From 56361fa2fc42eefde4794358986187a508c7054e Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 25 Jan 2023 10:59:17 +0000 Subject: theme fixes --- Zotlabs/Module/Magic.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index bfd38d2fa..6d997c662 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -16,7 +16,7 @@ class Magic extends Controller { 'url' => '', 'message' => '' ]; - + logger('mod_magic: invoked', LOGGER_DEBUG); logger('args: ' . print_r($_REQUEST,true),LOGGER_DATA); @@ -43,12 +43,12 @@ class Magic extends Controller { $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (isset($parsed['port']) ? ':' . $parsed['port'] : ''); $owapath = SConfig::get($basepath,'system','openwebauth', $basepath . '/owa'); - // This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. + // This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. // By default, we'll proceed without asking. $arr = [ 'channel_id' => local_channel(), - 'destination' => $dest, + 'destination' => $dest, 'proceed' => true ]; -- cgit v1.2.3 From 08e925758e920b898ac2d08710eab2f9638fe276 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 25 Jan 2023 13:08:05 +0000 Subject: update fullcalendar library --- Zotlabs/Module/Cdav.php | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index 8e77515ce..b6d7ff5a3 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -901,19 +901,9 @@ class Cdav extends Controller { //Display calendar(s) here if(argc() <= 3 && argv(1) === 'calendar') { - - head_add_css('/library/fullcalendar/packages/core/main.min.css'); - head_add_css('/library/fullcalendar/packages/daygrid/main.min.css'); - head_add_css('/library/fullcalendar/packages/timegrid/main.min.css'); - head_add_css('/library/fullcalendar/packages/list/main.min.css'); + head_add_js('/library/fullcalendar/dist/index.global.js'); head_add_css('cdav_calendar.css'); - head_add_js('/library/fullcalendar/packages/core/main.min.js'); - head_add_js('/library/fullcalendar/packages/interaction/main.min.js'); - head_add_js('/library/fullcalendar/packages/daygrid/main.min.js'); - head_add_js('/library/fullcalendar/packages/timegrid/main.min.js'); - head_add_js('/library/fullcalendar/packages/list/main.min.js'); - $o = ''; $sources = ''; $resource_id = ''; -- cgit v1.2.3 From 71f1814477e3d3de3b78c37ff752b984d0f046be Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 28 Jan 2023 20:04:18 +0000 Subject: remove redundant argument --- Zotlabs/Module/Chanview.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index f43432376..0dfffe770 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -67,7 +67,7 @@ class Chanview extends \Zotlabs\Web\Controller { if(isset($_REQUEST['url']) && $_REQUEST['url']) { - $zf = Zotfinger::exec($_REQUEST['url'], null); + $zf = Zotfinger::exec($_REQUEST['url']); if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $_REQUEST['url'] && intval($zf['signature']['header_valid'])) { Libzot::import_xchan($zf['data']); -- cgit v1.2.3 From 09c9b47265b144c905a51434c40002d8aef526e5 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 9 Feb 2023 01:52:48 +0000 Subject: fix more hubloc confusion, implement hq widget author filter and some autocomplete fixes --- Zotlabs/Module/Acl.php | 1 + Zotlabs/Module/Hq.php | 1 + 2 files changed, 2 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index bcd79c873..b98f5621e 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -378,6 +378,7 @@ class Acl extends \Zotlabs\Web\Controller { "name" => $g['name'], "id" => urlencode($g['id']), "xid" => $g['hash'], + "url" => $g['url'], "link" => $clink, "nick" => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']), "self" => (intval($g['abook_self']) ? 'abook-self' : ''), diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 0b2d0ea7d..df30f933d 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -245,6 +245,7 @@ class Hq extends \Zotlabs\Web\Controller { $options['offset'] = $_REQUEST['offset'] ?? 0; $options['type'] = $_REQUEST['type'] ?? ''; + $options['author'] = $_REQUEST['author'] ? urldecode($_REQUEST['author']) : ''; $ret = Messages::get_messages_page($options); -- cgit v1.2.3 From de3e83f0a24f7523639c0866535d8aae8a63efb7 Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 14 Feb 2023 07:33:05 +0000 Subject: fix mod cal after fullcalendar update --- Zotlabs/Module/Cal.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index 9049fe7d0..70d8aa755 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -65,13 +65,9 @@ class Cal extends Controller { nav_set_selected('Calendar'); - head_add_css('/library/fullcalendar/packages/core/main.min.css'); - head_add_css('/library/fullcalendar/packages/daygrid/main.min.css'); + head_add_js('/library/fullcalendar/dist/index.global.js'); head_add_css('cdav_calendar.css'); - head_add_js('/library/fullcalendar/packages/core/main.min.js'); - head_add_js('/library/fullcalendar/packages/daygrid/main.min.js'); - $sql_extra = permissions_sql($channel['channel_id'], get_observer_hash(), 'event'); if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts') || App::$profile['hide_friends']) -- cgit v1.2.3 From 1ca988b177834467671137c94f17a5948b465f6f Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 15 Feb 2023 09:41:48 +0000 Subject: revisit author_id and fix issue with pinned content --- Zotlabs/Module/Channel.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index d3d72ca10..748d990cb 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -247,9 +247,7 @@ class Channel extends Controller { $channel_acl = ['allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '']; } - if ($perms['post_wall']) { - $x = [ 'is_owner' => $is_owner, 'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'], 'system', 'use_browser_location')))) ? true : false), @@ -273,6 +271,12 @@ class Channel extends Controller { $o .= status_editor($a, $x, false, 'Channel'); } + // Add pinned content + if (!x($_REQUEST, 'mid') && !$search) { + $pinned = new \Zotlabs\Widget\Pinned; + $r = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]); + $o .= $r['html']; + } } @@ -423,17 +427,14 @@ class Channel extends Controller { $items = []; } - // Add pinned content - if (!x($_REQUEST, 'mid') && !$search) { - $pinned = new \Zotlabs\Widget\Pinned; - $r = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]); - $o .= $r['html']; - } + $mode = (($search) ? 'search' : 'channel'); if ((!$update) && (!$load)) { + + //if we got a decoded hash we must encode it again before handing to javascript $mid = gen_link_id($mid); -- cgit v1.2.3 From 7839b931f1ec66ea576593f58f7141e8097bb201 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 16 Feb 2023 13:12:22 +0100 Subject: make sure we provide a created timestamp for likes and remove the workaround which returned the wrong date format --- Zotlabs/Module/Like.php | 1 + 1 file changed, 1 insertion(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 98fa7db5a..ef41faedd 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -546,6 +546,7 @@ class Like extends Controller { $arr['deny_cid'] = $deny_cid; $arr['deny_gid'] = $deny_gid; $arr['item_private'] = $private; + $arr['created'] = datetime_convert(); call_hooks('post_local', $arr); -- cgit v1.2.3 From 1078b774aefcc8edd9199096f9cae69c76a854a5 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 16 Feb 2023 16:52:29 +0100 Subject: make sure we will deduplicate even if there is a bogus second primary entry --- Zotlabs/Module/Dirsearch.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Dirsearch.php b/Zotlabs/Module/Dirsearch.php index 34678af57..8b445d875 100644 --- a/Zotlabs/Module/Dirsearch.php +++ b/Zotlabs/Module/Dirsearch.php @@ -263,7 +263,7 @@ class Dirsearch extends Controller { xprof.xprof_homepage as homepage, xprof.xprof_hometown as hometown, xprof.xprof_keywords as keywords - from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on hubloc_hash = xchan_hash + from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on hubloc_id_url = xchan_url where hubloc_primary = 1 and hubloc_updated > %s - INTERVAL %s and ( $logic $sql_extra ) $hub_query and xchan_network = 'zot6' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql $order $qlimit", db_utcnow(), -- cgit v1.2.3 From 777fdeb462122b258c3f56d594ef419d61193e88 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 16 Feb 2023 16:56:57 +0100 Subject: realy make sure we will deduplicate even if there is a bogus second primary entry --- Zotlabs/Module/Dirsearch.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Dirsearch.php b/Zotlabs/Module/Dirsearch.php index 8b445d875..c0df8a1e3 100644 --- a/Zotlabs/Module/Dirsearch.php +++ b/Zotlabs/Module/Dirsearch.php @@ -263,7 +263,7 @@ class Dirsearch extends Controller { xprof.xprof_homepage as homepage, xprof.xprof_hometown as hometown, xprof.xprof_keywords as keywords - from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on hubloc_id_url = xchan_url + from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on (hubloc_id_url = xchan_url and hubloc_hash = xchan_hash) where hubloc_primary = 1 and hubloc_updated > %s - INTERVAL %s and ( $logic $sql_extra ) $hub_query and xchan_network = 'zot6' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql $order $qlimit", db_utcnow(), -- cgit v1.2.3 From ee8fc701a61996bc5d93bbac942c0804e2c35950 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 17 Feb 2023 10:18:01 +0000 Subject: do not try to oembed in notes --- Zotlabs/Module/Notes.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Notes.php b/Zotlabs/Module/Notes.php index 57b8f30db..2fd719f25 100644 --- a/Zotlabs/Module/Notes.php +++ b/Zotlabs/Module/Notes.php @@ -39,7 +39,7 @@ class Notes extends Controller { } set_pconfig(local_channel(),'notes','text',$body); - $ret['html'] = bbcode($body); + $ret['html'] = bbcode($body, ['tryoembed' => false]); $ret['success'] = true; } -- cgit v1.2.3 From fd3adf4d11c3c9f2ff92389b315da90f2a47c1b7 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 24 Feb 2023 21:35:22 +0000 Subject: slightly improve contact search --- Zotlabs/Module/Connections.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index ea30b9b9e..e0f463c76 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -145,6 +145,7 @@ class Connections extends \Zotlabs\Web\Controller { } $search = ((x($_REQUEST,'search')) ? notags(trim($_REQUEST['search'])) : ''); + $search_xchan = ((x($_REQUEST,'search_xchan')) ? notags(trim($_REQUEST['search_xchan'])) : ''); $tabs = array( /* @@ -233,10 +234,15 @@ class Connections extends \Zotlabs\Web\Controller { if($search) { $search_hdr = $search; - $search_txt = dbesc(protect_sprintf(preg_quote($search))); - $searching = true; + $search_txt = (($search_xchan) ? urldecode($search_xchan) : preg_quote($search)); + + if ($search_xchan) { + $sql_extra .= " AND xchan_hash = '" . protect_sprintf(dbesc($search_txt)) . "' "; + } + else { + $sql_extra .= " AND xchan_name LIKE '%%" . protect_sprintf(dbesc($search_txt)) . "%%' "; + } } - $sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : ""); if(isset($_REQUEST['gid']) && $_REQUEST['gid']) { $sql_extra .= " and xchan_hash in ( select xchan from pgrp_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) "; @@ -396,7 +402,7 @@ class Connections extends \Zotlabs\Web\Controller { '$search' => $search_hdr, '$label' => t('Search'), '$role_label' => t('Contact role'), - '$desc' => t('Search your connections'), + '$desc' => $search ?? t('Search your connections'), '$finding' => (($searching) ? t('Contact search') . ": '" . $search . "'" : ""), '$submit' => t('Find'), '$edit' => t('Edit'), -- cgit v1.2.3 From ca0bd3ed3251e2558dc4a53abed417dd9da6244d Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 28 Feb 2023 09:29:39 +0000 Subject: fix some php warnings --- Zotlabs/Module/Hq.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index df30f933d..58f3e5ef2 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -245,7 +245,7 @@ class Hq extends \Zotlabs\Web\Controller { $options['offset'] = $_REQUEST['offset'] ?? 0; $options['type'] = $_REQUEST['type'] ?? ''; - $options['author'] = $_REQUEST['author'] ? urldecode($_REQUEST['author']) : ''; + $options['author'] = ((isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : ''); $ret = Messages::get_messages_page($options); -- cgit v1.2.3 From f1676481150931360e194d4d98fd2234d65f9b4a Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 2 Mar 2023 10:14:49 +0000 Subject: improve mod hq to save some db lookups --- Zotlabs/Module/Hq.php | 57 ++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 26 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 58f3e5ef2..c5cc27bca 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -52,12 +52,19 @@ class Hq extends \Zotlabs\Web\Controller { if($item_hash) { - $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid = '%s' limit 1", + $sql_order = ((local_channel() > $sys['channel_id']) ? 'DESC' : 'ASC'); + + $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where uid in (%d, %d) and mid = '%s' order by uid $sql_order limit 2", + intval(local_channel()), + intval($sys['channel_id']), dbesc($item_hash) ); if($r) { $target_item = $r[0]; + if (intval($r[0]['uid']) === intval($sys['channel_id'])) { + $sys_item = true; + } } //if the item is to be moderated redirect to /moderate @@ -158,19 +165,18 @@ class Hq extends \Zotlabs\Web\Controller { } if($load && $target_item) { - $r = null; - - $r = q("SELECT item.id AS item_id FROM item - WHERE uid = %d - AND mid = '%s' - $item_normal - LIMIT 1", - intval(local_channel()), - dbesc($target_item['parent_mid']) - ); - if(!$r) { - $sys_item = true; + if (!$sys_item) { + $r = q("SELECT item.id AS item_id FROM item + WHERE uid = %d + AND mid = '%s' + $item_normal + LIMIT 1", + intval(local_channel()), + dbesc($target_item['parent_mid']) + ); + } + else { $sql_extra = item_permissions_sql($sys['channel_id']); $r = q("SELECT item.id AS item_id FROM item @@ -184,20 +190,19 @@ class Hq extends \Zotlabs\Web\Controller { } } elseif($update && $target_item) { - $r = null; - - $r = q("SELECT item.parent AS item_id FROM item - WHERE uid = %d - AND parent_mid = '%s' - $item_normal_update - $simple_update - LIMIT 1", - intval(local_channel()), - dbesc($target_item['parent_mid']) - ); + if (!$sys_item) { - if(!$r) { - $sys_item = true; + $r = q("SELECT item.parent AS item_id FROM item + WHERE uid = %d + AND parent_mid = '%s' + $item_normal_update + $simple_update + LIMIT 1", + intval(local_channel()), + dbesc($mid) + ); + } + else { $sql_extra = item_permissions_sql($sys['channel_id']); $r = q("SELECT item.parent AS item_id FROM item -- cgit v1.2.3 From b70acd0079b6f933fefe8e3bd114acb692f50e8c Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 2 Mar 2023 10:20:43 +0000 Subject: wrong variable --- Zotlabs/Module/Hq.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index c5cc27bca..d4398fe8b 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -199,7 +199,7 @@ class Hq extends \Zotlabs\Web\Controller { $simple_update LIMIT 1", intval(local_channel()), - dbesc($mid) + dbesc($target_item['parent_mid']) ); } else { -- cgit v1.2.3 From c8d913fba7d4ae8ecf82dc456a7f5ebf966127f9 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 2 Mar 2023 10:24:18 +0000 Subject: wrong variable --- Zotlabs/Module/Hq.php | 1 - 1 file changed, 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index d4398fe8b..7e75f0136 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -191,7 +191,6 @@ class Hq extends \Zotlabs\Web\Controller { } elseif($update && $target_item) { if (!$sys_item) { - $r = q("SELECT item.parent AS item_id FROM item WHERE uid = %d AND parent_mid = '%s' -- cgit v1.2.3 From d81473487f8ef9b22aaa37b0da80265af5e72bc1 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 2 Mar 2023 12:39:21 +0000 Subject: minor cleanup and docu --- Zotlabs/Module/Hq.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 7e75f0136..77d56e9a2 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -51,7 +51,7 @@ class Hq extends \Zotlabs\Web\Controller { $o = ''; if($item_hash) { - + // select the target item with a bias to our own item $sql_order = ((local_channel() > $sys['channel_id']) ? 'DESC' : 'ASC'); $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where uid in (%d, %d) and mid = '%s' order by uid $sql_order limit 2", @@ -62,7 +62,7 @@ class Hq extends \Zotlabs\Web\Controller { if($r) { $target_item = $r[0]; - if (intval($r[0]['uid']) === intval($sys['channel_id'])) { + if (intval($target_item['uid']) === intval($sys['channel_id'])) { $sys_item = true; } } -- cgit v1.2.3 From da034045cc1bba74287b7c3e83f4a94ff5359150 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 2 Mar 2023 21:15:19 +0000 Subject: some work on bringing bang tags back for forums --- Zotlabs/Module/Acl.php | 12 ++++++++---- Zotlabs/Module/Item.php | 1 - 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index b98f5621e..e7a1e6706 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -69,6 +69,7 @@ class Acl extends \Zotlabs\Web\Controller { $sql_extra = ''; $sql_extra2 = ''; $sql_extra3 = ''; + $sql_extra4 = (($type === 'f') ? ' AND xchan_pubforum = 1 ' : ''); $sql_extra2_xchan = ''; $order_extra2 = ''; @@ -219,7 +220,7 @@ class Acl extends \Zotlabs\Web\Controller { $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash - WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , + WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 $sql_extra4 order by $order_extra2 xchan_name asc" , intval(local_channel()) ); @@ -337,6 +338,7 @@ class Acl extends \Zotlabs\Web\Controller { else $r = array(); + if($r) { $i = count($contacts); $x = []; @@ -367,10 +369,12 @@ class Acl extends \Zotlabs\Web\Controller { "nick" => substr($g['nick'],0,strpos($g['nick'],'@')), "self" => (intval($g['abook_self']) ? 'abook-self' : ''), "taggable" => 'taggable', - "label" => t('network') + "label" => t('network'), + "net" => $g['net'] ?? '' + ); } - if($type !== 'f') { + //if($type !== 'f') { if (! array_key_exists($x[$lkey], $contacts) || ($contacts[$x[$lkey]]['net'] !== 'zot6' && $g['net'] == 'zot6')) { $contacts[$x[$lkey]] = array( "type" => "c", @@ -387,7 +391,7 @@ class Acl extends \Zotlabs\Web\Controller { "net" => $g['net'] ?? '' ); } - } + //} $i++; } } diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 27fc62ee6..0643cc447 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -840,7 +840,6 @@ class Item extends Controller { // Look for tags and linkify them $results = linkify_tags($body, ($uid) ? $uid : $profile_uid); - if ($results) { // Set permissions based on tag replacements -- cgit v1.2.3 From ec3ba87f3a6cb9cda5f094bb1e62ed6b746f087f Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 3 Mar 2023 08:49:18 +0000 Subject: Revert "some work on bringing bang tags back for forums" This reverts commit da034045cc1bba74287b7c3e83f4a94ff5359150. --- Zotlabs/Module/Acl.php | 12 ++++-------- Zotlabs/Module/Item.php | 1 + 2 files changed, 5 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index e7a1e6706..b98f5621e 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -69,7 +69,6 @@ class Acl extends \Zotlabs\Web\Controller { $sql_extra = ''; $sql_extra2 = ''; $sql_extra3 = ''; - $sql_extra4 = (($type === 'f') ? ' AND xchan_pubforum = 1 ' : ''); $sql_extra2_xchan = ''; $order_extra2 = ''; @@ -220,7 +219,7 @@ class Acl extends \Zotlabs\Web\Controller { $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash - WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 $sql_extra4 order by $order_extra2 xchan_name asc" , + WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) ); @@ -338,7 +337,6 @@ class Acl extends \Zotlabs\Web\Controller { else $r = array(); - if($r) { $i = count($contacts); $x = []; @@ -369,12 +367,10 @@ class Acl extends \Zotlabs\Web\Controller { "nick" => substr($g['nick'],0,strpos($g['nick'],'@')), "self" => (intval($g['abook_self']) ? 'abook-self' : ''), "taggable" => 'taggable', - "label" => t('network'), - "net" => $g['net'] ?? '' - + "label" => t('network') ); } - //if($type !== 'f') { + if($type !== 'f') { if (! array_key_exists($x[$lkey], $contacts) || ($contacts[$x[$lkey]]['net'] !== 'zot6' && $g['net'] == 'zot6')) { $contacts[$x[$lkey]] = array( "type" => "c", @@ -391,7 +387,7 @@ class Acl extends \Zotlabs\Web\Controller { "net" => $g['net'] ?? '' ); } - //} + } $i++; } } diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 0643cc447..27fc62ee6 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -840,6 +840,7 @@ class Item extends Controller { // Look for tags and linkify them $results = linkify_tags($body, ($uid) ? $uid : $profile_uid); + if ($results) { // Set permissions based on tag replacements -- cgit v1.2.3 From 234bb6425021b72f0db71667191b2c36dc593791 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 8 Mar 2023 10:04:29 +0000 Subject: port totp mfa from streams with some adjustions --- Zotlabs/Module/Settings/Multifactor.php | 72 ++++++++++++++++++++++++++ Zotlabs/Module/Totp_check.php | 90 +++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 Zotlabs/Module/Settings/Multifactor.php create mode 100644 Zotlabs/Module/Totp_check.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php new file mode 100644 index 000000000..e1d8e1c97 --- /dev/null +++ b/Zotlabs/Module/Settings/Multifactor.php @@ -0,0 +1,72 @@ +setLabel($account['account_email']); + // $otp->setLabel(rawurlencode(System::get_platform_name())); + $otp->setIssuer(rawurlencode(System::get_platform_name())); + + $mySecret = trim(Base32::encodeUpper(random_bytes(32)), '='); + $otp = TOTP::create($mySecret); + q("UPDATE account set account_external = '%s' where account_id = %d", + dbesc($otp->getSecret()), + intval($account['account_id']) + ); + $account['account_external'] = $otp->getSecret(); + } + + $otp = TOTP::create($account['account_external']); + $otp->setLabel($account['account_email']); + $otp->setIssuer(rawurlencode(System::get_platform_name())); + $uri = $otp->getProvisioningUri(); + return replace_macros(get_markup_template('totp_setup.tpl'), + [ + '$form_security_token' => get_form_security_token("settings_mfa"), + '$title' => t('Multifactor Settings'), + '$totp_setup_text' => t('Multi-Factor Authentication Setup'), + '$secret_text' => t('This is your generated secret. This may be used in some cases if the QR image cannot be read. Please save it.'), + '$test_title' => t('Please enter the code from your authenticator'), + '$qrcode' => (new QRCode())->render($uri), + '$uri' => $uri, + '$secret' => ($account['account_external'] ?? ''), + '$test_pass' => t("That code is correct."), + '$test_fail' => t("Incorrect code."), + '$enable_mfa' => [ + 'enable_mfa', + t('Enable Multi-factor Authentication'), + AConfig::Get($account['account_id'], 'system', 'mfa_enabled'), + '', + [t('No'), t('Yes')] + ], + '$submit' => t('Submit'), + '$test' => t('Test') + ] + ); + } +} diff --git a/Zotlabs/Module/Totp_check.php b/Zotlabs/Module/Totp_check.php new file mode 100644 index 000000000..3f6549382 --- /dev/null +++ b/Zotlabs/Module/Totp_check.php @@ -0,0 +1,90 @@ + false]; + $static = $_POST['totp_code_static'] ?? false; + + if (!local_channel()) { + if ($static) { + goaway(z_root()); + } + + json_return_and_die($retval); + } + + $account = App::get_account(); + if (!$account) { + json_return_and_die($retval); + } + + $secret = $account['account_external']; + $input = (isset($_POST['totp_code'])) ? trim($_POST['totp_code']) : ''; + + if ($secret && $input) { + $otp = TOTP::create($secret); // create TOTP object from the secret. + if ($otp->verify($_POST['totp_code']) || $input === $secret ) { + logger('otp_success'); + $_SESSION['2FA_VERIFIED'] = true; + + if ($static) { + goaway(z_root()); + } + + $retval['status'] = true; + json_return_and_die($retval); + } + logger('otp_fail'); + } + + if ($static) { + if(empty($_SESSION['totp_try_count'])) { + $_SESSION['totp_try_count'] = 1; + } + + if ($_SESSION['totp_try_count'] > 2) { + goaway('logout'); + } + + $_SESSION['totp_try_count']++; + goaway(z_root()); + } + + json_return_and_die($retval); + } + + public function get() { + + if (!local_channel()) { + return; + } + + $account = App::get_account(); + if (!$account) { + return t('Account not found.'); + } + + $id = $account['account_email']; + + return replace_macros(get_markup_template('totp.tpl'), + [ + '$header' => t('Multifactor Verification'), + '$id' => $id, + '$desc' => t('Please enter the verification key from your authenticator app'), + //'$success' => t('Success!'), + //'$fail' => t('Invalid code, please try again.'), + //'$maxfails' => t('Too many invalid codes...'), + '$submit' => t('Verify'), + '$static' => $static + ] + ); + } +} + -- cgit v1.2.3 From 2ffef2be8f6967c012be52efb6c21dd28878ee4c Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 8 Mar 2023 10:18:32 +0000 Subject: minor cleanup --- Zotlabs/Module/Totp_check.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Totp_check.php b/Zotlabs/Module/Totp_check.php index 3f6549382..c0b38a513 100644 --- a/Zotlabs/Module/Totp_check.php +++ b/Zotlabs/Module/Totp_check.php @@ -78,9 +78,6 @@ class Totp_check extends Controller { '$header' => t('Multifactor Verification'), '$id' => $id, '$desc' => t('Please enter the verification key from your authenticator app'), - //'$success' => t('Success!'), - //'$fail' => t('Invalid code, please try again.'), - //'$maxfails' => t('Too many invalid codes...'), '$submit' => t('Verify'), '$static' => $static ] -- cgit v1.2.3 From 3de81877c6aaacfad993375bcf88b512958180ab Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 8 Mar 2023 13:15:33 +0000 Subject: more mfa cleanup --- Zotlabs/Module/Totp_check.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Totp_check.php b/Zotlabs/Module/Totp_check.php index c0b38a513..8212d3716 100644 --- a/Zotlabs/Module/Totp_check.php +++ b/Zotlabs/Module/Totp_check.php @@ -62,8 +62,8 @@ class Totp_check extends Controller { public function get() { - if (!local_channel()) { - return; + if (!local_channel() || App::$module === 'totp_check') { + goaway(z_root()); } $account = App::get_account(); @@ -78,8 +78,7 @@ class Totp_check extends Controller { '$header' => t('Multifactor Verification'), '$id' => $id, '$desc' => t('Please enter the verification key from your authenticator app'), - '$submit' => t('Verify'), - '$static' => $static + '$submit' => t('Verify') ] ); } -- cgit v1.2.3 From 8af5788fc193a245c8aeed3b554a79baaa1bde3a Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 8 Mar 2023 17:29:56 +0000 Subject: more mfa cleanup, set the value in session if mfa is enabled and only allow enabling mfa after a test passed --- Zotlabs/Module/Settings/Multifactor.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php index e1d8e1c97..5ac47be09 100644 --- a/Zotlabs/Module/Settings/Multifactor.php +++ b/Zotlabs/Module/Settings/Multifactor.php @@ -18,6 +18,9 @@ class Multifactor { } $enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false; AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa); + if ($enable_mfa) { + $_SESSION['2FA_VERIFIED'] = true; + } } public function get() { @@ -48,10 +51,11 @@ class Multifactor { return replace_macros(get_markup_template('totp_setup.tpl'), [ '$form_security_token' => get_form_security_token("settings_mfa"), - '$title' => t('Multifactor Settings'), + '$title' => t(' Account Multifactor Settings'), '$totp_setup_text' => t('Multi-Factor Authentication Setup'), - '$secret_text' => t('This is your generated secret. This may be used in some cases if the QR image cannot be read. Please save it.'), + '$secret_text' => t('This is your generated secret. It may be used in some cases if the QR image cannot be read. Please save it.'), '$test_title' => t('Please enter the code from your authenticator'), + '$test_title_sub' => t('You will only be able to enable MFA if the test passes'), '$qrcode' => (new QRCode())->render($uri), '$uri' => $uri, '$secret' => ($account['account_external'] ?? ''), -- cgit v1.2.3 From 203d9d651f799710cc38824312b29ba341f1ea0f Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 9 Mar 2023 15:48:03 +0000 Subject: mfa strings update --- Zotlabs/Module/Settings/Account.php | 1 + Zotlabs/Module/Settings/Multifactor.php | 11 +++++------ 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Account.php b/Zotlabs/Module/Settings/Account.php index 5e1fb176e..85e7c793f 100644 --- a/Zotlabs/Module/Settings/Account.php +++ b/Zotlabs/Module/Settings/Account.php @@ -105,6 +105,7 @@ class Account { '$password1' => array('npassword', t('Enter New Password'), '', ''), '$password2' => array('confirm', t('Confirm New Password'), '', t('Leave password fields blank unless changing')), '$submit' => t('Submit'), + '$mfa' => t('Multi-Factor Authentication'), '$email' => array('email', t('DId2 or Email Address:'), $email, '', '', $attremail), '$email_hidden' => (($attremail) ? $email : ''), '$removeme' => t('Remove Account'), diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php index 5ac47be09..191055e2c 100644 --- a/Zotlabs/Module/Settings/Multifactor.php +++ b/Zotlabs/Module/Settings/Multifactor.php @@ -51,10 +51,9 @@ class Multifactor { return replace_macros(get_markup_template('totp_setup.tpl'), [ '$form_security_token' => get_form_security_token("settings_mfa"), - '$title' => t(' Account Multifactor Settings'), - '$totp_setup_text' => t('Multi-Factor Authentication Setup'), - '$secret_text' => t('This is your generated secret. It may be used in some cases if the QR image cannot be read. Please save it.'), - '$test_title' => t('Please enter the code from your authenticator'), + '$title' => t('Account Multi-Factor Authentication'), + '$secret_text' => t('This is your generated secret. It may be used in some cases if the QR image cannot be read. Please store it in a safe place.'), + '$test_title' => t('Please enter the code from your authenticator app'), '$test_title_sub' => t('You will only be able to enable MFA if the test passes'), '$qrcode' => (new QRCode())->render($uri), '$uri' => $uri, @@ -63,9 +62,9 @@ class Multifactor { '$test_fail' => t("Incorrect code."), '$enable_mfa' => [ 'enable_mfa', - t('Enable Multi-factor Authentication'), + t('Enable Multi-Factor Authentication'), AConfig::Get($account['account_id'], 'system', 'mfa_enabled'), - '', + t('Logging in will require you to be in possession of your smartphone with an authenticator app'), [t('No'), t('Yes')] ], '$submit' => t('Submit'), -- cgit v1.2.3 From ac9c33fb3b31f4a3801fbdf7c723b923d699964d Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 11 Mar 2023 20:24:56 +0000 Subject: check form security token and require password to enable/diable mfa --- Zotlabs/Module/Settings/Multifactor.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php index 191055e2c..4df718c6a 100644 --- a/Zotlabs/Module/Settings/Multifactor.php +++ b/Zotlabs/Module/Settings/Multifactor.php @@ -12,10 +12,24 @@ use ParagonIE\ConstantTime\Base32; class Multifactor { public function post() { + check_form_security_token_redirectOnErr('/settings/multifactor', 'settings_mfa'); + $account = App::get_account(); if (!$account) { return; } + + if (empty($_POST['password'])) { + notice(t('Password is required') . EOL); + return; + } + + $password = trim($_POST['password']); + if(!account_verify_password($account['account_email'], $password)) { + notice(t('The provided password is not correct') . EOL); + return; + } + $enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false; AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa); if ($enable_mfa) { @@ -67,6 +81,7 @@ class Multifactor { t('Logging in will require you to be in possession of your smartphone with an authenticator app'), [t('No'), t('Yes')] ], + '$password' => ['password', t('Please enter your password'), '', t('Required')], '$submit' => t('Submit'), '$test' => t('Test') ] -- cgit v1.2.3 From 5fada6a497ad5123668f282deb508db00e628bda Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 11 Mar 2023 20:40:32 +0000 Subject: more strings and provide mfa feedback via jgrowl --- Zotlabs/Module/Settings/Multifactor.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php index 4df718c6a..8b91bc87a 100644 --- a/Zotlabs/Module/Settings/Multifactor.php +++ b/Zotlabs/Module/Settings/Multifactor.php @@ -72,16 +72,16 @@ class Multifactor { '$qrcode' => (new QRCode())->render($uri), '$uri' => $uri, '$secret' => ($account['account_external'] ?? ''), - '$test_pass' => t("That code is correct."), - '$test_fail' => t("Incorrect code."), + '$test_pass' => t("Congratulations, the provided code was correct"), + '$test_fail' => t("Incorrect code"), '$enable_mfa' => [ 'enable_mfa', t('Enable Multi-Factor Authentication'), AConfig::Get($account['account_id'], 'system', 'mfa_enabled'), - t('Logging in will require you to be in possession of your smartphone with an authenticator app'), + t('Logging in will require you to be in possession of your smartphone'), [t('No'), t('Yes')] ], - '$password' => ['password', t('Please enter your password'), '', t('Required')], + '$password' => ['password', t('Your account password'), '', t('Required')], '$submit' => t('Submit'), '$test' => t('Test') ] -- cgit v1.2.3 From 95cbcf30d7934ded1222c3481553536cbb95dbb3 Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 12 Mar 2023 18:43:50 +0000 Subject: make sure to only transform channel wall posts for group actors --- Zotlabs/Module/Item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 27fc62ee6..5ca94cd76 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -818,7 +818,7 @@ class Item extends Controller { $is_group = get_pconfig($profile_uid, 'system', 'group_actor'); - if (($is_group) && ($walltowall) && (!$walltowall_comment)) { + if ($is_group && $walltowall && !$walltowall_comment && !$webpage) { $groupww = true; $str_contact_allow = $owner_xchan['xchan_hash']; $str_group_allow = ''; -- cgit v1.2.3 From 3dcfdba74bc36b9d3fb2f634a60ea97a92fa1591 Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 19 Mar 2023 13:28:43 +0000 Subject: simplify --- Zotlabs/Module/Chanview.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index 0dfffe770..e178b27df 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -16,17 +16,17 @@ class Chanview extends \Zotlabs\Web\Controller { $r = null; - if(isset($_REQUEST['hash']) && $_REQUEST['hash']) { + if(!empty($_REQUEST['hash'])) { $r = q("select * from xchan where xchan_hash = '%s' and xchan_deleted = 0", dbesc($_REQUEST['hash']) ); } - if(isset($_REQUEST['address']) && $_REQUEST['address']) { + if(!empty($_REQUEST['address'])) { $r = q("select * from xchan where xchan_addr = '%s' and xchan_deleted = 0", dbesc(punify($_REQUEST['address'])) ); } - elseif(local_channel() && isset($_REQUEST['cid']) && $_REQUEST['cid']) { + elseif(local_channel() && !empty($_REQUEST['cid'])) { $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and abook_id = %d and xchan_deleted = 0", @@ -34,8 +34,7 @@ class Chanview extends \Zotlabs\Web\Controller { intval($_REQUEST['cid']) ); } - elseif(isset($_REQUEST['url']) && $_REQUEST['url']) { - + elseif(!empty($_REQUEST['url'])) { // if somebody re-installed they will have more than one xchan, use the most recent name date as this is // the most useful consistently ascending table item we have. @@ -56,7 +55,7 @@ class Chanview extends \Zotlabs\Web\Controller { if(! App::$poi) { logger('mod_chanview: fallback'); - if(isset($_REQUEST['address']) && $_REQUEST['address']) { + if(!empty($_REQUEST['address'])) { $href = Webfinger::zot_url(punify($_REQUEST['address'])); if($href) { $_REQUEST['url'] = $href; @@ -65,7 +64,7 @@ class Chanview extends \Zotlabs\Web\Controller { $r = null; - if(isset($_REQUEST['url']) && $_REQUEST['url']) { + if(!empty($_REQUEST['url'])) { $zf = Zotfinger::exec($_REQUEST['url']); @@ -79,6 +78,7 @@ class Chanview extends \Zotlabs\Web\Controller { } } if(! $r) { + if(discover_by_webbie($_REQUEST['url'])) { $r = q("select * from xchan where xchan_url = '%s' and xchan_deleted = 0", dbesc($_REQUEST['url']) -- cgit v1.2.3