From 58aa0f3e1a52a0c20016a4330100231ad505e6e4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 13 Mar 2017 16:19:47 -0700 Subject: code_allowed is a real mess. Start the cleanup by remving the account level code allow and limiting to specific channels only. This reduces the possibility of cross channel security issues coming into play. Then provide a single function for checking the code permission. This is only partially done as we often need to check against the observer or logged in channel as well as the resource owner to ensure that this only returns true for local channels which also own the requested resource. --- include/channel.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index b838f8393..ceb5eeb7a 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2252,3 +2252,20 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { } } + +/* + * This checks if a channel is allowed to publish executable code. + * It is up to the caller to determine if the observer or local_channel + * is in fact the resource owner whose channel_id is being checked + */ + +function channel_codeallowed($channel_id) { + + if(! intval($channel_id)) + return false; + + $x = channelx_by_n($channel_id); + if(($x) && ($x['channel_pageflags'] & PAGE_ALLOWCODE)) + return true; + return false; +} \ No newline at end of file -- cgit v1.2.3 From d9037589407162f51578856b084baaa5353a8a04 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 16 Mar 2017 18:36:58 -0700 Subject: remove include/widgets.php --- include/channel.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index ceb5eeb7a..f88a2f8aa 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1193,11 +1193,6 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa else $tpl = get_markup_template('profile_vcard.tpl'); - require_once('include/widgets.php'); - -// if(! feature_enabled($profile['uid'],'hide_rating')) - $z = widget_rating(array('target' => $profile['channel_hash'])); - $o .= replace_macros($tpl, array( '$zcard' => $zcard, '$profile' => $profile, @@ -1211,7 +1206,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa '$chanmenu' => $channel_menu, '$diaspora' => $diaspora, '$reddress' => $reddress, - '$rating' => $z, + '$rating' => '', '$contact_block' => $contact_block, '$editmenu' => profile_edit_menu($profile['uid']) )); -- cgit v1.2.3 From 7a611c6d47020d227630a96de8026da4dae5f862 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 20 Mar 2017 18:14:50 -0700 Subject: create channel_store_lowlevel() and remove more diaspora stuff from core. --- include/channel.php | 93 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 55 insertions(+), 38 deletions(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index f88a2f8aa..465a1524a 100644 --- a/include/channel.php +++ b/include/channel.php @@ -242,24 +242,22 @@ function create_identity($arr) { $expire = 0; - $r = q("insert into channel ( channel_account_id, channel_primary, - channel_name, channel_address, channel_guid, channel_guid_sig, - channel_hash, channel_prvkey, channel_pubkey, channel_pageflags, channel_system, channel_expire_days, channel_timezone ) - values ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s' ) ", - - intval($arr['account_id']), - intval($primary), - dbesc($name), - dbesc($nick), - dbesc($guid), - dbesc($sig), - dbesc($hash), - dbesc($key['prvkey']), - dbesc($key['pubkey']), - intval($pageflags), - intval($system), - intval($expire), - dbesc(App::$timezone) + $r = channel_store_lowlevel( + [ + channel_account_id => intval($arr['account_id']), + channel_primary => intval($primary), + channel_name => $name, + channel_address => $nick, + channel_guid => $guid, + channel_guid_sig => $sig, + channel_hash => $hash, + channel_prvkey => $key['prvkey'], + channel_pubkey => $key['pubkey'], + channel_pageflags => intval($pageflags), + channel_system => intval($system), + channel_expire_days => intval($expire), + channel_timezone => App::$timezone + ] ); $r = q("select * from channel where channel_account_id = %d @@ -1153,25 +1151,6 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa // @fixme move this to the diaspora plugin itself - if(plugin_is_installed('diaspora')) { - $diaspora = array( - 'podloc' => z_root(), - 'guid' => $profile['channel_guid'] . str_replace('.','',App::get_hostname()), - 'pubkey' => pemtorsa($profile['channel_pubkey']), - 'searchable' => (($block) ? 'false' : 'true'), - 'nickname' => $profile['channel_address'], - 'fullname' => $profile['channel_name'], - 'firstname' => $firstname, - 'lastname' => $lastname, - 'photo300' => z_root() . '/photo/profile/300/' . $profile['uid'] . '.jpg', - 'photo100' => z_root() . '/photo/profile/100/' . $profile['uid'] . '.jpg', - 'photo50' => z_root() . '/photo/profile/50/' . $profile['uid'] . '.jpg', - ); - } - else - $diaspora = ''; - - $contact_block = contact_block(); $channel_menu = false; @@ -1204,7 +1183,6 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa '$marital' => $marital, '$homepage' => $homepage, '$chanmenu' => $channel_menu, - '$diaspora' => $diaspora, '$reddress' => $reddress, '$rating' => '', '$contact_block' => $contact_block, @@ -1989,6 +1967,45 @@ function remote_login() { } +function channel_store_lowlevel($arr) { + $store = [ + 'channel_account_id' => ((array_key_exists('channel_account_id',$arr)) ? $arr['channel_account_id'] : '0'), + 'channel_primary' => ((array_key_exists('channel_primary',$arr)) ? $arr['channel_primary'] : '0'), + 'channel_name' => ((array_key_exists('channel_name',$arr)) ? $arr['channel_name'] : ''), + 'channel_address' => ((array_key_exists('channel_address',$arr)) ? $arr['channel_address'] : ''), + 'channel_guid' => ((array_key_exists('channel_guid',$arr)) ? $arr['channel_guid'] : ''), + 'channel_guid_sig' => ((array_key_exists('channel_guid_sig',$arr)) ? $arr['channel_guid_sig'] : ''), + 'channel_hash' => ((array_key_exists('channel_hash',$arr)) ? $arr['channel_hash'] : ''), + 'channel_timezone' => ((array_key_exists('channel_timezone',$arr)) ? $arr['channel_timezone'] : 'UTC'), + 'channel_location' => ((array_key_exists('channel_location',$arr)) ? $arr['channel_location'] : ''), + 'channel_theme' => ((array_key_exists('channel_theme',$arr)) ? $arr['channel_theme'] : ''), + 'channel_startpage' => ((array_key_exists('channel_startpage',$arr)) ? $arr['channel_startpage'] : ''), + 'channel_pubkey' => ((array_key_exists('channel_pubkey',$arr)) ? $arr['channel_pubkey'] : ''), + 'channel_prvkey' => ((array_key_exists('channel_prvkey',$arr)) ? $arr['channel_prvkey'] : ''), + 'channel_notifyflags' => ((array_key_exists('channel_notifyflags',$arr)) ? $arr['channel_notifyflags'] : '65535'), + 'channel_pageflags' => ((array_key_exists('channel_pageflags',$arr)) ? $arr['channel_pageflags'] : '0'), + 'channel_dirdate' => ((array_key_exists('channel_dirdate',$arr)) ? $arr['channel_dirdate'] : NULL_DATE), + 'channel_lastpost' => ((array_key_exists('channel_lastpost',$arr)) ? $arr['channel_lastpost'] : NULL_DATE), + 'channel_deleted' => ((array_key_exists('channel_deleted',$arr)) ? $arr['channel_deleted'] : NULL_DATE), + 'channel_max_anon_mail' => ((array_key_exists('channel_max_anon_mail',$arr)) ? $arr['channel_max_anon_mail'] : '10'), + 'channel_max_friend_req' => ((array_key_exists('channel_max_friend_req',$arr)) ? $arr['channel_max_friend_req'] : '10'), + 'channel_expire_days' => ((array_key_exists('channel_expire_days',$arr)) ? $arr['channel_expire_days'] : '0'), + 'channel_passwd_reset' => ((array_key_exists('channel_passwd_reset',$arr)) ? $arr['channel_passwd_reset'] : ''), + 'channel_default_group' => ((array_key_exists('channel_default_group',$arr)) ? $arr['channel_default_group'] : ''), + 'channel_allow_cid' => ((array_key_exists('channel_allow_cid',$arr)) ? $arr['channel_allow_cid'] : ''), + 'channel_allow_gid' => ((array_key_exists('channel_allow_gid',$arr)) ? $arr['channel_allow_gid'] : ''), + 'channel_deny_cid' => ((array_key_exists('channel_deny_cid',$arr)) ? $arr['channel_deny_cid'] : ''), + 'channel_deny_gid' => ((array_key_exists('channel_deny_gid',$arr)) ? $arr['channel_deny_gid'] : ''), + 'channel_removed' => ((array_key_exists('channel_removed',$arr)) ? $arr['channel_removed'] : '0'), + 'channel_system' => ((array_key_exists('channel_system',$arr)) ? $arr['channel_system'] : '0'), + 'channel_moved' => ((array_key_exists('channel_moved',$arr)) ? $arr['channel_moved'] : '') + + ]; + + return create_table_from_array('channel',$store); + +} + function profile_store_lowlevel($arr) { -- cgit v1.2.3 From f43428aacf940b84b05e1554cc53e29e60846ae4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 29 Mar 2017 16:16:29 -0700 Subject: channel_store_lowlevel declared twice --- include/channel.php | 41 ----------------------------------------- 1 file changed, 41 deletions(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index b224e3623..7394b1308 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2007,47 +2007,6 @@ function channel_store_lowlevel($arr) { } - -function channel_store_lowlevel($arr) { - - $store = [ - 'channel_account_id' => ((array_key_exists('channel_account_id',$arr)) ? $arr['channel_account_id'] : '0'), - 'channel_primary' => ((array_key_exists('channel_primary',$arr)) ? $arr['channel_primary'] : '0'), - 'channel_name' => ((array_key_exists('channel_name',$arr)) ? $arr['channel_name'] : ''), - 'channel_address' => ((array_key_exists('channel_address',$arr)) ? $arr['channel_address'] : ''), - 'channel_guid' => ((array_key_exists('channel_guid',$arr)) ? $arr['channel_guid'] : ''), - 'channel_guid_sig' => ((array_key_exists('channel_guid_sig',$arr)) ? $arr['channel_guid_sig'] : ''), - 'channel_hash' => ((array_key_exists('channel_hash',$arr)) ? $arr['channel_hash'] : ''), - 'channel_timezone' => ((array_key_exists('channel_timezone',$arr)) ? $arr['channel_timezone'] : 'UTC'), - 'channel_location' => ((array_key_exists('channel_location',$arr)) ? $arr['channel_location'] : ''), - 'channel_theme' => ((array_key_exists('channel_theme',$arr)) ? $arr['channel_theme'] : ''), - 'channel_startpage' => ((array_key_exists('channel_startpage',$arr)) ? $arr['channel_startpage'] : ''), - 'channel_pubkey' => ((array_key_exists('channel_pubkey',$arr)) ? $arr['channel_pubkey'] : ''), - 'channel_prvkey' => ((array_key_exists('channel_prvkey',$arr)) ? $arr['channel_prvkey'] : ''), - 'channel_notifyflags' => ((array_key_exists('channel_notifyflags',$arr)) ? $arr['channel_notifyflags'] : '65535'), - 'channel_pageflags' => ((array_key_exists('channel_pageflags',$arr)) ? $arr['channel_pageflags'] : '0'), - 'channel_dirdate' => ((array_key_exists('channel_dirdate',$arr)) ? $arr['channel_dirdate'] : NULL_DATE), - 'channel_lastpost' => ((array_key_exists('channel_lastpost',$arr)) ? $arr['channel_lastpost'] : NULL_DATE), - 'channel_deleted' => ((array_key_exists('channel_deleted',$arr)) ? $arr['channel_deleted'] : NULL_DATE), - 'channel_max_anon_mail' => ((array_key_exists('channel_max_anon_mail',$arr)) ? $arr['channel_max_anon_mail'] : '10'), - 'channel_max_friend_req' => ((array_key_exists('channel_max_friend_req',$arr)) ? $arr['channel_max_friend_req'] : '10'), - 'channel_expire_days' => ((array_key_exists('channel_expire_days',$arr)) ? $arr['channel_expire_days'] : '0'), - 'channel_passwd_reset' => ((array_key_exists('channel_passwd_reset',$arr)) ? $arr['channel_passwd_reset'] : ''), - 'channel_default_group' => ((array_key_exists('channel_default_group',$arr)) ? $arr['channel_default_group'] : ''), - 'channel_allow_cid' => ((array_key_exists('channel_allow_cid',$arr)) ? $arr['channel_allow_cid'] : ''), - 'channel_allow_gid' => ((array_key_exists('channel_allow_gid',$arr)) ? $arr['channel_allow_gid'] : ''), - 'channel_deny_cid' => ((array_key_exists('channel_deny_cid',$arr)) ? $arr['channel_deny_cid'] : ''), - 'channel_deny_gid' => ((array_key_exists('channel_deny_gid',$arr)) ? $arr['channel_deny_gid'] : ''), - 'channel_removed' => ((array_key_exists('channel_removed',$arr)) ? $arr['channel_removed'] : '0'), - 'channel_system' => ((array_key_exists('channel_system',$arr)) ? $arr['channel_system'] : '0'), - 'channel_moved' => ((array_key_exists('channel_moved',$arr)) ? $arr['channel_moved'] : '') - ]; - - return create_table_from_array('channel',$store); - -} - - function profile_store_lowlevel($arr) { $store = [ -- cgit v1.2.3 From 1c32564536cbfa12bd21a1c8161921b13d7dcc66 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 12 Apr 2017 17:32:28 -0700 Subject: backend infrastructure for 'channel protection password'; which will be used to optionally encrypt export files and resolve channel/identity ownership/hijacking disputes --- include/channel.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 7394b1308..890bb8bd6 100644 --- a/include/channel.php +++ b/include/channel.php @@ -538,6 +538,8 @@ function identity_basic_export($channel_id, $sections = null) { $ret['relocate'] = [ 'channel_address' => $r[0]['channel_address'], 'url' => z_root()]; if(in_array('channel',$sections)) { $ret['channel'] = $r[0]; + unset($ret['channel']['channel_password']); + unset($ret['channel']['channel_salt']); } } @@ -1999,7 +2001,10 @@ function channel_store_lowlevel($arr) { 'channel_deny_gid' => ((array_key_exists('channel_deny_gid',$arr)) ? $arr['channel_deny_gid'] : ''), 'channel_removed' => ((array_key_exists('channel_removed',$arr)) ? $arr['channel_removed'] : '0'), 'channel_system' => ((array_key_exists('channel_system',$arr)) ? $arr['channel_system'] : '0'), - 'channel_moved' => ((array_key_exists('channel_moved',$arr)) ? $arr['channel_moved'] : '') + + 'channel_moved' => ((array_key_exists('channel_moved',$arr)) ? $arr['channel_moved'] : ''), + 'channel_password' => ((array_key_exists('channel_password',$arr)) ? $arr['channel_password'] : ''), + 'channel_salt' => ((array_key_exists('channel_salt',$arr)) ? $arr['channel_salt'] : '') ]; -- cgit v1.2.3 From 7acb0685904bd66cd89ef15e181148d31c6813dc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 2 May 2017 18:24:18 -0700 Subject: profile_sidebar hook ignored the updated html content --- include/channel.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 890bb8bd6..6220ff179 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1196,7 +1196,8 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa call_hooks('profile_sidebar', $arr); - return $o; + return $arr['entry']; + } -- cgit v1.2.3 From eeb9103e267a01ad5f076afeb02bedabfcc70db9 Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Fri, 5 May 2017 00:23:57 +0200 Subject: :bulb: correct some Doxygen syntax mistakes. --- include/channel.php | 130 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 74 insertions(+), 56 deletions(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 0a4c9009a..31dca1ae5 100644 --- a/include/channel.php +++ b/include/channel.php @@ -57,8 +57,9 @@ function identity_check_service_class($account_id) { * Plugins can set additional policies such as full name requirements, character * sets, multi-byte length, etc. * + * @hooks validate_channelname + * * \e array \b name * @param string $name - * * @returns nil return if name is valid, or string describing the error state. */ function validate_channelname($name) { @@ -69,7 +70,7 @@ function validate_channelname($name) { if (strlen($name) > 255) return t('Name too long'); - $arr = array('name' => $name); + $arr = ['name' => $name]; call_hooks('validate_channelname', $arr); if (x($arr, 'message')) @@ -463,7 +464,6 @@ function create_identity($arr) { * if true, set this default unconditionally * if $force is false only do this if there is no existing default */ - function set_default_login_identity($account_id, $channel_id, $force = true) { $r = q("select account_default_channel from account where account_id = %d limit 1", intval($account_id) @@ -478,12 +478,29 @@ function set_default_login_identity($account_id, $channel_id, $force = true) { } } - +/** + * @brief Return an array with default list of sections to export. + * + * @hooks get_default_export_sections + * * \e array \b sections + * @return array with default section names to export + */ function get_default_export_sections() { - $sections = [ 'channel', 'connections', 'config', 'apps', 'chatrooms', 'events', 'webpages', 'mail', 'wikis' ]; + $sections = [ + 'channel', + 'connections', + 'config', + 'apps', + 'chatrooms', + 'events', + 'webpages', + 'mail', + 'wikis' + ]; $cb = [ 'sections' => $sections ]; call_hooks('get_default_export_sections', $cb); + return $cb['sections']; } @@ -493,15 +510,17 @@ function get_default_export_sections() { * which would be necessary to create a nomadic identity clone. This includes * most channel resources and connection information with the exception of content. * + * @hooks identity_basic_export + * * \e int \b channel_id + * * \e array \b sections + * * \e array \b data * @param int $channel_id * Channel_id to export - * @param boolean $items - * Include channel posts (wall items), default false - * + * @param array $sections (optional) + * Which sections to include in the export, default see get_default_export_sections() * @returns array * See function for details */ - function identity_basic_export($channel_id, $sections = null) { /* @@ -511,16 +530,16 @@ function identity_basic_export($channel_id, $sections = null) { if(! $sections) { $sections = get_default_export_sections(); } - + $ret = []; // use constants here as otherwise we will have no idea if we can import from a site // with a non-standard platform and version. $ret['compatibility'] = [ - 'project' => PLATFORM_NAME, - 'version' => STD_VERSION, - 'database' => DB_UPDATE_VERSION, + 'project' => PLATFORM_NAME, + 'version' => STD_VERSION, + 'database' => DB_UPDATE_VERSION, 'server_role' => Zotlabs\Lib\System::get_server_role() ]; @@ -549,8 +568,7 @@ function identity_basic_export($channel_id, $sections = null) { if($r) $ret['profile'] = $r; - - $r = q("select mimetype, content, os_storage from photo + $r = q("select mimetype, content, os_storage from photo where imgscale = 4 and photo_usage = %d and uid = %d limit 1", intval(PHOTO_PROFILE), intval($channel_id) @@ -558,8 +576,8 @@ function identity_basic_export($channel_id, $sections = null) { if($r) { $ret['photo'] = [ - 'type' => $r[0]['mimetype'], - 'data' => (($r[0]['os_storage']) + 'type' => $r[0]['mimetype'], + 'data' => (($r[0]['os_storage']) ? base64url_encode(file_get_contents($r[0]['content'])) : base64url_encode($r[0]['content'])) ]; } @@ -605,7 +623,6 @@ function identity_basic_export($channel_id, $sections = null) { ); if($r) $ret['group_member'] = $r; - } if(in_array('config',$sections)) { @@ -614,7 +631,7 @@ function identity_basic_export($channel_id, $sections = null) { ); if($r) $ret['config'] = $r; - + // All other term types will be included in items, if requested. $r = q("select * from term where ttype in (%d,%d) and uid = %d", @@ -641,7 +658,6 @@ function identity_basic_export($channel_id, $sections = null) { if($r) $ret['likes'] = $r; - } if(in_array('apps',$sections)) { @@ -667,7 +683,6 @@ function identity_basic_export($channel_id, $sections = null) { $ret['chatroom'] = $r; } - if(in_array('events',$sections)) { $r = q("select * from event where uid = %d", intval($channel_id) @@ -697,7 +712,7 @@ function identity_basic_export($channel_id, $sections = null) { $ret['menu'][] = menu_element($ret['channel'],$m); } } - $r = q("select * from item where item_type in ( " + $r = q("select * from item where item_type in ( " . ITEM_TYPE_BLOCK . "," . ITEM_TYPE_PDL . "," . ITEM_TYPE_WEBPAGE . " ) and uid = %d", intval($channel_id) ); @@ -707,7 +722,6 @@ function identity_basic_export($channel_id, $sections = null) { $r = fetch_post_tags($r,true); foreach($r as $rr) $ret['webpages'][] = encode_item($rr,true); - } } @@ -758,7 +772,7 @@ function identity_basic_export($channel_id, $sections = null) { * Don't export linked resource items. we'll have to pull those out separately. */ - $r = q("select * from item where item_wall = 1 and item_deleted = 0 and uid = %d + $r = q("select * from item where item_wall = 1 and item_deleted = 0 and uid = %d and created > %s - INTERVAL %s and resource_type = '' order by created", intval($channel_id), db_utcnow(), @@ -1394,15 +1408,15 @@ function get_my_address() { } /** - * @brief + * @brief Add visitor's zid to our xchan and attempt authentication. * - * If somebody arrives at our site using a zid, add their xchan to our DB if we don't have it already. + * If somebody arrives at our site using a zid, add their xchan to our DB if we + * don't have it already. * And if they aren't already authenticated here, attempt reverse magic auth. * - * - * @hooks 'zid_init' - * string 'zid' - their zid - * string 'url' - the destination url + * @hooks zid_init + * * \e string \b zid - their zid + * * \e string \b url - the destination url */ function zid_init() { $tmp_str = get_my_address(); @@ -1431,12 +1445,9 @@ function zid_init() { } /** - * @brief - * - * If somebody arrives at our site using a zat, authenticate them + * @brief If somebody arrives at our site using a zat, authenticate them. * */ - function zat_init() { if(local_channel() || remote_channel()) return; @@ -1448,7 +1459,6 @@ function zat_init() { $xchan = atoken_xchan($r[0]); atoken_login($xchan); } - } @@ -1481,7 +1491,7 @@ function get_theme_uid() { * * @param int $size * one of (300, 80, 48) -* @returns string +* @returns string with path to profile photo */ function get_default_profile_photo($size = 300) { $scheme = get_config('system','default_profile_photo'); @@ -1974,7 +1984,6 @@ function channel_manual_conv_update($channel_id) { $x = get_config('system','manual_conversation_update', 1); return intval($x); - } @@ -2143,24 +2152,33 @@ function account_remove($account_id,$local = true,$unset_session=true) { } -function channel_remove($channel_id, $local = true, $unset_session=false) { +/** + * @brief Removes a channel. + * + * @hooks channel_remove + * * \e array \b entry from channel tabel for $channel_id + * @param int $channel_id + * @param boolean $local default true + * @param boolean $unset_session default false + */ +function channel_remove($channel_id, $local = true, $unset_session = false) { if(! $channel_id) return; logger('Removing channel: ' . $channel_id); - logger('channel_remove: local only: ' . intval($local)); + logger('local only: ' . intval($local)); $r = q("select * from channel where channel_id = %d limit 1", intval($channel_id)); if(! $r) { - logger('channel_remove: channel not found: ' . $channel_id); + logger('channel not found: ' . $channel_id); return; } $channel = $r[0]; - call_hooks('channel_remove',$r[0]); - + call_hooks('channel_remove', $r[0]); + if(! $local) { $r = q("update channel set channel_deleted = '%s', channel_removed = 1 where channel_id = %d", @@ -2173,12 +2191,11 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { ); logger('deleting hublocs',LOGGER_DEBUG); - + $r = q("update hubloc set hubloc_deleted = 1 where hubloc_hash = '%s'", dbesc($channel['channel_hash']) ); - $r = q("update xchan set xchan_deleted = 1 where xchan_hash = '%s'", dbesc($channel['channel_hash']) ); @@ -2211,8 +2228,7 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { q("DELETE FROM profile WHERE uid = %d", intval($channel_id)); q("DELETE FROM pconfig WHERE uid = %d", intval($channel_id)); - // @FIXME At this stage we need to remove the file resources located under /store/$nickname - + /// @FIXME At this stage we need to remove the file resources located under /store/$nickname q("delete from abook where abook_xchan = '%s' and abook_self = 1 ", dbesc($channel['channel_hash']) @@ -2263,16 +2279,16 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { dbesc($channel['channel_hash']) ); } - + //remove from file system $r = q("select channel_address from channel where channel_id = %d limit 1", intval($channel_id) ); - + if($r) { $channel_address = $r[0]['channel_address'] ; } - if($channel_address) { + if($channel_address) { $f = 'store/' . $channel_address.'/'; logger('delete '. $f); if(is_dir($f)) { @@ -2286,22 +2302,24 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { App::$session->nuke(); goaway(z_root()); } - } -/* - * This checks if a channel is allowed to publish executable code. - * It is up to the caller to determine if the observer or local_channel - * is in fact the resource owner whose channel_id is being checked +/** + * @brief This checks if a channel is allowed to publish executable code. + * + * It is up to the caller to determine if the observer or local_channel + * is in fact the resource owner whose channel_id is being checked. + * + * @param int $channel_id + * @return boolean */ - function channel_codeallowed($channel_id) { - if(! intval($channel_id)) return false; $x = channelx_by_n($channel_id); if(($x) && ($x['channel_pageflags'] & PAGE_ALLOWCODE)) return true; + return false; } -- cgit v1.2.3 From fc98bd1563ee71974d5d5c40d6ed8ed0c50f3c37 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 31 May 2017 20:59:36 -0700 Subject: minor export issue with mail --- include/channel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 77a4ba60f..b06c1994f 100644 --- a/include/channel.php +++ b/include/channel.php @@ -737,14 +737,14 @@ function identity_basic_export($channel_id, $sections = null) { $ret['conv'] = $r; } - $r = q("select * from mail where mail.uid = %d", + $r = q("select * from mail where channel_id = %d", intval($channel_id) ); if($r) { $m = array(); foreach($r as $rr) { xchan_mail_query($rr); - $m[] = mail_encode($rr,true); + $m[] = encode_mail($rr,true); } $ret['mail'] = $m; } -- cgit v1.2.3 From 8ebb0006507e12f8570ea126c4146ea14b71fd7f Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 31 May 2017 20:59:36 -0700 Subject: minor export issue with mail --- include/channel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 31dca1ae5..2284b3004 100644 --- a/include/channel.php +++ b/include/channel.php @@ -736,14 +736,14 @@ function identity_basic_export($channel_id, $sections = null) { $ret['conv'] = $r; } - $r = q("select * from mail where mail.uid = %d", + $r = q("select * from mail where channel_id = %d", intval($channel_id) ); if($r) { $m = array(); foreach($r as $rr) { xchan_mail_query($rr); - $m[] = mail_encode($rr,true); + $m[] = encode_mail($rr,true); } $ret['mail'] = $m; } -- cgit v1.2.3 From b917cf1eccc62f5f533c0a61ffd699764b39e404 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 18 Jun 2017 22:25:41 -0700 Subject: allow moderated comments like wordpress if permissions are compatible --- include/channel.php | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index b06c1994f..86fa2a63a 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2306,3 +2306,69 @@ function channel_codeallowed($channel_id) { } +function anon_identity_init($reqvars) { + + $x = [ 'request_vars' => $reqvars, 'xchan' => null, 'success' => 'unset' ]; + call_hooks('anon_identity_init',$x); + if($x['success'] !== 'unset' && intval($x['success']) && $x['xchan']) + return $x['xchan']; + + // allow a captcha handler to over-ride + if($x['success'] !== 'unset' && (intval($x['success']) === 0)) + return false; + + + $anon_name = strip_tags(trim($reqvars['anonname'])); + $anon_email = strip_tags(trim($reqvars['anonmail'])); + $anon_url = strip_tags(trim($reqvars['anonurl'])); + + if(! ($anon_name && $anon_email)) { + logger('anonymous commenter did not complete form'); + return false; + } + + if(! validate_email($anon_email)) { + logger('enonymous email not valid'); + return false; + } + + if(! $anon_url) + $anon_url = z_root(); + + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", + dbesc($anon_email), + dbesc($anon_email) + ); + + if(! $x) { + xchan_store_lowlevel([ + 'xchan_guid' => $anon_email, + 'xchan_hash' => $anon_email, + 'xchan_name' => $anon_name, + 'xchan_url' => $anon_url, + 'xchan_network' => 'unknown', + 'xchan_name_date' => datetime_convert() + ]); + + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", + dbesc($anon_email), + dbesc($anon_email) + ); + + $photo = z_root() . '/' . get_default_profile_photo(300); + $photos = import_xchan_photo($photo,$anon_email); + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' ", + dbesc(datetime_convert()), + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc($photos[3]), + dbesc($anon_email), + dbesc($anon_email) + ); + + } + + return $x[0]; + +} \ No newline at end of file -- cgit v1.2.3 From b0a6a5a91e0180c0ed3de1af324e7b9567c5e108 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 18 Jun 2017 22:51:52 -0700 Subject: minor cleanup of moderated comment feature --- include/channel.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 86fa2a63a..433c7c52c 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2335,28 +2335,31 @@ function anon_identity_init($reqvars) { if(! $anon_url) $anon_url = z_root(); + $hash = hash('md5',$anon_email); + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", dbesc($anon_email), - dbesc($anon_email) + dbesc($hash) ); if(! $x) { xchan_store_lowlevel([ 'xchan_guid' => $anon_email, - 'xchan_hash' => $anon_email, + 'xchan_hash' => $hash, 'xchan_name' => $anon_name, 'xchan_url' => $anon_url, 'xchan_network' => 'unknown', 'xchan_name_date' => datetime_convert() ]); + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", dbesc($anon_email), - dbesc($anon_email) + dbesc($hash) ); $photo = z_root() . '/' . get_default_profile_photo(300); - $photos = import_xchan_photo($photo,$anon_email); + $photos = import_xchan_photo($photo,$hash); $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' ", dbesc(datetime_convert()), dbesc($photos[0]), @@ -2364,7 +2367,7 @@ function anon_identity_init($reqvars) { dbesc($photos[2]), dbesc($photos[3]), dbesc($anon_email), - dbesc($anon_email) + dbesc($hash) ); } -- cgit v1.2.3 From 1472f85b162ea6f1ab9e19e94b86fc4a8ef074be Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 18 Jun 2017 22:25:41 -0700 Subject: allow moderated comments like wordpress if permissions are compatible --- include/channel.php | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 2284b3004..50cc90178 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2323,3 +2323,70 @@ function channel_codeallowed($channel_id) { return false; } + +function anon_identity_init($reqvars) { + + $x = [ 'request_vars' => $reqvars, 'xchan' => null, 'success' => 'unset' ]; + call_hooks('anon_identity_init',$x); + if($x['success'] !== 'unset' && intval($x['success']) && $x['xchan']) + return $x['xchan']; + + // allow a captcha handler to over-ride + if($x['success'] !== 'unset' && (intval($x['success']) === 0)) + return false; + + + $anon_name = strip_tags(trim($reqvars['anonname'])); + $anon_email = strip_tags(trim($reqvars['anonmail'])); + $anon_url = strip_tags(trim($reqvars['anonurl'])); + + if(! ($anon_name && $anon_email)) { + logger('anonymous commenter did not complete form'); + return false; + } + + if(! validate_email($anon_email)) { + logger('enonymous email not valid'); + return false; + } + + if(! $anon_url) + $anon_url = z_root(); + + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", + dbesc($anon_email), + dbesc($anon_email) + ); + + if(! $x) { + xchan_store_lowlevel([ + 'xchan_guid' => $anon_email, + 'xchan_hash' => $anon_email, + 'xchan_name' => $anon_name, + 'xchan_url' => $anon_url, + 'xchan_network' => 'unknown', + 'xchan_name_date' => datetime_convert() + ]); + + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", + dbesc($anon_email), + dbesc($anon_email) + ); + + $photo = z_root() . '/' . get_default_profile_photo(300); + $photos = import_xchan_photo($photo,$anon_email); + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' ", + dbesc(datetime_convert()), + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc($photos[3]), + dbesc($anon_email), + dbesc($anon_email) + ); + + } + + return $x[0]; + +} -- cgit v1.2.3 From 3b5e1c05b78f72a31eda76b0ff90d08b58ee452d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 18 Jun 2017 22:51:52 -0700 Subject: minor cleanup of moderated comment feature --- include/channel.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 50cc90178..e283ed940 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2353,28 +2353,31 @@ function anon_identity_init($reqvars) { if(! $anon_url) $anon_url = z_root(); + $hash = hash('md5',$anon_email); + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", dbesc($anon_email), - dbesc($anon_email) + dbesc($hash) ); if(! $x) { xchan_store_lowlevel([ 'xchan_guid' => $anon_email, - 'xchan_hash' => $anon_email, + 'xchan_hash' => $hash, 'xchan_name' => $anon_name, 'xchan_url' => $anon_url, 'xchan_network' => 'unknown', 'xchan_name_date' => datetime_convert() ]); + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", dbesc($anon_email), - dbesc($anon_email) + dbesc($hash) ); $photo = z_root() . '/' . get_default_profile_photo(300); - $photos = import_xchan_photo($photo,$anon_email); + $photos = import_xchan_photo($photo,$hash); $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' ", dbesc(datetime_convert()), dbesc($photos[0]), @@ -2382,7 +2385,7 @@ function anon_identity_init($reqvars) { dbesc($photos[2]), dbesc($photos[3]), dbesc($anon_email), - dbesc($anon_email) + dbesc($hash) ); } -- cgit v1.2.3 From 4c50bfebc293554d9c9a4a8c34b929b03c132d68 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 27 Jun 2017 21:55:34 -0700 Subject: provide a gender icon on the profile sidebar within reason --- include/channel.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index 25e54003a..a6b510600 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1162,6 +1162,10 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa $location = $reddress = $pdesc = $gender = $marital = $homepage = False; } + if($profile['gender']) { + $profile['gender_icon'] = gender_icon($profile['gender']); + } + $firstname = ((strpos($profile['channel_name'],' ')) ? trim(substr($profile['channel_name'],0,strpos($profile['channel_name'],' '))) : $profile['channel_name']); $lastname = (($firstname === $profile['channel_name']) ? '' : trim(substr($profile['channel_name'],strlen($firstname)))); @@ -1214,6 +1218,27 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa } +function gender_icon($gender) { + + logger('gender: ' . $gender); + + // This can easily get throw off if the observer language is different + // than the channel owner language. + + if(strpos(strtolower($gender),strtolower(t('Female'))) !== false) + return 'venus'; + if(strpos(strtolower($gender),strtolower(t('Male'))) !== false) + return 'mars'; + if(strpos(strtolower($gender),strtolower(t('Trans'))) !== false) + return 'transgender'; + if(strpos(strtolower($gender),strtolower(t('Neuter'))) !== false) + return 'neuter'; + if(strpos(strtolower($gender),strtolower(t('Non-specific'))) !== false) + return 'genderless'; + + return ''; +} + function advanced_profile(&$a) { require_once('include/text.php'); -- cgit v1.2.3 From 118fed29b5671035d347d8f3aac50d4af39fc5f3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 27 Jun 2017 22:05:06 -0700 Subject: remove logging statement --- include/channel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/channel.php') diff --git a/include/channel.php b/include/channel.php index a6b510600..49da57fd6 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1220,7 +1220,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa function gender_icon($gender) { - logger('gender: ' . $gender); +// logger('gender: ' . $gender); // This can easily get throw off if the observer language is different // than the channel owner language. -- cgit v1.2.3