d",
-			intval(ITEM_UNSEEN),
-			intval(ITEM_UNSEEN),
-			intval($user_info['uid'])
-		);
+		if (api_user() == $user_info['uid']) {
+			$r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d )
+				WHERE item_flags & %d and uid = %d",
+				intval(ITEM_UNSEEN),
+				intval(ITEM_UNSEEN),
+				intval($user_info['uid'])
+			);
+		}
 
 
 		$data = array('$statuses' => $ret);
@@ -966,7 +976,7 @@ require_once('include/security.php');
 		logger('API: api_statuses_repeat: '.$id);
 
 		//$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false);
-
+// FIXME
 		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`nick` as `reply_author`,
 			`contact`.`name`, `contact`.`photo`, `contact`.`url` as `reply_url`, `contact`.`rel`,
 			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
@@ -1008,7 +1018,7 @@ require_once('include/security.php');
 		$user_info = api_get_user($a);
 
 		// params
-		$id = intval($a->argv[3]);
+		$id = intval(argv(3));
 
 		logger('API: api_statuses_destroy: '.$id);
 
@@ -1029,6 +1039,8 @@ require_once('include/security.php');
 	 * http://developer.twitter.com/doc/get/statuses/mentions
 	 * 
 	 */
+
+// FIXME
 	function api_statuses_mentions(&$a, $type){
 		if (api_user()===false) return false;
 				
@@ -1106,6 +1118,7 @@ require_once('include/security.php');
 		return  api_apply_template("timeline", $type, $data);
 	}
 	api_register_func('api/statuses/mentions','api_statuses_mentions', true);
+	// FIXME?? I don't think mentions and replies are congruent in this case
 	api_register_func('api/statuses/replies','api_statuses_mentions', true);
 
 
@@ -1113,7 +1126,7 @@ require_once('include/security.php');
 		if (api_user()===false) return false;
 		
 		$user_info = api_get_user($a);
-		// get last newtork messages
+		// get last network messages
 
 
 		logger("api_statuses_user_timeline: api_user: ". api_user() .
diff --git a/include/event.php b/include/event.php
index 73a050cec..8bf65016f 100644
--- a/include/event.php
+++ b/include/event.php
@@ -205,30 +205,36 @@ function event_store($arr) {
 
 	$a = get_app();
 
-	$arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert());
-	$arr['edited']  = (($arr['edited']) ? $arr['edited'] : datetime_convert());
-	$arr['type']    = (($arr['type']) ? $arr['type'] : 'event' );	
+	$arr['created']     = (($arr['created'])     ? $arr['created']     : datetime_convert());
+	$arr['edited']      = (($arr['edited'])      ? $arr['edited']      : datetime_convert());
+	$arr['type']        = (($arr['type'])        ? $arr['type']        : 'event' );	
 	$arr['event_xchan'] = (($arr['event_xchan']) ? $arr['event_xchan'] : '');
 	
 	// Existing event being modified
 
-	if($arr['id']) {
+	if($arr['id'] || $arr['event_hash']) {
 
 		// has the event actually changed?
 
-		$r = q("SELECT * FROM `event` WHERE `id` = %d AND `uid` = %d LIMIT 1",
-			intval($arr['id']),
-			intval($arr['uid'])
-		);
-		if((! $r) || ($r[0]['edited'] === $arr['edited'])) {
-
-			// Nothing has changed. Grab the item id to return.
-
-			$r = q("SELECT id FROM item WHERE resource_type = 'event' and resource_id = '%s' AND uid = %d LIMIT 1",
-				intval($arr['event_hash']),
+		if($arr['event_hash']) {
+			$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
+				dbesc($arr['event_hash']),
 				intval($arr['uid'])
 			);
-			return(($r) ? $r[0]['id'] : 0);
+		}
+		else {
+			$r = q("SELECT * FROM event WHERE id = %d AND uid = %d LIMIT 1",
+				intval($arr['id']),
+				intval($arr['uid'])
+			);
+		}
+
+		if(! $r)
+			return 0;
+
+		if($r[0]['edited'] === $arr['edited']) {
+			// Nothing has changed. Return the ID.
+			return $r[0]['id'];
 		}
 
 		// The event changed. Update it.
@@ -262,12 +268,12 @@ function event_store($arr) {
 			dbesc($arr['allow_gid']),
 			dbesc($arr['deny_cid']),
 			dbesc($arr['deny_gid']),
-			intval($arr['id']),
+			intval($r[0]['id']),
 			intval($arr['uid'])
 		);
 
 		$r = q("SELECT * FROM item left join xchan on author_xchan = xchan_hash WHERE resource_id = '%s' AND resource_type = 'event' and uid = %d LIMIT 1",
-			intval($arr['event_hash']),
+			intval($r[0]['event_hash']),
 			intval($arr['uid'])
 		);
 
@@ -291,6 +297,7 @@ function event_store($arr) {
 
 			$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
 
+
 			q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d  WHERE id = %d AND uid = %d LIMIT 1",
 				dbesc($arr['summary']),
 				dbesc(format_event_bbcode($arr)),
@@ -321,8 +328,12 @@ function event_store($arr) {
 
 		$hash = random_string();
 
-		$r = q("INSERT INTO `event` ( `uid`,`aid`,`event_xchan`,`event_hash`,`created`,`edited`,`start`,`finish`,`summary`, `desc`,`location`,`type`,
-			`adjust`,`nofinish`,`allow_cid`,`allow_gid`,`deny_cid`,`deny_gid`)
+		if(! $arr['uri'])
+			$arr['uri'] = item_message_id();
+
+
+		$r = q("INSERT INTO event ( uid,aid,event_xchan,event_hash,created,edited,start,finish,summary, desc,location,type,
+			adjust,nofinish,allow_cid,allow_gid,deny_cid,deny_gid)
 			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' ) ",
 			intval($arr['uid']),
 			intval($arr['account']),
@@ -345,7 +356,7 @@ function event_store($arr) {
 
 		);
 
-		$r = q("SELECT * FROM `event` WHERE `event_hash` = '%s' AND `uid` = %d LIMIT 1",
+		$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
 			dbesc($hash),
 			intval($arr['uid'])
 		);
@@ -365,17 +376,14 @@ function event_store($arr) {
 			$item_flags |= ITEM_ORIGIN;
 		}
 
-
-		$uri = item_message_id();
-
 		$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
 				
 		$item_arr = array();
 
 		$item_arr['uid']           = $arr['uid'];
 		$item_arr['author_xchan']  = $arr['event_xchan'];
-		$item_arr['uri']           = $uri;
-		$item_arr['parent_uri']    = $uri;
+		$item_arr['uri']           = $arr['uri'];
+		$item_arr['parent_uri']    = $arr['uri'];
 
 		$item_arr['item_flags']    = $item_flags;
 
@@ -386,13 +394,13 @@ function event_store($arr) {
 		$item_arr['allow_gid']     = $arr['allow_gid'];
 		$item_arr['deny_cid']      = $arr['deny_cid'];
 		$item_arr['deny_gid']      = $arr['deny_gid'];
-		$item_arr['private']       = (($arr['private'] || $private) ? 1 : 0);
+		$item_arr['item_private']  = $private;
 		$item_arr['verb']          = ACTIVITY_POST;
 
 		$item_arr['resource_type'] = 'event';
 		$item_arr['resource_id']   = $hash;
 
-		$item_arr['obj_type']   = ACTIVITY_OBJ_EVENT;
+		$item_arr['obj_type']      = ACTIVITY_OBJ_EVENT;
 		$item_arr['body']          = format_event_bbcode($arr);
 
 		$x = q("select * from xchan where xchan_hash = '%s' limit 1",
diff --git a/include/html2plain.php b/include/html2plain.php
index e5615f8ba..b8c9c440d 100644
--- a/include/html2plain.php
+++ b/include/html2plain.php
@@ -205,7 +205,7 @@ function html2plain($html, $wraplength = 75, $compact = false)
 	if (!$compact) {
 		$counter = 1;
 		foreach ($urls as $id=>$url)
-			if (strpos($message, $url) == false)
+			if ($url && strpos($message, $url) === false)
 				$message .= "\n".$url." ";
 				//$message .= "\n[".($counter++)."] ".$url;
 	}
diff --git a/include/zot.php b/include/zot.php
index 28ecdc4dc..0290d1d46 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -901,16 +901,18 @@ function process_delivery($sender,$arr,$deliveries,$relay) {
 				$ev['uid']         = $channel['channel_id'];
 				$ev['account']     = $channel['channel_account_id'];
 				$ev['edited']      = $arr['edited'];
+				$ev['uri']         = $arr['uri'];
+				$ev['private']     = $arr['item_private'];
 
 				// is this an edit?
 
-				$r = q("SELECT * FROM event left join item on resource_id = event_hash WHERE resource_type = 'event' and
-					`uri` = '%s' AND event.uid = %d LIMIT 1",
+				$r = q("SELECT resource_id FROM item where uri = '%s' and uid = %d and resource_type = 'event' limit 1",
 					dbesc($arr['uri']),
 					intval($channel['channel_id'])
 				);
-				if($r)
-					$ev['event_hash'] = $r[0]['event_hash'];
+				if($r) {
+					$ev['event_hash'] = $r[0]['resource_id'];
+				}
 	dbg(1);
 				$xyz = event_store($ev);
 	dbg(0);
diff --git a/version.inc b/version.inc
index cf9145384..8d6a973e0 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-19.205
+2013-01-20.206
-- 
cgit v1.2.3


From 060716f1721c320c61ce1a5927f24d0a66ec31f0 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 20 Jan 2013 18:05:29 -0800
Subject: make lockview work, bring back acl widget theming in redbasic

---
 done                              | 26 +++++------
 include/text.php                  |  6 ++-
 mod/lockview.php                  | 50 +++++++++-----------
 view/theme/redbasic/css/style.css | 96 ++++++++++++++++++++++++++++++++++++++-
 4 files changed, 134 insertions(+), 44 deletions(-)

diff --git a/done b/done
index d489f5481..627822e01 100644
--- a/done
+++ b/done
@@ -15,7 +15,7 @@ include/
 + account.php
   acl_selectors.php
 + activities.php
-  api.php
+? api.php
 ? attach.php
 + auth.php
 - bb2diaspora.php (check for function dependencies before removing)
@@ -34,7 +34,7 @@ include/
 + directory.php
 - email.php
 + enotify.php
-  event.php
++ event.php
 + expire.php
   fcontact.php
 ? follow.php
@@ -47,23 +47,23 @@ include/
 ? items.php
 + js_strings.php
 + language.php
-  message.php
+? message.php
 - msgclean.php
 ? nav.php
   network.php
-  notifier.php
++ notifier.php
   oauth.php
   oembed.php
-?  onepoll.php
+? onepoll.php
 ? Photo.php
 ? plugin.php
-?  poller.php
+? poller.php
 ? profile_advanced.php
   profile_selectors.php
 ?  queue_fn.php
 ?  queue.php
 - salmon.php
-  Scrape.php
+= Scrape.php
 + security.php
 ? session.php
   socgraph.php
@@ -104,14 +104,14 @@ mod/
   fsuggest.php
 + group.php
 - hcard.php -> not needed
-  help.php
+= help.php
 + home.php
   hostxrd.php -> probably not needed
 ? install.php
   invite.php
 + item.php
 + like.php
-  lockview.php
++ lockview.php
 + login.php
   lostpass.php
   magic.php
@@ -157,10 +157,10 @@ mod/
   suggest.php
   tagger.php
   tagrm.php
-  uexport.php
-  update_community.php - needs converting to json
-  update_network.php - needs converting to json
-  update_profile.php - needs converting to json
+? uexport.php
+? update_community.php - needs converting to json
+? update_network.php - needs converting to json
+? update_profile.php - needs converting to json
   viewcontacts.php
   view.php
 + viewsrc.php
diff --git a/include/text.php b/include/text.php
index 6f2caa510..167fbb1df 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1798,9 +1798,11 @@ function magic_link($s) {
 	return $s;
 }
 	
-function stringify_array_elms(&$arr) {
+// if $escape is true, dbesc() each element before adding quotes
+
+function stringify_array_elms(&$arr,$escape = false) {
 	for($x = 0; $x < count($arr); $x ++)
-		$arr[$x] = "'" . $arr[$x] . "'";
+		$arr[$x] = "'" . (($escape) ? dbesc($arr[$x]) : $arr[$x]) . "'";
 }
 
 /**
diff --git a/mod/lockview.php b/mod/lockview.php
index 0307103f8..01a6997ee 100644
--- a/mod/lockview.php
+++ b/mod/lockview.php
@@ -3,12 +3,12 @@
 
 function lockview_content(&$a) {
   
-	$type = (($a->argc > 1) ? $a->argv[1] : 0);
+	$type = ((argc() > 1) ? argv(1) : 0);
 	if (is_numeric($type)) {
 		$item_id = intval($type);
 		$type='item';
 	} else {
-		$item_id = (($a->argc > 2) ? intval($a->argv[2]) : 0);
+		$item_id = ((argc() > 2) ? intval(argv(2)) : 0);
 	}
   
 	if(! $item_id)
@@ -17,20 +17,20 @@ function lockview_content(&$a) {
 	if (!in_array($type, array('item','photo','event')))
 		killme();
      
-	$r = q("SELECT * FROM `%s` WHERE `id` = %d LIMIT 1",
+	$r = q("SELECT * FROM %s WHERE id = %d LIMIT 1",
 		dbesc($type),
 		intval($item_id)
 	);
-	if(! count($r))
+	if(! $r)
 		killme();
+
 	$item = $r[0];
+
 	if($item['uid'] != local_user())
 		killme();
 
-
-	if(($item['private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) 
+	if(($item['item_private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) 
 		&& (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) {
-
 		echo t('Remote privacy information not available.') . '<br />';
 		killme();
 	}
@@ -43,40 +43,34 @@ function lockview_content(&$a) {
 	$o = t('Visible to:') . '<br />';
 	$l = array();
 
+	stringify_array_elms($allowed_groups,true);
+	stringify_array_elms($allowed_users,true);
+	stringify_array_elms($deny_groups,true);
+	stringify_array_elms($deny_users,true);
+
 	if(count($allowed_groups)) {
-		$r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )",
-			dbesc(implode(', ', $allowed_groups))
-		);
-		if(count($r))
+		$r = q("SELECT name FROM group WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
+		if($r)
 			foreach($r as $rr) 
 				$l[] = '<b>' . $rr['name'] . '</b>';
 	}
 	if(count($allowed_users)) {
-		$r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )",
-			dbesc(implode(', ',$allowed_users))
-		);
-		if(count($r))
+		$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )");
+		if($r)
 			foreach($r as $rr) 
-				$l[] = $rr['name'];
-
+				$l[] = $rr['xchan_name'];
 	}
-
 	if(count($deny_groups)) {
-		$r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )",
-			dbesc(implode(', ', $deny_groups))
-		);
-		if(count($r))
+		$r = q("SELECT name FROM group WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
+		if($r)
 			foreach($r as $rr) 
 				$l[] = '<b><strike>' . $rr['name'] . '</strike></b>';
 	}
 	if(count($deny_users)) {
-		$r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )",
-			dbesc(implode(', ',$deny_users))
-		);
-		if(count($r))
+		$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )");
+		if($r)
 			foreach($r as $rr) 
-				$l[] = '<strike>' . $rr['name'] . '</strike>';
-
+				$l[] = '<strike>' . $rr['xchan_name'] . '</strike>';
 	}
 
 	echo $o . implode(', ', $l);
diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index fd989554b..c7654b65d 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -3778,4 +3778,98 @@ ul.menu-popup {
 
 .tabs-end {
 	clear: both;
-}
\ No newline at end of file
+}
+
+
+
+
+#acl-wrapper {
+	width: 690px;
+	float:left;
+}
+#acl-search {
+	float:right;
+	background: #ffffff url("../../../../images/search_18.png") no-repeat right center;
+	padding-right:20px;
+}
+#acl-showall {
+	float: left;
+	display: block;
+	width: auto;
+	height: 18px;
+	background-color: #cccccc;
+	background-image: url("../../../../images/show_all_off.png");
+	background-position: 7px 7px;
+	background-repeat: no-repeat;
+	padding: 7px 5px 0px 30px;
+	-webkit-border-radius: 5px ;
+	-moz-border-radius: 5px;
+	border-radius: 5px;
+	color: #999999;
+}
+#acl-showall.selected {
+	color: #000000;
+	background-color: #ff9900;
+	background-image: url("../../../../images/show_all_on.png");
+}
+
+#acl-list {
+	height: 210px;
+	border: 1px solid #cccccc;
+	clear: both;
+	margin-top: 30px;
+	overflow: auto;
+}
+#acl-list-content {
+	
+}
+.acl-list-item {
+	display: block;
+	width: 150px;
+	height: 30px;
+	border: 1px solid #cccccc;
+	margin: 5px;
+	float: left;
+}
+.acl-list-item img{
+	width:22px;
+	height: 22px;
+	float: left;
+	margin: 4px;
+}
+.acl-list-item p { height: 12px; font-size: 10px; margin: 0px; padding: 2px 0px 1px; overflow: hidden;}
+.acl-list-item a { 
+	font-size: 8px;
+	display: block;
+	width: 40px;
+	height: 10px;
+	float: left;
+	color: #999999;
+	background-color: #cccccc;
+	background-position: 3px 3px;
+	background-repeat: no-repeat;
+	margin-right: 5px;
+	-webkit-border-radius: 2px ;
+	-moz-border-radius: 2px;
+	border-radius: 2px;
+	padding-left: 15px;
+}
+#acl-wrapper a:hover {
+	text-decoration: none;
+	color:#000000;
+}
+.acl-button-show { background-image: url("../../../../images/show_off.png"); }
+.acl-button-hide { background-image: url("../../../../images/hide_off.png"); }
+
+.acl-button-show.selected {
+	color: #000000;
+	background-color: #9ade00;
+	background-image: url("../../../../images/show_on.png");
+}
+.acl-button-hide.selected {
+	color: #000000;
+	background-color: #ff4141;
+	background-image: url("../../../../images/hide_on.png");
+}
+.acl-list-item.groupshow { border-color: #9ade00; }
+.acl-list-item.grouphide { border-color: #ff4141; }
-- 
cgit v1.2.3


From 15150ab95812f04cb1da6f24c2804ec24c6dd196 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 20 Jan 2013 18:36:33 -0800
Subject: sort out yet more api functions

---
 include/api.php | 61 +++++++++++++++++++++++++++++++++------------------------
 1 file changed, 35 insertions(+), 26 deletions(-)

diff --git a/include/api.php b/include/api.php
index 140e75f29..cf4d45c1a 100644
--- a/include/api.php
+++ b/include/api.php
@@ -640,11 +640,14 @@ require_once('include/security.php');
 
 		// get last public message
 
+		require_once('include/security.php');
+
 		$lastwall = q("SELECT * from item where 1
 			and item_private != 0 and item_restrict = 0
 			and author_xchan = '%s'
 			and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
 			and verb = '%s'
+			and uid in ( " . stream_perms_api_uids() . " )
 			order by created desc limit 1",
 			dbesc($user_info['guid']),
 			dbesc(ACTIVITY_POST)
@@ -709,11 +712,14 @@ require_once('include/security.php');
 	function api_users_show(&$a, $type){
 		$user_info = api_get_user($a);
 
+		require_once('include/security.php');
+
 		$lastwall = q("SELECT * from item where 1
 			and item_private != 0 and item_restrict = 0
 			and author_xchan = '%s'
 			and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
 			and verb = '%s'
+			and uid in ( " . stream_perms_api_uids() . " )
 			order by created desc limit 1",
 			dbesc($user_info['guid']),
 			dbesc(ACTIVITY_POST)
@@ -971,34 +977,31 @@ require_once('include/security.php');
 		$user_info = api_get_user($a);
 
 		// params
-		$id = intval($a->argv[3]);
+		$id = intval(argv(3));
 
 		logger('API: api_statuses_repeat: '.$id);
 
 		//$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false);
-// FIXME
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`nick` as `reply_author`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url` as `reply_url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
-			`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
-			FROM `item`, `contact`
-			WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
-			AND `contact`.`id` = `item`.`contact-id`
-			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
-			$sql_extra
-			AND `item`.`id`=%d",
+
+		$observer = get_app()->get_observer();
+
+		$r = q("SELECT * from item where item_restrict = 0 and id = %d limit 1",
 			intval($id)
 		);
 
-		if ($r[0]['body'] != "") {
-			$_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
-			$_REQUEST['profile_uid'] = api_user();
-			$_REQUEST['type'] = 'wall';
-			$_REQUEST['api_source'] = true;
+		if(perm_is_allowed($r[0]['uid'],$observer['xchan_hash'],'view_stream')) {
+			if ($r[0]['body'] != "") {
+				$_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
+				$_REQUEST['profile_uid'] = api_user();
+				$_REQUEST['type'] = 'wall';
+				$_REQUEST['api_source'] = true;
 
-			require_once('mod/item.php');
-			item_post($a);
+				require_once('mod/item.php');
+				item_post($a);
+			}
 		}
+		else
+			return false;
 
 		if ($type == 'xml')
 			$ok = "true";
@@ -1012,6 +1015,7 @@ require_once('include/security.php');
 	/**
 	 * 
 	 */
+
 	function api_statuses_destroy(&$a, $type){
 		if (api_user()===false) return false;
 
@@ -1476,12 +1480,14 @@ require_once('include/security.php');
 			return false;
 		}
 		
+		// For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
+		// This won't work if either of you send your stream to everybody on the network
 		if($qtype == 'friends')
-			$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
+			$sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
 		if($qtype == 'followers')
-			$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
+			$sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
  
-		$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
+		$r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
 			intval(api_user())
 		);
 
@@ -1588,13 +1594,16 @@ require_once('include/security.php');
 		if(! api_user())
 			return false;
 
+
+		// For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
+		// This won't work if either of you send your stream to everybody on the network
+
 		if($qtype == 'friends')
-			$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
+			$sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
 		if($qtype == 'followers')
-			$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
+			$sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
  
-
-		$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
+		$r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
 			intval(api_user())
 		);
 
-- 
cgit v1.2.3


From 59eed70246e3e222e02410808736fb916acf798c Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 20 Jan 2013 18:43:59 -0800
Subject: missing scope

---
 mod/chanview.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod/chanview.php b/mod/chanview.php
index d3e902f60..601df88fd 100644
--- a/mod/chanview.php
+++ b/mod/chanview.php
@@ -44,7 +44,7 @@ function chanview_content(&$a) {
 		return;
 	}
 
-	$observer = get_observer();
+	$observer = $a->get_observer();
 
 	$url = (($observer) 
 		? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] 
-- 
cgit v1.2.3


From c9f10f41f4e3f2dd5f644fb8e97aef415de22f1d Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 20 Jan 2013 20:14:13 -0800
Subject: Ensure that Red members never see the accursed "and nobody was
 found..." when you've put in an explicit address of a channel you know for
 certain exists.

---
 mod/chanview.php  |  50 ++++++++++++++---
 mod/directory.php | 159 +++++++++++++++++++++++++++---------------------------
 mod/dirsearch.php |   8 +--
 3 files changed, 127 insertions(+), 90 deletions(-)

diff --git a/mod/chanview.php b/mod/chanview.php
index 601df88fd..92ed757f9 100644
--- a/mod/chanview.php
+++ b/mod/chanview.php
@@ -1,9 +1,11 @@
 <?php
 
 require_once('include/Contact.php');
+require_once('include/zot.php');
 
 function chanview_content(&$a) {
 
+	$observer = $a->get_observer();
 	$xchan = null;
 
 	$r = null;
@@ -30,26 +32,58 @@ function chanview_content(&$a) {
 		$r = q("select * from xchan where xchan_url = '%s' limit 1",
 			dbesc($_REQUEST['url'])
 		);
-		if(! $r)
-			$r = array(array('xchan_url' => $_REQUEST['url']));
 	}
 	if($r) {
 		$xchan = $r[0];
-		if($xchan['xchan_hash'])
-			$a->set_widget('vcard',vcard_from_xchan($xchan));
+	}
+
+
+
+	// Here, let's see if we have an xchan. If we don't, how we proceed is determined by what
+	// info we do have. If it's a URL, we can offer to visit it directly. If it's a webbie or 
+	// address, we can and should try to import it. If it's just a hash, we can't continue, but we 
+	// probably wouldn't have a hash if we don't already have an xchan for this channel.
+
+	if(! $xchan) {
+		logger('mod_chanview: fallback');
+		// This is hackish - construct a zot address from the url
+		if($_REQUEST['url']) {
+			if(preg_match('/https?\:\/\/(.*?)(\/channel\/|\/profile\/)(.*?)$/ism',$_REQUEST['url'],$matches)) {
+				$_REQUEST['address'] = $matches[3] . '@' . $matches[1];
+			}
+			logger('mod_chanview: constructed address ' . print_r($matches,true)); 
+		}
 
+		if($_REQUEST['address']) {
+			$ret = zot_finger($_REQUEST['address'],null);
+			if($ret['success']) {
+				$j = json_decode($ret['body'],true);
+				if($j)
+					import_xchan($j);
+				$r = q("select * from xchan where xchan_addr = '%s' limit 1",
+					dbesc($_REQUEST['address'])
+				);
+				if($r)
+					$xchan = $r[0];
+			}
+
+		}
 	}
-	else {
-		notice( t('No valid channel provided.') . EOL);
+
+	if(! $xchan) {
+		notice( t('Channel not found.') . EOL);
 		return;
 	}
 
-	$observer = $a->get_observer();
-
+	if($xchan['xchan_hash'])
+		$a->set_widget('vcard',vcard_from_xchan($xchan));
+				
 	$url = (($observer) 
 		? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] 
 		: $xchan['xchan_url']
 	);
+				
+
 
 	$o = replace_macros(get_markup_template('chanview.tpl'),array(
 		'$url' => $url
diff --git a/mod/directory.php b/mod/directory.php
index 99687a373..d9182d1bd 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -57,7 +57,6 @@ function directory_content(&$a) {
 		if($search)
 			$query .= '&name=' . urlencode($search);
 
-		}
 		if($a->pager['page'] != 1)
 			$query .= '&p=' . $a->pager['page'];
 
@@ -67,111 +66,113 @@ function directory_content(&$a) {
 		if($x['success']) {
 			$t = 0;
 			$j = json_decode($x['body'],true);
-			if($j && $j['results']) {
-
-				$entries = array();
-
-				$photo = 'thumb';
+			if($j) {
 
-				foreach($j['results'] as $rr) {
+				if($j['results']) {
 
+					$entries = array();
 
+					$photo = 'thumb';
 
+					foreach($j['results'] as $rr) {
 
-					$profile_link = chanlink_url($rr['url']);
+						$profile_link = chanlink_url($rr['url']);
 		
-					$pdesc = (($rr['description']) ? $rr['description'] . '<br />' : '');
+						$pdesc = (($rr['description']) ? $rr['description'] . '<br />' : '');
 	
-					$details = '';
-					if(strlen($rr['locale']))
-						$details .= $rr['locale'];
-					if(strlen($rr['region'])) {
+						$details = '';
 						if(strlen($rr['locale']))
-							$details .= ', ';
-						$details .= $rr['region'];
-					}
-					if(strlen($rr['country'])) {
-						if(strlen($details))
-							$details .= ', ';
-						$details .= $rr['country'];
-					}
-					if(strlen($rr['birthday'])) {
-						if(($years = age($rr['birthday'],'UTC','')) != 0)
-							$details .= '<br />' . t('Age: ') . $years ; 
-					}
-					if(strlen($rr['gender']))
-						$details .= '<br />' . t('Gender: ') . $rr['gender'];
-
-					$page_type = '';
-
-					$profile = $rr;
-
-					if ((x($profile,'locale') == 1)
-						|| (x($profile,'region') == 1)
-						|| (x($profile,'postcode') == 1)
-						|| (x($profile,'country') == 1))
-					$location = t('Location:');
-
-					$gender = ((x($profile,'gender') == 1) ? t('Gender:') : False);
+							$details .= $rr['locale'];
+						if(strlen($rr['region'])) {
+							if(strlen($rr['locale']))
+								$details .= ', ';
+							$details .= $rr['region'];
+						}
+						if(strlen($rr['country'])) {
+							if(strlen($details))
+								$details .= ', ';
+							$details .= $rr['country'];
+						}
+						if(strlen($rr['birthday'])) {
+							if(($years = age($rr['birthday'],'UTC','')) != 0)
+								$details .= '<br />' . t('Age: ') . $years ; 
+						}
+						if(strlen($rr['gender']))
+							$details .= '<br />' . t('Gender: ') . $rr['gender'];
+
+						$page_type = '';
+
+						$profile = $rr;
+
+						if ((x($profile,'locale') == 1)
+							|| (x($profile,'region') == 1)
+							|| (x($profile,'postcode') == 1)
+							|| (x($profile,'country') == 1))
+						$location = t('Location:');
+
+						$gender = ((x($profile,'gender') == 1) ? t('Gender:') : False);
 	
-					$marital = ((x($profile,'marital') == 1) ?  t('Status:') : False);
+						$marital = ((x($profile,'marital') == 1) ?  t('Status:') : False);
 		
-					$homepage = ((x($profile,'homepage') == 1) ?  t('Homepage:') : False);
+						$homepage = ((x($profile,'homepage') == 1) ?  t('Homepage:') : False);
 
-					$about = ((x($profile,'about') == 1) ?  t('About:') : False);
+						$about = ((x($profile,'about') == 1) ?  t('About:') : False);
 			
 
-					$entry = array(
-						'id' => ++$t,
-						'profile_link' => $profile_link,
-						'photo' => $rr['photo'],
-						'alttext' => $rr['name'] . ' ' . $rr['address'],
-						'name' => $rr['name'],
-						'details' => $pdesc . $details,
-						'profile' => $profile,
-						'location' => $location,
-						'gender'   => $gender,
-						'pdesc'	=> $pdesc,
-						'marital'  => $marital,
-						'homepage' => $homepage,
-						'about' => $about,
+						$entry = array(
+							'id' => ++$t,
+							'profile_link' => $profile_link,
+							'photo' => $rr['photo'],
+							'alttext' => $rr['name'] . ' ' . $rr['address'],
+							'name' => $rr['name'],
+							'details' => $pdesc . $details,
+							'profile' => $profile,
+							'location' => $location,
+							'gender'   => $gender,
+							'pdesc'	=> $pdesc,
+							'marital'  => $marital,
+							'homepage' => $homepage,
+							'about' => $about,
 	
-					);
+						);
 
-					$arr = array('contact' => $rr, 'entry' => $entry);
+						$arr = array('contact' => $rr, 'entry' => $entry);
 
-					call_hooks('directory_item', $arr);
+						call_hooks('directory_item', $arr);
 			
-					$entries[] = $entry;
+						$entries[] = $entry;
 
-					unset($profile);
-					unset($location);
+						unset($profile);
+						unset($location);
 
 
-				}
+					}
 
-				logger('entries: ' . print_r($entries,true));
+					logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA);
 
-				$o .= replace_macros($tpl, array(
-					'$search' => $search,
-					'$desc' => t('Find'),
-					'$finddsc' => t('Finding:'),
-					'$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'),
-					'$entries' => $entries,
-					'$dirlbl' => t('Directory'),
-					'$submit' => t('Find')
-				));
+					$o .= replace_macros($tpl, array(
+						'$search' => $search,
+						'$desc' => t('Find'),
+						'$finddsc' => t('Finding:'),
+						'$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'),
+						'$entries' => $entries,
+						'$dirlbl' => t('Directory'),
+						'$submit' => t('Find')
+					));
 
 
-				$o .= alt_pager($a,$j['records'], t('more'), t('back'));
+					$o .= alt_pager($a,$j['records'], t('more'), t('back'));
 
+				}
+				else {
+					if($a->pager['page'] == 1 && $j['records'] == 0 && strpos($search,'@')) {
+						goaway(z_root() . '/chanview/?f=&address=' . $search);
+					}
+					info( t("No entries (some entries may be hidden).") . EOL);
+				}
 			}
-
-			else
-				info( t("No entries (some entries may be hidden).") . EOL);
-
 		}
-
+	}
 	return $o;
 }
 
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 07af90ffb..b3893afe7 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -78,9 +78,11 @@ function dirsearch_content(&$a) {
 		$qlimit = " LIMIT $limit ";
 	else {
 		$qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage);
-		$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra");
-		if($r) {
-			$ret['total_items'] = $r[0]['total'];
+		if($return_total) {
+			$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra");
+			if($r) {
+				$ret['total_items'] = $r[0]['total'];
+			}
 		}
 	}
 
-- 
cgit v1.2.3


From 01be0fc2d8723cfecde5a9b2c7c98709f893ce75 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 20 Jan 2013 20:58:06 -0800
Subject: fix the visual group editor

---
 mod/group.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mod/group.php b/mod/group.php
index 91b9999dc..6c9b8d78c 100644
--- a/mod/group.php
+++ b/mod/group.php
@@ -201,7 +201,7 @@ function group_content(&$a) {
 	$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
 	foreach($members as $member) {
 		if($member['xchan_url']) {
-			$member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return true;';
+			$member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return false;';
 			$groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode);
 		}
 		else
@@ -219,7 +219,7 @@ function group_content(&$a) {
 		$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
 		foreach($r as $member) {
 			if(! in_array($member['xchan_hash'],$preselected)) {
-				$member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return true;';
+				$member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return false;';
 				$groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode);
 			}
 		}
-- 
cgit v1.2.3


From 6766f7f829923209e5ef4fda1452ed0b2ce0f09d Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 21 Jan 2013 00:54:29 -0800
Subject: minor theme nits

---
 view/theme/redbasic/css/style.css | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index c7654b65d..e7c99f99f 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -336,11 +336,6 @@ footer {
 	font-weight: bold;
 }
 
-div.wall-item-content-wrapper.shiny {
-	background: #f4f4f4;
-	border: none;
-}
-
 .preview {
 	background: lightyellow;
 }
@@ -665,7 +660,6 @@ input#dfrn-url {
 
 .vcard .title {
 	margin-bottom: 5px;
-	margin-left: 12px;
 }
 
 .vcard dl {
@@ -1063,9 +1057,9 @@ input#dfrn-url {
 	margin-top: 10px;
 	position: relative;
 	background: #fff;
-	border-radius: 5px;
+/*	border-radius: 5px; */
 /*	box-shadow: 12px 12px 12px #111; */
-	border: 1px solid #eec;
+	border-left: 1px solid #eec;
 
 }
 .wall-item-content-wrapper.comment {
@@ -1266,7 +1260,6 @@ input#dfrn-url {
 
 .wall-item-tools {
 	clear: both;
-    background: #eee;
     padding: 5px 10px;
 }    
 
-- 
cgit v1.2.3


From debf7f5f2691bab3c3b9c6ddd4fa3135f3d4aea2 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 21 Jan 2013 15:39:05 -0800
Subject: more work on magic auth

---
 include/zot.php                   | 6 ++++++
 mod/magic.php                     | 6 +++++-
 mod/post.php                      | 6 ++++++
 version.inc                       | 2 +-
 view/theme/redbasic/css/style.css | 1 +
 5 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/include/zot.php b/include/zot.php
index 0290d1d46..fc1241ff2 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -101,6 +101,12 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_
 		'version' => ZOT_REVISION
 	);
 
+	// These fields are present when using magic auth
+
+	if(array_key_exists('token',$channel)) {
+		$data['sender']['token'] = $channel['token'];
+		$data['sender']['token_sig'] = $channel['token_sig'];
+	}
 
 	if($recipients)
 		$data['recipients'] = $recipients;
diff --git a/mod/magic.php b/mod/magic.php
index b74130005..3ae54bea0 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -53,9 +53,13 @@ function magic_init(&$a) {
 		}
 
 		$token = random_string();
-
+		$token_sig = rsa_sign($token,$channel['channel_prvkey']);
+ 
 		$recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig']));
  		$channel = $a->get_channel();
+		$channel['token'] = $token;
+		$channel['token_sig'] = $token_sig;
+
 		$hash = random_string();
 
 		$r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')",
diff --git a/mod/post.php b/mod/post.php
index 53180e1c1..ee21f2ffb 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -165,6 +165,12 @@ function post_post(&$a) {
 
 	}
 
+	if($msgtype === 'auth') {
+		logger('mod_post: auth: ' . print_r($data,true)); 
+	
+
+	}
+
 }
 
 
diff --git a/version.inc b/version.inc
index 8d6a973e0..6c9b95b8c 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-20.206
+2013-01-21.207
diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index e7c99f99f..7bcad2b2d 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -3584,6 +3584,7 @@ nav .nav-menu {
 nav .nav-menu.selected {
   border-bottom: 4px solid #CCCCCC;
 }
+
 nav .nav-notify {
   background-color: #0d0;
   color: #fff;
-- 
cgit v1.2.3


From ab24a967b669f50a61faa3a5c9e09a8da4d40b52 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 21 Jan 2013 15:42:58 -0800
Subject: re-arrange the order a bit

---
 mod/magic.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mod/magic.php b/mod/magic.php
index 3ae54bea0..81fad3446 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -55,11 +55,13 @@ function magic_init(&$a) {
 		$token = random_string();
 		$token_sig = rsa_sign($token,$channel['channel_prvkey']);
  
-		$recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig']));
  		$channel = $a->get_channel();
 		$channel['token'] = $token;
 		$channel['token_sig'] = $token_sig;
 
+
+		$recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig']));
+
 		$hash = random_string();
 
 		$r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')",
-- 
cgit v1.2.3


From 6421c09cff6bebd9c7f191d36239a8c4efe74bdf Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 21 Jan 2013 15:45:06 -0800
Subject: oopsie

---
 mod/magic.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mod/magic.php b/mod/magic.php
index 81fad3446..2ea686b1b 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -52,10 +52,11 @@ function magic_init(&$a) {
 			goaway($desturl);
 		}
 
+ 		$channel = $a->get_channel();
+
 		$token = random_string();
 		$token_sig = rsa_sign($token,$channel['channel_prvkey']);
  
- 		$channel = $a->get_channel();
 		$channel['token'] = $token;
 		$channel['token_sig'] = $token_sig;
 
-- 
cgit v1.2.3


From 5949607d17bceb51d61c73b5c0dbc0fcc063bd04 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 21 Jan 2013 19:16:21 -0800
Subject: magic auth - it's mostly done or at least all the code bits are
 written and it looks in theory to be pretty secure and it doesn't white
 screen. Getting it to actually work(?), well we won't know how hard that will
 be until we get it on a couple of systems and try it. Magic auth on one box
 is a no-op because you're already authenticated.

---
 boot.php         |   9 +++-
 include/auth.php |  21 +++++---
 include/zot.php  |  11 ++--
 mod/magic.php    | 119 ++++++++++++++++++++++---------------------
 mod/post.php     | 151 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 5 files changed, 232 insertions(+), 79 deletions(-)

diff --git a/boot.php b/boot.php
index 63c7325ea..5dddb6404 100644
--- a/boot.php
+++ b/boot.php
@@ -454,7 +454,7 @@ if(! class_exists('App')) {
 		private $widgets  = array();         // widgets for this page
 
 
-
+		public  $groups;
 		public  $language;
 		public  $module_loaded = false;
 		public  $query_string;
@@ -749,6 +749,13 @@ if(! class_exists('App')) {
 			$this->apps = $arr;
 		}
 
+		function set_groups($g) {
+			$this->groups = $g;
+		}
+
+		function get_groups() {
+			return $this->groups;
+		}
 
 		function set_widget($title,$html, $location = 'aside') {
 			$this->widgets[] = array('title' => $title, 'html' => $html, 'location' => $location);
diff --git a/include/auth.php b/include/auth.php
index c12432449..75a450dc8 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -64,14 +64,19 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 		goaway(z_root());
 	}
 
-//	if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
-//		$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
-//			intval($_SESSION['visitor_id'])
-//		);
-//		if(count($r)) {
-//			$a->contact = $r[0];
-//		}
-//	}
+	if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
+		$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+			dbesc($_SESSION['visitor_id'])
+		);
+		if($r) {
+			get_app()->set_observer($r[0]);
+		}
+		else {
+			unset($_SESSION['visitor_id']);
+			unset($_SESSION['authenticated']);
+		}
+		$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+	}
 
 	if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
 
diff --git a/include/zot.php b/include/zot.php
index fc1241ff2..38bac5e93 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -101,18 +101,13 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_
 		'version' => ZOT_REVISION
 	);
 
-	// These fields are present when using magic auth
-
-	if(array_key_exists('token',$channel)) {
-		$data['sender']['token'] = $channel['token'];
-		$data['sender']['token_sig'] = $channel['token_sig'];
-	}
-
 	if($recipients)
 		$data['recipients'] = $recipients;
 
-	if($secret)
+	if($secret) {
 		$data['secret'] = $secret; 
+		$data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey']));
+	}
 
 	logger('zot_build_packet: ' . print_r($data,true));
 
diff --git a/mod/magic.php b/mod/magic.php
index 2ea686b1b..c5aeb4c8e 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -4,58 +4,74 @@
 
 function magic_init(&$a) {
 
-	$url = ((x($_REQUEST,'url')) ? $_REQUEST['url'] : '');
 	$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
 	$hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : '');
 	$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
 
+	if($hash) {
+		$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
+			where hublock_hash = '%s' and (hubloc_flags & %d) limit 1",
+			intval(HUBLOC_FLAGS_PRIMARY)
+		);
+	}
+	elseif($addr) {
+		$x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash 
+			where xchan_addr = '%s' and (hubloc_flags & %d) limit 1",
+			dbesc($addr),
+			intval(HUBLOC_FLAGS_PRIMARY)
+		);
+	}
 
-	if(local_user()) { 
-
-		if($hash) {
-			$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
-				where hublock_hash = '%s' and (hubloc_flags & %d) limit 1",
-				intval(HUBLOC_FLAGS_PRIMARY)
-			);
-		}
-		elseif($addr) {
-			$x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash 
-				where xchan_addr = '%s' and (hubloc_flags & %d) limit 1",
-				dbesc($addr),
-				intval(HUBLOC_FLAGS_PRIMARY)
-			);
+	if(! $x) {
+
+		// Finger them if they've never been seen here before
+
+		if($addr) {
+			$ret = zot_finger($addr,null);
+			if($ret['success']) {
+				$j = json_decode($ret['body'],true);
+				if($j)
+					import_xchan($j);
+				$x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash 
+					where xchan_addr = '%s' and (hubloc_flags & %d) limit 1",
+					dbesc($addr),
+					intval(HUBLOC_FLAGS_PRIMARY)
+				);
+			}
 		}
+	}
 
-		if(! $x) {
-			notice( t('Channel not found.') . EOL);
-			return;
-		}
+	if(! $x) {
+		notice( t('Channel not found.') . EOL);
+		return;
+	}
 
-		if($x[0]['hubloc_url'] === z_root()) {
-			$webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr']));
-			switch($dest) {
-				case 'channel':
-					$desturl = z_root() . '/channel/' . $webbie;
-					break;
-				case 'photos':
-					$desturl = z_root() . '/photos/' . $webbie;
-					break;
-				case 'profile':
-					$desturl = z_root() . '/profile/' . $webbie;
-					break;
-				default:
-					$desturl = $dest;
-					break;
-			}
-			// We are already authenticated on this site and a registered observer.
-			// Just redirect.
-			goaway($desturl);
+	if($x[0]['hubloc_url'] === z_root()) {
+		$webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr']));
+		switch($dest) {
+			case 'channel':
+				$desturl = z_root() . '/channel/' . $webbie;
+				break;
+			case 'photos':
+				$desturl = z_root() . '/photos/' . $webbie;
+				break;
+			case 'profile':
+				$desturl = z_root() . '/profile/' . $webbie;
+				break;
+			default:
+				$desturl = $dest;
+				break;
 		}
+		// We are already authenticated on this site and a registered observer.
+		// Just redirect.
+		goaway($desturl);
+	}
 
- 		$channel = $a->get_channel();
+	if(local_user()) {
+		$channel = $a->get_channel();
 
 		$token = random_string();
-		$token_sig = rsa_sign($token,$channel['channel_prvkey']);
+		$token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey']));
  
 		$channel['token'] = $token;
 		$channel['token_sig'] = $token_sig;
@@ -73,25 +89,12 @@ function magic_init(&$a) {
 			dbesc(datetime_convert())
 		);
 
-		$packet = zot_build_packet($channel,'auth',$recip,$x[0]['hubloc_sitekey'],$hash);
-		$result = zot_zot($x[0]['hubloc_callback'],$packet);
-		if($result['success']) {
-			$j = json_decode($result['body'],true);
-			if($j['iv']) {
-				$y = aes_unencapsulate($j,$channel['prvkey']);
-				$j = json_decode($y,true);
-			}
-			if($j['token'] && $j['ticket'] && $j['token'] === $token) {
-				$r = q("delete from verify where token = '%s' and type = '%s' and channel = %d limit 1",
-					dbesc($token),
-					dbesc('auth'),
-					intval($channel['channel_id'])
-				);				
-				goaway($x[0]['callback'] . '?f=&ticket=' . $ticket . '&dest=' . $dest);
-			}
-		}
-		goaway($dest);
+		goaway($x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@'))
+			. '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname()
+			. '&sec=' . $token . '&dest=' . $dest . '&version=' . ZOT_REVISION);
 	}
 
+	if(strpos($dest,'/'))
+		goaway($dest);
 	goaway(z_root());
 }
diff --git a/mod/post.php b/mod/post.php
index ee21f2ffb..bfcc99022 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -6,6 +6,110 @@
 
 
 require_once('include/zot.php');
+
+
+function post_init(&$a) {
+
+	// All other access to this endpoint is via the post method.
+	// Here we will pick out the magic auth params which arrive
+	// as a get request.
+
+	if(argc() > 1) {
+
+		$webbie = argv(1);
+
+		if(array_key_exists('auth',$_REQUEST)) {
+
+			$address = $_REQUEST['auth'];
+			$dest    = $_REQUEST['dest'];
+			$sec     = $_REQUEST['sec'];
+			$version = $_REQUEST['version'];
+
+			switch($dest) {
+				case 'channel':
+					$desturl = z_root() . '/channel/' . $webbie;
+					break;
+				case 'photos':
+					$desturl = z_root() . '/photos/' . $webbie;
+					break;
+				case 'profile':
+					$desturl = z_root() . '/profile/' . $webbie;
+					break;
+				default:
+					$desturl = $dest;
+					break;
+			}
+			$c = q("select * from channel where channel_address = '%s' limit 1",
+				dbesc($webbie)
+			);
+			if(! $c) {
+				logger('mod_zot: auth: unable to find channel ' . $webbie);
+				// They'll get a notice when they hit the page, we don't need two. 
+				goaway($desturl);
+			}
+
+			// Try and find a hubloc for the person attempting to auth
+			$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+				dbesc($address)
+			);
+
+			if(! $x) {
+				// finger them if they can't be found. 
+				$ret = zot_finger($addr,null);
+				if($ret['success']) {
+					$j = json_decode($ret['body'],true);
+					if($j)
+						import_xchan($j);
+					$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+						dbesc($address)
+					);
+				}
+			}
+			if(! $x)
+				goaway($desturl);
+
+			// check credentials and access
+
+			// Auth packets MUST use ultra top-secret hush-hush mode 
+
+			$p = zot_build_packet($c[0],$type = 'auth_check',array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig']), $x[0]['hubloc_prvkey'], $sec);
+			$result = zot_zot($x[0]['hubloc_url'],$p);
+
+			if($result['success']) {
+				$j = json_decode($result['body'],true);
+				if($j['result']) {
+					// everything is good... maybe
+					if(local_user()) {
+						notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry') . EOL);
+						goaway($desturl);
+					}
+					// log them in
+					$_SESSION['authenticated'] = 1;
+					$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
+					$a->set_observer($x[0]);
+					$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+					notice(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
+				}
+			}
+
+
+
+
+			
+
+			goaway($desturl);
+		}
+
+		logger('mod_zot: invalid args: ' . print_r($a->argv,true));
+		killme();
+	}
+
+	return;
+}
+
+
+
+
 	
 function post_post(&$a) {
 
@@ -165,12 +269,51 @@ function post_post(&$a) {
 
 	}
 
-	if($msgtype === 'auth') {
-		logger('mod_post: auth: ' . print_r($data,true)); 
-	
+	if($msgtype === 'auth_check') {
+		$arr = $data['sender'];
+		$sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
 
+		$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
+			dbesc($sender_hash)
+		);
+		if((! $y) || (! rsa_verify($data['secret'],$data['secret_sig'],$y[0]['xchan_pubkey']))) {
+			logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
+			json_return_and_die($ret);
+		}
+		if($data['recipients']) {
+
+			$arr = $data['recipients'][0];
+			$recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
+			$c = q("select channel_id from channel where channel_hash = '%s' limit 1",
+				dbesc($recip_hash)
+			);
+			if(! $c) {
+				logger('mod_zot: auth_check: recipient channel not found.');
+				json_return_and_die($ret);
+			}
+			$z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' limit 1",
+				intval($c[0]['channel_id']),
+				dbesc($data['secret'])
+			);
+			if(! $z) {
+				logger('mod_zot: auth_check: verification key not found.');
+				json_return_and_die($ret);
+			}
+			$r = q("delete from verify where id = %d limit 1",
+				intval($z[0]['id'])
+			);
+
+			$ret['result'] = true;
+			json_return_and_die($ret);
+
+		}
+		json_return_and_die($ret);
 	}
 
-}
 
+	// catchall
+	json_return_and_die($ret);
+
+
+}
 
-- 
cgit v1.2.3


From 4119e1f9cc9ebb6a45ec69fd23c1262b3f823c3a Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 21 Jan 2013 19:40:25 -0800
Subject: testing begins

---
 include/contact_widgets.php | 34 +++++++++++++++++-----------------
 mod/post.php                |  6 +++---
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index 47945e66e..cb3dc0740 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -116,23 +116,23 @@ function common_friends_visitor_widget($profile_uid) {
 	}
 
 // FIXME
-	if(! $cid) {
-		if(get_my_url()) {
-			$r = q("select id from contact where nurl = '%s' and uid = %d limit 1",
-				dbesc(normalise_link(get_my_url())),
-				intval($profile_uid)
-			);
-			if(count($r))
-				$cid = $r[0]['id'];
-			else {
-				$r = q("select id from gcontact where nurl = '%s' limit 1",
-					dbesc(normalise_link(get_my_url()))
-				);
-				if(count($r))
-					$zcid = $r[0]['id'];
-			}
-		}
-	}
+//	if(! $cid) {
+//		if(get_my_url()) {
+//			$r = q("select id from contact where nurl = '%s' and uid = %d limit 1",
+//				dbesc(normalise_link(get_my_url())),
+//				intval($profile_uid)
+//			);
+//			if(count($r))
+//				$cid = $r[0]['id'];
+//			else {
+//				$r = q("select id from gcontact where nurl = '%s' limit 1",
+//					dbesc(normalise_link(get_my_url()))
+//				);
+//				if(count($r))
+//					$zcid = $r[0]['id'];
+//			}
+//		}
+//	}
 
 	if($cid == 0 && $zcid == 0)
 		return; 
diff --git a/mod/post.php b/mod/post.php
index bfcc99022..7a96bcf7a 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -72,8 +72,8 @@ function post_init(&$a) {
 
 			// Auth packets MUST use ultra top-secret hush-hush mode 
 
-			$p = zot_build_packet($c[0],$type = 'auth_check',array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig']), $x[0]['hubloc_prvkey'], $sec);
-			$result = zot_zot($x[0]['hubloc_url'],$p);
+			$p = zot_build_packet($c[0],$type = 'auth_check',array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec);
+			$result = zot_zot($x[0]['hubloc_callback'],$p);
 
 			if($result['success']) {
 				$j = json_decode($result['body'],true);
@@ -276,7 +276,7 @@ function post_post(&$a) {
 		$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
 			dbesc($sender_hash)
 		);
-		if((! $y) || (! rsa_verify($data['secret'],$data['secret_sig'],$y[0]['xchan_pubkey']))) {
+		if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
 			logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
 			json_return_and_die($ret);
 		}
-- 
cgit v1.2.3


From fb76675a28b37b7281546373671d0dabbd69ef46 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 21 Jan 2013 19:56:39 -0800
Subject: now we're into the minor nitty fixes

---
 boot.php             | 2 +-
 include/auth.php     | 6 +++---
 include/security.php | 2 +-
 mod/post.php         | 3 ++-
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/boot.php b/boot.php
index 5dddb6404..eb5d54961 100644
--- a/boot.php
+++ b/boot.php
@@ -1186,7 +1186,7 @@ if(! function_exists('local_user')) {
 if(! function_exists('remote_user')) {
 	function remote_user() {
 		if((x($_SESSION,'authenticated')) && (x($_SESSION,'visitor_id')))
-			return intval($_SESSION['visitor_id']);
+			return $_SESSION['visitor_id'];
 		return false;
 	}
 }
diff --git a/include/auth.php b/include/auth.php
index 75a450dc8..9cdbd80d5 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -63,9 +63,9 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 		info( t('Logged out.') . EOL);
 		goaway(z_root());
 	}
-
+dbg(1);
 	if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
-		$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+		$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1",
 			dbesc($_SESSION['visitor_id'])
 		);
 		if($r) {
@@ -77,7 +77,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 		}
 		$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
 	}
-
+dbg(0);
 	if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
 
 		// already logged in user returning
diff --git a/include/security.php b/include/security.php
index 25318b3e8..f28174153 100644
--- a/include/security.php
+++ b/include/security.php
@@ -349,7 +349,7 @@ if(! function_exists('init_groups_visitor')) {
 function init_groups_visitor($contact_id) {
 	$groups = array();
 	$r = q("SELECT gid FROM group_member WHERE xchan = '%s' ",
-		intval($contact_id)
+		dbesc($contact_id)
 	);
 	if(count($r)) {
 		foreach($r as $rr)
diff --git a/mod/post.php b/mod/post.php
index 7a96bcf7a..36b2e1482 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -87,8 +87,9 @@ function post_init(&$a) {
 					$_SESSION['authenticated'] = 1;
 					$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
 					$a->set_observer($x[0]);
+					require_once('include/security.php');
 					$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
-					notice(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
+					info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
 				}
 			}
 
-- 
cgit v1.2.3


From bda4ca4c0d9f247675f4c241ecb0d402bb380d8f Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 22 Jan 2013 00:20:25 -0800
Subject: hidden directory entries

---
 boot.php          |  2 ++
 include/zot.php   | 14 +++++++++++---
 mod/dirsearch.php | 11 ++++++++---
 mod/profiles.php  |  2 +-
 mod/zfinger.php   |  3 ++-
 5 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/boot.php b/boot.php
index eb5d54961..6d38a21a6 100644
--- a/boot.php
+++ b/boot.php
@@ -266,6 +266,8 @@ define ( 'HUBLOC_FLAGS_PRIMARY',      0x0001);
 define ( 'HUBLOC_FLAGS_UNVERIFIED',   0x0002);
 
 
+define ( 'XCHAN_FLAGS_HIDDEN',        0x0001);
+
 
 /**
  * Tag/term types
diff --git a/include/zot.php b/include/zot.php
index 38bac5e93..2623d68c4 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -531,14 +531,22 @@ function import_xchan($arr) {
 		dbesc($xchan_hash)
 	);	
 
+
 	if($r) {
 		if($r[0]['xchan_photo_date'] != $arr['photo_updated'])
-			$update_photos = true;
-		if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url'])) {
-			$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s'  where xchan_hash = '%s' limit 1",
+			$import_photos = true;
+
+		if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable'])
+			$new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN;
+		else
+			$new_flags = $r[0]['xchan_flags'];
+
+		if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) {
+			$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d  where xchan_hash = '%s' limit 1",
 				dbesc($arr['name']),
 				dbesc($arr['name_updated']),
 				dbesc($arr['connections_url']),
+				intval($new_flags),
 				dbesc($xchan_hash)
 			);
 		}
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index b3893afe7..57132519c 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -74,12 +74,16 @@ function dirsearch_content(&$a) {
 	// If &return_total=1, we count matching entries and return that as 'total_items' for use in pagination.
 	// By default we return one page (default 80 items maximum) and do not count total entries
 
+	$logic = ((strlen($sql_extra)) ? 0 : 1);
+
 	if($limit) 
 		$qlimit = " LIMIT $limit ";
 	else {
 		$qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage);
 		if($return_total) {
-			$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra");
+			$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d) ",
+				intval(XCHAN_FLAGS_HIDDEN)
+			);
 			if($r) {
 				$ret['total_items'] = $r[0]['total'];
 			}
@@ -87,9 +91,10 @@ function dirsearch_content(&$a) {
 	}
 
 	$order = " ORDER BY `xchan_name` ASC ";
-	$logic = ((strlen($sql_extra)) ? 0 : 1);
 
-	$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra $order $qlimit ");
+	$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d ) $order $qlimit ",
+		intval(XCHAN_FLAGS_HIDDEN)
+	);
 
 	$ret['page'] = $page + 1;
 	$ret['records'] = count($r);		
diff --git a/mod/profiles.php b/mod/profiles.php
index 12c86e3a2..e857c4216 100644
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -620,7 +620,7 @@ function profiles_content(&$a) {
 
 			foreach($r as $rr) {
 				$o .= replace_macros($tpl, array(
-					'$photo' => $a->get_cached_avatar_image($rr['thumb']),
+					'$photo' => $rr['thumb'],
 					'$id' => $rr['id'],
 					'$alt' => t('Profile Image'),
 					'$profile_name' => $rr['profile_name'],
diff --git a/mod/zfinger.php b/mod/zfinger.php
index 3452db68c..2fb169ef1 100644
--- a/mod/zfinger.php
+++ b/mod/zfinger.php
@@ -72,7 +72,8 @@ function zfinger_init(&$a) {
 	$id = $e['channel_id'];
 
 	$searchable = (($e['channel_pageflags'] & PAGE_HIDDEN) ? false : true);
-
+	if($e['xchan_flags'] & XCHAN_FLAGS_HIDDEN)
+		$searchable = false;
 	 
 
 	//  This is for birthdays and keywords, but must check access permissions
-- 
cgit v1.2.3


From beb3301d43c0d532bd6984ee745074479babdabb Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 22 Jan 2013 02:56:32 -0800
Subject: security fixes related to directory access and sites that are off the
 grid

---
 include/zot.php   | 15 ++++++++++++++-
 mod/directory.php |  4 ++++
 mod/dirsearch.php | 10 +++-------
 mod/search.php    |  5 +++++
 mod/zfinger.php   |  3 +--
 5 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/include/zot.php b/include/zot.php
index 2623d68c4..f35c6f93e 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -536,11 +536,24 @@ function import_xchan($arr) {
 		if($r[0]['xchan_photo_date'] != $arr['photo_updated'])
 			$import_photos = true;
 
+		// if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry.
+		// TODO: check if we're the same directory realm, which would mean we are allowed to see it
+
+		$dirmode = get_config('system','directory_mode'); 
+
+		if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE))
+&& ($arr['site']['url'] != z_root()))
+			$arr['searchable'] = false;
+
+		
+
+		// Be careful - XCHAN_FLAGS_HIDDEN should evaluate to 1
 		if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable'])
 			$new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN;
 		else
 			$new_flags = $r[0]['xchan_flags'];
-
+		
+			
 		if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) {
 			$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d  where xchan_hash = '%s' limit 1",
 				dbesc($arr['name']),
diff --git a/mod/directory.php b/mod/directory.php
index d9182d1bd..f2d9e1e02 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -56,6 +56,8 @@ function directory_content(&$a) {
 		$query = $url . '?f=' ;
 		if($search)
 			$query .= '&name=' . urlencode($search);
+		if(strpos($search,'@'))
+			$query .= '&address=' . urlencode($search);
 
 		if($a->pager['page'] != 1)
 			$query .= '&p=' . $a->pager['page'];
@@ -63,6 +65,8 @@ function directory_content(&$a) {
 		logger('mod_directory: query: ' . $query);
 
 		$x = z_fetch_url($query);
+		logger('directory: return from upstream: ' . print_r($x,true));
+
 		if($x['success']) {
 			$t = 0;
 			$j = json_decode($x['body'],true);
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 57132519c..1dbe60499 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -14,16 +14,12 @@ function dirsearch_content(&$a) {
 
 	// If you've got a public directory server, you probably shouldn't block public access
 
-	if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
-		$ret['message'] = t('Public access denied.');
-		return;
-	}
 
 	$dirmode = intval(get_config('system','directory_mode'));
 
 	if($dirmode == DIRECTORY_MODE_NORMAL) {
 		$ret['message'] = t('This site is not a directory server');
-		return;
+		json_return_and_die($ret);
 	}
 
 	$name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : '');
@@ -75,7 +71,7 @@ function dirsearch_content(&$a) {
 	// By default we return one page (default 80 items maximum) and do not count total entries
 
 	$logic = ((strlen($sql_extra)) ? 0 : 1);
-
+dbg(1);
 	if($limit) 
 		$qlimit = " LIMIT $limit ";
 	else {
@@ -95,7 +91,7 @@ function dirsearch_content(&$a) {
 	$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d ) $order $qlimit ",
 		intval(XCHAN_FLAGS_HIDDEN)
 	);
-
+dbg(0);
 	$ret['page'] = $page + 1;
 	$ret['records'] = count($r);		
 
diff --git a/mod/search.php b/mod/search.php
index a9f2df069..7a0f4205d 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -117,6 +117,11 @@ function search_content(&$a) {
 		goaway(z_root() . '/directory' . '?f=1&search=' . $search);
 	}
 
+	// look for a naked webbie
+	if(strpos($search,'@') !== false) {
+		goaway(z_root() . '/directory' . '?f=1&search=' . $search);
+	}
+
 	if(! $search)
 		return $o;
 
diff --git a/mod/zfinger.php b/mod/zfinger.php
index 2fb169ef1..b7a89b12b 100644
--- a/mod/zfinger.php
+++ b/mod/zfinger.php
@@ -75,7 +75,6 @@ function zfinger_init(&$a) {
 	if($e['xchan_flags'] & XCHAN_FLAGS_HIDDEN)
 		$searchable = false;
 	 
-
 	//  This is for birthdays and keywords, but must check access permissions
 	$p = q("select * from profile where uid = %d and is_default = 1",
 		intval($e['channel_id'])
@@ -181,7 +180,7 @@ function zfinger_init(&$a) {
 	elseif($dirmode == DIRECTORY_MODE_STANDALONE)
 		$ret['site']['directory_mode'] = 'standalone';
 	if($dirmode != DIRECTORY_MODE_NORMAL)
-		$ret['site']['directory_url'] = z_root() . '/dir';
+		$ret['site']['directory_url'] = z_root() . '/dirsearch';
  
 	json_return_and_die($ret);
 
-- 
cgit v1.2.3


From cf2488e999944ca1135ac62955527a376ad0eac2 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 22 Jan 2013 17:48:42 -0800
Subject: clean up the photo storage backend, revamp mod/wall_upload

---
 boot.php                |   2 +-
 include/Photo.php       |  18 ++-
 include/items.php       |   6 +-
 include/user.php        | 320 ------------------------------------------------
 install/database.sql    |   4 +-
 install/update.php      |   9 +-
 mod/intro.php           |   7 +-
 mod/photos.php          |  11 +-
 mod/profile_photo.php   |  11 +-
 mod/wall_upload.php     | 159 +++++++++++++-----------
 version.inc             |   2 +-
 view/tpl/jot-header.tpl |  14 +--
 12 files changed, 138 insertions(+), 425 deletions(-)
 delete mode 100644 include/user.php

diff --git a/boot.php b/boot.php
index 6d38a21a6..e561ec6c2 100644
--- a/boot.php
+++ b/boot.php
@@ -16,7 +16,7 @@ require_once('include/features.php');
 define ( 'FRIENDICA_PLATFORM',     'Friendica Red');
 define ( 'FRIENDICA_VERSION',      trim(file_get_contents('version.inc')) . 'R');
 define ( 'ZOT_REVISION',               1     ); 
-define ( 'DB_UPDATE_VERSION',       1020     );
+define ( 'DB_UPDATE_VERSION',       1021     );
 
 define ( 'EOL',                    '<br />' . "\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
diff --git a/include/Photo.php b/include/Photo.php
index c3165cc9f..a60cfc868 100644
--- a/include/Photo.php
+++ b/include/Photo.php
@@ -523,7 +523,7 @@ class Photo {
 
 
 
-    public function store($uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') {
+    public function store($aid, $uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') {
 
         $x = q("select id from photo where `resource_id` = '%s' and uid = %d and `xchan` = '%s' and `scale` = %d limit 1",
                 dbesc($rid),
@@ -533,6 +533,7 @@ class Photo {
         );
         if(count($x)) {
             $r = q("UPDATE `photo`
+				set `aid` = %d,
                 set `uid` = %d,
                 `xchan` = '%s',
                 `resource_id` = '%s',
@@ -544,6 +545,7 @@ class Photo {
                 `height` = %d,
                 `width` = %d,
                 `data` = '%s',
+				`size` = %d,
                 `scale` = %d,
                 `profile` = %d,
                 `allow_cid` = '%s',
@@ -552,6 +554,7 @@ class Photo {
                 `deny_gid` = '%s'
                 where id = %d limit 1",
 
+				intval($aid),
                 intval($uid),
                 dbesc($xchan),
                 dbesc($rid),
@@ -563,6 +566,7 @@ class Photo {
                 intval($this->getHeight()),
                 intval($this->getWidth()),
                 dbesc($this->imageString()),
+				intval(strlen($this->imageString())),
                 intval($scale),
                 intval($profile),
                 dbesc($allow_cid),
@@ -574,8 +578,9 @@ class Photo {
         }
         else {
             $r = q("INSERT INTO `photo`
-                ( `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
-                VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, '%s', '%s', '%s', '%s' )",
+                ( `aid`, `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `size`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
+                VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s' )",
+				intval($aid),
                 intval($uid),
                 dbesc($xchan),
                 dbesc($rid),
@@ -587,6 +592,7 @@ class Photo {
                 intval($this->getHeight()),
                 intval($this->getWidth()),
                 dbesc($this->imageString()),
+				intval(strlen($this->imageString())),
                 intval($scale),
                 intval($profile),
                 dbesc($allow_cid),
@@ -669,21 +675,21 @@ function import_profile_photo($photo,$xchan) {
 
         $img->scaleImageSquare(175);
 
-        $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 4 );
+        $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 4 );
 
         if($r === false)
             $photo_failure = true;
 
         $img->scaleImage(80);
 
-        $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 5 );
+        $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 5 );
 
         if($r === false)
             $photo_failure = true;
 
         $img->scaleImage(48);
 
-        $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 6 );
+        $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 6 );
 
         if($r === false)
             $photo_failure = true;
diff --git a/include/items.php b/include/items.php
index fe8aadcbf..9ab39d7ae 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2080,13 +2080,13 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 			$img->scaleImageSquare(175);
 				
 			$hash = $resource_id;
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
+			$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
 				
 			$img->scaleImage(80);
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
+			$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
 
 			$img->scaleImage(48);
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
+			$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
 
 			$a = get_app();
 
diff --git a/include/user.php b/include/user.php
deleted file mode 100644
index d71f024d1..000000000
--- a/include/user.php
+++ /dev/null
@@ -1,320 +0,0 @@
-<?php
-
-require_once('include/config.php');
-require_once('include/network.php');
-require_once('include/plugin.php');
-require_once('include/text.php');
-require_once('include/language.php');
-require_once('include/datetime.php');
-
-function create_user($arr) {
-
-	// Required: { username, nickname, email } or { openid_url }
-
-	$a = get_app();
-	$result = array('success' => false, 'user' => null, 'password' => '', 'message' => '');
-
-	$using_invites = get_config('system','invitation_only');
-	$num_invites   = get_config('system','number_invites');
-
-
-	$invite_id  = ((x($arr,'invite_id'))  ? notags(trim($arr['invite_id']))  : '');
-	$username   = ((x($arr,'username'))   ? notags(trim($arr['username']))   : '');
-	$nickname   = ((x($arr,'nickname'))   ? notags(trim($arr['nickname']))   : '');
-	$email      = ((x($arr,'email'))      ? notags(trim($arr['email']))      : '');
-	$openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : '');
-	$photo      = ((x($arr,'photo'))      ? notags(trim($arr['photo']))      : '');
-	$password   = ((x($arr,'password'))   ? trim($arr['password'])           : '');
-	$blocked    = ((x($arr,'blocked'))    ? intval($arr['blocked'])  : 0);
-	$verified   = ((x($arr,'verified'))   ? intval($arr['verified']) : 0);
-
-	$publish    = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0);
-	$netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
-		
-	$tmp_str = $openid_url;
-
-	if($using_invites) {
-		if(! $invite_id) {
-			$result['message'] .= t('An invitation is required.') . EOL;
-			return $result;
-		}
-		$r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
-		if(! results($r)) {
-			$result['message'] .= t('Invitation could not be verified.') . EOL;
-			return $result;
-		}
-	} 
-
-	if((! x($username)) || (! x($email)) || (! x($nickname))) {
-		if($openid_url) {
-			if(! validate_url($tmp_str)) {
-				$result['message'] .= t('Invalid OpenID url') . EOL;
-				return $result;
-			}
-			$_SESSION['register'] = 1;
-			$_SESSION['openid'] = $openid_url;
-			require_once('library/openid.php');
-			$openid = new LightOpenID;
-			$openid->identity = $openid_url;
-			$openid->returnUrl = $a->get_baseurl() . '/openid'; 
-			$openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
-			$openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
-			goaway($openid->authUrl());
-			// NOTREACHED	
-		}
-
-		notice( t('Please enter the required information.') . EOL );
-		return;
-	}
-
-	if(! validate_url($tmp_str))
-		$openid_url = '';
-
-
-	$err = '';
-
-	// collapse multiple spaces in name
-	$username = preg_replace('/ +/',' ',$username);
-
-	if(mb_strlen($username) > 48)
-		$result['message'] .= t('Please use a shorter name.') . EOL;
-	if(mb_strlen($username) < 3)
-		$result['message'] .= t('Name too short.') . EOL;
-
-	// I don't really like having this rule, but it cuts down
-	// on the number of auto-registrations by Russian spammers
-	
-	//  Using preg_match was completely unreliable, due to mixed UTF-8 regex support
-	//	$no_utf = get_config('system','no_utf');
-	//	$pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); 
-
-	// So now we are just looking for a space in the full name. 
-	
-	$loose_reg = get_config('system','no_regfullname');
-	if(! $loose_reg) {
-		$username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
-		if(! strpos($username,' '))
-			$result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
-	}
-
-
-	if(! allowed_email($email))
-		$result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL;
-
-	if((! valid_email($email)) || (! validate_email($email)))
-		$result['message'] .= t('Not a valid email address.') . EOL;
-		
-	// Disallow somebody creating an account using openid that uses the admin email address,
-	// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
-
-	if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
-		$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
-			dbesc($email)
-		);
-		if(count($r))
-			$result['message'] .= t('Cannot use that email.') . EOL;
-	}
-
-	$nickname = $arr['nickname'] = strtolower($nickname);
-
-	if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
-		$result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
-	$r = q("SELECT `uid` FROM `user`
-               	WHERE `nickname` = '%s' LIMIT 1",
-               	dbesc($nickname)
-	);
-	if(count($r))
-		$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
-
-	// Check deleted accounts that had this nickname. Doesn't matter to us,
-	// but could be a security issue for federated platforms.
-
-	$r = q("SELECT * FROM `userd`
-               	WHERE `username` = '%s' LIMIT 1",
-               	dbesc($nickname)
-	);
-	if(count($r))
-		$result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
-
-	if(strlen($result['message'])) {
-		return $result;
-	}
-
-	$new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999));
-	$new_password_encoded = hash('whirlpool',$new_password);
-
-	$result['password'] = $new_password;
-
-	require_once('include/crypto.php');
-
-	$keys = new_keypair(4096);
-
-	if($keys === false) {
-		$result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL;
-		return $result;
-	}
-
-	$default_service_class = get_config('system','default_service_class');
-	if(! $default_service_class)
-		$default_service_class = '';
-
-
-	$prvkey = $keys['prvkey'];
-	$pubkey = $keys['pubkey'];
-
-	$r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
-		`pubkey`, `prvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class` )
-		VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s' )",
-		dbesc(generate_user_guid()),
-		dbesc($username),
-		dbesc($new_password_encoded),
-		dbesc($email),
-		dbesc($openid_url),
-		dbesc($nickname),
-		dbesc($pubkey),
-		dbesc($prvkey),
-		dbesc(datetime_convert()),
-		intval($verified),
-		intval($blocked),
-		dbesc($default_service_class)
-	);
-
-	if($r) {
-		$r = q("SELECT * FROM `user` 
-			WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
-			dbesc($username),
-			dbesc($new_password_encoded)
-		);
-		if($r !== false && count($r)) {
-			$u = $r[0];
-			$newuid = intval($r[0]['uid']);
-		}
-	}
-	else {
-		$result['message'] .=  t('An error occurred during registration. Please try again.') . EOL ;
-		return $result;
-	} 		
-
-	/**
-	 * if somebody clicked submit twice very quickly, they could end up with two accounts 
-	 * due to race condition. Remove this one.
-	 */
-
-	$r = q("SELECT `uid` FROM `user`
-               	WHERE `nickname` = '%s' ",
-               	dbesc($nickname)
-	);
-	if((count($r) > 1) && $newuid) {
-		$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
-		q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1",
-			intval($newuid)
-		);
-		return $result;
-	}
-
-	if(x($newuid) !== false) {
-		$r = q("INSERT INTO `profile` ( `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )
-			VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ",
-			intval($newuid),
-			t('default'),
-			1,
-			dbesc($username),
-			dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
-			dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
-			intval($publish),
-			intval($netpublish)
-
-		);
-		if($r === false) {
-			$result['message'] .=  t('An error occurred creating your default profile. Please try again.') . EOL;
-			// Start fresh next time.
-			$r = q("DELETE FROM `user` WHERE `uid` = %d",
-				intval($newuid));
-			return $result;
-		}
-		$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
-			`request`, `notify`, `poll`, `confirm`, `poco`, `name_date`, `uri_date`, `avatar_date`, `closeness` )
-			VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
-			intval($newuid),
-			datetime_convert(),
-			dbesc($username),
-			dbesc($nickname),
-			dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
-			dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
-			dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"),
-			dbesc($a->get_baseurl() . "/channel/$nickname"),
-			dbesc(normalise_link($a->get_baseurl() . "/channel/$nickname")),
-			dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
-			dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
-			dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
-			dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
-			dbesc($a->get_baseurl() . "/poco/$nickname"),
-			dbesc(datetime_convert()),
-			dbesc(datetime_convert()),
-			dbesc(datetime_convert())
-		);
-
-		// Create a group with no members. This allows somebody to use it 
-		// right away as a default group for new contacts. 
-
-		require_once('include/group.php');
-		group_add($newuid, t('Friends'));
-
-	}
-
-	// if we have no OpenID photo try to look up an avatar
-	if(! strlen($photo))
-		$photo = avatar_img($email);
-
-	// unless there is no avatar-plugin loaded
-	if(strlen($photo)) {
-		require_once('include/Photo.php');
-		$photo_failure = false;
-
-		$filename = basename($photo);
-		$img_str = fetch_url($photo,true);
-		// guess mimetype from headers or filename
-		$type = guess_image_type($photo,true);
-
-		
-		$img = new Photo($img_str, $type);
-		if($img->is_valid()) {
-
-			$img->scaleImageSquare(175);
-
-			$hash = photo_new_resource();
-
-			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
-
-			if($r === false)
-				$photo_failure = true;
-
-			$img->scaleImage(80);
-
-			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 );
-
-			if($r === false)
-				$photo_failure = true;
-
-			$img->scaleImage(48);
-
-			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 );
-
-			if($r === false)
-				$photo_failure = true;
-
-			if(! $photo_failure) {
-				q("UPDATE `photo` SET `profile` = 1 WHERE `resource_id` = '%s' ",
-					dbesc($hash)
-				);
-			}
-		}
-	}
-
-	call_hooks('register_account', $newuid);
-
-	$result['success'] = true;
-	$result['user'] = $u;
-	return $result;
-
-}
diff --git a/install/database.sql b/install/database.sql
index 914add2d8..39c3b81c2 100644
--- a/install/database.sql
+++ b/install/database.sql
@@ -630,8 +630,6 @@ CREATE TABLE IF NOT EXISTS `photo` (
   `aid` int(10) unsigned NOT NULL DEFAULT '0',
   `uid` int(10) unsigned NOT NULL,
   `xchan` char(255) NOT NULL DEFAULT '',
-  `contact-id` int(10) unsigned NOT NULL DEFAULT '0',
-  `guid` char(64) NOT NULL,
   `resource_id` char(255) NOT NULL,
   `created` datetime NOT NULL,
   `edited` datetime NOT NULL,
@@ -652,7 +650,7 @@ CREATE TABLE IF NOT EXISTS `photo` (
   `deny_gid` mediumtext NOT NULL,
   PRIMARY KEY (`id`),
   KEY `uid` (`uid`),
-  KEY `resource-id` (`resource_id`),
+  KEY `resource_id` (`resource_id`),
   KEY `album` (`album`),
   KEY `scale` (`scale`),
   KEY `profile` (`profile`),
diff --git a/install/update.php b/install/update.php
index 0459df817..8decfc133 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
 <?php
 
-define( 'UPDATE_VERSION' , 1020 );
+define( 'UPDATE_VERSION' , 1021 );
 
 /**
  *
@@ -285,3 +285,10 @@ function update_r1019() {
 		return UPDATE_SUCCESS;
 	return UPDATE_FAILED;
 }
+
+function update_r1020() {
+	$r = q("alter table photo drop `contact-id`, drop guid, drop index `resource-id`, add index ( `resource_id` )");
+	if($r)
+		return UPDATE_SUCCESS;
+	return UPDATE_FAILED;
+}
diff --git a/mod/intro.php b/mod/intro.php
index dd98a6c7b..5b660485a 100644
--- a/mod/intro.php
+++ b/mod/intro.php
@@ -6,9 +6,10 @@ function intro_post(&$a) {
 	if(! intval($_REQUEST['contact_id']))
 		return;
 
+	$approved = false;
 	$flags = 0;
 	if($_REQUEST['submit'] == t('Approve')) {
-		;
+		$approved = true;
 	}
 	elseif($_REQUEST['submit'] == t('Block')) {
 		$flags = ABOOK_FLAG_BLOCKED;
@@ -29,6 +30,10 @@ function intro_post(&$a) {
 	else
 		notice( t('Connection update failed.') . EOL);
 
+	if($approved)
+		goaway(z_root() . '/connections/' . $_REQUEST['contact_id']);
+
+
 }
 
 function intro_aside(&$a) {
diff --git a/mod/photos.php b/mod/photos.php
index 90f436699..eaf35cc20 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -30,7 +30,7 @@ function photos_init(&$a) {
 
 		$o .= '<div class="vcard">';
 		$o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
-		$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
+		$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id'] . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
 		$o .= '</div>';
 
 
@@ -790,7 +790,9 @@ function photos_post(&$a) {
 
 	$photo_hash = photo_new_resource();
 
-	$r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+	$page_owner_aid = $a->data['channel']['channel_account_id'];
+
+	$r = $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
 
 	if(! $r) {
 		logger('mod/photos.php: photos_post(): image store failed' , LOGGER_DEBUG);
@@ -800,13 +802,13 @@ function photos_post(&$a) {
 
 	if($width > 640 || $height > 640) {
 		$ph->scaleImage(640);
-		$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+		$ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
 		$smallest = 1;
 	}
 
 	if($width > 320 || $height > 320) {
 		$ph->scaleImage(320);
-		$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+		$ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
 		$smallest = 2;
 	}
 	
@@ -928,6 +930,7 @@ function photos_content(&$a) {
 	$contact_id     = 0;
 
 	$owner_uid = $a->data['channel']['channel_id'];
+	$owner_aid = $a->data['channel']['channel_account_id'];
 
 	$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
 
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index d1e24269a..1bee046d1 100644
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -81,8 +81,9 @@ function profile_photo_post(&$a) {
 			$im = new Photo($base_image['data'], $base_image['type']);
 			if($im->is_valid()) {
 				$im->cropImage(175,$srcX,$srcY,$srcW,$srcH);
+				$aid = get_account_id();
 
-				$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], 
+				$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], 
 					t('Profile Photos'), 4, $is_default_profile);
 
 				if($r === false)
@@ -90,7 +91,7 @@ function profile_photo_post(&$a) {
 
 				$im->scaleImage(80);
 
-				$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], 
+				$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], 
 					t('Profile Photos'), 5, $is_default_profile);
 			
 				if($r === false)
@@ -98,7 +99,7 @@ function profile_photo_post(&$a) {
 
 				$im->scaleImage(48);
 
-				$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], 
+				$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], 
 					t('Profile Photos'), 6, $is_default_profile);
 			
 				if($r === false)
@@ -308,7 +309,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
 
 	$smallest = 0;
 
-	$r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 0 );	
+	$r = $ph->store(get_account_id(), local_user(), '', $hash, $filename, t('Profile Photos'), 0 );	
 
 	if($r)
 		info( t('Image uploaded successfully.') . EOL );
@@ -317,7 +318,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
 
 	if($width > 640 || $height > 640) {
 		$ph->scaleImage(640);
-		$r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 1 );	
+		$r = $ph->store(get_account_id(), local_user(), '' , $hash, $filename, t('Profile Photos'), 1 );	
 		
 		if($r === false)
 			notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL );
diff --git a/mod/wall_upload.php b/mod/wall_upload.php
index c695f9b3e..a3dcf9a0b 100644
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -2,72 +2,58 @@
 
 require_once('Photo.php');
 
+
+
+
 function wall_upload_post(&$a) {
 
-	if(argc() > 1) {
-		if(! x($_FILES,'media')) {
+	$using_api = ((x($_FILES,'media')) ? true : false); 
+
+	if($using_api) {
+		require_once('include/api.php');
+		$user_info = api_get_user($a);
+		$nick = $user_info['screen_name'];
+	}
+	else {
+		if(argc() > 1)
 			$nick = argv(1);
-		}
-		else {
-			$user_info = api_get_user($a);
-			$nick = $user_info['screen_name'];
-		}
+	}
+
+	$channel = null;
+
+	if($nick) {		
 		$r = q("SELECT channel.* from channel where channel_address = '%s' limit 1",
 			dbesc($nick)
 		);
-		if(! ($r && count($r)))
-			return;
-		$channel = $r[0];
+		if($r)
+			$channel = $r[0];
 	}
-	else
-		return;
 
+	if(! $channel) {
+		if($using_api)
+			return;
+		else {
+			notice( t('Channel not found.') . EOL);
+			killme();
+		}
+	}
 
 	$can_post  = false;
 	$visitor   = 0;
 
+
 	$page_owner_uid   = $r[0]['channel_id'];
-//	$default_cid      = $r[0]['id'];
-
-	$page_owner_nick  = $r[0]['channel_address'];
-
-//	$community_page   = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
-
-	if((local_user()) && (local_user() == $page_owner_uid))
-		$can_post = true;
-
-//	else {
-//		if($community_page && remote_user()) {
-//			$cid = 0;
-//			if(is_array($_SESSION['remote'])) {
-//				foreach($_SESSION['remote'] as $v) {
-//					if($v['uid'] == $page_owner_uid) {
-//						$cid = $v['cid'];
-//						break;
-//					}
-//				}
-//			}
-//			if($cid) {
-
-//				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
-//					intval($cid),
-//					intval($page_owner_uid)
-//				);
-//				if(count($r)) {
-//					$can_post = true;
-//					$visitor = $cid;
-//				}
-//			}
-//		}
-//	}
-
-	if(! $can_post) {
-		notice( t('Permission denied.') . EOL );
-		killme();
-	}
-
-	if(! x($_FILES,'userfile') && ! x($_FILES,'media'))
-		killme();
+
+	$observer = $a->get_observer();
+
+	if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'post_photos')) {
+		if($using_api)
+			return;
+		else {
+			notice( t('Permission denied.') . EOL);
+			killme();
+		}
+	}
 
 	if(x($_FILES,'userfile')) {
 		$src      = $_FILES['userfile']['tmp_name'];
@@ -81,36 +67,58 @@ function wall_upload_post(&$a) {
 		$filesize = intval($_FILES['media']['size']);
 		$filetype = $_FILES['media']['type'];
 	}
+	else {
+		if($using_api)
+			return;
+		else {
+			notice( t('Empty upload.') . EOL);
+			killme();
+		}
+	}
+
 	
-    if ($filetype=="") $filetype=guess_image_type($filename);
+    if($filetype == "") 
+		$filetype=guess_image_type($filename);
 	$maximagesize = get_config('system','maximagesize');
 
 	if(($maximagesize) && ($filesize > $maximagesize)) {
-		echo  sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
 		@unlink($src);
-		killme();
+		if($using_api)
+			return;
+		else {
+			echo  sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
+			killme();
+		}
 	}
 
-	$r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ",
-		intval($page_owner_uid)
-	);
 
 	$limit = service_class_fetch($page_owner_uid,'photo_upload_limit');
-
-	if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
-		echo upgrade_message(true) . EOL ;
-		@unlink($src);
-		killme();
+	if($limit !== false) {
+		$r = q("select sum(size) as total from photo where uid = %d and scale = 0 ",
+			intval($page_owner_uid)
+		);
+		if(($r) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
+			@unlink($src);
+			if($using_api)
+				return;
+			else {
+				echo upgrade_message(true) . EOL ;
+				killme();
+			}
+		}
 	}
 
-
 	$imagedata = @file_get_contents($src);
 	$ph = new Photo($imagedata, $filetype);
 
 	if(! $ph->is_valid()) {
-		echo ( t('Unable to process image.') . EOL);
 		@unlink($src);
-		killme();
+		if($using_api)
+			return;
+		else {
+			echo ( t('Unable to process image.') . EOL);
+			killme();
+		}
 	}
 
 	$ph->orient($src);
@@ -130,31 +138,36 @@ function wall_upload_post(&$a) {
 	$smallest = 0;
 
 	$defperm = '<' . $channel['channel_hash'] . '>';
+	$aid = $channel['channel_account_id'];
+	$visitor = ((remote_user()) ? remote_user() : '');
 
-	$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
+	$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
 
 	if(! $r) {
-		echo ( t('Image upload failed.') . EOL);
-		killme();
+		if($using_api)
+			return;
+		else {
+			echo ( t('Image upload failed.') . EOL);
+			killme();
+		}
 	}
 
 	if($width > 640 || $height > 640) {
 		$ph->scaleImage(640);
-		$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
+		$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
 		if($r) 
 			$smallest = 1;
 	}
 
 	if($width > 320 || $height > 320) {
 		$ph->scaleImage(320);
-		$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
+		$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
 		if($r)
 			$smallest = 2;
 	}
 
 	$basename = basename($filename);
 
-
 	if($_REQUEST['silent']) {
 		$m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}.".$ph->getExt()."[/img][/url]";
 		return($m);
diff --git a/version.inc b/version.inc
index 6c9b95b8c..2e853b2e6 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-21.207
+2013-01-22.208
diff --git a/view/tpl/jot-header.tpl b/view/tpl/jot-header.tpl
index f777e997f..e4fb00b7a 100644
--- a/view/tpl/jot-header.tpl
+++ b/view/tpl/jot-header.tpl
@@ -134,7 +134,7 @@ function enableOnUser(){
 
 		var uploader = new window.AjaxUpload(
 			'wall-image-upload',
-			{ action: 'wall_upload/$nickname',
+			{ action: '$baseurl/wall_upload/$nickname',
 				name: 'userfile',
 				onSubmit: function(file,ext) { $('#profile-rotator').show(); },
 				onComplete: function(file,response) {
@@ -145,7 +145,7 @@ function enableOnUser(){
 		);
 		var file_uploader = new window.AjaxUpload(
 			'wall-file-upload',
-			{ action: 'wall_attach/$nickname',
+			{ action: '$baseurl/wall_attach/$nickname',
 				name: 'userfile',
 				onSubmit: function(file,ext) { $('#profile-rotator').show(); },
 				onComplete: function(file,response) {
@@ -181,7 +181,7 @@ function enableOnUser(){
 		if(reply && reply.length) {
 			reply = bin2hex(reply);
 			$('#profile-rotator').show();
-			$.get('parse_url?binurl=' + reply, function(data) {
+			$.get('$baseurl/parse_url?binurl=' + reply, function(data) {
 				addeditortext(data);
 				$('#profile-rotator').hide();
 			});
@@ -214,7 +214,7 @@ function enableOnUser(){
 		if ($('#jot-popup').length != 0) $('#jot-popup').show();
 
 		$('#like-rotator-' + id).show();
-		$.get('share/' + id, function(data) {
+		$.get('$baseurl/share/' + id, function(data) {
 			if (!editor) $("#profile-jot-text").val("");
 			initEditor(function(){
 				addeditortext(data);
@@ -238,7 +238,7 @@ function enableOnUser(){
 		if(reply && reply.length) {
 			reply = bin2hex(reply);
 			$('#profile-rotator').show();
-			$.get('parse_url?binurl=' + reply, function(data) {
+			$.get('$baseurl/parse_url?binurl=' + reply, function(data) {
 				if (!editor) $("#profile-jot-text").val("");
 				initEditor(function(){
 					addeditortext(data);
@@ -257,7 +257,7 @@ function enableOnUser(){
 				commentBusy = true;
 				$('body').css('cursor', 'wait');
 
-				$.get('tagger/' + id + '?term=' + reply);
+				$.get('$baseurl/tagger/' + id + '?term=' + reply);
 				if(timer) clearTimeout(timer);
 				timer = setTimeout(NavUpdate,3000);
 				liking = 1;
@@ -284,7 +284,7 @@ function enableOnUser(){
 				if(reply && reply.length) {
 					commentBusy = true;
 					$('body').css('cursor', 'wait');
-					$.get('filer/' + id + '?term=' + reply, NavUpdate);
+					$.get('$baseurl/filer/' + id + '?term=' + reply, NavUpdate);
 //					if(timer) clearTimeout(timer);
 //					timer = setTimeout(NavUpdate,3000);
 					liking = 1;
-- 
cgit v1.2.3


From c09fad42ea997ad3e1b669f7ddcf07cccb7078d1 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 22 Jan 2013 19:36:14 -0800
Subject: fix observer permissions on wall_attach

---
 mod/wall_attach.php | 71 ++++++++++++++---------------------------------------
 1 file changed, 19 insertions(+), 52 deletions(-)

diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index 5d9331ed0..865605313 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -13,13 +13,13 @@ function wall_attach_post(&$a) {
 		$r = q("SELECT channel.* from channel where channel_address = '%s' limit 1",
 			dbesc($nick)
 		);
-		if(! ($r && count($r)))
-			return;
+		if(! $r)
+			killme();
 		$channel = $r[0];
 
 	}
 	else
-		return;
+		killme();
 
 	
 	$can_post  = false;
@@ -29,43 +29,10 @@ function wall_attach_post(&$a) {
 
 	$page_owner_uid   = $channel['channel_id'];
 
+	$observer = $a->get_observer();
 
-//	$page_owner_cid   = $r[0]['id'];
-//	$page_owner_nick  = $r[0]['nickname'];
-//	$community_page   = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
-
-	if((local_user()) && (local_user() == $page_owner_uid))
-		$can_post = true;
-
-// FIXME for forum and guests
-//	else {
-//		if($community_page && remote_user()) {
-//			$cid = 0;
-//			if(is_array($_SESSION['remote'])) {
-//				foreach($_SESSION['remote'] as $v) {
-//					if($v['uid'] == $page_owner_uid) {
-//						$cid = $v['cid'];
-//						break;
-//					}
-//				}
-//			}
-//			if($cid) {//
-
-//				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
-//					intval($cid),
-//					intval($page_owner_uid)
-//				);
-//				if(count($r)) {
-//					$can_post = true;
-//					$visitor = $cid;
-//				}
-//			}
-//		}
-//	}
-
-
-	if(! $can_post) {
-		notice( t('Permission denied.') . EOL );
+	if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'write_storage')) {
+		notice( t('Permission denied.') . EOL);
 		killme();
 	}
 
@@ -81,28 +48,28 @@ function wall_attach_post(&$a) {
 	if(($maxfilesize) && ($filesize > $maxfilesize)) {
 		notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
 		@unlink($src);
-		return;
+		killme();
 	}
 
-	$r = q("select sum(octet_length(data)) as total from attach where uid = %d ",
-		intval($page_owner_uid)
-	);
-
 	$limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
-
-	if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
-		echo upgrade_message(true) . EOL ;
-		@unlink($src);
-		killme();
+	if($limit !== false) {
+		$r = q("select sum(filesize) as total from attach where uid = %d ",
+			intval($page_owner_uid)
+		);
+		if(($r) &&  (($r[0]['total'] + strlen($imagedata)) > $limit)) {
+			echo upgrade_message(true) . EOL ;
+			@unlink($src);
+			killme();
+		}
 	}
 
-
 	$filedata = @file_get_contents($src);
 	$mimetype = z_mime_content_type($filename);
 	$hash = random_string();
 	$created = datetime_convert();
-	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
-		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+	$r = q("INSERT INTO `attach` ( `aid`, `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
+		VALUES ( %d, %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+		intval($channel['channel_account_id']),
 		intval($page_owner_uid),
 		dbesc($hash),
 		dbesc($filename),
-- 
cgit v1.2.3


From d43591fb0f5c552b1c725dc2cbaeaea8fe441319 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 22 Jan 2013 20:13:20 -0800
Subject: fixed contactgroup editor

---
 done                 | 12 ++++++------
 include/group.php    |  3 +--
 mod/connections.php  |  2 +-
 mod/contactgroup.php | 22 +++++++++++-----------
 4 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/done b/done
index 627822e01..69ee6fe9a 100644
--- a/done
+++ b/done
@@ -87,14 +87,14 @@ mod/
 - cb.php
   common.php
   community.php
-  contactgroup.php
++ contactgroup.php
   crepair.php
   delegate.php
-  directory.php
+? directory.php
   dirfind.php
   display.php
   editpost.php
-  events.php
+? events.php
   fbrowser.php
   feed.php
   filerm.php
@@ -114,7 +114,7 @@ mod/
 + lockview.php
 + login.php
   lostpass.php
-  magic.php
+? magic.php
 + manage.php
   match.php
 ? message.php
@@ -164,8 +164,8 @@ mod/
   viewcontacts.php
   view.php
 + viewsrc.php
-? wall_attach.php (needs remote permissions refactor)
-? wall_upload.php (needs remote permissions refactor)
++ wall_attach.php (needs remote permissions refactor)
++ wall_upload.php (needs remote permissions refactor)
   webfinger.php
 + _well_known.php
   xrd.php
diff --git a/include/group.php b/include/group.php
index 6568af0c7..3a2fe7a3c 100644
--- a/include/group.php
+++ b/include/group.php
@@ -169,7 +169,7 @@ function group_add_member($uid,$name,$member,$gid = 0) {
 function group_get_members($gid) {
 	$ret = array();
 	if(intval($gid)) {
-		$r = q("SELECT abook.*,xchan.*,group_member.* FROM `group_member` 
+		$r = q("SELECT * FROM `group_member` 
 			LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan
 			WHERE `gid` = %d AND `group_member`.`uid` = %d and not ( abook_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ",
 			intval($gid),
@@ -228,7 +228,6 @@ function group_side($every="contacts",$each="group",$edit = false, $group_id = 0
 	);
 
 
-
 	$r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC",
 		intval($_SESSION['uid'])
 	);
diff --git a/mod/connections.php b/mod/connections.php
index a12f51e68..0a2edb4cd 100644
--- a/mod/connections.php
+++ b/mod/connections.php
@@ -34,7 +34,7 @@ function connections_aside(&$a) {
 		$a->set_widget('follow', follow_widget());
 	}
 
-	$a->set_widget('collections', group_side('connnections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_id'] : '')));
+	$a->set_widget('collections', group_side('connnections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : '')));
 	$a->set_widget('findpeople',findpeople_widget());
 
 }
diff --git a/mod/contactgroup.php b/mod/contactgroup.php
index bf81afe07..4b46605a6 100644
--- a/mod/contactgroup.php
+++ b/mod/contactgroup.php
@@ -4,27 +4,27 @@ require_once('include/group.php');
 
 function contactgroup_content(&$a) {
 
-
 	if(! local_user()) {
 		killme();
 	}
 
-	if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
-		$r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1",
-			intval($a->argv[2]),
-			intval(local_user())
+	if((argc() > 2) && (intval(argv(1))) && (argv(2))) {
+		$r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1",
+			dbesc(argv(2)),
+			intval(local_user()),
+			intval(ABOOK_FLAG_SELF)
 		);
-		if(count($r))
-			$change = intval($a->argv[2]);
+		if($r)
+			$change = $r[0]['abook_xchan'];
 	}
 
-	if(($a->argc > 1) && (intval($a->argv[1]))) {
+	if((argc() > 1) && (intval(argv(1)))) {
 
 		$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1",
-			intval($a->argv[1]),
+			intval(argv(1)),
 			intval(local_user())
 		);
-		if(! count($r)) {
+		if(! $r) {
 			killme();
 		}
 
@@ -33,7 +33,7 @@ function contactgroup_content(&$a) {
 		$preselected = array();
 		if(count($members))	{
 			foreach($members as $member)
-				$preselected[] = $member['id'];
+				$preselected[] = $member['xchan_hash'];
 		}
 
 		if($change) {
-- 
cgit v1.2.3


From d06c21dc39b21d58f4c50e0f243a1d95c4137a6b Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 22 Jan 2013 20:48:03 -0800
Subject: some poco fixes

---
 include/onepoll.php  |  8 ++----
 include/socgraph.php | 77 ++++++++++++++++++++++++++--------------------------
 mod/poco.php         |  3 +-
 3 files changed, 43 insertions(+), 45 deletions(-)

diff --git a/include/onepoll.php b/include/onepoll.php
index 4b44ff5b9..019fe8ed3 100644
--- a/include/onepoll.php
+++ b/include/onepoll.php
@@ -113,16 +113,14 @@ function onepoll_run($argv, $argc){
 	// set last updated timestamp
 
 
-	$r = null;
-
 	if($contact['xchan_connurl']) {	
 		$r = q("SELECT xlink_id from xlink 
 			where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY",
 			intval($contact['xchan_hash'])
 		);
-	}
-	if($r) {
-		poco_load($contact['xchan_hash'],$contact['xchan_connurl']);
+		if($r) {
+			poco_load($contact['xchan_hash'],$contact['xchan_connurl']);
+		}
 	}
 
 	return;
diff --git a/include/socgraph.php b/include/socgraph.php
index aa5a24e89..081927dcc 100644
--- a/include/socgraph.php
+++ b/include/socgraph.php
@@ -23,12 +23,11 @@ function poco_load($xchan = null,$url = null) {
 	$a = get_app();
 
 	if($xchan && ! $url) {
-		$r = q("select xchan_connurl from xchan where xchan_hash = %d limit 1",
-			intval($xchan)
+		$r = q("select xchan_connurl from xchan where xchan_hash = '%s' limit 1",
+			dbesc($xchan)
 		);
 		if($r) {
 			$url = $r[0]['xchan_connurl'];
-			$uid = $r[0]['abook_channel'];
 		}
 	}
 
@@ -109,24 +108,25 @@ function poco_load($xchan = null,$url = null) {
 		}
 	
 
-		$r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1",
-			dbesc($xchan),
-			dbesc($hash)
-		);
-		if(! $r) {
-			q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ",
+		if($xchan) {
+			$r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1",
 				dbesc($xchan),
-				dbesc($hash),
-				dbesc(datetime_convert())
-			);
-		}
-		else {
-			q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1",
-				dbesc(datetime_convert()),
-				intval($r[0]['xlink_id'])
+				dbesc($hash)
 			);
+			if(! $r) {
+				q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ",
+					dbesc($xchan),
+					dbesc($hash),
+					dbesc(datetime_convert())
+				);
+			}
+			else {
+				q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1",
+					dbesc(datetime_convert()),
+					intval($r[0]['xlink_id'])
+				);
+			}
 		}
-
 	}
 	logger("poco_load: loaded $total entries",LOGGER_DEBUG);
 
@@ -295,37 +295,38 @@ function suggestion_query($uid, $start = 0, $limit = 80) {
 
 function update_suggestions() {
 
+// FIXME
+return;
 	$a = get_app();
 
 	$done = array();
 
-	poco_load(0,0,0,$a->get_baseurl() . '/poco');
+	// fix this to get a json list from an upstream directory
+//	poco_load(0,0,0,$a->get_baseurl() . '/poco');
 
-	$done[] = $a->get_baseurl() . '/poco';
+//	$done[] = $a->get_baseurl() . '/poco';
 
-	if(strlen(get_config('system','directory_submit_url'))) {
-		$x = fetch_url('http://dir.friendica.com/pubsites');
-		if($x) {
-			$j = json_decode($x);
-			if($j->entries) {
-				foreach($j->entries as $entry) {
-					$url = $entry->url . '/poco';
-					if(! in_array($url,$done))
-						poco_load(0,0,0,$entry->url . '/poco');
-				}
-			}
-		}
-	}
+//	if(strlen(get_config('system','directory_submit_url'))) {
+//		$x = fetch_url('http://dir.friendica.com/pubsites');
+//		if($x) {
+//			$j = json_decode($x);
+//			if($j->entries) {
+//				foreach($j->entries as $entry) {
+//					$url = $entry->url . '/poco';
+//					if(! in_array($url,$done))
+//						poco_load(0,0,0,$entry->url . '/poco');
+//				}
+//			}
+//		}
+//	}
 
-	$r = q("select distinct(poco) as poco from contact where network = '%s'",
-		dbesc(NETWORK_DFRN)
-	);
+	$r = q("select distinct(xchan_connurl) as poco from xchan where xchan_network = 'zot'");
 
-	if(count($r)) {
+	if($r) {
 		foreach($r as $rr) {
 			$base = substr($rr['poco'],0,strrpos($rr['poco'],'/'));
 			if(! in_array($base,$done))
-				poco_load(0,0,0,$base);
+				poco_load('',$base);
 		}
 	}
 }
diff --git a/mod/poco.php b/mod/poco.php
index c0dc2e133..f87bd8a68 100644
--- a/mod/poco.php
+++ b/mod/poco.php
@@ -7,7 +7,6 @@ function poco_init(&$a) {
 	if(intval(get_config('system','block_public')))
 		http_status_exit(401);
 
-
 	$observer = $a->get_observer();
 
 	if(argc() > 1) {
@@ -15,7 +14,7 @@ function poco_init(&$a) {
 	}
 	if(! x($user)) {
 		$c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1");
-		if(! count($c))
+		if(! $c)
 			http_status_exit(401);
 		$system_mode = true;
 	}
-- 
cgit v1.2.3


From b8c92a0a4285dae8d61750dc1b39c61bba6a3dda Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 22 Jan 2013 23:08:46 -0800
Subject: fix some displayed links that were wonky

---
 include/ItemObject.php | 5 +++--
 include/nav.php        | 8 ++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/include/ItemObject.php b/include/ItemObject.php
index 6f9eaa18e..b6f1e53a4 100644
--- a/include/ItemObject.php
+++ b/include/ItemObject.php
@@ -49,6 +49,7 @@ class Item extends BaseObject {
 // fixme		
 		$this->writable = ($this->get_data_value('writable') || $this->get_data_value('self'));
 // FIXME - base this on observer permissions
+
 		$this->writable = ((local_user() && $channel['channel_hash'] === $item['owner_xchan']) ? true : false);
 
 
@@ -227,8 +228,8 @@ class Item extends BaseObject {
 			'body' => $body_e,
 			'text' => strip_tags($body_e),
 			'id' => $this->get_id(),
-			'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])),
-			'olinktitle' => sprintf( t('View %s\'s profile @ %s'), $this->get_owner_name(), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])),
+			'linktitle' => sprintf( t('View %s\'s profile - %s'), $profile_name, $item['author']['xchan_addr']),
+			'olinktitle' => sprintf( t('View %s\'s profile - %s'), $this->get_owner_name(), $item['owner']['xchan_addr']),
 			'to' => t('to'),
 			'wall' => t('Wall-to-Wall'),
 			'vwall' => t('via Wall-To-Wall:'),
diff --git a/include/nav.php b/include/nav.php
index b65577e0f..3a565af55 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -90,8 +90,12 @@ EOT;
 		);
 	}
 
-
-	$nav['lock'] = array('rmagic','',(($observer) ? 'lock' : 'unlock'), (($observer) ? $observer['xchan_addr'] : t('Click to authenticate to your home hub')));
+	if($observer)
+		$nav['lock'] = array('logout','','lock', 
+			sprintf( t('%s - click to logout'), $observer['xchan_addr']));
+	else
+		$nav['lock'] = array('rmagic','','unlock', 
+			t('Click to authenticate to your home hub'));
 
 	/**
 	 * "Home" should also take you home from an authenticated remote profile connection
-- 
cgit v1.2.3


From bf98cf8c0a2a1a8fcdad5c43453a7c3401b8e773 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 23 Jan 2013 00:26:26 -0800
Subject: this will probably look like crap, but I really want the links to
 look normal and we don't have a good designer to sort this out and provide a
 better option and tell me why it sucks - so that's what I'm going to do.

---
 view/theme/redbasic/css/style.css | 44 ++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 14 deletions(-)

diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index 7bcad2b2d..525e452db 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -1,17 +1,22 @@
 /**
- * duepuntozero Frindika style
- * Fabio Comuni <fabrix.xm@gmail.com>
+ * Redbasic
+ *
+ * Based on duepuntozero Friendica style
+ * by Fabio Comuni <fabrix.xm@gmail.com>
  */
 
 
 /* generals */
 body {
-	font-family: helvetica,arial,freesans,clean,sans-serif;
+	font-family: arial,freesans,clean,sans-serif;
 	font-size: 12px;
 	background-color: #ffffff;
 	color: #000000;
 	margin: 0px;
 }
+.jslider {
+	font-family: arial,freesans,clean,sans-serif;
+}
 
 abbr {
 	border-bottom: none;
@@ -19,7 +24,7 @@ abbr {
 
 aside {
 border: none;
-color: #d00;
+color: #0080FF;
 }
 
 /* icons */
@@ -96,8 +101,13 @@ color: #d00;
   padding: 1px;
 }
 
-a, a:visited, a:link, .fakelink, .fakelink:visited, .fakelink:link { color: #dd0000; text-decoration: none; }
-a:hover, .fakelink:hover { color: #dd0000; text-decoration: underline; }
+a, a:visited, a:link, .fakelink, .fakelink:visited, .fakelink:link { 
+	font-weight: bold;
+	color: #0080FF; 
+	text-decoration: none; 
+}
+
+a:hover, .fakelink:hover { color: #44AAFF; text-decoration: underline; }
 
 .fakelink {
 	cursor: pointer;
@@ -655,7 +665,7 @@ input#dfrn-url {
 	padding: 0px 0px 5px 0px;
 	font-size: 120%;
 	font-weight: bold;
-	color: #dd0000;
+	color: #0080FF;
 }
 
 .vcard .title {
@@ -1402,7 +1412,7 @@ input#dfrn-url {
 	font-size: 1.2em;
 	height: auto;
 	width: auto;
-	background-color: #dd0000;
+	background-color: #0080FF;
 	border-radius: 5px;
 	border: 2px outset;
 	box-shadow: 5px 5px 5px #666;
@@ -1869,7 +1879,7 @@ tr.mceLast {
 
 #profile-jot-submit {
     height: auto;
-    background-color: #dd0000;
+    background-color: #0080FF;
     color: #eeeeec;
     font-weight: bold;
     -webkit-border-radius: 5px;
@@ -3586,7 +3596,7 @@ nav .nav-menu.selected {
 }
 
 nav .nav-notify {
-  background-color: #0d0;
+  background-color: #0080FF;
   color: #fff;
   -moz-border-radius: 5px 5px 5px 5px;
   -webkit-border-radius: 5px 5px 5px 5px;
@@ -3623,7 +3633,7 @@ ul.menu-popup {
   position: absolute;
   display: none;
   width: 10em;
-  background: #dd0000;
+  background: #0080FF;
   color: #eec;
   padding: 0px;
   list-style: none;
@@ -3635,13 +3645,15 @@ ul.menu-popup {
 }
 ul.menu-popup a {
   display: block;
-  color: #eec;
+  color: #;
   padding: 5px 10px;
   text-decoration: none;
 }
+
+
 ul.menu-popup a:hover {
-  background-color: #eec;
-  color: #d00;
+  background-color: #888888;
+  color: #000000;
 }
 ul.menu-popup .menu-sep {
   border-top: 1px solid #9eabb0;
@@ -3867,3 +3879,7 @@ ul.menu-popup {
 }
 .acl-list-item.groupshow { border-color: #9ade00; }
 .acl-list-item.grouphide { border-color: #ff4141; }
+
+.contact-block-content {
+	margin-top: 8px;
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 2c1ba66016924f6efb0832ede6041cd2d7d67a19 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 23 Jan 2013 01:26:38 -0800
Subject: make @tags half-ass work

---
 mod/acl.php  |  4 ++--
 mod/item.php | 25 +++++++++++--------------
 2 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/mod/acl.php b/mod/acl.php
index 0290edca8..2f1866f85 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -201,8 +201,8 @@ function acl_init(&$a){
 				"name"    => $g['name'],
 				"id"	  => $g['id'],
 				"xid"     => $g['hash'],
-				"link"    => $g['url'],
-				"nick"    => $g['nick'],
+				"link"    => $g['nick'],
+				"nick"    => substr($g['nick'],0,strpos($g['nick'],'@'))
 			);
 		}			
 	}
diff --git a/mod/item.php b/mod/item.php
index f42de79f0..93f859982 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -889,29 +889,34 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
 				}
 			}
 			if($tagcid) { //if there was an id
+
+
 				//select contact with that id from the logged in user's contact list
-				$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+				$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash 
+					WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
 						intval($tagcid),
 						intval($profile_uid)
 				);
+
 			}
 			else {
 				$newname = str_replace('_',' ',$name);
 
 				//select someone from this user's contacts by name
-				$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
+				$r = q("SELECT * FROM abook left join xchan on abook_xchan - xchan_hash  
+					WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1",
 						dbesc($newname),
 						intval($profile_uid)
 				);
 
 				if(! $r) {
 					//select someone by attag or nick and the name passed in
-					$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
+/*					$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
 							dbesc($name),
 							dbesc($name),
 							intval($profile_uid)
 					);
-				}
+*/				}
 			}
 /*			} elseif(strstr($name,'_') || strstr($name,' ')) { //no id
 				//get the real name
@@ -931,16 +936,8 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
 			}*/
 			//$r is set, if someone could be selected
 			if(count($r)) {
-				$profile = $r[0]['url'];
-				//set newname to nick, find alias
-				if($r[0]['network'] === 'stat') {
-					$newname = $r[0]['nick'];
-					$stat = true;
-					if($r[0]['alias'])
-						$alias = $r[0]['alias'];
-				}
-				else
-					$newname = $r[0]['name'];
+				$profile = $r[0]['xchan_url'];
+				$newname = $r[0]['xchan_name'];
 				//add person's id to $inform
 				if(strlen($inform))
 					$inform .= ',';
-- 
cgit v1.2.3


From a10ff18f0edf7b795f4f9899b83b3adf27ba4900 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 23 Jan 2013 01:33:03 -0800
Subject: @tags sorta work, but we might have an issue with sending zids in
 @tags

---
 mod/item.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/mod/item.php b/mod/item.php
index 93f859982..48715a0f4 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -890,7 +890,6 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
 			}
 			if($tagcid) { //if there was an id
 
-
 				//select contact with that id from the logged in user's contact list
 				$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash 
 					WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
@@ -936,7 +935,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
 			}*/
 			//$r is set, if someone could be selected
 			if(count($r)) {
-				$profile = $r[0]['xchan_url'];
+				$profile = chanlink_url($r[0]['xchan_url']);
 				$newname = $r[0]['xchan_name'];
 				//add person's id to $inform
 				if(strlen($inform))
@@ -949,7 +948,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
 			$replaced = true;
 			//create profile link
 			$profile = str_replace(',','%2c',$profile);
-			$url = $profile;
+			$url = chanlink_url($profile);
 			$newtag = '@[url=' . $profile . ']' . $newname	. '[/url]';
 			$body = str_replace('@' . $name, $newtag, $body);
 			//append tag to str_tags
-- 
cgit v1.2.3


From 0b18dd15c5377da121f0fb781c0530ca0d328eb9 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 23 Jan 2013 03:50:30 -0800
Subject: icon tweaks

---
 view/theme/redbasic/css/style.css         |   2 +-
 view/theme/redbasic/img/introductions.png | Bin 1275 -> 1210 bytes
 view/theme/redbasic/img/network.png       | Bin 1650 -> 1632 bytes
 3 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css
index 525e452db..fc5f41752 100644
--- a/view/theme/redbasic/css/style.css
+++ b/view/theme/redbasic/css/style.css
@@ -69,7 +69,7 @@ color: #0080FF;
   background-image: url("../img/network.png");
   min-width: 22px;
   height: 22px; 
-  margin-top: -4px; 
+  margin-top: -3px; 
   background-position: left center;
   padding: 1px;
 }
diff --git a/view/theme/redbasic/img/introductions.png b/view/theme/redbasic/img/introductions.png
index 18ba5dc81..9e0498227 100644
Binary files a/view/theme/redbasic/img/introductions.png and b/view/theme/redbasic/img/introductions.png differ
diff --git a/view/theme/redbasic/img/network.png b/view/theme/redbasic/img/network.png
index c213cee04..f3e45c3ec 100644
Binary files a/view/theme/redbasic/img/network.png and b/view/theme/redbasic/img/network.png differ
-- 
cgit v1.2.3