From 64f802d4f6b1c6b1b444bb5d71795c9e3580efee Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 9 Jan 2021 13:05:31 +0000 Subject: fix error in sql query (cherry picked from commit 0e2af403298599737b41a44a0b6b3e0a1204b108) --- Zotlabs/Module/Owa.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index d6aeb8af5..9a3513f34 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -39,7 +39,7 @@ class Owa extends Controller { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if ($found) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE OR hubloc_id_url = '%s'", + WHERE hubloc_id_url = '%s'", dbesc($keyId) ); } -- cgit v1.2.3 From fa41527f85f211c013bac3657629f2e23d400d4a Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 9 Jan 2021 19:22:47 +0000 Subject: fix some php8 fatal errors (cherry picked from commit 2522d42c71baee9caba181566948ae4c899885bd) --- Zotlabs/Module/Sse_bs.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 534c63d46..396e07001 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -123,7 +123,7 @@ class Sse_bs extends Controller { $mids[] = '\'' . dbesc(@base64url_decode(substr($a,4))) . '\''; } - $str = implode($mids, ','); + $str = implode(',', $mids); $x = [ 'channel_id' => self::$uid, 'update' => 'unset' ]; call_hooks('update_unseen',$x); -- cgit v1.2.3 From 3fe67eb646befb47b3d421e12e55020f035e26b3 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 9 Jan 2021 21:54:41 +0000 Subject: more libzotdir (cherry picked from commit e339e897ff7f856cf5b352f7754f3d1eea240ddb) --- Zotlabs/Module/Acl.php | 126 ++++++++++++++-------------- Zotlabs/Module/Directory.php | 194 ++++++++++++++++++++++--------------------- Zotlabs/Module/Pubsites.php | 27 +++--- 3 files changed, 176 insertions(+), 171 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 4b79211a6..fb95b0504 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -2,6 +2,8 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Libzotdir; + require_once 'include/acl_selectors.php'; require_once 'include/group.php'; @@ -46,20 +48,20 @@ class Acl extends \Zotlabs\Web\Controller { // 'a' => autocomplete connections (mod_connections, mod_poke, mod_sources, mod_photos) // 'x' => nav search bar autocomplete (match any xchan) // $_REQUEST['query'] contains autocomplete search text. - - // List of channels whose connections to also suggest, + + // List of channels whose connections to also suggest, // e.g. currently viewed channel or channels mentioned in a post $extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array()); - + // The different autocomplete libraries use different names for the search text // parameter. Internally we'll use $search to represent the search text no matter - // what request variable it was attached to. - + // what request variable it was attached to. + if(array_key_exists('query',$_REQUEST)) { $search = $_REQUEST['query']; } - + if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ]))) killme(); @@ -68,7 +70,7 @@ class Acl extends \Zotlabs\Web\Controller { if(in_array($type, [ 'm', 'a', 'c', 'f' ])) { // These queries require permission checking. We'll create a simple array of xchan_hash for those with - // the requisite permissions which we can check against. + // the requisite permissions which we can check against. $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = '1'", intval(local_channel()), @@ -85,34 +87,34 @@ class Acl extends \Zotlabs\Web\Controller { $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; $sql_extra2_xchan = "AND ( xchan_name LIKE " . protect_sprintf( "'" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; - // This horrible mess is needed because position also returns 0 if nothing is found. + // This horrible mess is needed because position also returns 0 if nothing is found. // Would be MUCH easier if it instead returned a very large value - // Otherwise we could just + // Otherwise we could just // order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)). - $order_extra2 = "CASE WHEN xchan_name LIKE " - . protect_sprintf( "'%" . dbesc($search) . "%'" ) - . " then POSITION('" . protect_sprintf(dbesc($search)) + $order_extra2 = "CASE WHEN xchan_name LIKE " + . protect_sprintf( "'%" . dbesc($search) . "%'" ) + . " then POSITION('" . protect_sprintf(dbesc($search)) . "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, "; $sql_extra3 = "AND ( xchan_addr like " . protect_sprintf( "'%" . dbesc(punify($search)) . "%'" ) . " OR xchan_name like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ) "; - + } else { $sql_extra = $sql_extra2 = $sql_extra3 = ""; } - - + + $groups = array(); $contacts = array(); - + if($type == '' || $type == 'g') { // virtual groups based on private profile viewing ability $r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d", intval(local_channel()) - ); + ); if($r) { foreach($r as $rv) { $groups[] = array( @@ -130,19 +132,19 @@ class Acl extends \Zotlabs\Web\Controller { // Normal privacy groups $r = q("SELECT pgrp.id, pgrp.hash, pgrp.gname - FROM pgrp, pgrp_member - WHERE pgrp.deleted = 0 AND pgrp.uid = %d + FROM pgrp, pgrp_member + WHERE pgrp.deleted = 0 AND pgrp.uid = %d AND pgrp_member.gid = pgrp.id $sql_extra GROUP BY pgrp.id - ORDER BY pgrp.gname + ORDER BY pgrp.gname LIMIT %d OFFSET %d", intval(local_channel()), intval($count), intval($start) ); - if($r) { + if($r) { foreach($r as $g){ // logger('acl: group: ' . $g['gname'] . ' members: ' . group_get_members_xchan($g['id'])); $groups[] = array( @@ -157,10 +159,10 @@ class Acl extends \Zotlabs\Web\Controller { } } } - + if($type == '' || $type == 'c' || $type === 'f') { - $extra_channels_sql = ''; + $extra_channels_sql = ''; // Only include channels who allow the observer to view their connections if($extra_channels) { @@ -172,7 +174,7 @@ class Acl extends \Zotlabs\Web\Controller { } } } - + // Getting info from the abook is better for local users because it contains info about permissions if(local_channel()) { if($extra_channels_sql != '') @@ -199,7 +201,7 @@ class Acl extends \Zotlabs\Web\Controller { $r2 = array(); foreach($r1 as $rr) { $x = atoken_xchan($rr); - $r2[] = [ + $r2[] = [ 'id' => 'a' . $rr['atoken_id'] , 'hash' => $x['xchan_hash'], 'name' => $x['xchan_name'], @@ -211,12 +213,12 @@ class Acl extends \Zotlabs\Web\Controller { 'abook_self' => 0 ]; } - } + } // add connections - - $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self - FROM abook left join xchan on abook_xchan = xchan_hash + + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self + FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) ); @@ -230,23 +232,23 @@ class Acl extends \Zotlabs\Web\Controller { WHERE xlink_xchan = '%s' AND xchan_deleted = 0 $sql_extra2_xchan order by $order_extra2 xchan_name asc" , dbesc(get_observer_hash()) ); - + // Find contacts of extra channels // This is probably more complicated than it needs to be if($extra_channels_sql) { // Build a list of hashes that we got previously so we don't get them again $known_hashes = array("'".get_observer_hash()."'"); if($r) - foreach($r as $rr) + foreach($r as $rr) $known_hashes[] = "'".$rr['hash']."'"; $known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')'; - - $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self - FROM abook left join xchan on abook_xchan = xchan_hash + + $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self + FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc"); if($r2) $r = array_merge($r,$r2); - + // Sort accoring to match position, then alphabetically. This could be avoided if the above two SQL queries could be combined into one, and the sorting could be done on the SQl server (like in the case of a local user) $matchpos = function($x) use($search) { $namepos = strpos($x['name'],$search); @@ -269,22 +271,22 @@ class Acl extends \Zotlabs\Web\Controller { } } if((count($r) < 100) && $type == 'c') { - $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self - FROM xchan + $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self + FROM xchan WHERE xchan_deleted = 0 and not xchan_network in ('rss','anon','unknown') $sql_extra2_xchan order by $order_extra2 xchan_name asc" ); if($r2) { $r = array_merge($r,$r2); $r = unique_multidim_array($r,'hash'); - } + } } } elseif($type == 'm') { $r = array(); - $z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + $z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d + WHERE abook_channel = %d and xchan_deleted = 0 and xchan_network IN ('zot', 'diaspora', 'friendica-over-diaspora') $sql_extra3 @@ -298,10 +300,10 @@ class Acl extends \Zotlabs\Web\Controller { } } } - + } elseif($type == 'a') { - + $r = q("SELECT abook_id as id, xchan_name as name, xchan_network as net, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and xchan_deleted = 0 @@ -309,7 +311,7 @@ class Acl extends \Zotlabs\Web\Controller { ORDER BY xchan_name ASC ", intval(local_channel()) ); - + } elseif($type == 'x') { $r = $this->navbar_complete($a); @@ -323,7 +325,7 @@ class Acl extends \Zotlabs\Web\Controller { ); } } - + $o = array( 'start' => $start, 'count' => $count, @@ -334,17 +336,17 @@ class Acl extends \Zotlabs\Web\Controller { } else $r = array(); - + if($r) { $i = count($contacts); $x = []; foreach($r as $g) { - + if(in_array($g['net'],['rss','anon','unknown']) && ($type != 'a')) continue; $g['hash'] = urlencode($g['hash']); - + if(! $g['nick']) { $g['nick'] = $g['url']; } @@ -386,11 +388,11 @@ class Acl extends \Zotlabs\Web\Controller { } } $i++; - } + } } - + $items = array_merge($groups, $contacts); - + $o = array( 'start' => $start, 'count' => $count, @@ -404,50 +406,50 @@ class Acl extends \Zotlabs\Web\Controller { function navbar_complete(&$a) { - + // logger('navbar_complete'); - + if(observer_prohibited()) { return; } - + $dirmode = intval(get_config('system','directory_mode')); $search = ((x($_REQUEST,'search')) ? htmlentities($_REQUEST['search'],ENT_COMPAT,'UTF-8',false) : ''); if(! $search || mb_strlen($search) < 2) return array(); - + $star = false; $address = false; - + if(substr($search,0,1) === '@') $search = substr($search,1); - + if(substr($search,0,1) === '*') { $star = true; $search = substr($search,1); } - + if(strpos($search,'@') !== false) { $address = true; } - + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { $url = z_root() . '/dirsearch'; } - + if(! $url) { require_once("include/dir_fns.php"); - $directory = find_upstream_directory($dirmode); + $directory = Libzotdir::find_upstream_directory($dirmode); $url = $directory['url'] . '/dirsearch'; } $token = get_config('system','realm_token'); - + $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100); if($url) { $query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : ''); $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : ''); - + $x = z_fetch_url($query); if($x['success']) { $t = 0; diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index e1bf0f6cf..7295f3099 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -4,6 +4,8 @@ namespace Zotlabs\Module; use App; use Zotlabs\Web\Controller; +use Zotlabs\Lib\Libzotdir; + require_once('include/socgraph.php'); require_once('include/dir_fns.php'); @@ -15,7 +17,7 @@ class Directory extends Controller { function init() { App::set_pager_itemspage(30); - + if(local_channel() && x($_GET,'ignore')) { q("insert into xign ( uid, xchan ) values ( %d, '%s' ) ", intval(local_channel()), @@ -26,12 +28,12 @@ class Directory extends Controller { if(local_channel()) App::$profile_uid = local_channel(); - + $observer = get_observer_hash(); $global_changed = false; $safe_changed = false; $pubforums_changed = false; - + if(array_key_exists('global',$_REQUEST)) { $globaldir = intval($_REQUEST['global']); $global_changed = true; @@ -41,7 +43,7 @@ class Directory extends Controller { if($observer) set_xconfig($observer,'directory','globaldir',$globaldir); } - + if(array_key_exists('safe',$_REQUEST)) { $safemode = intval($_REQUEST['safe']); $safe_changed = true; @@ -51,8 +53,8 @@ class Directory extends Controller { if($observer) set_xconfig($observer,'directory','safemode',$safemode); } - - + + if(array_key_exists('pubforums',$_REQUEST)) { $pubforums = intval($_REQUEST['pubforums']); $pubforums_changed = true; @@ -64,52 +66,52 @@ class Directory extends Controller { } } - + function get() { - + if(observer_prohibited()) { notice( t('Public access denied.') . EOL); return; } - + if(get_config('system','block_public_directory',false) && (! get_observer_hash())) { notice( t('Public access denied.') . EOL); return; } - + $observer = get_observer_hash(); - - $globaldir = get_directory_setting($observer, 'globaldir'); + + $globaldir = Libzotdir::get_directory_setting($observer, 'globaldir'); // override your personal global search pref if we're doing a navbar search of the directory if(intval($_REQUEST['navsearch'])) $globaldir = 1; - - $safe_mode = get_directory_setting($observer, 'safemode'); - - $pubforums = get_directory_setting($observer, 'pubforums'); - + + $safe_mode = Libzotdir::get_directory_setting($observer, 'safemode'); + + $pubforums = Libzotdir::get_directory_setting($observer, 'pubforums'); + $o = ''; nav_set_selected('Directory'); - + if(x($_POST,'search')) $search = notags(trim($_POST['search'])); else $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); - - + + if(strpos($search,'=') && local_channel() && feature_enabled(local_channel(), 'advanced_dirsearch')) $advanced = $search; - + $keywords = (($_GET['keywords']) ? $_GET['keywords'] : ''); - + // Suggest channels if no search terms or keywords are given $suggest = (local_channel() && x($_REQUEST,'suggest')) ? $_REQUEST['suggest'] : ''; - + if($suggest) { // the directory options have no effect in suggestion mode - + $globaldir = 1; $safe_mode = 1; $type = 0; @@ -120,7 +122,7 @@ class Directory extends Controller { notice( t('No default suggestions were found.') . EOL); return; } - + // Remember in which order the suggestions were $addresses = array(); $common = array(); @@ -129,7 +131,7 @@ class Directory extends Controller { $common[$rr['xchan_addr']] = ((intval($rr['total']) > 0) ? intval($rr['total']) - 1 : 0); $addresses[$rr['xchan_addr']] = $index++; } - + // Build query to get info about suggested people $advanced = ''; foreach(array_keys($addresses) as $address) { @@ -137,13 +139,13 @@ class Directory extends Controller { } // Remove last space in the advanced query $advanced = rtrim($advanced); - + } - + $tpl = get_markup_template('directory_header.tpl'); - + $dirmode = intval(get_config('system','directory_mode')); - + $directory_admin = false; if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { @@ -154,19 +156,19 @@ class Directory extends Controller { } if(! $url) { - $directory = find_upstream_directory($dirmode); + $directory = Libzotdir::find_upstream_directory($dirmode); if((! $directory) || (! array_key_exists('url',$directory)) || (! $directory['url'])) logger('CRITICAL: No directory server URL'); $url = $directory['url'] . '/dirsearch'; } - + $token = get_config('system','realm_token'); - - + + logger('mod_directory: URL = ' . $url, LOGGER_DEBUG); - + $contacts = array(); - + if(local_channel()) { $x = q("select abook_xchan from abook where abook_channel = %d", intval(local_channel()) @@ -176,24 +178,24 @@ class Directory extends Controller { $contacts[] = $xx['abook_xchan']; } } - + if($url) { - + $numtags = get_config('system','directorytags'); - + $kw = ((intval($numtags) > 0) ? intval($numtags) : 50); - + if(get_config('system','disable_directory_keywords')) $kw = 0; - + $query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : ''); - + if($token) $query .= '&t=' . $token; - + if(! $globaldir) $query .= '&hub=' . App::get_hostname(); - + if($search) $query .= '&name=' . urlencode($search) . '&keywords=' . urlencode($search); if(strpos($search,'@')) @@ -204,29 +206,29 @@ class Directory extends Controller { $query .= '&query=' . urlencode($advanced); if(! is_null($pubforums)) $query .= '&pubforums=' . intval($pubforums); - + $directory_sort_order = get_config('system','directory_sort_order'); if(! $directory_sort_order) $directory_sort_order = 'date'; - + $sort_order = ((x($_REQUEST,'order')) ? $_REQUEST['order'] : $directory_sort_order); - + if($sort_order) $query .= '&order=' . urlencode($sort_order); - + if(App::$pager['page'] != 1) $query .= '&p=' . App::$pager['page']; - + logger('mod_directory: query: ' . $query); - + $x = z_fetch_url($query); logger('directory: return from upstream: ' . print_r($x,true), LOGGER_DATA); - + if($x['success']) { $t = 0; $j = json_decode($x['body'],true); if($j) { - + if($j['results']) { $results = $j['results']; @@ -235,23 +237,23 @@ class Directory extends Controller { } $entries = array(); - + $photo = 'thumb'; - + foreach($results as $rr) { - + $profile_link = chanlink_url($rr['url']); - + $pdesc = (($rr['description']) ? $rr['description'] . '
' : ''); - $connect_link = ((local_channel()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); - + $connect_link = ((local_channel()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); + // Checking status is disabled ATM until someone checks the performance impact more carefully //$online = remote_online_status($rr['address']); $online = ''; - + if(in_array($rr['hash'],$contacts)) $connect_link = ''; - + $location = ''; if(strlen($rr['locale'])) $location .= $rr['locale']; @@ -265,53 +267,53 @@ class Directory extends Controller { $location .= ', '; $location .= $rr['country']; } - + $age = ''; if(strlen($rr['birthday'])) { if(($years = age($rr['birthday'],'UTC','')) > 0) $age = $years; } - + $page_type = ''; - + $rating_enabled = get_config('system','rating_enabled'); if($rr['total_ratings'] && $rating_enabled) $total_ratings = sprintf( tt("%d rating", "%d ratings", $rr['total_ratings']), $rr['total_ratings']); else $total_ratings = ''; - + $profile = $rr; - + if ((x($profile,'locale') == 1) || (x($profile,'region') == 1) || (x($profile,'postcode') == 1) || (x($profile,'country') == 1)) - + $gender = ((x($profile,'gender') == 1) ? t('Gender: ') . $profile['gender']: False); - + $marital = ((x($profile,'marital') == 1) ? t('Status: ') . $profile['marital']: False); - + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage: ') : False); - $homepageurl = ((x($profile,'homepage') == 1) ? html2plain($profile['homepage']) : ''); - + $homepageurl = ((x($profile,'homepage') == 1) ? html2plain($profile['homepage']) : ''); + $hometown = ((x($profile,'hometown') == 1) ? html2plain($profile['hometown']) : False); - + $about = ((x($profile,'about') == 1) ? zidify_links(bbcode($profile['about'], ['tryoembed' => false])) : False); if ($about && $safe_mode) { $about = html2plain($about); } - + $keywords = ((x($profile,'keywords')) ? $profile['keywords'] : ''); - + $out = ''; - + if($keywords) { $keywords = str_replace(',',' ', $keywords); $keywords = str_replace(' ',' ', $keywords); $karr = explode(' ', $keywords); - + if($karr) { if(local_channel()) { $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", @@ -332,9 +334,9 @@ class Directory extends Controller { $out .= '' . $k . ''; } } - + } - + $entry = array( 'id' => ++$t, 'profile_link' => $profile_link, @@ -366,7 +368,7 @@ class Directory extends Controller { 'about' => $about, 'about_label' => t('About:'), 'conn_label' => t('Connect'), - 'forum_label' => t('Public Forum:'), + 'forum_label' => t('Public Forum:'), 'connect' => $connect_link, 'online' => $online, 'kw' => (($out) ? t('Keywords: ') : ''), @@ -378,36 +380,36 @@ class Directory extends Controller { 'common_count' => intval($common[$rr['address']]), 'safe' => $safe_mode ); - + $arr = array('contact' => $rr, 'entry' => $entry); - + call_hooks('directory_item', $arr); - + unset($profile); unset($location); - + if(! $arr['entry']) { continue; - } - + } + if($sort_order == '' && $suggest) { $entries[$addresses[$rr['address']]] = $arr['entry']; // Use the same indexes as originally to get the best suggestion first } - + else { $entries[] = $arr['entry']; } } - + ksort($entries); // Sort array by key so that foreach-constructs work as expected - + if($j['keywords']) { App::$data['directory_keywords'] = $j['keywords']; } - + logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA); - - + + if($_REQUEST['aj']) { if($entries) { $o = replace_macros(get_markup_template('directajax.tpl'),array( @@ -422,9 +424,9 @@ class Directory extends Controller { } else { $maxheight = 94; - + $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); - + $o .= ""; $o .= replace_macros($tpl, array( '$search' => $search, @@ -442,10 +444,10 @@ class Directory extends Controller { '$reversedate' => t('Oldest to Newest'), '$suggest' => $suggest ? '&suggest=1' : '' )); - - + + } - + } else { if($_REQUEST['aj']) { @@ -463,7 +465,7 @@ class Directory extends Controller { } return $o; } - + static public function reorder_results($results,$suggests) { if(! $suggests) diff --git a/Zotlabs/Module/Pubsites.php b/Zotlabs/Module/Pubsites.php index daec5dde3..4b64d9af6 100644 --- a/Zotlabs/Module/Pubsites.php +++ b/Zotlabs/Module/Pubsites.php @@ -1,18 +1,19 @@ '; - + $o .= '

' . t('Public Hubs') . '

'; - - $o .= '
' . + + $o .= '
' . t('The listed hubs allow public registration for the $Projectname network. All hubs in the network are interlinked so membership on any of them conveys membership in the network as a whole. Some hubs may require subscription or provide tiered service plans. The hub itself may provide additional details.') . '
' . EOL; - + $ret = z_fetch_url($url); if($ret['success']) { $j = json_decode($ret['body'],true); @@ -48,8 +49,8 @@ class Pubsites extends \Zotlabs\Web\Controller { $host = strtolower(substr($jj['url'],strpos($jj['url'],'://')+3)); $rate_links = ((local_channel()) ? ' ' . t('Rate') . '' : ''); $location = ''; - if(!empty($jj['location'])) { - $location = '

' . $jj['location'] . '

'; + if(!empty($jj['location'])) { + $location = '

' . $jj['location'] . '

'; } else { $location = '
 '; @@ -61,14 +62,14 @@ class Pubsites extends \Zotlabs\Web\Controller { $o .= ''; } } - + $o .= ''; - + $o .= '
'; - + } } return $o; } - + } -- cgit v1.2.3 From 67db1c6e9bc474c34cb10029794b64be8c85a393 Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Sat, 23 Jan 2021 15:24:24 +0100 Subject: melt diff prod fork 4.6.2 air onto 5.2.1 to 5.2.2 DB 1241 --- Zotlabs/Module/Admin.php | 9 +- Zotlabs/Module/Admin/Accounts.php | 127 +++++++- Zotlabs/Module/Admin/Site.php | 391 ++++++++++++++++++++++- Zotlabs/Module/Invite.php | 599 ++++++++++++++++++++++++++++++------ Zotlabs/Module/Regate.php | 347 +++++++++++++++++++++ Zotlabs/Module/Register.php | 498 ++++++++++++++++++++++-------- Zotlabs/Module/Settings/Account.php | 34 +- 7 files changed, 1732 insertions(+), 273 deletions(-) create mode 100644 Zotlabs/Module/Regate.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin.php b/Zotlabs/Module/Admin.php index 88b84b9d2..44c10b339 100644 --- a/Zotlabs/Module/Admin.php +++ b/Zotlabs/Module/Admin.php @@ -101,11 +101,14 @@ class Admin extends \Zotlabs\Web\Controller { // pending registrations - $pdg = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) > 0 ", - intval(ACCOUNT_PENDING) + // $pdg = q("SELECT account.*, register.reg_hash from account left join register on account_id = register.reg_uid // where (account_flags & %d ) > 0 ", + // intval(ACCOUNT_PENDING) + // ); + $pdg = q("SELECT COUNT(*) AS pdg FROM register WHERE reg_vital = 1 AND reg_expires > '%s' ", + dbesc(date('Y-m-d H:i:s')) ); - $pending = (($pdg) ? count($pdg) : 0); + $pending = ($pdg ? $pdg[0]['pdg'] : 0); // available channels, primary and clones $channels = array(); diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 0c7e089be..74e562a9c 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -15,6 +15,9 @@ class Accounts { * */ + const MYP = 'ZAR'; // ZAR2x + const VERSION = '2.0.0'; + function post() { $pending = ( x($_POST, 'pending') ? $_POST['pending'] : array() ); @@ -23,6 +26,68 @@ class Accounts { check_form_security_token_redirectOnErr('/admin/accounts', 'admin_accounts'); + $isajax = is_ajax(); + $rc = 0; + + If (!is_site_admin()) { + if ($isajax) { + killme(); + exit; + } + goaway(z_root() . '/'); + } + + if ($isajax) { + //$debug = print_r($_SESSION[self::MYP],true); + $zarop = (x($_POST['zardo']) && preg_match('/^[ad]{1,1}$/', $_POST['zardo']) ) + ? $_POST['zardo'] : ''; + // zarat arrives with leading underscore _n + $zarat = (x($_POST['zarat']) && preg_match('/^_{1,1}[0-9]{1,6}$/', $_POST['zarat']) ) + ? substr($_POST['zarat'],1) : ''; + $zarse = (x($_POST['zarse']) && preg_match('/^[0-9a-f]{8,8}$/', $_POST['zarse']) ) + ? hex2bin($_POST['zarse']) : ''; + + if ($zarop && $zarat >= 0 && $zarse && $zarse == $_SESSION[self::MYP]['h'][$zarat]) { + + // + if ($zarop == 'd') { + $rd = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d AND SUBSTR(reg_hash,1,4) = '%s' ", + intval($_SESSION[self::MYP]['i'][$zarat]), + dbesc($_SESSION[self::MYP]['h'][$zarat]) + ); + $rc = '× ' . count($rd); + } + elseif ($zarop == 'a') { + // approval, REGISTER_DENIED by user 0x0040, REGISTER_AGREED by user 0x0020 @Regate + $rd = q("UPDATE register SET reg_flags = (reg_flags & ~ 16), " + . " reg_vital = (CASE (reg_flags & ~ 48) WHEN 0 THEN 0 ELSE 1 END) " + . " WHERE reg_vital = 1 AND reg_id = %d AND SUBSTR(reg_hash,1,4) = '%s' ", + intval($_SESSION[self::MYP]['i'][$zarat]), + dbesc($_SESSION[self::MYP]['h'][$zarat]) + ); + $rc = 0; + $rs = q("SELECT * from register WHERE reg_id = %d ", + intval($_SESSION[self::MYP]['i'][$zarat]) + ); + if ($rs && ($rs[0]['reg_flags'] & ~ 48) == 0) { + + // create account + $rc='ok'.$rs[0]['reg_id']; + $ac = create_account_from_register($rs[0]); + if ( $ac['success'] ) $rc .= '✔'; + + } else { + $rc='oh×'; + } + } + + // + echo json_encode(array('re' => $zarop, 'at' => '_' . $zarat, 'rc' => $rc)); + } + killme(); + exit; + } + // change to switch structure? // account block/unblock button was submitted if (x($_POST, 'page_accounts_block')) { @@ -82,6 +147,8 @@ class Accounts { } check_form_security_token_redirectOnErr('/admin/accounts', 'admin_accounts', 't'); + + $debug = ''; switch (argv(2)){ case 'delete': @@ -112,9 +179,44 @@ class Accounts { } /* get pending */ - $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d )>0 ", + // [hilmar -> + /* + $pending = q("SELECT account.*, reg_hash FROM account LEFT JOIN register ON account_id = reg_uid WHERE reg_vital = 1 AND (account_flags & %d) > 0", + intval(ACCOUNT_PENDING) + ); + */ + $tao = 'tao.zar.zarax = ' . "'" . '' . "';\n"; + + $pending = q("SELECT @i:=@i+1 AS reg_n, @i MOD 2 AS reg_z, " + ." reg_did2, reg_created, reg_startup, reg_expires, reg_email, reg_atip, reg_hash, reg_id, " + ." CASE (reg_flags & %d) WHEN 0 THEN '✔ verified' WHEN 1 THEN '× not yet' END AS reg_vfd " + ." FROM register, (SELECT @i:=0) AS i " + ." WHERE reg_vital = 1 AND (reg_flags & %d) > 0 ", + intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_PENDING) ); + + unset($_SESSION[self::MYP]); + if ($pending) { + // collect and group all ip + $atips = q("SELECT reg_atip AS atip, COUNT(reg_atip) AS atips FROM register " + ." WHERE reg_vital = 1 GROUP BY reg_atip "); + $atips ? $atipn = array_column($atips, 'atips', 'atip') : $atipn = array('' => 0); + + $tao .= 'tao.zar.zarar = {'; + foreach ($pending as $n => $v) { + if (array_key_exists($v['reg_atip'], $atipn)) { + + $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; + } + // better secure + $tao .= $n . ": '" . substr(bin2hex($v['reg_hash']),0,8) . "',"; + $_SESSION[self::MYP]['h'][] = substr($v['reg_hash'],0,4); + $_SESSION[self::MYP]['i'][] = $v['reg_id']; + } + $tao = rtrim($tao,',') . '};' . "\n"; + } + // <- hilmar] /* get accounts */ @@ -143,7 +245,7 @@ class Accounts { intval(\App::$pager['itemspage']), intval(\App::$pager['start']) ); - + // function _setup_users($e){ // $accounts = Array( // t('Normal Account'), @@ -163,12 +265,16 @@ class Accounts { $t = get_markup_template('admin_accounts.tpl'); $o = replace_macros($t, array( // strings // + '$debug' => $debug, '$title' => t('Administration'), '$page' => t('Accounts'), '$submit' => t('Submit'), '$select_all' => t('select all'), + '$sel_tall' => t('SelectToggle'), + '$sel_deny' => t('× DenySelected'), + '$sel_aprv' => t('✔ ApproveSelected'), '$h_pending' => t('Registrations waiting for confirm'), - '$th_pending' => array( t('Request date'), t('Email') ), + '$th_pending' => array( t('Request date'), t('Startup,Expires'), 'dId2', t('specified,atip') ), '$no_pending' => t('No registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), @@ -187,21 +293,22 @@ class Accounts { [ t('Expires'), 'account_expires' ], [ t('Service Class'), 'account_service_class'] ), - '$confirm_delete_multi' => t('Selected accounts will be deleted!\n\nEverything these accounts had posted on this site will be permanently deleted!\n\nAre you sure?'), - '$confirm_delete' => t('The account {0} will be deleted!\n\nEverything this account has posted on this site will be permanently deleted!\n\nAre you sure?'), + '$confirm_delete_multi' => p2j(t('Selected accounts will be deleted!\n\nEverything these accounts had posted on this site will be permanently deleted!\n\nAre you sure?')), + '$confirm_delete' => p2j(t('The account {0} will be deleted!\n\nEverything this account has posted on this site will be permanently deleted!\n\nAre you sure?')), '$form_security_token' => get_form_security_token("admin_accounts"), // values // - '$baseurl' => z_root(), - - '$pending' => $pending, - '$users' => $users, + '$now' => date('Y-m-d H:i:s'), + '$baseurl' => z_root(), + '$tao' => $tao, + '$pending' => $pending, + '$users' => $users, )); $o .= paginate($a); return $o; } - } + diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 011bf3ce4..cb919746b 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -10,9 +10,19 @@ class Site { * */ function post(){ + // [hilmar-> + $this->isajax = is_ajax(); + $this->eol = $this->isajax ? "\n" : EOL; + // ] if (!x($_POST, 'page_site')) { - return; + // [ + if (!$this->isajax) + // ] + return; } + // [ + $this->msgbg = ''; + // <-hilmar] check_form_security_token_redirectOnErr('/admin/site', 'admin_site'); @@ -24,14 +34,16 @@ class Site { $siteinfo = ((x($_POST,'siteinfo')) ? trim($_POST['siteinfo']) : ''); $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); -// $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); -// $site_channel = ((x($_POST,'site_channel')) ? notags(trim($_POST['site_channel'])) : ''); + // $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); + // $site_channel = ((x($_POST,'site_channel')) ? notags(trim($_POST['site_channel'])) : ''); $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); $register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0); $minimum_age = ((x($_POST,'minimum_age')) ? intval(trim($_POST['minimum_age'])) : 13); $access_policy = ((x($_POST,'access_policy')) ? intval(trim($_POST['access_policy'])) : 0); + $reg_autochannel = ((x($_POST,'auto_channel_create')) ? True : False); $invite_only = ((x($_POST,'invite_only')) ? True : False); + $invite_also = ((x($_POST,'invite_also')) ? True : False); $abandon_days = ((x($_POST,'abandon_days')) ? intval(trim($_POST['abandon_days'])) : 0); $register_text = ((x($_POST,'register_text')) ? notags(trim($_POST['register_text'])) : ''); @@ -75,6 +87,16 @@ class Site { $maxloadavg = ((x($_POST,'maxloadavg')) ? intval(trim($_POST['maxloadavg'])) : 50); $feed_contacts = ((x($_POST,'feed_contacts')) ? intval($_POST['feed_contacts']) : 0); $verify_email = ((x($_POST,'verify_email')) ? 1 : 0); + $register_perday = ((x($_POST,'register_perday')) ? intval(trim($_POST['register_perday'])) : 50); + $register_sameip = ((x($_POST,'register_sameip')) ? intval(trim($_POST['register_sameip'])) : 3); + + $regdelayn = ((x($_POST,'zardelayn')) ? intval(trim($_POST['zardelayn'])) : 0); + $regdelayu = ((x($_POST,'zardelay')) ? notags(trim($_POST['zardelay'])) : ''); + $reg_delay = (preg_match('/^[a-z]{1,1}$/', $regdelayu) ? $regdelayn . $regdelayu : ''); + $regexpiren = ((x($_POST,'zarexpiren')) ? intval(trim($_POST['zarexpiren'])) : 0); + $regexpireu = ((x($_POST,'zarexpire')) ? notags(trim($_POST['zarexpire'])) : ''); + $reg_expire = (preg_match('/^[a-z]{1,1}$/', $regexpireu) ? $regexpiren . $regexpireu : ''); + $imagick_path = ((x($_POST,'imagick_path')) ? trim($_POST['imagick_path']) : ''); $force_queue = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue']) : 3000); $pub_incl = escape_tags(trim($_POST['pub_incl'])); @@ -82,6 +104,35 @@ class Site { $permissions_role = escape_tags(trim($_POST['permissions_role'])); + // [hilmar-> + $this->register_duty = ((x($_POST,'register_duty')) ? notags(trim($_POST['register_duty'])) : ''); + if (! preg_match('/^[0-9 .,:\-]{0,191}$/', $this->register_duty)) { + $this->msgbg .= 'ZAR0131E,' . t('Invalid input') . $this->eol; + $this->error++; + } else { + + $this->duty(); + + if ($this->isajax) { + echo json_encode(array('msgbg' => $this->msgbg, 'me' => 'zar')); + // that mission is complete + killme(); + exit; + + } else { + + //logger( print_r( $this->msgbg, true) ); + //logger( print_r( $this->joo, true) ); + if ($this->error === 0) { + set_config('system', 'register_duty', $this->register_duty); + set_config('system', 'register_duty_jso', $this->joo); + } else { + notice('ZAR0130E,'.t('Errors') . ': ' . $this->error) . EOL . $this->msgfg; + } + } + } + // <-hilmar] + set_config('system', 'feed_contacts', $feed_contacts); set_config('system', 'delivery_interval', $delivery_interval); set_config('system', 'delivery_batch_count', $delivery_batch_count); @@ -96,6 +147,10 @@ class Site { set_config('system', 'login_on_homepage', $login_on_homepage); set_config('system', 'enable_context_help', $enable_context_help); set_config('system', 'verify_email', $verify_email); + set_config('system', 'max_daily_registrations', $register_perday); + set_config('system', 'register_sameip', $register_sameip); + set_config('system', 'register_delay', $reg_delay); + set_config('system', 'register_expire', $reg_expire); set_config('system', 'default_expire_days', $default_expire_days); set_config('system', 'active_expire_days', $active_expire_days); set_config('system', 'reply_address', $reply_address); @@ -126,17 +181,19 @@ class Site { set_config('system','siteinfo',$siteinfo); set_config('system', 'language', $language); set_config('system', 'theme', $theme); -// if ( $theme_mobile === '---' ) { -// del_config('system', 'mobile_theme'); -// } else { -// set_config('system', 'mobile_theme', $theme_mobile); -// } - // set_config('system','site_channel', $site_channel); + // if ( $theme_mobile === '---' ) { + // del_config('system', 'mobile_theme'); + // } else { + // set_config('system', 'mobile_theme', $theme_mobile); + // } + // set_config('system','site_channel', $site_channel); set_config('system','maximagesize', $maximagesize); set_config('system','register_policy', $register_policy); set_config('system','minimum_age', $minimum_age); + set_config('system','auto_channel_create', $reg_autochannel); set_config('system','invitation_only', $invite_only); + set_config('system','invitation_also', $invite_also); set_config('system','access_policy', $access_policy); set_config('system','account_abandon_days', $abandon_days); set_config('system','register_text', $register_text); @@ -260,6 +317,9 @@ class Site { REGISTER_APPROVE => t("Yes - with approval"), REGISTER_OPEN => t("Yes") ); + $this->register_duty ? get_config('system', 'register_duty') : ''; + $register_perday = get_config('system','max_daily_registrations'); + $register_perday ? '' : $register_perday = 50; /* Acess policy */ $access_choices = Array( @@ -286,9 +346,66 @@ class Site { $homelogin = get_config('system','login_on_homepage'); $enable_context_help = get_config('system','enable_context_help'); + // for reuse reg_delay and reg_expire + $reg_rabots = array( + 'i' => t('Minute(s)'), + 'h' => t('Hour(s)') , + 'd' => t('Day(s)') , + 'w' => t('Week(s)') , + 'm' => t('Month(s)') , + 'y' => t('Year(s)') + ); + $regdelay = get_config('system','register_delay'); + if ($regdelay) + list($regdelay_n, $regdelay_u) = array(substr($regdelay,0,-1),substr($regdelay,-1)); + $reg_delay = replace_macros(get_markup_template('field_duration.qmc.tpl'), + array( + 'label' => t('Account registration delay'), + 'qmc' => 'zar', + 'qmcid' => 'ZAR0860C', + 'help' => t('How long a registration request has to wait before validation can perform.' + . ' No delay if zero or no value.'), + 'field' => array( + 'name' => 'delay', + 'title' => t('duration up from now'), + 'value' => ($regdelay_n ? $regdelay_n : 90), + 'min' => '0', + 'max' => '99', + 'size' => '2', + 'default' => ($regdelay_u ? $regdelay_u : 'i') + ), + 'rabot' => $reg_rabots + ) + ); + $regexpire = get_config('system','register_expire'); + if ($regexpire) + list($regexpire_n, $regexpire_u) = array(substr($regexpire,0,-1),substr($regexpire,-1)); + $reg_expire = replace_macros(get_markup_template('field_duration.qmc.tpl'), + array( + 'label' => t('Account registration expiration'), + 'qmc' => 'zar', + 'qmcid' => 'ZAR0862C', + 'help' => t('How long a registration to confirm remains valid.' + . ' Not expire if zero or no value.'), + 'field' => array( + 'name' => 'expire', + 'title' => t('duration up from now'), + 'value' => ($regexpire_n ? $regexpire_n : 2), + 'min' => '0', + 'max' => '99', + 'size' => '2', + 'default' => ($regexpire_u ? $regexpire_u : 'i') + ), + 'rabot' => $reg_rabots + ) + ); + + $tao = ''; $t = get_markup_template("admin_site.tpl"); return replace_macros($t, array( '$title' => t('Administration'), + // interfacing js vars + '$tao' => $tao, '$page' => t('Site'), '$submit' => t('Submit'), '$registration' => t('Registration'), @@ -305,21 +422,88 @@ class Site { '$siteinfo' => array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site. Displayed on siteinfo page. BBCode can be used here")), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - change theme settings"), $theme_choices), -// '$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile), -// '$site_channel' => array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")), + // '$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile), + // '$site_channel' => array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")), '$feed_contacts' => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')), '$maximagesize' => array('maximagesize', t("Maximum image size"), intval(get_config('system','maximagesize')), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), - '$register_policy' => array('register_policy', t("Does this site allow new member registration?"), get_config('system','register_policy'), "", $register_choices), - '$invite_only' => array('invite_only', t("Invitation only"), get_config('system','invitation_only'), t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes.")), '$minimum_age' => array('minimum_age', t("Minimum age"), (x(get_config('system','minimum_age'))?get_config('system','minimum_age'):13), t("Minimum age (in years) for who may register on this site.")), '$access_policy' => array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), t("This is displayed on the public server site list."), $access_choices), - '$register_text' => array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), + + // Register + // [hilmar-> + '$register_text' => array('register_text', + t("Register text"), + htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), + t("Will be displayed prominently on the registration page.") . ' ' + . t('If you operate with register duties (see ZAR0830C), best practise is to tell cleartext about here'), + 'ZAR0810C'), + '$register_policy' => array('register_policy', + t("Does this site allow new member registration?"), + get_config('system','register_policy'), + "", + $register_choices, + 'ZAR0820C'), + '$register_duty' => array('register_duty', + t('Registration office on duty'), + $this->register_duty = get_config('system', 'register_duty'), + t('The weekdays and hours the register office is open for registrations') . '. ' + . t('Split weekdays and hours per `:`') . '. ' + . t('Separate weekday(s):hour(s) pairs with blank(s)') . '. ' + . t('Several values or ranges are to split by comma') . '. ' + . t('From-To ranges are joined with `-`') . '. ' + . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' + . ' ' . t('Parse and test your input') . ''. EOL + . t('If left empty, defaults to 24h closed everyday the week.') . ' ' + . t('To keep open 24h everyday the week, short is `-:-`.') . ' ' + . t('Note, ranges are specified as open-close pairs and in case of') + . ' 0900-1200 ' + . t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'), + 'ZAR0830C'), + '$register_perday' => array('register_perday', + t('Account registrations max per day'), + (x(get_config('system', 'max_daily_registrations'))) + ? get_config('system', 'max_daily_registrations') : 50, + t('How many registration requests the site accepts during one day. Unlimited if zero or no value. Default 50'), + 'ZAR0840C'), + '$register_sameip' => array('register_sameip', + t('Account registrations from same ip'), + (x(get_config('system', 'register_sameip'))) + ? get_config('system', 'register_sameip') : 3, + t('How many pending registration requests the site accepts from a same ip address.'), + 'ZAR0850C'), + '$reg_delay'=>$reg_delay, + '$reg_expire'=>$reg_expire, + '$reg_autochannel' => array('auto_channel_create', + t("Auto channel create"), + get_config('system','auto_channel_create'), + t("Auto create a channel when register a new account. When On, the register form will show additional fields for the channel-name and the nickname."), + "", "", 'ZAR0870C'), + '$invite_only' => array('invite_only', + t("Invitation only"), + get_config('system','invitation_only'), + t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes."), + "", "", 'ZAR0880C'), + '$invite_also' => array('invite_also', + t("Invitation also"), + get_config('system','invitation_also'), + t("Also allow new member registrations with an invitation code. Above register policy must be set to Yes."), + "", "", 'ZAR0881C'), + '$verify_email' => array('verify_email', + t("Verify Email Addresses"), + get_config('system','verify_email'), + t("Check to verify email addresses used in account registration (recommended)."), + "", "", 'ZAR0890C'), + '$abandon_days' => array('abandon_days', + t('Accounts abandoned after x days'), + get_config('system','account_abandon_days'), + t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.'), + 'appears not to be implemented (2010.01)'), + // <-hilmar] + '$role' => $role, '$frontpage' => array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'pubstream' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")), '$mirror_frontpage' => array('mirror_frontpage', t("Preserve site homepage URL"), get_config('system','mirror_frontpage'), t('Present the site homepage in a frame at the original location instead of redirecting')), - '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')), '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")), - '$verify_email' => array('verify_email', t("Verify Email Addresses"), get_config('system','verify_email'), t("Check to verify email addresses used in account registration (recommended).")), '$force_publish' => array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")), '$disable_discover_tab' => array('disable_discover_tab', t('Import Public Streams'), $discover_tab, t('Import and allow access to public content pulled from other sites. Warning: this content is unmoderated.')), '$site_firehose' => array('site_firehose', t('Site only Public Streams'), get_config('system','site_firehose'), t('Allow access to public content originating only from this site if Imported Public Streams are disabled.')), @@ -361,4 +545,179 @@ class Site { )); } + /** + * @brief Admin page site common post submit and ajax interaction + * @author hilmar runge + * @since 2020-02-04 + * Configure register office duty weekdays and hours + * Syntax: weekdays:hours [weekdays:hours] + * [.d[,d-d.]]]:hhmm-hhmm[,hhmm-hhmm...] + * ranges are between blanks, days are 1-7, where 1 = Monday + * hours are [h]hmm 3-4digit 24 clock values + * ie 0900-1200,1300-1800 for hours + * ie 1-2,4,5 for weekdays + * ie 1-2:900-1800 monday and tuesday open from 9 to 18h + * + * @var $register_duty is the input field from the admin -> site page + * @return the results are in the class vars $error, $msgbg and $jsoo + * $jsoo is + */ + + // 3-4 digit 24h clock regex + const regxTime34 = '/^(?:2[0-3]|[01][0-9]|[0-9])[0-5][0-9]$/'; + var $wdconst = array('','mo','tu','we','th','fr','sa','so'); + + // in + var $register_duty; + // intermediate + var $isajax; + // return + var $jsoo; + var $msgbg; + var $error = 0; + var $msgfg = ''; + + private function duty() { + + $aro=array_fill(1, 7, 0); + + if ($this->isajax) { + $op = (preg_match('/[a-z]{2,4}/', $_REQUEST['zarop'])) ? $_REQUEST['zarop'] : ''; + if ($op == 'zar083') { + $this->msgbg = 'ZAR0130I Testmode:' . $this->eol . $this->msgbg; + } else { + killme(); + exit; + } + } + + if (! $this->register_duty) + $this->register_duty = '1-7'; + $ranges = preg_split('/\s+/', $this->register_duty); + $this->msgbg .= '..ranges: ' . print_r(count($ranges),true) . $this->eol; + + foreach ($ranges as $rn => $range) { + list($ws,$hs,) = explode(':', $range); + + $ws ? $arw = explode( ',', $ws) : $arw=array(); + $this->msgbg .= ($rn+1).'.weekday ranges: ' . count($arw) . $this->eol; + // $this->msgbg .= print_r($arw,true); + $hs ? $arh = explode( ',', $hs) : $arh=array(); + $this->msgbg .= ($rn+1).'.hour ranges: ' . count($arh) . $this->eol; + + $this->msgbg .= ($rn+1).'.wdays: ' . ( $ws ? print_r($ws,true) : 'none') . ' : ' + . ' hours: ' . print_r($hs,true) . $this->eol; + + // several hs may belog to one wd + // aro[0] is tmp store + foreach ($arh as $hs) { + list($ho,$hc,) = explode( '-', $hs ); + + // no value forces open very early, and be sure having valid hhmm values + !$ho ? $ho = "0000" : ''; + !$hc ? $hc = "0000" : ''; // pseudo + if (preg_match(self::regxTime34, $ho) + && preg_match(self::regxTime34, $hc)) { + + // fix pseudo, allow no reverse range + $hc == "0000" || $ho > $hc ? $hc = "2400" : ''; + + $aro[0][$ho] = 0; + $aro[0][$hc] = 1; + + $this->msgbg .= ($ho ? ' .open:' . $ho : '') . ($hc ? ' close:' . $hc : '') .$this->eol; + } else { + $this->msgbg .= ' .' . t('Invalid 24h time value (hhmm/hmm)') . $this->eol; + $this->msgfg .= ' .ZAR0132E,' . t('Invalid 24h time value (hhmm/hmm)') . $this->eol; + $this->error++; + } + } + + // the weekday(s) values or ranges + foreach ($arw as $ds) { + $wd=explode('-', $ds); + array_key_exists("1", $wd) && $wd[1]=="" ? $wd[1] = "7" : ''; // a case 3- + array_key_exists("1", $wd) && $wd[0]=="" ? $wd[0] = "1" : ''; // a case -3 + !array_key_exists("1", $wd) ? $wd[1] = $wd[0] : ''; // a case 3 + if ($wd[0] > $wd[1]) continue; // reverse order will be ignored // a case 5-3 + if (preg_match('/^[1-7]{1}$/', $wd[0])) { + if (preg_match('/^[1-7]{1}$/', $wd[1])) { + // $this->msgbg .= print_r($wd,true); + for ($i=$wd[0]; $i<=$wd[1]; $i++) { + // take the tmp store for the selected day(s) + $aro[$i]=$aro[0]; + } + } + } + } + //$this->msgbg .= 'aro0: ' . print_r($aro,true) . $this->eol; // 4devels + // clear the tmp store + $aro[0]=array(); + } + // discart the tmp store + unset($aro[0]); + // not configured days close at the beginning 0000h + for ($i=1;$i<=7;$i++) { is_array($aro[$i]) ? '' : $aro[$i] = array("0000" => 1); } + // $this->msgbg .= 'aro: ' . print_r($aro,true) . $this->eol; // 4devels + + if ($this->isajax) { + // tell what we have + // $this->msgbg .= 'aro0: ' . print_r($aro,true) . $this->eol; // 4devels + $this->msgbg .= 'Duty time table:' . $this->eol; + foreach ($aro as $dow => $hrs) { + $this->msgbg .= ' ' . $this->wdconst[$dow] . ' '; + // $this->msgbg .= '**' . print_r($hrs,true); + foreach ($hrs as $h => $o) { + $this->msgbg .= ((!$o) ? $h . ':open' : $h . ':close') . ', '; + } + $this->msgbg = rtrim($this->msgbg, ', ') . $this->eol; + } + + $this->msgbg .= 'Generating 6 random times to check duty hours: ' . $this->eol; + // we only need some random dates from anyway in past or future + // because only the weekday and the clock is to test + for ($i=0; $i<6; $i++) { + $adow = rand(1, 7); // 1 to 7 (days) + $cdow = $this->wdconst[$adow]; + // below is the essential algo to verify a date (of format Hi) meets an open or closed condition + $t = date('Hi', ( rand(time(), 60*60*24+time()) ) ); + $how='closed'; + foreach ($aro[$adow] as $o => $v) { + // $this->msgbg .= 'debug: ' . $o . ' gt ' . $t . ' / ' . $v . $this->eol; // 4devels + if ($o > $t) { + $how = ($v ? 'open' : 'closed'); + break; + } + } + // now we know + $this->msgbg .= ' ' . $cdow . '.' . $t . '=' . $how . ', '; + } + $this->msgbg = rtrim($this->msgbg, ', ') . $this->eol; + } + + /* + //$jov1 = array( 'view1' => $aro, 'view2' => ''); + $jov2=array(); + foreach ($aro as $d => $ts) { + foreach ($ts as $t => $ft) { + $jov2['view2'][$ft][] = $d.$t; + //$ft=="1" && $t=="0000" ? $jov2['view2']["0"][] = $d."2400" : ''; + } + } + $this->msgbg .= print_r($jov2, true) . $this->eol; // 4devels + */ + + $this->joo = json_encode($aro); + // $this->msgbg .= $this->joo . $this->eol; // 4devels + // $this->msgbg .= print_r($aro, true) . $this->eol; // 4devels + $okko = (json_decode($this->joo, true) ? true : false); + if (!$okko) { + $this->msgbg .= 'ZAR0139D,json 4 duty KO crash' . $this->eol; + $this->msgfg .= 'ZAR0139D,json 4 duty KO crash' . $this->eol; + $this->error++; + } + return ; + } + + } diff --git a/Zotlabs/Module/Invite.php b/Zotlabs/Module/Invite.php index 6359da54c..24792c8c1 100644 --- a/Zotlabs/Module/Invite.php +++ b/Zotlabs/Module/Invite.php @@ -6,7 +6,7 @@ use Zotlabs\Lib\Apps; use Zotlabs\Web\Controller; /** - * module: invite.php + * module: invitexv2.php * * send email invitations to join social network * @@ -15,91 +15,291 @@ use Zotlabs\Web\Controller; class Invite extends Controller { + /** + * While coding this, I want to introduce a system of qualified messages and notifications. + * Each message consists of a 3 letter prefix, a 4 digit number and a one letter suffix (PREnnnnS). + * The spirit about is not from me, but many decades used by IBM inc. in devel with best success. + * + * The system prefix, used uppercase as system message id, lowercase as css and js prefix (classes, ids etc). + * Usually not used as self::MYP, but placed in the code dominant enough for easy to find. + * + * Concrete here: + * The prefix indicates Z for the Zlabs(core), A for Account stuff, I for Invite. + * The numbers scope will be 00xx within/for templates, 01xx for get, 02xx for post functions. + * Message qualification ends with a uppercase suffix, where + * I=Info(only), + * W=Warning(more then info and less then error), + * E=Error, + * F=Fatal(for unexpected errors). + * Btw, in case of using fail2ban, a scan of messages going to log is very much more with ease, + * esspecially in multi language driven systems where messages vary. + * + * @author Hilmar Runge + * @version 2.0.0 + * @since 2020-01-20 + * + */ + + const MYP = 'ZAI'; + const VERSION = '2.0.0'; + function post() { + + // zai02 - if(! local_channel()) { - notice( t('Permission denied.') . EOL); + if (! local_channel()) { + notice( 'ZAI0201E,' .t('Permission denied.') . EOL); return; } - if(! Apps::system_app_installed(local_channel(), 'Invite')) { + if (! Apps::system_app_installed(local_channel(), 'Invite')) { + notice( 'ZAI0202E,' . t('Invite App') . ' (' . t('Not Installed') . ')' . EOL); return; } check_form_security_token_redirectOnErr('/', 'send_invite'); - - $max_invites = intval(get_config('system','max_invites')); - if(! $max_invites) - $max_invites = 50; - - $current_invites = intval(get_pconfig(local_channel(),'system','sent_invites')); - if($current_invites > $max_invites) { - notice( t('Total invitation limit exceeded.') . EOL); + + $ok = $ko = 0; + $feedbk = ''; + $isajax = is_ajax(); + $eol = $isajax ? "\n" : EOL; + $policy = intval(get_config('system','register_policy')); + if ($policy == REGISTER_CLOSED) { + notice( 'ZAI0212E,' . t('Register is closed') . ')' . EOL); return; - }; - - - $recips = ((x($_POST,'recipients')) ? explode("\n",$_POST['recipients']) : array()); - $message = ((x($_POST,'message')) ? notags(trim($_POST['message'])) : ''); - - $total = 0; - - if(get_config('system','invitation_only')) { - $invonly = true; - $x = get_pconfig(local_channel(),'system','invites_remaining'); - if((! $x) && (! is_site_admin())) - return; } + if ($policy == REGISTER_OPEN) + $flags = 0; + elseif ($policy == REGISTER_APPROVE) + $flags = ACCOUNT_PENDING; + $flags = ($flags | intval(get_config('system','verify_email'))); + + // how many max recipients in one mail submit + $maxto = get_config('system','invitation_max_recipients', 'na'); + If (is_site_admin()) { + // set, if admin is operator, default to 12 + if ($maxto === 'na') set_config('system','invitation_max_recipients', 12); + } + $maxto = ($maxto === 'na') ? 12 : $maxto; - foreach($recips as $recip) { - - $recip = trim($recip); - if(! $recip) - continue; - - if(! validate_email($recip)) { - notice( sprintf( t('%s : Not a valid email address.'), $recip) . EOL); - continue; + // language code current for the invitation + $lcc = x($_POST['zailcc']) && preg_match('/[a-z\-]{2,5}/', $_POST['zailcc']) + ? $_POST['zailcc'] + : ''; + + // expiration duration amount quantity, in case of doubts defaults 2 + $durn = x($_POST['zaiexpiren']) && preg_match('/[0-9]{1,2}/', $_POST['zaiexpiren']) + ? trim(intval($_POST['zaiexpiren'])) + : '2'; + !$durn ? $durn = 2 : ''; + + // expiration duration unit 1st letter (day, weeks, months, years), defaults days + $durq = x($_POST['zaiexpire']) && preg_match('/[ihd]{1,1}/', $_POST['zaiexpire']) + ? $_POST['zaiexpire'] + : 'd'; + + $dur = self::calcdue($durn.$durq); + $due = t('Note, the invitation code is valid up to') . ' ' . $dur['due']; + + if ($isajax) { + $feedbk .= 'ZAI0207I ' . $due . $eol; + } + + // take the received email addresses and discart duplicates + $recips = array_filter( array_unique( preg_replace('/^\s*$/', '', + ((x($_POST,'zaito')) ? explode( "\n",$_POST['zaito']) : array() ) ))); + + $havto = count($recips); + + if ( $havto > $maxto) { + $feedbk .= 'ZAI0210E ' . sprintf( t('Too many recipients for one invitation (max %d)'), $maxto) . $eol; + $ko++; + + } elseif ( $havto == 0 ) { + $feedbk .= 'ZAI0211E ' . t('No recipients for this invitation') . $eol; + $ko++; + + } else { + + // each email address + foreach($recips as $n => $recip) { + + // if empty ignore + $recip = $recips[$n] = trim($recip); + if(! $recip) continue; + + // see if we have an email address who@domain.tld + if (!preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $recip)) { + $feedbk .= 'ZAI0203E ' . ($n+1) . ': ' . sprintf( t('(%s) : Not a valid email address'), $recip) . $eol; + $ko++; + continue; + } + if(! validate_email($recip)) { + $feedbk .= 'ZAI0204E ' . ($n+1) . ': ' . sprintf( t('(%s) : Not a real email address'), $recip) . $eol; + $ko++; + continue; + } + + // do we accept the email (not black listed) + if(! allowed_email($recip)) { + $feedbk .= 'ZAI0205E ' . ($n+1) . ': ' . sprintf( t('(%s) : Not allowed email address'), $recip) . $eol; + $ko++; + continue; + } + + // is the email address just in use for account or registered before + $r = q("SELECT account_email AS em FROM account WHERE account_email = '%s'" + . " UNION " + ."SELECT reg_email AS em FROM register WHERE reg_vital = 1 AND reg_email = '%s' LIMIT 1;", + dbesc($recip), + dbesc($recip) + ); + if($r && $r[0]['em'] == $recip) { + $feedbk .= 'ZAI0206E ' . ($n+1) . ': ' . sprintf( t('(%s) : email address already in use'), $recip) . $eol; + $ko++; + continue; + } + + if ($isajax) { + // seems we have an email address acceptable + $feedbk .= 'ZAI0209I ' . ($n+1) . ': ' . sprintf( t('(%s) : Accepted email address'), $recip) . $eol; + } } + } + + if ($isajax) { + // we are not silent on the ajax road + echo json_encode(array('feedbk' => $feedbk, 'due' => $due)); + + // that mission is complete + killme(); + exit; + } + + // Total ?todo notice( t('Invitation limit exceeded. Please contact your site administrator.') . EOL); + + // any errors up to now in fg? + + + // down from here, only on the main road (no more ajax) + + // tell if sth is to tell + $feedbk ? notice($feedbk) . $eol : ''; + + if ($ko > 0) return; + + // the personal mailtext + $mailtext = ((x($_POST,'zaitxt')) ? notags(trim($_POST['zaitxt'])) : ''); + + // to log in db + $reonar = json_decode( ((x($_POST,'zaireon')) ? notags(trim($_POST['zaireon'])) : ''), TRUE, 8) ; + + // me, the invitor + $account = App::get_account(); + $reonar['from'] = $account['account_email']; + $reonar['date'] = datetime_convert(); + $reonar['fromip'] = $_SERVER['REMOTE_ADDR']; + + // who is the invitor on + $inby = local_channel(); + + $ok = $ko = 0; + + // send the mail(s) + foreach($recips as $n => $recip) { - else - $nmessage = $message; - - $account = App::get_account(); + $reonar['due'] = $due; + $reonar['to'] = $recip; + $reonar['txtpersonal'] = $mailtext; - $res = z_mail( + // generate an invide code to store and pm + $invite_code = autoname(8) . rand(1000,9999); + + // again the final localized templates $reonar['subject'] $reonar['lang'] $reonar['tpl'] + + // save current operators lc and take the desired to mail + push_lang($reonar['lang']); + // resolve + $tx = replace_macros(get_intltext_template('invite.'.$reonar['tpl'].'.tpl'), + array( + '$projectname' => t('$Projectname'), + '$invite_code' => $invite_code, + '$invite_where' => z_root() . '/register', + '$invite_whereami' => str_replace('@', '@+', $reonar['whereami']), + '$invite_whoami' => z_root() . '/channel/' . $reonar['whoami'], + '$invite_anywhere' => z_root() . '/pubsites' + ) + ); + // restore lc to operator + pop_lang(); + + $reonar['txttemplate'] = $tx; + + // pm + $zem = z_mail( [ 'toEmail' => $recip, 'fromName' => ' ', - 'fromEmail' => $account['account_email'], - 'messageSubject' => t('Please join us on $Projectname'), - 'textVersion' => $nmessage, + 'fromEmail' => $reonar['from'], + 'messageSubject' => $reonar['subject'], + 'textVersion' => ($mailtext ? $mailtext . "\n\n" : '') . $tx . "\n" . $due, ] ); - if($res) { - $total ++; - $current_invites ++; - set_pconfig(local_channel(),'system','sent_invites',$current_invites); - if($current_invites > $max_invites) { - notice( t('Invitation limit exceeded. Please contact your site administrator.') . EOL); - return; - } - } - else { - notice( sprintf( t('%s : Message delivery failed.'), $recip) . EOL); + if(!$zem) { + + $ko++; + $msg = 'ZAI0208E,' . sprintf( t('%s : Message delivery failed.'), $recip); + + } else { + + $ok++; + $msg = 'ZAI0208I ' . sprintf( t('To %s : Message delivery success.'), $recip); + + // if verify_email is the rule, email becomes a dId2 - NO + // $did2 = ($flags & ACCOUNT_UNVERIFIED) == ACCOUNT_UNVERIFIED ? $recip : ''; + + // always enforce verify email with invitations, thus email becomes a dId2 + $did2 = $recip; + $flags |= ACCOUNT_UNVERIFIED; + + // defaults vital, reg_pass + $r = q("INSERT INTO register (" + . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires,reg_email,reg_byc,reg_uid,reg_atip,reg_lang,reg_stuff)" + . " VALUES ( %d, 'i', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s') ", + intval($flags), + dbesc($did2), + dbesc($invite_code), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc($dur['due']), + dbesc($recip), + intval($inby), + intval($account['account_id']), + dbesc($reonar['fromip']), + dbesc($reonar['lang']), + dbesc(json_encode( array('reon' => $reonar) )) + ); } - + $msg .= ' (a' . $account['account_id'] . ', c' . $inby . ', from:' . $reonar['from'] . ')'; + zar_log( $msg); } - notice( sprintf( tt("%d message sent.", "%d messages sent.", $total) , $total) . EOL); + + $ok + $ko > 0 + ? notice( 'ZAI0212I ' . sprintf( t('%1$d mail(s) sent, %2$d mail error(s)'), $ok, $ko) . EOL) + : ''; + //logger( print_r( $reonar, true) ); + return; } function get() { + + // zai1 if(! local_channel()) { - notice( t('Permission denied.') . EOL); + notice( 'ZAI0101E,' . t('Permission denied.') . EOL); return; } @@ -107,68 +307,263 @@ class Invite extends Controller { //Do not display any associated widgets at this point App::$pdl = ''; - $o = '' . t('Invite App') . ' (' . t('Not Installed') . '):
'; - $o .= t('Send email invitations to join this network'); + $o = 'ZAI0102E,' . t('Invite App') . ' (' . t('Not Installed') . ')' . EOL; + return $o; + } + + if (! (get_config('system','invitation_also') || get_config('system','invitation_only')) ) { + $o = 'ZAI0103E,' . t('Invites not proposed by configuration') . '. '; + $o .= t('Contact the site admin'); return $o; } + // invitation_by_user may still not configured, the default 'na' will tell this + // if configured, 0 disables invitations by users, other numbers are how many invites a user may propagate + $invuser = get_config('system','invitation_by_user', 'na'); + + // if the mortal user drives the invitation + If (! is_site_admin()) { + + // when not configured, 4 is the default + $invuser = ($invuser === 'na') ? 4 : $invuser; + + // a config value 0 disables invitation by users + if (!$invuser) { + $o = 'ZAI0104E, ' . t('Invites by users not enabled') . '. '; + return $o; + } + + if ($ihave >= $invuser) { + notice( 'ZAI0105W,' . t('You have no more invitations available') . EOL); + return ''; + } + + } else { + // general deity admin invite limit infinite (theoretical) + if ($invuser === 'na') set_config('system','invitation_by_user', 4); + // for display only + $invuser = '∞'; + } + + // xchan record of the page observer + // while quoting matters the user, the sending is associated with a channel (of the user) + // also the admin may and should decide, which channel will told to the public + $ob = App::get_observer(); + if(! $ob) + return 'ZAI0109F,' . t('Not on xchan') . EOL; + $whereami = $ob['xchan_addr']; + $channel = App::get_channel(); + $whoami = $channel['channel_address']; + + // to pass also to post() + $tao = 'tao.zai.whereami = ' . "'" . $whereami . "';\n" + . 'tao.zai.whoami = ' . "'" . $whoami . "';\n"; + + // expirations, duration interval + $dur = self::calcdue(); + $tao .= 'tao.zai.expire = { durn: ' . $dur['durn'] + . ', durq: ' . "'" . $dur['durq'] . "'" + . ', due: ' . "'" . $dur['due'] . "' };\n"; + + // to easy redisplay the empty form nav_set_selected('Invite'); + // inform about the count of invitations we have at all + $r = q("SELECT count(reg_id) as ct FROM register WHERE reg_vital = 1"); // where not admin TODO + $wehave = ($r ? $r[0]['ct'] : 0); + + // invites max for all users except admins + $invmaxau = intval(get_config('system','invitations_max_users')); + if(! $invmaxau) { + $invmaxau = 50; + if (is_site_admin()) { + set_config('system','invitations_max_users',intval($invmaxau)); + } + } + + if ($wehave > $invmaxau) { + if (! is_site_admin()) { + $feedbk .= 'ZAI0200E,' . t('All users invitation limit exceeded.') . $eol; + } + } + + // let see how many invites currently used by the user + $r = q("SELECT count(reg_id) AS n FROM register WHERE reg_vital = 1 AND reg_byc = %d", + intval(local_channel())); + $ihave = $r ? $r[0]['n'] : 0; + $tpl = get_markup_template('invite.tpl'); - $invonly = false; + + $inv_rabots = array( + 'i' => t('Minute(s)'), + 'h' => t('Hour(s)') , + 'd' => t('Day(s)') + ); + $inv_expire = replace_macros(get_markup_template('field_duration.qmc.tpl'), + array( + 'label' => t('Invitation expires after'), + 'qmc' => 'zai', + 'qmcid' => 'ZAI0014I', + 'field' => array( + 'name' => 'expire', + 'title' => t('duration up from now'), + 'value' => ($invexpire_n ? $invexpire_n : 2), + 'min' => '1', + 'max' => '99', + 'size' => '2', + 'default' => ($invexpire_u ? $invexpire_u : 'd') + ), + 'rabot' => $inv_rabots + ) + ); + + // let generate an invite code that here and never will be applied (only to fill displayed template) + // real invite codes become generated for each recipient when we store the new invitation(s) + // $invite_code = substr(str_shuffle('abcdefghijklmnopqrstuvwxyz'), 0, 8) . rand(1000,9999); + // let take one descriptive for template (as said is never used) + $invite_code = 'INVITATE2020'; - if(get_config('system','invitation_only')) { - $invonly = true; - $x = get_pconfig(local_channel(),'system','invites_remaining'); - if((! $x) && (! is_site_admin())) { - notice( t('You have no more invitations available') . EOL); - return ''; + // what languages we use now + $lccmy = ((isset(App::$config['system']['language'])) ? App::$config['system']['language'] : 'en'); + // and all the localized templates belonging to invite + $tpls = glob('view/*/invite.*.tpl'); + + $tpla=$tplx=$tplxs=array(); + foreach ($tpls as $tpli) { + list( $nop, $l, $t ) = explode( '/', $tpli); + if ( preg_match('/\.subject/', $t) =='1' ) { + // indicate a subject tpl exists + $t=str_replace(array('invite.', '.subject', '.tpl'), '', $t); + $tplxs[$l][$t]=true; + continue; } + // collect unique template names cross all languages and + // tpla[language][]=template those available in each language + $tplx[] = $tpla[$l][] = str_replace( array('invite.', '.tpl'), '', $t); } - - if($invonly && ($x || is_site_admin())) { - $invite_code = autoname(8) . rand(1000,9999); - $nmessage = str_replace('$invite_code',$invite_code,$message); - - $r = q("INSERT INTO register (hash,created,uid,password,lang) VALUES ('%s', '%s',0,'','') ", - dbesc($invite_code), - dbesc(datetime_convert()) + asort( $langs = array_keys($tpla) ); + asort( $tplx = array_unique($tplx) ); + + // prepare current language and the default standard template (causual) for js + // With and in js, I use a var 'tao' as a shortcut for top array object + // and also qualify the object with the prefix zai = tao.zai as my var used outsite functions + // can be unique within the overall included spaghette whirls + // one can say Im too lazy to write prototypes and just I can agree. + // tao simply applies the fact of using the same var as object and/or array in ja. + $tao.='tao.zai.lccmy = ' . "'" . $lccmy . "';\n" . 'tao.zai.itpl = ' . "'" . 'casual' . "';\n"; + + $lcclane=$tx=$tplin=''; + //$lccsym=''; // alt  + $tplsym=''; + + // I will uncomment for js console debug + // $tao.='tao.zai.debug = ' . "'" . json_encode($tplxs) . "';\n"; + + // running thru the localized templates (subjects and textmsgs) and bring them to tao + // lcc LanguageCountryCode, + // lcc2 is a 2 character and lcc5 a 5 character LanguageCountryCode + foreach($tpla as $l => $tn) { + + // restyle lc to iso getttext format to avoid errors in js, hilite the current + $lcc = str_replace('-', '_', $l); + $hi = ($l == $lccmy) ? ' zai_hi' : ''; + $lcc2 = strlen($l) == 2 ? ' zai_lcc2' : ''; + $lcc5 = strlen($l) == 5 ? ' zai_lcc5' : ''; + $lccg = ' zai_lccg' . substr( $l, 0, 2 ); + $lcclane + .= '' + . '' . $lcc . ''; + // textmsg + $tao .= 'tao.zai.t.' . $lcc . ' = {};' . "\n"; + // subject + $tao .= 'tao.zai.s.' . $lcc . ' = {};' . "\n"; + + // resolve localized templates and take intented lc for + foreach($tn as $t1) { + + // save current lc and take the desired + push_lang($l); + + // resolve + $tx = replace_macros(get_intltext_template('invite.'.$t1.'.tpl'), + array( + '$projectname' => t('$Projectname'), + '$invite_code' => $invite_code, + '$invite_where' => z_root() . '/register', + '$invite_whereami' => $whereami, + '$invite_whoami' => z_root() . '/channel/' . $whoami, + '$invite_anywhere' => z_root() . '/pubsites' + ) ); - - if(! is_site_admin()) { - $x --; - if($x >= 0) - set_pconfig(local_channel(),'system','invites_remaining',$x); - else - return; - } + + // a default subject if no associated exists + $ts=t('Invitation'); + if ( $tplxs[$l][$t1] ) + $ts = replace_macros(get_intltext_template('invite.'.$t1.'.subject.tpl'), + array( + '$projectname' => t('$Projectname'), + '$invite_loc' => get_config('system','sitename') + ) + ); + + // restore lc to current foreground + pop_lang(); + + // bring to tao as js like it + $tao .= 'tao.zai.t.' . $lcc . '.' . $t1 . " = '" . rawurlencode($tx) . "';\n"; + $tao .= 'tao.zai.s.' . $lcc . '.' . $t1 . " = '" . rawurlencode($ts) . "';\n"; } - - $ob = App::get_observer(); - if(! $ob) - return $o; - - $channel = App::get_channel(); - + } + + // hilite the current defauls just from the beginning + foreach ($tplx as $t1) { + $hi = ($t1 == 'casual') ? ' zai_hi' : ''; + $tplin .= $tplsym.'' . $t1 . ''; + } + + // fill the form for foreground $o = replace_macros($tpl, array( '$form_security_token' => get_form_security_token("send_invite"), + '$zai' => strtolower(self::MYP), + '$tao' => $tao, '$invite' => t('Send invitations'), - '$addr_text' => t('Enter email addresses, one per line:'), - '$msg_text' => t('Your message:'), - '$default_message' => t('Please join my community on $Projectname.') . "\r\n" . "\r\n" - . $linktxt - . (($invonly) ? "\r\n" . "\r\n" . t('You will need to supply this invitation code:') . " " . $invite_code . "\r\n" . "\r\n" : '') - . t('1. Register at any $Projectname location (they are all inter-connected)') - . "\r\n" . "\r\n" . z_root() . '/register' - . "\r\n" . "\r\n" . t('2. Enter my $Projectname network address into the site searchbar.') - . "\r\n" . "\r\n" . $ob['xchan_addr'] . ' (' . t('or visit') . " " . z_root() . '/channel/' . $channel['channel_address'] . ')' - . "\r\n" . "\r\n" - . t('3. Click [Connect]') - . "\r\n" . "\r\n" , + '$ihave' => 'ZAI0106I, ' . t('Invitations I am using') . ': ' . $ihave . ' / ' . $invuser, + '$wehave' => 'ZAI0107I, ' . t('Invitations we are using') . ': ' . $wehave . ' / ' . $invmaxau, + '$n10' => 'ZAI0010I', '$m10' => t('§ Note, the email(s) sent will be recorded in the system logs'), + '$n11' => 'ZAI0011I', '$m11' => t('Enter email addresses, one per line:'), + '$n12' => 'ZAI0012I', '$m12' => t('Your message:'), + '$n13' => 'ZAI0013I', '$m13' => t('Invite template'), + '$inv_expire' => $inv_expire, + '$subject_label' => t('Subject:'), + '$subject' => t('Invitation'), + '$lcclane' => $lcclane, + '$tplin' => $tplin, + '$standard_message' => '', + '$personal_message' => '', + '$personal_pointer' => t('Here you may enter personal notes to the recipient(s)'), + '$due' => t('Note, the invitation code is valid up to') . ' ' . $dur['due'], '$submit' => t('Submit') )); - + return $o; } - + + function calcdue($duri=false) { + // expirations, duration interval + if ($duri===false) + $duri = get_config('system','register_expire', '2d'); + if ( preg_match( '/^[0-9]{1,2}[ihdwmy]{1}$/', $duri ) ) { + $durq = substr($duri, -1); + $durn = substr($duri, 0, -1); + $due = date('Y-m-d H:i:s', strtotime('+' . $durn . ' ' + . str_replace( array(':i',':h',':d',':w',':m',':y'), + array('minutes', 'hours', 'days', 'weeks', 'months', 'years'), + (':'.$durq)) + )); + return array( 'durn' => $durn, 'durq' => $durq, 'due' => $due); + } + return false; + } } + diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php new file mode 100644 index 000000000..8ec559332 --- /dev/null +++ b/Zotlabs/Module/Regate.php @@ -0,0 +1,347 @@ + 1 ) { + $did2 = hex2bin( substr( argv(1), 0, -1) ); + $didx = substr( argv(1), -1 ); + } + + $msg = ''; + $nextpage = ''; + + if ($did2) { + + $nowhhmm = date('Hi'); + $day = date('N'); + $now = date('Y-m-d H:i:s'); + $ip = $_SERVER['REMOTE_ADDR']; + + $isduty = zar_register_dutystate(); + if ($isduty['isduty'] !== false && $isduty['isduty'] != 1) { + // normally, that should never happen here + // log suitable for fail2ban also + $logmsg = 'ZAR1230S Unexpected registration verification request for ' + . get_config('system','sitename') . ' arrived from § ' . $ip . ' §'; + zar_log($logmsg); + goaway(z_root() . '/'); + } + + // do we have a valid dId2 ? + if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) + || ($didx == 'e') ) { + // check startup and expiration via [=[register + $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) ); + if ( $r && count($r) == 1 ) { + $r = $r[0]; + // check timeframe + if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { + + if ( isset($_POST['resend']) && $didx == 'e' ) { + $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ", dbesc($r['reg_did2']) ); + if ( $re && count($re) == 1 ) { + $re = $re[0]; + $reonar = json_decode($re['reg_stuff'],true); + $reonar['subject'] = 'Re,Fwd,' . $reonar['subject']; + if ($reonar) { + $zm = zar_reg_mail($reonar); + $msg = ($zm) ? 'ZAR1238I ' . t('Email resent') + : 'ZAR1238E ' . t('Resent failed'); + zar_log($msg . ' ' . $r['reg_did2']); + info($msg); + goaway(z_root() . '/' . $nextpage); + } + } + } + + // check hash + if ( $didx == 'a' ) + $acpin = (preg_match('/^[0-9]{6,6}$/', $_POST['acpin']) ? $_POST['acpin'] : false); + elseif ( $didx == 'e' ) + $acpin = (preg_match('/^[0-9a-f]{24,24}$/', $_POST['acpin']) ? $_POST['acpin'] : false); + else $acpin = false; + + if ( $acpin && ($r['reg_hash'] == $acpin )) { + + $flags = $r['reg_flags']; + if ( ($flags & ACCOUNT_UNVERIFIED ) == ACCOUNT_UNVERIFIED) { + + // verification success + $msg = 'ZAR1237I' . ' ' . t('Verify successfull'); + $reonar = json_decode( $r['reg_stuff'], true); + $reonar['valid'] = $now . ',' . $ip . ' ' . $did2 . ' ' . $msg; + // clear flag + $flags &= $flags ^ ACCOUNT_UNVERIFIED; + // sth todo? + $vital = $flags == 0 ? 0 : 1; + // set flag + $flags |= REGISTER_AGREED; + zar_log($msg . ' ' . $did2 . ':flags' . $flags . ',rid' . $r['reg_id']); + + q("START TRANSACTION"); + + $qu = q("UPDATE register SET reg_stuff = '%s', reg_vital = %d, reg_flags = %d " + ." WHERE reg_id = %d ", + dbesc(json_encode($reonar)), + intval($vital), + intval($flags), + intval($r['reg_id']) + ); + + if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { + $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); + q("COMMIT"); + } + elseif ( ($flags ^ REGISTER_AGREED) == 0) { + + $cra = create_account_from_register([ 'reg_id' => $r['reg_id'] ]); + + if ($cra['success']) { + + q("COMMIT"); + $msg = 'ZAR1238I' . t('Account successfull created'); + zar_log($msg . ':' . print_r($cra, true)); + $nextpage = '~'; + $auto_create = (get_config('system','auto_channel_create') ? true : false); + + if($auto_create) { + if($reonar['chan.name']) + set_aconfig($cra['account']['account_id'], + 'register','channel_name',$reonar['chan.name']); + if($reonar['chan.did1']) + set_aconfig($cra['account']['account_id'], + 'register','channel_address',$reonar['chan.did1']); + } + + authenticate_success($cra['account'],null,true,false,true); + + if($auto_create) { + $new_channel = auto_channel_create($cra['account']['account_id']); + if($new_channel['success']) { + $channel_id = $new_channel['channel']['channel_id']; + change_channel($channel_id); + $nextpage = 'profiles/' . $channel_id; + } + else { + zar_log($new_channel['message'] + . ', ' . $reonar['chan.did1'] + . ', ' . $reonar['chan.name'] + ); + } + } + unset($_SESSION['login_return_url']); + } + else { + q("ROLLBACK"); + $msg = 'ZAR1239E ' . t('Account creation error'); + zar_log($msg . ':' . print_r($cra, true)); + } + } + else { + // new flags implemented and not recognized or sth like + zar_log('ZAR1237D unexpected,' . $flags); + } + } + else { + // nothing to confirm + $msg = 'ZAR1236E' . ' ' . t('Verify failed'); + } + } + else { + $msg = 'ZAR1235E' . ' ' . t('Token verification failed'); + } + } + else { + $msg = 'ZAR1234W' . ' ' . t('Request not inside time frame'); + //info($r[0]['reg_startup'] . EOL . $r[0]['reg_expire'] ); + } + } + else { + $msg = 'ZAR1232E' . ' ' . t('Identity unknown'); + zar_log($msg . ':' . $did2 . $didx); + } + } + else { + $msg = 'ZAR1231E' . t('dId2 mistaken'); + } + + } + + if ($msg > '') info($msg); + goaway( z_root() . '/' . $nextpage ); + } + + + function get() { + + if ( argc() > 1 ) { + $did2 = hex2bin( substr( argv(1), 0, -1) ); + $didx = substr( argv(1), -1 ); + $deny = argc() > 2 ? argv(2) : ''; + $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; + } + + if ($_SESSION['zar']['msg']) { + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$title' => t('Your Registration'), + '$now' => '', + '$infos' => $_SESSION['zar']['msg'] . EOL, + ]); + unset($_SESSION['zar']['msg']); + return $o; + } + + $now = date('Y-m-d H:i:s'); + $ip = $_SERVER['REMOTE_ADDR']; + + $isduty = zar_register_dutystate(); + $nowfmt = $isduty['nowfmt']; + $atform = $isduty['atform']; + + $title = t('Register Verification'); + + // do we have a valid dId2 ? + if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) + || ($didx == 'e') ) { + + $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s'", + dbesc($didx), + dbesc($did2) + ); + + if ( $r && count($r) == 1 && $r[0]['reg_flags'] &= (ACCOUNT_UNVERIFIED | ACCOUNT_PENDING)) { + $r = $r[0]; + + // provide a button in case + $resend = ($r['reg_didx'] == 'e') ? t('Resend') : false; + + // is still only instance admins intervention required? + if ( $r['reg_flags'] == ACCOUNT_PENDING ) { + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$title' => t('Register Verification Status'), + '$now' => $nowfmt, + '$infos' => t('Soon all is well.') . EOL + . t('Only one instance admin has still to agree your account request.') . EOL + . t('Please be patient') . EOL . EOL . 'ZAR1138I', + ]); + } + else { + + if ($deny) { + + if (substr($r['reg_hash'],0,4) == $deny) { + + zar_log('ZAR1134S email verfication denied ' . $did2); + + $msg = 'ZAR1133A' . ' ' . t('Sorry for any inconvience. Thank you for your response.'); + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$title' => t('Registration request denied'), + '$now' => $nowf, + '$infos' => $msg . EOL, + ]); + + $reonar = json_decode( $r['reg_stuff'], true); + $reonar['deny'] = $now . ',' . $ip . ' ' . $did2 . ' ' . $msg; + $flags = ( $r['reg_flags'] &= ( $r['reg_flags'] ^ ACCOUNT_UNVERIFIED) ) + | ( $r['reg_flags'] |= REGISTER_DENIED); + $rd = q("UPDATE register SET reg_stuff='%s', reg_vital=0, reg_flags=%d WHERE reg_id = %d ", + dbesc(json_encode($reonar)), + intval($flags), + intval($r['reg_id']) + ); + } + else { + zar_log('ZAR1135E not awaited url parameter received'); + goaway(z_root); + } + } + else { + + if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { + $o = replace_macros(get_markup_template('regate.tpl'), [ + '$form_security_token' => get_form_security_token("regate"), + '$title' => $title, + '$desc' => t('You were given a validation token. Please enter that token here to continue the register verification step and allow some delay for proccessing.'), + '$did2' => bin2hex($did2) . $didx, + '$now' => $nowfmt, + '$atform' => $atform, + '$resend' => $resend, + '$submit' => t('Submit'), + '$acpin' => [ 'acpin', t('Validation token'),'','' ], + ]); + } + else { + // expired ? + if ( $now > $r['reg_expires'] ) { + $rd = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", + intval($r['reg_id']) + ); + } + + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$title' => $title, + '$now' => $nowf, + '$infos' => 'ZAR1132W' . ' ' . t('Request not inside time frame') . EOL, + ]); + } + } + } + } + else { + $msg = 'ZAR1132E' . ' ' . t('Identity unknown'); + zar_log($msg . ':' . $did2 . ',' . $didx); + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$title' => $title, + '$now' => $nowf, + '$infos' => $msg . EOL, + ]); + } + + } + else { + $msg = 'ZAR1131E ' . t('dId2 mistaken'); + // $log = ' from § ' . $ip . ' §' . ' (' . dbesc($did2) . ')'; + zar_log($msg); + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$title' => $title, + '$now' => $nowf, + '$infos' => ($msg) . EOL, + ]); + } + + return $o; + } +} + diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 278cf15ca..d0a41b3c2 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -1,4 +1,5 @@ 1) ? argv(1) : ''); @@ -43,25 +49,98 @@ class Register extends Controller { check_form_security_token_redirectOnErr('/register', 'register'); - $max_dailies = intval(get_config('system','max_daily_registrations')); - if($max_dailies) { - $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", - db_utcnow(), db_quoteinterval('1 day') + /** + * [hilmar:] + * It may happen, the posted form arrives in a strange fashion. With the control of the duty hours + * for registration, the input form was disabled at html. While receiving posted data, checks are + * required if all is on the right road (no posts accepted during off duty). + * + */ + + $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; + $duty = zar_register_dutystate(); + $ip = $_SERVER['REMOTE_ADDR']; + $sameip = intval(get_config('system','register_sameip')); + + $arr = $_POST; + $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); + $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); + $reonar = array(); + + // assume someone tries to validate (dId2 C/D/E), because only field email entered + if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) { + + // dId2 logic + + if ( preg_match('/^\@{1,1}.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { + // dId2 C channel - ffu + } + + if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { + // dId2 E email + goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); + } + + if ( preg_match('/^d{1,1}[0-9]{1,10}$/', $email ) ) { + // dId2 A artifical & anonymous + goaway(z_root() . '/regate/' . bin2hex($email) . 'a' ); + } + + } + + if ($act > 0 && !$duty['isduty']) { + // normally, that should never arrive here (ie js hack or sth like) + // log suitable for f2b also + $logmsg = 'ZAR0230S Unexpected registration request'; + zar_log($logmsg); + goaway(z_root() . '/'); + } + + if ($sameip) { + $f = q("SELECT COUNT(reg_atip) AS atip FROM register WHERE reg_vital = 1 AND reg_atip = '%s' ", + dbesc($ip) ); - if($r && $r[0]['total'] >= $max_dailies) { - notice( t('Maximum daily site registrations exceeded. Please try again tomorrow.') . EOL); - return; + if ($f && $f[0]['atip'] > $sameip) { + $logmsg = 'ZAR0239S Exceeding same ip register request of ' . $sameip; + zar_log($logmsg); + goaway(z_root() . '/'); } } - + + // s2 max daily + if ( self::check_max_daily_exceeded() ) return; + + // accept tos if(! x($_POST,'tos')) { - notice( t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL); + notice( 'ZAR0230E ' + . t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL); return; } - $policy = get_config('system','register_policy'); + // pw1 == pw2 + if((! $_POST['password']) || ($_POST['password'] !== $_POST['password2'])) { + notice( 'ZAR0230E ' + . t('Passwords do not match.') . EOL); + return; + } + + + $email_verify = intval(get_config('system','verify_email')); + + if ($email) { + if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { + notice('ZAR0239E ' + . t('Email address mistake') . EOL); + return; + } + } - $email_verify = get_config('system','verify_email'); + $policy = intval(get_config('system','register_policy')); + $invonly = intval(get_config('system','invitation_only')); + $invalso = intval(get_config('system','invitation_also')); + $auto_create = (get_config('system','auto_channel_create') ? true : false); + $auto_create = true; switch($policy) { @@ -71,7 +150,7 @@ class Register extends Controller { break; case REGISTER_APPROVE: - $flags = ACCOUNT_BLOCKED | ACCOUNT_PENDING; + $flags = ACCOUNT_PENDING; break; default: @@ -84,103 +163,224 @@ class Register extends Controller { break; } - if($email_verify && $policy == REGISTER_OPEN) - $flags = $flags | ACCOUNT_UNVERIFIED; + if($email_verify && ($policy == REGISTER_OPEN || $policy == REGISTER_APPROVE) ) + $flags = ($flags | ACCOUNT_UNVERIFIED); - - if((! $_POST['password']) || ($_POST['password'] !== $_POST['password2'])) { - notice( t('Passwords do not match.') . EOL); - return; - } - - $arr = $_POST; + // $arr has $_POST; $arr['account_flags'] = $flags; - - $result = create_account($arr); - - if(! $result['success']) { - notice($result['message']); - return; - } - require_once('include/security.php'); - - - if($_REQUEST['name']) - set_aconfig($result['account']['account_id'],'register','channel_name',$_REQUEST['name']); - if($_REQUEST['nickname']) - set_aconfig($result['account']['account_id'],'register','channel_address',$_REQUEST['nickname']); - if($_REQUEST['permissions_role']) - set_aconfig($result['account']['account_id'],'register','permissions_role',$_REQUEST['permissions_role']); - - - $using_invites = intval(get_config('system','invitation_only')); - $num_invites = intval(get_config('system','number_invites')); - $invite_code = ((x($_POST,'invite_code')) ? notags(trim($_POST['invite_code'])) : ''); - - if($using_invites && $invite_code) { - q("delete from register where hash = '%s'", dbesc($invite_code)); - // @FIXME - this also needs to be considered when using 'invites_remaining' in mod/invite.php - set_aconfig($result['account']['account_id'],'system','invites_remaining',$num_invites); - } - - if($policy == REGISTER_OPEN ) { - if($email_verify) { - $res = verify_email_address($result); - } - else { - $res = send_register_success_email($result['email'],$result['password']); - } - if($res) { - if($invite_code) { - info( t('Registration successful. Continue to create your first channel...') . EOL ) ; - } - else { - info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ; + $now = datetime_convert(); + $well = false; + + // s3 + if ($invite_code) { + + if ($invonly || $invalso) { + + $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_didx = 'i' AND reg_hash = '%s'", + dbesc($invite_code)); + + if ( $reg && count($reg) == 1 ) { + $reg = $reg[0]; + if ($reg['reg_email'] == ($email)) { + + if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { + + // is invitor admin + $isa = get_account_by_id($reg['reg_uid']); + $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); + + // approve contra invite by admin + if ($isa && $policy == REGISTER_APPROVE) + $flags &= $flags ^ ACCOUNT_PENDING; + + // if $flags == 0 ?? + + // trans ? + + // update reg vital 0 off + $icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", + intval($reg['reg_id']) + ); + + info('ZAR0237I ' . t('Invitation code succesfully applied') . EOL); + + $well = true; + + + } else { + notice('ZAR0236E ' . t('Invitation not in time or too late') . EOL); + goaway(z_root()); + } + + } else { + // no match email adr + $msg = 'ZAR0235S ' . t('Invitation email failed'); + zar_log($msg); + notice($msg . EOL); + goaway(z_root()); + } + + } else { + // no match invitecode + $msg = 'ZAR0234S ' . t('Invitation code failed') ; + zar_log($msg); + notice( $msg . EOL); + goaway(z_root()); } + + } else { + notice('ZAR0232E ' . t('Invitations are not available') . EOL); + goaway(z_root()); } - } - elseif($policy == REGISTER_APPROVE) { - $res = send_reg_approval_email($result); - if($res) { - info( t('Your registration is pending approval by the site owner.') . EOL ) ; - } - else { - notice( t('Your registration can not be processed.') . EOL); + + + } else { + + $icdone = false; + // no ivc entered + if ( ! $invonly) { + // possibly the email is just in use ? + $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_email = '%s'", + dbesc('e' . $email)); + + if ( ! $reg) + $act = q("SELECT * from account WHERE account_email = '%s'", dbesc($email)); + + // in case an invitation was made but the invitecode was not entered, better ignore. + // goaway(z_root() . '/regate/' . bin2hex($reg['email'])); + + if ( ! $reg && ! $act) { + // email useable + + $well = true; + + + } else { + $msg = 'ZAR0237E ' . t('Email address already in use') . EOL; + notice($msg); + // problem, the msg tells to anonymous about existant email addrs + // use another msg instead ? TODO ? + // on the other hand can play the fail2ban game + zar_log($msg . ' (' . $email . ')'); + goaway(z_root()); + } + + } else { + $msg = 'ZAR0233E ' . t('Registration on this hub is by invitation only') . EOL; + notice($msg); + zar_log($msg); + goaway(z_root()); } - goaway(z_root()); - } - - if($email_verify) { - goaway(z_root() . '/email_validation/' . bin2hex($result['email'])); + } - // fall through and authenticate if no approvals or verifications were required. + if ($well) { - authenticate_success($result['account'],null,true,false,true); - - $new_channel = false; - $next_page = 'new_channel'; - - if(get_config('system','auto_channel_create')) { - $new_channel = auto_channel_create($result['account']['account_id']); - if($new_channel['success']) { - $channel_id = $new_channel['channel']['channel_id']; - change_channel($channel_id); - $next_page = '~'; + if($policy == REGISTER_OPEN || $policy == REGISTER_APPROVE ) { + + $cfgdelay = get_config( 'system', 'register_delay' ); + $regdelay = calculate_adue( $cfgdelay ); + $regdelay = $regdelay ? $regdelay['due'] : $now; + + $cfgexpire = get_config('system','register_expire' ); + $regexpire = calculate_adue( $cfgexpire ); + $regexpire = $regexpire ? $regexpire['due'] : '2099-12-31 23:59:59'; + + // handle an email request that will be verified or an ivitation associated with an email address + if ( $email > '' && ($email_verify || $icdone) ) { + // enforce in case of icdone + $flags |= ACCOUNT_UNVERIFIED; + $empin = $pass2 = random_string(24); + $did2 = $email; + $didx = 'e'; + + push_lang(($reg['lang']) ? $reg['lang'] : 'en'); + $reonar['from'] = get_config('system', 'from_email'); + $reonar['to'] = $email; + $reonar['subject'] = sprintf( t('Registration confirmation for %s'), get_config('system','sitename')); + $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' ' . t('and expire') . ' ' . $regexpire; + $reonar['txttemplate']= replace_macros(get_intltext_template('register_verify_member.tpl'), + [ + '$sitename' => get_config('system','sitename'), + '$siteurl' => z_root(), + '$email' => $email, + '$due' => $reonar['txtpersonal'], + '$mail' => bin2hex($email) . 'e', + '$ko' => bin2hex(substr($empin,0,4)), + '$hash' => $empin + ] + ); + pop_lang(); + zar_reg_mail($reonar); + + } else { + // that is an anonymous request without email or with email not to verify + $acpin = $pass2 = rand(100000,999999); + $did2 = rand(10,99); + $didx = 'a'; + // enforce delayed verify + $flags = ($flags | ACCOUNT_UNVERIFIED); + if ($email) { + $reonar['email.untrust'] = $email; + $reonar['email.comment'] = 'received, but no need for'; + } + } + + if ( $auto_create ) { + $reonar['chan.name'] = notags(trim($arr['name'])); + $reonar['chan.did1'] = notags(trim($arr['nickname'])); + } + + $reg = q("INSERT INTO register (" + . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," + . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" + . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", + intval($flags), + dbesc($didx), + dbesc($did2), + dbesc($pass2), + dbesc(datetime_convert('','',$now)), + dbesc(datetime_convert('','',$regdelay)), + dbesc(datetime_convert('','',$regexpire)), + dbesc($email), + dbesc(bin2hex($password)), + dbesc(substr(get_best_language(),0,2)), + dbesc($ip), + dbesc(json_encode( $reonar )) + ); + + if ($didx == 'a') { + + $lid = q("SELECT reg_id FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' AND reg_pass = '%s' ", + dbesc($did2), dbesc(bin2hex($password)) ); + + if ($lid && count($lid) == 1 ) { + + $didnew = ( $lid[0]['reg_id'] . $did2 ) + . ( substr( base_convert( md5( $lid[0]['reg_id'] . $did2 ), 16, 10 ),-2 ) ); + + $reg = q("UPDATE register SET reg_did2 = CONCAT('d','%s') WHERE reg_id = %d ", + dbesc($didnew), intval($lid[0]['reg_id']) + ); + + // notice( 'ZAR0239I,' . t( 'Your didital id is' ) . EOL . 'd' . $didnew . EOL + $_SESSION['zar']['msg'] = ( 'ZAR0239I,' . t( 'Your didital id is' ) . EOL . 'd' . $didnew . EOL + . t('and your pin for is') . ' ' . $pass2 . EOL + . t('Keep these infos and your entered password safe') . EOL + . t('Valid from') . ' ' . $regdelay . ' ' . t('and expire') . ' ' . $regexpire . EOL ); + + // acpin verify + // goaway(z_root() . '/regate/' . bin2hex('d' . $didnew) . 'a' ); + goaway(z_root() . '/regate'); + } + else { + $msg = 'ZAR0239D,' . t('Error creating dId A'); + notice( $msg ); + zar_log( $msg . ' ' . $did2); + } + } } - else - $new_channel = false; - } - - $x = get_config('system','workflow_register_next'); - if($x) { - $next_page = $x; - $_SESSION['workflow'] = true; } - - unset($_SESSION['login_return_url']); - goaway(z_root() . '/' . $next_page); - } @@ -192,7 +392,7 @@ class Register extends Controller { if(intval(get_config('system','register_policy')) === REGISTER_CLOSED) { if(intval(get_config('system','directory_mode')) === DIRECTORY_MODE_STANDALONE) { - notice( t('Registration on this hub is disabled.') . EOL); + notice( 'ZAR0130E ' . t('Registration on this hub is disabled.') . EOL); return; } @@ -201,37 +401,34 @@ class Register extends Controller { } if(intval(get_config('system','register_policy')) == REGISTER_APPROVE) { - $registration_is = t('Registration on this hub is by approval only.'); - $other_sites = t('Register at another affiliated hub.'); + $registration_is = t('Registration on this hub is by approval only.') . 'ZAR0131I'; + $other_sites = '' . t('Register at another affiliated hub in case when prefered') . ''; } + if ( !get_config('system', 'register_duty_jso') ) { + // duty yet not configured + $duty = array( 'isduty' => false, 'atfrm' => '', 'nowfmt' => ''); + } else { + $duty = zar_register_dutystate(); + } $invitations = false; - if(intval(get_config('system','invitation_only'))) { $invitations = true; - $registration_is = t('Registration on this hub is by invitation only.'); - $other_sites = t('Register at another affiliated hub.'); - } - - $max_dailies = intval(get_config('system','max_daily_registrations')); - if($max_dailies) { - $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", - db_utcnow(), db_quoteinterval('1 day') - ); - if($r && $r[0]['total'] >= $max_dailies) { - logger('max daily registrations exceeded.'); - notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL); - return; - } + $registration_is = t('Registration on this hub is by invitation only.') . 'ZAR0132I'; + $other_sites = '' . t('Register at another affiliated hub') . ''; + } elseif (intval(get_config('system','invitation_also'))) { + $invitations = true; } + if ( self::check_max_daily_exceeded() ) + $duty['atform'] = 'disabled'; + $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : ""); $perm_roles = \Zotlabs\Access\PermissionRoles::roles(); // Configurable terms of service link - $tosurl = get_config('system','tos_url'); if(! $tosurl) $tosurl = z_root() . '/help/TermsOfService'; @@ -254,16 +451,35 @@ class Register extends Controller { $enable_tos = 1 - intval(get_config('system','no_termsofservice')); - $email = array('email', t('Your email address'), ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : "")); + $emailval = ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : ""); + $email = array('email', + t('Your email address (or leave blank to register without email)') . ' ZAR0136I', + $emailval, + t('If the registation was already submitted with your data once ago, enter your identity (like email) here and submit') . 'ZAR0133I' + ); + $password = array('password', t('Choose a password'), ''); $password2 = array('password2', t('Please re-enter your password'), ''); + $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); - $name = array('name', t('Your Name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); + + // + $name = array('name', t('Your Name'), + ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); - $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub)); - $role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel permission role for your usage needs and privacy requirements.') . ' ' . t('Read more about channel permission roles') . '',$perm_roles); - $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); + $nickname = array('nickname', t('Choose a short nickname'), + ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), + sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), + $nickhub)); + $role = array('permissions_role' , t('Channel role and privacy'), + ($privacy_role) ? $privacy_role : 'social', + t('Select a channel permission role for your usage needs and privacy requirements.') + . ' ' + . t('Read more about channel permission roles') + . '',$perm_roles); + // + $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); $auto_create = (get_config('system','auto_channel_create') ? true : false); $default_role = get_config('system','default_permissions_role'); @@ -280,6 +496,9 @@ class Register extends Controller { '$other_sites' => $other_sites, '$invitations' => $invitations, '$invite_code' => $invite_code, + '$haveivc' => t('I have an invite code') . '.ZAR0134I', + '$now' => $duty['nowfmt'], + '$atform' => $duty['atform'], '$auto_create' => $auto_create, '$name' => $name, '$role' => $role, @@ -288,15 +507,40 @@ class Register extends Controller { '$enable_tos' => $enable_tos, '$tos' => $tos, '$email' => $email, + '$validate' => $validate, + '$validate_link'=> $validate_link, + '$validate_here'=> $validate_here, '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), - '$verify_note' => (($email_verify) ? t('This site requires email verification. After completing this form, please check your email for further instructions.') : ''), + '$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') . 'ZAR0135I' : ''), )); return $o; - } - - + + function check_max_daily_exceeded() { + // check against register, account + $max_dailies = intval(get_config('system','max_daily_registrations')); + if ( $max_dailies ) { + $r = q("SELECT COUNT(reg_id) AS nr FROM register WHERE reg_vital = 1 AND reg_created > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 day') + ); + $re = ( $r && $r[0]['nr'] >= $max_dailies ) ? true : false; + if ( !$re ) { + $r = q("SELECT COUNT(account_id) AS nr FROM account WHERE account_created > %s - INTERVAL %s", + db_utcnow(), db_quoteinterval('1 day') + ); + $re = ( $r && $r[0]['nr'] >= $max_dailies ) ? true : false; + } + if ( $re ) { + zar_log('ZAR0333W max daily registrations exceeded.'); + notice( 'ZAR0333W ' + . t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') + . EOL); + return true; + } + } + return false; + } } diff --git a/Zotlabs/Module/Settings/Account.php b/Zotlabs/Module/Settings/Account.php index b40f516ca..97cc9389a 100644 --- a/Zotlabs/Module/Settings/Account.php +++ b/Zotlabs/Module/Settings/Account.php @@ -15,20 +15,23 @@ class Account { $account = \App::get_account(); if($email != $account['account_email']) { - if(! validate_email($email)) - $errs[] = t('Not valid email.'); - $adm = trim(get_config('system','admin_email')); - if(($adm) && (strcasecmp($email,$adm) == 0)) { - $errs[] = t('Protected email address. Cannot change to that email.'); - $email = \App::$account['account_email']; - } - if(! $errs) { - $r = q("update account set account_email = '%s' where account_id = %d", - dbesc($email), - intval($account['account_id']) - ); - if(! $r) - $errs[] = t('System failure storing new email. Please try again.'); + // a DId2 not an email addr does not allow to change to email addr + if (strpos($email, '@') > 0) { + if(! validate_email($email)) + $errs[] = t('Not valid email.'); + $adm = trim(get_config('system','admin_email')); + if(($adm) && (strcasecmp($email,$adm) == 0)) { + $errs[] = t('Protected email address. Cannot change to that email.'); + $email = \App::$account['account_email']; + } + if(! $errs) { + $r = q("update account set account_email = '%s' where account_id = %d", + dbesc($email), + intval($account['account_id']) + ); + if(! $r) + $errs[] = t('System failure storing new email. Please try again.'); + } } } @@ -92,6 +95,7 @@ class Account { call_hooks('account_settings', $account_settings); $email = \App::$account['account_email']; + $attremail = (!strpos($email, '@')) ? 'disabled="disabled"' : ''; $tpl = get_markup_template("settings_account.tpl"); $o .= replace_macros($tpl, array( @@ -101,7 +105,7 @@ class Account { '$password1'=> array('npassword', t('Enter New Password'), '', ''), '$password2'=> array('confirm', t('Confirm New Password'), '', t('Leave password fields blank unless changing')), '$submit' => t('Submit'), - '$email' => array('email', t('Email Address:'), $email, ''), + '$email' => array('email', t('DId2 or Email Address:'), $email, '', '', $attremail), '$removeme' => t('Remove Account'), '$removeaccount' => t('Remove this account including all its channels'), '$account_settings' => $account_settings -- cgit v1.2.3 From 0a16674f6e6b96b99b1bc004a62684b7cc2a4694 Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Sun, 24 Jan 2021 16:44:58 +0100 Subject: auto channel create adjustments, zar log reg msgs --- Zotlabs/Module/Regate.php | 14 ++++++++++---- Zotlabs/Module/Register.php | 2 ++ 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 8ec559332..eabc1459e 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -131,9 +131,13 @@ class Regate extends \Zotlabs\Web\Controller { if ($cra['success']) { q("COMMIT"); - $msg = 'ZAR1238I' . t('Account successfull created'); - zar_log($msg . ':' . print_r($cra, true)); - $nextpage = '~'; + $msg = 'ZAR1238I ' . t('Account successfull created'); + // zar_log($msg . ':' . print_r($cra, true)); + zar_log($msg . ' ' . $cra['account']['account_email'] + . ' ' . $cra['account']['account_language']); + $nextpage = 'new_channel'; + + /* oops, ffu perhaps $auto_create = (get_config('system','auto_channel_create') ? true : false); if($auto_create) { @@ -144,9 +148,10 @@ class Regate extends \Zotlabs\Web\Controller { set_aconfig($cra['account']['account_id'], 'register','channel_address',$reonar['chan.did1']); } - + */ authenticate_success($cra['account'],null,true,false,true); + /* oops, ffu perhaps if($auto_create) { $new_channel = auto_channel_create($cra['account']['account_id']); if($new_channel['success']) { @@ -161,6 +166,7 @@ class Regate extends \Zotlabs\Web\Controller { ); } } + */ unset($_SESSION['login_return_url']); } else { diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index d0a41b3c2..60d08caf0 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -363,6 +363,8 @@ class Register extends Controller { dbesc($didnew), intval($lid[0]['reg_id']) ); + zar_log( 'ZAR0239A ' . t('New register request') . ' d' . $didnew . ', ' + . $regdelay . ' - ' . $regexpire); // notice( 'ZAR0239I,' . t( 'Your didital id is' ) . EOL . 'd' . $didnew . EOL $_SESSION['zar']['msg'] = ( 'ZAR0239I,' . t( 'Your didital id is' ) . EOL . 'd' . $didnew . EOL . t('and your pin for is') . ' ' . $pass2 . EOL -- cgit v1.2.3 From 3f031399cb900650b6a59b9d2b5706b1c5c1afde Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Sun, 24 Jan 2021 20:59:11 +0100 Subject: auto channel create adjustments --- Zotlabs/Module/Regate.php | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index eabc1459e..f96796e8a 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -137,10 +137,10 @@ class Regate extends \Zotlabs\Web\Controller { . ' ' . $cra['account']['account_language']); $nextpage = 'new_channel'; - /* oops, ffu perhaps $auto_create = (get_config('system','auto_channel_create') ? true : false); if($auto_create) { + // prepare channel creation if($reonar['chan.name']) set_aconfig($cra['account']['account_id'], 'register','channel_name',$reonar['chan.name']); @@ -148,30 +148,29 @@ class Regate extends \Zotlabs\Web\Controller { set_aconfig($cra['account']['account_id'], 'register','channel_address',$reonar['chan.did1']); } - */ + authenticate_success($cra['account'],null,true,false,true); - /* oops, ffu perhaps if($auto_create) { + // create channel $new_channel = auto_channel_create($cra['account']['account_id']); + if($new_channel['success']) { $channel_id = $new_channel['channel']['channel_id']; change_channel($channel_id); $nextpage = 'profiles/' . $channel_id; + $msg = 'ZAR1239I ' . t('Channel successfull created') . ' ' . $did2; } else { - zar_log($new_channel['message'] - . ', ' . $reonar['chan.did1'] - . ', ' . $reonar['chan.name'] - ); + $msg = 'ZAR1239E ' . $new_channel['message'] . ' ' . $did2; } + zar_log($msg . ' ' . $reonar['chan.did1'] . ' (' . $reonar['chan.name'] . ')'); } - */ unset($_SESSION['login_return_url']); } else { q("ROLLBACK"); - $msg = 'ZAR1239E ' . t('Account creation error'); + $msg = 'ZAR1238E ' . t('Account creation error'); zar_log($msg . ':' . print_r($cra, true)); } } -- cgit v1.2.3 From d0d6170a71a1acd73995450e16586a7b69abb3e1 Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Wed, 27 Jan 2021 00:20:18 +0100 Subject: login panel, reg limits. --- Zotlabs/Module/Admin/Site.php | 29 +++++++++++++++++++---------- Zotlabs/Module/Register.php | 38 ++++++++++++++++++++++++-------------- 2 files changed, 43 insertions(+), 24 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index cb919746b..879923132 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -5,6 +5,10 @@ namespace Zotlabs\Module\Admin; class Site { + // system cfgs + const ivo = 'invitation_only'; + const iva = 'invitation_also'; + /** * @brief POST handler for Admin Site Page. * @@ -42,8 +46,8 @@ class Site { $minimum_age = ((x($_POST,'minimum_age')) ? intval(trim($_POST['minimum_age'])) : 13); $access_policy = ((x($_POST,'access_policy')) ? intval(trim($_POST['access_policy'])) : 0); $reg_autochannel = ((x($_POST,'auto_channel_create')) ? True : False); - $invite_only = ((x($_POST,'invite_only')) ? True : False); - $invite_also = ((x($_POST,'invite_also')) ? True : False); + $invitation_only = ((x($_POST,'invitation_only')) ? True : False); + $invitation_also = ((x($_POST,'invitation_also')) ? True : False); $abandon_days = ((x($_POST,'abandon_days')) ? intval(trim($_POST['abandon_days'])) : 0); $register_text = ((x($_POST,'register_text')) ? notags(trim($_POST['register_text'])) : ''); @@ -192,8 +196,8 @@ class Site { set_config('system','register_policy', $register_policy); set_config('system','minimum_age', $minimum_age); set_config('system','auto_channel_create', $reg_autochannel); - set_config('system','invitation_only', $invite_only); - set_config('system','invitation_also', $invite_also); + set_config('system',self::ivo, $invitation_only); + set_config('system',self::iva, $invitation_also); set_config('system','access_policy', $access_policy); set_config('system','account_abandon_days', $abandon_days); set_config('system','register_text', $register_text); @@ -399,6 +403,8 @@ class Site { 'rabot' => $reg_rabots ) ); + $invitation_only = get_config('system',self::ivo); + $invitation_also = get_config('system',self::iva); $tao = ''; $t = get_markup_template("admin_site.tpl"); @@ -478,16 +484,19 @@ class Site { get_config('system','auto_channel_create'), t("Auto create a channel when register a new account. When On, the register form will show additional fields for the channel-name and the nickname."), "", "", 'ZAR0870C'), - '$invite_only' => array('invite_only', - t("Invitation only"), - get_config('system','invitation_only'), + + '$invitation_only' => array(self::ivo, + ($invitation_only === false ? '✗' : '✓') . ' ' . t("Invitation only"), + $invitation_only, t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes."), "", "", 'ZAR0880C'), - '$invite_also' => array('invite_also', - t("Invitation also"), - get_config('system','invitation_also'), + + '$invitation_also' => array(self::iva, + ($invitation_also === false ? '✗' : '✓') . ' ' . t("Invitation also"), + $invitation_also, t("Also allow new member registrations with an invitation code. Above register policy must be set to Yes."), "", "", 'ZAR0881C'), + '$verify_email' => array('verify_email', t("Verify Email Addresses"), get_config('system','verify_email'), diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 60d08caf0..64db7a253 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -109,7 +109,7 @@ class Register extends Controller { } // s2 max daily - if ( self::check_max_daily_exceeded() ) return; + if ( self::check_reg_limits() ) return; // accept tos if(! x($_POST,'tos')) { @@ -423,8 +423,9 @@ class Register extends Controller { $invitations = true; } - if ( self::check_max_daily_exceeded() ) - $duty['atform'] = 'disabled'; + $opal = self::check_reg_limits(); + if ( $opal['is']) + $duty['atform'] = 'disabled'; $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : ""); @@ -496,6 +497,7 @@ class Register extends Controller { '$reg_is' => $registration_is, '$registertext' => bbcode(get_config('system','register_text')), '$other_sites' => $other_sites, + '$msg' => $opal['rn'] . ',' . $opal['an'], '$invitations' => $invitations, '$invite_code' => $invite_code, '$haveivc' => t('I have an invite code') . '.ZAR0134I', @@ -521,28 +523,36 @@ class Register extends Controller { return $o; } - function check_max_daily_exceeded() { + function check_reg_limits() { // check against register, account + $rear = array( 'is' => false, 'rn' => 0, 'an' => 0, 'msg' => '' ); + $max_dailies = intval(get_config('system','max_daily_registrations')); + if ( $max_dailies ) { + $r = q("SELECT COUNT(reg_id) AS nr FROM register WHERE reg_vital = 1 AND reg_created > %s - INTERVAL %s", db_utcnow(), db_quoteinterval('1 day') ); - $re = ( $r && $r[0]['nr'] >= $max_dailies ) ? true : false; - if ( !$re ) { + + $rear['is'] = ( $r && $r[0]['nr'] >= $max_dailies ) ? true : false; + $rear['rn'] = $r[0]['nr']; + + if ( !$rear['is']) { $r = q("SELECT COUNT(account_id) AS nr FROM account WHERE account_created > %s - INTERVAL %s", db_utcnow(), db_quoteinterval('1 day') ); - $re = ( $r && $r[0]['nr'] >= $max_dailies ) ? true : false; + + $rear['is'] = ( $r && ($r[0]['nr'] + $rear['rn']) >= $max_dailies ) ? true : false; + $rear['ra'] = $r[0]['nr']; } - if ( $re ) { - zar_log('ZAR0333W max daily registrations exceeded.'); - notice( 'ZAR0333W ' - . t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') - . EOL); - return true; + + if ( $rear['is']) { + $rear['msg'] = 'ZAR0333W ' . t('This site has exceeded the number of allowed daily account registrations'); + zar_log($msg); + $rear['is'] = true; } } - return false; + return $rear; } } -- cgit v1.2.3 From 4ecb4189b8787d57c601ebf467ecd94fa706d1ca Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Thu, 28 Jan 2021 22:08:38 +0100 Subject: Register panel interaction consistence usage --- Zotlabs/Module/Regate.php | 2 +- Zotlabs/Module/Register.php | 25 ++++++++++++++++--------- 2 files changed, 17 insertions(+), 10 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index f96796e8a..cf6b76bfa 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -162,7 +162,7 @@ class Regate extends \Zotlabs\Web\Controller { $msg = 'ZAR1239I ' . t('Channel successfull created') . ' ' . $did2; } else { - $msg = 'ZAR1239E ' . $new_channel['message'] . ' ' . $did2; + $msg = 'ZAR1239E ' . t('Channel still not created') . ' ' . $did2; } zar_log($msg . ' ' . $reonar['chan.did1'] . ' (' . $reonar['chan.name'] . ')'); } diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 64db7a253..1cf5af5b3 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -14,7 +14,7 @@ class Register extends Controller { function init() { // ZAR0 - + $result = null; $cmd = ((argc() > 1) ? argv(1) : ''); @@ -53,9 +53,10 @@ class Register extends Controller { * [hilmar:] * It may happen, the posted form arrives in a strange fashion. With the control of the duty hours * for registration, the input form was disabled at html. While receiving posted data, checks are - * required if all is on the right road (no posts accepted during off duty). + * required if all is on the right road (most posts are not accepted during off duty). * */ + $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; $duty = zar_register_dutystate(); @@ -82,7 +83,7 @@ class Register extends Controller { goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); } - if ( preg_match('/^d{1,1}[0-9]{1,10}$/', $email ) ) { + if ( preg_match('/^d{1,1}[0-9]{6,10}$/', $email ) ) { // dId2 A artifical & anonymous goaway(z_root() . '/regate/' . bin2hex($email) . 'a' ); } @@ -109,7 +110,7 @@ class Register extends Controller { } // s2 max daily - if ( self::check_reg_limits() ) return; + if ( self::check_reg_limits()['is'] ) return; // accept tos if(! x($_POST,'tos')) { @@ -209,7 +210,7 @@ class Register extends Controller { } else { notice('ZAR0236E ' . t('Invitation not in time or too late') . EOL); - goaway(z_root()); + goaway(z_root() . '/~'); } } else { @@ -217,7 +218,7 @@ class Register extends Controller { $msg = 'ZAR0235S ' . t('Invitation email failed'); zar_log($msg); notice($msg . EOL); - goaway(z_root()); + goaway(z_root() . '/~'); } } else { @@ -225,12 +226,12 @@ class Register extends Controller { $msg = 'ZAR0234S ' . t('Invitation code failed') ; zar_log($msg); notice( $msg . EOL); - goaway(z_root()); + goaway(z_root() . '/~'); } } else { notice('ZAR0232E ' . t('Invitations are not available') . EOL); - goaway(z_root()); + goaway(z_root() . '/~'); } @@ -388,7 +389,7 @@ class Register extends Controller { function get() { - + $registration_is = ''; $other_sites = ''; @@ -492,6 +493,12 @@ class Register extends Controller { $o = replace_macros(get_markup_template('register.tpl'), array( + '$tao' => "typeof(window.tao) == 'undefined' ? window.tao = {} : '';\n" + . "tao.zar = { vsn: '2.0.0', form: {}, msg: {} };\n" + . "tao.zar.patano = /^d[0-9]{6}$/;\n" + . "tao.zar.patema = /^[a-z0-9.-]{2,64}@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/;\n" + . "tao.zar.msg.ZAR0239E = '" . t('email mistake') . "';\n", + '$form_security_token' => get_form_security_token("register"), '$title' => t('Registration'), '$reg_is' => $registration_is, -- cgit v1.2.3 From 3773bceb46a18c500f898409deb4e6234ac5eebf Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Fri, 29 Jan 2021 23:25:47 +0100 Subject: context help register en,de --- Zotlabs/Module/Register.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 1cf5af5b3..6463710c7 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -22,7 +22,7 @@ class Register extends Controller { // when they first need to register someplace. Once they've // created a channel, we'll try to revive the connection request // and process it. - + if($_REQUEST['connect']) $_SESSION['connect'] = $_REQUEST['connect']; @@ -69,6 +69,17 @@ class Register extends Controller { $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); $reonar = array(); + + if ($email && $invite_code) { + + if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { + if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { + // xxx + //goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); + } + } + + } // assume someone tries to validate (dId2 C/D/E), because only field email entered if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) { -- cgit v1.2.3 From 68d5969d3395ecb790c9a7b37a39dcbcc9e60d20 Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Sat, 30 Jan 2021 23:15:13 +0100 Subject: validate,invite --- Zotlabs/Module/Register.php | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 6463710c7..8f873f372 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -60,6 +60,7 @@ class Register extends Controller { $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; $duty = zar_register_dutystate(); + $is247 = false; $ip = $_SERVER['REMOTE_ADDR']; $sameip = intval(get_config('system','register_sameip')); @@ -70,12 +71,12 @@ class Register extends Controller { $reonar = array(); + // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) if ($email && $invite_code) { if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { - // xxx - //goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); + $is247 = true; } } @@ -101,30 +102,33 @@ class Register extends Controller { } - if ($act > 0 && !$duty['isduty']) { - // normally, that should never arrive here (ie js hack or sth like) + + if ($act > 0 && !$is247 && !$duty['isduty']) { + // normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like) // log suitable for f2b also - $logmsg = 'ZAR0230S Unexpected registration request'; + $logmsg = 'ZAR0230S Unexpected registration request off duty'; zar_log($logmsg); - goaway(z_root() . '/'); + goaway(z_root() . '/~'); } - if ($sameip) { + if ($sameip && !$is247) { $f = q("SELECT COUNT(reg_atip) AS atip FROM register WHERE reg_vital = 1 AND reg_atip = '%s' ", dbesc($ip) ); if ($f && $f[0]['atip'] > $sameip) { $logmsg = 'ZAR0239S Exceeding same ip register request of ' . $sameip; zar_log($logmsg); - goaway(z_root() . '/'); + goaway(z_root() . '/~'); } } // s2 max daily - if ( self::check_reg_limits()['is'] ) return; + // msg? + if ( !$is247 && self::check_reg_limits()['is'] ) return; // accept tos if(! x($_POST,'tos')) { + // msg! notice( 'ZAR0230E ' . t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL); return; @@ -132,6 +136,7 @@ class Register extends Controller { // pw1 == pw2 if((! $_POST['password']) || ($_POST['password'] !== $_POST['password2'])) { + // msg! notice( 'ZAR0230E ' . t('Passwords do not match.') . EOL); return; @@ -142,6 +147,7 @@ class Register extends Controller { if ($email) { if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { + // msg! notice('ZAR0239E ' . t('Email address mistake') . EOL); return; @@ -207,19 +213,23 @@ class Register extends Controller { // if $flags == 0 ?? - // trans ? + // transit ? // update reg vital 0 off $icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", intval($reg['reg_id']) ); - info('ZAR0237I ' . t('Invitation code succesfully applied') . EOL); + $msg = 'ZAR0237I ' . t('Invitation code succesfully applied'); + zar_log($msg) . ', ' . $email; + // msg! + info($msg . EOL); $well = true; } else { + // msg! notice('ZAR0236E ' . t('Invitation not in time or too late') . EOL); goaway(z_root() . '/~'); } -- cgit v1.2.3 From ea3390d626f85b7293a750958bfd1b5460958365 Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Fri, 26 Feb 2021 15:10:24 +0100 Subject: adjust air.5 to be in sync with 5.2.2 --- Zotlabs/Module/Home.php | 118 +++++++++++++++++++++++++++--------------------- 1 file changed, 66 insertions(+), 52 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Home.php b/Zotlabs/Module/Home.php index 7f2d6424d..2bfab986f 100644 --- a/Zotlabs/Module/Home.php +++ b/Zotlabs/Module/Home.php @@ -1,100 +1,114 @@ 'application/x-zot+json', 'Digest' => HTTPSig::generate_digest_header($ret)]; + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $h = HTTPSig::create_sig($headers, $key, z_root()); + HTTPSig::set_headers($h); + + echo $ret; + killme(); + } $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); - - $channel = \App::get_channel(); - if(local_channel() && $channel && $channel['xchan_url'] && ! $splash) { + + $channel = App::get_channel(); + if (local_channel() && $channel && $channel['xchan_url'] && !$splash) { $dest = (($ret['startpage']) ? $ret['startpage'] : ''); - if(! $dest) - $dest = get_config('system','startpage'); - if(! $dest) + if (!$dest) + $dest = get_config('system', 'startpage'); + if (!$dest) $dest = z_root() . '/network'; - + goaway($dest); } - if(remote_channel() && (! $splash) && $_SESSION['atoken']) { + if (remote_channel() && (!$splash) && $_SESSION['atoken']) { $r = q("select * from atoken where atoken_id = %d", intval($_SESSION['atoken']) ); - if($r) { + if ($r) { $x = channelx_by_n($r[0]['atoken_uid']); - if($x) { + if ($x) { goaway(z_root() . '/channel/' . $x['channel_address']); } } - } + } - - if(get_account_id() && ! $splash) { + if (get_account_id() && !$splash) { goaway(z_root() . '/new_channel'); } - + } - - + function get($update = 0, $load = false) { - + $o = ''; - - - if(x($_SESSION,'theme')) + + if (x($_SESSION, 'theme')) unset($_SESSION['theme']); - if(x($_SESSION,'mobile_theme')) + if (x($_SESSION, 'mobile_theme')) unset($_SESSION['mobile_theme']); - + $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); - - call_hooks('home_content',$o); - if($o) + + call_hooks('home_content', $o); + if ($o) return $o; - - $frontpage = get_config('system','frontpage'); - if($frontpage) { - if(strpos($frontpage,'include:') !== false) { - $file = trim(str_replace('include:' , '', $frontpage)); - if(file_exists($file)) { - \App::$page['template'] = 'full'; - \App::$page['title'] = t('$Projectname'); - $o .= file_get_contents($file); + + $frontpage = get_config('system', 'frontpage'); + if ($frontpage) { + if (strpos($frontpage, 'include:') !== false) { + $file = trim(str_replace('include:', '', $frontpage)); + if (file_exists($file)) { + App::$page['template'] = 'full'; + App::$page['title'] = t('$Projectname'); + $o .= file_get_contents($file); return $o; } } - if(strpos($frontpage,'http') !== 0) + if (strpos($frontpage, 'http') !== 0) $frontpage = z_root() . '/' . $frontpage; - if(intval(get_config('system','mirror_frontpage'))) { + if (intval(get_config('system', 'mirror_frontpage'))) { $o = '' . t('$Projectname') . ''; echo $o; killme(); } goaway($frontpage); } - - - $sitename = get_config('system','sitename'); - if($sitename) - $o .= '

' . sprintf( t('Welcome to %s') ,$sitename) . '

'; - - $loginbox = get_config('system','login_on_homepage'); - if(intval($loginbox) || $loginbox === false) + + $sitename = get_config('system', 'sitename'); + if ($sitename) + $o .= '

' . sprintf(t('Welcome to %s'), $sitename) . '

'; + + $loginbox = get_config('system', 'login_on_homepage'); + if (intval($loginbox) || $loginbox === false) $o .= login(true); - + return $o; - + } - + } -- cgit v1.2.3 From c26dede97f626b52b7bf8962ed55d1dbda86abe8 Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Sun, 28 Feb 2021 21:06:16 +0100 Subject: get dev --- Zotlabs/Module/Activity.php | 14 +- Zotlabs/Module/Article_edit.php | 5 +- Zotlabs/Module/Articles.php | 45 ++-- Zotlabs/Module/Attach.php | 67 +++--- Zotlabs/Module/Cal.php | 12 +- Zotlabs/Module/Card_edit.php | 5 +- Zotlabs/Module/Cards.php | 2 +- Zotlabs/Module/Cdav.php | 2 +- Zotlabs/Module/Channel.php | 407 ++++++++++++++++++---------------- Zotlabs/Module/Channel_calendar.php | 417 ++++++++++++++++++----------------- Zotlabs/Module/Chanview.php | 2 +- Zotlabs/Module/Cloud.php | 2 +- Zotlabs/Module/Connections.php | 5 +- Zotlabs/Module/Connedit.php | 293 ++++++++++++------------- Zotlabs/Module/Dav.php | 2 +- Zotlabs/Module/Display.php | 95 ++++---- Zotlabs/Module/Editpost.php | 5 +- Zotlabs/Module/Embedphotos.php | 3 +- Zotlabs/Module/Fhublocs.php | 22 +- Zotlabs/Module/Getfile.php | 3 +- Zotlabs/Module/Import.php | 5 +- Zotlabs/Module/Item.php | 36 ++- Zotlabs/Module/Like.php | 423 ++++++++++++++++++------------------ Zotlabs/Module/Network.php | 247 ++++++++++----------- Zotlabs/Module/Notifications.php | 8 +- Zotlabs/Module/Pconfig.php | 70 +++--- Zotlabs/Module/Photo.php | 8 +- Zotlabs/Module/Pin.php | 3 +- Zotlabs/Module/Prate.php | 60 ++--- Zotlabs/Module/Probe.php | 17 +- Zotlabs/Module/Profile.php | 117 +++++----- Zotlabs/Module/Profiles.php | 2 +- Zotlabs/Module/Rate.php | 70 +++--- Zotlabs/Module/Regver.php | 2 - Zotlabs/Module/Search.php | 293 ++++++++++++++----------- Zotlabs/Module/Uexport.php | 7 +- Zotlabs/Module/Wfinger.php | 73 ++++--- Zotlabs/Module/Xrd.php | 38 ++-- Zotlabs/Module/Zotfeed.php | 141 ++++++++++-- 39 files changed, 1615 insertions(+), 1413 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Activity.php b/Zotlabs/Module/Activity.php index b75f0b245..48f2663cf 100644 --- a/Zotlabs/Module/Activity.php +++ b/Zotlabs/Module/Activity.php @@ -143,8 +143,8 @@ class Activity extends Controller { http_status_exit(403, 'Forbidden'); $i = ZlibActivity::encode_item_collection($nitems,'conversation/' . $item_id,'OrderedCollection'); - if($portable_id) { - ThreadListener::store(z_root() . '/activity/' . $item_id,$portable_id); + if($portable_id && (! intval($items[0]['item_private']))) { + ThreadListener::store(z_root() . '/activity/' . $item_id, $portable_id); } if(! $i) @@ -239,6 +239,16 @@ class Activity extends Controller { xchan_query($r,true); $items = fetch_post_tags($r,false); + if ($portable_id && (! intval($items[0]['item_private']))) { + $c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'", + intval($items[0]['uid']), + dbesc($portable_id) + ); + if (! $c) { + ThreadListener::store(z_root() . '/activity/' . $item_id, $portable_id); + } + } + $channel = channelx_by_n($items[0]['uid']); $x = array_merge( ['@context' => [ diff --git a/Zotlabs/Module/Article_edit.php b/Zotlabs/Module/Article_edit.php index 635b3ce2a..efa02e1c1 100644 --- a/Zotlabs/Module/Article_edit.php +++ b/Zotlabs/Module/Article_edit.php @@ -63,9 +63,9 @@ class Article_edit extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -113,6 +113,7 @@ class Article_edit extends \Zotlabs\Web\Controller { 'post_id' => $post_id, 'visitor' => true, 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'summary' => htmlspecialchars($itm[0]['summary'],ENT_COMPAT,'UTF-8'), 'placeholdertitle' => t('Title (optional)'), 'pagetitle' => $card_title, 'profile_uid' => (intval($channel['channel_id'])), diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index 3f726ebb9..9152f0e0e 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -15,7 +15,7 @@ require_once('include/opengraph.php'); class Articles extends Controller { function init() { - + if(argc() > 1) $which = argv(1); @@ -28,13 +28,13 @@ class Articles extends Controller { return; } } - + profile_load($which); - + } - + function get($update = 0, $load = false) { - + if(observer_prohibited(true)) { return login(); } @@ -56,7 +56,7 @@ class Articles extends Controller { nav_set_selected('Articles'); - head_add_link([ + head_add_link([ 'rel' => 'alternate', 'type' => 'application/json+oembed', 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string), @@ -65,7 +65,7 @@ class Articles extends Controller { $category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : ''); - + if($category) { $sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY)); } @@ -74,24 +74,24 @@ class Articles extends Controller { $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); $which = argv(1); - + $selected_card = ((argc() > 2) ? argv(2) : ''); $_SESSION['return_url'] = App::$query_string; - + $uid = local_channel(); $owner = App::$profile_uid; $observer = App::get_observer(); - + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + if(! perm_is_allowed($owner,$ob_hash,'view_pages')) { notice( t('Permission denied.') . EOL); return; } - + $is_owner = ($uid && $uid == $owner); - + $channel = channelx_by_n($owner); if($channel) { @@ -105,7 +105,7 @@ class Articles extends Controller { else { $channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ]; } - + if(perm_is_allowed($owner,$ob_hash,'write_pages')) { @@ -114,16 +114,15 @@ class Articles extends Controller { 'webpage' => ITEM_TYPE_ARTICLE, 'is_owner' => true, 'content_label' => t('Add Article'), - 'button' => t('Create'), + 'button' => t('Save'), 'nickname' => $channel['channel_address'], - 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl, false, + 'acl' => (($is_owner) ? populate_acl($channel_acl, false, PermissionDescription::fromGlobalPermission('view_pages')) : ''), 'permissions' => $channel_acl, 'showacl' => (($is_owner) ? true : false), 'visitor' => true, - 'body' => '[summary][/summary]', 'hide_location' => false, 'hide_voting' => false, 'profile_uid' => intval($owner), @@ -147,12 +146,12 @@ class Articles extends Controller { else { $editor = ''; } - + $itemspage = get_pconfig(local_channel(),'system','itemspage'); App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start'])); - + $sql_extra = item_permissions_sql($owner); $sql_item = ''; @@ -176,8 +175,8 @@ class Articles extends Controller { $sql_extra2 .= " and item.item_thread_top != 0 "; } - $r = q("select * from item - where item.uid = %d and item_type = %d + $r = q("select * from item + where item.uid = %d and item_type = %d $sql_extra $sql_extra2 $sql_item order by item.created desc $pager_sql", intval($owner), intval(ITEM_TYPE_ARTICLE) @@ -214,7 +213,7 @@ class Articles extends Controller { opengraph_add_meta((! empty($items) ? $r[0] : []), $channel); $mode = 'articles'; - + if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card)) $page_mode = 'pager_list'; else diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 172f6a4bc..5f5779b51 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -1,4 +1,5 @@ $zip_filename, - 'zip_path' => $zip_path + 'zip_path' => $zip_path ]; Verify::create('zip_token', 0, $token, json_encode($meta)); json_return_and_die([ 'success' => true, - 'token' => $token + 'token' => $token ]); } @@ -63,28 +64,28 @@ class Attach extends Controller { function get() { - if(argc() < 2) { - notice( t('Item not available.') . EOL); + if (argc() < 2) { + notice(t('Item not available.') . EOL); return; } $token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : ''); - if(argv(1) === 'download') { + if (argv(1) === 'download') { $meta = Verify::get_meta('zip_token', 0, $token); - if(! $meta) + if (!$meta) killme(); $meta = json_decode($meta, true); header('Content-Type: application/zip'); - header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"'); + header('Content-Disposition: attachment; filename="' . $meta['zip_filename'] . '"'); header('Content-Length: ' . filesize($meta['zip_path'])); $istream = fopen($meta['zip_path'], 'rb'); $ostream = fopen('php://output', 'wb'); - if($istream && $ostream) { + if ($istream && $ostream) { pipe_streams($istream, $ostream); fclose($istream); fclose($ostream); @@ -94,10 +95,10 @@ class Attach extends Controller { killme(); } - $r = attach_by_hash(argv(1),get_observer_hash(),((argc() > 2) ? intval(argv(2)) : 0)); + $r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0)); - if(! $r['success']) { - notice( $r['message'] . EOL); + if (!$r['success']) { + notice($r['message'] . EOL); return; } @@ -105,27 +106,27 @@ class Attach extends Controller { intval($r['data']['uid']) ); - if(! $c) + if (!$c) return; - $unsafe_types = array('text/html','text/css','application/javascript'); + $unsafe_types = array('text/html', 'text/css', 'application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) { - header('Content-Type: text/plain'); + if (in_array($r['data']['filetype'], $unsafe_types) && (!channel_codeallowed($r['data']['uid']))) { + header('Content-Type: text/plain'); } else { header('Content-Type: ' . $r['data']['filetype']); } header('Content-Disposition: attachment; filename="' . $r['data']['filename'] . '"'); - if(intval($r['data']['os_storage'])) { + if (intval($r['data']['os_storage'])) { $fname = $r['data']['content']; - if(strpos($fname,'store') !== false) - $istream = fopen($fname,'rb'); + if (strpos($fname, 'store') !== false) + $istream = fopen($fname, 'rb'); else - $istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb'); - $ostream = fopen('php://output','wb'); - if($istream && $ostream) { + $istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname, 'rb'); + $ostream = fopen('php://output', 'wb'); + if ($istream && $ostream) { pipe_streams($istream, $ostream); fclose($istream); fclose($ostream); @@ -140,14 +141,14 @@ class Attach extends Controller { public function zip_archive_handler($zip, $attach_ids, $attach_path, $pass = 1) { $observer_hash = get_observer_hash(); - $single = ((count($attach_ids) == 1) ? true : false); + $single = ((count($attach_ids) == 1) ? true : false); $download_name = 'download.zip'; - foreach($attach_ids as $attach_id) { + foreach ($attach_ids as $attach_id) { $r = attach_by_id($attach_id, $observer_hash); - if (! $r['success']) { + if (!$r['success']) { continue; } @@ -158,8 +159,8 @@ class Attach extends Controller { if ($attach_path) { $strip_str = $attach_path . '/'; - $count = strlen($strip_str); - $zip_path = substr($r['data']['display_path'], $count); + $count = strlen($strip_str); + $zip_path = substr($r['data']['display_path'], $count); } if ($r['data']['is_dir']) { diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index 07bee38bd..65dba927b 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -37,8 +37,6 @@ class Cal extends Controller { $observer = App::get_observer(); App::$data['observer'] = $observer; - $observer_xchan = (($observer) ? $observer['xchan_hash'] : ''); - head_set_icon(App::$data['channel']['xchan_photo_s']); App::$page['htmlhead'] .= "" ; @@ -159,10 +157,10 @@ class Cal extends Controller { 'timezone' => $tz, 'start'=> $start, 'end' => $end, - 'drop' => $drop, + 'drop' => false, 'allDay' => (($rr['adjust']) ? 0 : 1), 'title' => html_entity_decode($rr['summary'], ENT_COMPAT, 'UTF-8'), - 'editable' => $edit ? true : false, + 'editable' => false, 'item' => $rr, 'plink' => [$rr['plink'], t('Link to source')], 'description' => html_entity_decode($rr['description'], ENT_COMPAT, 'UTF-8'), @@ -205,9 +203,9 @@ class Cal extends Controller { '$prev' => t('Previous'), '$next' => t('Next'), '$today' => t('Today'), - '$title' => $title, - '$dtstart' => $dtstart, - '$dtend' => $dtend, + '$title' => '', + '$dtstart' => '', + '$dtend' => '', '$nick' => $nick ]); diff --git a/Zotlabs/Module/Card_edit.php b/Zotlabs/Module/Card_edit.php index e01e70fdb..c57a0f043 100644 --- a/Zotlabs/Module/Card_edit.php +++ b/Zotlabs/Module/Card_edit.php @@ -63,9 +63,9 @@ class Card_edit extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -114,6 +114,7 @@ class Card_edit extends \Zotlabs\Web\Controller { 'post_id' => $post_id, 'visitor' => true, 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'summary' => htmlspecialchars($itm[0]['summary'],ENT_COMPAT,'UTF-8'), 'placeholdertitle' => t('Title (optional)'), 'pagetitle' => $card_title, 'profile_uid' => (intval($channel['channel_id'])), diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index c44f7942b..8f47208ce 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -110,7 +110,7 @@ class Cards extends Controller { 'webpage' => ITEM_TYPE_CARD, 'is_owner' => true, 'content_label' => t('Add Card'), - 'button' => t('Create'), + 'button' => t('Save'), 'nickname' => $channel['channel_address'], 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index f5c5f4384..fe697a526 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -284,7 +284,7 @@ class Cdav extends Controller { $server->addPlugin(new \Sabre\CardDAV\VCFExportPlugin()); // And off we go! - $server->exec(); + $server->start(); killme(); diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 7ff394750..a513523a7 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -4,10 +4,13 @@ namespace Zotlabs\Module; use App; -use Zotlabs\Web\Controller; +use Zotlabs\Lib\Activity; +use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\Crypto; +use Zotlabs\Lib\Libzot; use Zotlabs\Lib\PermissionDescription; +use Zotlabs\Web\Controller; use Zotlabs\Web\HTTPSig; -use Zotlabs\Lib\Libzot; require_once('include/items.php'); require_once('include/security.php'); @@ -20,88 +23,117 @@ require_once('include/opengraph.php'); * @brief Channel Controller * */ - class Channel extends Controller { function init() { - if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?'])) + if (in_array(substr($_GET['search'], 0, 1), ['@', '!', '?']) || strpos($_GET['search'], 'https://') === 0) goaway('search' . '?f=&search=' . $_GET['search']); $which = null; - if(argc() > 1) + if (argc() > 1) $which = argv(1); - if(! $which) { - if(local_channel()) { + if (!$which) { + if (local_channel()) { $channel = App::get_channel(); - if($channel && $channel['channel_address']) - $which = $channel['channel_address']; + if ($channel && $channel['channel_address']) + $which = $channel['channel_address']; } } - if(! $which) { - notice( t('You must be logged in to see this page.') . EOL ); + if (!$which) { + notice(t('You must be logged in to see this page.') . EOL); return; } $profile = 0; $channel = App::get_channel(); - if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; + if ((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; $profile = argv(1); } $channel = channelx_by_nick($which); - if(! $channel) { + if (!$channel) { http_status_exit(404, 'Not found'); } - // handle zot6 channel discovery + // handle zot6 channel discovery + + if (Libzot::is_zot_request()) { - if(Libzot::is_zot_request()) { - $sigdata = HTTPSig::verify(file_get_contents('php://input'), EMPTY_STR, 'zot6'); - if($sigdata && $sigdata['signer'] && $sigdata['header_valid']) { - $data = json_encode(Libzot::zotinfo([ 'address' => $channel['channel_address'], 'target_url' => $sigdata['signer'] ])); - $s = q("select site_crypto, hubloc_sitekey from site left join hubloc on hubloc_url = site_url where hubloc_id_url = '%s' and hubloc_network = 'zot6' limit 1", + if ($sigdata && $sigdata['signer'] && $sigdata['header_valid']) { + $data = json_encode(Libzot::zotinfo(['address' => $channel['channel_address'], 'target_url' => $sigdata['signer']])); + $s = q("select site_crypto, hubloc_sitekey from site left join hubloc on hubloc_url = site_url where hubloc_id_url = '%s' and hubloc_network = 'zot6' limit 1", dbesc($sigdata['signer']) ); - if($s) { - $data = json_encode(crypto_encapsulate($data,$s[0]['hubloc_sitekey'],Libzot::best_algorithm($s[0]['site_crypto']))); + if ($s) { + $data = json_encode(Crypto::encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto']))); } } else { - $data = json_encode(Libzot::zotinfo([ 'address' => $channel['channel_address'] ])); + $data = json_encode(Libzot::zotinfo(['guid_hash' => $channel['channel_hash']])); } - $headers = [ - 'Content-Type' => 'application/x-zot+json', + $headers = [ + 'Content-Type' => 'application/x-zot+json', 'Digest' => HTTPSig::generate_digest_header($data), '(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'] - ]; - $h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel)); + ]; + $h = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_url($channel)); HTTPSig::set_headers($h); echo $data; killme(); } + if (ActivityStreams::is_as_request($channel)) { + + // Somebody may attempt an ActivityStreams fetch on one of our message permalinks + // Make it do the right thing. + + $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); + if ($mid && strpos($mid, 'b64.') === 0) { + $decoded = @base64url_decode(substr($mid, 4)); + if ($decoded) { + $mid = $decoded; + } + } + if ($mid) { + $obj = null; + if (strpos($mid, z_root() . '/item/') === 0) { + App::$argc = 2; + App::$argv = ['item', basename($mid)]; + $obj = new Item(); + } + if (strpos($mid, z_root() . '/activity/') === 0) { + App::$argc = 2; + App::$argv = ['activity', basename($mid)]; + $obj = new Activity(); + } + if ($obj) { + $obj->init(); + } + } + as_return_and_die(Activity::encode_person($channel, true), $channel); + } - if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; + if ((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; $profile = argv(1); } - head_add_link( [ - 'rel' => 'alternate', + head_add_link([ + 'rel' => 'alternate', 'type' => 'application/atom+xml', 'title' => t('Posts and comments'), 'href' => z_root() . '/feed/' . $which ]); - head_add_link( [ - 'rel' => 'alternate', + head_add_link([ + 'rel' => 'alternate', 'type' => 'application/atom+xml', 'title' => t('Only posts'), 'href' => z_root() . '/feed/' . $which . '?f=&top=1' @@ -110,19 +142,19 @@ class Channel extends Controller { // Run profile_load() here to make sure the theme is set before // we start loading content - profile_load($which,$profile); - + profile_load($which, $profile); + // Add Opengraph markup - $mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : ''); - if(strpos($mid,'b64.') === 0) - $mid = @base64url_decode(substr($mid,4)); - - if($mid) - $r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1", - dbesc($mid), - intval($channel['channel_id']) - ); - + $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); + if (strpos($mid, 'b64.') === 0) + $mid = @base64url_decode(substr($mid, 4)); + + if ($mid) + $r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1", + dbesc($mid), + intval($channel['channel_id']) + ); + opengraph_add_meta($r ? $r[0] : [], $channel); } @@ -132,99 +164,99 @@ class Channel extends Controller { $category = $datequery = $datequery2 = ''; - $mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : ''); + $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); - if(strpos($mid,'b64.') === 0) - $decoded = @base64url_decode(substr($mid,4)); - if($decoded) + if (strpos($mid, 'b64.') === 0) + $decoded = @base64url_decode(substr($mid, 4)); + if ($decoded) $mid = $decoded; - $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); - $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); + $datequery = ((x($_GET, 'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); + $datequery2 = ((x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); - if(observer_prohibited(true)) { + if (observer_prohibited(true)) { return login(); } - $category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : ''); - $hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : ''); - $order = ((x($_GET,'order')) ? notags($_GET['order']) : 'post'); - $search = ((x($_GET,'search')) ? $_GET['search'] : EMPTY_STR); + $category = ((x($_REQUEST, 'cat')) ? $_REQUEST['cat'] : ''); + $hashtags = ((x($_REQUEST, 'tag')) ? $_REQUEST['tag'] : ''); + $order = ((x($_GET, 'order')) ? notags($_GET['order']) : 'post'); + $search = ((x($_GET, 'search')) ? $_GET['search'] : EMPTY_STR); - $groups = array(); + $groups = []; $o = ''; - if($update) { + if ($update) { // Ensure we've got a profile owner if updating. App::$profile['profile_uid'] = App::$profile_uid = $update; } $is_owner = (((local_channel()) && (App::$profile['profile_uid'] == local_channel())) ? true : false); - $channel = App::get_channel(); + $channel = App::get_channel(); $observer = App::get_observer(); - $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - $perms = get_all_perms(App::$profile['profile_uid'],$ob_hash); + $perms = get_all_perms(App::$profile['profile_uid'], $ob_hash); - if(! $perms['view_stream']) { + if (!$perms['view_stream']) { // We may want to make the target of this redirect configurable - if($perms['view_profile']) { - notice( t('Insufficient permissions. Request redirected to profile page.') . EOL); - goaway (z_root() . "/profile/" . App::$profile['channel_address']); + if ($perms['view_profile']) { + notice(t('Insufficient permissions. Request redirected to profile page.') . EOL); + goaway(z_root() . "/profile/" . App::$profile['channel_address']); } - notice( t('Permission denied.') . EOL); + notice(t('Permission denied.') . EOL); return; } - if(! $update) { + if (!$update) { nav_set_selected('Channel Home'); // search terms header - if($search) { - $o .= replace_macros(get_markup_template("section_title.tpl"),array( - '$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') - )); + if ($search) { + $o .= replace_macros(get_markup_template("section_title.tpl"), [ + '$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8') + ]); } - if($channel && $is_owner) { - $channel_acl = array( + if ($channel && $is_owner) { + $channel_acl = [ 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], - 'deny_gid' => $channel['channel_deny_gid'] - ); + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ]; } else { - $channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ]; + $channel_acl = ['allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '']; } - if($perms['post_wall']) { - - $x = array( - 'is_owner' => $is_owner, - 'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'],'system','use_browser_location')))) ? true : false), - 'default_location' => (($is_owner) ? App::$profile['channel_location'] : ''), - 'nickname' => App::$profile['channel_address'], - 'lockstate' => (((strlen(App::$profile['channel_allow_cid'])) || (strlen(App::$profile['channel_allow_gid'])) || (strlen(App::$profile['channel_deny_cid'])) || (strlen(App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl,true, PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''), - 'permissions' => $channel_acl, - 'showacl' => (($is_owner) ? 'yes' : ''), - 'bang' => '', - 'visitor' => (($is_owner || $observer) ? true : false), - 'profile_uid' => App::$profile['profile_uid'], + if ($perms['post_wall']) { + + $x = [ + 'is_owner' => $is_owner, + 'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'], 'system', 'use_browser_location')))) ? true : false), + 'default_location' => (($is_owner) ? App::$profile['channel_location'] : ''), + 'nickname' => App::$profile['channel_address'], + 'lockstate' => (((strlen(App::$profile['channel_allow_cid'])) || (strlen(App::$profile['channel_allow_gid'])) || (strlen(App::$profile['channel_deny_cid'])) || (strlen(App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'), + 'acl' => (($is_owner) ? populate_acl($channel_acl, true, PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''), + 'permissions' => $channel_acl, + 'showacl' => (($is_owner) ? 'yes' : ''), + 'bang' => '', + 'visitor' => (($is_owner || $observer) ? true : false), + 'profile_uid' => App::$profile['profile_uid'], 'editor_autocomplete' => true, - 'bbco_autocomplete' => 'bbcode', - 'bbcode' => true, - 'jotnets' => true, - 'reset' => t('Reset form') - ); + 'bbco_autocomplete' => 'bbcode', + 'bbcode' => true, + 'jotnets' => true, + 'reset' => t('Reset form') + ]; - $o .= status_editor($a,$x,false,'Channel'); + $o .= status_editor($a, $x, false, 'Channel'); } } @@ -233,16 +265,16 @@ class Channel extends Controller { /** * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups */ - - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_pending_remove = 0 and item.item_blocked = 0 "; - if (! $is_owner) - $item_normal .= "and item.item_delayed = 0 "; + if (!$is_owner) + $item_normal .= "and item.item_delayed = 0 "; $item_normal_update = item_normal_update(); - $sql_extra = item_permissions_sql(App::$profile['profile_uid']); + $sql_extra = item_permissions_sql(App::$profile['profile_uid']); - if(feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (! $mid)) + if (feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (!$mid)) $page_mode = 'list'; else $page_mode = 'client'; @@ -250,13 +282,13 @@ class Channel extends Controller { $abook_uids = " and abook.abook_channel = " . intval(App::$profile['profile_uid']) . " "; $simple_update = ''; - if($update && $_SESSION['loadtime']) - $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; + if ($update && $_SESSION['loadtime']) + $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) "; - if($search) { + if ($search) { $search = escape_tags($search); - if(strpos($search,'#') === 0) { - $sql_extra .= term_query('item',substr($search,1),TERM_HASHTAG,TERM_COMMUNITYTAG); + if (strpos($search, '#') === 0) { + $sql_extra .= term_query('item', substr($search, 1), TERM_HASHTAG, TERM_COMMUNITYTAG); } else { $sql_extra .= sprintf(" AND (item.body like '%s' OR item.title like '%s') ", @@ -266,16 +298,16 @@ class Channel extends Controller { } } - head_add_link([ + head_add_link([ 'rel' => 'alternate', 'type' => 'application/json+oembed', 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string), 'title' => 'oembed' ]); - if(($update) && (! $load)) { + if (($update) && (!$load)) { - if($mid) { + if ($mid) { $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal_update AND item_wall = 1 $simple_update $sql_extra limit 1", dbesc($mid . '%'), @@ -296,61 +328,61 @@ class Channel extends Controller { } else { - if(x($category)) { - $sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY)); + if (x($category)) { + $sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'], 'item', $category, TERM_CATEGORY)); } - if(x($hashtags)) { - $sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG)); + if (x($hashtags)) { + $sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'], 'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG)); } - if($datequery) { - $sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery)))); - $order = 'post'; + if ($datequery) { + $sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery)))); + $order = 'post'; } - if($datequery2) { - $sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2)))); + if ($datequery2) { + $sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2)))); } - if($order === 'post') + if ($order === 'post') $ordering = "created"; else $ordering = "commented"; - $itemspage = get_pconfig(local_channel(),'system','itemspage'); + $itemspage = get_pconfig(local_channel(), 'system', 'itemspage'); App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start'])); - if($noscript_content || $load) { - if($mid) { + if ($noscript_content || $load) { + if ($mid) { $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal AND item_wall = 1 $sql_extra limit 1", dbesc($mid . '%'), intval(App::$profile['profile_uid']) ); - if (! $r) { - notice( t('Permission denied.') . EOL); + if (!$r) { + notice(t('Permission denied.') . EOL); } } else { - $r = q("SELECT DISTINCT item.parent AS item_id, $ordering FROM item + $r = q("SELECT DISTINCT item.parent AS item_id, $ordering FROM item left join abook on ( item.author_xchan = abook.abook_xchan $abook_uids ) WHERE true and item.uid = %d $item_normal AND (abook.abook_blocked = 0 or abook.abook_flags is null) AND item.item_wall = 1 AND item.item_thread_top = 1 - $sql_extra $sql_extra2 + $sql_extra $sql_extra2 ORDER BY $ordering DESC, item_id $pager_sql ", intval(App::$profile['profile_uid']) ); } } else { - $r = array(); + $r = []; } } - if($r) { + if ($r) { - $parents_str = ids_to_querystr($r,'item_id'); + $parents_str = ids_to_querystr($r, 'item_id'); $r = q("SELECT item.*, item.id AS item_id FROM item @@ -363,28 +395,38 @@ class Channel extends Controller { xchan_query($r); $items = fetch_post_tags($r, true); - $items = conv_sort($items,$ordering); + $items = conv_sort($items, $ordering); - if($load && $mid && (! count($items))) { + if ($load && $mid && (!count($items))) { // This will happen if we don't have sufficient permissions // to view the parent item (or the item itself if it is toplevel) - notice( t('Permission denied.') . EOL); + notice(t('Permission denied.') . EOL); } - } else { - $items = array(); + } + else { + $items = []; } - if((! $update) && (! $load)) { + // Add pinned content + if (!x($_REQUEST, 'mid') && !$search) { + $pinned = new \Zotlabs\Widget\Pinned; + $r = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]); + $o .= $r['html']; + } - if($decoded) + $mode = (($search) ? 'search' : 'channel'); + + if ((!$update) && (!$load)) { + + if ($decoded) $mid = 'b64.' . base64url_encode($mid); // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. - $maxheight = get_pconfig(App::$profile['profile_uid'],'system','channel_divmore_height'); - if(! $maxheight) + $maxheight = get_pconfig(App::$profile['profile_uid'], 'system', 'channel_divmore_height'); + if (!$maxheight) $maxheight = 400; $o .= '
' . "\r\n"; @@ -392,57 +434,48 @@ class Channel extends Controller { . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; divmore_height = " . intval($maxheight) . ";\r\n"; - App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( - '$baseurl' => z_root(), - '$pgtype' => 'channel', - '$uid' => ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : '0'), - '$gid' => '0', - '$cid' => '0', - '$cmin' => '(-1)', - '$cmax' => '(-1)', - '$star' => '0', - '$liked' => '0', - '$conv' => '0', - '$spam' => '0', - '$nouveau' => '0', - '$wall' => '1', - '$fh' => '0', - '$dm' => '0', - '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), - '$search' => $search, - '$xchan' => '', - '$order' => (($order) ? urlencode($order) : ''), - '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), - '$file' => '', - '$cats' => (($category) ? urlencode($category) : ''), - '$tags' => (($hashtags) ? urlencode($hashtags) : ''), - '$mid' => (($mid) ? urlencode($mid) : ''), - '$verb' => '', - '$net' => '', - '$dend' => $datequery, - '$dbegin' => $datequery2, - '$conv_mode' => 'channel' - )); - + App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), [ + '$baseurl' => z_root(), + '$pgtype' => 'channel', + '$uid' => ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : '0'), + '$gid' => '0', + '$cid' => '0', + '$cmin' => '(-1)', + '$cmax' => '(-1)', + '$star' => '0', + '$liked' => '0', + '$conv' => '0', + '$spam' => '0', + '$nouveau' => '0', + '$wall' => '1', + '$fh' => '0', + '$dm' => '0', + '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), + '$search' => $search, + '$xchan' => '', + '$order' => (($order) ? urlencode($order) : ''), + '$list' => ((x($_REQUEST, 'list')) ? intval($_REQUEST['list']) : 0), + '$file' => '', + '$cats' => (($category) ? urlencode($category) : ''), + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), + '$mid' => (($mid) ? urlencode($mid) : ''), + '$verb' => '', + '$net' => '', + '$dend' => $datequery, + '$dbegin' => $datequery2, + '$conv_mode' => 'channel', + '$page_mode' => $page_mode + ]); } - // Add pinned content - if(! x($_REQUEST,'mid') && ! $search) { - $pinned = new \Zotlabs\Widget\Pinned; - $r = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]); - $o .= $r['html']; - } - - $mode = (($search) ? 'search' : 'channel'); - - if($update) { - $o .= conversation($items,$mode,$update,$page_mode); + if ($update) { + $o .= conversation($items, $mode, $update, $page_mode); } else { $o .= ''; - $o .= conversation($items,$mode,$update,$page_mode); + $o .= conversation($items, $mode, $update, $page_mode); if ($mid && $items[0]['title']) App::$page['title'] = $items[0]['title'] . " - " . App::$page['title']; } - if($mid) + if ($mid) $o .= '
'; $_SESSION['loadtime'] = datetime_convert(); diff --git a/Zotlabs/Module/Channel_calendar.php b/Zotlabs/Module/Channel_calendar.php index ae4afb2f3..ac1545644 100644 --- a/Zotlabs/Module/Channel_calendar.php +++ b/Zotlabs/Module/Channel_calendar.php @@ -1,7 +1,12 @@ set($x[0]); - + $created = $x[0]['created']; - $edited = datetime_convert(); + $edited = datetime_convert(); } else { $created = $edited = datetime_convert(); $acl->set_from_array($_POST); } - + $post_tags = array(); - $channel = \App::get_channel(); - $ac = $acl->get(); + $channel = App::get_channel(); + $ac = $acl->get(); $str_contact_allow = $ac['allow_cid']; $str_group_allow = $ac['allow_gid']; - $str_contact_deny = $ac['deny_cid']; - $str_group_deny = $ac['deny_gid']; + $str_contact_deny = $ac['deny_cid']; + $str_group_deny = $ac['deny_gid']; $private = $acl->is_private(); require_once('include/text.php'); - $results = linkify_tags($desc, local_channel()); + $results = linkify_tags($desc, $uid); - if($results) { + if ($results) { // Set permissions based on tag replacements - set_linkified_perms($results, $str_contact_allow, $str_group_allow, local_channel(), false, $private); + set_linkified_perms($results, $str_contact_allow, $str_group_allow, $uid, false, $private); - foreach($results as $result) { + foreach ($results as $result) { $success = $result['success']; - if($success['replaced']) { + if ($success['replaced']) { $post_tags[] = array( - 'uid' => local_channel(), + 'uid' => $uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url'] - ); + ); } } } - if(strlen($categories)) { - $cats = explode(',',$categories); - foreach($cats as $cat) { + if (strlen($categories)) { + $cats = explode(',', $categories); + foreach ($cats as $cat) { $post_tags[] = array( - 'uid' => local_channel(), + 'uid' => $uid, 'ttype' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), @@ -141,175 +144,170 @@ class Channel_calendar extends \Zotlabs\Web\Controller { ); } } - - $datarray = array(); - $datarray['dtstart'] = $start; - $datarray['dtend'] = $finish; - $datarray['summary'] = $summary; + + $datarray = array(); + $datarray['dtstart'] = $start; + $datarray['dtend'] = $finish; + $datarray['summary'] = $summary; $datarray['description'] = $desc; - $datarray['location'] = $location; - $datarray['etype'] = $type; - $datarray['adjust'] = $adjust; - $datarray['nofinish'] = 0; - $datarray['uid'] = local_channel(); - $datarray['account'] = get_account_id(); + $datarray['location'] = $location; + $datarray['etype'] = $type; + $datarray['adjust'] = $adjust; + $datarray['nofinish'] = 0; + $datarray['uid'] = $uid; + $datarray['account'] = get_account_id(); $datarray['event_xchan'] = $channel['channel_hash']; - $datarray['allow_cid'] = $str_contact_allow; - $datarray['allow_gid'] = $str_group_allow; - $datarray['deny_cid'] = $str_contact_deny; - $datarray['deny_gid'] = $str_group_deny; - $datarray['private'] = intval($private); - $datarray['id'] = $event_id; - $datarray['created'] = $created; - $datarray['edited'] = $edited; - $datarray['timezone'] = $tz; - - - if(intval($_REQUEST['preview'])) { + $datarray['allow_cid'] = $str_contact_allow; + $datarray['allow_gid'] = $str_group_allow; + $datarray['deny_cid'] = $str_contact_deny; + $datarray['deny_gid'] = $str_group_deny; + $datarray['private'] = intval($private); + $datarray['id'] = $event_id; + $datarray['created'] = $created; + $datarray['edited'] = $edited; + $datarray['timezone'] = $tz; + + + if (intval($_REQUEST['preview'])) { $html = format_event_html($datarray); echo $html; killme(); } - + $event = event_store_event($datarray); - - if($post_tags) + + if ($post_tags) $datarray['term'] = $post_tags; - - $item_id = event_store_item($datarray,$event); - - if($item_id) { + + $item_id = event_store_item($datarray, $event); + + if ($item_id) { $r = q("select * from item where id = %d", intval($item_id) ); - if($r) { + if ($r) { xchan_query($r); $sync_item = fetch_post_tags($r); - $z = q("select * from event where event_hash = '%s' and uid = %d limit 1", + $z = q("select * from event where event_hash = '%s' and uid = %d limit 1", dbesc($r[0]['resource_id']), intval($channel['channel_id']) ); - if($z) { - Libsync::build_sync_packet($channel['channel_id'],array('event_item' => array(encode_item($sync_item[0],true)),'event' => $z)); + if ($z) { + Libsync::build_sync_packet($channel['channel_id'], array('event_item' => array(encode_item($sync_item[0], true)), 'event' => $z)); } } } - - \Zotlabs\Daemon\Master::Summon(array('Notifier','event',$item_id)); + + Master::Summon(array('Notifier', 'event', $item_id)); killme(); - + } - - - + + function get() { - - if(argc() > 2 && argv(1) == 'ical') { + + if (argc() > 2 && argv(1) == 'ical') { $event_id = argv(2); - + require_once('include/security.php'); $sql_extra = permissions_sql(local_channel()); - + $r = q("select * from event where event_hash = '%s' $sql_extra limit 1", dbesc($event_id) ); - if($r) { + if ($r) { header('Content-type: text/calendar'); - header('content-disposition: attachment; filename="' . t('event') . '-' . $event_id . '.ics"' ); + header('content-disposition: attachment; filename="' . t('event') . '-' . $event_id . '.ics"'); echo ical_wrapper($r); killme(); } else { - notice( t('Event not found.') . EOL ); + notice(t('Event not found.') . EOL); return; } } - - if(! local_channel()) { - notice( t('Permission denied.') . EOL); + + if (!local_channel()) { + notice(t('Permission denied.') . EOL); return; } - if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { - $r = q("update event set dismissed = 1 where id = %d and uid = %d", + if ((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { + q("update event set dismissed = 1 where id = %d and uid = %d", intval(argv(2)), intval(local_channel()) ); } - - if((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) { - $r = q("update event set dismissed = 0 where id = %d and uid = %d", + + if ((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) { + q("update event set dismissed = 0 where id = %d and uid = %d", intval(argv(2)), intval(local_channel()) ); } - $channel = \App::get_channel(); - - $mode = 'view'; - $export = false; - $ignored = ((x($_REQUEST,'ignored')) ? " and dismissed = " . intval($_REQUEST['ignored']) . " " : ''); + $mode = 'view'; + $export = false; + $ignored = ((x($_REQUEST, 'ignored')) ? " and dismissed = " . intval($_REQUEST['ignored']) . " " : ''); - if(argc() > 1) { - if(argc() > 2 && argv(1) === 'add') { - $mode = 'add'; + if (argc() > 1) { + if (argc() > 2 && argv(1) === 'add') { + $mode = 'add'; $item_id = intval(argv(2)); } - if(argc() > 2 && argv(1) === 'drop') { - $mode = 'drop'; + if (argc() > 2 && argv(1) === 'drop') { + $mode = 'drop'; $event_id = argv(2); } - if(argc() <= 2 && argv(1) === 'export') { + if (argc() <= 2 && argv(1) === 'export') { $export = true; } - if(argc() > 2 && intval(argv(1)) && intval(argv(2))) { + if (argc() > 2 && intval(argv(1)) && intval(argv(2))) { $mode = 'view'; } - if(argc() <= 2) { - $mode = 'view'; + if (argc() <= 2) { + $mode = 'view'; $event_id = argv(1); } } - - if($mode === 'add') { - event_addtocal($item_id,local_channel()); + + if ($mode === 'add') { + event_addtocal($item_id, local_channel()); killme(); } - - if($mode == 'view') { - + + if ($mode == 'view') { + /* edit/create form */ - if($event_id) { - $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", + if ($event_id) { + q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", dbesc($event_id), intval(local_channel()) ); - if(count($r)) - $orig_event = $r[0]; } - - $channel = \App::get_channel(); - if (argv(1) === 'json'){ - if (x($_GET,'start')) $start = $_GET['start']; - if (x($_GET,'end')) $finish = $_GET['end']; + $channel = App::get_channel(); + + if (argv(1) === 'json') { + if (x($_GET, 'start')) $start = $_GET['start']; + if (x($_GET, 'end')) $finish = $_GET['end']; } - - $start = datetime_convert('UTC','UTC',$start); - $finish = datetime_convert('UTC','UTC',$finish); - $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); + + $start = datetime_convert('UTC', 'UTC', $start); + $finish = datetime_convert('UTC', 'UTC', $finish); + $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); - if (x($_GET,'id')){ - $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id + if (x($_GET, 'id')) { + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id from event left join item on item.resource_id = event.event_hash where item.resource_type = 'event' and event.uid = %d and event.id = %d limit 1", intval(local_channel()), intval($_GET['id']) ); } - elseif($export) { + elseif ($export) { $r = q("SELECT event.*, item.id as item_id from event left join item on item.resource_id = event.event_hash where event.uid = %d and event.dtstart > '%s' and event.dtend > event.dtstart", @@ -335,104 +333,105 @@ class Channel_calendar extends \Zotlabs\Web\Controller { dbesc($adjust_finish) ); } - - if($r && ! $export) { + + if ($r && !$export) { xchan_query($r); - $r = fetch_post_tags($r,true); + $r = fetch_post_tags($r, true); $r = sort_by_date($r); } $events = []; - if($r) { - - foreach($r as $rr) { + if ($r) { + + foreach ($r as $rr) { $start = (($rr['adjust']) ? datetime_convert('UTC', date_default_timezone_get(), $rr['dtstart'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtstart'], 'c')); - if ($rr['nofinish']){ + if ($rr['nofinish']) { $end = null; - } else { + } + else { $end = (($rr['adjust']) ? datetime_convert('UTC', date_default_timezone_get(), $rr['dtend'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtend'], 'c')); } - $catsenabled = feature_enabled(local_channel(),'categories'); - $categories = ''; - if($catsenabled){ - if($rr['term']) { + $catsenabled = feature_enabled(local_channel(), 'categories'); + $categories = ''; + if ($catsenabled) { + if ($rr['term']) { $cats = get_terms_oftype($rr['term'], TERM_CATEGORY); foreach ($cats as $cat) { - if(strlen($categories)) + if (strlen($categories)) $categories .= ', '; $categories .= $cat['term']; } } } - $edit = ((local_channel() && $rr['author_xchan'] == get_observer_hash()) ? array(z_root().'/events/'.$rr['event_hash'].'?expandform=1',t('Edit event'),'','') : false); - - $drop = array(z_root().'/events/drop/'.$rr['event_hash'],t('Delete event'),'',''); - + $edit = ((local_channel() && $rr['author_xchan'] == get_observer_hash()) ? array(z_root() . '/events/' . $rr['event_hash'] . '?expandform=1', t('Edit event'), '', '') : false); + + $drop = array(z_root() . '/events/drop/' . $rr['event_hash'], t('Delete event'), '', ''); + $tz = get_iconfig($rr, 'event', 'timezone'); - if(! $tz) + if (!$tz) $tz = 'UTC'; $events[] = array( 'calendar_id' => 'channel_calendar', - 'rw' => true, - 'id'=>$rr['id'], - 'uri' => $rr['event_hash'], - 'timezone' => $tz, - 'start'=> $start, - 'end' => $end, - 'drop' => $drop, - 'allDay' => (($rr['adjust']) ? 0 : 1), - 'title' => html_entity_decode($rr['summary'], ENT_COMPAT, 'UTF-8'), - 'editable' => $edit ? true : false, - 'item' => $rr, - 'plink' => [$rr['plink'], t('Link to source')], + 'rw' => true, + 'id' => $rr['id'], + 'uri' => $rr['event_hash'], + 'timezone' => $tz, + 'start' => $start, + 'end' => $end, + 'drop' => $drop, + 'allDay' => (($rr['adjust']) ? 0 : 1), + 'title' => html_entity_decode($rr['summary'], ENT_COMPAT, 'UTF-8'), + 'editable' => $edit ? true : false, + 'item' => $rr, + 'plink' => [$rr['plink'], t('Link to source')], 'description' => html_entity_decode($rr['description'], ENT_COMPAT, 'UTF-8'), - 'location' => html_entity_decode($rr['location'], ENT_COMPAT, 'UTF-8'), - 'allow_cid' => expand_acl($rr['allow_cid']), - 'allow_gid' => expand_acl($rr['allow_gid']), - 'deny_cid' => expand_acl($rr['deny_cid']), - 'deny_gid' => expand_acl($rr['deny_gid']), - 'categories' => $categories + 'location' => html_entity_decode($rr['location'], ENT_COMPAT, 'UTF-8'), + 'allow_cid' => expand_acl($rr['allow_cid']), + 'allow_gid' => expand_acl($rr['allow_gid']), + 'deny_cid' => expand_acl($rr['deny_cid']), + 'deny_gid' => expand_acl($rr['deny_gid']), + 'categories' => $categories ); } } - - if($export) { + + if ($export) { header('Content-type: text/calendar'); - header('content-disposition: attachment; filename="' . t('calendar') . '-' . $channel['channel_address'] . '.ics"' ); + header('content-disposition: attachment; filename="' . t('calendar') . '-' . $channel['channel_address'] . '.ics"'); echo ical_wrapper($r); killme(); } - if (\App::$argv[1] === 'json'){ + if (App::$argv[1] === 'json') { json_return_and_die($events); } } - - if($mode === 'drop' && $event_id) { + + if ($mode === 'drop' && $event_id) { $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", dbesc($event_id), intval(local_channel()) ); - + $sync_event = $r[0]; - - if($r) { + + if ($r) { $r = q("delete from event where event_hash = '%s' and uid = %d", dbesc($event_id), intval(local_channel()) ); - if($r) { + if ($r) { $sync_event['event_deleted'] = 1; - Libsync::build_sync_packet(0,array('event' => array($sync_event))); + Libsync::build_sync_packet(0, array('event' => array($sync_event))); $i = q("select * from item where resource_type = 'event' and resource_id = '%s' and uid = %d", dbesc($event_id), @@ -441,11 +440,11 @@ class Channel_calendar extends \Zotlabs\Web\Controller { if ($i) { - $can_delete = false; + $can_delete = false; $local_delete = true; $ob_hash = get_observer_hash(); - if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) { + if ($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) { $can_delete = true; } @@ -453,49 +452,49 @@ class Channel_calendar extends \Zotlabs\Web\Controller { // If the item originated on this site+channel the deletion will propagate downstream. // Otherwise just the local copy is removed. - if(is_site_admin()) { + if (is_site_admin()) { $local_delete = true; - if(intval($i[0]['item_origin'])) + if (intval($i[0]['item_origin'])) $can_delete = true; } - if($can_delete || $local_delete) { + if ($can_delete || $local_delete) { // if this is a different page type or it's just a local delete // but not by the item author or owner, do a simple deletion - $complex = false; + $complex = false; - if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) { + if (intval($i[0]['item_type']) || ($local_delete && (!$can_delete))) { drop_item($i[0]['id']); } else { // complex deletion that needs to propagate and be performed in phases - drop_item($i[0]['id'],true,DROPITEM_PHASE1); + drop_item($i[0]['id'], true, DROPITEM_PHASE1); $complex = true; } $ii = q("select * from item where id = %d", intval($i[0]['id']) ); - if($ii) { + if ($ii) { xchan_query($ii); $sync_item = fetch_post_tags($ii); - Libsync::build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true)))); + Libsync::build_sync_packet($i[0]['uid'], array('item' => array(encode_item($sync_item[0], true)))); } - if($complex) { - tag_deliver($i[0]['uid'],$i[0]['id']); + if ($complex) { + tag_deliver($i[0]['uid'], $i[0]['id']); } } } killme(); } - notice( t('Failed to remove event' ) . EOL); + notice(t('Failed to remove event') . EOL); killme(); } } - + } - + } diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index 12e1891d4..8ae4841b4 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -70,7 +70,7 @@ class Chanview extends \Zotlabs\Web\Controller { $zf = Zotfinger::exec($_REQUEST['url'], null); if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $_REQUEST['url'] && intval($zf['signature']['header_valid'])) { - Libzot::import_xchan($j); + Libzot::import_xchan($zf['data']); $r = q("select * from xchan where xchan_url = '%s'", dbesc($_REQUEST['url']) ); diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index 39ae0f92f..3d1b97980 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -105,7 +105,7 @@ class Cloud extends Controller { // All we need to do now, is to fire up the server - $server->exec(); + $server->start(); if($browser->build_page) construct_page(); diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 7dc301623..5025f4e22 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -109,6 +109,7 @@ class Connections extends \Zotlabs\Web\Controller { case 'all': $head = t('All'); + break; default: $search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 and abook_not_here = 0 "; $active = true; @@ -238,7 +239,7 @@ class Connections extends \Zotlabs\Web\Controller { } $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - where abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ", + where abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra ", intval(local_channel()) ); if($r) { @@ -247,7 +248,7 @@ class Connections extends \Zotlabs\Web\Controller { } $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - WHERE abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ORDER BY $sql_order LIMIT %d OFFSET %d ", + WHERE abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra ORDER BY $sql_order LIMIT %d OFFSET %d ", intval(local_channel()), intval(App::$pager['itemspage']), intval(App::$pager['start']) diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index becf8460d..44211c8b9 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -9,6 +9,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\Libsync; use Zotlabs\Daemon\Master; @@ -32,10 +33,10 @@ class Connedit extends Controller { */ function init() { - + if(! local_channel()) return; - + if((argc() >= 2) && intval(argv(1))) { $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash @@ -47,54 +48,54 @@ class Connedit extends Controller { App::$poi = array_shift($r); } } - + $channel = App::get_channel(); if($channel) head_set_icon($channel['xchan_photo_s']); - + } - + /* @brief Evaluate posted values and set changes * */ - + function post() { - + if(! local_channel()) return; - + $contact_id = intval(argv(1)); if(! $contact_id) return; - + $channel = App::get_channel(); - + // TODO if configured for hassle-free permissions, we'll post the form with ajax as soon as the // connection enable is toggled to a special autopost url and set permissions immediately, leaving // the other form elements alone pending a manual submit of the form. The downside is that there // will be a window of opportunity when the permissions have been set but before you've had a chance // to review and possibly restrict them. The upside is we won't have to warn you that your connection // can't do anything until you save the bloody form. - + $autopost = (((argc() > 2) && (argv(2) === 'auto')) ? true : false); - + $orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($contact_id), intval(local_channel()) ); - + if(! $orig_record) { notice( t('Could not access contact record.') . EOL); goaway(z_root() . '/connections'); return; // NOTREACHED } - + call_hooks('contact_edit_post', $_POST); - + $vc = get_abconfig(local_channel(),$orig_record['abook_xchan'],'system','vcard'); - $vcard = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); + $vcard = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); $serialised_vcard = update_vcard($_REQUEST,$vcard); if($serialised_vcard) set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'system','vcard',$serialised_vcard); @@ -107,8 +108,8 @@ class Connedit extends Controller { $autoperms = null; $is_self = false; } - - + + $profile_id = ((array_key_exists('profile_assign',$_POST)) ? $_POST['profile_assign'] : $orig_record[0]['abook_profile']); if($profile_id) { @@ -121,17 +122,17 @@ class Connedit extends Controller { return; } } - + $abook_incl = ((array_key_exists('abook_incl',$_POST)) ? escape_tags($_POST['abook_incl']) : $orig_record[0]['abook_incl']); $abook_excl = ((array_key_exists('abook_excl',$_POST)) ? escape_tags($_POST['abook_excl']) : $orig_record[0]['abook_excl']); $hidden = intval($_POST['hidden']); - + $priority = intval($_POST['poll']); if($priority > 5 || $priority < 0) $priority = 0; - + if(! array_key_exists('closeness',$_POST)) { $_POST['closeness'] = 80; } @@ -139,15 +140,15 @@ class Connedit extends Controller { if($closeness < 0 || $closeness > 99) { $closeness = 80; } - + $rating = intval($_POST['rating']); if($rating < (-10)) $rating = (-10); if($rating > 10) $rating = 10; - + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - + $all_perms = Permissions::Perms(); if($all_perms) { @@ -168,27 +169,27 @@ class Connedit extends Controller { } } - if(! is_null($autoperms)) + if(! is_null($autoperms)) set_pconfig($channel['channel_id'],'system','autoperms',$autoperms); - + $new_friend = false; - + // only store a record and notify the directory if the rating changed if(! $is_self) { - + $signed = $orig_record[0]['abook_xchan'] . '.' . $rating . '.' . $rating_text; - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); $rated = ((intval($rating) || strlen($rating_text)) ? true : false); - + $record = 0; - + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($orig_record[0]['abook_xchan']) ); - + if($z) { if(($z[0]['xlink_rating'] != $rating) || ($z[0]['xlink_rating_text'] != $rating_text)) { $record = $z[0]['xlink_id']; @@ -223,18 +224,18 @@ class Connedit extends Controller { Master::Summon(array('Ratenotif','rating',$record)); } } - + if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) { $new_friend = true; - + // @fixme it won't be common, but when you accept a new connection request // the permissions will now be that of your permissions role and ignore // any you may have set manually on the form. We'll probably see a bug if somebody // tries to set the permissions *and* approve the connection in the same // request. The workaround is to approve the connection, then go back and // adjust permissions as desired. - + $p = Permissions::connect_perms(local_channel()); $my_perms = $p['perms']; if($my_perms) { @@ -247,7 +248,7 @@ class Connedit extends Controller { $abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']); - + $r = q("UPDATE abook SET abook_profile = '%s', abook_closeness = %d, abook_pending = %d, abook_incl = '%s', abook_excl = '%s' where abook_id = %d AND abook_channel = %d", @@ -259,7 +260,7 @@ class Connedit extends Controller { intval($contact_id), intval(local_channel()) ); - + if($r) info( t('Connection updated.') . EOL); else @@ -267,16 +268,16 @@ class Connedit extends Controller { if(! intval(App::$poi['abook_self'])) { if($new_friend) { - Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); + Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); } - Master::Summon( [ - 'Notifier', - (($new_friend) ? 'permission_create' : 'permission_update'), - $contact_id + Master::Summon( [ + 'Notifier', + (($new_friend) ? 'permission_create' : 'permission_update'), + $contact_id ]); } - + if($new_friend) { $default_group = $channel['channel_default_group']; if($default_group) { @@ -285,11 +286,11 @@ class Connedit extends Controller { if($g) group_add_member(local_channel(),'',App::$poi['abook_xchan'],$g['id']); } - + // Check if settings permit ("post new friend activity" is allowed, and // friends in general or this friend in particular aren't hidden) // and send out a new friend activity - + $pr = q("select * from profile where uid = %d and is_default = 1 and hide_friends = 0", intval($channel['channel_id']) ); @@ -305,23 +306,23 @@ class Connedit extends Controller { $xarr['deny_cid'] = $channel['channel_deny_cid']; $xarr['deny_gid'] = $channel['channel_deny_gid']; $xarr['item_private'] = (($xarr['allow_cid']||$xarr['allow_gid']||$xarr['deny_cid']||$xarr['deny_gid']) ? 1 : 0); - + $xarr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t('is now connected to') . ' ' . '[zrl=' . App::$poi['xchan_url'] . ']' . App::$poi['xchan_name'] . '[/zrl]'; - + $xarr['body'] .= "\n\n\n" . '[zrl=' . App::$poi['xchan_url'] . '][zmg=80x80]' . App::$poi['xchan_photo_m'] . '[/zmg][/zrl]'; - + post_activity_item($xarr); - + } - - + + // pull in a bit of content if there is any to pull in Master::Summon(array('Onepoll',$contact_id)); - + } - + // Refresh the structure in memory with the new data - + $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and abook_id = %d LIMIT 1", @@ -331,34 +332,34 @@ class Connedit extends Controller { if($r) { App::$poi = $r[0]; } - + if($new_friend) { $arr = array('channel_id' => local_channel(), 'abook' => App::$poi); call_hooks('accept_follow', $arr); } - + $this->connedit_clone($a); - + if(($_REQUEST['pending']) && (!$_REQUEST['done'])) goaway(z_root() . '/connections/ifpending'); - + return; - + } - + /* @brief Clone connection * * */ - + function connedit_clone(&$a) { - + if(! App::$poi) return; - - + + $channel = App::get_channel(); - + $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and abook_id = %d LIMIT 1", @@ -368,40 +369,40 @@ class Connedit extends Controller { if($r) { App::$poi = array_shift($r); } - + $clone = App::$poi; - + unset($clone['abook_id']); unset($clone['abook_account']); unset($clone['abook_channel']); - + $abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']); if($abconfig) $clone['abconfig'] = $abconfig; - + Libsync::build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone))); } - + /* @brief Generate content of connection edit page * * */ - + function get() { - + $sort_type = 0; $o = ''; - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return login(); } - + $section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : ''); $channel = App::get_channel(); - + $yes_no = array(t('No'),t('Yes')); - + $connect_perms = Permissions::connect_perms(local_channel()); $o .= "\n"; - + if(argc() == 3) { - + $contact_id = intval(argv(1)); if(! $contact_id) return; - + $cmd = argv(2); $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash @@ -429,17 +430,17 @@ class Connedit extends Controller { intval($contact_id), intval(local_channel()) ); - + if(! count($orig_record)) { notice( t('Could not access address book record.') . EOL); goaway(z_root() . '/connections'); } - + if($cmd === 'update') { // pull feed and consume it, which should subscribe to the hub. Master::Summon(array('Poller',$contact_id)); goaway(z_root() . '/connedit/' . $contact_id); - + } if($cmd === 'fetchvc') { @@ -474,7 +475,7 @@ class Connedit extends Controller { dbesc($orig_record[0]['xchan_hash']) ); $cmd = 'refresh'; - } + } if($cmd === 'refresh') { if($orig_record[0]['xchan_network'] === 'zot') { @@ -486,13 +487,13 @@ class Connedit extends Controller { notice( t('Refresh failed - channel is currently unavailable.') ); } else { - + // if you are on a different network we'll force a refresh of the connection basic info Master::Summon(array('Notifier','permission_update',$contact_id)); } goaway(z_root() . '/connedit/' . $contact_id); } - + if($cmd === 'block') { if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_BLOCKED)) { $this->connedit_clone($a); @@ -501,7 +502,7 @@ class Connedit extends Controller { notice(t('Unable to set address book parameters.') . EOL); goaway(z_root() . '/connedit/' . $contact_id); } - + if($cmd === 'ignore') { if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_IGNORED)) { $this->connedit_clone($a); @@ -510,7 +511,7 @@ class Connedit extends Controller { notice(t('Unable to set address book parameters.') . EOL); goaway(z_root() . '/connedit/' . $contact_id); } - + if($cmd === 'archive') { if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_ARCHIVED)) { $this->connedit_clone($a); @@ -519,7 +520,7 @@ class Connedit extends Controller { notice(t('Unable to set address book parameters.') . EOL); goaway(z_root() . '/connedit/' . $contact_id); } - + if($cmd === 'hide') { if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_HIDDEN)) { $this->connedit_clone($a); @@ -528,10 +529,10 @@ class Connedit extends Controller { notice(t('Unable to set address book parameters.') . EOL); goaway(z_root() . '/connedit/' . $contact_id); } - + // We'll prevent somebody from unapproving an already approved contact. // Though maybe somebody will want this eventually (??) - + if($cmd === 'approve') { if(intval($orig_record[0]['abook_pending'])) { if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_PENDING)) { @@ -542,10 +543,10 @@ class Connedit extends Controller { } goaway(z_root() . '/connedit/' . $contact_id); } - - + + if($cmd === 'drop') { - + contact_remove(local_channel(), $orig_record[0]['abook_id']); Master::Summon( [ 'Notifier', 'purge', local_channel(), $orig_record[0]['xchan_hash'] ] ); @@ -556,17 +557,17 @@ class Connedit extends Controller { 'entry_deleted' => true)) ) ); - + info( t('Connection has been removed.') . EOL ); if(x($_SESSION,'return_url')) goaway(z_root() . '/' . $_SESSION['return_url']); goaway(z_root() . '/contacts'); - + } } - + if(App::$poi) { - + $abook_prev = 0; $abook_next = 0; @@ -595,14 +596,14 @@ class Connedit extends Controller { } $tools = array( - + 'view' => array( 'label' => t('View Profile'), 'url' => chanlink_cid($contact['abook_id']), 'sel' => '', 'title' => sprintf( t('View %s\'s profile'), $contact['xchan_name']), ), - + 'refresh' => array( 'label' => t('Refresh Permissions'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/refresh', @@ -616,14 +617,14 @@ class Connedit extends Controller { 'sel' => '', 'title' => t('Fetch updated photo'), ), - + 'recent' => array( 'label' => t('Recent Activity'), 'url' => z_root() . '/network/?f=&cid=' . $contact['abook_id'], 'sel' => '', 'title' => t('View recent posts and comments'), ), - + 'block' => array( 'label' => (intval($contact['abook_blocked']) ? t('Unblock') : t('Block')), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/block', @@ -631,7 +632,7 @@ class Connedit extends Controller { 'title' => t('Block (or Unblock) all communications with this connection'), 'info' => (intval($contact['abook_blocked']) ? t('This connection is blocked!') : ''), ), - + 'ignore' => array( 'label' => (intval($contact['abook_ignored']) ? t('Unignore') : t('Ignore')), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/ignore', @@ -639,7 +640,7 @@ class Connedit extends Controller { 'title' => t('Ignore (or Unignore) all inbound communications from this connection'), 'info' => (intval($contact['abook_ignored']) ? t('This connection is ignored!') : ''), ), - + 'archive' => array( 'label' => (intval($contact['abook_archived']) ? t('Unarchive') : t('Archive')), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/archive', @@ -647,7 +648,7 @@ class Connedit extends Controller { 'title' => t('Archive (or Unarchive) this connection - mark channel dead but keep content'), 'info' => (intval($contact['abook_archived']) ? t('This connection is archived!') : ''), ), - + 'hide' => array( 'label' => (intval($contact['abook_hidden']) ? t('Unhide') : t('Hide')), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/hide', @@ -655,18 +656,18 @@ class Connedit extends Controller { 'title' => t('Hide or Unhide this connection from your other connections'), 'info' => (intval($contact['abook_hidden']) ? t('This connection is hidden!') : ''), ), - + 'delete' => array( 'label' => t('Delete'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/drop', 'sel' => '', 'title' => t('Delete this connection'), ), - + ); - if($contact['xchan_network'] === 'zot') { + if(in_array($contact['xchan_network'], ['zot6', 'zot'])) { $tools['fetchvc'] = [ 'label' => t('Fetch Vcard'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/fetchvc', @@ -684,24 +685,24 @@ class Connedit extends Controller { 'sel' => '', 'title' => t('Open Individual Permissions section by default'), ]; - + $self = false; - + if(intval($contact['abook_self'])) { $self = true; $abook_prev = $abook_next = 0; } - + $vc = get_abconfig(local_channel(),$contact['abook_xchan'],'system','vcard'); - $vctmp = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); + $vctmp = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); $vcard = (($vctmp) ? get_vcard_array($vctmp,$contact['abook_id']) : [] ); if(! $vcard) $vcard['fn'] = $contact['xchan_name']; $tpl = get_markup_template("abook_edit.tpl"); - + if(Apps::system_app_installed(local_channel(),'Affinity Tool')) { $sections['affinity'] = [ @@ -710,7 +711,7 @@ class Connedit extends Controller { 'sel' => '', 'title' => t('Open Set Affinity section by default'), ]; - + $labels = [ t('Me'), t('Family'), @@ -720,7 +721,7 @@ class Connedit extends Controller { ]; call_hooks('affinity_labels',$labels); $label_str = ''; - + if($labels) { foreach($labels as $l) { if($label_str) { @@ -731,11 +732,11 @@ class Connedit extends Controller { $label_str .= "'" . $l . "'"; } } - + $slider_tpl = get_markup_template('contact_slider.tpl'); - + $slideval = intval($contact['abook_closeness']); - + $slide = replace_macros($slider_tpl,array( '$min' => 1, '$val' => $slideval, @@ -751,22 +752,22 @@ class Connedit extends Controller { 'title' => t('Open Custom Filter section by default'), ]; } - + $rating_val = 0; $rating_text = ''; - + $xl = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc($contact['xchan_hash']) ); - + if($xl) { $rating_val = intval($xl[0]['xlink_rating']); $rating_text = $xl[0]['xlink_rating_text']; } - + $rating_enabled = get_config('system','rating_enabled'); - + if($rating_enabled) { $rating = replace_macros(get_markup_template('rating_slider.tpl'),array( '$min' => -10, @@ -776,28 +777,28 @@ class Connedit extends Controller { else { $rating = false; } - - + + $perms = array(); $channel = App::get_channel(); - + $global_perms = Permissions::Perms(); $existing = get_all_perms(local_channel(),$contact['abook_xchan'],false); - + $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes'))); - + $multiprofs = ((feature_enabled(local_channel(),'multi_profiles')) ? true : false); - + if($slide && !$multiprofs) $affinity = t('Set Affinity'); - + if(!$slide && $multiprofs) $affinity = t('Set Profile'); - + if($slide && $multiprofs) $affinity = t('Set Affinity & Profile'); - + $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'", intval(local_channel()), dbesc($contact['abook_xchan']) @@ -812,20 +813,20 @@ class Connedit extends Controller { foreach($global_perms as $k => $v) { $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k); //fixme - + $checkinherited = PermissionLimits::Get(local_channel(),$k); - + // For auto permissions (when $self is true) we don't want to look at existing // permissions because they are enabled for the channel owner if((! $self) && ($existing[$k])) $thisperm = "1"; - - + + $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited); } - + $pcat = new Permcat(local_channel()); $pcatlist = $pcat->listing(); $permcats = []; @@ -838,23 +839,23 @@ class Connedit extends Controller { $locstr = locations_by_netid($contact['xchan_hash']); if(! $locstr) $locstr = unpunify($contact['xchan_url']); - + $clone_warn = ''; $clonable = (in_array($contact['xchan_network'],['zot', 'zot6', 'rss']) ? true : false); if(! $clonable) { $clone_warn = ''; - $clone_warn .= ((intval($contact['abook_not_here'])) + $clone_warn .= ((intval($contact['abook_not_here'])) ? t('This connection is unreachable from this location.') : t('This connection may be unreachable from other channel locations.') ); $clone_warn .= '
' . t('Location independence is not supported by their network.'); } - + if(intval($contact['abook_not_here']) && $unclonable) $not_here = t('This connection is unreachable from this location. Location independence is not supported by their network.'); - + $o .= replace_macros($tpl, [ '$header' => (($self) ? t('Connection Default Permissions') : sprintf( t('Connection: %s'),$contact['xchan_name'])), '$autoperms' => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('Connection requests will be approved without your interaction'), $yes_no), @@ -910,7 +911,7 @@ class Connedit extends Controller { '$name' => $contact['xchan_name'], '$abook_prev' => $abook_prev, '$abook_next' => $abook_next, - '$vcard_label' => t('Details'), + '$vcard_label' => t('Details'), '$displayname' => $displayname, '$name_label' => t('Name'), '$org_label' => t('Organisation'), @@ -939,13 +940,13 @@ class Connedit extends Controller { '$zip_code' => t('ZIP Code'), '$country' => t('Country') ]); - + $arr = array('contact' => $contact,'output' => $o); - + call_hooks('contact_edit', $arr); - + return $arr['output']; - - } + + } } } diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 82d773139..96fe2c898 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -124,7 +124,7 @@ class Dav extends \Zotlabs\Web\Controller { // $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth)); // All we need to do now, is to fire up the server - $server->exec(); + $server->start(); killme(); } diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 81ac0f7b8..2aa4f6548 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -19,21 +19,21 @@ class Display extends \Zotlabs\Web\Controller { if(argc() > 1) { $module_format = substr(argv(1),strrpos(argv(1),'.') + 1); if(! in_array($module_format,['atom','zot','json'])) - $module_format = 'html'; + $module_format = 'html'; } if(observer_prohibited()) { notice( t('Public access denied.') . EOL); return; } - + if(argc() > 1) { $item_hash = argv(1); if($module_format !== 'html') { $item_hash = substr($item_hash,0,strrpos($item_hash,'.')); } } - + if($_REQUEST['mid']) $item_hash = $_REQUEST['mid']; @@ -42,19 +42,19 @@ class Display extends \Zotlabs\Web\Controller { notice( t('Item not found.') . EOL); return; } - + $observer_is_owner = false; if(local_channel() && (! $update)) { - + $channel = \App::get_channel(); $channel_acl = array( - 'allow_cid' => $channel['channel_allow_cid'], - 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid'] - ); + ); $x = array( 'is_owner' => true, @@ -62,7 +62,7 @@ class Display extends \Zotlabs\Web\Controller { 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), + 'acl' => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), 'permissions' => $channel_acl, 'bang' => '', 'visitor' => true, @@ -75,21 +75,21 @@ class Display extends \Zotlabs\Web\Controller { 'jotnets' => true, 'reset' => t('Reset form') ); - + $o = '
'; $o .= status_editor($a,$x,false,'Display'); $o .= '
'; } - + // This page can be viewed by anybody so the query could be complicated // First we'll see if there is a copy of the item which is owned by us - if we're logged in locally. - // If that fails (or we aren't logged in locally), + // If that fails (or we aren't logged in locally), // query an item in which the observer (if logged in remotely) has cid or gid rights - // and if that fails, look for a copy of the post that has no privacy restrictions. + // and if that fails, look for a copy of the post that has no privacy restrictions. // If we find the post, but we don't find a copy that we're allowed to look at, this fact needs to be reported. - + // find a copy of the item somewhere - + $target_item = null; if(strpos($item_hash,'b64.') === 0) @@ -100,7 +100,7 @@ class Display extends \Zotlabs\Web\Controller { $r = q("select id, uid, mid, parent, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid like '%s' limit 1", dbesc($item_hash . '%') ); - + if($r) { $target_item = $r[0]; } @@ -117,14 +117,14 @@ class Display extends \Zotlabs\Web\Controller { if($target_item['item_blocked'] == ITEM_MODERATED) { goaway(z_root() . '/moderate/' . $target_item['id']); } - + $r = null; - + if($target_item['item_type'] == ITEM_TYPE_WEBPAGE) { $x = q("select * from channel where channel_id = %d limit 1", intval($target_item['uid']) ); - $y = q("select * from iconfig left join item on iconfig.iid = item.id + $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item.id = %d limit 1", intval($target_item['uid']), intval($target_item['parent']) @@ -141,7 +141,7 @@ class Display extends \Zotlabs\Web\Controller { $x = q("select * from channel where channel_id = %d limit 1", intval($target_item['uid']) ); - $y = q("select * from iconfig left join item on iconfig.iid = item.id + $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and item.id = %d limit 1", intval($target_item['uid']), intval($target_item['parent']) @@ -160,7 +160,7 @@ class Display extends \Zotlabs\Web\Controller { intval($target_item['uid']) ); - $y = q("select * from iconfig left join item on iconfig.iid = item.id + $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1", intval($target_item['uid']), intval($target_item['parent']) @@ -179,7 +179,7 @@ class Display extends \Zotlabs\Web\Controller { notice( t('Page not found.') . EOL); return ''; } - + $simple_update = ''; if($update && $_SESSION['loadtime']) $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; @@ -191,14 +191,14 @@ class Display extends \Zotlabs\Web\Controller { //$mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']); $mid = $target_item['mid']; - // if we got a decoded hash we must encode it again before handing to javascript + // if we got a decoded hash we must encode it again before handing to javascript if($decoded) $mid = 'b64.' . base64url_encode($mid); $o .= '
' . "\r\n"; $o .= "\r\n"; - + \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( '$baseurl' => z_root(), '$pgtype' => 'display', @@ -230,7 +230,7 @@ class Display extends \Zotlabs\Web\Controller { '$mid' => (($mid) ? urlencode($mid) : '') )); - head_add_link([ + head_add_link([ 'rel' => 'alternate', 'type' => 'application/json+oembed', 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), @@ -269,20 +269,23 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; $r = q("SELECT item.id as item_id from item - WHERE mid = '%s' - AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' - AND item.deny_gid = '' AND item_private = 0 ) + WHERE ( (mid = '%s' + AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' + AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) - $sql_extra ) + OR uid = %d ) ) ) OR + (mid = '%s' $sql_extra ) ) $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid) + intval($sysid), + dbesc($target_item['parent_mid']) ); + + } } - + elseif($update && !$load) { $r = null; @@ -307,8 +310,8 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; $r = q("SELECT item.parent AS item_id from item WHERE parent_mid = '%s' - AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' - AND item.deny_gid = '' AND item_private = 0 ) + AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' + AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ) $sql_extra ) @@ -320,7 +323,7 @@ class Display extends \Zotlabs\Web\Controller { ); } } - + else { $r = array(); } @@ -328,7 +331,7 @@ class Display extends \Zotlabs\Web\Controller { if($r) { $parents_str = ids_to_querystr($r,'item_id'); if($parents_str) { - $items = q("SELECT item.*, item.id AS item_id + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE parent in ( %s ) $item_normal ", dbesc($parents_str) @@ -341,10 +344,10 @@ class Display extends \Zotlabs\Web\Controller { else { $items = array(); } - + switch($module_format) { - + case 'html': if ($update) { @@ -363,7 +366,7 @@ class Display extends \Zotlabs\Web\Controller { \App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . \App::$page['title'] : \App::$page['title']); $o .= conversation($items, 'display', $update, 'client'); - } + } break; @@ -380,7 +383,7 @@ class Display extends \Zotlabs\Web\Controller { '$owner' => '', '$profile_page' => xmlify(z_root() . '/display/' . $target_item['mid']), )); - + $x = [ 'xml' => $atom, 'channel' => $channel, 'observer_hash' => $observer_hash, 'params' => $params ]; call_hooks('atom_feed_top',$x); @@ -406,13 +409,13 @@ class Display extends \Zotlabs\Web\Controller { header('Content-type: application/atom+xml'); echo $atom; killme(); - + } $o .= '
'; if((($update && $load) || $noscript_content) && (! $items)) { - + $r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1", dbesc($item_hash) ); @@ -421,14 +424,14 @@ class Display extends \Zotlabs\Web\Controller { if(intval($r[0]['item_deleted'])) { notice( t('Item has been removed.') . EOL ); } - else { - notice( t('Permission denied.') . EOL ); + else { + notice( t('Permission denied.') . EOL ); } } else { notice( t('Item not found.') . EOL ); } - + } $_SESSION['loadtime'] = datetime_convert(); diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index 49b2892e8..c6cfc6dc4 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -58,9 +58,9 @@ class Editpost extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -95,6 +95,7 @@ class Editpost extends \Zotlabs\Web\Controller { 'defloc' => $channel['channel_location'], 'visitor' => true, 'title' => htmlspecialchars_decode($itm[0]['title'],ENT_COMPAT), + 'summary' => htmlspecialchars_decode($itm[0]['summary'],ENT_COMPAT), 'category' => $category, 'showacl' => false, 'profile_uid' => $owner_uid, diff --git a/Zotlabs/Module/Embedphotos.php b/Zotlabs/Module/Embedphotos.php index 9b0884197..ed5b24724 100644 --- a/Zotlabs/Module/Embedphotos.php +++ b/Zotlabs/Module/Embedphotos.php @@ -40,7 +40,8 @@ class Embedphotos extends \Zotlabs\Web\Controller { if (!$href) { json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false)); } - $resource_id = array_pop(explode('/', $href)); + $arr = explode('/', $href); + $resource_id = array_pop($arr); $x = self::photolink($resource_id); if($x) json_return_and_die(array('status' => true, 'photolink' => $x, 'resource_id' => $resource_id)); diff --git a/Zotlabs/Module/Fhublocs.php b/Zotlabs/Module/Fhublocs.php index dcd399a1f..42dac5b12 100644 --- a/Zotlabs/Module/Fhublocs.php +++ b/Zotlabs/Module/Fhublocs.php @@ -15,12 +15,12 @@ class Fhublocs extends \Zotlabs\Web\Controller { if(! is_site_admin()) return; - + $o = ''; - + $r = q("select * from channel where channel_removed = 0"); $sitekey = get_config('system','pubkey'); - + if($r) { foreach($r as $rr) { @@ -38,14 +38,14 @@ class Fhublocs extends \Zotlabs\Web\Controller { if($found) { $o .= 'Hubloc exists for ' . $rr['channel_name'] . EOL; continue; - } + } } $y = q("select xchan_addr from xchan where xchan_hash = '%s' limit 1", dbesc($rr['channel_hash']) ); if($y) $primary_address = $y[0]['xchan_addr']; - + $hub_address = channel_reddress($rr); $primary = (($hub_address === $primary_address) ? 1 : 0); @@ -56,9 +56,9 @@ class Fhublocs extends \Zotlabs\Web\Controller { dbesc($rr['channel_hash']), dbesc(z_root()) ); - + // Create a verified hub location pointing to this site. - + /* $h = hubloc_store_lowlevel( [ @@ -69,7 +69,7 @@ class Fhublocs extends \Zotlabs\Web\Controller { 'hubloc_network' => 'zot', 'hubloc_primary' => $primary, 'hubloc_url' => z_root(), - 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$rr['channel_prvkey'])), + 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$rr['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => $sitekey @@ -99,11 +99,11 @@ class Fhublocs extends \Zotlabs\Web\Controller { $o . 'local hubloc created for ' . $rr['channel_name'] . EOL; else $o .= 'DB update failed for ' . $rr['channel_name'] . EOL; - + } - + return $o; - + } } } diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 20cc23ac0..28d7eabb5 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -1,6 +1,7 @@ 'zot', 'hubloc_primary' => (($seize) ? 1 : 0), 'hubloc_url' => z_root(), - 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => get_config('system','pubkey'), @@ -256,7 +257,7 @@ class Import extends \Zotlabs\Web\Controller { 'hubloc_network' => 'zot6', 'hubloc_primary' => (($seize) ? 1 : 0), 'hubloc_url' => z_root(), - 'hubloc_url_sig' => 'sha256.' . base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'hubloc_url_sig' => 'sha256.' . base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/zot', 'hubloc_sitekey' => get_config('system','pubkey'), diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 83424a50d..bc35ac452 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -132,13 +132,14 @@ class Item extends Controller { $i = Activity::encode_item_collection($items, 'conversation/' . $item_id, 'OrderedCollection'); - if($portable_id) { - ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id); - } if(! $i) http_status_exit(404, 'Not found'); + if($portable_id && (! intval($items[0]['item_private']))) { + ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id); + } + $x = array_merge(['@context' => [ ACTIVITYSTREAMS_JSONLD_REV, 'https://w3id.org/security/v1', @@ -237,6 +238,16 @@ class Item extends Controller { if(! $i) http_status_exit(404, 'Not found'); + if ($portable_id && (! intval($items[0]['item_private']))) { + $c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'", + intval($items[0]['uid']), + dbesc($portable_id) + ); + if (! $c) { + ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id); + } + } + $x = array_merge(['@context' => [ ACTIVITYSTREAMS_JSONLD_REV, 'https://w3id.org/security/v1', @@ -810,18 +821,7 @@ class Item extends Controller { // and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) // we may need virtual or template classes to implement the possible alternatives - if(strpos($body,'[/summary]') !== false) { - $match = ''; - $cnt = preg_match("/\[summary\](.*?)\[\/summary\]/ism",$body,$match); - if($cnt) { - $summary .= $match[1]; - } - $body_content = preg_replace("/\[summary\](.*?)\[\/summary\]/ism", '',$body); - $body = trim($body_content); - } - $summary = cleanup_bbcode($summary); - $body = cleanup_bbcode($body); // Look for tags and linkify them @@ -876,15 +876,10 @@ class Item extends Controller { if(! $preview) { fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($summary,'[/crypt]')) ? $_POST['media_str'] : $summary),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - - fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - } - $attachments = ''; $match = false; @@ -922,10 +917,9 @@ class Item extends Controller { } } + // BBCODE end alert } - // BBCODE end alert - if(strlen($categories)) { $cats = explode(',',$categories); diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 358611b1b..e3fe4a954 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -1,37 +1,42 @@ ACTIVITY_LIKE , - 'dislike' => ACTIVITY_DISLIKE , - 'agree' => ACTIVITY_AGREE , - 'disagree' => ACTIVITY_DISAGREE , - 'abstain' => ACTIVITY_ABSTAIN , - 'attendyes' => ACTIVITY_ATTEND , - 'attendno' => ACTIVITY_ATTENDNO , + 'like' => ACTIVITY_LIKE, + 'dislike' => ACTIVITY_DISLIKE, + 'agree' => ACTIVITY_AGREE, + 'disagree' => ACTIVITY_DISAGREE, + 'abstain' => ACTIVITY_ABSTAIN, + 'attendyes' => ACTIVITY_ATTEND, + 'attendno' => ACTIVITY_ATTENDNO, 'attendmaybe' => ACTIVITY_ATTENDMAYBE ]; // unlike (etc.) reactions are an undo of positive reactions, rather than a negative action. // The activity is the same in undo actions and will have the same activity mapping - if(substr($reaction,0,2) === 'un') { - $reaction = substr($reaction,2); + if (substr($reaction, 0, 2) === 'un') { + $reaction = substr($reaction, 2); } - if(array_key_exists($reaction,$acts)) { + if (array_key_exists($reaction, $acts)) { return $acts[$reaction]; } @@ -41,60 +46,69 @@ class Like extends \Zotlabs\Web\Controller { private function like_response($arr) { - if($arr['conv_mode'] === 'channel') { + $page_mode = (($arr['item']['item_thread_top'] && $_REQUEST['page_mode']) ? $_REQUEST['page_mode'] : 'r_preview'); + $conv_mode = (($_REQUEST['conv_mode']) ? $_REQUEST['conv_mode'] : 'network'); + + if ($conv_mode === 'channel') { $parts = explode('@', $arr['owner_xchan']['xchan_addr']); profile_load($parts[0]); } - $item_normal = item_normal(); - $activities = q("SELECT item.*, item.id AS item_id FROM item - WHERE uid = %d $item_normal - AND thr_parent = '%s' - AND verb IN ('%s', '%s', '%s', '%s', '%s')", - intval($arr['item']['uid']), - dbesc($arr['item']['mid']), - dbesc(ACTIVITY_LIKE), - dbesc(ACTIVITY_DISLIKE), - dbesc(ACTIVITY_ATTEND), - dbesc(ACTIVITY_ATTENDNO), - dbesc(ACTIVITY_ATTENDMAYBE) - ); - - xchan_query($activities,true); - - $convitems[] = $arr['item']; - $convitems = array_merge($convitems, $activities); - - $convitems = fetch_post_tags($convitems,true); + if ($page_mode === 'list') { + $items = q("SELECT item.*, item.id AS item_id FROM item + WHERE uid = %d $item_normal + AND parent = %d", + intval($arr['item']['uid']), + intval($arr['item']['parent']) + ); + xchan_query($items, true); + $items = fetch_post_tags($items, true); + $items = conv_sort($items, 'commented'); + } + else { + $activities = q("SELECT item.*, item.id AS item_id FROM item + WHERE uid = %d $item_normal + AND thr_parent = '%s' + AND verb IN ('%s', '%s', '%s', '%s', '%s')", + intval($arr['item']['uid']), + dbesc($arr['item']['mid']), + dbesc(ACTIVITY_LIKE), + dbesc(ACTIVITY_DISLIKE), + dbesc(ACTIVITY_ATTEND), + dbesc(ACTIVITY_ATTENDNO), + dbesc(ACTIVITY_ATTENDMAYBE) + ); + xchan_query($activities, true); + $items = array_merge([$arr['item']], $activities); + $items = fetch_post_tags($items, true); + } $ret = [ 'success' => 1, 'orig_id' => $arr['orig_item_id'], //this is required for pubstream items where $item_id != $item['id'] - 'id' => $arr['item']['id'], - 'html' => conversation($convitems, $arr['conv_mode'], true, 'r_preview'), + 'id' => $arr['item']['id'], + 'html' => conversation($items, $conv_mode, true, $page_mode), ]; - return $ret; } public function get() { - $o = EMPTY_STR; - + $o = EMPTY_STR; $sys_channel = get_sys_channel(); - $sys_channel_id = (($sys_channel) ? $sys_channel['channel_id'] : 0); - - $observer = \App::get_observer(); + $observer = App::get_observer(); $interactive = $_REQUEST['interactive']; - if((! $observer) || ($interactive)) { + + if ((!$observer) || ($interactive)) { $o .= '

' . t('Like/Dislike') . '

'; $o .= EOL . EOL; - if(! $observer) { - $_SESSION['return_url'] = \App::$query_string; + if (!$observer) { + $_SESSION['return_url'] = App::$query_string; + $o .= t('This action is restricted to members.') . EOL; $o .= t('Please login with your $Projectname ID or register as a new $Projectname member to continue.') . EOL; return $o; @@ -102,56 +116,54 @@ class Like extends \Zotlabs\Web\Controller { } $verb = notags(trim($_GET['verb'])); - $mode = (($_GET['conv_mode'] === 'channel') ? 'channel' : 'network'); - if(! $verb) + if (!$verb) $verb = 'like'; $activity = $this->reaction_to_activity($verb); - if(! $activity) { + if (!$activity) { return EMPTY_STR; } $is_rsvp = false; - if (in_array($activity, [ ACTIVITY_ATTEND, ACTIVITY_ATTENDNO, ACTIVITY_ATTENDMAYBE ])) { + if (in_array($activity, [ACTIVITY_ATTEND, ACTIVITY_ATTENDNO, ACTIVITY_ATTENDMAYBE])) { $is_rsvp = true; } - $extended_like = false; - $object = $target = null; - $post_type = EMPTY_STR; - $objtype = EMPTY_STR; + $object = $target = null; + $post_type = EMPTY_STR; + $objtype = EMPTY_STR; - if(argc() == 3) { + if (argc() == 3) { - if(! $observer) + if (!$observer) killme(); $extended_like = true; - $obj_type = argv(1); - $obj_id = argv(2); - $public = true; + $obj_type = argv(1); + $obj_id = argv(2); + $public = true; - if($obj_type == 'profile') { + if ($obj_type == 'profile') { $r = q("select * from profile where profile_guid = '%s' limit 1", dbesc(argv(2)) ); - if(! $r) + if (!$r) killme(); $owner_uid = $r[0]['uid']; - if($r[0]['is_default']) + if ($r[0]['is_default']) $public = true; - if(! $public) { + if (!$public) { $d = q("select abook_xchan from abook where abook_profile = '%s' and abook_channel = %d", dbesc($r[0]['profile_guid']), intval($owner_uid) ); - if(! $d) { + if (!$d) { // forgery - illegal - if($interactive) { - notice( t('Invalid request.') . EOL); + if ($interactive) { + notice(t('Invalid request.') . EOL); return $o; } killme(); @@ -159,25 +171,25 @@ class Like extends \Zotlabs\Web\Controller { // $d now contains a list of those who can see this profile - only send the status notification // to them. $allow_cid = $allow_gid = $deny_cid = $deny_gid = ''; - foreach($d as $dd) { + foreach ($d as $dd) { $allow_cid .= '<' . $dd['abook_xchan'] . '>'; } } $post_type = t('channel'); - $objtype = ACTIVITY_OBJ_PROFILE; + $objtype = ACTIVITY_OBJ_PROFILE; $profile = $r[0]; } - elseif($obj_type == 'thing') { + elseif ($obj_type == 'thing') { $r = q("select * from obj where obj_type = %d and obj_obj = '%s' limit 1", - intval(TERM_OBJ_THING), - dbesc(argv(2)) - ); + intval(TERM_OBJ_THING), + dbesc(argv(2)) + ); - if(! $r) { - if($interactive) { - notice( t('Invalid request.') . EOL); + if (!$r) { + if ($interactive) { + notice(t('Invalid request.') . EOL); return $o; } killme(); @@ -187,19 +199,19 @@ class Like extends \Zotlabs\Web\Controller { $allow_cid = $r[0]['allow_cid']; $allow_gid = $r[0]['allow_gid']; - $deny_cid = $r[0]['deny_cid']; - $deny_gid = $r[0]['deny_gid']; - if($allow_cid || $allow_gid || $deny_cid || $deny_gid) + $deny_cid = $r[0]['deny_cid']; + $deny_gid = $r[0]['deny_gid']; + if ($allow_cid || $allow_gid || $deny_cid || $deny_gid) $public = false; $post_type = t('thing'); - $objtype = ACTIVITY_OBJ_PROFILE; - $tgttype = ACTIVITY_OBJ_THING; + $objtype = ACTIVITY_OBJ_PROFILE; + $tgttype = ACTIVITY_OBJ_THING; $links = array(); - $links[] = array('rel' => 'alternate', 'type' => 'text/html', - 'href' => z_root() . '/thing/' . $r[0]['obj_obj']); - if($r[0]['imgurl']) + $links[] = array('rel' => 'alternate', 'type' => 'text/html', + 'href' => z_root() . '/thing/' . $r[0]['obj_obj']); + if ($r[0]['imgurl']) $links[] = array('rel' => 'photo', 'href' => $r[0]['obj_imgurl']); $target = json_encode(array( @@ -213,9 +225,9 @@ class Like extends \Zotlabs\Web\Controller { } - if(! ($owner_uid && $r)) { - if($interactive) { - notice( t('Invalid request.') . EOL); + if (!($owner_uid && $r)) { + if ($interactive) { + notice(t('Invalid request.') . EOL); return $o; } killme(); @@ -223,11 +235,11 @@ class Like extends \Zotlabs\Web\Controller { // The resultant activity is going to be a wall-to-wall post, so make sure this is allowed - $perms = get_all_perms($owner_uid,$observer['xchan_hash']); + $perms = get_all_perms($owner_uid, $observer['xchan_hash']); - if(! ($perms['post_like'] && $perms['view_profile'])) { - if($interactive) { - notice( t('Permission denied.') . EOL); + if (!($perms['post_like'] && $perms['view_profile'])) { + if ($interactive) { + notice(t('Permission denied.') . EOL); return $o; } killme(); @@ -236,18 +248,18 @@ class Like extends \Zotlabs\Web\Controller { $ch = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d limit 1", intval($owner_uid) ); - if(! $ch) { - if($interactive) { - notice( t('Channel unavailable.') . EOL); + if (!$ch) { + if ($interactive) { + notice(t('Channel unavailable.') . EOL); return $o; } killme(); } - if(! $plink) + if (!$plink) $plink = '[zrl=' . z_root() . '/profile/' . $ch[0]['channel_address'] . ']' . $post_type . '[/zrl]'; - $object = json_encode(Activity::fetch_profile([ 'id' => channel_url($ch[0]) ])); + $object = json_encode(Activity::fetch_profile(['id' => channel_url($ch[0])])); // second like of the same thing is "undo" for the first like @@ -255,26 +267,26 @@ class Like extends \Zotlabs\Web\Controller { intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), dbesc($activity), - dbesc(($tgttype)?$tgttype:$objtype), + dbesc(($tgttype) ? $tgttype : $objtype), dbesc($obj_id) ); - if($z) { + if ($z) { $z[0]['deleted'] = 1; - Libsync::build_sync_packet($ch[0]['channel_id'],array('likes' => $z)); + Libsync::build_sync_packet($ch[0]['channel_id'], array('likes' => $z)); q("delete from likes where id = %d", intval($z[0]['id']) ); - if($z[0]['i_mid']) { + if ($z[0]['i_mid']) { $r = q("select id from item where mid = '%s' and uid = %d limit 1", dbesc($z[0]['i_mid']), intval($ch[0]['channel_id']) ); - if($r) - drop_item($r[0]['id'],false); - if($interactive) { - notice( t('Previous action reversed.') . EOL); + if ($r) + drop_item($r[0]['id'], false); + if ($interactive) { + notice(t('Previous action reversed.') . EOL); return $o; } } @@ -283,7 +295,7 @@ class Like extends \Zotlabs\Web\Controller { } else { - if(! $observer) + if (!$observer) killme(); // this is used to like an item or comment @@ -304,32 +316,30 @@ class Like extends \Zotlabs\Web\Controller { // create a copy of the parent in your stream. If not the conversation // parent, copy that as well. - if($r) { - if($r[0]['uid'] === $sys_channel['channel_id'] && local_channel()) { - $r = [ copy_of_pubitem(\App::get_channel(), $r[0]['mid']) ]; + if ($r) { + if ($r[0]['uid'] === $sys_channel['channel_id'] && local_channel()) { + $r = [copy_of_pubitem(App::get_channel(), $r[0]['mid'])]; } } - if(! $item_id || (! $r)) { + if (!$item_id || (!$r)) { logger('like: no item ' . $item_id); killme(); } - xchan_query($r,true); - - $item = $r[0]; + xchan_query($r, true); + $item = $r[0]; $owner_uid = $r[0]['uid']; $owner_aid = $r[0]['aid']; - $can_comment = false; - if((array_key_exists('owner',$item)) && intval($item['owner']['abook_self'])) - $can_comment = perm_is_allowed($item['uid'],$observer['xchan_hash'],'post_comments'); - else - $can_comment = can_comment_on_post($observer['xchan_hash'],$item); + if ((array_key_exists('owner', $item)) && intval($item['owner']['abook_self'])) + $can_comment = perm_is_allowed($item['uid'], $observer['xchan_hash'], 'post_comments'); + else + $can_comment = can_comment_on_post($observer['xchan_hash'], $item); - if(! $can_comment) { - notice( t('Permission denied') . EOL); + if (!$can_comment) { + notice(t('Permission denied') . EOL); killme(); } @@ -337,7 +347,7 @@ class Like extends \Zotlabs\Web\Controller { dbesc($item['owner_xchan']) ); - if($r) + if ($r) $thread_owner = $r[0]; else killme(); @@ -345,24 +355,24 @@ class Like extends \Zotlabs\Web\Controller { $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan']) ); - if($r) + if ($r) $item_author = $r[0]; else killme(); - $verbs = " '".dbesc($activity)."' "; + $verbs = " '" . dbesc($activity) . "' "; $multi_undo = false; // event participation and consensus items are essentially radio toggles. If you make a subsequent choice, // we need to eradicate your first choice. - if($activity === ACTIVITY_ATTEND || $activity === ACTIVITY_ATTENDNO || $activity === ACTIVITY_ATTENDMAYBE) { - $verbs = " '" . dbesc(ACTIVITY_ATTEND) . "','" . dbesc(ACTIVITY_ATTENDNO) . "','" . dbesc(ACTIVITY_ATTENDMAYBE) . "' "; + if ($activity === ACTIVITY_ATTEND || $activity === ACTIVITY_ATTENDNO || $activity === ACTIVITY_ATTENDMAYBE) { + $verbs = " '" . dbesc(ACTIVITY_ATTEND) . "','" . dbesc(ACTIVITY_ATTENDNO) . "','" . dbesc(ACTIVITY_ATTENDMAYBE) . "' "; $multi_undo = 1; } - if($activity === ACTIVITY_AGREE || $activity === ACTIVITY_DISAGREE || $activity === ACTIVITY_ABSTAIN) { - $verbs = " '" . dbesc(ACTIVITY_AGREE) . "','" . dbesc(ACTIVITY_DISAGREE) . "','" . dbesc(ACTIVITY_ABSTAIN) . "' "; + if ($activity === ACTIVITY_AGREE || $activity === ACTIVITY_DISAGREE || $activity === ACTIVITY_ABSTAIN) { + $verbs = " '" . dbesc(ACTIVITY_AGREE) . "','" . dbesc(ACTIVITY_DISAGREE) . "','" . dbesc(ACTIVITY_ABSTAIN) . "' "; $multi_undo = true; } @@ -375,45 +385,41 @@ class Like extends \Zotlabs\Web\Controller { intval($owner_uid) ); - if($r) { + if ($r) { // already liked it. Drop that item. require_once('include/items.php'); - foreach($r as $rr) { - drop_item($rr['id'],false,DROPITEM_PHASE1); + foreach ($r as $rr) { + drop_item($rr['id'], false, DROPITEM_PHASE1); // set the changed timestamp on the parent so we'll see the update without a page reload - $z = q("update item set changed = '%s' where id = %d and uid = %d", + q("update item set changed = '%s' where id = %d and uid = %d", dbesc(datetime_convert()), intval($rr['parent']), intval($rr['uid']) ); // Prior activity was a duplicate of the one we're submitting, just undo it; // don't fall through and create another - if(activity_match($rr['verb'],$activity)) + if (activity_match($rr['verb'], $activity)) $multi_undo = false; // drop_item was not done interactively, so we need to invoke the notifier // in order to push the changes to connections - \Zotlabs\Daemon\Master::Summon(array('Notifier','drop',$rr['id'])); - + Master::Summon(array('Notifier', 'drop', $rr['id'])); } - if($interactive) + if ($interactive) return; - if(! $multi_undo) { + if (!$multi_undo) { $ret = self::like_response([ - 'item' => $item, + 'item' => $item, 'orig_item_id' => $item_id, - 'owner_xchan' => $thread_owner, - 'conv_mode' => $mode + 'owner_xchan' => $thread_owner ]); json_return_and_die($ret); } - - } } @@ -421,43 +427,39 @@ class Like extends \Zotlabs\Web\Controller { $arr = array(); - $arr['uuid'] = $uuid; - $arr['mid'] = z_root() . (($is_rsvp) ? '/activity/' : '/item/') . $uuid; + $arr['uuid'] = $uuid; + $arr['mid'] = z_root() . (($is_rsvp) ? '/activity/' : '/item/') . $uuid; - if($extended_like) { + if ($extended_like) { $arr['item_thread_top'] = 1; - $arr['item_origin'] = 1; - $arr['item_wall'] = 1; + $arr['item_origin'] = 1; + $arr['item_wall'] = 1; } else { $post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status')); - if($item['obj_type'] === ACTIVITY_OBJ_EVENT) + if ($item['obj_type'] === ACTIVITY_OBJ_EVENT) $post_type = t('event'); - $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink'])); - $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE); - if($objtype === ACTIVITY_OBJ_NOTE && (! intval($item['item_thread_top']))) + if ($objtype === ACTIVITY_OBJ_NOTE && (!intval($item['item_thread_top']))) $objtype = ACTIVITY_OBJ_COMMENT; + $object = json_encode(Activity::fetch_item(['id' => $item['mid']])); - $body = $item['body']; - - $object = json_encode(Activity::fetch_item( [ 'id' => $item['mid'] ])); - - if(! intval($item['item_thread_top'])) + if (!intval($item['item_thread_top'])) $post_type = 'comment'; - $arr['item_origin'] = 1; + $arr['item_origin'] = 1; $arr['item_notshown'] = 1; - $arr['item_type'] = $item['item_type']; + $arr['item_type'] = $item['item_type']; - if(intval($item['item_wall'])) + if (intval($item['item_wall'])) $arr['item_wall'] = 1; // if this was a linked photo and was hidden, unhide it. - if(intval($item['item_hidden'])) { + if (intval($item['item_hidden'])) { $r = q("update item set item_hidden = 0 where id = %d", intval($item['id']) ); @@ -465,103 +467,95 @@ class Like extends \Zotlabs\Web\Controller { } - if($verb === 'like') + if ($verb === 'like') $bodyverb = t('%1$s likes %2$s\'s %3$s'); - if($verb === 'dislike') + if ($verb === 'dislike') $bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s'); - if($verb === 'agree') + if ($verb === 'agree') $bodyverb = t('%1$s agrees with %2$s\'s %3$s'); - if($verb === 'disagree') + if ($verb === 'disagree') $bodyverb = t('%1$s doesn\'t agree with %2$s\'s %3$s'); - if($verb === 'abstain') + if ($verb === 'abstain') $bodyverb = t('%1$s abstains from a decision on %2$s\'s %3$s'); - if($verb === 'attendyes') + if ($verb === 'attendyes') $bodyverb = t('%1$s is attending %2$s\'s %3$s'); - if($verb === 'attendno') + if ($verb === 'attendno') $bodyverb = t('%1$s is not attending %2$s\'s %3$s'); - if($verb === 'attendmaybe') + if ($verb === 'attendmaybe') $bodyverb = t('%1$s may attend %2$s\'s %3$s'); - if(! isset($bodyverb)) - killme(); - - + if (!isset($bodyverb)) + killme(); - if($extended_like) { - $ulink = '[zrl=' . $ch[0]['xchan_url'] . '][bdi]' . $ch[0]['xchan_name'] . '[/bdi][/zrl]'; - $alink = '[zrl=' . $observer['xchan_url'] . '][bdi]' . $observer['xchan_name'] . '[/bdi][/zrl]'; + if ($extended_like) { + $ulink = '[zrl=' . $ch[0]['xchan_url'] . '][bdi]' . $ch[0]['xchan_name'] . '[/bdi][/zrl]'; + $alink = '[zrl=' . $observer['xchan_url'] . '][bdi]' . $observer['xchan_name'] . '[/bdi][/zrl]'; $private = (($public) ? 0 : 1); } else { - $arr['parent'] = $item['id']; - $arr['thr_parent'] = $item['mid']; - $ulink = '[zrl=' . $item_author['xchan_url'] . '][bdi]' . $item_author['xchan_name'] . '[/bdi][/zrl]'; - $alink = '[zrl=' . $observer['xchan_url'] . '][bdi]' . $observer['xchan_name'] . '[/bdi][/zrl]'; - $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]'; - $allow_cid = $item['allow_cid']; - $allow_gid = $item['allow_gid']; - $deny_cid = $item['deny_cid']; - $deny_gid = $item['deny_gid']; - $private = $item['private']; + $arr['parent'] = $item['id']; + $arr['thr_parent'] = $item['mid']; + $ulink = '[zrl=' . $item_author['xchan_url'] . '][bdi]' . $item_author['xchan_name'] . '[/bdi][/zrl]'; + $alink = '[zrl=' . $observer['xchan_url'] . '][bdi]' . $observer['xchan_name'] . '[/bdi][/zrl]'; + $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]'; + $allow_cid = $item['allow_cid']; + $allow_gid = $item['allow_gid']; + $deny_cid = $item['deny_cid']; + $deny_gid = $item['deny_gid']; + $private = $item['private']; } - $arr['aid'] = (($extended_like) ? $ch[0]['channel_account_id'] : $owner_aid); $arr['uid'] = $owner_uid; - - $arr['item_flags'] = $item['item_flags']; $arr['item_wall'] = $item['item_wall']; $arr['parent_mid'] = (($extended_like) ? $arr['mid'] : $item['mid']); $arr['owner_xchan'] = (($extended_like) ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash']); $arr['author_xchan'] = $observer['xchan_hash']; + $arr['body'] = sprintf($bodyverb, $alink, $ulink, $plink); - - $arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink ); - if($obj_type === 'thing' && $r[0]['imgurl']) { + if ($obj_type === 'thing' && $r[0]['imgurl']) { $arr['body'] .= "\n\n[zmg=80x80]" . $r[0]['imgurl'] . '[/zmg]'; } - if($obj_type === 'profile') { - if($public) { + if ($obj_type === 'profile') { + if ($public) { $arr['body'] .= "\n\n" . '[embed]' . z_root() . '/profile/' . $ch[0]['channel_address'] . '[/embed]'; } else $arr['body'] .= "\n\n[zmg=80x80]" . $profile['thumb'] . '[/zmg]'; } + $arr['verb'] = $activity; + $arr['obj_type'] = $objtype; + $arr['obj'] = $object; - $arr['verb'] = $activity; - $arr['obj_type'] = $objtype; - $arr['obj'] = $object; - - if($target) { - $arr['tgt_type'] = $tgttype; - $arr['target'] = $target; + if ($target) { + $arr['tgt_type'] = $tgttype; + $arr['target'] = $target; } - $arr['allow_cid'] = $allow_cid; - $arr['allow_gid'] = $allow_gid; - $arr['deny_cid'] = $deny_cid; - $arr['deny_gid'] = $deny_gid; - $arr['item_private'] = $private; + $arr['allow_cid'] = $allow_cid; + $arr['allow_gid'] = $allow_gid; + $arr['deny_cid'] = $deny_cid; + $arr['deny_gid'] = $deny_gid; + $arr['item_private'] = $private; - call_hooks('post_local',$arr); + call_hooks('post_local', $arr); - $post = item_store($arr); + $post = item_store($arr); $post_id = $post['item_id']; // save the conversation from expiration - if(local_channel() && array_key_exists('item',$post) && (intval($post['item']['id']) != intval($post['item']['parent']))) + if (local_channel() && array_key_exists('item', $post) && (intval($post['item']['id']) != intval($post['item']['parent']))) retain_item($post['item']['parent']); $arr['id'] = $post_id; call_hooks('post_local_end', $arr); - - if($extended_like) { + if ($extended_like) { $r = q("insert into likes (channel_id,liker,likee,iid,i_mid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s','%s')", intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), @@ -569,36 +563,35 @@ class Like extends \Zotlabs\Web\Controller { intval($post_id), dbesc($arr['mid']), dbesc($activity), - dbesc(($tgttype)? $tgttype : $objtype), + dbesc(($tgttype) ? $tgttype : $objtype), dbesc($obj_id), - dbesc(($target) ? $target : $object) + dbesc(($target) ? $target : $object) ); $r = q("select * from likes where liker = '%s' and likee = '%s' and i_mid = '%s' and verb = '%s' and target_type = '%s' and target_id = '%s' ", dbesc($observer['xchan_hash']), dbesc($ch[0]['channel_hash']), dbesc($arr['mid']), dbesc($activity), - dbesc(($tgttype)? $tgttype : $objtype), + dbesc(($tgttype) ? $tgttype : $objtype), dbesc($obj_id) ); - if($r) - Libsync::build_sync_packet($ch[0]['channel_id'],array('likes' => $r)); + if ($r) + Libsync::build_sync_packet($ch[0]['channel_id'], array('likes' => $r)); } - \Zotlabs\Daemon\Master::Summon(array('Notifier','like',$post_id)); + Master::Summon(array('Notifier', 'like', $post_id)); - if($interactive) { - notice( t('Action completed.') . EOL); + if ($interactive) { + notice(t('Action completed.') . EOL); $o .= t('Thank you.'); return $o; } $ret = self::like_response([ - 'item' => $item, + 'item' => $item, 'orig_item_id' => $item_id, - 'owner_xchan' => $thread_owner, - 'conv_mode' => $mode + 'owner_xchan' => $thread_owner ]); json_return_and_die($ret); diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 4a1692d64..84c2463d6 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -20,44 +20,44 @@ class Network extends \Zotlabs\Web\Controller { return; } - if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?'])) + if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?']) || strpos($_GET['search'], 'https://') === 0) goaway('search' . '?f=&search=' . $_GET['search']); - + if(count($_GET) < 2) { $network_options = get_pconfig(local_channel(),'system','network_page_default'); if($network_options) goaway('network' . '?f=&' . $network_options); } - + $channel = App::get_channel(); App::$profile_uid = local_channel(); head_set_icon($channel['xchan_photo_s']); - + } - + function get($update = 0, $load = false) { - + if(! local_channel()) { $_SESSION['return_url'] = App::$query_string; return login(false); } - + $o = ''; $arr = array('query' => App::$query_string); - + call_hooks('network_content_init', $arr); - + $channel = App::get_channel(); $item_normal = item_normal(); $item_normal_update = item_normal_update(); - + $datequery = $datequery2 = ''; - + $group = 0; - + $nouveau = false; - + $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); $gid = ((x($_GET,'gid')) ? intval($_GET['gid']) : 0); @@ -87,13 +87,13 @@ class Network extends \Zotlabs\Web\Controller { $search = ''; } } - + if($datequery) $order = 'post'; - - + + // filter by collection (e.g. group) - + if($gid) { $r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d LIMIT 1", intval($gid), @@ -106,12 +106,12 @@ class Network extends \Zotlabs\Web\Controller { goaway(z_root() . '/network'); // NOTREACHED } - + $group = $gid; $group_hash = $r[0]['hash']; $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); } - + $default_cmin = ((Apps::system_app_installed(local_channel(),'Affinity Tool')) ? get_pconfig(local_channel(),'affinity','cmin',0) : (-1)); $default_cmax = ((Apps::system_app_installed(local_channel(),'Affinity Tool')) ? get_pconfig(local_channel(),'affinity','cmax',99) : (-1)); @@ -127,7 +127,7 @@ class Network extends \Zotlabs\Web\Controller { $net = ((x($_GET,'net')) ? $_GET['net'] : ''); $pf = ((x($_GET,'pf')) ? $_GET['pf'] : ''); $unseen = ((x($_GET,'unseen')) ? $_GET['unseen'] : ''); - + if (Apps::system_app_installed(local_channel(),'Affinity Tool')) { $affinity_locked = intval(get_pconfig(local_channel(),'affinity','lock',1)); if ($affinity_locked) { @@ -155,16 +155,16 @@ class Network extends \Zotlabs\Web\Controller { } $def_acl = [ 'allow_cid' => '<' . $cid_r[0]['abook_xchan'] . '>', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ]; } - + if(! $update) { - + // search terms header if($search || $hashtags) { $o .= replace_macros(get_markup_template("section_title.tpl"),array( '$title' => t('Search Results For:') . ' ' . (($search) ? htmlspecialchars($search, ENT_COMPAT,'UTF-8') : '#' . htmlspecialchars($hashtags, ENT_COMPAT,'UTF-8')) )); } - + nav_set_selected('Network'); $bang = '!'; @@ -179,14 +179,14 @@ class Network extends \Zotlabs\Web\Controller { } $channel_acl = array( - 'allow_cid' => $channel['channel_allow_cid'], - 'allow_gid' => $channel['channel_allow_gid'], - 'deny_cid' => $channel['channel_deny_cid'], + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid'] ); $private_editing = (($group || $cid) ? true : false); - + $x = array( 'is_owner' => true, 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), @@ -204,28 +204,28 @@ class Network extends \Zotlabs\Web\Controller { 'jotnets' => true, 'reset' => t('Reset form') ); - + $status_editor = status_editor($a,$x,false,'Network'); $o .= $status_editor; } - - + + // We don't have to deal with ACL's on this page. You're looking at everything // that belongs to you, hence you can see all of it. We will filter by group if // desired. - - + + $sql_options = (($star) ? " and item_starred = 1 " : ''); - + $sql_nets = ''; $item_thread_top = ' AND item_thread_top = 1 '; - + $sql_extra = ''; - + if($group) { $contact_str = ''; @@ -241,18 +241,18 @@ class Network extends \Zotlabs\Web\Controller { } $item_thread_top = ''; $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent $item_normal ) "; - + $x = group_rec_byhash(local_channel(), $group_hash); - + if($x) { $title = replace_macros(get_markup_template("section_title.tpl"),array( '$title' => t('Privacy group: ') . $x['gname'] )); } - + $o = $title; $o .= $status_editor; - + } elseif($cid_r) { $item_thread_top = ''; @@ -324,75 +324,26 @@ class Network extends \Zotlabs\Web\Controller { } } - + if(x($category)) { $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY)); } if(x($hashtags)) { $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG)); } - - if(! $update) { - // The special div is needed for liveUpdate to kick in for this page. - // We only launch liveUpdate if you aren't filtering in some incompatible - // way and also you aren't writing a comment (discovered in javascript). - $maxheight = get_pconfig(local_channel(),'system','network_divmore_height'); - if(! $maxheight) - $maxheight = 400; - - - $o .= '
' . "\r\n"; - $o .= "\r\n"; - - App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( - '$baseurl' => z_root(), - '$pgtype' => 'network', - '$uid' => ((local_channel()) ? local_channel() : '0'), - '$gid' => (($gid) ? $gid : '0'), - '$cid' => (($cid) ? $cid : '0'), - '$cmin' => (($cmin) ? $cmin : '(-1)'), - '$cmax' => (($cmax) ? $cmax : '(-1)'), - '$star' => (($star) ? $star : '0'), - '$liked' => (($liked) ? $liked : '0'), - '$conv' => (($conv) ? $conv : '0'), - '$spam' => (($spam) ? $spam : '0'), - '$fh' => '0', - '$dm' => (($dm) ? $dm : '0'), - '$nouveau' => (($nouveau) ? $nouveau : '0'), - '$wall' => '0', - '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), - '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), - '$search' => (($search) ? urlencode($search) : ''), - '$xchan' => (($xchan) ? urlencode($xchan) : ''), - '$order' => $order, - '$file' => (($file) ? urlencode($file) : ''), - '$cats' => (($category) ? urlencode($category) : ''), - '$tags' => (($hashtags) ? urlencode($hashtags) : ''), - '$dend' => $datequery, - '$mid' => '', - '$verb' => (($verb) ? urlencode($verb) : ''), - '$net' => (($net) ? urlencode($net) : ''), - '$dbegin' => $datequery2, - '$pf' => (($pf) ? intval($pf) : 0), - '$unseen' => (($unseen) ? urlencode($unseen) : '') - )); - } - $sql_extra3 = ''; - + if($datequery) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery)))); } if($datequery2) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2)))); } - + $sql_extra2 = (($nouveau) ? '' : " AND item.parent = item.id "); $sql_extra3 = (($nouveau) ? '' : $sql_extra3); - + if(x($_GET,'search')) { $search = escape_tags($_GET['search']); if(strpos($search,'#') === 0) { @@ -405,7 +356,7 @@ class Network extends \Zotlabs\Web\Controller { ); } } - + if ($verb) { // the presence of a leading dot in the verb determines @@ -425,7 +376,7 @@ class Network extends \Zotlabs\Web\Controller { ); } } - + if(strlen($file)) { $sql_extra .= term_query('item',$file,TERM_FILE); } @@ -433,52 +384,52 @@ class Network extends \Zotlabs\Web\Controller { if ($dm) { $sql_extra .= " AND item_private = 2 "; } - + if($conv) { $item_thread_top = ''; $sql_extra .= " AND ( author_xchan = '" . dbesc($channel['channel_hash']) . "' OR item_mentionsme = 1 ) "; } - + if($update && ! $load) { - + // only setup pagination on initial page view $pager_sql = ''; - + } else { $itemspage = get_pconfig(local_channel(),'system','itemspage'); App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start'])); } - + // cmin and cmax are both -1 when the affinity tool is disabled if(($cmin != (-1)) || ($cmax != (-1))) { - + // Not everybody who shows up in the network stream will be in your address book. // By default those that aren't are assumed to have closeness = 99; but this isn't // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in // the stream with a NULL address book entry. - + $sql_nets .= " AND "; - + if($cmax == 99) $sql_nets .= " ( "; - + $sql_nets .= "( abook.abook_closeness >= " . intval($cmin) . " "; $sql_nets .= " AND abook.abook_closeness <= " . intval($cmax) . " ) "; - + if($cmax == 99) $sql_nets .= " OR abook.abook_closeness IS NULL ) "; - + } - $net_query = (($net) ? " left join xchan on xchan_hash = author_xchan " : ''); + $net_query = (($net) ? " left join xchan on xchan_hash = author_xchan " : ''); $net_query2 = (($net) ? " and xchan_network = '" . protect_sprintf(dbesc($net)) . "' " : ''); $abook_uids = " and abook.abook_channel = " . local_channel() . " "; $uids = " and item.uid = " . local_channel() . " "; - + if(feature_enabled(local_channel(), 'network_list_mode')) $page_mode = 'list'; else @@ -504,7 +455,7 @@ class Network extends \Zotlabs\Web\Controller { if($nouveau && $load) { // "New Item View" - show all items unthreaded in reverse created date order - $items = q("SELECT item.*, item.id AS item_id, created FROM item + $items = q("SELECT item.*, item.id AS item_id, created FROM item left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) $net_query WHERE true $uids $item_normal @@ -517,23 +468,23 @@ class Network extends \Zotlabs\Web\Controller { $parents_str = ids_to_querystr($items,'item_id'); require_once('include/items.php'); - + xchan_query($items); - + $items = fetch_post_tags($items,true); } elseif($update) { - + // Normal conversation view - + if($order === 'post') $ordering = "created"; else $ordering = "commented"; - + if($load) { // Fetch a page full of parent items for this page - $r = q("SELECT item.parent AS item_id FROM item + $r = q("SELECT item.parent AS item_id FROM item left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) $net_query WHERE true $uids $item_thread_top $item_normal @@ -557,18 +508,18 @@ class Network extends \Zotlabs\Web\Controller { } // Then fetch all the children of the parents that are on this page - + if($r) { - + $parents_str = ids_to_querystr($r,'item_id'); - + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE true $uids $item_normal AND item.parent IN ( %s ) $sql_extra ", dbesc($parents_str) ); - + xchan_query($items,true); $items = fetch_post_tags($items,true); $items = conv_sort($items,$ordering); @@ -578,20 +529,70 @@ class Network extends \Zotlabs\Web\Controller { } } - + $mode = (($nouveau) ? 'network-new' : 'network'); if($search) $mode = 'search'; - + + if(! $update) { + // The special div is needed for liveUpdate to kick in for this page. + // We only launch liveUpdate if you aren't filtering in some incompatible + // way and also you aren't writing a comment (discovered in javascript). + + $maxheight = get_pconfig(local_channel(),'system','network_divmore_height'); + if(! $maxheight) + $maxheight = 400; + + + $o .= '
' . "\r\n"; + $o .= "\r\n"; + + App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + '$baseurl' => z_root(), + '$pgtype' => 'network', + '$uid' => ((local_channel()) ? local_channel() : '0'), + '$gid' => (($gid) ? $gid : '0'), + '$cid' => (($cid) ? $cid : '0'), + '$cmin' => (($cmin) ? $cmin : '(-1)'), + '$cmax' => (($cmax) ? $cmax : '(-1)'), + '$star' => (($star) ? $star : '0'), + '$liked' => (($liked) ? $liked : '0'), + '$conv' => (($conv) ? $conv : '0'), + '$spam' => (($spam) ? $spam : '0'), + '$fh' => '0', + '$dm' => (($dm) ? $dm : '0'), + '$nouveau' => (($nouveau) ? $nouveau : '0'), + '$wall' => '0', + '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), + '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), + '$search' => (($search) ? urlencode($search) : ''), + '$xchan' => (($xchan) ? urlencode($xchan) : ''), + '$order' => $order, + '$file' => (($file) ? urlencode($file) : ''), + '$cats' => (($category) ? urlencode($category) : ''), + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), + '$dend' => $datequery, + '$mid' => '', + '$verb' => (($verb) ? urlencode($verb) : ''), + '$net' => (($net) ? urlencode($net) : ''), + '$dbegin' => $datequery2, + '$pf' => (($pf) ? intval($pf) : 0), + '$unseen' => (($unseen) ? urlencode($unseen) : ''), + '$page_mode' => $page_mode + )); + } + $o .= conversation($items,$mode,$update,$page_mode); - + if(($items) && (! $update)) $o .= alt_pager(count($items)); $_SESSION['loadtime'] = datetime_convert(); - + return $o; } - + } diff --git a/Zotlabs/Module/Notifications.php b/Zotlabs/Module/Notifications.php index 1762ad5f6..55268e0a2 100644 --- a/Zotlabs/Module/Notifications.php +++ b/Zotlabs/Module/Notifications.php @@ -19,7 +19,7 @@ class Notifications extends \Zotlabs\Web\Controller { $r = q("select count(*) as total from notify where uid = %d and seen = 0", intval(local_channel()) ); - if($r && intval($t[0]['total']) > 49) { + if($r && intval($r[0]['total']) > 49) { $r = q("select * from notify where uid = %d and seen = 0 order by created desc limit 50", intval(local_channel()) @@ -32,7 +32,7 @@ class Notifications extends \Zotlabs\Web\Controller { $r2 = q("select * from notify where uid = %d and seen = 1 order by created desc limit %d", intval(local_channel()), - intval(50 - intval($t[0]['total'])) + intval(50 - intval($r[0]['total'])) ); $r = array_merge($r1,$r2); } @@ -41,7 +41,7 @@ class Notifications extends \Zotlabs\Web\Controller { $notifications_available = 1; foreach ($r as $rr) { $x = strip_tags(bbcode($rr['msg'])); - $notif_content .= replace_macros(get_markup_template('notify.tpl'),array( + $notif_content = replace_macros(get_markup_template('notify.tpl'),array( '$item_link' => z_root().'/notify/view/'. $rr['id'], '$item_image' => $rr['photo'], '$item_text' => $x, @@ -52,7 +52,7 @@ class Notifications extends \Zotlabs\Web\Controller { } } else { - $notif_content .= t('No more system notifications.'); + $notif_content = t('No more system notifications.'); } $o .= replace_macros(get_markup_template('notifications.tpl'),array( diff --git a/Zotlabs/Module/Pconfig.php b/Zotlabs/Module/Pconfig.php index b2b5d4386..8a71ab974 100644 --- a/Zotlabs/Module/Pconfig.php +++ b/Zotlabs/Module/Pconfig.php @@ -8,16 +8,16 @@ use Zotlabs\Lib\Libsync; class Pconfig extends \Zotlabs\Web\Controller { function post() { - + if(! local_channel()) return; - - + + if($_SESSION['delegate']) return; - + check_form_security_token_redirectOnErr('/pconfig', 'pconfig'); - + $cat = trim(escape_tags($_POST['cat'])); $k = trim(escape_tags($_POST['k'])); $v = trim($_POST['v']); @@ -27,16 +27,16 @@ class Pconfig extends \Zotlabs\Web\Controller { if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('|O:8:"stdClass":[0-9]+:{.*}$|s',$v)) { return; } - + if(in_array(argv(2),$this->disallowed_pconfig())) { notice( t('This setting requires special processing and editing has been blocked.') . EOL); return; } - + if(strpos($k,'password') !== false) { - $v = z_obscure($v); + $v = obscurify($v); } - + set_pconfig(local_channel(),$cat,$k,$v); Libsync::build_sync_packet(); @@ -46,24 +46,24 @@ class Pconfig extends \Zotlabs\Web\Controller { goaway(z_root() . '/pconfig/' . $cat . '/' . $k); } - - + + function get() { - + if(! local_channel()) { return login(); } - + $content = '

' . t('Configuration Editor') . '

'; $content .= '
' . t('Warning: Changing some settings could render your channel inoperable. Please leave this page unless you are comfortable with and knowledgeable about how to correctly use this feature.') . '
' . EOL . EOL; - - - + + + if(argc() == 3) { $content .= 'pconfig[' . local_channel() . ']' . EOL; $content .= 'pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . ']' . EOL . EOL; $content .= 'pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . escape_tags(argv(2)) . '] = ' . get_pconfig(local_channel(),escape_tags(argv(1)),escape_tags(argv(2))) . EOL; - + if(in_array(argv(2),$this->disallowed_pconfig())) { notice( t('This setting requires special processing and editing has been blocked.') . EOL); return $content; @@ -71,8 +71,8 @@ class Pconfig extends \Zotlabs\Web\Controller { else $content .= $this->pconfig_form(escape_tags(argv(1)),escape_tags(argv(2))); } - - + + if(argc() == 2) { $content .= 'pconfig[' . local_channel() . ']' . EOL; load_pconfig(local_channel(),escape_tags(argv(1))); @@ -80,9 +80,9 @@ class Pconfig extends \Zotlabs\Web\Controller { $content .= 'pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . $k . '] = ' . escape_tags($x) . EOL; } } - + if(argc() == 1) { - + $r = q("select * from pconfig where uid = " . local_channel()); if($r) { foreach($r as $rr) { @@ -91,33 +91,33 @@ class Pconfig extends \Zotlabs\Web\Controller { } } return $content; - + } - - + + function pconfig_form($cat,$k) { - + $o = '
'; $o .= ''; - + $v = get_pconfig(local_channel(),$cat,$k); - if(strpos($k,'password') !== false) - $v = z_unobscure($v); - + if(strpos($k,'password') !== false) + $v = unobscurify($v); + $o .= ''; $o .= ''; - + if(strpos($v,"\n")) $o .= ''; else $o .= ''; - - $o .= EOL . EOL; + + $o .= EOL . EOL; $o .= ''; $o .= '
'; - + return $o; - + } @@ -127,5 +127,5 @@ class Pconfig extends \Zotlabs\Web\Controller { 'permissions_role' ); } - + } diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 814705a85..ee360dac5 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -147,7 +147,7 @@ class Photo extends \Zotlabs\Web\Controller { ); if($r) { $allowed = (-1); - + $filename = $r[0]['filename']; $u = intval($r[0]['photo_usage']); if($u) { $allowed = 1; @@ -194,9 +194,9 @@ class Photo extends \Zotlabs\Web\Controller { $mimetype = $e[0]['mimetype']; $modified = strtotime($e[0]['edited'] . 'Z'); - if(intval($e[0]['os_storage'])) { + if(intval($e[0]['os_storage'])) $streaming = $data; - } + if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '') $prvcachecontrol = 'no-store, no-cache, must-revalidate'; } @@ -282,7 +282,7 @@ class Photo extends \Zotlabs\Web\Controller { header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); // If it's a file resource, stream it. - if($streaming && $channel) { + if($streaming) { if(strpos($streaming,'store') !== false) $istream = fopen($streaming,'rb'); else diff --git a/Zotlabs/Module/Pin.php b/Zotlabs/Module/Pin.php index 63b28754b..e02fb017b 100644 --- a/Zotlabs/Module/Pin.php +++ b/Zotlabs/Module/Pin.php @@ -6,6 +6,7 @@ namespace Zotlabs\Module; */ use App; +use Zotlabs\Lib\Libsync; class Pin extends \Zotlabs\Web\Controller { @@ -64,6 +65,6 @@ class Pin extends \Zotlabs\Web\Controller { http_status_exit(404, 'Not found'); } - build_sync_packet($r[0]['uid'], [ 'config' ]); + Libsync::build_sync_packet($r[0]['uid'], [ 'config' ]); } } diff --git a/Zotlabs/Module/Prate.php b/Zotlabs/Module/Prate.php index 2a8539ed0..8b71657b8 100644 --- a/Zotlabs/Module/Prate.php +++ b/Zotlabs/Module/Prate.php @@ -2,21 +2,23 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Crypto; + class Prate extends \Zotlabs\Web\Controller { function init() { if($_SERVER['REQUEST_METHOD'] === 'post') return; - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = argv(1); if(! $target) return; - + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc($target) @@ -25,34 +27,34 @@ class Prate extends \Zotlabs\Web\Controller { json_return_and_die(array('rating' => $r[0]['xlink_rating'],'rating_text' => $r[0]['xlink_rating_text'])); killme(); } - + function post() { - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = trim($_REQUEST['target']); if(! $target) return; - + if($target === $channel['channel_hash']) return; - + $rating = intval($_POST['rating']); if($rating < (-10)) $rating = (-10); if($rating > 10) $rating = 10; - + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - + $signed = $target . '.' . $rating . '.' . $rating_text; - - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); - - + + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); + + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($target) @@ -87,19 +89,19 @@ class Prate extends \Zotlabs\Web\Controller { if($record) { \Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record)); } - + json_return_and_die(array('result' => true));; } - - - - - - - - - - - - + + + + + + + + + + + + } diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index d338b08ea..3bc4dac72 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -3,6 +3,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Crypto; require_once('include/zot.php'); @@ -24,18 +25,18 @@ class Probe extends \Zotlabs\Web\Controller { nav_set_selected('Remote Diagnostics'); $o .= '

Remote Diagnostics

'; - + $o .= '
'; $o .= 'Lookup address: '; - $o .= '
'; - + $o .= ''; + $o .= '

'; - + if(x($_GET,'addr')) { $channel = App::get_channel(); $addr = trim($_GET['addr']); $do_import = ((intval($_GET['import']) && is_site_admin()) ? true : false); - + $j = \Zotlabs\Zot\Finger::run($addr,$channel,false); $o .= '
';
@@ -43,17 +44,17 @@ class Probe extends \Zotlabs\Web\Controller {
 				$o .= "https connection failed. Trying again with auto failover to http.\r\n\r\n";
 				$j = \Zotlabs\Zot\Finger::run($addr,$channel,true);
 				if(! $j['success']) {
-					return $o;	
+					return $o;
 				}
 			}
 			if($do_import && $j)
 				$x = import_xchan($j);
 			if($j && $j['permissions'] && $j['permissions']['iv'])
-				$j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true);
+				$j['permissions'] = json_decode(Crypto::unencapsulate($j['permissions'],$channel['channel_prvkey']),true);
 			$o .= str_replace("\n",'
',print_r($j,true));
 			$o .= '
'; } return $o; } - + } diff --git a/Zotlabs/Module/Profile.php b/Zotlabs/Module/Profile.php index 4235f0b97..118f11f64 100644 --- a/Zotlabs/Module/Profile.php +++ b/Zotlabs/Module/Profile.php @@ -1,5 +1,13 @@ 1) + + if (argc() > 1) $which = argv(1); else { - notice( t('Requested profile is not available.') . EOL ); - \App::$error = 404; + notice(t('Requested profile is not available.') . EOL); + App::$error = 404; return; } - nav_set_selected('Profile'); - $profile = ''; - $channel = \App::get_channel(); - - if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; - $profile = argv(1); - $r = q("select profile_guid from profile where id = %d and uid = %d limit 1", + $channel = App::get_channel(); + + if (!$channel) + http_status_exit(404, 'Not found'); + + if (ActivityStreams::is_as_request()) { + $p = Activity::encode_person($channel, true); + as_return_and_die(['type' => 'Profile', 'describes' => $p], $channel); + } + + nav_set_selected('Profile'); + + if ((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + $profile = argv(1); + $r = q("select profile_guid from profile where id = %d and uid = %d limit 1", intval($profile), intval(local_channel()) ); - if(! $r) + if (!$r) $profile = ''; $profile = $r[0]['profile_guid']; } - - head_add_link( [ - 'rel' => 'alternate', + + head_add_link([ + 'rel' => 'alternate', 'type' => 'application/atom+xml', 'title' => t('Posts and comments'), 'href' => z_root() . '/feed/' . $which ]); - head_add_link( [ - 'rel' => 'alternate', + head_add_link([ + 'rel' => 'alternate', 'type' => 'application/atom+xml', 'title' => t('Only posts'), 'href' => z_root() . '/feed/' . $which . '?f=&top=1' ]); - if(! $profile) { + if (!$profile) { $x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", dbesc(argv(1)) ); - if($x) { - \App::$profile = $x[0]; + if ($x) { + App::$profile = $x[0]; } } - - profile_load($which,$profile); - - + + profile_load($which, $profile); + + } - + function get() { - - if(observer_prohibited(true)) { + + if (observer_prohibited(true)) { return login(); } - - $groups = array(); + $groups = []; $tab = 'profile'; - $o = ''; - - if(! (perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(), 'view_profile'))) { - notice( t('Permission denied.') . EOL); + $o = ''; + + if (!(perm_is_allowed(App::$profile['profile_uid'], get_observer_hash(), 'view_profile'))) { + notice(t('Permission denied.') . EOL); return; } - - if(argc() > 2 && argv(2) === 'vcard') { + if (argc() > 2 && argv(2) === 'vcard') { header('Content-type: text/vcard'); - header('content-disposition: attachment; filename="' . t('vcard') . '-' . $profile['channel_address'] . '.vcf"' ); - echo \App::$profile['profile_vcard']; + header('content-disposition: attachment; filename="' . t('vcard') . '-' . App::$profile['channel_address'] . '.vcf"'); + echo App::$profile['profile_vcard']; killme(); } - - $is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false); - - if(\App::$profile['hidewall'] && (! $is_owner) && (! remote_channel())) { - notice( t('Permission denied.') . EOL); + + $is_owner = ((local_channel()) && (local_channel() == App::$profile['profile_uid']) ? true : false); + + if (App::$profile['hidewall'] && (!$is_owner) && (!remote_channel())) { + notice(t('Permission denied.') . EOL); return; } - - head_add_link([ + + head_add_link([ 'rel' => 'alternate', 'type' => 'application/json+oembed', - 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string), 'title' => 'oembed' ]); $o .= advanced_profile(); - call_hooks('profile_advanced',$o); + call_hooks('profile_advanced', $o); return $o; - + } - + } diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index ca6ab435f..9aa342223 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -749,7 +749,7 @@ class Profiles extends \Zotlabs\Web\Controller { '$default' => t('This is your default profile.') . EOL . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))), '$advanced' => $advanced, '$name' => array('name', t('Your full name'), $r[0]['fullname'], t('Required'), '*'), - '$pdesc' => array('pdesc', t('Short title/tescription'), $r[0]['pdesc'], t('Maximal 190 characters'), '', 'maxlength="190"'), + '$pdesc' => array('pdesc', t('Short title/description'), $r[0]['pdesc'], t('Maximal 190 characters'), '', 'maxlength="190"'), '$dob' => dob($r[0]['dob']), '$hide_friends' => $hide_friends, '$address' => array('address', t('Street address'), $r[0]['address']), diff --git a/Zotlabs/Module/Rate.php b/Zotlabs/Module/Rate.php index c03aaa54f..d29c370fc 100644 --- a/Zotlabs/Module/Rate.php +++ b/Zotlabs/Module/Rate.php @@ -3,21 +3,23 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Crypto; + class Rate extends \Zotlabs\Web\Controller { function init() { - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = $_REQUEST['target']; if(! $target) return; - + \App::$data['target'] = $target; - + if($target) { $r = q("SELECT * FROM xchan where xchan_hash like '%s' LIMIT 1", dbesc($target) @@ -36,43 +38,43 @@ class Rate extends \Zotlabs\Web\Controller { } } } - - + + return; - + } - - + + function post() { - + if(! local_channel()) return; - + if(! \App::$data['target']) return; - + if(! $_REQUEST['execute']) return; - + $channel = \App::get_channel(); - + $rating = intval($_POST['rating']); if($rating < (-10)) $rating = (-10); if($rating > 10) $rating = 10; - + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - + $signed = \App::$data['target'] . '.' . $rating . '.' . $rating_text; - - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); - + + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc(\App::$data['target']) ); - + if($z) { $record = $z[0]['xlink_id']; $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' @@ -100,39 +102,39 @@ class Rate extends \Zotlabs\Web\Controller { if($z) $record = $z[0]['xlink_id']; } - + if($record) { \Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record)); } - + } - + function get() { - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + // if(! \App::$data['target']) { // notice( t('No recipients.') . EOL); // return; // } - + $rating_enabled = get_config('system','rating_enabled'); if(! $rating_enabled) { notice('Ratings are disabled on this site.'); return; } - + $channel = \App::get_channel(); - + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc(\App::$data['target']) ); if($r) { - \App::$data['xlink'] = $r[0]; + \App::$data['xlink'] = $r[0]; $rating_val = $r[0]['xlink_rating']; $rating_text = $r[0]['xlink_rating_text']; } @@ -140,7 +142,7 @@ class Rate extends \Zotlabs\Web\Controller { $rating_val = 0; $rating_text = ''; } - + if($rating_enabled) { $rating = replace_macros(get_markup_template('rating_slider.tpl'),array( '$min' => -10, @@ -150,7 +152,7 @@ class Rate extends \Zotlabs\Web\Controller { else { $rating = false; } - + $o = replace_macros(get_markup_template('rating_form.tpl'),array( '$header' => t('Rating'), '$website' => t('Website:'), @@ -165,8 +167,8 @@ class Rate extends \Zotlabs\Web\Controller { '$slide' => $slide, '$submit' => t('Submit') )); - + return $o; - + } } diff --git a/Zotlabs/Module/Regver.php b/Zotlabs/Module/Regver.php index 82b162f56..c45723063 100644 --- a/Zotlabs/Module/Regver.php +++ b/Zotlabs/Module/Regver.php @@ -6,8 +6,6 @@ class Regver extends \Zotlabs\Web\Controller { function get() { - global $lang; - $_SESSION['return_url'] = \App::$cmd; if(argc() != 3) diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index c22bf2836..eeeff9613 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -1,85 +1,116 @@
' . "\r\n"; $o .= '
' . "\r\n"; - + $o .= '

' . t('Search') . '

'; - - if(x(\App::$data,'search')) - $search = trim(\App::$data['search']); + + if (x(App::$data, 'search')) + $search = trim(App::$data['search']); else - $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : ''); - + $search = ((x($_GET, 'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : ''); + $tag = false; - if(x($_GET,'tag')) { - $tag = true; - $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : ''); + if (x($_GET, 'tag')) { + $tag = true; + $search = ((x($_GET, 'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : ''); } - $o .= search($search,'search-box','/search',((local_channel()) ? true : false)); - - if(strpos($search,'#') === 0) { - $tag = true; - $search = substr($search,1); + $o .= search($search, 'search-box', '/search', ((local_channel()) ? true : false)); + + if (local_channel() && strpos($search, 'https://') === 0 && !$update && !$load) { + $j = Activity::fetch($search, App::get_channel()); + if ($j) { + $AS = new ActivityStreams($j); + if ($AS->is_valid()) { + // check if is_an_actor, otherwise import activity + if (is_array($AS->obj) && !ActivityStreams::is_an_actor($AS->obj)) { + $item = Activity::decode_note($AS); + if ($item) { + logger('parsed_item: ' . print_r($item, true), LOGGER_DATA); + Activity::store(App::get_channel(), $observer_hash, $AS, $item, true, true); + goaway(z_root() . '/display/' . gen_link_id($item['mid'])); + } + } + } + } + else { + // try other fetch providers (e.g. diaspora) + $hookdata = [ + 'channel' => App::get_channel(), + 'data' => $search + ]; + call_hooks('fetch_provider', $hookdata); + } + } + + if (strpos($search, '#') === 0) { + $tag = true; + $search = substr($search, 1); } - if(strpos($search,'@') === 0) { - $search = substr($search,1); + if (strpos($search, '@') === 0) { + $search = substr($search, 1); goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); } - if(strpos($search,'!') === 0) { - $search = substr($search,1); + if (strpos($search, '!') === 0) { + $search = substr($search, 1); goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); } - if(strpos($search,'?') === 0) { - $search = substr($search,1); + if (strpos($search, '?') === 0) { + $search = substr($search, 1); goaway(z_root() . '/help' . '?f=1&navsearch=1&search=' . $search); } - + // look for a naked webbie - if(strpos($search,'@') !== false) { + if (strpos($search, '@') !== false) { goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); } - - if(! $search) + + if (!$search) return $o; - - if($tag) { - $wildtag = str_replace('*','%',$search); + + if ($tag) { + $wildtag = str_replace('*', '%', $search); $sql_extra = sprintf(" AND item.id IN (select oid from term where otype = %d and ttype in ( %d , %d) and term like '%s') ", intval(TERM_OBJ_POST), intval(TERM_HASHTAG), @@ -88,80 +119,80 @@ class Search extends \Zotlabs\Web\Controller { ); } else { - $regstr = db_getfunc('REGEXP'); + $regstr = db_getfunc('REGEXP'); $sql_extra = sprintf(" AND (item.title $regstr '%s' OR item.body $regstr '%s') ", dbesc(protect_sprintf(preg_quote($search))), dbesc(protect_sprintf(preg_quote($search)))); } - + // Here is the way permissions work in the search module... // Only public posts can be shown // OR your own posts if you are a logged in member - // No items will be shown if the member has a blocked profile wall. - + // No items will be shown if the member has a blocked profile wall. + + + if ((!$update) && (!$load)) { - if((! $update) && (! $load)) { - // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. - + $o .= '' . "\r\n"; $o .= "\r\n"; - - \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; \r\n"; + + App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), [ '$baseurl' => z_root(), - '$pgtype' => 'search', - '$uid' => ((\App::$profile['profile_uid']) ? \App::$profile['profile_uid'] : '0'), - '$gid' => '0', - '$cid' => '0', - '$cmin' => '(-1)', - '$cmax' => '(-1)', - '$star' => '0', - '$liked' => '0', - '$conv' => '0', - '$spam' => '0', - '$fh' => '0', - '$dm' => '0', + '$pgtype' => 'search', + '$uid' => ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : '0'), + '$gid' => '0', + '$cid' => '0', + '$cmin' => '(-1)', + '$cmax' => '(-1)', + '$star' => '0', + '$liked' => '0', + '$conv' => '0', + '$spam' => '0', + '$fh' => '0', + '$dm' => '0', '$nouveau' => '0', - '$wall' => '0', - '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), - '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1), - '$search' => (($tag) ? urlencode('#') : '') . $search, - '$xchan' => '', - '$order' => '', - '$file' => '', - '$cats' => '', - '$tags' => '', - '$mid' => '', - '$verb' => '', - '$net' => '', - '$dend' => '', - '$dbegin' => '' - )); - - - } - + '$wall' => '0', + '$list' => ((x($_REQUEST, 'list')) ? intval($_REQUEST['list']) : 0), + '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), + '$search' => (($tag) ? urlencode('#') : '') . $search, + '$xchan' => '', + '$order' => '', + '$file' => '', + '$cats' => '', + '$tags' => '', + '$mid' => '', + '$verb' => '', + '$net' => '', + '$dend' => '', + '$dbegin' => '' + ]); + + + } + $item_normal = item_normal_search(); - $pub_sql = public_permissions_sql($observer_hash); - + $pub_sql = public_permissions_sql($observer_hash); + require_once('include/channel.php'); - + $sys = get_sys_channel(); - - if(($update) && ($load)) { - $itemspage = get_pconfig(local_channel(),'system','itemspage'); - \App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); - $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); - + + if (($update) && ($load)) { + $itemspage = get_pconfig(local_channel(), 'system', 'itemspage'); + App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start'])); + // in case somebody turned off public access to sys channel content with permissions - - if(! perm_is_allowed($sys['channel_id'],$observer_hash,'view_stream')) + + if (!perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream')) $sys['xchan_hash'] .= 'disabled'; - - if($load) { + + if ($load) { $r = null; - - if(local_channel()) { + + if (local_channel()) { $r = q("SELECT mid, MAX(id) as item_id from item WHERE ((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) OR ( item.uid = %d )) OR item.owner_xchan = '%s' ) @@ -172,11 +203,11 @@ class Search extends \Zotlabs\Web\Controller { dbesc($sys['xchan_hash']) ); } - if($r === null) { + if ($r === null) { $r = q("SELECT mid, MAX(id) as item_id from item WHERE (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK | PERMS_PUBLIC) : PERMS_PUBLIC) . " )) $pub_sql ) OR owner_xchan = '%s') $item_normal $sql_extra @@ -184,51 +215,49 @@ class Search extends \Zotlabs\Web\Controller { dbesc($sys['xchan_hash']) ); } - if($r) { - $str = ids_to_querystr($r,'item_id'); - $r = q("select *, id as item_id from item where id in ( " . $str . ") order by created desc "); + if ($r) { + $str = ids_to_querystr($r, 'item_id'); + $r = q("select *, id as item_id from item where id in ( " . $str . ") order by created desc "); } } else { - $r = array(); + $r = []; } - - } - - if($r) { + + if ($r) { xchan_query($r); - $items = fetch_post_tags($r,true); - } else { - $items = array(); - } - - - if($format == 'json') { - $result = array(); + $items = fetch_post_tags($r, true); + } + else { + $items = []; + } + + if ($format == 'json') { + $result = []; require_once('include/conversation.php'); - foreach($items as $item) { + foreach ($items as $item) { $item['html'] = zidify_links(bbcode($item['body'])); - $x = encode_item($item); - $x['html'] = prepare_text($item['body'],$item['mimetype']); - $result[] = $x; + $x = encode_item($item); + $x['html'] = prepare_text($item['body'], $item['mimetype']); + $result[] = $x; } - json_return_and_die(array('success' => true,'messages' => $result)); + json_return_and_die(['success' => true, 'messages' => $result]); } - - if($tag) - $o .= '

' . sprintf( t('Items tagged with: %s'),$search) . '

'; + + if ($tag) + $o .= '

' . sprintf(t('Items tagged with: %s'), $search) . '

'; else - $o .= '

' . sprintf( t('Search results for: %s'),$search) . '

'; - - $o .= conversation($items,'search',$update,'client'); - + $o .= '

' . sprintf(t('Search results for: %s'), $search) . '

'; + + $o .= conversation($items, 'search', $update, 'client'); + $o .= '
'; - + return $o; } - - + + } diff --git a/Zotlabs/Module/Uexport.php b/Zotlabs/Module/Uexport.php index 3d1587b87..55c316317 100644 --- a/Zotlabs/Module/Uexport.php +++ b/Zotlabs/Module/Uexport.php @@ -17,6 +17,7 @@ class Uexport extends Controller { if(argc() > 1) { $sections = (($_REQUEST['sections']) ? explode(',',$_REQUEST['sections']) : ''); + $zap_compat = (($_REQUEST['zap_compat']) ? intval($_REQUEST['zap_compat']) : false); $channel = App::get_channel(); @@ -32,12 +33,12 @@ class Uexport extends Controller { header('content-disposition: attachment; filename="' . $channel['channel_address'] . (($year) ? '-' . $year : '') . (($month) ? '-' . $month : '') . (($_REQUEST['sections']) ? '-' . $_REQUEST['sections'] : '') . '.json"' ); if($year) { - echo json_encode(identity_export_year(local_channel(),$year,$month)); + echo json_encode(identity_export_year(local_channel(),$year,$month, $zap_compat)); killme(); } if(argc() > 1 && argv(1) === 'basic') { - echo json_encode(identity_basic_export(local_channel(),$sections)); + echo json_encode(identity_basic_export(local_channel(),$sections, $zap_compat)); killme(); } @@ -46,7 +47,7 @@ class Uexport extends Controller { if(argc() > 1 && argv(1) === 'complete') { $sections = get_default_export_sections(); $sections[] = 'items'; - echo json_encode(identity_basic_export(local_channel(),$sections)); + echo json_encode(identity_basic_export(local_channel(),$sections, $zap_compat)); killme(); } } diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index d24a31a15..6f2864615 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -3,34 +3,35 @@ namespace Zotlabs\Module; require_once('include/zot.php'); +use Zotlabs\Lib\Keyutils; use Zotlabs\Lib\Libzot; class Wfinger extends \Zotlabs\Web\Controller { function init() { - + session_write_close(); $result = array(); - + $scheme = ''; - + if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS']) $scheme = 'https'; elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) $scheme = 'https'; - + $zot = intval($_REQUEST['zot']); - + if(($scheme !== 'https') && (! $zot)) { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 500 . ' ' . 'Webfinger requires HTTPS'); killme(); } - - + + $resource = $_REQUEST['resource']; logger('webfinger: ' . $resource,LOGGER_DEBUG); - + $root_resource = false; $pchan = false; @@ -39,9 +40,9 @@ class Wfinger extends \Zotlabs\Web\Controller { $root_resource = true; $r = null; - + if(($resource) && (! $root_resource)) { - + if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); if(substr($channel,0,1) === '@' && strpos(substr($channel,1),'@')) { @@ -56,12 +57,12 @@ class Wfinger extends \Zotlabs\Web\Controller { goaway('https://' . $host . '/.well-known/webfinger?f=&resource=' . $resource . (($zot) ? '&zot=' . $zot : '')); } $channel = substr($channel,0,strpos($channel,'@')); - } + } } if(strpos($resource,'http') === 0) { $channel = str_replace('~','',basename($resource)); } - + if(substr($channel,0,1) === '[' ) { $channel = substr($channel,1); $channel = substr($channel,0,-1); @@ -74,16 +75,16 @@ class Wfinger extends \Zotlabs\Web\Controller { $r[0] = pchan_to_chan($r[0]); } } - else { + else { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc($channel) ); } } - + header('Access-Control-Allow-Origin: *'); - + if($root_resource) { $result['subject'] = $resource; @@ -100,52 +101,52 @@ class Wfinger extends \Zotlabs\Web\Controller { - + } if($resource && $r) { - + $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", dbesc($r[0]['channel_hash']) ); - + $result['subject'] = $resource; - + $aliases = array( z_root() . (($pchan) ? '/pchan/' : '/channel/') . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address'], z_root() . '/@' . $r[0]['channel_address'] ); - + if($h) { foreach($h as $hh) { $aliases[] = 'acct:' . $hh['hubloc_addr']; } } - + $result['aliases'] = []; - + $result['properties'] = [ 'http://webfinger.net/ns/name' => $r[0]['channel_name'], 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'], 'http://purl.org/zot/federation' => 'zot6,zot' ]; - - foreach($aliases as $alias) + + foreach($aliases as $alias) if($alias != $resource) $result['aliases'][] = $alias; - + if($pchan) { $result['links'] = [ - + [ 'rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l'] ], - + [ 'rel' => 'http://webfinger.net/rel/profile-page', 'href' => $r[0]['xchan_url'], @@ -153,7 +154,7 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'magic-public-key', - 'href' => 'data:application/magic-public-key,' . salmon_key($r[0]['channel_pubkey']), + 'href' => 'data:application/magic-public-key,' . Keyutils::salmonKey($r[0]['channel_pubkey']), ] ]; @@ -167,13 +168,13 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], - 'href' => $r[0]['xchan_photo_l'] + 'href' => $r[0]['xchan_photo_l'] ], [ 'rel' => 'http://microformats.org/profile/hcard', 'type' => 'text/html', - 'href' => z_root() . '/hcard/' . $r[0]['channel_address'] + 'href' => z_root() . '/hcard/' . $r[0]['channel_address'] ], [ @@ -187,8 +188,8 @@ class Wfinger extends \Zotlabs\Web\Controller { ], [ - 'rel' => 'http://schemas.google.com/g/2010#updates-from', - 'type' => 'application/atom+xml', + 'rel' => 'http://schemas.google.com/g/2010#updates-from', + 'type' => 'application/atom+xml', 'href' => z_root() . '/ofeed/' . $r[0]['channel_address'] ], @@ -221,7 +222,7 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'magic-public-key', - 'href' => 'data:application/magic-public-key,' . salmon_key($r[0]['channel_pubkey']), + 'href' => 'data:application/magic-public-key,' . Keyutils::salmonKey($r[0]['channel_pubkey']), ] ]; } @@ -236,12 +237,12 @@ class Wfinger extends \Zotlabs\Web\Controller { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); killme(); } - + $arr = [ 'channel' => $r[0], 'pchan' => $pchan, 'request' => $_REQUEST, 'result' => $result ]; call_hooks('webfinger',$arr); json_return_and_die($arr['result'],'application/jrd+json'); - + } - + } diff --git a/Zotlabs/Module/Xrd.php b/Zotlabs/Module/Xrd.php index 959e31cbe..21574eb8d 100644 --- a/Zotlabs/Module/Xrd.php +++ b/Zotlabs/Module/Xrd.php @@ -1,19 +1,21 @@ $r[0]['channel_address'], '$accturi' => $resource, @@ -60,14 +62,14 @@ class Xrd extends \Zotlabs\Web\Controller { '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?f=&url={uri}', )); - - + + $arr = array('user' => $r[0], 'xml' => $o); call_hooks('personal_xrd', $arr); - + echo $arr['xml']; killme(); - + } - + } diff --git a/Zotlabs/Module/Zotfeed.php b/Zotlabs/Module/Zotfeed.php index 8c13682b4..2566924aa 100644 --- a/Zotlabs/Module/Zotfeed.php +++ b/Zotlabs/Module/Zotfeed.php @@ -1,29 +1,142 @@ true, + 'wall' => 1, + 'datequery' => $params['end'], + 'datequery2' => $params['begin'], + 'direction' => dbesc($params['direction']), + 'pages' => $params['pages'], + 'order' => dbesc('post'), + 'top' => $params['top'], + 'cat' => $params['cat'], + 'compat' => $params['compat'] + ], $channel, $observer_hash, CLIENT_MODE_NORMAL, App::$module + ); + + if ($total) { + App::set_pager_total($total); + App::set_pager_itemspage(30); + } + + if (App::$pager['unset'] && $total > 30) { + $ret = Activity::paged_collection_init($total, App::$query_string); + } + else { + + $items = items_fetch( + [ + 'wall' => 1, + 'datequery' => $params['end'], + 'datequery2' => $params['begin'], + 'records' => intval(App::$pager['itemspage']), + 'start' => intval(App::$pager['start']), + 'direction' => dbesc($params['direction']), + 'pages' => $params['pages'], + 'order' => dbesc('post'), + 'top' => $params['top'], + 'cat' => $params['cat'], + 'compat' => $params['compat'] + ], $channel, $observer_hash, CLIENT_MODE_NORMAL, App::$module + ); + + if ($items && $observer_hash) { + + // check to see if this observer is a connection. If not, register any items + // belonging to this channel for notification of deletion/expiration + + $x = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'", + intval($channel['channel_id']), + dbesc($observer_hash) + ); + if (!$x) { + foreach ($items as $item) { + if (strpos($item['mid'], z_root()) === 0) { + ThreadListener::store($item['mid'], $observer_hash); + } + } + } + } + + $ret = Activity::encode_item_collection($items, App::$query_string, 'OrderedCollection', $total); + } + + as_return_and_die($ret, $channel); + } + + /* $result = array('success' => false); - + $mindate = (($_REQUEST['mindate']) ? datetime_convert('UTC','UTC',$_REQUEST['mindate']) : ''); if(! $mindate) $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); - + if(observer_prohibited()) { $result['message'] = 'Public access denied'; json_return_and_die($result); } - - $observer = \App::get_observer(); - + + $observer = App::get_observer(); + logger('observer: ' . get_observer_hash(), LOGGER_DEBUG); - + $channel_address = ((argc() > 1) ? argv(1) : ''); if($channel_address) { $r = q("select channel_id, channel_name from channel where channel_address = '%s' and channel_removed = 0 limit 1", @@ -40,12 +153,12 @@ class Zotfeed extends \Zotlabs\Web\Controller { $result['message'] = 'Channel not found.'; json_return_and_die($result); } - + logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); - $result['project'] = 'Hubzilla'; + $result['project'] = 'Hubzilla'; $result['messages'] = zot_feed($r[0]['channel_id'],$observer['xchan_hash'],array('mindate' => $mindate)); $result['success'] = true; json_return_and_die($result); + */ } - } -- cgit v1.2.3 From 2b03e51bfc46a3ac25b225b5f87740c4d5736dfe Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Tue, 2 Mar 2021 18:45:13 +0100 Subject: did2 chk num 5...10 --- Zotlabs/Module/Register.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 8f873f372..b473cd91f 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -95,7 +95,7 @@ class Register extends Controller { goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); } - if ( preg_match('/^d{1,1}[0-9]{6,10}$/', $email ) ) { + if ( preg_match('/^d{1,1}[0-9]{5,10}$/', $email ) ) { // dId2 A artifical & anonymous goaway(z_root() . '/regate/' . bin2hex($email) . 'a' ); } @@ -516,7 +516,7 @@ class Register extends Controller { '$tao' => "typeof(window.tao) == 'undefined' ? window.tao = {} : '';\n" . "tao.zar = { vsn: '2.0.0', form: {}, msg: {} };\n" - . "tao.zar.patano = /^d[0-9]{6}$/;\n" + . "tao.zar.patano = /^d[0-9]{5,10}$/;\n" . "tao.zar.patema = /^[a-z0-9.-]{2,64}@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/;\n" . "tao.zar.msg.ZAR0239E = '" . t('email mistake') . "';\n", -- cgit v1.2.3 From c29261487cdecda4282df25769540bc4fa20631d Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Wed, 3 Mar 2021 12:59:19 +0100 Subject: a bit more useability for the admin at the beginning --- Zotlabs/Module/Admin/Accounts.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 74e562a9c..7073f026a 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -187,11 +187,12 @@ class Accounts { */ $tao = 'tao.zar.zarax = ' . "'" . '' . "';\n"; + // better useability at the moment to tell all (ACCOUNT_PENDING >= 0) instead of (> 0 for those need approval) $pending = q("SELECT @i:=@i+1 AS reg_n, @i MOD 2 AS reg_z, " ." reg_did2, reg_created, reg_startup, reg_expires, reg_email, reg_atip, reg_hash, reg_id, " ." CASE (reg_flags & %d) WHEN 0 THEN '✔ verified' WHEN 1 THEN '× not yet' END AS reg_vfd " ." FROM register, (SELECT @i:=0) AS i " - ." WHERE reg_vital = 1 AND (reg_flags & %d) > 0 ", + ." WHERE reg_vital = 1 AND (reg_flags & %d) >= 0 ", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_PENDING) ); -- cgit v1.2.3 From 22d769ecae17c9d5d36232c543b48b0a155ca502 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 13 Mar 2021 22:13:17 +0000 Subject: fix mod subthread for zot6 --- Zotlabs/Module/Subthread.php | 115 +++++++++++++++++++------------------------ Zotlabs/Module/Zotfeed.php | 2 +- 2 files changed, 51 insertions(+), 66 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Subthread.php b/Zotlabs/Module/Subthread.php index 30e57197d..a796d85cb 100644 --- a/Zotlabs/Module/Subthread.php +++ b/Zotlabs/Module/Subthread.php @@ -1,6 +1,9 @@ 2) ? notags(trim(argv(2))) : 0); - + if(argv(1) === 'sub') $activity = ACTIVITY_FOLLOW; elseif(argv(1) === 'unsub') $activity = ACTIVITY_UNFOLLOW; - - + + $i = q("select * from item where id = %d and uid = %d", intval($item_id), intval(local_channel()) @@ -42,7 +45,7 @@ class Subthread extends \Zotlabs\Web\Controller { $item_id = (($i) ? $i[0]['id'] : 0); } } - + if(! $i) { return; } @@ -56,37 +59,37 @@ class Subthread extends \Zotlabs\Web\Controller { dbesc($r[0]['parent']) ); } - + if((! $item_id) || (! $r)) { logger('subthread: no item ' . $item_id); return; } - + $item = $r[0]; - + $owner_uid = $item['uid']; $observer = \App::get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + if(! perm_is_allowed($owner_uid,$ob_hash,'post_comments')) return; - + $sys = get_sys_channel(); - + $owner_uid = $item['uid']; $owner_aid = $item['aid']; - + // if this is a "discover" item, (item['uid'] is the sys channel), // fallback to the item comment policy, which should've been // respected when generating the conversation thread. // Even if the activity is rejected by the item owner, it should still get attached - // to the local discover conversation on this site. - + // to the local discover conversation on this site. + if(($owner_uid != $sys['channel_id']) && (! perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_comments'))) { notice( t('Permission denied') . EOL); killme(); } - + $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['owner_xchan']) ); @@ -94,7 +97,7 @@ class Subthread extends \Zotlabs\Web\Controller { $thread_owner = $r[0]; else killme(); - + $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan']) ); @@ -102,50 +105,32 @@ class Subthread extends \Zotlabs\Web\Controller { $item_author = $r[0]; else killme(); - - - - + + + + $uuid = item_message_id(); $mid = z_root() . '/item/' . $uuid; $post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status')); - + $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink'])); - $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); - + $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + $body = $item['body']; - - $obj = json_encode(array( - 'type' => $objtype, - 'id' => $item['mid'], - 'parent' => (($item['thr_parent']) ? $item['thr_parent'] : $item['parent_mid']), - 'link' => $links, - 'title' => $item['title'], - 'content' => $item['body'], - 'created' => $item['created'], - 'edited' => $item['edited'], - 'author' => array( - 'name' => $item_author['xchan_name'], - 'address' => $item_author['xchan_addr'], - 'guid' => $item_author['xchan_guid'], - 'guid_sig' => $item_author['xchan_guid_sig'], - 'link' => array( - array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item_author['xchan_url']), - array('rel' => 'photo', 'type' => $item_author['xchan_photo_mimetype'], 'href' => $item_author['xchan_photo_m'])), - ), - )); - + + $obj = Activity::fetch_item( [ 'id' => $item['mid'] ] ); + if(! intval($item['item_thread_top'])) - $post_type = 'comment'; - + $post_type = 'comment'; + if($activity === ACTIVITY_FOLLOW) $bodyverb = t('%1$s is following %2$s\'s %3$s'); if($activity === ACTIVITY_UNFOLLOW) $bodyverb = t('%1$s stopped following %2$s\'s %3$s'); - + $arr = array(); - + $arr['uuid'] = $uuid; $arr['mid'] = $mid; $arr['aid'] = $owner_aid; @@ -161,35 +146,35 @@ class Subthread extends \Zotlabs\Web\Controller { $arr['item_wall'] = 1; else $arr['item_wall'] = 0; - + $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]'; - + $arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink ); - + $arr['verb'] = $activity; $arr['obj_type'] = $objtype; - $arr['obj'] = $obj; - + $arr['obj'] = json_encode($obj); + $arr['allow_cid'] = $item['allow_cid']; $arr['allow_gid'] = $item['allow_gid']; $arr['deny_cid'] = $item['deny_cid']; $arr['deny_gid'] = $item['deny_gid']; - - $post = item_store($arr); + + $post = item_store($arr); $post_id = $post['item_id']; - + $arr['id'] = $post_id; - + call_hooks('post_local_end', $arr); - + killme(); - - + + } - - - - + + + + } diff --git a/Zotlabs/Module/Zotfeed.php b/Zotlabs/Module/Zotfeed.php index 2566924aa..6f29daec5 100644 --- a/Zotlabs/Module/Zotfeed.php +++ b/Zotlabs/Module/Zotfeed.php @@ -19,7 +19,7 @@ class Zotfeed extends Controller { killme(); } - $channel = ((argv(1)) ? channelx_by_nick(argv(1)) : get_sys_channel()); + $channel = channelx_by_nick(argv(1)); if (!$channel) { killme(); } -- cgit v1.2.3 From b6d30f67345f37dae8dfffd96b065e6139364bcd Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 14 Mar 2021 09:01:12 +0000 Subject: mod subthread issue continued --- Zotlabs/Module/Activity.php | 17 +++++++++++++---- Zotlabs/Module/Item.php | 14 ++++++++++++-- 2 files changed, 25 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Activity.php b/Zotlabs/Module/Activity.php index 48f2663cf..2fbc35274 100644 --- a/Zotlabs/Module/Activity.php +++ b/Zotlabs/Module/Activity.php @@ -26,7 +26,12 @@ class Activity extends Controller { $portable_id = EMPTY_STR; - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + $item_normal_extra = sprintf(" and not verb in ('%s', '%s') ", + dbesc(ACTIVITY_FOLLOW), + dbesc(ACTIVITY_UNFOLLOW) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra "; $i = null; @@ -86,7 +91,7 @@ class Activity extends Controller { } $parents_str = ids_to_querystr($i,'item_id'); - + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal ", dbesc($parents_str) ); @@ -197,8 +202,12 @@ class Activity extends Controller { } } - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 - and item.item_delayed = 0 and item.item_blocked = 0 "; + $item_normal_extra = sprintf(" and not verb in ('%s', '%s') ", + dbesc(ACTIVITY_FOLLOW), + dbesc(ACTIVITY_UNFOLLOW) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra "; $sigdata = HTTPSig::verify(EMPTY_STR); if ($sigdata['portable_id'] && $sigdata['header_valid']) { diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 32c146bce..ff52babf5 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -55,7 +55,12 @@ class Item extends Controller { $portable_id = EMPTY_STR; - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + $item_normal_extra = sprintf(" and not verb in ('%s', '%s') ", + dbesc(ACTIVITY_FOLLOW), + dbesc(ACTIVITY_UNFOLLOW) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra "; $i = null; @@ -167,7 +172,12 @@ class Item extends Controller { $portable_id = EMPTY_STR; - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + $item_normal_extra = sprintf(" and not verb in ('%s', '%s') ", + dbesc(ACTIVITY_FOLLOW), + dbesc(ACTIVITY_UNFOLLOW) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra "; $i = null; -- cgit v1.2.3 From 0fbd0ca416333ee5f675651be7bce5e82aad27fe Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 14 Mar 2021 19:23:02 +0000 Subject: cleanup --- Zotlabs/Module/Zotfeed.php | 40 ---------------------------------------- 1 file changed, 40 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Zotfeed.php b/Zotlabs/Module/Zotfeed.php index 6f29daec5..e47367036 100644 --- a/Zotlabs/Module/Zotfeed.php +++ b/Zotlabs/Module/Zotfeed.php @@ -120,45 +120,5 @@ class Zotfeed extends Controller { as_return_and_die($ret, $channel); } - - /* - $result = array('success' => false); - - $mindate = (($_REQUEST['mindate']) ? datetime_convert('UTC','UTC',$_REQUEST['mindate']) : ''); - if(! $mindate) - $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); - - if(observer_prohibited()) { - $result['message'] = 'Public access denied'; - json_return_and_die($result); - } - - $observer = App::get_observer(); - - logger('observer: ' . get_observer_hash(), LOGGER_DEBUG); - - $channel_address = ((argc() > 1) ? argv(1) : ''); - if($channel_address) { - $r = q("select channel_id, channel_name from channel where channel_address = '%s' and channel_removed = 0 limit 1", - dbesc(argv(1)) - ); - } - else { - $x = get_sys_channel(); - if($x) - $r = array($x); - $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); - } - if(! $r) { - $result['message'] = 'Channel not found.'; - json_return_and_die($result); - } - - logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); - $result['project'] = 'Hubzilla'; - $result['messages'] = zot_feed($r[0]['channel_id'],$observer['xchan_hash'],array('mindate' => $mindate)); - $result['success'] = true; - json_return_and_die($result); - */ } } -- cgit v1.2.3 From ed64eba13adf55e564d127e1640409fccca00fd3 Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 14 Mar 2021 20:23:33 +0000 Subject: php8: fix some undefined variables --- Zotlabs/Module/Network.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index ee6ff3619..a21095940 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -457,6 +457,8 @@ class Network extends \Zotlabs\Web\Controller { if($update && $_SESSION['loadtime']) $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; + $items = []; + if($nouveau && $load) { // "New Item View" - show all items unthreaded in reverse created date order $items = q("SELECT item.*, item.id AS item_id, created FROM item -- cgit v1.2.3 From 4be123dc84cdc6ab47b194d49dff9498f7ea27df Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 15 Mar 2021 10:10:08 +0000 Subject: fix default value displayed if value is set to empty or zero. fix #1536 and #1537 --- Zotlabs/Module/Admin/Site.php | 78 +++++++++++++++++++++---------------------- 1 file changed, 39 insertions(+), 39 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 879923132..18408043c 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -125,8 +125,8 @@ class Site { } else { - //logger( print_r( $this->msgbg, true) ); - //logger( print_r( $this->joo, true) ); + //logger( print_r( $this->msgbg, true) ); + //logger( print_r( $this->joo, true) ); if ($this->error === 0) { set_config('system', 'register_duty', $this->register_duty); set_config('system', 'register_duty_jso', $this->joo); @@ -357,23 +357,23 @@ class Site { 'd' => t('Day(s)') , 'w' => t('Week(s)') , 'm' => t('Month(s)') , - 'y' => t('Year(s)') + 'y' => t('Year(s)') ); $regdelay = get_config('system','register_delay'); if ($regdelay) list($regdelay_n, $regdelay_u) = array(substr($regdelay,0,-1),substr($regdelay,-1)); $reg_delay = replace_macros(get_markup_template('field_duration.qmc.tpl'), - array( + array( 'label' => t('Account registration delay'), - 'qmc' => 'zar', + 'qmc' => 'zar', 'qmcid' => 'ZAR0860C', 'help' => t('How long a registration request has to wait before validation can perform.' . ' No delay if zero or no value.'), 'field' => array( - 'name' => 'delay', + 'name' => 'delay', 'title' => t('duration up from now'), - 'value' => ($regdelay_n ? $regdelay_n : 90), - 'min' => '0', + 'value' => ($regdelay_n === false ? 90 : $regdelay_n), + 'min' => '0', 'max' => '99', 'size' => '2', 'default' => ($regdelay_u ? $regdelay_u : 'i') @@ -385,22 +385,22 @@ class Site { if ($regexpire) list($regexpire_n, $regexpire_u) = array(substr($regexpire,0,-1),substr($regexpire,-1)); $reg_expire = replace_macros(get_markup_template('field_duration.qmc.tpl'), - array( + array( 'label' => t('Account registration expiration'), - 'qmc' => 'zar', + 'qmc' => 'zar', 'qmcid' => 'ZAR0862C', 'help' => t('How long a registration to confirm remains valid.' . ' Not expire if zero or no value.'), 'field' => array( - 'name' => 'expire', + 'name' => 'expire', 'title' => t('duration up from now'), - 'value' => ($regexpire_n ? $regexpire_n : 2), - 'min' => '0', + 'value' => ($regexpire_n === false ? 2 : $regexpire_n), + 'min' => '0', 'max' => '99', 'size' => '2', 'default' => ($regexpire_u ? $regexpire_u : 'i') ), - 'rabot' => $reg_rabots + 'rabot' => $reg_rabots ) ); $invitation_only = get_config('system',self::ivo); @@ -437,27 +437,27 @@ class Site { // Register // [hilmar-> - '$register_text' => array('register_text', - t("Register text"), + '$register_text' => array('register_text', + t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.") . ' ' . t('If you operate with register duties (see ZAR0830C), best practise is to tell cleartext about here'), 'ZAR0810C'), - '$register_policy' => array('register_policy', - t("Does this site allow new member registration?"), - get_config('system','register_policy'), - "", + '$register_policy' => array('register_policy', + t("Does this site allow new member registration?"), + get_config('system','register_policy'), + "", $register_choices, 'ZAR0820C'), '$register_duty' => array('register_duty', t('Registration office on duty'), $this->register_duty = get_config('system', 'register_duty'), - t('The weekdays and hours the register office is open for registrations') . '. ' + t('The weekdays and hours the register office is open for registrations') . '. ' . t('Split weekdays and hours per `:`') . '. ' . t('Separate weekday(s):hour(s) pairs with blank(s)') . '. ' . t('Several values or ranges are to split by comma') . '. ' . t('From-To ranges are joined with `-`') . '. ' - . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' + . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' . ' ' . t('Parse and test your input') . ''. EOL . t('If left empty, defaults to 24h closed everyday the week.') . ' ' . t('To keep open 24h everyday the week, short is `-:-`.') . ' ' @@ -466,45 +466,45 @@ class Site { . t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'), 'ZAR0830C'), '$register_perday' => array('register_perday', - t('Account registrations max per day'), - (x(get_config('system', 'max_daily_registrations'))) - ? get_config('system', 'max_daily_registrations') : 50, + t('Account registrations max per day'), + (x(get_config('system', 'max_daily_registrations'))) + ? get_config('system', 'max_daily_registrations') : 50, t('How many registration requests the site accepts during one day. Unlimited if zero or no value. Default 50'), 'ZAR0840C'), '$register_sameip' => array('register_sameip', - t('Account registrations from same ip'), - (x(get_config('system', 'register_sameip'))) - ? get_config('system', 'register_sameip') : 3, + t('Account registrations from same ip'), + (x(get_config('system', 'register_sameip'))) + ? get_config('system', 'register_sameip') : 3, t('How many pending registration requests the site accepts from a same ip address.'), 'ZAR0850C'), '$reg_delay'=>$reg_delay, '$reg_expire'=>$reg_expire, '$reg_autochannel' => array('auto_channel_create', - t("Auto channel create"), - get_config('system','auto_channel_create'), + t("Auto channel create"), + get_config('system','auto_channel_create'), t("Auto create a channel when register a new account. When On, the register form will show additional fields for the channel-name and the nickname."), "", "", 'ZAR0870C'), '$invitation_only' => array(self::ivo, - ($invitation_only === false ? '✗' : '✓') . ' ' . t("Invitation only"), - $invitation_only, + ($invitation_only === false ? '✗' : '✓') . ' ' . t("Invitation only"), + $invitation_only, t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes."), "", "", 'ZAR0880C'), '$invitation_also' => array(self::iva, - ($invitation_also === false ? '✗' : '✓') . ' ' . t("Invitation also"), + ($invitation_also === false ? '✗' : '✓') . ' ' . t("Invitation also"), $invitation_also, t("Also allow new member registrations with an invitation code. Above register policy must be set to Yes."), "", "", 'ZAR0881C'), '$verify_email' => array('verify_email', - t("Verify Email Addresses"), - get_config('system','verify_email'), + t("Verify Email Addresses"), + get_config('system','verify_email'), t("Check to verify email addresses used in account registration (recommended)."), "", "", 'ZAR0890C'), '$abandon_days' => array('abandon_days', - t('Accounts abandoned after x days'), - get_config('system','account_abandon_days'), + t('Accounts abandoned after x days'), + get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.'), 'appears not to be implemented (2010.01)'), // <-hilmar] @@ -566,7 +566,7 @@ class Site { * ie 0900-1200,1300-1800 for hours * ie 1-2,4,5 for weekdays * ie 1-2:900-1800 monday and tuesday open from 9 to 18h - * + * * @var $register_duty is the input field from the admin -> site page * @return the results are in the class vars $error, $msgbg and $jsoo * $jsoo is @@ -600,7 +600,7 @@ class Site { } } - if (! $this->register_duty) + if (! $this->register_duty) $this->register_duty = '1-7'; $ranges = preg_split('/\s+/', $this->register_duty); $this->msgbg .= '..ranges: ' . print_r(count($ranges),true) . $this->eol; -- cgit v1.2.3 From a5ac3888898d709bdd63900dff79b21823477d85 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 15 Mar 2021 10:31:23 +0000 Subject: air: fix calculate_adue() to return false if the value is zero and do not hardcode regexpire - adding the max setting (99 years) should be fine. --- Zotlabs/Module/Register.php | 140 ++++++++++++++++++++++---------------------- 1 file changed, 70 insertions(+), 70 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index b473cd91f..b2b72bba1 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -14,18 +14,18 @@ class Register extends Controller { function init() { // ZAR0 - + $result = null; $cmd = ((argc() > 1) ? argv(1) : ''); - + // Provide a stored request for somebody desiring a connection // when they first need to register someplace. Once they've - // created a channel, we'll try to revive the connection request + // created a channel, we'll try to revive the connection request // and process it. if($_REQUEST['connect']) $_SESSION['connect'] = $_REQUEST['connect']; - + switch($cmd) { case 'invite_check.json': $result = check_account_invite($_REQUEST['invite_code']); @@ -36,15 +36,15 @@ class Register extends Controller { case 'password_check.json': $result = check_account_password($_REQUEST['password1']); break; - default: + default: break; } if($result) { json_return_and_die($result); } } - - + + function post() { check_form_security_token_redirectOnErr('/register', 'register'); @@ -56,20 +56,20 @@ class Register extends Controller { * required if all is on the right road (most posts are not accepted during off duty). * */ - + $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; $duty = zar_register_dutystate(); $is247 = false; $ip = $_SERVER['REMOTE_ADDR']; $sameip = intval(get_config('system','register_sameip')); - + $arr = $_POST; $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); $reonar = array(); - + // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) if ($email && $invite_code) { @@ -106,12 +106,12 @@ class Register extends Controller { if ($act > 0 && !$is247 && !$duty['isduty']) { // normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like) // log suitable for f2b also - $logmsg = 'ZAR0230S Unexpected registration request off duty'; + $logmsg = 'ZAR0230S Unexpected registration request off duty'; zar_log($logmsg); goaway(z_root() . '/~'); } - if ($sameip && !$is247) { + if ($sameip && !$is247) { $f = q("SELECT COUNT(reg_atip) AS atip FROM register WHERE reg_vital = 1 AND reg_atip = '%s' ", dbesc($ip) ); @@ -122,22 +122,22 @@ class Register extends Controller { } } - // s2 max daily + // s2 max daily // msg? if ( !$is247 && self::check_reg_limits()['is'] ) return; // accept tos if(! x($_POST,'tos')) { // msg! - notice( 'ZAR0230E ' + notice( 'ZAR0230E ' . t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL); return; } - + // pw1 == pw2 if((! $_POST['password']) || ($_POST['password'] !== $_POST['password2'])) { // msg! - notice( 'ZAR0230E ' + notice( 'ZAR0230E ' . t('Passwords do not match.') . EOL); return; } @@ -148,29 +148,29 @@ class Register extends Controller { if ($email) { if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { // msg! - notice('ZAR0239E ' + notice('ZAR0239E ' . t('Email address mistake') . EOL); return; } } - + $policy = intval(get_config('system','register_policy')); $invonly = intval(get_config('system','invitation_only')); $invalso = intval(get_config('system','invitation_also')); $auto_create = (get_config('system','auto_channel_create') ? true : false); $auto_create = true; - - + + switch($policy) { - + case REGISTER_OPEN: $flags = ACCOUNT_OK; break; - + case REGISTER_APPROVE: $flags = ACCOUNT_PENDING; break; - + default: case REGISTER_CLOSED: if(! is_site_admin()) { @@ -180,10 +180,10 @@ class Register extends Controller { $flags = ACCOUNT_BLOCKED; break; } - + if($email_verify && ($policy == REGISTER_OPEN || $policy == REGISTER_APPROVE) ) $flags = ($flags | ACCOUNT_UNVERIFIED); - + // $arr has $_POST; $arr['account_flags'] = $flags; $now = datetime_convert(); @@ -207,7 +207,7 @@ class Register extends Controller { $isa = get_account_by_id($reg['reg_uid']); $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); - // approve contra invite by admin + // approve contra invite by admin if ($isa && $policy == REGISTER_APPROVE) $flags &= $flags ^ ACCOUNT_PENDING; @@ -218,7 +218,7 @@ class Register extends Controller { // update reg vital 0 off $icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", intval($reg['reg_id']) - ); + ); $msg = 'ZAR0237I ' . t('Invitation code succesfully applied'); zar_log($msg) . ', ' . $email; @@ -226,12 +226,12 @@ class Register extends Controller { info($msg . EOL); $well = true; - + } else { // msg! notice('ZAR0236E ' . t('Invitation not in time or too late') . EOL); - goaway(z_root() . '/~'); + goaway(z_root() . '/~'); } } else { @@ -239,7 +239,7 @@ class Register extends Controller { $msg = 'ZAR0235S ' . t('Invitation email failed'); zar_log($msg); notice($msg . EOL); - goaway(z_root() . '/~'); + goaway(z_root() . '/~'); } } else { @@ -247,12 +247,12 @@ class Register extends Controller { $msg = 'ZAR0234S ' . t('Invitation code failed') ; zar_log($msg); notice( $msg . EOL); - goaway(z_root() . '/~'); + goaway(z_root() . '/~'); } } else { notice('ZAR0232E ' . t('Invitations are not available') . EOL); - goaway(z_root() . '/~'); + goaway(z_root() . '/~'); } @@ -265,7 +265,7 @@ class Register extends Controller { $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_email = '%s'", dbesc('e' . $email)); - if ( ! $reg) + if ( ! $reg) $act = q("SELECT * from account WHERE account_email = '%s'", dbesc($email)); // in case an invitation was made but the invitecode was not entered, better ignore. @@ -284,14 +284,14 @@ class Register extends Controller { // use another msg instead ? TODO ? // on the other hand can play the fail2ban game zar_log($msg . ' (' . $email . ')'); - goaway(z_root()); - } + goaway(z_root()); + } } else { $msg = 'ZAR0233E ' . t('Registration on this hub is by invitation only') . EOL; notice($msg); zar_log($msg); - goaway(z_root()); + goaway(z_root()); } } @@ -300,13 +300,13 @@ class Register extends Controller { if($policy == REGISTER_OPEN || $policy == REGISTER_APPROVE ) { - $cfgdelay = get_config( 'system', 'register_delay' ); + $cfgdelay = get_config( 'system', 'register_delay' ); $regdelay = calculate_adue( $cfgdelay ); - $regdelay = $regdelay ? $regdelay['due'] : $now; + $regdelay = $regdelay ? $regdelay['due'] : $now; - $cfgexpire = get_config('system','register_expire' ); + $cfgexpire = get_config('system','register_expire' ); $regexpire = calculate_adue( $cfgexpire ); - $regexpire = $regexpire ? $regexpire['due'] : '2099-12-31 23:59:59'; + $regexpire = $regexpire ? $regexpire['due'] : datetime_convert('UTC', 'UTC', 'now + 99 years'); // handle an email request that will be verified or an ivitation associated with an email address if ( $email > '' && ($email_verify || $icdone) ) { @@ -369,23 +369,23 @@ class Register extends Controller { dbesc(substr(get_best_language(),0,2)), dbesc($ip), dbesc(json_encode( $reonar )) - ); + ); if ($didx == 'a') { - + $lid = q("SELECT reg_id FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' AND reg_pass = '%s' ", dbesc($did2), dbesc(bin2hex($password)) ); if ($lid && count($lid) == 1 ) { - $didnew = ( $lid[0]['reg_id'] . $did2 ) + $didnew = ( $lid[0]['reg_id'] . $did2 ) . ( substr( base_convert( md5( $lid[0]['reg_id'] . $did2 ), 16, 10 ),-2 ) ); $reg = q("UPDATE register SET reg_did2 = CONCAT('d','%s') WHERE reg_id = %d ", dbesc($didnew), intval($lid[0]['reg_id']) ); - zar_log( 'ZAR0239A ' . t('New register request') . ' d' . $didnew . ', ' + zar_log( 'ZAR0239A ' . t('New register request') . ' d' . $didnew . ', ' . $regdelay . ' - ' . $regexpire); // notice( 'ZAR0239I,' . t( 'Your didital id is' ) . EOL . 'd' . $didnew . EOL $_SESSION['zar']['msg'] = ( 'ZAR0239I,' . t( 'Your didital id is' ) . EOL . 'd' . $didnew . EOL @@ -406,24 +406,24 @@ class Register extends Controller { } } } - - - + + + function get() { - + $registration_is = ''; $other_sites = ''; - + if(intval(get_config('system','register_policy')) === REGISTER_CLOSED) { if(intval(get_config('system','directory_mode')) === DIRECTORY_MODE_STANDALONE) { notice( 'ZAR0130E ' . t('Registration on this hub is disabled.') . EOL); return; } - $mod = new Pubsites(); + $mod = new Pubsites(); return $mod->get(); } - + if(intval(get_config('system','register_policy')) == REGISTER_APPROVE) { $registration_is = t('Registration on this hub is by approval only.') . 'ZAR0131I'; $other_sites = '' . t('Register at another affiliated hub in case when prefered') . ''; @@ -446,7 +446,7 @@ class Register extends Controller { } $opal = self::check_reg_limits(); - if ( $opal['is']) + if ( $opal['is']) $duty['atform'] = 'disabled'; $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : ""); @@ -457,12 +457,12 @@ class Register extends Controller { $tosurl = get_config('system','tos_url'); if(! $tosurl) $tosurl = z_root() . '/help/TermsOfService'; - + $toslink = '' . t('Terms of Service') . ''; - + // Configurable whether to restrict age or not - default is based on international legal requirements // This can be relaxed if you are on a restricted server that does not share with public servers - + if(get_config('system','no_age_restriction')) { $label_tos = sprintf( t('I accept the %s for this website'), $toslink); } @@ -475,32 +475,32 @@ class Register extends Controller { } $enable_tos = 1 - intval(get_config('system','no_termsofservice')); - + $emailval = ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : ""); $email = array('email', t('Your email address (or leave blank to register without email)') . ' ZAR0136I', - $emailval, + $emailval, t('If the registation was already submitted with your data once ago, enter your identity (like email) here and submit') . 'ZAR0133I' ); - $password = array('password', t('Choose a password'), ''); - $password2 = array('password2', t('Please re-enter your password'), ''); - + $password = array('password', t('Choose a password'), ''); + $password2 = array('password2', t('Please re-enter your password'), ''); + $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); // $name = array('name', t('Your Name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); - $nickname = array('nickname', t('Choose a short nickname'), - ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), + $nickname = array('nickname', t('Choose a short nickname'), + ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub)); - $role = array('permissions_role' , t('Channel role and privacy'), - ($privacy_role) ? $privacy_role : 'social', - t('Select a channel permission role for your usage needs and privacy requirements.') - . ' ' - . t('Read more about channel permission roles') + $role = array('permissions_role' , t('Channel role and privacy'), + ($privacy_role) ? $privacy_role : 'social', + t('Select a channel permission role for your usage needs and privacy requirements.') + . ' ' + . t('Read more about channel permission roles') . '',$perm_roles); // @@ -509,9 +509,9 @@ class Register extends Controller { $auto_create = (get_config('system','auto_channel_create') ? true : false); $default_role = get_config('system','default_permissions_role'); $email_verify = get_config('system','verify_email'); - + require_once('include/bbcode.php'); - + $o = replace_macros(get_markup_template('register.tpl'), array( '$tao' => "typeof(window.tao) == 'undefined' ? window.tao = {} : '';\n" @@ -547,7 +547,7 @@ class Register extends Controller { '$submit' => t('Register'), '$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') . 'ZAR0135I' : ''), )); - + return $o; } -- cgit v1.2.3 From bd24224b761d8471767b8a5b7bd5e626583485f6 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 15 Mar 2021 12:45:39 +0000 Subject: air: fix register notifications --- Zotlabs/Module/Admin/Accounts.php | 65 +++++++++++++++++---------------------- Zotlabs/Module/Sse_bs.php | 5 ++- 2 files changed, 31 insertions(+), 39 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 7073f026a..3a2fd1dcc 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -5,7 +5,7 @@ namespace Zotlabs\Module\Admin; class Accounts { - + /** * @brief Handle POST actions on accounts admin page. * @@ -23,9 +23,9 @@ class Accounts { $pending = ( x($_POST, 'pending') ? $_POST['pending'] : array() ); $users = ( x($_POST, 'user') ? $_POST['user'] : array() ); $blocked = ( x($_POST, 'blocked') ? $_POST['blocked'] : array() ); - + check_form_security_token_redirectOnErr('/admin/accounts', 'admin_accounts'); - + $isajax = is_ajax(); $rc = 0; @@ -40,7 +40,7 @@ class Accounts { if ($isajax) { //$debug = print_r($_SESSION[self::MYP],true); $zarop = (x($_POST['zardo']) && preg_match('/^[ad]{1,1}$/', $_POST['zardo']) ) - ? $_POST['zardo'] : ''; + ? $_POST['zardo'] : ''; // zarat arrives with leading underscore _n $zarat = (x($_POST['zarat']) && preg_match('/^_{1,1}[0-9]{1,6}$/', $_POST['zarat']) ) ? substr($_POST['zarat'],1) : ''; @@ -65,7 +65,7 @@ class Accounts { intval($_SESSION[self::MYP]['i'][$zarat]), dbesc($_SESSION[self::MYP]['h'][$zarat]) ); - $rc = 0; + $rc = 0; $rs = q("SELECT * from register WHERE reg_id = %d ", intval($_SESSION[self::MYP]['i'][$zarat]) ); @@ -120,7 +120,7 @@ class Accounts { account_deny($hash); } } - + goaway(z_root() . '/admin/accounts' ); } @@ -140,21 +140,21 @@ class Accounts { $account = q("SELECT * FROM account WHERE account_id = %d", intval($uid) ); - + if (! $account) { notice( t('Account not found') . EOL); goaway(z_root() . '/admin/accounts' ); } - + check_form_security_token_redirectOnErr('/admin/accounts', 'admin_accounts', 't'); $debug = ''; - + switch (argv(2)){ case 'delete': // delete user account_remove($uid,true,false); - + notice( sprintf(t("Account '%s' deleted"), $account[0]['account_email']) . EOL); break; case 'block': @@ -162,7 +162,7 @@ class Accounts { intval(ACCOUNT_BLOCKED), intval($uid) ); - + notice( sprintf( t("Account '%s' blocked") , $account[0]['account_email']) . EOL); break; case 'unblock': @@ -170,14 +170,14 @@ class Accounts { intval(ACCOUNT_BLOCKED), intval($uid) ); - + notice( sprintf( t("Account '%s' unblocked"), $account[0]['account_email']) . EOL); break; } - + goaway(z_root() . '/admin/accounts' ); } - + /* get pending */ // [hilmar -> /* @@ -188,14 +188,7 @@ class Accounts { $tao = 'tao.zar.zarax = ' . "'" . '' . "';\n"; // better useability at the moment to tell all (ACCOUNT_PENDING >= 0) instead of (> 0 for those need approval) - $pending = q("SELECT @i:=@i+1 AS reg_n, @i MOD 2 AS reg_z, " - ." reg_did2, reg_created, reg_startup, reg_expires, reg_email, reg_atip, reg_hash, reg_id, " - ." CASE (reg_flags & %d) WHEN 0 THEN '✔ verified' WHEN 1 THEN '× not yet' END AS reg_vfd " - ." FROM register, (SELECT @i:=0) AS i " - ." WHERE reg_vital = 1 AND (reg_flags & %d) >= 0 ", - intval(ACCOUNT_UNVERIFIED), - intval(ACCOUNT_PENDING) - ); + $pending = get_pending_accounts(); unset($_SESSION[self::MYP]); if ($pending) { @@ -218,15 +211,15 @@ class Accounts { $tao = rtrim($tao,',') . '};' . "\n"; } // <- hilmar] - + /* get accounts */ - + $total = q("SELECT count(*) as total FROM account"); if (count($total)) { \App::set_pager_total($total[0]['total']); \App::set_pager_itemspage(100); } - + $serviceclass = (($_REQUEST['class']) ? " and account_service_class = '" . dbesc($_REQUEST['class']) . "' " : ''); $key = (($_REQUEST['key']) ? dbesc($_REQUEST['key']) : 'account_id'); @@ -237,8 +230,8 @@ class Accounts { $base = z_root() . '/admin/accounts?f='; $odir = (($dir === 'asc') ? '0' : '1'); - $users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked, - (SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac + $users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked, + (SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac where true $serviceclass and account_flags != %d order by $key $dir limit %d offset %d ", intval(ACCOUNT_BLOCKED), db_concat('ch.channel_address', ' '), @@ -249,12 +242,12 @@ class Accounts { // function _setup_users($e){ // $accounts = Array( - // t('Normal Account'), + // t('Normal Account'), // t('Soapbox Account'), // t('Community/Celebrity Account'), // t('Automatic Friend Account') // ); - + // $e['page_flags'] = $accounts[$e['page-flags']]; // $e['register_date'] = relative_date($e['register_date']); // $e['login_date'] = relative_date($e['login_date']); @@ -262,7 +255,7 @@ class Accounts { // return $e; // } // $users = array_map("_setup_users", $users); - + $t = get_markup_template('admin_accounts.tpl'); $o = replace_macros($t, array( // strings // @@ -285,7 +278,7 @@ class Accounts { '$odir' => $odir, '$base' => $base, '$h_users' => t('Accounts'), - '$th_users' => array( + '$th_users' => array( [ t('ID'), 'account_id' ], [ t('Email'), 'account_email' ], [ t('All Channels'), 'channels' ], @@ -293,12 +286,12 @@ class Accounts { [ t('Last login'), 'account_lastlog' ], [ t('Expires'), 'account_expires' ], [ t('Service Class'), 'account_service_class'] ), - + '$confirm_delete_multi' => p2j(t('Selected accounts will be deleted!\n\nEverything these accounts had posted on this site will be permanently deleted!\n\nAre you sure?')), '$confirm_delete' => p2j(t('The account {0} will be deleted!\n\nEverything this account has posted on this site will be permanently deleted!\n\nAre you sure?')), - + '$form_security_token' => get_form_security_token("admin_accounts"), - + // values // '$now' => date('Y-m-d H:i:s'), '$baseurl' => z_root(), @@ -307,9 +300,9 @@ class Accounts { '$users' => $users, )); $o .= paginate($a); - + return $o; } - + } diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 3b39d5b49..237becc09 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -689,9 +689,8 @@ class Sse_bs extends Controller { if(! (self::$vnotify & VNOTIFY_REGISTER)) return $result; - $r = q("SELECT account_email, account_created from account where (account_flags & %d) > 0", - intval(ACCOUNT_PENDING) - ); + $r = get_pending_accounts(); + if($r) { foreach($r as $rr) { $result['register']['notifications'][] = Enotify::format_register($rr); -- cgit v1.2.3 From da37548e2e7b6dde1827037a94fbcfb010abfda6 Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 16 Mar 2021 12:33:41 +0100 Subject: also move code comments to the function --- Zotlabs/Module/Admin/Accounts.php | 8 -------- 1 file changed, 8 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 3a2fd1dcc..a9d1c437f 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -178,16 +178,8 @@ class Accounts { goaway(z_root() . '/admin/accounts' ); } - /* get pending */ - // [hilmar -> - /* - $pending = q("SELECT account.*, reg_hash FROM account LEFT JOIN register ON account_id = reg_uid WHERE reg_vital = 1 AND (account_flags & %d) > 0", - intval(ACCOUNT_PENDING) - ); - */ $tao = 'tao.zar.zarax = ' . "'" . '' . "';\n"; - // better useability at the moment to tell all (ACCOUNT_PENDING >= 0) instead of (> 0 for those need approval) $pending = get_pending_accounts(); unset($_SESSION[self::MYP]); -- cgit v1.2.3 From 4581abb6d126097e4f6cb7f23e0fb68c0e9237b2 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 17 Mar 2021 12:14:55 +0100 Subject: air: some work on ui/ux --- Zotlabs/Module/Admin/Accounts.php | 25 +++++++++++++++++-------- Zotlabs/Module/Regate.php | 30 +++++++++++++++--------------- 2 files changed, 32 insertions(+), 23 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index a9d1c437f..7a698fb91 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -55,7 +55,7 @@ class Accounts { intval($_SESSION[self::MYP]['i'][$zarat]), dbesc($_SESSION[self::MYP]['h'][$zarat]) ); - $rc = '× ' . count($rd); + $rc = '×'; } elseif ($zarop == 'a') { // approval, REGISTER_DENIED by user 0x0040, REGISTER_AGREED by user 0x0020 @Regate @@ -195,6 +195,14 @@ class Accounts { $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; } + + $pending[$n]['status'] = t('Not yet verified'); + if($pending[$n]['reg_vfd']) + $pending[$n]['status'] = t('Verified'); + + if($pending[$n]['reg_expires'] < datetime_convert()) + $pending[$n]['status'] = t('Expired'); + // better secure $tao .= $n . ": '" . substr(bin2hex($v['reg_hash']),0,8) . "',"; $_SESSION[self::MYP]['h'][] = substr($v['reg_hash'],0,4); @@ -256,28 +264,30 @@ class Accounts { '$page' => t('Accounts'), '$submit' => t('Submit'), '$select_all' => t('select all'), - '$sel_tall' => t('SelectToggle'), - '$sel_deny' => t('× DenySelected'), - '$sel_aprv' => t('✔ ApproveSelected'), + '$sel_tall' => t('Select toggle'), + '$sel_deny' => t('Deny selected'), + '$sel_aprv' => t('Approve selected'), '$h_pending' => t('Registrations waiting for confirm'), - '$th_pending' => array( t('Request date'), t('Startup,Expires'), 'dId2', t('specified,atip') ), + '$th_pending' => array( t('Request date'), t('Status'), t('Startup,Expires'), 'dId2', t('specified,atip') ), '$no_pending' => t('No registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), '$delete' => t('Delete'), '$block' => t('Block'), '$unblock' => t('Unblock'), + '$verified' => t('Verified'), + '$not_verified' => t('Not yet verified'), '$odir' => $odir, '$base' => $base, '$h_users' => t('Accounts'), '$th_users' => array( [ t('ID'), 'account_id' ], [ t('Email'), 'account_email' ], - [ t('All Channels'), 'channels' ], + [ t('All channels'), 'channels' ], [ t('Register date'), 'account_created' ], [ t('Last login'), 'account_lastlog' ], [ t('Expires'), 'account_expires' ], - [ t('Service Class'), 'account_service_class'] ), + [ t('Service class'), 'account_service_class'] ), '$confirm_delete_multi' => p2j(t('Selected accounts will be deleted!\n\nEverything these accounts had posted on this site will be permanently deleted!\n\nAre you sure?')), '$confirm_delete' => p2j(t('The account {0} will be deleted!\n\nEverything this account has posted on this site will be permanently deleted!\n\nAre you sure?')), @@ -285,7 +295,6 @@ class Accounts { '$form_security_token' => get_form_security_token("admin_accounts"), // values // - '$now' => date('Y-m-d H:i:s'), '$baseurl' => z_root(), '$tao' => $tao, '$pending' => $pending, diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index cf6b76bfa..b9b1c0d56 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -5,7 +5,7 @@ namespace Zotlabs\Module; require_once('include/security.php'); /** - * + * * @version 2.0.0 * @author hilmar runge * @since 2020-03-03 @@ -43,7 +43,7 @@ class Regate extends \Zotlabs\Web\Controller { $nextpage = ''; if ($did2) { - + $nowhhmm = date('Hi'); $day = date('N'); $now = date('Y-m-d H:i:s'); @@ -53,7 +53,7 @@ class Regate extends \Zotlabs\Web\Controller { if ($isduty['isduty'] !== false && $isduty['isduty'] != 1) { // normally, that should never happen here // log suitable for fail2ban also - $logmsg = 'ZAR1230S Unexpected registration verification request for ' + $logmsg = 'ZAR1230S Unexpected registration verification request for ' . get_config('system','sitename') . ' arrived from § ' . $ip . ' §'; zar_log($logmsg); goaway(z_root() . '/'); @@ -148,7 +148,7 @@ class Regate extends \Zotlabs\Web\Controller { set_aconfig($cra['account']['account_id'], 'register','channel_address',$reonar['chan.did1']); } - + authenticate_success($cra['account'],null,true,false,true); if($auto_create) { @@ -160,20 +160,20 @@ class Regate extends \Zotlabs\Web\Controller { change_channel($channel_id); $nextpage = 'profiles/' . $channel_id; $msg = 'ZAR1239I ' . t('Channel successfull created') . ' ' . $did2; - } + } else { $msg = 'ZAR1239E ' . t('Channel still not created') . ' ' . $did2; } zar_log($msg . ' ' . $reonar['chan.did1'] . ' (' . $reonar['chan.name'] . ')'); } unset($_SESSION['login_return_url']); - } + } else { q("ROLLBACK"); $msg = 'ZAR1238E ' . t('Account creation error'); zar_log($msg . ':' . print_r($cra, true)); } - } + } else { // new flags implemented and not recognized or sth like zar_log('ZAR1237D unexpected,' . $flags); @@ -187,17 +187,17 @@ class Regate extends \Zotlabs\Web\Controller { else { $msg = 'ZAR1235E' . ' ' . t('Token verification failed'); } - } + } else { $msg = 'ZAR1234W' . ' ' . t('Request not inside time frame'); //info($r[0]['reg_startup'] . EOL . $r[0]['reg_expire'] ); } - } + } else { $msg = 'ZAR1232E' . ' ' . t('Identity unknown'); zar_log($msg . ':' . $did2 . $didx); } - } + } else { $msg = 'ZAR1231E' . t('dId2 mistaken'); } @@ -241,7 +241,7 @@ class Regate extends \Zotlabs\Web\Controller { if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') ) { - $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s'", + $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s'", dbesc($didx), dbesc($did2) ); @@ -261,7 +261,7 @@ class Regate extends \Zotlabs\Web\Controller { . t('Only one instance admin has still to agree your account request.') . EOL . t('Please be patient') . EOL . EOL . 'ZAR1138I', ]); - } + } else { if ($deny) { @@ -279,7 +279,7 @@ class Regate extends \Zotlabs\Web\Controller { $reonar = json_decode( $r['reg_stuff'], true); $reonar['deny'] = $now . ',' . $ip . ' ' . $did2 . ' ' . $msg; - $flags = ( $r['reg_flags'] &= ( $r['reg_flags'] ^ ACCOUNT_UNVERIFIED) ) + $flags = ( $r['reg_flags'] &= ( $r['reg_flags'] ^ ACCOUNT_UNVERIFIED) ) | ( $r['reg_flags'] |= REGISTER_DENIED); $rd = q("UPDATE register SET reg_stuff='%s', reg_vital=0, reg_flags=%d WHERE reg_id = %d ", dbesc(json_encode($reonar)), @@ -291,7 +291,7 @@ class Regate extends \Zotlabs\Web\Controller { zar_log('ZAR1135E not awaited url parameter received'); goaway(z_root); } - } + } else { if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { @@ -334,7 +334,7 @@ class Regate extends \Zotlabs\Web\Controller { ]); } - } + } else { $msg = 'ZAR1131E ' . t('dId2 mistaken'); // $log = ' from § ' . $ip . ' §' . ' (' . dbesc($did2) . ')'; -- cgit v1.2.3 From 35d9fd4860f1f60150dc9f3ee91d7485c8325d77 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 17 Mar 2021 12:24:19 +0100 Subject: air: another string --- Zotlabs/Module/Admin/Accounts.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 7a698fb91..3accefd66 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -268,7 +268,7 @@ class Accounts { '$sel_deny' => t('Deny selected'), '$sel_aprv' => t('Approve selected'), '$h_pending' => t('Registrations waiting for confirm'), - '$th_pending' => array( t('Request date'), t('Status'), t('Startup,Expires'), 'dId2', t('specified,atip') ), + '$th_pending' => array( t('Request date'), t('Status'), t('Timeframe'), 'dId2', t('specified,atip') ), '$no_pending' => t('No registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), -- cgit v1.2.3 From febf766be0ecd2a50aa8842a90a23dc23763e373 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 17 Mar 2021 14:37:16 +0100 Subject: air: make sure we always save date_time in UTC - issue #1544 --- Zotlabs/Module/Regate.php | 4 ++-- Zotlabs/Module/Register.php | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index b9b1c0d56..2b46d7452 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -46,7 +46,7 @@ class Regate extends \Zotlabs\Web\Controller { $nowhhmm = date('Hi'); $day = date('N'); - $now = date('Y-m-d H:i:s'); + $now = datetime_convert(); $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); @@ -228,7 +228,7 @@ class Regate extends \Zotlabs\Web\Controller { return $o; } - $now = date('Y-m-d H:i:s'); + $now = datetime_convert(); $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index b2b72bba1..38bfd1619 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -302,11 +302,11 @@ class Register extends Controller { $cfgdelay = get_config( 'system', 'register_delay' ); $regdelay = calculate_adue( $cfgdelay ); - $regdelay = $regdelay ? $regdelay['due'] : $now; + $regdelay = $regdelay ? datetime_convert(date_default_timezone_get(), 'UTC', $regdelay['due']) : $now; $cfgexpire = get_config('system','register_expire' ); $regexpire = calculate_adue( $cfgexpire ); - $regexpire = $regexpire ? $regexpire['due'] : datetime_convert('UTC', 'UTC', 'now + 99 years'); + $regexpire = $regexpire ? datetime_convert(date_default_timezone_get(), 'UTC', $regexpire['due']) : datetime_convert('UTC', 'UTC', 'now + 99 years'); // handle an email request that will be verified or an ivitation associated with an email address if ( $email > '' && ($email_verify || $icdone) ) { @@ -361,9 +361,9 @@ class Register extends Controller { dbesc($didx), dbesc($did2), dbesc($pass2), - dbesc(datetime_convert('','',$now)), - dbesc(datetime_convert('','',$regdelay)), - dbesc(datetime_convert('','',$regexpire)), + dbesc($now), + dbesc($regdelay), + dbesc($regexpire), dbesc($email), dbesc(bin2hex($password)), dbesc(substr(get_best_language(),0,2)), -- cgit v1.2.3 From 9f26b7aa9c6e3ba50de5a0780c917cabad7367f6 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 17 Mar 2021 17:49:13 +0100 Subject: air: convert utc to local in browser (we do not have a client timezone othervise at this point) - issue #1544 --- Zotlabs/Module/Regate.php | 4 ++-- Zotlabs/Module/Register.php | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 2b46d7452..7379a6662 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -232,8 +232,8 @@ class Regate extends \Zotlabs\Web\Controller { $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); - $nowfmt = $isduty['nowfmt']; - $atform = $isduty['atform']; + $nowfmt = $isduty['nowfmt']; + $atform = $isduty['atform']; $title = t('Register Verification'); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 38bfd1619..c8cb78e74 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -320,7 +320,7 @@ class Register extends Controller { $reonar['from'] = get_config('system', 'from_email'); $reonar['to'] = $email; $reonar['subject'] = sprintf( t('Registration confirmation for %s'), get_config('system','sitename')); - $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' ' . t('and expire') . ' ' . $regexpire; + $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' ' . t('and expire') . ' ' . $regexpire . ''; $reonar['txttemplate']= replace_macros(get_intltext_template('register_verify_member.tpl'), [ '$sitename' => get_config('system','sitename'), @@ -387,11 +387,11 @@ class Register extends Controller { zar_log( 'ZAR0239A ' . t('New register request') . ' d' . $didnew . ', ' . $regdelay . ' - ' . $regexpire); - // notice( 'ZAR0239I,' . t( 'Your didital id is' ) . EOL . 'd' . $didnew . EOL - $_SESSION['zar']['msg'] = ( 'ZAR0239I,' . t( 'Your didital id is' ) . EOL . 'd' . $didnew . EOL + // notice( 'ZAR0239I,' . t( 'Your digital id is' ) . EOL . 'd' . $didnew . EOL + $_SESSION['zar']['msg'] = ( 'ZAR0239I,' . t( 'Your digital id is' ) . EOL . 'd' . $didnew . EOL . t('and your pin for is') . ' ' . $pass2 . EOL . t('Keep these infos and your entered password safe') . EOL - . t('Valid from') . ' ' . $regdelay . ' ' . t('and expire') . ' ' . $regexpire . EOL ); + . t('Valid from') . ' ' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and expire') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '' . EOL ); // acpin verify // goaway(z_root() . '/regate/' . bin2hex('d' . $didnew) . 'a' ); -- cgit v1.2.3 From 3ba42d3dcf252cd2c07f2f1b9c0b7d54cce759c9 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 18 Mar 2021 14:55:01 +0100 Subject: air: deal with timezones when displaying open/close time - this should finally fix issue #1544 --- Zotlabs/Module/Register.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index c8cb78e74..e98a61a5e 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -320,7 +320,7 @@ class Register extends Controller { $reonar['from'] = get_config('system', 'from_email'); $reonar['to'] = $email; $reonar['subject'] = sprintf( t('Registration confirmation for %s'), get_config('system','sitename')); - $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' ' . t('and expire') . ' ' . $regexpire . ''; + $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' ' . t('and expire') . ' ' . $regexpire . ''; $reonar['txttemplate']= replace_macros(get_intltext_template('register_verify_member.tpl'), [ '$sitename' => get_config('system','sitename'), @@ -391,7 +391,7 @@ class Register extends Controller { $_SESSION['zar']['msg'] = ( 'ZAR0239I,' . t( 'Your digital id is' ) . EOL . 'd' . $didnew . EOL . t('and your pin for is') . ' ' . $pass2 . EOL . t('Keep these infos and your entered password safe') . EOL - . t('Valid from') . ' ' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and expire') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '' . EOL ); + . t('Valid from') . ' ' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and expire') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '' . EOL ); // acpin verify // goaway(z_root() . '/regate/' . bin2hex('d' . $didnew) . 'a' ); @@ -545,7 +545,7 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), - '$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') . 'ZAR0135I' : ''), + '$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') . 'ZAR0135I' : '') )); return $o; -- cgit v1.2.3 From 7c620cbe244aac5cce5d86bd3776ca85353e7f74 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 18 Mar 2021 14:42:30 +0000 Subject: air: make sure to display the timezone corrected times in the admin ui --- Zotlabs/Module/Admin/Accounts.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 3accefd66..22c2e5b10 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -196,6 +196,10 @@ class Accounts { $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; } + $pending[$n]['reg_created'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_created']); + $pending[$n]['reg_startup'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_startup']); + $pending[$n]['reg_expires'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_expires']); + $pending[$n]['status'] = t('Not yet verified'); if($pending[$n]['reg_vfd']) $pending[$n]['status'] = t('Verified'); -- cgit v1.2.3 From a36dd5a8b9e5046d9d6113771c483c1eaa3a057f Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 18 Mar 2021 14:47:37 +0000 Subject: adjust timezone after the expiration check --- Zotlabs/Module/Admin/Accounts.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 22c2e5b10..d4a632901 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -196,10 +196,6 @@ class Accounts { $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; } - $pending[$n]['reg_created'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_created']); - $pending[$n]['reg_startup'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_startup']); - $pending[$n]['reg_expires'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_expires']); - $pending[$n]['status'] = t('Not yet verified'); if($pending[$n]['reg_vfd']) $pending[$n]['status'] = t('Verified'); @@ -207,6 +203,10 @@ class Accounts { if($pending[$n]['reg_expires'] < datetime_convert()) $pending[$n]['status'] = t('Expired'); + $pending[$n]['reg_created'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_created']); + $pending[$n]['reg_startup'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_startup']); + $pending[$n]['reg_expires'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_expires']); + // better secure $tao .= $n . ": '" . substr(bin2hex($v['reg_hash']),0,8) . "',"; $_SESSION[self::MYP]['h'][] = substr($v['reg_hash'],0,4); -- cgit v1.2.3 From 854a6e378703d096e8c9c4910600d3da6e854a5c Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 18 Mar 2021 14:56:53 +0000 Subject: air: only set registration request to expired if it is not yet verified --- Zotlabs/Module/Admin/Accounts.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index d4a632901..eab3f15c8 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -196,11 +196,11 @@ class Accounts { $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; } - $pending[$n]['status'] = t('Not yet verified'); + $pending[$n]['status'] = t('Not verified'); if($pending[$n]['reg_vfd']) $pending[$n]['status'] = t('Verified'); - if($pending[$n]['reg_expires'] < datetime_convert()) + if(!$pending[$n]['reg_vfd'] && $pending[$n]['reg_expires'] < datetime_convert()) $pending[$n]['status'] = t('Expired'); $pending[$n]['reg_created'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_created']); -- cgit v1.2.3 From 3ac27d800455f9603d2a8093159aa81033335a9f Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 18 Mar 2021 19:41:12 +0000 Subject: air: display the verification status in the notifications --- Zotlabs/Module/Admin/Accounts.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index eab3f15c8..856ff9155 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -203,6 +203,7 @@ class Accounts { if(!$pending[$n]['reg_vfd'] && $pending[$n]['reg_expires'] < datetime_convert()) $pending[$n]['status'] = t('Expired'); + // timezone adjust date_time for display $pending[$n]['reg_created'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_created']); $pending[$n]['reg_startup'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_startup']); $pending[$n]['reg_expires'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_expires']); @@ -272,7 +273,7 @@ class Accounts { '$sel_deny' => t('Deny selected'), '$sel_aprv' => t('Approve selected'), '$h_pending' => t('Registrations waiting for confirm'), - '$th_pending' => array( t('Request date'), t('Status'), t('Timeframe'), 'dId2', t('specified,atip') ), + '$th_pending' => array( t('Request date'), t('Verification status'), t('Timeframe'), 'dId2', t('specified,atip') ), '$no_pending' => t('No registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), -- cgit v1.2.3 From 06d47deef80d19230ee6c801c97c3e8913012671 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 19 Mar 2021 11:43:48 +0100 Subject: air: improved UX by changing the registration workflow so that it is not required to go back to registration and post the DID. If no registration delay is configured proceed directly to verification. fixes #1540 --- Zotlabs/Module/Regate.php | 7 ++++++- Zotlabs/Module/Register.php | 32 ++++++++++++++++++-------------- 2 files changed, 24 insertions(+), 15 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 7379a6662..077e5fd54 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -122,6 +122,7 @@ class Regate extends \Zotlabs\Web\Controller { if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); + $nextpage = 'regapr/' . bin2hex($did2); q("COMMIT"); } elseif ( ($flags ^ REGISTER_AGREED) == 0) { @@ -235,6 +236,10 @@ class Regate extends \Zotlabs\Web\Controller { $nowfmt = $isduty['nowfmt']; $atform = $isduty['atform']; + $pin = $_SESSION['zar']['pin'] ?? ''; + unset($_SESSION['zar']['pin']); + + $title = t('Register Verification'); // do we have a valid dId2 ? @@ -298,7 +303,7 @@ class Regate extends \Zotlabs\Web\Controller { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), '$title' => $title, - '$desc' => t('You were given a validation token. Please enter that token here to continue the register verification step and allow some delay for proccessing.'), + '$desc' => $pin ? t('Please enter your validation token') . '' . $pin . '' : t('You were given a validation token. Please enter that token here to verify your registration.'), '$did2' => bin2hex($did2) . $didx, '$now' => $nowfmt, '$atform' => $atform, diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index e98a61a5e..c25475550 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -301,12 +301,12 @@ class Register extends Controller { if($policy == REGISTER_OPEN || $policy == REGISTER_APPROVE ) { $cfgdelay = get_config( 'system', 'register_delay' ); - $regdelay = calculate_adue( $cfgdelay ); - $regdelay = $regdelay ? datetime_convert(date_default_timezone_get(), 'UTC', $regdelay['due']) : $now; + $reg_delayed = calculate_adue( $cfgdelay ); + $regdelay = (($reg_delayed) ? datetime_convert(date_default_timezone_get(), 'UTC', $reg_delayed['due']) : $now); $cfgexpire = get_config('system','register_expire' ); - $regexpire = calculate_adue( $cfgexpire ); - $regexpire = $regexpire ? datetime_convert(date_default_timezone_get(), 'UTC', $regexpire['due']) : datetime_convert('UTC', 'UTC', 'now + 99 years'); + $reg_expires = calculate_adue( $cfgexpire ); + $regexpire = (($reg_expires) ? datetime_convert(date_default_timezone_get(), 'UTC', $reg_expires['due']) : datetime_convert('UTC', 'UTC', 'now + 99 years')); // handle an email request that will be verified or an ivitation associated with an email address if ( $email > '' && ($email_verify || $icdone) ) { @@ -320,7 +320,7 @@ class Register extends Controller { $reonar['from'] = get_config('system', 'from_email'); $reonar['to'] = $email; $reonar['subject'] = sprintf( t('Registration confirmation for %s'), get_config('system','sitename')); - $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' ' . t('and expire') . ' ' . $regexpire . ''; + $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' UTC' . t('and expire') . ' ' . $regexpire . ' UTC'; $reonar['txttemplate']= replace_macros(get_intltext_template('register_verify_member.tpl'), [ '$sitename' => get_config('system','sitename'), @@ -387,15 +387,19 @@ class Register extends Controller { zar_log( 'ZAR0239A ' . t('New register request') . ' d' . $didnew . ', ' . $regdelay . ' - ' . $regexpire); - // notice( 'ZAR0239I,' . t( 'Your digital id is' ) . EOL . 'd' . $didnew . EOL - $_SESSION['zar']['msg'] = ( 'ZAR0239I,' . t( 'Your digital id is' ) . EOL . 'd' . $didnew . EOL - . t('and your pin for is') . ' ' . $pass2 . EOL - . t('Keep these infos and your entered password safe') . EOL - . t('Valid from') . ' ' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and expire') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '' . EOL ); - - // acpin verify - // goaway(z_root() . '/regate/' . bin2hex('d' . $didnew) . 'a' ); - goaway(z_root() . '/regate'); + + if($reg_delayed) { + // notice( 'ZAR0239I,' . t( 'Your digital id is' ) . EOL . 'd' . $didnew . EOL + $_SESSION['zar']['msg'] = ( t('Your validation token is') . ' ' . $pass2 . EOL + . t('Please remember your token and reload this page between') . EOL + . '' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '' . EOL + . t('to complete registration.') + ); + } + else { + $_SESSION['zar']['pin'] = $pass2; + } + goaway(z_root() . '/regate/' . bin2hex('d' . $didnew) . 'a' ); } else { $msg = 'ZAR0239D,' . t('Error creating dId A'); -- cgit v1.2.3 From 7375824ed416adf79f15f85f232db0cc32235f2c Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 19 Mar 2021 11:45:40 +0100 Subject: air: missing module --- Zotlabs/Module/Regapr.php | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 Zotlabs/Module/Regapr.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regapr.php b/Zotlabs/Module/Regapr.php new file mode 100644 index 000000000..9e6cb1de8 --- /dev/null +++ b/Zotlabs/Module/Regapr.php @@ -0,0 +1,26 @@ + Date: Fri, 19 Mar 2021 12:06:38 +0100 Subject: air: php8 asort() argument cannot be passed by reference --- Zotlabs/Module/Invite.php | 116 ++++++++++++++++++++++++---------------------- 1 file changed, 60 insertions(+), 56 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Invite.php b/Zotlabs/Module/Invite.php index 24792c8c1..34f1858fd 100644 --- a/Zotlabs/Module/Invite.php +++ b/Zotlabs/Module/Invite.php @@ -18,7 +18,7 @@ class Invite extends Controller { /** * While coding this, I want to introduce a system of qualified messages and notifications. * Each message consists of a 3 letter prefix, a 4 digit number and a one letter suffix (PREnnnnS). - * The spirit about is not from me, but many decades used by IBM inc. in devel with best success. + * The spirit about is not from me, but many decades used by IBM inc. in devel with best success. * * The system prefix, used uppercase as system message id, lowercase as css and js prefix (classes, ids etc). * Usually not used as self::MYP, but placed in the code dominant enough for easy to find. @@ -27,11 +27,11 @@ class Invite extends Controller { * The prefix indicates Z for the Zlabs(core), A for Account stuff, I for Invite. * The numbers scope will be 00xx within/for templates, 01xx for get, 02xx for post functions. * Message qualification ends with a uppercase suffix, where - * I=Info(only), + * I=Info(only), * W=Warning(more then info and less then error), - * E=Error, + * E=Error, * F=Fatal(for unexpected errors). - * Btw, in case of using fail2ban, a scan of messages going to log is very much more with ease, + * Btw, in case of using fail2ban, a scan of messages going to log is very much more with ease, * esspecially in multi language driven systems where messages vary. * * @author Hilmar Runge @@ -46,7 +46,7 @@ class Invite extends Controller { function post() { // zai02 - + if (! local_channel()) { notice( 'ZAI0201E,' .t('Permission denied.') . EOL); return; @@ -56,7 +56,7 @@ class Invite extends Controller { notice( 'ZAI0202E,' . t('Invite App') . ' (' . t('Not Installed') . ')' . EOL); return; } - + check_form_security_token_redirectOnErr('/', 'send_invite'); $ok = $ko = 0; @@ -81,20 +81,20 @@ class Invite extends Controller { if ($maxto === 'na') set_config('system','invitation_max_recipients', 12); } $maxto = ($maxto === 'na') ? 12 : $maxto; - + // language code current for the invitation - $lcc = x($_POST['zailcc']) && preg_match('/[a-z\-]{2,5}/', $_POST['zailcc']) - ? $_POST['zailcc'] + $lcc = x($_POST['zailcc']) && preg_match('/[a-z\-]{2,5}/', $_POST['zailcc']) + ? $_POST['zailcc'] : ''; // expiration duration amount quantity, in case of doubts defaults 2 - $durn = x($_POST['zaiexpiren']) && preg_match('/[0-9]{1,2}/', $_POST['zaiexpiren']) - ? trim(intval($_POST['zaiexpiren'])) + $durn = x($_POST['zaiexpiren']) && preg_match('/[0-9]{1,2}/', $_POST['zaiexpiren']) + ? trim(intval($_POST['zaiexpiren'])) : '2'; !$durn ? $durn = 2 : ''; // expiration duration unit 1st letter (day, weeks, months, years), defaults days - $durq = x($_POST['zaiexpire']) && preg_match('/[ihd]{1,1}/', $_POST['zaiexpire']) + $durq = x($_POST['zaiexpire']) && preg_match('/[ihd]{1,1}/', $_POST['zaiexpire']) ? $_POST['zaiexpire'] : 'd'; @@ -106,7 +106,7 @@ class Invite extends Controller { } // take the received email addresses and discart duplicates - $recips = array_filter( array_unique( preg_replace('/^\s*$/', '', + $recips = array_filter( array_unique( preg_replace('/^\s*$/', '', ((x($_POST,'zaito')) ? explode( "\n",$_POST['zaito']) : array() ) ))); $havto = count($recips); @@ -114,7 +114,7 @@ class Invite extends Controller { if ( $havto > $maxto) { $feedbk .= 'ZAI0210E ' . sprintf( t('Too many recipients for one invitation (max %d)'), $maxto) . $eol; $ko++; - + } elseif ( $havto == 0 ) { $feedbk .= 'ZAI0211E ' . t('No recipients for this invitation') . $eol; $ko++; @@ -159,7 +159,7 @@ class Invite extends Controller { $ko++; continue; } - + if ($isajax) { // seems we have an email address acceptable $feedbk .= 'ZAI0209I ' . ($n+1) . ': ' . sprintf( t('(%s) : Accepted email address'), $recip) . $eol; @@ -175,7 +175,7 @@ class Invite extends Controller { killme(); exit; } - + // Total ?todo notice( t('Invitation limit exceeded. Please contact your site administrator.') . EOL); // any errors up to now in fg? @@ -207,11 +207,11 @@ class Invite extends Controller { // send the mail(s) foreach($recips as $n => $recip) { - + $reonar['due'] = $due; $reonar['to'] = $recip; $reonar['txtpersonal'] = $mailtext; - + // generate an invide code to store and pm $invite_code = autoname(8) . rand(1000,9999); @@ -220,7 +220,7 @@ class Invite extends Controller { // save current operators lc and take the desired to mail push_lang($reonar['lang']); // resolve - $tx = replace_macros(get_intltext_template('invite.'.$reonar['tpl'].'.tpl'), + $tx = replace_macros(get_intltext_template('invite.'.$reonar['tpl'].'.tpl'), array( '$projectname' => t('$Projectname'), '$invite_code' => $invite_code, @@ -237,7 +237,7 @@ class Invite extends Controller { // pm $zem = z_mail( - [ + [ 'toEmail' => $recip, 'fromName' => ' ', 'fromEmail' => $reonar['from'], @@ -245,7 +245,7 @@ class Invite extends Controller { 'textVersion' => ($mailtext ? $mailtext . "\n\n" : '') . $tx . "\n" . $due, ] ); - + if(!$zem) { $ko++; @@ -258,7 +258,7 @@ class Invite extends Controller { // if verify_email is the rule, email becomes a dId2 - NO // $did2 = ($flags & ACCOUNT_UNVERIFIED) == ACCOUNT_UNVERIFIED ? $recip : ''; - + // always enforce verify email with invitations, thus email becomes a dId2 $did2 = $recip; $flags |= ACCOUNT_UNVERIFIED; @@ -279,25 +279,25 @@ class Invite extends Controller { dbesc($reonar['fromip']), dbesc($reonar['lang']), dbesc(json_encode( array('reon' => $reonar) )) - ); + ); } $msg .= ' (a' . $account['account_id'] . ', c' . $inby . ', from:' . $reonar['from'] . ')'; zar_log( $msg); } - $ok + $ko > 0 + $ok + $ko > 0 ? notice( 'ZAI0212I ' . sprintf( t('%1$d mail(s) sent, %2$d mail error(s)'), $ok, $ko) . EOL) : ''; - //logger( print_r( $reonar, true) ); + //logger( print_r( $reonar, true) ); return; } - - + + function get() { // zai1 - + if(! local_channel()) { notice( 'ZAI0101E,' . t('Permission denied.') . EOL); return; @@ -320,7 +320,7 @@ class Invite extends Controller { // invitation_by_user may still not configured, the default 'na' will tell this // if configured, 0 disables invitations by users, other numbers are how many invites a user may propagate $invuser = get_config('system','invitation_by_user', 'na'); - + // if the mortal user drives the invitation If (! is_site_admin()) { @@ -361,13 +361,13 @@ class Invite extends Controller { // expirations, duration interval $dur = self::calcdue(); - $tao .= 'tao.zai.expire = { durn: ' . $dur['durn'] - . ', durq: ' . "'" . $dur['durq'] . "'" + $tao .= 'tao.zai.expire = { durn: ' . $dur['durn'] + . ', durq: ' . "'" . $dur['durq'] . "'" . ', due: ' . "'" . $dur['due'] . "' };\n"; - // to easy redisplay the empty form + // to easy redisplay the empty form nav_set_selected('Invite'); - + // inform about the count of invitations we have at all $r = q("SELECT count(reg_id) as ct FROM register WHERE reg_vital = 1"); // where not admin TODO $wehave = ($r ? $r[0]['ct'] : 0); @@ -400,20 +400,20 @@ class Invite extends Controller { 'd' => t('Day(s)') ); $inv_expire = replace_macros(get_markup_template('field_duration.qmc.tpl'), - array( + array( 'label' => t('Invitation expires after'), - 'qmc' => 'zai', + 'qmc' => 'zai', 'qmcid' => 'ZAI0014I', 'field' => array( - 'name' => 'expire', + 'name' => 'expire', 'title' => t('duration up from now'), - 'value' => ($invexpire_n ? $invexpire_n : 2), - 'min' => '1', + 'value' => ($invexpire_n ? $invexpire_n : 2), + 'min' => '1', 'max' => '99', 'size' => '2', 'default' => ($invexpire_u ? $invexpire_u : 'd') ), - 'rabot' => $inv_rabots + 'rabot' => $inv_rabots ) ); @@ -422,7 +422,7 @@ class Invite extends Controller { // $invite_code = substr(str_shuffle('abcdefghijklmnopqrstuvwxyz'), 0, 8) . rand(1000,9999); // let take one descriptive for template (as said is never used) $invite_code = 'INVITATE2020'; - + // what languages we use now $lccmy = ((isset(App::$config['system']['language'])) ? App::$config['system']['language'] : 'en'); // and all the localized templates belonging to invite @@ -435,15 +435,19 @@ class Invite extends Controller { // indicate a subject tpl exists $t=str_replace(array('invite.', '.subject', '.tpl'), '', $t); $tplxs[$l][$t]=true; - continue; + continue; } // collect unique template names cross all languages and // tpla[language][]=template those available in each language $tplx[] = $tpla[$l][] = str_replace( array('invite.', '.tpl'), '', $t); } - asort( $langs = array_keys($tpla) ); - asort( $tplx = array_unique($tplx) ); - + + $langs = array_keys($tpla); + asort($langs); + + $tplx = array_unique($tplx); + asort($tplx); + // prepare current language and the default standard template (causual) for js // With and in js, I use a var 'tao' as a shortcut for top array object // and also qualify the object with the prefix zai = tao.zai as my var used outsite functions @@ -458,7 +462,7 @@ class Invite extends Controller { // I will uncomment for js console debug // $tao.='tao.zai.debug = ' . "'" . json_encode($tplxs) . "';\n"; - + // running thru the localized templates (subjects and textmsgs) and bring them to tao // lcc LanguageCountryCode, // lcc2 is a 2 character and lcc5 a 5 character LanguageCountryCode @@ -470,8 +474,8 @@ class Invite extends Controller { $lcc2 = strlen($l) == 2 ? ' zai_lcc2' : ''; $lcc5 = strlen($l) == 5 ? ' zai_lcc5' : ''; $lccg = ' zai_lccg' . substr( $l, 0, 2 ); - $lcclane - .= '' + $lcclane + .= '' . '' . $lcc . ''; // textmsg $tao .= 'tao.zai.t.' . $lcc . ' = {};' . "\n"; @@ -485,7 +489,7 @@ class Invite extends Controller { push_lang($l); // resolve - $tx = replace_macros(get_intltext_template('invite.'.$t1.'.tpl'), + $tx = replace_macros(get_intltext_template('invite.'.$t1.'.tpl'), array( '$projectname' => t('$Projectname'), '$invite_code' => $invite_code, @@ -499,7 +503,7 @@ class Invite extends Controller { // a default subject if no associated exists $ts=t('Invitation'); if ( $tplxs[$l][$t1] ) - $ts = replace_macros(get_intltext_template('invite.'.$t1.'.subject.tpl'), + $ts = replace_macros(get_intltext_template('invite.'.$t1.'.subject.tpl'), array( '$projectname' => t('$Projectname'), '$invite_loc' => get_config('system','sitename') @@ -510,8 +514,8 @@ class Invite extends Controller { pop_lang(); // bring to tao as js like it - $tao .= 'tao.zai.t.' . $lcc . '.' . $t1 . " = '" . rawurlencode($tx) . "';\n"; - $tao .= 'tao.zai.s.' . $lcc . '.' . $t1 . " = '" . rawurlencode($ts) . "';\n"; + $tao .= 'tao.zai.t.' . $lcc . '.' . $t1 . " = '" . rawurlencode($tx) . "';\n"; + $tao .= 'tao.zai.s.' . $lcc . '.' . $t1 . " = '" . rawurlencode($ts) . "';\n"; } } @@ -521,7 +525,7 @@ class Invite extends Controller { $tplin .= $tplsym.'' . $t1 . ''; } - + // fill the form for foreground $o = replace_macros($tpl, array( '$form_security_token' => get_form_security_token("send_invite"), @@ -545,7 +549,7 @@ class Invite extends Controller { '$due' => t('Note, the invitation code is valid up to') . ' ' . $dur['due'], '$submit' => t('Submit') )); - + return $o; } @@ -556,10 +560,10 @@ class Invite extends Controller { if ( preg_match( '/^[0-9]{1,2}[ihdwmy]{1}$/', $duri ) ) { $durq = substr($duri, -1); $durn = substr($duri, 0, -1); - $due = date('Y-m-d H:i:s', strtotime('+' . $durn . ' ' - . str_replace( array(':i',':h',':d',':w',':m',':y'), + $due = date('Y-m-d H:i:s', strtotime('+' . $durn . ' ' + . str_replace( array(':i',':h',':d',':w',':m',':y'), array('minutes', 'hours', 'days', 'weeks', 'months', 'years'), - (':'.$durq)) + (':'.$durq)) )); return array( 'durn' => $durn, 'durq' => $durq, 'due' => $due); } -- cgit v1.2.3 From e12c0ca3dc4dce15eb0d59b939f0b67374ff5c6d Mon Sep 17 00:00:00 2001 From: Hilmar R Date: Fri, 19 Mar 2021 21:10:01 +0100 Subject: adminUI cfg to switch on (default off) register w/o email, accept delay 0 (no delay) and expire defaults to 99years --- Zotlabs/Module/Admin/Site.php | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 18408043c..530eb272a 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -43,6 +43,7 @@ class Site { $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); $register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0); + $register_wo_email = ((x($_POST,'register_wo_email')) ? intval(trim($_POST['register_wo_email'])) : 0); $minimum_age = ((x($_POST,'minimum_age')) ? intval(trim($_POST['minimum_age'])) : 13); $access_policy = ((x($_POST,'access_policy')) ? intval(trim($_POST['access_policy'])) : 0); $reg_autochannel = ((x($_POST,'auto_channel_create')) ? True : False); @@ -194,6 +195,7 @@ class Site { set_config('system','maximagesize', $maximagesize); set_config('system','register_policy', $register_policy); + set_config('system','register_wo_email', $register_wo_email); set_config('system','minimum_age', $minimum_age); set_config('system','auto_channel_create', $reg_autochannel); set_config('system',self::ivo, $invitation_only); @@ -359,6 +361,7 @@ class Site { 'm' => t('Month(s)') , 'y' => t('Year(s)') ); + $regdelay_n = $regdelay_u = false; $regdelay = get_config('system','register_delay'); if ($regdelay) list($regdelay_n, $regdelay_u) = array(substr($regdelay,0,-1),substr($regdelay,-1)); @@ -372,15 +375,16 @@ class Site { 'field' => array( 'name' => 'delay', 'title' => t('duration up from now'), - 'value' => ($regdelay_n === false ? 90 : $regdelay_n), + 'value' => ($regdelay_n === false ? 0 : $regdelay_n), 'min' => '0', 'max' => '99', 'size' => '2', - 'default' => ($regdelay_u ? $regdelay_u : 'i') + 'default' => ($regdelay_u === false ? 'i' : $regdelay_u) ), 'rabot' => $reg_rabots ) ); + $regexpire_n = $regexpire_u = false; $regexpire = get_config('system','register_expire'); if ($regexpire) list($regexpire_n, $regexpire_u) = array(substr($regexpire,0,-1),substr($regexpire,-1)); @@ -394,11 +398,11 @@ class Site { 'field' => array( 'name' => 'expire', 'title' => t('duration up from now'), - 'value' => ($regexpire_n === false ? 2 : $regexpire_n), + 'value' => ($regexpire_n === false ? 99 : $regexpire_n), 'min' => '0', 'max' => '99', 'size' => '2', - 'default' => ($regexpire_u ? $regexpire_u : 'i') + 'default' => ($regexpire_u === false ? 'y' : $regexpire_u) ), 'rabot' => $reg_rabots ) @@ -449,6 +453,12 @@ class Site { "", $register_choices, 'ZAR0820C'), + '$register_wo_email' => array('register_wo_email', + t("Registration is also possible without having to enter an email address."), + get_config('system','register_wo_email'), + t("Registration is also supported without requiring an email address from the applicant. Instead of the email address an artificial identification is generated, which has to be confirmed in a separate dialog. The default value is (Off) and corresponds to the registration procedure up to version 5.4.x."), + "", "", 'ZAR0824C'), + '$register_duty' => array('register_duty', t('Registration office on duty'), $this->register_duty = get_config('system', 'register_duty'), @@ -458,9 +468,9 @@ class Site { . t('Several values or ranges are to split by comma') . '. ' . t('From-To ranges are joined with `-`') . '. ' . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' - . ' ' . t('Parse and test your input') . ''. EOL + . EOL . ' ' . t('Parse and test your input') . ''. EOL . t('If left empty, defaults to 24h closed everyday the week.') . ' ' - . t('To keep open 24h everyday the week, short is `-:-`.') . ' ' + . t('To open 24h everyday the week, short is `-:-`.') . ' ' . t('Note, ranges are specified as open-close pairs and in case of') . ' 0900-1200 ' . t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'), -- cgit v1.2.3 From 554745a25a9146a83d5deaaa067b3a8cb4858438 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 20 Mar 2021 16:57:11 +0100 Subject: air: do not require to verify emailaddress once more after invite code got verified - fixes #1546 but probably still requires some finetuning. --- Zotlabs/Module/Regate.php | 5 +++-- Zotlabs/Module/Register.php | 54 +++++++++++++++++++++++++++++---------------- 2 files changed, 38 insertions(+), 21 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 077e5fd54..0d430d68c 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -61,14 +61,13 @@ class Regate extends \Zotlabs\Web\Controller { // do we have a valid dId2 ? if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) - || ($didx == 'e') ) { + || ($didx == 'e') || ($didx == 'i')) { // check startup and expiration via [=[register $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) ); if ( $r && count($r) == 1 ) { $r = $r[0]; // check timeframe if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { - if ( isset($_POST['resend']) && $didx == 'e' ) { $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ", dbesc($r['reg_did2']) ); if ( $re && count($re) == 1 ) { @@ -91,6 +90,8 @@ class Regate extends \Zotlabs\Web\Controller { $acpin = (preg_match('/^[0-9]{6,6}$/', $_POST['acpin']) ? $_POST['acpin'] : false); elseif ( $didx == 'e' ) $acpin = (preg_match('/^[0-9a-f]{24,24}$/', $_POST['acpin']) ? $_POST['acpin'] : false); + elseif ( $didx == 'i' ) + $acpin = $r['reg_hash']; else $acpin = false; if ( $acpin && ($r['reg_hash'] == $acpin )) { diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index c25475550..078902b72 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -2,6 +2,7 @@ namespace Zotlabs\Module; +use App; use Zotlabs\Web\Controller; require_once('include/security.php'); @@ -216,7 +217,15 @@ class Register extends Controller { // transit ? // update reg vital 0 off - $icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", + //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", + //intval($reg['reg_id']) + //); + + // update DB flags, password + // TODO: what else? + q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", + intval($flags), + dbesc(bin2hex($password)), intval($reg['reg_id']) ); @@ -225,8 +234,15 @@ class Register extends Controller { // msg! info($msg . EOL); - $well = true; + // the invitecode has verified us and we have all the info we need + // take the shortcut. + $mod = new Regate(); + $_REQUEST['form_security_token'] = get_form_security_token("regate"); + App::$argc = 2; + App::$argv[0] = 'regate'; + App::$argv[1] = bin2hex($reg['reg_did2']) . 'i'; + return $mod->post(); } else { // msg! @@ -309,7 +325,7 @@ class Register extends Controller { $regexpire = (($reg_expires) ? datetime_convert(date_default_timezone_get(), 'UTC', $reg_expires['due']) : datetime_convert('UTC', 'UTC', 'now + 99 years')); // handle an email request that will be verified or an ivitation associated with an email address - if ( $email > '' && ($email_verify || $icdone) ) { + if ($email > '' && $email_verify) { // enforce in case of icdone $flags |= ACCOUNT_UNVERIFIED; $empin = $pass2 = random_string(24); @@ -354,22 +370,22 @@ class Register extends Controller { } $reg = q("INSERT INTO register (" - . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," - . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" - . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", - intval($flags), - dbesc($didx), - dbesc($did2), - dbesc($pass2), - dbesc($now), - dbesc($regdelay), - dbesc($regexpire), - dbesc($email), - dbesc(bin2hex($password)), - dbesc(substr(get_best_language(),0,2)), - dbesc($ip), - dbesc(json_encode( $reonar )) - ); + . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," + . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" + . " VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ", + intval($flags), + dbesc($didx), + dbesc($did2), + dbesc($pass2), + dbesc($now), + dbesc($regdelay), + dbesc($regexpire), + dbesc($email), + dbesc(bin2hex($password)), + dbesc(substr(get_best_language(),0,2)), + dbesc($ip), + dbesc(json_encode( $reonar )) + ); if ($didx == 'a') { -- cgit v1.2.3 From 13355d42f71e72c67e6cd993ee13f427a69c0eee Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 22 Mar 2021 09:50:12 +0100 Subject: air security: saving the password as hex string is not acceptable --- Zotlabs/Module/Register.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 078902b72..d865b7b49 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -369,6 +369,16 @@ class Register extends Controller { $reonar['chan.did1'] = notags(trim($arr['nickname'])); } + if($password_result['error']) { + $msg = $password_result['message']; + notice($msg); + zar_log($msg . ' ' . $did2); + goaway('register'); + } + + $salt = random_string(32); + $password = $salt . ',' . hash('whirlpool', $salt . $password); + $reg = q("INSERT INTO register (" . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" @@ -381,7 +391,7 @@ class Register extends Controller { dbesc($regdelay), dbesc($regexpire), dbesc($email), - dbesc(bin2hex($password)), + dbesc($password), dbesc(substr(get_best_language(),0,2)), dbesc($ip), dbesc(json_encode( $reonar )) @@ -390,7 +400,9 @@ class Register extends Controller { if ($didx == 'a') { $lid = q("SELECT reg_id FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' AND reg_pass = '%s' ", - dbesc($did2), dbesc(bin2hex($password)) ); + dbesc($did2), + dbesc($password) + ); if ($lid && count($lid) == 1 ) { -- cgit v1.2.3 From 35ce7dbeaba84ce1c93b7714f0beb5c472033bd7 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 22 Mar 2021 10:01:32 +0000 Subject: do not treat an URL including an @ like a webbie --- Zotlabs/Module/Search.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index 8a87d98f7..73dfa0816 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -101,7 +101,7 @@ class Search extends Controller { } // look for a naked webbie - if (strpos($search, '@') !== false) { + if (strpos($search,'@') !== false && strpos($search,'http') !== 0) { goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); } -- cgit v1.2.3 From 598c3aa336ac12a867be2f1ec38a3ce00f937a94 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 22 Mar 2021 13:37:01 +0100 Subject: sse: make sure to also bootstrap info and notice --- Zotlabs/Module/Sse.php | 1 - Zotlabs/Module/Sse_bs.php | 32 ++++++++++++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Sse.php b/Zotlabs/Module/Sse.php index 46b4a8d87..8bea65207 100644 --- a/Zotlabs/Module/Sse.php +++ b/Zotlabs/Module/Sse.php @@ -47,7 +47,6 @@ class Sse extends Controller { self::$vnotify = get_pconfig(self::$uid, 'system', 'vnotify'); - $sys = get_sys_channel(); $sleep_seconds = 3; self::$sse_enabled = get_config('system', 'sse_enabled', 0); diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 237becc09..6ba5b0b15 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -6,6 +6,7 @@ use App; use Zotlabs\Lib\Apps; use Zotlabs\Web\Controller; use Zotlabs\Lib\Enotify; +use Zotlabs\Lib\XConfig; class Sse_bs extends Controller { @@ -101,12 +102,13 @@ class Sse_bs extends Controller { self::bs_files(), self::bs_mail(), self::bs_all_events(), - self::bs_register() + self::bs_register(), + self::bs_info_notice() ); - set_xconfig(self::$ob_hash, 'sse', 'timestamp', datetime_convert()); - set_xconfig(self::$ob_hash, 'sse', 'notifications', []); // reset the cache - set_xconfig(self::$ob_hash, 'sse', 'language', App::$language); + XConfig::Set(self::$ob_hash, 'sse', 'notifications', []); + XConfig::Set(self::$ob_hash, 'sse', 'timestamp', datetime_convert()); + XConfig::Set(self::$ob_hash, 'sse', 'language', App::$language); json_return_and_die($result); } @@ -702,4 +704,26 @@ class Sse_bs extends Controller { } + function bs_info_notice() { + + $result['notice']['notifications'] = []; + $result['notice']['count'] = 0; + $result['notice']['offset'] = -1; + $result['info']['notifications'] = []; + $result['info']['count'] = 0; + $result['info']['offset'] = -1; + + $r = XConfig::Get(self::$ob_hash, 'sse', 'notifications', []); + + if(isset($r['notice'])) + $result['notice']['notifications'] = $r['notice']['notifications']; + + if(isset($r['info'])) + $result['info']['notifications'] = $r['info']['notifications']; + + return $result; + + } + + } -- cgit v1.2.3 From 872ac8846ef40cd91d8ebb8a9cf7279a64e87942 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 22 Mar 2021 13:51:11 +0100 Subject: those are not actually needed by the handler --- Zotlabs/Module/Sse_bs.php | 4 ---- 1 file changed, 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 6ba5b0b15..271d040fd 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -707,11 +707,7 @@ class Sse_bs extends Controller { function bs_info_notice() { $result['notice']['notifications'] = []; - $result['notice']['count'] = 0; - $result['notice']['offset'] = -1; $result['info']['notifications'] = []; - $result['info']['count'] = 0; - $result['info']['offset'] = -1; $r = XConfig::Get(self::$ob_hash, 'sse', 'notifications', []); -- cgit v1.2.3 From 43c5b723175fded3996d5bca02902a3da7eb40e8 Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 23 Mar 2021 10:54:27 +0000 Subject: fix regression in mod display --- Zotlabs/Module/Display.php | 55 ++++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 29 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 15dfb0dc9..1aac7e328 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -245,71 +245,68 @@ class Display extends \Zotlabs\Web\Controller { $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash)); - if($noscript_content || $load) { - $r = null; + + if($noscript_content || $load) { require_once('include/channel.php'); $sys = get_sys_channel(); - $sysid = $sys['channel_id']; + // in case somebody turned off public access to sys channel content using permissions + // make that content unsearchable by ensuring the owner uid can't match + $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0; + + $r = null; if(local_channel()) { - $r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal limit 1", + $r = q("SELECT item.id AS item_id FROM item WHERE uid IN (%d, %d) AND mid = '%s' $item_normal LIMIT 1", intval(local_channel()), + intval($sys_id), dbesc($target_item['parent_mid']) ); } if($r === null) { - // in case somebody turned off public access to sys channel content using permissions - // make that content unsearchable by ensuring the owner uid can't match - - if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) - $sysid = 0; - - $r = q("SELECT item.id as item_id from item + $r = q("SELECT item.id AS item_id FROM item WHERE ((mid = '%s' - AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' + AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) - and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + AND uid IN ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ))) OR (mid = '%s' $sql_extra )) $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid), + intval($sys_id), dbesc($target_item['parent_mid']) ); } } elseif($update && !$load) { - $r = null; - require_once('include/channel.php'); $sys = get_sys_channel(); - $sysid = $sys['channel_id']; + // in case somebody turned off public access to sys channel content using permissions + // make that content unsearchable by ensuring the owner uid can't match + $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0; + + $r = null; if(local_channel()) { $r = q("SELECT item.parent AS item_id from item - WHERE uid = %d - and parent_mid = '%s' + WHERE uid IN (%d, %d) + AND parent_mid = '%s' $item_normal_update $simple_update - limit 1", + LIMIT 1", intval(local_channel()), + intval($sys_id), dbesc($target_item['parent_mid']) ); } - if($r === null) { - // in case somebody turned off public access to sys channel content using permissions - // make that content unsearchable by ensuring the owner_xchan can't match - - if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) - $sysid = 0; + if($r === null) { $r = q("SELECT item.id as item_id from item WHERE ((parent_mid = '%s' - AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' + AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ))) OR @@ -317,14 +314,14 @@ class Display extends \Zotlabs\Web\Controller { $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid), + intval($sys_id), dbesc($target_item['parent_mid']) ); } } else { - $r = array(); + $r = []; } if($r) { -- cgit v1.2.3 From 2d716b74b9a879cbeaa8a3208dd6be2516b21fe7 Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 23 Mar 2021 11:38:42 +0000 Subject: more work on mod display --- Zotlabs/Module/Display.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 1aac7e328..62e7dbf8a 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -258,14 +258,13 @@ class Display extends \Zotlabs\Web\Controller { $r = null; if(local_channel()) { - $r = q("SELECT item.id AS item_id FROM item WHERE uid IN (%d, %d) AND mid = '%s' $item_normal LIMIT 1", + $r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1", intval(local_channel()), - intval($sys_id), dbesc($target_item['parent_mid']) ); } - if($r === null) { + if(!$r) { $r = q("SELECT item.id AS item_id FROM item WHERE ((mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' @@ -292,18 +291,17 @@ class Display extends \Zotlabs\Web\Controller { $r = null; if(local_channel()) { $r = q("SELECT item.parent AS item_id from item - WHERE uid IN (%d, %d) + WHERE uid = %d AND parent_mid = '%s' $item_normal_update $simple_update LIMIT 1", intval(local_channel()), - intval($sys_id), dbesc($target_item['parent_mid']) ); } - if($r === null) { + if(! $r) { $r = q("SELECT item.id as item_id from item WHERE ((parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' -- cgit v1.2.3 From 44593a3c8d21a744772a267d57bd4ed26127629f Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 24 Mar 2021 19:27:44 +0000 Subject: cdav: fix regression - sync code was messing with caldav/carddav discovery --- Zotlabs/Module/Cdav.php | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index a6cab8639..a7d2b1169 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -151,15 +151,15 @@ class Cdav extends Controller { if($channel['channel_timezone']) $auth->setTimezone($channel['channel_timezone']); $auth->observer = $channel['channel_hash']; - } - else - $channel = channelx_by_nick(argv(2)); - $principalUri = 'principals/' . $channel['channel_address']; - if(! cdav_principal($principalUri)) { - $this->activate($pdo, $channel); - if(! cdav_principal($principalUri)) - return; + $principalUri = 'principals/' . $channel['channel_address']; + if(! cdav_principal($principalUri)) { + $this->activate($pdo, $channel); + if(! cdav_principal($principalUri)) { + return; + } + } + } // Track CDAV updates from remote clients @@ -168,6 +168,8 @@ class Cdav extends Controller { if($httpmethod === 'PUT' || $httpmethod === 'DELETE') { + $channel = channelx_by_nick(argv(2)); + $principalUri = 'principals/' . $channel['channel_address']; $httpuri = $_SERVER['REQUEST_URI']; logger("debug: method: " . $httpmethod, LOGGER_DEBUG); @@ -181,8 +183,9 @@ class Cdav extends Controller { $sync = 'calendar'; $cdavtable = 'calendarinstances'; } - else + else { $sync = false; + } if($sync) { @@ -194,11 +197,10 @@ class Cdav extends Controller { if($x = get_cdav_id($principalUri, argv(3), $cdavtable)) { $cdavdata = $this->get_cdav_data($x['id'], $cdavtable); - $etag = (isset($_SERVER['HTTP_IF_MATCH']) ? $_SERVER['HTTP_IF_MATCH'] : false); // delete - if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) + if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) { Libsync::build_sync_packet($channel['channel_id'], [ $sync => [ 'action' => 'delete_card', @@ -206,18 +208,18 @@ class Cdav extends Controller { 'carduri' => $uri ] ]); + } else { - if($etag) { + if($etag && $cdavdata['etag'] !== $etag) { // update - if($cdavdata['etag'] !== $etag) - Libsync::build_sync_packet($channel['channel_id'], [ - $sync => [ - 'action' => 'update_card', - 'uri' => $cdavdata['uri'], - 'carduri' => $uri, - 'card' => $httpbody - ] - ]); + Libsync::build_sync_packet($channel['channel_id'], [ + $sync => [ + 'action' => 'update_card', + 'uri' => $cdavdata['uri'], + 'carduri' => $uri, + 'card' => $httpbody + ] + ]); } else { // new @@ -235,7 +237,6 @@ class Cdav extends Controller { } } - $principalBackend = new \Sabre\DAVACL\PrincipalBackend\PDO($pdo); $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo); $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); -- cgit v1.2.3 From bc1cc65ff20c97db0323d02ab652b239b4c60eb6 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 25 Mar 2021 14:00:25 +0100 Subject: air: currently it is allowed to register with non-unique did2 (should this be allowed?) - anyway, for now sort them by reg_created to make sure we always match the latest attempt --- Zotlabs/Module/Regate.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 0d430d68c..4cd902f7b 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -60,11 +60,12 @@ class Regate extends \Zotlabs\Web\Controller { } // do we have a valid dId2 ? - if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) - || ($didx == 'e') || ($didx == 'i')) { + if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) { // check startup and expiration via [=[register - $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) ); - if ( $r && count($r) == 1 ) { + $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ORDER BY reg_created DESC ", + dbesc($did2) + ); + if ($r && count($r)) { $r = $r[0]; // check timeframe if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { @@ -244,15 +245,14 @@ class Regate extends \Zotlabs\Web\Controller { $title = t('Register Verification'); // do we have a valid dId2 ? - if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) - || ($didx == 'e') ) { + if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e')) { - $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s'", - dbesc($didx), - dbesc($did2) + $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s' ORDER BY reg_created DESC", + dbesc($didx), + dbesc($did2) ); - if ( $r && count($r) == 1 && $r[0]['reg_flags'] &= (ACCOUNT_UNVERIFIED | ACCOUNT_PENDING)) { + if ($r && count($r) && $r[0]['reg_flags'] &= (ACCOUNT_UNVERIFIED | ACCOUNT_PENDING)) { $r = $r[0]; // provide a button in case -- cgit v1.2.3 From 6e7c7771bd7aa3e2507acd06b74cd92bdb57f44b Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 26 Mar 2021 19:20:38 +0000 Subject: fix timezone issue in mod cal --- Zotlabs/Module/Cal.php | 68 +++++++++++++++++++++++++------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index 65dba927b..329150424 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -19,45 +19,45 @@ class Cal extends Controller { if(observer_prohibited()) { return; } - + if(argc() > 1) { $nick = argv(1); - + profile_load($nick); - + $channelx = channelx_by_nick($nick); - + if(! $channelx) { notice( t('Channel not found.') . EOL); return; } - + App::$data['channel'] = $channelx; - + $observer = App::get_observer(); App::$data['observer'] = $observer; - + head_set_icon(App::$data['channel']['xchan_photo_s']); - + App::$page['htmlhead'] .= "" ; - + } - + return; } - - - + + + function get() { - + if(observer_prohibited()) { return; } - + $channel = App::$data['channel']; // since we don't currently have an event permission - use the stream permission - + if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_stream')) { notice( t('Permissions denied.') . EOL); return; @@ -76,10 +76,10 @@ class Cal extends Controller { if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts') || App::$profile['hide_friends']) $sql_extra .= " and etype != 'birthday' "; - + $first_day = feature_enabled($channel['channel_id'], 'cal_first_day'); $first_day = (($first_day) ? $first_day : 0); - + $start = ''; $finish = ''; @@ -87,7 +87,7 @@ class Cal extends Controller { if (x($_GET,'start')) $start = $_GET['start']; if (x($_GET,'end')) $finish = $_GET['end']; } - + $start = datetime_convert('UTC','UTC',$start); $finish = datetime_convert('UTC','UTC',$finish); $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); @@ -107,10 +107,10 @@ class Cal extends Controller { // Noting this for now - it will need to be fixed here and in Friendica. // Ultimately the finish date shouldn't be involved in the query. $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id - from event left join item on event.event_hash = item.resource_id - where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid - AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' ) - OR ( event.adjust = 1 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' )) + from event left join item on event.event_hash = item.resource_id + where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid + AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' ) + OR ( event.adjust = 1 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' )) $sql_extra", intval($channel['channel_id']), dbesc($start), @@ -119,7 +119,7 @@ class Cal extends Controller { dbesc($adjust_finish) ); } - + if($r) { xchan_query($r); $r = fetch_post_tags($r,true); @@ -127,20 +127,16 @@ class Cal extends Controller { } $events = []; - + if($r) { foreach($r as $rr) { - $tz = get_iconfig($rr, 'event', 'timezone'); - if(! $tz) - $tz = 'UTC'; - - $start = (($rr['adjust']) ? datetime_convert($tz, date_default_timezone_get(), $rr['dtstart'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtstart'], 'c')); + $start = (($rr['adjust']) ? datetime_convert('UTC', date_default_timezone_get(), $rr['dtstart'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtstart'], 'c')); if ($rr['nofinish']){ $end = null; } else { - $end = (($rr['adjust']) ? datetime_convert($tz, date_default_timezone_get(), $rr['dtend'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtend'], 'c')); + $end = (($rr['adjust']) ? datetime_convert('UTC', date_default_timezone_get(), $rr['dtend'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtend'], 'c')); } $html = ''; @@ -149,6 +145,10 @@ class Cal extends Controller { $html = format_event_html($rr); } + $tz = get_iconfig($rr, 'event', 'timezone'); + if(! $tz) + $tz = 'UTC'; + $events[] = array( 'calendar_id' => 'channel_calendar', 'rw' => true, @@ -178,7 +178,7 @@ class Cal extends Controller { echo json_encode($events); killme(); } - + if (x($_GET,'id')) { $o = replace_macros(get_markup_template("cal_event.tpl"), [ '$events' => $events @@ -210,7 +210,7 @@ class Cal extends Controller { ]); return $o; - + } - + } -- cgit v1.2.3 From 725e57a27a41c8780c08fe598ec6c7b24a633cf4 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 26 Mar 2021 20:54:48 +0100 Subject: air: more work on UX during register --- Zotlabs/Module/Admin/Site.php | 3 +- Zotlabs/Module/Regate.php | 3 +- Zotlabs/Module/Register.php | 94 +++++++++++++++++++++++++------------------ 3 files changed, 59 insertions(+), 41 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 530eb272a..bf47f8c62 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -611,7 +611,8 @@ class Site { } if (! $this->register_duty) - $this->register_duty = '1-7'; + $this->register_duty = '-:-'; + $ranges = preg_split('/\s+/', $this->register_duty); $this->msgbg .= '..ranges: ' . print_r(count($ranges),true) . $this->eol; diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 4cd902f7b..4fcae83e4 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -310,7 +310,7 @@ class Regate extends \Zotlabs\Web\Controller { '$atform' => $atform, '$resend' => $resend, '$submit' => t('Submit'), - '$acpin' => [ 'acpin', t('Validation token'),'','' ], + '$acpin' => [ 'acpin', t('Validation token'),'','' ] ]); } else { @@ -324,6 +324,7 @@ class Regate extends \Zotlabs\Web\Controller { $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, '$now' => $nowf, + '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), '$infos' => 'ZAR1132W' . ' ' . t('Request not inside time frame') . EOL, ]); } diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index d865b7b49..98a682611 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -69,19 +69,21 @@ class Register extends Controller { $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); + $password2 = ( (x($arr,'password2')) ? trim($arr['password2']) : ''); + $reonar = array(); // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) if ($email && $invite_code) { - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { $is247 = true; } } - } + +/* // assume someone tries to validate (dId2 C/D/E), because only field email entered if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) { @@ -102,14 +104,27 @@ class Register extends Controller { } } +*/ + $email_verify = get_config('system','verify_email'); + if ($email_verify && ! $email) { + notice(t('Email address required') . EOL); + return; + } + if ($email) { + if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { + // msg! + notice(t('Not a valid email address') . EOL); + return; + } + } if ($act > 0 && !$is247 && !$duty['isduty']) { // normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like) // log suitable for f2b also $logmsg = 'ZAR0230S Unexpected registration request off duty'; zar_log($logmsg); - goaway(z_root() . '/~'); + return; } if ($sameip && !$is247) { @@ -119,7 +134,7 @@ class Register extends Controller { if ($f && $f[0]['atip'] > $sameip) { $logmsg = 'ZAR0239S Exceeding same ip register request of ' . $sameip; zar_log($logmsg); - goaway(z_root() . '/~'); + return; } } @@ -127,41 +142,41 @@ class Register extends Controller { // msg? if ( !$is247 && self::check_reg_limits()['is'] ) return; - // accept tos - if(! x($_POST,'tos')) { + if(!$password) { // msg! - notice( 'ZAR0230E ' - . t('Please indicate acceptance of the Terms of Service. Registration failed.') . EOL); + notice(t('No password provided') . EOL); return; } // pw1 == pw2 - if((! $_POST['password']) || ($_POST['password'] !== $_POST['password2'])) { + if($password !== $password2) { // msg! - notice( 'ZAR0230E ' - . t('Passwords do not match.') . EOL); + notice(t('Passwords do not match') . EOL); return; } + $password_result = check_account_password($password); + if(!empty($password_result['error'])) { + $msg = $password_result['message']; + notice($msg); + zar_log($msg . ' ' . $did2); + return; + } - $email_verify = intval(get_config('system','verify_email')); - - if ($email) { - if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { - // msg! - notice('ZAR0239E ' - . t('Email address mistake') . EOL); - return; - } + // accept tos + if(! x($_POST,'tos')) { + // msg! + notice(t('Terms of Service not accepted') . EOL); + return; } + $policy = intval(get_config('system','register_policy')); $invonly = intval(get_config('system','invitation_only')); $invalso = intval(get_config('system','invitation_also')); $auto_create = (get_config('system','auto_channel_create') ? true : false); $auto_create = true; - switch($policy) { case REGISTER_OPEN: @@ -349,6 +364,7 @@ class Register extends Controller { ] ); pop_lang(); + hz_syslog(print_r($reonar,true)); zar_reg_mail($reonar); } else { @@ -369,13 +385,6 @@ class Register extends Controller { $reonar['chan.did1'] = notags(trim($arr['nickname'])); } - if($password_result['error']) { - $msg = $password_result['message']; - notice($msg); - zar_log($msg . ' ' . $did2); - goaway('register'); - } - $salt = random_string(32); $password = $salt . ',' . hash('whirlpool', $salt . $password); @@ -420,13 +429,15 @@ class Register extends Controller { // notice( 'ZAR0239I,' . t( 'Your digital id is' ) . EOL . 'd' . $didnew . EOL $_SESSION['zar']['msg'] = ( t('Your validation token is') . ' ' . $pass2 . EOL . t('Please remember your token and reload this page between') . EOL - . '' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '' . EOL + . '' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '' . EOL . t('to complete registration.') ); } else { $_SESSION['zar']['pin'] = $pass2; } + $_SESSION['zar']['pin'] = $pass2; + goaway(z_root() . '/regate/' . bin2hex('d' . $didnew) . 'a' ); } else { @@ -435,6 +446,8 @@ class Register extends Controller { zar_log( $msg . ' ' . $did2); } } + goaway(z_root() . '/regate/' . bin2hex($email) . $didx ); + } } } @@ -508,15 +521,21 @@ class Register extends Controller { $enable_tos = 1 - intval(get_config('system','no_termsofservice')); + $auto_create = (get_config('system','auto_channel_create') ? true : false); + $default_role = get_config('system','default_permissions_role'); + $email_verify = get_config('system','verify_email'); + $emailval = ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : ""); - $email = array('email', - t('Your email address (or leave blank to register without email)') . ' ZAR0136I', - $emailval, - t('If the registation was already submitted with your data once ago, enter your identity (like email) here and submit') . 'ZAR0133I' - ); + $email = ['email', + t('Your email address'), + $emailval, + (($email_verify) ? t('Required') : t('Optional')), + (($email_verify) ? '*' : ''), + $duty['atform'] + ]; - $password = array('password', t('Choose a password'), ''); - $password2 = array('password2', t('Please re-enter your password'), ''); + $password = array('password', t('Choose a password'), '', '', '', $duty['atform']); + $password2 = array('password2', t('Please re-enter your password'), '', '', '', $duty['atform']); $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); @@ -538,9 +557,6 @@ class Register extends Controller { $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); - $auto_create = (get_config('system','auto_channel_create') ? true : false); - $default_role = get_config('system','default_permissions_role'); - $email_verify = get_config('system','verify_email'); require_once('include/bbcode.php'); -- cgit v1.2.3 From 85b6e352d41580918c84298790916786f384f8b5 Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 28 Mar 2021 10:17:54 +0000 Subject: air: fixes --- Zotlabs/Module/Regapr.php | 26 -------------------------- Zotlabs/Module/Regate.php | 16 +++++++++------- Zotlabs/Module/Register.php | 1 - 3 files changed, 9 insertions(+), 34 deletions(-) delete mode 100644 Zotlabs/Module/Regapr.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regapr.php b/Zotlabs/Module/Regapr.php deleted file mode 100644 index 9e6cb1de8..000000000 --- a/Zotlabs/Module/Regapr.php +++ /dev/null @@ -1,26 +0,0 @@ -= $now ) { if ( isset($_POST['resend']) && $didx == 'e' ) { - $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ", dbesc($r['reg_did2']) ); - if ( $re && count($re) == 1 ) { + $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ORDER BY reg_created DESC ", dbesc($r['reg_did2']) ); + if ( $re ) { $re = $re[0]; $reonar = json_decode($re['reg_stuff'],true); $reonar['subject'] = 'Re,Fwd,' . $reonar['subject']; @@ -93,7 +93,8 @@ class Regate extends \Zotlabs\Web\Controller { $acpin = (preg_match('/^[0-9a-f]{24,24}$/', $_POST['acpin']) ? $_POST['acpin'] : false); elseif ( $didx == 'i' ) $acpin = $r['reg_hash']; - else $acpin = false; + else + $acpin = false; if ( $acpin && ($r['reg_hash'] == $acpin )) { @@ -124,7 +125,7 @@ class Regate extends \Zotlabs\Web\Controller { if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); - $nextpage = 'regapr/' . bin2hex($did2); + $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); } elseif ( ($flags ^ REGISTER_AGREED) == 0) { @@ -263,9 +264,10 @@ class Regate extends \Zotlabs\Web\Controller { $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => t('Register Verification Status'), '$now' => $nowfmt, - '$infos' => t('Soon all is well.') . EOL - . t('Only one instance admin has still to agree your account request.') . EOL - . t('Please be patient') . EOL . EOL . 'ZAR1138I', + '$infos' => t('Verification successful!') . EOL + . t('After your account has been approved by our administrator you will be able to login with your ID') . EOL + . $did2 . EOL + . t('and your provided password.') ]); } else { diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 98a682611..73eaa5310 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -364,7 +364,6 @@ class Register extends Controller { ] ); pop_lang(); - hz_syslog(print_r($reonar,true)); zar_reg_mail($reonar); } else { -- cgit v1.2.3 From 18d990a03468420136c3383fce9860c09f42251c Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 28 Mar 2021 20:40:26 +0000 Subject: air: more ui/ux and provide a possibility to lookup your registration id in mod regate (raw and unfinished) --- Zotlabs/Module/Regate.php | 23 ++++++++++++++++++++++- Zotlabs/Module/Register.php | 27 ++++++++++++++------------- 2 files changed, 36 insertions(+), 14 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index f6faff811..d51927de1 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -215,6 +215,27 @@ class Regate extends \Zotlabs\Web\Controller { function get() { + if (argc() == 1) { + if(isset($_GET['reg_id'])) { + if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_GET['reg_id'] ) ) { + // dId2 E email + goaway(z_root() . '/regate/' . bin2hex($_GET['reg_id']) . 'e' ); + } + if ( preg_match('/^d{1,1}[0-9]{5,10}$/', $_GET['reg_id'] ) ) { + // dId2 A artifical & anonymous + goaway(z_root() . '/regate/' . bin2hex($_GET['reg_id']) . 'a' ); + } + notice(t('Identity unknown') . EOL); + } + + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$title' => t('Your Registration ID'), + '$now' => '
' + ]); + + return $o; + } + if ( argc() > 1 ) { $did2 = hex2bin( substr( argv(1), 0, -1) ); $didx = substr( argv(1), -1 ); @@ -306,7 +327,7 @@ class Regate extends \Zotlabs\Web\Controller { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), '$title' => $title, - '$desc' => $pin ? t('Please enter your validation token') . '' . $pin . '' : t('You were given a validation token. Please enter that token here to verify your registration.'), + '$desc' => $pin ? t('Please enter your validation token') . ' ' . $pin . '' : t('Please enter your validation token'), '$did2' => bin2hex($did2) . $didx, '$now' => $nowfmt, '$atform' => $atform, diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 73eaa5310..95d9da3b7 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -425,17 +425,19 @@ class Register extends Controller { . $regdelay . ' - ' . $regexpire); if($reg_delayed) { - // notice( 'ZAR0239I,' . t( 'Your digital id is' ) . EOL . 'd' . $didnew . EOL - $_SESSION['zar']['msg'] = ( t('Your validation token is') . ' ' . $pass2 . EOL - . t('Please remember your token and reload this page between') . EOL - . '' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '' . EOL - . t('to complete registration.') - ); + // this could be removed to make registration harder + $_SESSION['zar']['pin'] = $pass2; + + $_SESSION['zar']['msg'] = t('Your validation token is') . EOL + . '

' . $pass2 . '

' . EOL + . t('Hold on, you can continue verification in') + . '
' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '
' + //. t('Please come back to this page in the requested timeframe or wait for the countdown to complete.') + ; } else { $_SESSION['zar']['pin'] = $pass2; } - $_SESSION['zar']['pin'] = $pass2; goaway(z_root() . '/regate/' . bin2hex('d' . $didnew) . 'a' ); } @@ -446,7 +448,6 @@ class Register extends Controller { } } goaway(z_root() . '/regate/' . bin2hex($email) . $didx ); - } } } @@ -469,7 +470,7 @@ class Register extends Controller { } if(intval(get_config('system','register_policy')) == REGISTER_APPROVE) { - $registration_is = t('Registration on this hub is by approval only.') . 'ZAR0131I'; + $registration_is = t('Registration on this hub is by approval only.'); $other_sites = '' . t('Register at another affiliated hub in case when prefered') . ''; } @@ -483,7 +484,7 @@ class Register extends Controller { $invitations = false; if(intval(get_config('system','invitation_only'))) { $invitations = true; - $registration_is = t('Registration on this hub is by invitation only.') . 'ZAR0132I'; + $registration_is = t('Registration on this hub is by invitation only.'); $other_sites = '' . t('Register at another affiliated hub') . ''; } elseif (intval(get_config('system','invitation_also'))) { $invitations = true; @@ -565,7 +566,7 @@ class Register extends Controller { . "tao.zar = { vsn: '2.0.0', form: {}, msg: {} };\n" . "tao.zar.patano = /^d[0-9]{5,10}$/;\n" . "tao.zar.patema = /^[a-z0-9.-]{2,64}@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/;\n" - . "tao.zar.msg.ZAR0239E = '" . t('email mistake') . "';\n", + . "tao.zar.msg.ZAR0239E = '" . t('Email address not valid') . "';\n", '$form_security_token' => get_form_security_token("register"), '$title' => t('Registration'), @@ -575,7 +576,7 @@ class Register extends Controller { '$msg' => $opal['rn'] . ',' . $opal['an'], '$invitations' => $invitations, '$invite_code' => $invite_code, - '$haveivc' => t('I have an invite code') . '.ZAR0134I', + '$haveivc' => t('I have an invite code'), '$now' => $duty['nowfmt'], '$atform' => $duty['atform'], '$auto_create' => $auto_create, @@ -592,7 +593,7 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), - '$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') . 'ZAR0135I' : '') + '$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') : '') )); return $o; -- cgit v1.2.3 From 6956eadaad637561561fad83727043f56f36f1b4 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 7 Apr 2021 17:19:29 +0200 Subject: registrations: minor cleanup --- Zotlabs/Module/Admin/Site.php | 10 +++------- Zotlabs/Module/Register.php | 4 ++-- 2 files changed, 5 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index bf47f8c62..87226295b 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -512,11 +512,11 @@ class Site { get_config('system','verify_email'), t("Check to verify email addresses used in account registration (recommended)."), "", "", 'ZAR0890C'), - '$abandon_days' => array('abandon_days', + '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), - t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.'), - 'appears not to be implemented (2010.01)'), + t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.') + ), // <-hilmar] '$role' => $role, @@ -553,13 +553,9 @@ class Site { '$maxloadavg' => array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")), '$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')), '$active_expire_days' => array('active_expire_days', t('Do not expire any posts which have comments less than this many days ago'), intval(get_config('system','active_expire_days',7)), ''), - '$sellpage' => array('site_sellpage', t('Public servers: Optional landing (marketing) webpage for new registrants'), get_config('system','sellpage',''), sprintf( t('Create this page first. Default is %s/register'),z_root())), '$first_page' => array('first_page', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Default: profiles')), - '$location' => array('site_location', t('Optional: site location'), get_config('system','site_location',''), t('Region or country')), - - '$form_security_token' => get_form_security_token("admin_site"), )); } diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 95d9da3b7..142be728a 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -573,7 +573,7 @@ class Register extends Controller { '$reg_is' => $registration_is, '$registertext' => bbcode(get_config('system','register_text')), '$other_sites' => $other_sites, - '$msg' => $opal['rn'] . ',' . $opal['an'], + '$msg' => $opal['msg'], '$invitations' => $invitations, '$invite_code' => $invite_code, '$haveivc' => t('I have an invite code'), @@ -593,7 +593,7 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), - '$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') : '') + //'$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') : '') )); return $o; -- cgit v1.2.3 From 806f50eee3c8d63c8c8bceb89a3595e14cc303c5 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 7 Apr 2021 20:50:34 +0200 Subject: register: more ui/ux work --- Zotlabs/Module/Register.php | 50 ++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 25 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 142be728a..373695c9d 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -244,8 +244,8 @@ class Register extends Controller { intval($reg['reg_id']) ); - $msg = 'ZAR0237I ' . t('Invitation code succesfully applied'); - zar_log($msg) . ', ' . $email; + $msg = t('Invitation code succesfully applied'); + zar_log('ZAR0237I ' . $msg) . ', ' . $email; // msg! info($msg . EOL); @@ -261,29 +261,29 @@ class Register extends Controller { } else { // msg! - notice('ZAR0236E ' . t('Invitation not in time or too late') . EOL); - goaway(z_root() . '/~'); + notice(t('Invitation not in time or too late') . EOL); + return; } } else { // no match email adr - $msg = 'ZAR0235S ' . t('Invitation email failed'); - zar_log($msg); + $msg = t('Invitation email failed'); + zar_log('ZAR0235S ' . $msg); notice($msg . EOL); - goaway(z_root() . '/~'); + return; } } else { // no match invitecode - $msg = 'ZAR0234S ' . t('Invitation code failed') ; - zar_log($msg); + $msg = t('Invitation code failed') ; + zar_log('ZAR0234S ' . $msg); notice( $msg . EOL); - goaway(z_root() . '/~'); + return; } } else { - notice('ZAR0232E ' . t('Invitations are not available') . EOL); - goaway(z_root() . '/~'); + notice(t('Invitations are not available') . EOL); + return; } @@ -309,20 +309,20 @@ class Register extends Controller { } else { - $msg = 'ZAR0237E ' . t('Email address already in use') . EOL; + $msg = t('Email address already in use') . EOL; notice($msg); // problem, the msg tells to anonymous about existant email addrs // use another msg instead ? TODO ? // on the other hand can play the fail2ban game - zar_log($msg . ' (' . $email . ')'); - goaway(z_root()); + zar_log('ZAR0237E ' . $msg . ' (' . $email . ')'); + return; } } else { - $msg = 'ZAR0233E ' . t('Registration on this hub is by invitation only') . EOL; + $msg = t('Registration on this hub is by invitation only') . EOL; notice($msg); - zar_log($msg); - goaway(z_root()); + zar_log('ZAR0233E ' . $msg); + return; } } @@ -442,9 +442,9 @@ class Register extends Controller { goaway(z_root() . '/regate/' . bin2hex('d' . $didnew) . 'a' ); } else { - $msg = 'ZAR0239D,' . t('Error creating dId A'); + $msg = t('Error creating dId A'); notice( $msg ); - zar_log( $msg . ' ' . $did2); + zar_log( 'ZAR0239D,' . $msg . ' ' . $did2); } } goaway(z_root() . '/regate/' . bin2hex($email) . $didx ); @@ -461,7 +461,7 @@ class Register extends Controller { if(intval(get_config('system','register_policy')) === REGISTER_CLOSED) { if(intval(get_config('system','directory_mode')) === DIRECTORY_MODE_STANDALONE) { - notice( 'ZAR0130E ' . t('Registration on this hub is disabled.') . EOL); + notice(t('Registration on this hub is disabled.') . EOL); return; } @@ -540,7 +540,7 @@ class Register extends Controller { $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); // - $name = array('name', t('Your Name'), + $name = array('name', t('Your name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); $nickname = array('nickname', t('Choose a short nickname'), @@ -565,7 +565,7 @@ class Register extends Controller { '$tao' => "typeof(window.tao) == 'undefined' ? window.tao = {} : '';\n" . "tao.zar = { vsn: '2.0.0', form: {}, msg: {} };\n" . "tao.zar.patano = /^d[0-9]{5,10}$/;\n" - . "tao.zar.patema = /^[a-z0-9.-]{2,64}@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/;\n" + . "tao.zar.patema = /^[a-z0-9.-]{1,64}@[a-z0-9.-]{2,32}\.[a-z]{2,12}$/;\n" . "tao.zar.msg.ZAR0239E = '" . t('Email address not valid') . "';\n", '$form_security_token' => get_form_security_token("register"), @@ -624,8 +624,8 @@ class Register extends Controller { } if ( $rear['is']) { - $rear['msg'] = 'ZAR0333W ' . t('This site has exceeded the number of allowed daily account registrations'); - zar_log($msg); + $rear['msg'] = t('This site has exceeded the number of allowed daily account registrations.'); + zar_log('ZAR0333W ' . $rear['msg']); $rear['is'] = true; } } -- cgit v1.2.3 From ec4526b5f47af05bc0ffe0bb5f997d3d82b14b5a Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 08:25:35 +0000 Subject: cloud: instead of asking for a page reload when expiriencing a not implemnented exception just go there right away - issue #1556 --- Zotlabs/Module/Cloud.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index 3d1b97980..6ff95b5cf 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -123,7 +123,8 @@ class Cloud extends Controller { notice( t('Permission denied') . EOL); } elseif($err instanceof \Sabre\DAV\Exception\NotImplemented) { - notice( t('Please refresh page') . EOL); + // notice( t('Please refresh page') . EOL); + goaway(z_root() . '/' . \App::$query_string); } else { notice( t('Unknown error') . EOL); -- cgit v1.2.3 From cf62e07bec8ffe6b9e5c92d56c13ee3cbe06b5bf Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 12:38:38 +0000 Subject: register: default to auto-create channel and fix auto create channel if register approval is configured --- Zotlabs/Module/Admin/Accounts.php | 38 ++++++++++++++++++++++++++++++++------ Zotlabs/Module/Admin/Site.php | 2 +- Zotlabs/Module/Regate.php | 14 +++++++++----- Zotlabs/Module/Register.php | 11 +++++------ 4 files changed, 47 insertions(+), 18 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 856ff9155..ac46c43aa 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -70,18 +70,44 @@ class Accounts { intval($_SESSION[self::MYP]['i'][$zarat]) ); if ($rs && ($rs[0]['reg_flags'] & ~ 48) == 0) { - // create account - $rc='ok'.$rs[0]['reg_id']; + $rc = 'ok'.$rs[0]['reg_id']; $ac = create_account_from_register($rs[0]); - if ( $ac['success'] ) $rc .= '✔'; + if ( $ac['success'] ) { + $rc .= '✔'; + + $auto_create = get_config('system','auto_channel_create',1); + + if($auto_create) { + $reonar = json_decode($rs[0]['reg_stuff'], true); + // prepare channel creation + if($reonar['chan.name']) + set_aconfig($ac['account']['account_id'], 'register', 'channel_name', $reonar['chan.name']); + + if($reonar['chan.did1']) + set_aconfig($ac['account']['account_id'], 'register', 'channel_address', $reonar['chan.did1']); + + $permissions_role = get_config('system','default_permissions_role'); + if($permissions_role) + set_aconfig($ac['account']['account_id'], 'register', 'permissions_role', $permissions_role); + // create channel + $new_channel = auto_channel_create($ac['account']['account_id']); + + if($new_channel['success']) { + $rc .= ' c,ok' . $new_channel['channel']['channel_id'] . '✔'; + } + else { + $rc .= ' c ×'; + } + } + + + } } else { - $rc='oh×'; + $rc='oh ×'; } } - - // echo json_encode(array('re' => $zarop, 'at' => '_' . $zarat, 'rc' => $rc)); } killme(); diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 87226295b..73c24897f 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -491,7 +491,7 @@ class Site { '$reg_expire'=>$reg_expire, '$reg_autochannel' => array('auto_channel_create', t("Auto channel create"), - get_config('system','auto_channel_create'), + get_config('system','auto_channel_create', 1), t("Auto create a channel when register a new account. When On, the register form will show additional fields for the channel-name and the nickname."), "", "", 'ZAR0870C'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index d51927de1..6d9d5dc28 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -139,18 +139,22 @@ class Regate extends \Zotlabs\Web\Controller { // zar_log($msg . ':' . print_r($cra, true)); zar_log($msg . ' ' . $cra['account']['account_email'] . ' ' . $cra['account']['account_language']); + $nextpage = 'new_channel'; - $auto_create = (get_config('system','auto_channel_create') ? true : false); + $auto_create = get_config('system','auto_channel_create',1); if($auto_create) { // prepare channel creation if($reonar['chan.name']) - set_aconfig($cra['account']['account_id'], - 'register','channel_name',$reonar['chan.name']); + set_aconfig($cra['account']['account_id'], 'register', 'channel_name', $reonar['chan.name']); + if($reonar['chan.did1']) - set_aconfig($cra['account']['account_id'], - 'register','channel_address',$reonar['chan.did1']); + set_aconfig($cra['account']['account_id'], 'register', 'channel_address', $reonar['chan.did1']); + + $permissions_role = get_config('system','default_permissions_role'); + if($permissions_role) + set_aconfig($cra['account']['account_id'], 'register', 'permissions_role', $permissions_role); } authenticate_success($cra['account'],null,true,false,true); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 373695c9d..d076d9ccf 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -171,11 +171,10 @@ class Register extends Controller { } - $policy = intval(get_config('system','register_policy')); - $invonly = intval(get_config('system','invitation_only')); - $invalso = intval(get_config('system','invitation_also')); - $auto_create = (get_config('system','auto_channel_create') ? true : false); - $auto_create = true; + $policy = get_config('system','register_policy'); + $invonly = get_config('system','invitation_only'); + $invalso = get_config('system','invitation_also'); + $auto_create = get_config('system','auto_channel_create', 1); switch($policy) { @@ -521,7 +520,7 @@ class Register extends Controller { $enable_tos = 1 - intval(get_config('system','no_termsofservice')); - $auto_create = (get_config('system','auto_channel_create') ? true : false); + $auto_create = get_config('system', 'auto_channel_create', 1); $default_role = get_config('system','default_permissions_role'); $email_verify = get_config('system','verify_email'); -- cgit v1.2.3 From a9da370c0bf5777a0345744667240ef0c615dcaa Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 14:57:16 +0000 Subject: register: cleanup template --- Zotlabs/Module/Register.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index d076d9ccf..4ed3fd5fe 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -560,13 +560,6 @@ class Register extends Controller { require_once('include/bbcode.php'); $o = replace_macros(get_markup_template('register.tpl'), array( - - '$tao' => "typeof(window.tao) == 'undefined' ? window.tao = {} : '';\n" - . "tao.zar = { vsn: '2.0.0', form: {}, msg: {} };\n" - . "tao.zar.patano = /^d[0-9]{5,10}$/;\n" - . "tao.zar.patema = /^[a-z0-9.-]{1,64}@[a-z0-9.-]{2,32}\.[a-z]{2,12}$/;\n" - . "tao.zar.msg.ZAR0239E = '" . t('Email address not valid') . "';\n", - '$form_security_token' => get_form_security_token("register"), '$title' => t('Registration'), '$reg_is' => $registration_is, -- cgit v1.2.3 From f3fa09fc91fe4ca2a44ee4f60d11c5ee70fcefad Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 16:06:43 +0000 Subject: register: more ui/ux --- Zotlabs/Module/Regate.php | 23 +++++++++++------------ Zotlabs/Module/Register.php | 26 ++++++++++++-------------- 2 files changed, 23 insertions(+), 26 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 6d9d5dc28..24139ed06 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -68,20 +68,19 @@ class Regate extends \Zotlabs\Web\Controller { if ($r && count($r)) { $r = $r[0]; // check timeframe - if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { - if ( isset($_POST['resend']) && $didx == 'e' ) { + if ($r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { + if (isset($_POST['resend']) && $didx == 'e') { $re = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = 'e' AND reg_did2 = '%s' ORDER BY reg_created DESC ", dbesc($r['reg_did2']) ); - if ( $re ) { + if ($re) { $re = $re[0]; - $reonar = json_decode($re['reg_stuff'],true); - $reonar['subject'] = 'Re,Fwd,' . $reonar['subject']; + $reonar = json_decode($re['reg_stuff'], true); if ($reonar) { + $reonar['subject'] = 'Re,Fwd,' . $reonar['subject']; $zm = zar_reg_mail($reonar); - $msg = ($zm) ? 'ZAR1238I ' . t('Email resent') - : 'ZAR1238E ' . t('Resent failed'); - zar_log($msg . ' ' . $r['reg_did2']); + $msg = (($zm) ? t('Email resent') : t('Email resend failed')); + zar_log((($zm) ? 'ZAR1238I' : 'ZAR1238E') . ' ' . $msg . ' ' . $r['reg_did2']); info($msg); - goaway(z_root() . '/' . $nextpage); + return; } } } @@ -352,15 +351,15 @@ class Regate extends \Zotlabs\Web\Controller { '$title' => $title, '$now' => $nowf, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), - '$infos' => 'ZAR1132W' . ' ' . t('Request not inside time frame') . EOL, + '$infos' => t('Hold on, you can start verification in') . EOL, ]); } } } } else { - $msg = 'ZAR1132E' . ' ' . t('Identity unknown'); - zar_log($msg . ':' . $did2 . ',' . $didx); + $msg = t('Identity unknown'); + zar_log('ZAR1132E ' . $msg . ':' . $did2 . ',' . $didx); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, '$now' => $nowf, diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 4ed3fd5fe..f4aa921c1 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -127,12 +127,13 @@ class Register extends Controller { return; } - if ($sameip && !$is247) { + if ($sameip) { $f = q("SELECT COUNT(reg_atip) AS atip FROM register WHERE reg_vital = 1 AND reg_atip = '%s' ", dbesc($ip) ); - if ($f && $f[0]['atip'] > $sameip) { + if ($f && $f[0]['atip'] >= $sameip) { $logmsg = 'ZAR0239S Exceeding same ip register request of ' . $sameip; + notice('Registrations from same IP exceeded.'); zar_log($logmsg); return; } @@ -350,16 +351,15 @@ class Register extends Controller { $reonar['from'] = get_config('system', 'from_email'); $reonar['to'] = $email; $reonar['subject'] = sprintf( t('Registration confirmation for %s'), get_config('system','sitename')); - $reonar['txtpersonal']= t('Valid from') . ' ' . $regdelay . ' UTC' . t('and expire') . ' ' . $regexpire . ' UTC'; $reonar['txttemplate']= replace_macros(get_intltext_template('register_verify_member.tpl'), [ - '$sitename' => get_config('system','sitename'), - '$siteurl' => z_root(), - '$email' => $email, - '$due' => $reonar['txtpersonal'], - '$mail' => bin2hex($email) . 'e', - '$ko' => bin2hex(substr($empin,0,4)), - '$hash' => $empin + '$sitename' => get_config('system','sitename'), + '$siteurl' => z_root(), + '$email' => $email, + '$timeframe' => [$regdelay, $regexpire], + '$mail' => bin2hex($email) . 'e', + '$ko' => bin2hex(substr($empin,0,4)), + '$hash' => $empin ] ); pop_lang(); @@ -429,10 +429,8 @@ class Register extends Controller { $_SESSION['zar']['msg'] = t('Your validation token is') . EOL . '

' . $pass2 . '

' . EOL - . t('Hold on, you can continue verification in') - . '
' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '
' - //. t('Please come back to this page in the requested timeframe or wait for the countdown to complete.') - ; + . t('Hold on, you can start verification in') + . '
' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '
'; } else { $_SESSION['zar']['pin'] = $pass2; -- cgit v1.2.3 From 18b6d48944be414acc179fb82f458f996810e5a3 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 19:55:53 +0000 Subject: rgister: fixes for registering with invitecode outside of open hours --- Zotlabs/Module/Regate.php | 8 +++++--- Zotlabs/Module/Register.php | 41 +++++++++++++++++------------------------ 2 files changed, 22 insertions(+), 27 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 24139ed06..0c32ebd25 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -50,13 +50,14 @@ class Regate extends \Zotlabs\Web\Controller { $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); - if ($isduty['isduty'] !== false && $isduty['isduty'] != 1) { + + if (!$_SESSION['zar']['invite_in_progress'] && ($isduty['isduty'] !== false && $isduty['isduty'] != 1)) { // normally, that should never happen here // log suitable for fail2ban also $logmsg = 'ZAR1230S Unexpected registration verification request for ' . get_config('system','sitename') . ' arrived from § ' . $ip . ' §'; zar_log($logmsg); - goaway(z_root() . '/'); + goaway(z_root()); } // do we have a valid dId2 ? @@ -123,6 +124,7 @@ class Regate extends \Zotlabs\Web\Controller { ); if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { + $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); @@ -270,7 +272,7 @@ class Regate extends \Zotlabs\Web\Controller { $title = t('Register Verification'); // do we have a valid dId2 ? - if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e')) { + if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) { $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s' ORDER BY reg_created DESC", dbesc($didx), diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index f4aa921c1..c1355eba7 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -164,6 +164,9 @@ class Register extends Controller { return; } + $salt = random_string(32); + $password = $salt . ',' . hash('whirlpool', $salt . $password); + // accept tos if(! x($_POST,'tos')) { // msg! @@ -213,34 +216,24 @@ class Register extends Controller { $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_didx = 'i' AND reg_hash = '%s'", dbesc($invite_code)); - if ( $reg && count($reg) == 1 ) { + if ($reg && count($reg) == 1) { $reg = $reg[0]; if ($reg['reg_email'] == ($email)) { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { - // is invitor admin - $isa = get_account_by_id($reg['reg_uid']); - $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); - - // approve contra invite by admin - if ($isa && $policy == REGISTER_APPROVE) - $flags &= $flags ^ ACCOUNT_PENDING; - - // if $flags == 0 ?? - - // transit ? + // FIXME: set the correct flags if invitee is admin so we do not need to approve anyway if approve is on + //if (is_sys_channel($reg['reg_uid']) && $policy == REGISTER_APPROVE) + // $flags &= $flags ^ ACCOUNT_PENDING; - // update reg vital 0 off - //$icdone = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", - //intval($reg['reg_id']) - //); + if ($auto_create) { + $reonar['chan.name'] = notags(trim($arr['name'])); + $reonar['chan.did1'] = notags(trim($arr['nickname'])); + } - // update DB flags, password - // TODO: what else? - q("UPDATE register set reg_flags = %d, reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", - intval($flags), - dbesc(bin2hex($password)), + q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", + dbesc($password), + dbesc(json_encode($reonar)), intval($reg['reg_id']) ); @@ -249,9 +242,12 @@ class Register extends Controller { // msg! info($msg . EOL); + // the invitecode has verified us and we have all the info we need // take the shortcut. + $_SESSION['zar']['invite_in_progress'] = true; + $mod = new Regate(); $_REQUEST['form_security_token'] = get_form_security_token("regate"); App::$argc = 2; @@ -383,9 +379,6 @@ class Register extends Controller { $reonar['chan.did1'] = notags(trim($arr['nickname'])); } - $salt = random_string(32); - $password = $salt . ',' . hash('whirlpool', $salt . $password); - $reg = q("INSERT INTO register (" . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" -- cgit v1.2.3 From a34d8852b6695086ef3c9f5ff882d0d033f7d4a5 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 8 Apr 2021 20:01:56 +0000 Subject: minor revert --- Zotlabs/Module/Register.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index c1355eba7..9d2a8aa96 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -222,9 +222,15 @@ class Register extends Controller { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { + // is invitor admin + $isa = get_account_by_id($reg['reg_uid']); + $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); + // FIXME: set the correct flags if invitee is admin so we do not need to approve anyway if approve is on - //if (is_sys_channel($reg['reg_uid']) && $policy == REGISTER_APPROVE) - // $flags &= $flags ^ ACCOUNT_PENDING; + // approve contra invite by admin + if ($isa && $policy == REGISTER_APPROVE) + $flags &= $flags ^ ACCOUNT_PENDING; + if ($auto_create) { $reonar['chan.name'] = notags(trim($arr['name'])); -- cgit v1.2.3 From 01b081d809d128e0922fb404921f452c51c2ddb2 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 09:49:36 +0000 Subject: register: only return verified registrations in get_pending_accounts(), more invite handling fixes --- Zotlabs/Module/Admin/Accounts.php | 13 ++++--------- Zotlabs/Module/Regate.php | 16 ++++++++++++++-- Zotlabs/Module/Register.php | 13 ++----------- Zotlabs/Module/Sse_bs.php | 4 ++++ 4 files changed, 24 insertions(+), 22 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index ac46c43aa..9971fd213 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -217,18 +217,13 @@ class Accounts { $tao .= 'tao.zar.zarar = {'; foreach ($pending as $n => $v) { - if (array_key_exists($v['reg_atip'], $atipn)) { + $pending[$n]['status'] = t('Verified'); + + if (array_key_exists($v['reg_atip'], $atipn)) { $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; } - $pending[$n]['status'] = t('Not verified'); - if($pending[$n]['reg_vfd']) - $pending[$n]['status'] = t('Verified'); - - if(!$pending[$n]['reg_vfd'] && $pending[$n]['reg_expires'] < datetime_convert()) - $pending[$n]['status'] = t('Expired'); - // timezone adjust date_time for display $pending[$n]['reg_created'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_created']); $pending[$n]['reg_startup'] = datetime_convert('UTC', date_default_timezone_get(), $pending[$n]['reg_startup']); @@ -300,7 +295,7 @@ class Accounts { '$sel_aprv' => t('Approve selected'), '$h_pending' => t('Registrations waiting for confirm'), '$th_pending' => array( t('Request date'), t('Verification status'), t('Timeframe'), 'dId2', t('specified,atip') ), - '$no_pending' => t('No registrations.'), + '$no_pending' => t('No verified registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), '$delete' => t('Delete'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 0c32ebd25..0bca68a0b 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -99,16 +99,28 @@ class Regate extends \Zotlabs\Web\Controller { if ( $acpin && ($r['reg_hash'] == $acpin )) { $flags = $r['reg_flags']; - if ( ($flags & ACCOUNT_UNVERIFIED ) == ACCOUNT_UNVERIFIED) { + if (($flags & ACCOUNT_UNVERIFIED) == ACCOUNT_UNVERIFIED) { // verification success $msg = 'ZAR1237I' . ' ' . t('Verify successfull'); $reonar = json_decode( $r['reg_stuff'], true); $reonar['valid'] = $now . ',' . $ip . ' ' . $did2 . ' ' . $msg; + // clear flag $flags &= $flags ^ ACCOUNT_UNVERIFIED; + + // are we invited by the admin? + $isa = get_account_by_id($r['reg_uid']); + $isa = ($isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN)); + + // approve contra invite by admin + if ($isa && get_config('system','register_policy') == REGISTER_APPROVE) { + $flags &= $flags ^ ACCOUNT_PENDING; + } + // sth todo? $vital = $flags == 0 ? 0 : 1; + // set flag $flags |= REGISTER_AGREED; zar_log($msg . ' ' . $did2 . ':flags' . $flags . ',rid' . $r['reg_id']); @@ -123,8 +135,8 @@ class Regate extends \Zotlabs\Web\Controller { intval($r['reg_id']) ); - if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { + if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 9d2a8aa96..4eece60b3 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -214,7 +214,8 @@ class Register extends Controller { if ($invonly || $invalso) { $reg = q("SELECT * from register WHERE reg_vital = 1 AND reg_didx = 'i' AND reg_hash = '%s'", - dbesc($invite_code)); + dbesc($invite_code) + ); if ($reg && count($reg) == 1) { $reg = $reg[0]; @@ -222,16 +223,6 @@ class Register extends Controller { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { - // is invitor admin - $isa = get_account_by_id($reg['reg_uid']); - $isa = ( $isa && ($isa['account_roles'] && ACCOUNT_ROLE_ADMIN) ); - - // FIXME: set the correct flags if invitee is admin so we do not need to approve anyway if approve is on - // approve contra invite by admin - if ($isa && $policy == REGISTER_APPROVE) - $flags &= $flags ^ ACCOUNT_PENDING; - - if ($auto_create) { $reonar['chan.name'] = notags(trim($arr['name'])); $reonar['chan.did1'] = notags(trim($arr['nickname'])); diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 271d040fd..cc67c8eb7 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -688,6 +688,10 @@ class Sse_bs extends Controller { if(! self::$uid && ! is_site_admin()) return $result; + $policy = intval(get_config('system','register_policy')); + if(($policy & REGISTER_APPROVE) != REGISTER_APPROVE) + return $result; + if(! (self::$vnotify & VNOTIFY_REGISTER)) return $result; -- cgit v1.2.3 From 684245f24df8d0f25638170a5c8c0739df80b45a Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 09:57:22 +0000 Subject: whitespace --- Zotlabs/Module/Regate.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 0bca68a0b..9a3be1e1c 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -135,13 +135,12 @@ class Regate extends \Zotlabs\Web\Controller { intval($r['reg_id']) ); - - if ( ($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING ) { + if (($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING) { $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); } - elseif ( ($flags ^ REGISTER_AGREED) == 0) { + elseif (($flags ^ REGISTER_AGREED) == 0) { $cra = create_account_from_register([ 'reg_id' => $r['reg_id'] ]); -- cgit v1.2.3 From df6f2abfbe283a25cdfe3c8fae848abda35cedaf Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 19:06:36 +0000 Subject: register: if auto create is configured do some more tests against the provided name and nick so it will not fail later in create_identity(); --- Zotlabs/Module/Admin/Site.php | 3 +- Zotlabs/Module/Regate.php | 4 +- Zotlabs/Module/Register.php | 99 ++++++++++++++++++++++++------------------- 3 files changed, 58 insertions(+), 48 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 73c24897f..8a7bb1180 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -469,8 +469,7 @@ class Site { . t('From-To ranges are joined with `-`') . '. ' . t('ie') . ' `1-5:0900-1200,1300-1700 6:900-1230` ' . t('or') .' `1-2,4-5:800-1800` ' . EOL . ' ' . t('Parse and test your input') . ''. EOL - . t('If left empty, defaults to 24h closed everyday the week.') . ' ' - . t('To open 24h everyday the week, short is `-:-`.') . ' ' + . t('If left empty, defaults to 24h open everyday the week (-:-).') . ' ' . t('Note, ranges are specified as open-close pairs and in case of') . ' 0900-1200 ' . t('results to: opens 9h and closes 12h. If meant open 9h to 12h exactly, say `0900-1201`'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 9a3be1e1c..4c7c96284 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -147,9 +147,9 @@ class Regate extends \Zotlabs\Web\Controller { if ($cra['success']) { q("COMMIT"); - $msg = 'ZAR1238I ' . t('Account successfull created'); + $msg = t('Account successfull created'); // zar_log($msg . ':' . print_r($cra, true)); - zar_log($msg . ' ' . $cra['account']['account_email'] + zar_log('ZAR1238I ' . $msg . ' ' . $cra['account']['account_email'] . ' ' . $cra['account']['account_language']); $nextpage = 'new_channel'; diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 4eece60b3..e9d313bb5 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -6,6 +6,8 @@ use App; use Zotlabs\Web\Controller; require_once('include/security.php'); +require_once('include/channel.php'); + class Register extends Controller { @@ -59,66 +61,76 @@ class Register extends Controller { */ - $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; - $duty = zar_register_dutystate(); - $is247 = false; - $ip = $_SERVER['REMOTE_ADDR']; - $sameip = intval(get_config('system','register_sameip')); - - $arr = $_POST; - $invite_code = ( (x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); - $email = ( (x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); - $password = ( (x($arr,'password')) ? trim($arr['password']) : ''); - $password2 = ( (x($arr,'password2')) ? trim($arr['password2']) : ''); - - $reonar = array(); - + $act = q("SELECT COUNT(*) AS act FROM account")[0]['act']; + $duty = zar_register_dutystate(); + $is247 = false; + $ip = $_SERVER['REMOTE_ADDR']; + $sameip = intval(get_config('system','register_sameip')); + $arr = $_POST; + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); + $name = ''; + $nick = ''; + $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); + $password = ((x($arr,'password')) ? trim($arr['password']) : ''); + $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); + $reonar = []; + $auto_create = get_config('system','auto_channel_create', 1); - // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) - if ($email && $invite_code) { - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { - $is247 = true; - } + if($auto_create) { + $name = escape_tags(trim($arr['name'])); + if(!$name) { + notice(t('Name is required.')); + return; } - } - -/* - // assume someone tries to validate (dId2 C/D/E), because only field email entered - if ( $email && ( ! $invite_code ) && ( ! $password ) && ( ! $_POST['password2'] ) ) { - // dId2 logic - - if ( preg_match('/^\@{1,1}.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 C channel - ffu + $name_error = validate_channelname($name); + if($name_error) { + notice($name_error . EOL); + return $ret; } - if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { - // dId2 E email - goaway(z_root() . '/regate/' . bin2hex($email) . 'e' ); + $nick = mb_strtolower(escape_tags(trim($arr['nickname']))); + if(!$nick) { + notice(t('Nickname is required.')); + return; } - if ( preg_match('/^d{1,1}[0-9]{5,10}$/', $email ) ) { - // dId2 A artifical & anonymous - goaway(z_root() . '/regate/' . bin2hex($email) . 'a' ); + if($nick === 'sys') { + notice(t('Reserved nickname. Please choose another.') . EOL); + return; } + if(check_webbie([$nick]) !== $nick) { + notice(t('Nickname has unsupported characters or is already being used on this site.') . EOL); + return; + } } -*/ - $email_verify = get_config('system','verify_email'); - if ($email_verify && ! $email) { + + $email_verify = get_config('system', 'verify_email'); + if ($email_verify && !$email) { notice(t('Email address required') . EOL); return; } if ($email) { - if ( ! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $_POST['email'] ) ) { + if (! preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email)) { // msg! notice(t('Not a valid email address') . EOL); return; } } + // case when an invited prepares the own account by supply own pw, accept tos, prepage channel (if auto) + if ($email && $invite_code) { + if ( preg_match('/^.{2,64}\@[a-z0-9.-]{4,32}\.[a-z]{2,12}$/', $email ) ) { + if ( preg_match('/^[a-z0-9]{12,12}$/', $invite_code ) ) { + $is247 = true; + } + } + } + if ($act > 0 && !$is247 && !$duty['isduty']) { // normally (except very 1st timr after install), that should never arrive here (ie js hack or sth like) // log suitable for f2b also @@ -178,7 +190,6 @@ class Register extends Controller { $policy = get_config('system','register_policy'); $invonly = get_config('system','invitation_only'); $invalso = get_config('system','invitation_also'); - $auto_create = get_config('system','auto_channel_create', 1); switch($policy) { @@ -224,8 +235,8 @@ class Register extends Controller { if ($reg['reg_startup'] <= $now && $reg['reg_expires'] >= $now) { if ($auto_create) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } q("UPDATE register set reg_pass = '%s', reg_stuff = '%s' WHERE reg_id = '%s'", @@ -372,8 +383,8 @@ class Register extends Controller { } if ( $auto_create ) { - $reonar['chan.name'] = notags(trim($arr['name'])); - $reonar['chan.did1'] = notags(trim($arr['nickname'])); + $reonar['chan.name'] = $name; + $reonar['chan.did1'] = $nick; } $reg = q("INSERT INTO register (" -- cgit v1.2.3 From 766fc92a3b9af06ebeda2f017e0f9fbe31eb3179 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 9 Apr 2021 19:25:31 +0000 Subject: register: we use default role if auto create is configured --- Zotlabs/Module/Register.php | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index e9d313bb5..a08cc6d0d 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -492,10 +492,6 @@ class Register extends Controller { if ( $opal['is']) $duty['atform'] = 'disabled'; - $privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] : ""); - - $perm_roles = \Zotlabs\Access\PermissionRoles::roles(); - // Configurable terms of service link $tosurl = get_config('system','tos_url'); if(! $tosurl) @@ -520,7 +516,6 @@ class Register extends Controller { $enable_tos = 1 - intval(get_config('system','no_termsofservice')); $auto_create = get_config('system', 'auto_channel_create', 1); - $default_role = get_config('system','default_permissions_role'); $email_verify = get_config('system','verify_email'); $emailval = ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : ""); @@ -537,7 +532,6 @@ class Register extends Controller { $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); - // $name = array('name', t('Your name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); @@ -545,17 +539,9 @@ class Register extends Controller { ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub)); - $role = array('permissions_role' , t('Channel role and privacy'), - ($privacy_role) ? $privacy_role : 'social', - t('Select a channel permission role for your usage needs and privacy requirements.') - . ' ' - . t('Read more about channel permission roles') - . '',$perm_roles); - // $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); - require_once('include/bbcode.php'); $o = replace_macros(get_markup_template('register.tpl'), array( @@ -572,8 +558,6 @@ class Register extends Controller { '$atform' => $duty['atform'], '$auto_create' => $auto_create, '$name' => $name, - '$role' => $role, - '$default_role' => $default_role, '$nickname' => $nickname, '$enable_tos' => $enable_tos, '$tos' => $tos, @@ -584,7 +568,6 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), - //'$verify_note' => (($email_verify) ? t('This site requires verification. After completing this form, please check the notice or your email for further instructions.') : '') )); return $o; -- cgit v1.2.3 From ea721d380be15d06a9f0974dc98487523fcdfb58 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 10 Apr 2021 10:53:27 +0000 Subject: register: move some html out of the code and provide a basic template --- Zotlabs/Module/Regate.php | 55 +++++++++++++++++++++++++++------------------ Zotlabs/Module/Register.php | 9 ++++---- 2 files changed, 37 insertions(+), 27 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 4c7c96284..16b669dfc 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -252,35 +252,46 @@ class Regate extends \Zotlabs\Web\Controller { return $o; } - if ( argc() > 1 ) { - $did2 = hex2bin( substr( argv(1), 0, -1) ); - $didx = substr( argv(1), -1 ); - $deny = argc() > 2 ? argv(2) : ''; - $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; - } - - if ($_SESSION['zar']['msg']) { - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Your Registration'), - '$now' => '', - '$infos' => $_SESSION['zar']['msg'] . EOL, + if ($_SESSION['zar']['delayed']) { + $o = replace_macros(get_markup_template('regate_pre.tpl'), [ + '$title' => t('Register Verification'), + '$id' => $_SESSION['zar']['id'], + '$pin' => $_SESSION['zar']['pin'], + '$regdelay' => $_SESSION['zar']['regdelay'], + '$regexpire' => $_SESSION['zar']['regexpire'], + '$desc' => [ + t('Please remember your validation token and ID'), + t('Your ID'), + t('Your token') + ], + '$delay_desc' => [ + t('Hold on, you can start verification in'), + t('Token validity') + ] ]); - unset($_SESSION['zar']['msg']); + unset($_SESSION['zar']['delayed']); return $o; } - $now = datetime_convert(); - $ip = $_SERVER['REMOTE_ADDR']; + if (argc() < 2) + return; + + $did2 = hex2bin( substr( argv(1), 0, -1) ); + $didx = substr( argv(1), -1 ); + $deny = argc() > 2 ? argv(2) : ''; + $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; + $now = datetime_convert(); + $ip = $_SERVER['REMOTE_ADDR']; $isduty = zar_register_dutystate(); $nowfmt = $isduty['nowfmt']; $atform = $isduty['atform']; + $pin = ''; - $pin = $_SESSION['zar']['pin'] ?? ''; - unset($_SESSION['zar']['pin']); - - - $title = t('Register Verification'); + if(isset($_SESSION['zar']['pin'])) { + $pin = $_SESSION['zar']['pin']; + unset($_SESSION['zar']['pin']); + } // do we have a valid dId2 ? if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) { @@ -342,7 +353,7 @@ class Regate extends \Zotlabs\Web\Controller { if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), - '$title' => $title, + '$title' => t('Register Verification'), '$desc' => $pin ? t('Please enter your validation token') . ' ' . $pin . '' : t('Please enter your validation token'), '$did2' => bin2hex($did2) . $didx, '$now' => $nowfmt, @@ -361,7 +372,7 @@ class Regate extends \Zotlabs\Web\Controller { } $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => $title, + '$title' => t('Register Verification'), '$now' => $nowf, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), '$infos' => t('Hold on, you can start verification in') . EOL, diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index a08cc6d0d..e96037760 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -426,12 +426,11 @@ class Register extends Controller { if($reg_delayed) { // this could be removed to make registration harder + $_SESSION['zar']['id'] = 'd' . $didnew; $_SESSION['zar']['pin'] = $pass2; - - $_SESSION['zar']['msg'] = t('Your validation token is') . EOL - . '

' . $pass2 . '

' . EOL - . t('Hold on, you can start verification in') - . '
' . datetime_convert('UTC', 'UTC', $regdelay, 'c') . ' ' . t('and') . ' ' . datetime_convert('UTC', 'UTC', $regexpire, 'c') . '
'; + $_SESSION['zar']['delayed'] = true; + $_SESSION['zar']['regdelay'] = datetime_convert('UTC', 'UTC', $regdelay, 'c'); + $_SESSION['zar']['regexpire'] = datetime_convert('UTC', 'UTC', $regexpire, 'c'); } else { $_SESSION['zar']['pin'] = $pass2; -- cgit v1.2.3 From f0e5ce7fd1dae13cc257a8a860fccbc294530776 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 10 Apr 2021 20:44:04 +0000 Subject: register: more work on ui/ux --- Zotlabs/Module/Regate.php | 82 ++++++++++++++++++++++++--------------------- Zotlabs/Module/Register.php | 4 --- 2 files changed, 44 insertions(+), 42 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 16b669dfc..bc2e578b6 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -252,20 +252,21 @@ class Regate extends \Zotlabs\Web\Controller { return $o; } + $isduty = zar_register_dutystate(); + $nowfmt = $isduty['nowfmt']; + $atform = $isduty['atform']; + if ($_SESSION['zar']['delayed']) { $o = replace_macros(get_markup_template('regate_pre.tpl'), [ - '$title' => t('Register Verification'), - '$id' => $_SESSION['zar']['id'], - '$pin' => $_SESSION['zar']['pin'], - '$regdelay' => $_SESSION['zar']['regdelay'], - '$regexpire' => $_SESSION['zar']['regexpire'], - '$desc' => [ - t('Please remember your validation token and ID'), - t('Your ID'), - t('Your token') - ], - '$delay_desc' => [ + '$title' => t('Registration validation'), + '$now' => $nowfmt, + '$id' => $_SESSION['zar']['id'], + '$pin' => $_SESSION['zar']['pin'], + '$regdelay' => $_SESSION['zar']['regdelay'], + '$regexpire' => $_SESSION['zar']['regexpire'], + '$strings' => [ t('Hold on, you can start verification in'), + t('Please remember your validation token for ID'), t('Token validity') ] ]); @@ -280,12 +281,9 @@ class Regate extends \Zotlabs\Web\Controller { $didx = substr( argv(1), -1 ); $deny = argc() > 2 ? argv(2) : ''; $deny = preg_match('/^[0-9a-f]{8,8}$/', $deny) ? hex2bin($deny) : false; - $now = datetime_convert(); $ip = $_SERVER['REMOTE_ADDR']; - $isduty = zar_register_dutystate(); - $nowfmt = $isduty['nowfmt']; - $atform = $isduty['atform']; + $pin = ''; if(isset($_SESSION['zar']['pin'])) { @@ -309,13 +307,14 @@ class Regate extends \Zotlabs\Web\Controller { // is still only instance admins intervention required? if ( $r['reg_flags'] == ACCOUNT_PENDING ) { - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Register Verification Status'), - '$now' => $nowfmt, - '$infos' => t('Verification successful!') . EOL - . t('After your account has been approved by our administrator you will be able to login with your ID') . EOL - . $did2 . EOL - . t('and your provided password.') + $o = replace_macros(get_markup_template('regate_post.tpl'), [ + '$title' => t('Registration status'), + '$pin' => $did2, + '$infos' => [ + t('Verification successful!'), + t('Your login ID'), + t('After your account has been approved by our admin you will be able to login with your ID and your provided password.') + ] ]); } else { @@ -329,7 +328,7 @@ class Regate extends \Zotlabs\Web\Controller { $msg = 'ZAR1133A' . ' ' . t('Sorry for any inconvience. Thank you for your response.'); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => t('Registration request denied'), - '$now' => $nowf, + '$now' => $nowfmt, '$infos' => $msg . EOL, ]); @@ -353,14 +352,18 @@ class Regate extends \Zotlabs\Web\Controller { if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), - '$title' => t('Register Verification'), - '$desc' => $pin ? t('Please enter your validation token') . ' ' . $pin . '' : t('Please enter your validation token'), - '$did2' => bin2hex($did2) . $didx, - '$now' => $nowfmt, - '$atform' => $atform, - '$resend' => $resend, - '$submit' => t('Submit'), - '$acpin' => [ 'acpin', t('Validation token'),'','' ] + '$title' => t('Registration validation'), + '$desc' => t('Please enter your validation token for ID'), + '$id' => $did2, + // we might consider to not provide $pin if a registration delay is configured + // and the pin turns out to be readable by bots + '$pin' => $pin, + '$did2' => bin2hex($did2) . $didx, + '$now' => $nowfmt, + '$atform' => $atform, + '$resend' => $resend, + '$submit' => t('Submit'), + '$acpin' => [ 'acpin', t('Validation token'),'','' ] ]); } else { @@ -371,12 +374,15 @@ class Regate extends \Zotlabs\Web\Controller { ); } - $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Register Verification'), - '$now' => $nowf, + $o = replace_macros(get_markup_template('regate_pre.tpl'), [ + '$title' => t('Registration validation'), + '$now' => $nowfmt, + '$id' => $did2, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), - '$infos' => t('Hold on, you can start verification in') . EOL, - ]); + '$strings' => [ + t('Hold on, you can start verification in'), + t('You will require the validation token for ID') + ] ]); } } } @@ -386,7 +392,7 @@ class Regate extends \Zotlabs\Web\Controller { zar_log('ZAR1132E ' . $msg . ':' . $did2 . ',' . $didx); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, - '$now' => $nowf, + '$now' => $nowfmt, '$infos' => $msg . EOL, ]); } @@ -398,7 +404,7 @@ class Regate extends \Zotlabs\Web\Controller { zar_log($msg); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, - '$now' => $nowf, + '$now' => $nowfmt, '$infos' => ($msg) . EOL, ]); } diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index e96037760..2c73f3d6d 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -80,10 +80,6 @@ class Register extends Controller { if($auto_create) { $name = escape_tags(trim($arr['name'])); - if(!$name) { - notice(t('Name is required.')); - return; - } $name_error = validate_channelname($name); if($name_error) { -- cgit v1.2.3 From d9245566f538711b8692e53a9fa0b59bb2c394d1 Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 11 Apr 2021 17:46:06 +0000 Subject: register: change some strings and some whitespace fixes --- Zotlabs/Module/Regate.php | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index bc2e578b6..84f78e066 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -265,7 +265,7 @@ class Regate extends \Zotlabs\Web\Controller { '$regdelay' => $_SESSION['zar']['regdelay'], '$regexpire' => $_SESSION['zar']['regexpire'], '$strings' => [ - t('Hold on, you can start verification in'), + t('Hold on, you can start validation in'), t('Please remember your validation token for ID'), t('Token validity') ] @@ -322,14 +322,11 @@ class Regate extends \Zotlabs\Web\Controller { if ($deny) { if (substr($r['reg_hash'],0,4) == $deny) { - zar_log('ZAR1134S email verfication denied ' . $did2); - $msg = 'ZAR1133A' . ' ' . t('Sorry for any inconvience. Thank you for your response.'); $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => t('Registration request denied'), - '$now' => $nowfmt, - '$infos' => $msg . EOL, + '$title' => t('Registration request revoked'), + '$infos' => t('Sorry for any inconvience. Thank you for your response.') ]); $reonar = json_decode( $r['reg_stuff'], true); @@ -372,6 +369,12 @@ class Regate extends \Zotlabs\Web\Controller { $rd = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d ", intval($r['reg_id']) ); + + $o = replace_macros(get_markup_template('plain.tpl'), [ + '$infos' => t('ID expired'), + ]); + + return $o; } $o = replace_macros(get_markup_template('regate_pre.tpl'), [ @@ -380,33 +383,34 @@ class Regate extends \Zotlabs\Web\Controller { '$id' => $did2, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), '$strings' => [ - t('Hold on, you can start verification in'), + t('Hold on, you can start validation in'), t('You will require the validation token for ID') - ] ]); + ] + ]); } } } } else { - $msg = t('Identity unknown'); + $msg = t('Unknown or expired ID'); zar_log('ZAR1132E ' . $msg . ':' . $did2 . ',' . $didx); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, '$now' => $nowfmt, - '$infos' => $msg . EOL, + '$infos' => $msg ]); } } else { - $msg = 'ZAR1131E ' . t('dId2 mistaken'); + $msg = 'ZAR1131E ' . t('dId2 malformed'); // $log = ' from § ' . $ip . ' §' . ' (' . dbesc($did2) . ')'; zar_log($msg); $o = replace_macros(get_markup_template('plain.tpl'), [ '$title' => $title, '$now' => $nowfmt, - '$infos' => ($msg) . EOL, - ]); + '$infos' => $msg + ]); } return $o; -- cgit v1.2.3 From aa2450fae1fe41a6b100d152209f66fb66bc270e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20K=C5=82osowicz?= Date: Mon, 12 Apr 2021 10:33:21 +0000 Subject: Wfinger - check https from http_x_forwarded_proto --- Zotlabs/Module/Wfinger.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 6f2864615..46da7f007 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -20,6 +20,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $scheme = 'https'; elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) $scheme = 'https'; + elseif(x($_SERVER,'HTTP_X_FORWARDED_PROTO') && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) + $scheme = 'https'; $zot = intval($_REQUEST['zot']); -- cgit v1.2.3 From b899ed3d6407e7219bf5eb025e76caeb6b39e50d Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 13 Apr 2021 13:04:43 +0000 Subject: register: change some strings and add new template --- Zotlabs/Module/Regate.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 84f78e066..99e20c719 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -258,15 +258,15 @@ class Regate extends \Zotlabs\Web\Controller { if ($_SESSION['zar']['delayed']) { $o = replace_macros(get_markup_template('regate_pre.tpl'), [ - '$title' => t('Registration validation'), + '$title' => t('Registration verification'), '$now' => $nowfmt, '$id' => $_SESSION['zar']['id'], '$pin' => $_SESSION['zar']['pin'], '$regdelay' => $_SESSION['zar']['regdelay'], '$regexpire' => $_SESSION['zar']['regexpire'], '$strings' => [ - t('Hold on, you can start validation in'), - t('Please remember your validation token for ID'), + t('Hold on, you can start verification in'), + t('Please remember your verification token for ID'), t('Token validity') ] ]); @@ -306,14 +306,14 @@ class Regate extends \Zotlabs\Web\Controller { $resend = ($r['reg_didx'] == 'e') ? t('Resend') : false; // is still only instance admins intervention required? - if ( $r['reg_flags'] == ACCOUNT_PENDING ) { + if ($r['reg_flags'] == ACCOUNT_PENDING) { $o = replace_macros(get_markup_template('regate_post.tpl'), [ '$title' => t('Registration status'), - '$pin' => $did2, - '$infos' => [ + '$id' => $did2, + '$strings' => [ t('Verification successful!'), - t('Your login ID'), - t('After your account has been approved by our admin you will be able to login with your ID and your provided password.') + t('Your login ID is'), + t('After your account has been approved by our administrator you will be able to login with your login ID and your provided password.') ] ]); } @@ -349,8 +349,8 @@ class Regate extends \Zotlabs\Web\Controller { if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now) { $o = replace_macros(get_markup_template('regate.tpl'), [ '$form_security_token' => get_form_security_token("regate"), - '$title' => t('Registration validation'), - '$desc' => t('Please enter your validation token for ID'), + '$title' => t('Registration verification'), + '$desc' => t('Please enter your verification token for ID'), '$id' => $did2, // we might consider to not provide $pin if a registration delay is configured // and the pin turns out to be readable by bots @@ -360,7 +360,7 @@ class Regate extends \Zotlabs\Web\Controller { '$atform' => $atform, '$resend' => $resend, '$submit' => t('Submit'), - '$acpin' => [ 'acpin', t('Validation token'),'','' ] + '$acpin' => [ 'acpin', t('Verification token'),'','' ] ]); } else { @@ -378,13 +378,13 @@ class Regate extends \Zotlabs\Web\Controller { } $o = replace_macros(get_markup_template('regate_pre.tpl'), [ - '$title' => t('Registration validation'), + '$title' => t('Registration verification'), '$now' => $nowfmt, '$id' => $did2, '$countdown' => datetime_convert('UTC', 'UTC', $r['reg_startup'], 'c'), '$strings' => [ - t('Hold on, you can start validation in'), - t('You will require the validation token for ID') + t('Hold on, you can start verification in'), + t('You will require the verification token for ID') ] ]); } -- cgit v1.2.3 From e35ab97b7ecbd96e11883bc194bfe9fb5a72e7f2 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 14 Apr 2021 19:40:51 +0000 Subject: register: provide a possibility to leave a message id registration is by approval --- Zotlabs/Module/Admin/Accounts.php | 13 +++++++++---- Zotlabs/Module/Regate.php | 1 - Zotlabs/Module/Register.php | 15 ++++++++++++--- 3 files changed, 21 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 9971fd213..0c0725bd2 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -218,10 +218,15 @@ class Accounts { $tao .= 'tao.zar.zarar = {'; foreach ($pending as $n => $v) { - $pending[$n]['status'] = t('Verified'); + $stuff = json_decode($v['reg_stuff'], true); + + if(isset($stuff['msg'])) { + $pending[$n]['msg'] = $stuff['msg']; + } if (array_key_exists($v['reg_atip'], $atipn)) { - $pending[$n]['reg_atip'] = $v['reg_atip'] . ' ◄' . $atipn[ $v['reg_atip'] ] . '×'; + $pending[$n]['reg_atip'] = $v['reg_atip']; + $pending[$n]['reg_atip_n'] = $atipn[$v['reg_atip']]; } // timezone adjust date_time for display @@ -293,8 +298,8 @@ class Accounts { '$sel_tall' => t('Select toggle'), '$sel_deny' => t('Deny selected'), '$sel_aprv' => t('Approve selected'), - '$h_pending' => t('Registrations waiting for confirm'), - '$th_pending' => array( t('Request date'), t('Verification status'), t('Timeframe'), 'dId2', t('specified,atip') ), + '$h_pending' => t('Verified registrations waiting for approval'), + '$th_pending' => array(t('Request date'), 'dId2', t('Email'), 'IP', t('IP Count')), '$no_pending' => t('No verified registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 99e20c719..372b65433 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -136,7 +136,6 @@ class Regate extends \Zotlabs\Web\Controller { ); if (($flags & ACCOUNT_PENDING ) == ACCOUNT_PENDING) { - $msg .= "\n".t('Last step will be by an instance admin to agree your account request'); $nextpage = 'regate/' . bin2hex($did2) . $didx; q("COMMIT"); } diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 2c73f3d6d..1cbea663a 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -75,6 +75,8 @@ class Register extends Controller { $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); $password = ((x($arr,'password')) ? trim($arr['password']) : ''); $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); + $register_msg = ((x($arr,'register_msg')) ? notags(trim($arr['register_msg'])) : ''); + $reonar = []; $auto_create = get_config('system','auto_channel_create', 1); @@ -182,7 +184,6 @@ class Register extends Controller { return; } - $policy = get_config('system','register_policy'); $invonly = get_config('system','invitation_only'); $invalso = get_config('system','invitation_also'); @@ -378,11 +379,15 @@ class Register extends Controller { } } - if ( $auto_create ) { + if ($auto_create) { $reonar['chan.name'] = $name; $reonar['chan.did1'] = $nick; } + if ($policy == REGISTER_APPROVE) { + $reonar['msg'] = $register_msg; + } + $reg = q("INSERT INTO register (" . "reg_flags,reg_didx,reg_did2,reg_hash,reg_created,reg_startup,reg_expires," . "reg_email,reg_pass,reg_lang,reg_atip,reg_stuff)" @@ -398,7 +403,7 @@ class Register extends Controller { dbesc($password), dbesc(substr(get_best_language(),0,2)), dbesc($ip), - dbesc(json_encode( $reonar )) + dbesc(json_encode($reonar)) ); if ($didx == 'a') { @@ -537,12 +542,15 @@ class Register extends Controller { $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); + $register_msg = ['register_msg', t('Why do you want to join this hub?')]; + require_once('include/bbcode.php'); $o = replace_macros(get_markup_template('register.tpl'), array( '$form_security_token' => get_form_security_token("register"), '$title' => t('Registration'), '$reg_is' => $registration_is, + '$register_msg' => $register_msg, '$registertext' => bbcode(get_config('system','register_text')), '$other_sites' => $other_sites, '$msg' => $opal['msg'], @@ -563,6 +571,7 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), + )); return $o; -- cgit v1.2.3 From 4d3a555b53f3fdd710d7d502bb812d9a565a35f4 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 15 Apr 2021 09:26:47 +0000 Subject: register: minor fixes and template cleanup --- Zotlabs/Module/Admin/Accounts.php | 3 ++- Zotlabs/Module/Register.php | 13 +++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Admin/Accounts.php b/Zotlabs/Module/Admin/Accounts.php index 0c0725bd2..32029eb00 100644 --- a/Zotlabs/Module/Admin/Accounts.php +++ b/Zotlabs/Module/Admin/Accounts.php @@ -299,7 +299,7 @@ class Accounts { '$sel_deny' => t('Deny selected'), '$sel_aprv' => t('Approve selected'), '$h_pending' => t('Verified registrations waiting for approval'), - '$th_pending' => array(t('Request date'), 'dId2', t('Email'), 'IP', t('IP Count')), + '$th_pending' => array(t('Request date'), 'dId2', t('Email'), 'IP', t('Requests')), '$no_pending' => t('No verified registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), @@ -330,6 +330,7 @@ class Accounts { '$tao' => $tao, '$pending' => $pending, '$users' => $users, + '$msg' => t('Message') )); $o .= paginate($a); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 1cbea663a..1188651bd 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -532,17 +532,13 @@ class Register extends Controller { $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); - $name = array('name', t('Your name'), - ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.')); + $name = array('name', t('Your name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real name is preferred'), '', '', $duty['atform']); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); - $nickname = array('nickname', t('Choose a short nickname'), - ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), - sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), - $nickhub)); + $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), t('Your nickname will be used to create an easy to remember channel address'), '', '', $duty['atform']); - $tos = array('tos', $label_tos, '', '', array(t('no'),t('yes'))); + $tos = array('tos', $label_tos, ((x($_REQUEST,'tos')) ? $_REQUEST['tos'] : ''), '', [t('no'),t('yes')], $duty['atform']); - $register_msg = ['register_msg', t('Why do you want to join this hub?')]; + $register_msg = ['register_msg', t('Why do you want to join this hub?'), ((x($_REQUEST,'register_msg')) ? $_REQUEST['register_msg'] : '')]; require_once('include/bbcode.php'); @@ -571,6 +567,7 @@ class Register extends Controller { '$pass1' => $password, '$pass2' => $password2, '$submit' => t('Register'), + '$nickhub' => $nickhub )); -- cgit v1.2.3 From c2b9fc1a4947868c1bc0d3d0bff73e49eb5882c4 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 15 Apr 2021 13:10:20 +0000 Subject: register: add help text to the message field --- Zotlabs/Module/Register.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 1188651bd..601828d5c 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -536,9 +536,9 @@ class Register extends Controller { $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); $nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), t('Your nickname will be used to create an easy to remember channel address'), '', '', $duty['atform']); - $tos = array('tos', $label_tos, ((x($_REQUEST,'tos')) ? $_REQUEST['tos'] : ''), '', [t('no'),t('yes')], $duty['atform']); + $tos = array('tos', $label_tos, ((x($_REQUEST,'tos')) ? $_REQUEST['tos'] : ''), '', [t('No'),t('Yes')], $duty['atform']); - $register_msg = ['register_msg', t('Why do you want to join this hub?'), ((x($_REQUEST,'register_msg')) ? $_REQUEST['register_msg'] : '')]; + $register_msg = ['register_msg', t('Why do you want to join this hub?'), ((x($_REQUEST,'register_msg')) ? $_REQUEST['register_msg'] : ''), t('This will help to review your registrtation')]; require_once('include/bbcode.php'); -- cgit v1.2.3