From 65542460456a13b8619c1175ed8a5b0d9a1acc83 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 18 Jan 2013 16:01:14 -0800 Subject: add versioning info to basic identity export, create skeleton function for import --- include/identity.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'include') diff --git a/include/identity.php b/include/identity.php index 94de192c6..a66929b63 100644 --- a/include/identity.php +++ b/include/identity.php @@ -201,6 +201,9 @@ function identity_basic_export($channel_id) { */ $ret = array(); + + $ret['compatibility'] = array('project' => FRIENDICA_PLATFORM, 'version' => FRIENDICA_VERSION, 'database' => DB_UPDATE_VERSION); + $r = q("select * from channel where channel_id = %d limit 1", intval($channel_id) ); @@ -240,4 +243,49 @@ function identity_basic_export($channel_id) { +function identity_basic_import($arr, $seize_primary = false) { + + $ret = array('result' => false ); + + if($arr['channel']) { + // import channel + + // create a new xchan (if necessary) + + // create a new hubloc and seize control if applicable + + + } + if($arr['profile']) { + // FIXME - change profile assignment to a hash instead of an id we have to fix + + + } + + if($arr['xchan']) { + + // import any xchan and hubloc which are not yet available on this site + // Unset primary for all other hubloc on our own record if $seize_primary + + + } + + if($arr['abook']) { + // import the abook entries + + + } + + + if($seize_primary) { + + // send a refresh message to all our friends, telling them we've moved + + } + + + $ret['result'] = true ; + return $ret; + +} \ No newline at end of file -- cgit v1.2.3 From 9725dcf41dce7b03828a29b7f6def11ef120a88f Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 19 Jan 2013 00:43:05 -0800 Subject: distributed directory search from the navbar --- include/text.php | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 9db22d9ed..1cfc89cae 100644 --- a/include/text.php +++ b/include/text.php @@ -302,26 +302,33 @@ function paginate(&$a) { }} if(! function_exists('alt_pager')) { -function alt_pager(&$a, $i) { - $o = ''; +function alt_pager(&$a, $i, $more = '', $less = '') { + + $o = ''; + + if(! $more) + $more = t('older'); + if(! $less) + $less = t('newer'); + $stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string); $stripped = str_replace('q=','',$stripped); $stripped = trim($stripped,'/'); $pagenum = $a->pager['page']; - $url = $a->get_baseurl() . '/' . $stripped; + $url = $a->get_baseurl() . '/' . $stripped; - $o .= '
'; + $o .= '
'; - if($a->pager['page']>1) - $o .= "pager['page'] - 1).'">' . t('newer') . ''; - if($i>0) { - if($a->pager['page']>1) - $o .= " - "; - $o .= "pager['page'] + 1).'">' . t('older') . ''; + if($a->pager['page'] > 1) + $o .= "pager['page'] - 1).'">' . $less . ''; + if($i > 0 && $i == $a->pager['itemspage']) { + if($a->pager['page']>1) + $o .= " | "; + $o .= "pager['page'] + 1).'">' . $more . ''; } - $o .= '
'."\r\n"; + $o .= '
'."\r\n"; return $o; }} -- cgit v1.2.3 From d8d8dd5ceda475f56a8c6ed2324f2eae94658d3a Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 19 Jan 2013 01:07:35 -0800 Subject: directory services cleanup --- include/nav.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index 644264a92..b65577e0f 100644 --- a/include/nav.php +++ b/include/nav.php @@ -118,9 +118,9 @@ EOT; $nav['search'] = array('search', t('Search'), "", t('Search site content')); - $gdirpath = 'directory'; - $nav['directory'] = array($gdirpath, t('Directory'), "", t('People directory')); + $nav['directory'] = array('directory', t('Channel Directory'), "", t('Channel Locator')); + /** * @@ -199,6 +199,7 @@ EOT; '$localuser' => local_user(), '$sel' => $a->nav_sel, '$apps' => $a->get_apps(), + '$pleasewait' => t('Please wait...') )); call_hooks('page_header', $a->page['nav']); -- cgit v1.2.3 From 994f322d471ff2271055db9344a31c7caef3c0db Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 19 Jan 2013 06:08:13 -0800 Subject: more hard slogging on the api --- include/api.php | 239 +++++++++++++++++++++++++------------------------------- 1 file changed, 108 insertions(+), 131 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 1864d511e..16acc64f5 100644 --- a/include/api.php +++ b/include/api.php @@ -1,10 +1,11 @@ contacts[$normalised]))) return api_get_user($a,$a->contacts[$normalised]['id']); } + // We don't know this person directly. list($nick, $name) = array_map("trim",explode("(",$item['author-name'])); @@ -466,9 +476,6 @@ return $ret; } - /** - ** TWITTER API - */ /** * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful; @@ -524,27 +531,27 @@ function api_statuses_mediap(&$a, $type) { - if (api_user()===false) { - logger('api_statuses_update: no user'); - return false; - } - $user_info = api_get_user($a); - - $_REQUEST['type'] = 'wall'; - $_REQUEST['profile_uid'] = api_user(); - $_REQUEST['api_source'] = true; - $txt = requestdata('status'); - //$txt = urldecode(requestdata('status')); - - require_once('library/HTMLPurifier.auto.php'); - require_once('include/html2bbcode.php'); - - if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { + if (api_user() === false) { + logger('api_statuses_update: no user'); + return false; + } + $user_info = api_get_user($a); + + $_REQUEST['type'] = 'wall'; + $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['api_source'] = true; + + $txt = requestdata('status'); + + require_once('library/HTMLPurifier.auto.php'); + require_once('include/html2bbcode.php'); + + if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { $txt = html2bb_video($txt); $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.DefinitionImpl', null); + $config->set('Cache.DefinitionImpl', null); $purifier = new HTMLPurifier($config); - $txt = $purifier->purify($txt); + $txt = $purifier->purify($txt); } $txt = html2bbcode($txt); @@ -552,10 +559,10 @@ $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo require_once('mod/wall_upload.php'); - $bebop = wall_upload_post($a); + $posted = wall_upload_post($a); //now that we have the img url in bbcode we can add it to the status and insert the wall item. - $_REQUEST['body']=$txt."\n\n".$bebop; + $_REQUEST['body']=$txt."\n\n".$posted; require_once('mod/item.php'); item_post($a); @@ -564,8 +571,6 @@ } api_register_func('api/statuses/mediap','api_statuses_mediap', true); - - function api_statuses_update(&$a, $type) { if (api_user() === false) { logger('api_statuses_update: no user'); @@ -784,18 +789,20 @@ */ function api_statuses_home_timeline(&$a, $type){ - if (api_user()===false) return false; + if (api_user() === false) + return false; $user_info = api_get_user($a); - // get last newtork messages + // get last network messages // params - $count = (x($_REQUEST,'count')?$_REQUEST['count']:20); - $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); - if ($page<0) $page=0; - $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); - $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0); + $count = (x($_REQUEST,'count')?$_REQUEST['count']:20); + $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); + if($page < 0) + $page = 0; + $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); + $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0); $exclude_replies = (x($_REQUEST,'exclude_replies')?1:0); //$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); @@ -809,31 +816,28 @@ if ($exclude_replies > 0) $sql_extra .= ' AND `item`.`parent` = `item`.`id`'; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`uid` = %d - AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + $r = q("SELECT * from item WHERE uid = %d and item_restrict = 0 $sql_extra - AND `item`.`id`>%d - ORDER BY `item`.`received` DESC LIMIT %d ,%d ", + AND id > %d + ORDER BY received DESC LIMIT %d ,%d ", intval($user_info['uid']), intval($since_id), - intval($start), intval($count) + intval($start), + intval($count) ); + xchan_query($r); + $ret = api_format_items($r,$user_info); // We aren't going to try to figure out at the item, group, and page // level which items you've seen and which you haven't. If you're looking // at the network timeline just mark everything seen. - $r = q("UPDATE `item` SET `unseen` = 0 - WHERE `unseen` = 1 AND `uid` = %d", + $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d ) + WHERE item_flags & %d and uid = %d", + intval(ITEM_UNSEEN), + intval(ITEM_UNSEEN), intval($user_info['uid']) ); @@ -879,41 +883,21 @@ if ($max_id > 0) $sql_extra = 'AND `item`.`id` <= '.intval($max_id); - /*$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' - AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra - AND `item`.`id`>%d - ORDER BY `item`.`received` DESC LIMIT %d ,%d ", - intval($since_id), - intval($start), intval($count) - );*/ - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`, - `user`.`nickname`, `user`.`hidewall` - FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` - WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' - AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + $r = q("SELECT * from item where id in (select distinct(uri) from item where item_restrict = 0 + and allow_cid = '' and allow_gid = '' + and deny_cid = '' and deny_gid = '' + and not ( item_flags & %d ) and ( item_flags & %d ) $sql_extra - AND `item`.`id`>%d - ORDER BY `received` DESC LIMIT %d, %d ", + AND id > %d) + ORDER BY received DESC LIMIT %d, %d ", + intval(ITEM_PRIVATE), + intval(ITEM_WALL), intval($since_id), - intval($start), - intval($count)); + intval($start), + intval($count) + ); + + xchan_query($r); $ret = api_format_items($r,$user_info); @@ -926,7 +910,7 @@ break; case "as": $as = api_format_as($a, $ret, $user_info); - $as['title'] = $a->config['sitename']." Public Timeline"; + $as['title'] = $a->config['sitename']. " " . t('Public Timeline'); $as['link']['url'] = $a->get_baseurl()."/"; return($as); break; @@ -938,6 +922,7 @@ /** * + */ function api_statuses_show(&$a, $type){ if (api_user()===false) return false; @@ -945,7 +930,7 @@ $user_info = api_get_user($a); // params - $id = intval($a->argv[3]); + $id = intval(argv(3)); logger('API: api_statuses_show: '.$id); @@ -958,17 +943,10 @@ else $sql_extra .= " AND `item`.`id` = %d"; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra", + $r = q("select * from item where item_restrict = 0 $sql_extra", intval($id) ); + xchan_query($r); $ret = api_format_items($r,$user_info); @@ -1325,7 +1303,7 @@ function api_format_messages($item, $recipient, $sender) { // standard meta information - $ret=Array( + $ret = array( 'id' => $item['id'], 'created_at' => api_date($item['created']), 'sender_id' => $sender['id'] , @@ -1364,25 +1342,26 @@ //logger('api_format_items: ' . print_r($user_info,true)); $a = get_app(); - $ret = Array(); + $ret = array(); foreach($r as $item) { localize_item($item); $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item)); - if ($item['parent']!=$item['id']) { - $r = q("select id from item where parent=%s and id<%s order by id desc limit 1", - intval($item['parent']), intval($item['id'])); + if($item['parent'] != $item['id']) { + $r = q("select id from item where parent= %d and id < %d order by id desc limit 1", + intval($item['parent']), + intval($item['id']) + ); if ($r) $in_reply_to_status_id = $r[0]['id']; else $in_reply_to_status_id = $item['parent']; - $r = q("select `item`.`contact-id`, `contact`.nick, `item`.`author-name` from item, contact - where `contact`.`id` = `item`.`contact-id` and `item`.id=%d", intval($in_reply_to_status_id)); + xchan_query($r); - $in_reply_to_screen_name = $r[0]['author-name']; - $in_reply_to_user_id = $r[0]['contact-id']; + $in_reply_to_screen_name = $r[0]['author']['xchan_name']; + $in_reply_to_user_id = $r[0]['author']['abook_id']; } else { $in_reply_to_screen_name = ''; @@ -1399,41 +1378,39 @@ else $statustext = trim($statustitle."\n\n".$statusbody); - if (($item["network"] == NETWORK_FEED) and (strlen($statustext)> 1000)) - $statustext = substr($statustext, 0, 1000)."... \n".$item["plink"]; $status = array( - 'text' => $statustext, - 'truncated' => False, - 'created_at'=> api_date($item['created']), - 'in_reply_to_status_id' => $in_reply_to_status_id, - 'source' => (($item['app']) ? $item['app'] : 'web'), - 'id' => intval($item['id']), - 'in_reply_to_user_id' => $in_reply_to_user_id, - 'in_reply_to_screen_name' => $in_reply_to_screen_name, - 'geo' => '', - 'favorited' => $item['starred'] ? true : false, - 'user' => $status_user , - 'statusnet_html' => trim(bbcode($item['body'])), + 'text' => $statustext, + 'truncated' => False, + 'created_at' => api_date($item['created']), + 'in_reply_to_status_id' => $in_reply_to_status_id, + 'source' => (($item['app']) ? $item['app'] : 'web'), + 'id' => intval($item['id']), + 'in_reply_to_user_id' => $in_reply_to_user_id, + 'in_reply_to_screen_name' => $in_reply_to_screen_name, + 'geo' => '', + 'favorited' => (($item['item_flags'] & ITEM_STARRED) ? true : false), + 'user' => $status_user , + 'statusnet_html' => trim(bbcode($item['body'])), 'statusnet_conversation_id' => $item['parent'], ); // Seesmic doesn't like the following content if ($_SERVER['HTTP_USER_AGENT'] != 'Seesmic') { $status2 = array( - 'updated' => api_date($item['edited']), - 'published' => api_date($item['created']), - 'message_id' => $item['uri'], - 'url' => ($item['plink']!=''?$item['plink']:$item['author-link']), - 'coordinates' => $item['coord'], - 'place' => $item['location'], + 'updated' => api_date($item['edited']), + 'published' => api_date($item['created']), + 'message_id' => $item['uri'], + 'url' => $item['plink'], + 'coordinates' => $item['coord'], + 'place' => $item['location'], 'contributors' => '', 'annotations' => '', - 'entities' => '', - 'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE), - 'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST), - 'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, - 'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, + 'entities' => '', + 'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE), + 'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST), + 'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, + 'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type, ); $status = array_merge($status, $status2); -- cgit v1.2.3 From 45be26dd81a1679853763bc79c387bf0c6fdfe57 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 19 Jan 2013 22:21:00 -0800 Subject: more heavy lifting on API - though need to re-visit events and give them all message_ids from the origination site. --- include/api.php | 59 ++++++++++++++++++++-------------------------------- include/event.php | 8 +++---- include/items.php | 5 ++--- include/security.php | 35 ++++++++++++++++++++++++++++++- include/text.php | 16 +++++++++++--- 5 files changed, 76 insertions(+), 47 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 16acc64f5..9ed025564 100644 --- a/include/api.php +++ b/include/api.php @@ -381,32 +381,20 @@ require_once('include/security.php'); } -// FIXME + function api_item_get_user(&$a, $item) { global $usercache; // The author is our direct contact, in a conversation with us. - if(link_compare($item['url'],$item['author-link'])) { - return api_get_user($a,$item['cid']); - } - else { - // The author may be a contact of ours, but is replying to somebody else. - // Figure out if we know him/her. - $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); - if(($normalised != 'mailbox') && (x($a->contacts[$normalised]))) - return api_get_user($a,$a->contacts[$normalised]['id']); - } + if($item['author']['abook_id']) { + return api_get_user($a,$item['author']['abook_id']); + } + // We don't know this person directly. - list($nick, $name) = array_map("trim",explode("(",$item['author-name'])); - $name=str_replace(")","",$name); - - if ($name == '') - $name = $nick; - - if ($nick == '') - $nick = $name; + $nick = substr($item['author']['xchan_addr'],0,strpos($item['author']['xchan_addr'],'@')); + $name = $item['author']['xchan_name']; // Generating a random ID if (is_null($usercache[$nick]) or !array_key_exists($nick, $usercache)) @@ -418,8 +406,8 @@ require_once('include/security.php'); 'screen_name' => $nick, 'location' => '', //$uinfo[0]['default-location'], 'description' => '', - 'profile_image_url' => $item['author-avatar'], - 'url' => $item['author-link'], + 'profile_image_url' => $item['author']['xchan_photo_m'], + 'url' => $item['author']['xchan_url'], 'protected' => false, # 'followers_count' => 0, 'friends_count' => 0, @@ -653,12 +641,11 @@ require_once('include/security.php'); // get last public message $lastwall = q("SELECT * from item where 1 - and not ( item_flags & %d ) and item_restrict = 0 + and item_private != 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' order by created desc limit 1", - intval(ITEM_PRIVATE), dbesc($user_info['guid']), dbesc(ACTIVITY_POST) ); @@ -723,12 +710,11 @@ require_once('include/security.php'); $user_info = api_get_user($a); $lastwall = q("SELECT * from item where 1 - and not ( item_flags & %d ) and item_restrict = 0 + and item_private != 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' order by created desc limit 1", - intval(ITEM_PRIVATE), dbesc($user_info['guid']), dbesc(ACTIVITY_POST) ); @@ -826,7 +812,7 @@ require_once('include/security.php'); intval($count) ); - xchan_query($r); + xchan_query($r,true); $ret = api_format_items($r,$user_info); @@ -882,22 +868,22 @@ require_once('include/security.php'); if ($max_id > 0) $sql_extra = 'AND `item`.`id` <= '.intval($max_id); + require_once('include/security.php'); - $r = q("SELECT * from item where id in (select distinct(uri) from item where item_restrict = 0 + $r = q("select * from item where item_restrict = 0 and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' - and not ( item_flags & %d ) and ( item_flags & %d ) + and item_private = 0 + and uid in ( " . stream_perms_api_uids() . " ) $sql_extra - AND id > %d) - ORDER BY received DESC LIMIT %d, %d ", - intval(ITEM_PRIVATE), - intval(ITEM_WALL), + AND id > %d group by uri + order by received desc LIMIT %d, %d ", intval($since_id), intval($start), intval($count) ); - xchan_query($r); + xchan_query($r,true); $ret = api_format_items($r,$user_info); @@ -946,7 +932,7 @@ require_once('include/security.php'); $r = q("select * from item where item_restrict = 0 $sql_extra", intval($id) ); - xchan_query($r); + xchan_query($r,true); $ret = api_format_items($r,$user_info); @@ -1346,7 +1332,8 @@ require_once('include/security.php'); foreach($r as $item) { localize_item($item); - $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item)); + + $status_user = (($item['author_xchan']==$user_info['guid'])?$user_info: api_item_get_user($a,$item)); if($item['parent'] != $item['id']) { $r = q("select id from item where parent= %d and id < %d order by id desc limit 1", @@ -1358,7 +1345,7 @@ require_once('include/security.php'); else $in_reply_to_status_id = $item['parent']; - xchan_query($r); + xchan_query($r,true); $in_reply_to_screen_name = $r[0]['author']['xchan_name']; $in_reply_to_user_id = $r[0]['author']['abook_id']; diff --git a/include/event.php b/include/event.php index 685842fc3..73a050cec 100644 --- a/include/event.php +++ b/include/event.php @@ -291,7 +291,7 @@ function event_store($arr) { $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); - q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d WHERE id = %d AND uid = %d LIMIT 1", + q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1", dbesc($arr['summary']), dbesc(format_event_bbcode($arr)), dbesc($object), @@ -300,7 +300,8 @@ function event_store($arr) { dbesc($arr['deny_cid']), dbesc($arr['deny_gid']), dbesc($arr['edited']), - intval(($private && ($r[0]['item_flags'] & ITEM_PRIVATE)) ? $r[0]['item_flags'] : $r[0]['item_flags'] ^ ITEM_PRIVATE), + intval($r[0]['item_flags']), + intval($private), intval($r[0]['id']), intval($arr['uid']) ); @@ -368,8 +369,6 @@ function event_store($arr) { $uri = item_message_id(); $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); - if($private) - $item_flags |= ITEM_PRIVATE; $item_arr = array(); @@ -387,6 +386,7 @@ function event_store($arr) { $item_arr['allow_gid'] = $arr['allow_gid']; $item_arr['deny_cid'] = $arr['deny_cid']; $item_arr['deny_gid'] = $arr['deny_gid']; + $item_arr['private'] = (($arr['private'] || $private) ? 1 : 0); $item_arr['verb'] = ACTIVITY_POST; $item_arr['resource_type'] = 'event'; diff --git a/include/items.php b/include/items.php index 0217884fd..fe8aadcbf 100755 --- a/include/items.php +++ b/include/items.php @@ -1598,17 +1598,16 @@ function tag_deliver($uid,$item_id) { $private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0; $flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK; - if($private) - $flag_bits = $flag_bits | ITEM_PRIVATE; $r = q("update item set item_flags = ( $item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', - deny_cid = '%s', deny_gid = '%s' where id = %d limit 1", + deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d limit 1", intval($flag_bits), dbesc($u[0]['channel_hash']), dbesc($u[0]['allow_cid']), dbesc($u[0]['allow_gid']), dbesc($u[0]['deny_cid']), dbesc($u[0]['deny_gid']), + intval($private), intval($item_id) ); if($r) diff --git a/include/security.php b/include/security.php index 0783a3c20..25318b3e8 100644 --- a/include/security.php +++ b/include/security.php @@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * default permissions - anonymous user */ - $sql = " AND not (item_flags & " . ITEM_PRIVATE . ") "; + $sql = " AND not item_private "; /** @@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) { }} + + + +// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the +// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. +// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility) +// We always include yourself if logged in because you can always see your own posts +// resolving granular permissions for the observer against every person and every post on the site +// will likely be too expensive. +// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query + +function stream_perms_api_uids($perms_min = PERMS_SITE) { + $ret = array(); + if(local_user()) + $ret[] = local_user(); + $r = q("select channel_id from channel where channel_r_stream <= %d", + intval($perms_min) + ); + if($r) + foreach($r as $rr) + if(! in_array($rr['channel_id'],$ret)) + $ret[] = $rr['channel_id']; + + $str = ''; + if($ret) + foreach($ret as $rr) { + if($str) + $str .= ','; + $str .= intval($rr); + } + return $str; +} + diff --git a/include/text.php b/include/text.php index 1cfc89cae..6f2caa510 100644 --- a/include/text.php +++ b/include/text.php @@ -1718,7 +1718,11 @@ function ids_to_querystr($arr,$idx = 'id') { return(implode(',', $t)); } -function xchan_query(&$items) { +// Fetches xchan and hubloc data for an array of items with only an +// author_xchan and owner_xchan. If $abook is true also include the abook info. +// This is needed in the API to save extra per item lookups there. + +function xchan_query(&$items,$abook = false) { $arr = array(); if($items && count($items)) { foreach($items as $item) { @@ -1729,8 +1733,14 @@ function xchan_query(&$items) { } } if(count($arr)) { - $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + if($abook) { + $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + } + else { + $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash + where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )"); + } } if($items && count($items) && $chans && count($chans)) { for($x = 0; $x < count($items); $x ++) { -- cgit v1.2.3 From 127b605f32f8b01900d300cd869c3848e6bebb9b Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 20 Jan 2013 15:36:04 -0800 Subject: preserve event item[uri] if present --- include/api.php | 31 +++++++++++++++++-------- include/event.php | 62 ++++++++++++++++++++++++++++---------------------- include/html2plain.php | 2 +- include/zot.php | 10 ++++---- 4 files changed, 64 insertions(+), 41 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 9ed025564..140e75f29 100644 --- a/include/api.php +++ b/include/api.php @@ -802,6 +802,14 @@ require_once('include/security.php'); if ($exclude_replies > 0) $sql_extra .= ' AND `item`.`parent` = `item`.`id`'; + if (api_user() != $user_info['uid']) { + $observer = get_app()->get_observer(); + require_once('include/permissions.php'); + if(! perm_is_allowed($user_info['uid'],(($observer) ? $observer['xchan_hash'] : ''),'view_stream')) + return ''; + $sql_extra .= " and item_private = 0 "; + } + $r = q("SELECT * from item WHERE uid = %d and item_restrict = 0 $sql_extra AND id > %d @@ -820,12 +828,14 @@ require_once('include/security.php'); // level which items you've seen and which you haven't. If you're looking // at the network timeline just mark everything seen. - $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d ) - WHERE item_flags & %d and uid = %d", - intval(ITEM_UNSEEN), - intval(ITEM_UNSEEN), - intval($user_info['uid']) - ); + if (api_user() == $user_info['uid']) { + $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d ) + WHERE item_flags & %d and uid = %d", + intval(ITEM_UNSEEN), + intval(ITEM_UNSEEN), + intval($user_info['uid']) + ); + } $data = array('$statuses' => $ret); @@ -966,7 +976,7 @@ require_once('include/security.php'); logger('API: api_statuses_repeat: '.$id); //$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false); - +// FIXME $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`nick` as `reply_author`, `contact`.`name`, `contact`.`photo`, `contact`.`url` as `reply_url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, @@ -1008,7 +1018,7 @@ require_once('include/security.php'); $user_info = api_get_user($a); // params - $id = intval($a->argv[3]); + $id = intval(argv(3)); logger('API: api_statuses_destroy: '.$id); @@ -1029,6 +1039,8 @@ require_once('include/security.php'); * http://developer.twitter.com/doc/get/statuses/mentions * */ + +// FIXME function api_statuses_mentions(&$a, $type){ if (api_user()===false) return false; @@ -1106,6 +1118,7 @@ require_once('include/security.php'); return api_apply_template("timeline", $type, $data); } api_register_func('api/statuses/mentions','api_statuses_mentions', true); + // FIXME?? I don't think mentions and replies are congruent in this case api_register_func('api/statuses/replies','api_statuses_mentions', true); @@ -1113,7 +1126,7 @@ require_once('include/security.php'); if (api_user()===false) return false; $user_info = api_get_user($a); - // get last newtork messages + // get last network messages logger("api_statuses_user_timeline: api_user: ". api_user() . diff --git a/include/event.php b/include/event.php index 73a050cec..8bf65016f 100644 --- a/include/event.php +++ b/include/event.php @@ -205,30 +205,36 @@ function event_store($arr) { $a = get_app(); - $arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert()); - $arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert()); - $arr['type'] = (($arr['type']) ? $arr['type'] : 'event' ); + $arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert()); + $arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert()); + $arr['type'] = (($arr['type']) ? $arr['type'] : 'event' ); $arr['event_xchan'] = (($arr['event_xchan']) ? $arr['event_xchan'] : ''); // Existing event being modified - if($arr['id']) { + if($arr['id'] || $arr['event_hash']) { // has the event actually changed? - $r = q("SELECT * FROM `event` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($arr['id']), - intval($arr['uid']) - ); - if((! $r) || ($r[0]['edited'] === $arr['edited'])) { - - // Nothing has changed. Grab the item id to return. - - $r = q("SELECT id FROM item WHERE resource_type = 'event' and resource_id = '%s' AND uid = %d LIMIT 1", - intval($arr['event_hash']), + if($arr['event_hash']) { + $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", + dbesc($arr['event_hash']), intval($arr['uid']) ); - return(($r) ? $r[0]['id'] : 0); + } + else { + $r = q("SELECT * FROM event WHERE id = %d AND uid = %d LIMIT 1", + intval($arr['id']), + intval($arr['uid']) + ); + } + + if(! $r) + return 0; + + if($r[0]['edited'] === $arr['edited']) { + // Nothing has changed. Return the ID. + return $r[0]['id']; } // The event changed. Update it. @@ -262,12 +268,12 @@ function event_store($arr) { dbesc($arr['allow_gid']), dbesc($arr['deny_cid']), dbesc($arr['deny_gid']), - intval($arr['id']), + intval($r[0]['id']), intval($arr['uid']) ); $r = q("SELECT * FROM item left join xchan on author_xchan = xchan_hash WHERE resource_id = '%s' AND resource_type = 'event' and uid = %d LIMIT 1", - intval($arr['event_hash']), + intval($r[0]['event_hash']), intval($arr['uid']) ); @@ -291,6 +297,7 @@ function event_store($arr) { $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); + q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1", dbesc($arr['summary']), dbesc(format_event_bbcode($arr)), @@ -321,8 +328,12 @@ function event_store($arr) { $hash = random_string(); - $r = q("INSERT INTO `event` ( `uid`,`aid`,`event_xchan`,`event_hash`,`created`,`edited`,`start`,`finish`,`summary`, `desc`,`location`,`type`, - `adjust`,`nofinish`,`allow_cid`,`allow_gid`,`deny_cid`,`deny_gid`) + if(! $arr['uri']) + $arr['uri'] = item_message_id(); + + + $r = q("INSERT INTO event ( uid,aid,event_xchan,event_hash,created,edited,start,finish,summary, desc,location,type, + adjust,nofinish,allow_cid,allow_gid,deny_cid,deny_gid) VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' ) ", intval($arr['uid']), intval($arr['account']), @@ -345,7 +356,7 @@ function event_store($arr) { ); - $r = q("SELECT * FROM `event` WHERE `event_hash` = '%s' AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", dbesc($hash), intval($arr['uid']) ); @@ -365,17 +376,14 @@ function event_store($arr) { $item_flags |= ITEM_ORIGIN; } - - $uri = item_message_id(); - $private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0); $item_arr = array(); $item_arr['uid'] = $arr['uid']; $item_arr['author_xchan'] = $arr['event_xchan']; - $item_arr['uri'] = $uri; - $item_arr['parent_uri'] = $uri; + $item_arr['uri'] = $arr['uri']; + $item_arr['parent_uri'] = $arr['uri']; $item_arr['item_flags'] = $item_flags; @@ -386,13 +394,13 @@ function event_store($arr) { $item_arr['allow_gid'] = $arr['allow_gid']; $item_arr['deny_cid'] = $arr['deny_cid']; $item_arr['deny_gid'] = $arr['deny_gid']; - $item_arr['private'] = (($arr['private'] || $private) ? 1 : 0); + $item_arr['item_private'] = $private; $item_arr['verb'] = ACTIVITY_POST; $item_arr['resource_type'] = 'event'; $item_arr['resource_id'] = $hash; - $item_arr['obj_type'] = ACTIVITY_OBJ_EVENT; + $item_arr['obj_type'] = ACTIVITY_OBJ_EVENT; $item_arr['body'] = format_event_bbcode($arr); $x = q("select * from xchan where xchan_hash = '%s' limit 1", diff --git a/include/html2plain.php b/include/html2plain.php index e5615f8ba..b8c9c440d 100644 --- a/include/html2plain.php +++ b/include/html2plain.php @@ -205,7 +205,7 @@ function html2plain($html, $wraplength = 75, $compact = false) if (!$compact) { $counter = 1; foreach ($urls as $id=>$url) - if (strpos($message, $url) == false) + if ($url && strpos($message, $url) === false) $message .= "\n".$url." "; //$message .= "\n[".($counter++)."] ".$url; } diff --git a/include/zot.php b/include/zot.php index 28ecdc4dc..0290d1d46 100644 --- a/include/zot.php +++ b/include/zot.php @@ -901,16 +901,18 @@ function process_delivery($sender,$arr,$deliveries,$relay) { $ev['uid'] = $channel['channel_id']; $ev['account'] = $channel['channel_account_id']; $ev['edited'] = $arr['edited']; + $ev['uri'] = $arr['uri']; + $ev['private'] = $arr['item_private']; // is this an edit? - $r = q("SELECT * FROM event left join item on resource_id = event_hash WHERE resource_type = 'event' and - `uri` = '%s' AND event.uid = %d LIMIT 1", + $r = q("SELECT resource_id FROM item where uri = '%s' and uid = %d and resource_type = 'event' limit 1", dbesc($arr['uri']), intval($channel['channel_id']) ); - if($r) - $ev['event_hash'] = $r[0]['event_hash']; + if($r) { + $ev['event_hash'] = $r[0]['resource_id']; + } dbg(1); $xyz = event_store($ev); dbg(0); -- cgit v1.2.3 From 060716f1721c320c61ce1a5927f24d0a66ec31f0 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 20 Jan 2013 18:05:29 -0800 Subject: make lockview work, bring back acl widget theming in redbasic --- include/text.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 6f2caa510..167fbb1df 100644 --- a/include/text.php +++ b/include/text.php @@ -1798,9 +1798,11 @@ function magic_link($s) { return $s; } -function stringify_array_elms(&$arr) { +// if $escape is true, dbesc() each element before adding quotes + +function stringify_array_elms(&$arr,$escape = false) { for($x = 0; $x < count($arr); $x ++) - $arr[$x] = "'" . $arr[$x] . "'"; + $arr[$x] = "'" . (($escape) ? dbesc($arr[$x]) : $arr[$x]) . "'"; } /** -- cgit v1.2.3 From 15150ab95812f04cb1da6f24c2804ec24c6dd196 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 20 Jan 2013 18:36:33 -0800 Subject: sort out yet more api functions --- include/api.php | 61 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 35 insertions(+), 26 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 140e75f29..cf4d45c1a 100644 --- a/include/api.php +++ b/include/api.php @@ -640,11 +640,14 @@ require_once('include/security.php'); // get last public message + require_once('include/security.php'); + $lastwall = q("SELECT * from item where 1 and item_private != 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' + and uid in ( " . stream_perms_api_uids() . " ) order by created desc limit 1", dbesc($user_info['guid']), dbesc(ACTIVITY_POST) @@ -709,11 +712,14 @@ require_once('include/security.php'); function api_users_show(&$a, $type){ $user_info = api_get_user($a); + require_once('include/security.php'); + $lastwall = q("SELECT * from item where 1 and item_private != 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' + and uid in ( " . stream_perms_api_uids() . " ) order by created desc limit 1", dbesc($user_info['guid']), dbesc(ACTIVITY_POST) @@ -971,34 +977,31 @@ require_once('include/security.php'); $user_info = api_get_user($a); // params - $id = intval($a->argv[3]); + $id = intval(argv(3)); logger('API: api_statuses_repeat: '.$id); //$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false); -// FIXME - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`nick` as `reply_author`, - `contact`.`name`, `contact`.`photo`, `contact`.`url` as `reply_url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra - AND `item`.`id`=%d", + + $observer = get_app()->get_observer(); + + $r = q("SELECT * from item where item_restrict = 0 and id = %d limit 1", intval($id) ); - if ($r[0]['body'] != "") { - $_REQUEST['body'] = html_entity_decode("♲ ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body']; - $_REQUEST['profile_uid'] = api_user(); - $_REQUEST['type'] = 'wall'; - $_REQUEST['api_source'] = true; + if(perm_is_allowed($r[0]['uid'],$observer['xchan_hash'],'view_stream')) { + if ($r[0]['body'] != "") { + $_REQUEST['body'] = html_entity_decode("♲ ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body']; + $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['type'] = 'wall'; + $_REQUEST['api_source'] = true; - require_once('mod/item.php'); - item_post($a); + require_once('mod/item.php'); + item_post($a); + } } + else + return false; if ($type == 'xml') $ok = "true"; @@ -1012,6 +1015,7 @@ require_once('include/security.php'); /** * */ + function api_statuses_destroy(&$a, $type){ if (api_user()===false) return false; @@ -1476,12 +1480,14 @@ require_once('include/security.php'); return false; } + // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams. + // This won't work if either of you send your stream to everybody on the network if($qtype == 'friends') - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); if($qtype == 'followers') - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); - $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", + $r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", intval(api_user()) ); @@ -1588,13 +1594,16 @@ require_once('include/security.php'); if(! api_user()) return false; + + // For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams. + // This won't work if either of you send your stream to everybody on the network + if($qtype == 'friends') - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); if($qtype == 'followers') - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + $sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); - - $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", + $r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", intval(api_user()) ); -- cgit v1.2.3 From debf7f5f2691bab3c3b9c6ddd4fa3135f3d4aea2 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 21 Jan 2013 15:39:05 -0800 Subject: more work on magic auth --- include/zot.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 0290d1d46..fc1241ff2 100644 --- a/include/zot.php +++ b/include/zot.php @@ -101,6 +101,12 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_ 'version' => ZOT_REVISION ); + // These fields are present when using magic auth + + if(array_key_exists('token',$channel)) { + $data['sender']['token'] = $channel['token']; + $data['sender']['token_sig'] = $channel['token_sig']; + } if($recipients) $data['recipients'] = $recipients; -- cgit v1.2.3 From 5949607d17bceb51d61c73b5c0dbc0fcc063bd04 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 21 Jan 2013 19:16:21 -0800 Subject: magic auth - it's mostly done or at least all the code bits are written and it looks in theory to be pretty secure and it doesn't white screen. Getting it to actually work(?), well we won't know how hard that will be until we get it on a couple of systems and try it. Magic auth on one box is a no-op because you're already authenticated. --- include/auth.php | 21 +++++++++++++-------- include/zot.php | 11 +++-------- 2 files changed, 16 insertions(+), 16 deletions(-) (limited to 'include') diff --git a/include/auth.php b/include/auth.php index c12432449..75a450dc8 100644 --- a/include/auth.php +++ b/include/auth.php @@ -64,14 +64,19 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p goaway(z_root()); } -// if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { -// $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", -// intval($_SESSION['visitor_id']) -// ); -// if(count($r)) { -// $a->contact = $r[0]; -// } -// } + if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", + dbesc($_SESSION['visitor_id']) + ); + if($r) { + get_app()->set_observer($r[0]); + } + else { + unset($_SESSION['visitor_id']); + unset($_SESSION['authenticated']); + } + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + } if(x($_SESSION,'uid') || x($_SESSION,'account_id')) { diff --git a/include/zot.php b/include/zot.php index fc1241ff2..38bac5e93 100644 --- a/include/zot.php +++ b/include/zot.php @@ -101,18 +101,13 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_ 'version' => ZOT_REVISION ); - // These fields are present when using magic auth - - if(array_key_exists('token',$channel)) { - $data['sender']['token'] = $channel['token']; - $data['sender']['token_sig'] = $channel['token_sig']; - } - if($recipients) $data['recipients'] = $recipients; - if($secret) + if($secret) { $data['secret'] = $secret; + $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'])); + } logger('zot_build_packet: ' . print_r($data,true)); -- cgit v1.2.3 From 4119e1f9cc9ebb6a45ec69fd23c1262b3f823c3a Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 21 Jan 2013 19:40:25 -0800 Subject: testing begins --- include/contact_widgets.php | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'include') diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 47945e66e..cb3dc0740 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -116,23 +116,23 @@ function common_friends_visitor_widget($profile_uid) { } // FIXME - if(! $cid) { - if(get_my_url()) { - $r = q("select id from contact where nurl = '%s' and uid = %d limit 1", - dbesc(normalise_link(get_my_url())), - intval($profile_uid) - ); - if(count($r)) - $cid = $r[0]['id']; - else { - $r = q("select id from gcontact where nurl = '%s' limit 1", - dbesc(normalise_link(get_my_url())) - ); - if(count($r)) - $zcid = $r[0]['id']; - } - } - } +// if(! $cid) { +// if(get_my_url()) { +// $r = q("select id from contact where nurl = '%s' and uid = %d limit 1", +// dbesc(normalise_link(get_my_url())), +// intval($profile_uid) +// ); +// if(count($r)) +// $cid = $r[0]['id']; +// else { +// $r = q("select id from gcontact where nurl = '%s' limit 1", +// dbesc(normalise_link(get_my_url())) +// ); +// if(count($r)) +// $zcid = $r[0]['id']; +// } +// } +// } if($cid == 0 && $zcid == 0) return; -- cgit v1.2.3 From fb76675a28b37b7281546373671d0dabbd69ef46 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 21 Jan 2013 19:56:39 -0800 Subject: now we're into the minor nitty fixes --- include/auth.php | 6 +++--- include/security.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/auth.php b/include/auth.php index 75a450dc8..9cdbd80d5 100644 --- a/include/auth.php +++ b/include/auth.php @@ -63,9 +63,9 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p info( t('Logged out.') . EOL); goaway(z_root()); } - +dbg(1); if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { - $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1", dbesc($_SESSION['visitor_id']) ); if($r) { @@ -77,7 +77,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p } $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); } - +dbg(0); if(x($_SESSION,'uid') || x($_SESSION,'account_id')) { // already logged in user returning diff --git a/include/security.php b/include/security.php index 25318b3e8..f28174153 100644 --- a/include/security.php +++ b/include/security.php @@ -349,7 +349,7 @@ if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); $r = q("SELECT gid FROM group_member WHERE xchan = '%s' ", - intval($contact_id) + dbesc($contact_id) ); if(count($r)) { foreach($r as $rr) -- cgit v1.2.3 From bda4ca4c0d9f247675f4c241ecb0d402bb380d8f Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 Jan 2013 00:20:25 -0800 Subject: hidden directory entries --- include/zot.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 38bac5e93..2623d68c4 100644 --- a/include/zot.php +++ b/include/zot.php @@ -531,14 +531,22 @@ function import_xchan($arr) { dbesc($xchan_hash) ); + if($r) { if($r[0]['xchan_photo_date'] != $arr['photo_updated']) - $update_photos = true; - if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url'])) { - $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s' where xchan_hash = '%s' limit 1", + $import_photos = true; + + if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable']) + $new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN; + else + $new_flags = $r[0]['xchan_flags']; + + if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) { + $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d where xchan_hash = '%s' limit 1", dbesc($arr['name']), dbesc($arr['name_updated']), dbesc($arr['connections_url']), + intval($new_flags), dbesc($xchan_hash) ); } -- cgit v1.2.3 From beb3301d43c0d532bd6984ee745074479babdabb Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 Jan 2013 02:56:32 -0800 Subject: security fixes related to directory access and sites that are off the grid --- include/zot.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 2623d68c4..f35c6f93e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -536,11 +536,24 @@ function import_xchan($arr) { if($r[0]['xchan_photo_date'] != $arr['photo_updated']) $import_photos = true; + // if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry. + // TODO: check if we're the same directory realm, which would mean we are allowed to see it + + $dirmode = get_config('system','directory_mode'); + + if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) +&& ($arr['site']['url'] != z_root())) + $arr['searchable'] = false; + + + + // Be careful - XCHAN_FLAGS_HIDDEN should evaluate to 1 if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable']) $new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN; else $new_flags = $r[0]['xchan_flags']; - + + if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) { $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d where xchan_hash = '%s' limit 1", dbesc($arr['name']), -- cgit v1.2.3 From cf2488e999944ca1135ac62955527a376ad0eac2 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 Jan 2013 17:48:42 -0800 Subject: clean up the photo storage backend, revamp mod/wall_upload --- include/Photo.php | 18 ++- include/items.php | 6 +- include/user.php | 320 ------------------------------------------------------ 3 files changed, 15 insertions(+), 329 deletions(-) delete mode 100644 include/user.php (limited to 'include') diff --git a/include/Photo.php b/include/Photo.php index c3165cc9f..a60cfc868 100644 --- a/include/Photo.php +++ b/include/Photo.php @@ -523,7 +523,7 @@ class Photo { - public function store($uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') { + public function store($aid, $uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') { $x = q("select id from photo where `resource_id` = '%s' and uid = %d and `xchan` = '%s' and `scale` = %d limit 1", dbesc($rid), @@ -533,6 +533,7 @@ class Photo { ); if(count($x)) { $r = q("UPDATE `photo` + set `aid` = %d, set `uid` = %d, `xchan` = '%s', `resource_id` = '%s', @@ -544,6 +545,7 @@ class Photo { `height` = %d, `width` = %d, `data` = '%s', + `size` = %d, `scale` = %d, `profile` = %d, `allow_cid` = '%s', @@ -552,6 +554,7 @@ class Photo { `deny_gid` = '%s' where id = %d limit 1", + intval($aid), intval($uid), dbesc($xchan), dbesc($rid), @@ -563,6 +566,7 @@ class Photo { intval($this->getHeight()), intval($this->getWidth()), dbesc($this->imageString()), + intval(strlen($this->imageString())), intval($scale), intval($profile), dbesc($allow_cid), @@ -574,8 +578,9 @@ class Photo { } else { $r = q("INSERT INTO `photo` - ( `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, '%s', '%s', '%s', '%s' )", + ( `aid`, `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `size`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s' )", + intval($aid), intval($uid), dbesc($xchan), dbesc($rid), @@ -587,6 +592,7 @@ class Photo { intval($this->getHeight()), intval($this->getWidth()), dbesc($this->imageString()), + intval(strlen($this->imageString())), intval($scale), intval($profile), dbesc($allow_cid), @@ -669,21 +675,21 @@ function import_profile_photo($photo,$xchan) { $img->scaleImageSquare(175); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 4 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 4 ); if($r === false) $photo_failure = true; $img->scaleImage(80); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 5 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 5 ); if($r === false) $photo_failure = true; $img->scaleImage(48); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 6 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 6 ); if($r === false) $photo_failure = true; diff --git a/include/items.php b/include/items.php index fe8aadcbf..9ab39d7ae 100755 --- a/include/items.php +++ b/include/items.php @@ -2080,13 +2080,13 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) $img->scaleImageSquare(175); $hash = $resource_id; - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4); $img->scaleImage(80); - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5); $img->scaleImage(48); - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6); $a = get_app(); diff --git a/include/user.php b/include/user.php deleted file mode 100644 index d71f024d1..000000000 --- a/include/user.php +++ /dev/null @@ -1,320 +0,0 @@ - false, 'user' => null, 'password' => '', 'message' => ''); - - $using_invites = get_config('system','invitation_only'); - $num_invites = get_config('system','number_invites'); - - - $invite_id = ((x($arr,'invite_id')) ? notags(trim($arr['invite_id'])) : ''); - $username = ((x($arr,'username')) ? notags(trim($arr['username'])) : ''); - $nickname = ((x($arr,'nickname')) ? notags(trim($arr['nickname'])) : ''); - $email = ((x($arr,'email')) ? notags(trim($arr['email'])) : ''); - $openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : ''); - $photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : ''); - $password = ((x($arr,'password')) ? trim($arr['password']) : ''); - $blocked = ((x($arr,'blocked')) ? intval($arr['blocked']) : 0); - $verified = ((x($arr,'verified')) ? intval($arr['verified']) : 0); - - $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0); - $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); - - $tmp_str = $openid_url; - - if($using_invites) { - if(! $invite_id) { - $result['message'] .= t('An invitation is required.') . EOL; - return $result; - } - $r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id)); - if(! results($r)) { - $result['message'] .= t('Invitation could not be verified.') . EOL; - return $result; - } - } - - if((! x($username)) || (! x($email)) || (! x($nickname))) { - if($openid_url) { - if(! validate_url($tmp_str)) { - $result['message'] .= t('Invalid OpenID url') . EOL; - return $result; - } - $_SESSION['register'] = 1; - $_SESSION['openid'] = $openid_url; - require_once('library/openid.php'); - $openid = new LightOpenID; - $openid->identity = $openid_url; - $openid->returnUrl = $a->get_baseurl() . '/openid'; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } - - notice( t('Please enter the required information.') . EOL ); - return; - } - - if(! validate_url($tmp_str)) - $openid_url = ''; - - - $err = ''; - - // collapse multiple spaces in name - $username = preg_replace('/ +/',' ',$username); - - if(mb_strlen($username) > 48) - $result['message'] .= t('Please use a shorter name.') . EOL; - if(mb_strlen($username) < 3) - $result['message'] .= t('Name too short.') . EOL; - - // I don't really like having this rule, but it cuts down - // on the number of auto-registrations by Russian spammers - - // Using preg_match was completely unreliable, due to mixed UTF-8 regex support - // $no_utf = get_config('system','no_utf'); - // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); - - // So now we are just looking for a space in the full name. - - $loose_reg = get_config('system','no_regfullname'); - if(! $loose_reg) { - $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); - if(! strpos($username,' ')) - $result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL; - } - - - if(! allowed_email($email)) - $result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL; - - if((! valid_email($email)) || (! validate_email($email))) - $result['message'] .= t('Not a valid email address.') . EOL; - - // Disallow somebody creating an account using openid that uses the admin email address, - // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { - $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", - dbesc($email) - ); - if(count($r)) - $result['message'] .= t('Cannot use that email.') . EOL; - } - - $nickname = $arr['nickname'] = strtolower($nickname); - - if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) - $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL; - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; - - // Check deleted accounts that had this nickname. Doesn't matter to us, - // but could be a security issue for federated platforms. - - $r = q("SELECT * FROM `userd` - WHERE `username` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL; - - if(strlen($result['message'])) { - return $result; - } - - $new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999)); - $new_password_encoded = hash('whirlpool',$new_password); - - $result['password'] = $new_password; - - require_once('include/crypto.php'); - - $keys = new_keypair(4096); - - if($keys === false) { - $result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL; - return $result; - } - - $default_service_class = get_config('system','default_service_class'); - if(! $default_service_class) - $default_service_class = ''; - - - $prvkey = $keys['prvkey']; - $pubkey = $keys['pubkey']; - - $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, - `pubkey`, `prvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class` ) - VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s' )", - dbesc(generate_user_guid()), - dbesc($username), - dbesc($new_password_encoded), - dbesc($email), - dbesc($openid_url), - dbesc($nickname), - dbesc($pubkey), - dbesc($prvkey), - dbesc(datetime_convert()), - intval($verified), - intval($blocked), - dbesc($default_service_class) - ); - - if($r) { - $r = q("SELECT * FROM `user` - WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", - dbesc($username), - dbesc($new_password_encoded) - ); - if($r !== false && count($r)) { - $u = $r[0]; - $newuid = intval($r[0]['uid']); - } - } - else { - $result['message'] .= t('An error occurred during registration. Please try again.') . EOL ; - return $result; - } - - /** - * if somebody clicked submit twice very quickly, they could end up with two accounts - * due to race condition. Remove this one. - */ - - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' ", - dbesc($nickname) - ); - if((count($r) > 1) && $newuid) { - $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; - q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", - intval($newuid) - ); - return $result; - } - - if(x($newuid) !== false) { - $r = q("INSERT INTO `profile` ( `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`, `publish`, `net-publish` ) - VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ", - intval($newuid), - t('default'), - 1, - dbesc($username), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"), - intval($publish), - intval($netpublish) - - ); - if($r === false) { - $result['message'] .= t('An error occurred creating your default profile. Please try again.') . EOL; - // Start fresh next time. - $r = q("DELETE FROM `user` WHERE `uid` = %d", - intval($newuid)); - return $result; - } - $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`, - `request`, `notify`, `poll`, `confirm`, `poco`, `name_date`, `uri_date`, `avatar_date`, `closeness` ) - VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ", - intval($newuid), - datetime_convert(), - dbesc($username), - dbesc($nickname), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"), - dbesc($a->get_baseurl() . "/channel/$nickname"), - dbesc(normalise_link($a->get_baseurl() . "/channel/$nickname")), - dbesc($a->get_baseurl() . "/dfrn_request/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"), - dbesc($a->get_baseurl() . "/poco/$nickname"), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()) - ); - - // Create a group with no members. This allows somebody to use it - // right away as a default group for new contacts. - - require_once('include/group.php'); - group_add($newuid, t('Friends')); - - } - - // if we have no OpenID photo try to look up an avatar - if(! strlen($photo)) - $photo = avatar_img($email); - - // unless there is no avatar-plugin loaded - if(strlen($photo)) { - require_once('include/Photo.php'); - $photo_failure = false; - - $filename = basename($photo); - $img_str = fetch_url($photo,true); - // guess mimetype from headers or filename - $type = guess_image_type($photo,true); - - - $img = new Photo($img_str, $type); - if($img->is_valid()) { - - $img->scaleImageSquare(175); - - $hash = photo_new_resource(); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(80); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(48); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 ); - - if($r === false) - $photo_failure = true; - - if(! $photo_failure) { - q("UPDATE `photo` SET `profile` = 1 WHERE `resource_id` = '%s' ", - dbesc($hash) - ); - } - } - } - - call_hooks('register_account', $newuid); - - $result['success'] = true; - $result['user'] = $u; - return $result; - -} -- cgit v1.2.3 From d43591fb0f5c552b1c725dc2cbaeaea8fe441319 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 Jan 2013 20:13:20 -0800 Subject: fixed contactgroup editor --- include/group.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include') diff --git a/include/group.php b/include/group.php index 6568af0c7..3a2fe7a3c 100644 --- a/include/group.php +++ b/include/group.php @@ -169,7 +169,7 @@ function group_add_member($uid,$name,$member,$gid = 0) { function group_get_members($gid) { $ret = array(); if(intval($gid)) { - $r = q("SELECT abook.*,xchan.*,group_member.* FROM `group_member` + $r = q("SELECT * FROM `group_member` LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan WHERE `gid` = %d AND `group_member`.`uid` = %d and not ( abook_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ", intval($gid), @@ -228,7 +228,6 @@ function group_side($every="contacts",$each="group",$edit = false, $group_id = 0 ); - $r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC", intval($_SESSION['uid']) ); -- cgit v1.2.3 From d06c21dc39b21d58f4c50e0f243a1d95c4137a6b Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 Jan 2013 20:48:03 -0800 Subject: some poco fixes --- include/onepoll.php | 8 ++---- include/socgraph.php | 77 ++++++++++++++++++++++++++-------------------------- 2 files changed, 42 insertions(+), 43 deletions(-) (limited to 'include') diff --git a/include/onepoll.php b/include/onepoll.php index 4b44ff5b9..019fe8ed3 100644 --- a/include/onepoll.php +++ b/include/onepoll.php @@ -113,16 +113,14 @@ function onepoll_run($argv, $argc){ // set last updated timestamp - $r = null; - if($contact['xchan_connurl']) { $r = q("SELECT xlink_id from xlink where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY", intval($contact['xchan_hash']) ); - } - if($r) { - poco_load($contact['xchan_hash'],$contact['xchan_connurl']); + if($r) { + poco_load($contact['xchan_hash'],$contact['xchan_connurl']); + } } return; diff --git a/include/socgraph.php b/include/socgraph.php index aa5a24e89..081927dcc 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -23,12 +23,11 @@ function poco_load($xchan = null,$url = null) { $a = get_app(); if($xchan && ! $url) { - $r = q("select xchan_connurl from xchan where xchan_hash = %d limit 1", - intval($xchan) + $r = q("select xchan_connurl from xchan where xchan_hash = '%s' limit 1", + dbesc($xchan) ); if($r) { $url = $r[0]['xchan_connurl']; - $uid = $r[0]['abook_channel']; } } @@ -109,24 +108,25 @@ function poco_load($xchan = null,$url = null) { } - $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1", - dbesc($xchan), - dbesc($hash) - ); - if(! $r) { - q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ", + if($xchan) { + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1", dbesc($xchan), - dbesc($hash), - dbesc(datetime_convert()) - ); - } - else { - q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1", - dbesc(datetime_convert()), - intval($r[0]['xlink_id']) + dbesc($hash) ); + if(! $r) { + q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ", + dbesc($xchan), + dbesc($hash), + dbesc(datetime_convert()) + ); + } + else { + q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1", + dbesc(datetime_convert()), + intval($r[0]['xlink_id']) + ); + } } - } logger("poco_load: loaded $total entries",LOGGER_DEBUG); @@ -295,37 +295,38 @@ function suggestion_query($uid, $start = 0, $limit = 80) { function update_suggestions() { +// FIXME +return; $a = get_app(); $done = array(); - poco_load(0,0,0,$a->get_baseurl() . '/poco'); + // fix this to get a json list from an upstream directory +// poco_load(0,0,0,$a->get_baseurl() . '/poco'); - $done[] = $a->get_baseurl() . '/poco'; +// $done[] = $a->get_baseurl() . '/poco'; - if(strlen(get_config('system','directory_submit_url'))) { - $x = fetch_url('http://dir.friendica.com/pubsites'); - if($x) { - $j = json_decode($x); - if($j->entries) { - foreach($j->entries as $entry) { - $url = $entry->url . '/poco'; - if(! in_array($url,$done)) - poco_load(0,0,0,$entry->url . '/poco'); - } - } - } - } +// if(strlen(get_config('system','directory_submit_url'))) { +// $x = fetch_url('http://dir.friendica.com/pubsites'); +// if($x) { +// $j = json_decode($x); +// if($j->entries) { +// foreach($j->entries as $entry) { +// $url = $entry->url . '/poco'; +// if(! in_array($url,$done)) +// poco_load(0,0,0,$entry->url . '/poco'); +// } +// } +// } +// } - $r = q("select distinct(poco) as poco from contact where network = '%s'", - dbesc(NETWORK_DFRN) - ); + $r = q("select distinct(xchan_connurl) as poco from xchan where xchan_network = 'zot'"); - if(count($r)) { + if($r) { foreach($r as $rr) { $base = substr($rr['poco'],0,strrpos($rr['poco'],'/')); if(! in_array($base,$done)) - poco_load(0,0,0,$base); + poco_load('',$base); } } } -- cgit v1.2.3 From b8c92a0a4285dae8d61750dc1b39c61bba6a3dda Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 Jan 2013 23:08:46 -0800 Subject: fix some displayed links that were wonky --- include/ItemObject.php | 5 +++-- include/nav.php | 8 ++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/ItemObject.php b/include/ItemObject.php index 6f9eaa18e..b6f1e53a4 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -49,6 +49,7 @@ class Item extends BaseObject { // fixme $this->writable = ($this->get_data_value('writable') || $this->get_data_value('self')); // FIXME - base this on observer permissions + $this->writable = ((local_user() && $channel['channel_hash'] === $item['owner_xchan']) ? true : false); @@ -227,8 +228,8 @@ class Item extends BaseObject { 'body' => $body_e, 'text' => strip_tags($body_e), 'id' => $this->get_id(), - 'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])), - 'olinktitle' => sprintf( t('View %s\'s profile @ %s'), $this->get_owner_name(), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])), + 'linktitle' => sprintf( t('View %s\'s profile - %s'), $profile_name, $item['author']['xchan_addr']), + 'olinktitle' => sprintf( t('View %s\'s profile - %s'), $this->get_owner_name(), $item['owner']['xchan_addr']), 'to' => t('to'), 'wall' => t('Wall-to-Wall'), 'vwall' => t('via Wall-To-Wall:'), diff --git a/include/nav.php b/include/nav.php index b65577e0f..3a565af55 100644 --- a/include/nav.php +++ b/include/nav.php @@ -90,8 +90,12 @@ EOT; ); } - - $nav['lock'] = array('rmagic','',(($observer) ? 'lock' : 'unlock'), (($observer) ? $observer['xchan_addr'] : t('Click to authenticate to your home hub'))); + if($observer) + $nav['lock'] = array('logout','','lock', + sprintf( t('%s - click to logout'), $observer['xchan_addr'])); + else + $nav['lock'] = array('rmagic','','unlock', + t('Click to authenticate to your home hub')); /** * "Home" should also take you home from an authenticated remote profile connection -- cgit v1.2.3