From e8c9dafb90e556a9cc9590022ef1131d76b1129d Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 15 Nov 2013 15:32:26 -0800 Subject: revert to prepare_page - but have it call prepare_body --- mod/page.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/page.php b/mod/page.php index 403016eb2..df17dbf52 100644 --- a/mod/page.php +++ b/mod/page.php @@ -112,7 +112,7 @@ function page_content(&$a) { xchan_query($r); $r = fetch_post_tags($r,true); - $o .= prepare_body($r[0],true); + $o .= prepare_page($r[0]); return $o; } -- cgit v1.2.3 From 92f37fd0d5222d4f8cb7234d3de5fa8c784f81d3 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 01:10:46 -0800 Subject: document extra features --- mod/post.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 92d810356..3b98fce81 100644 --- a/mod/post.php +++ b/mod/post.php @@ -130,8 +130,8 @@ function post_init(&$a) { } else { logger('mod_zot: still not authenticated: ' . $x[0]['xchan_addr']); q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_addr = '%s'", - intval(HUBLOC_RECEIVE_ERROR), - $x[0][xchan_addr] + intval(HUBLOC_RECEIVE_ERROR), + $x[0][xchan_addr] ); } -- cgit v1.2.3 From bec85f1494026a94eb521b802a74b67762b01a6c Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 13:54:43 -0800 Subject: implement admin remove account --- mod/admin.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'mod') diff --git a/mod/admin.php b/mod/admin.php index fad03e34a..3608f6eda 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -563,7 +563,7 @@ function admin_page_users_post(&$a){ if (x($_POST,'page_users_delete')){ require_once("include/Contact.php"); foreach($users as $uid){ - user_remove($uid); + account_remove($uid,true); } notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) ); } @@ -605,9 +605,9 @@ function admin_page_users(&$a){ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); // delete user require_once("include/Contact.php"); - user_remove($uid); + account_remove($uid,true); - notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL); + notice( sprintf(t("User '%s' deleted"), $account[0]['account_email']) . EOL); }; break; case "block":{ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); -- cgit v1.2.3 From 28b0eb9c330261ea6a8cd36248c194b6b153f5e6 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 14:28:13 -0800 Subject: more work on redmtx.com magic-auth situation --- mod/magic.php | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'mod') diff --git a/mod/magic.php b/mod/magic.php index 4794f86a8..21f703192 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -28,16 +28,34 @@ function magic_init(&$a) { ); } else { + // See if we know anybody at the dest site that will unlock the door for us + // This is the equivalent of buzzing every apartment in an apartment block + // to get inside the front gate. The thing about magic auth is that we're + // authenticating to the other site. Permissions provided by various + // channels will still affect what we can do once authenticated. + $b = explode('/',$dest); if(count($b) >= 2) { $u = $b[0] . '//' . $b[2]; - $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hubloc_url = '%s' order by hubloc_id desc limit 5", - dbesc($u) - ); + if(local_user()) { + // first look for a connection or anybody who knows us + $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash + left join abook on abook_xchan = hubloc_hash + where abook_channel = %d and hubloc_url = '%s' order by hubloc_id desc limit 5", + intval(local_user()), + dbesc($u) + ); + } + if(! $x) { + // no luck - ok anybody will do + $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash + where hubloc_url = '%s' order by hubloc_id desc limit 5", + dbesc($u) + ); + } if($x) { // They must have a valid hubloc_addr -- cgit v1.2.3 From 06e0272db873ad0b7dbc96596e92b8c635f940a2 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 16:50:32 -0800 Subject: populate some posts when somebody is granted "read stream" permission --- mod/connections.php | 3 +++ mod/follow.php | 2 +- mod/zotfeed.php | 4 +++- 3 files changed, 7 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index 1ad9fedbc..a40a8fa90 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -133,6 +133,9 @@ function connections_post(&$a) { // friends in general or this friend in particular aren't hidden) // and send out a new friend activity // TODO + + // pull in a bit of content if there is any to pull in + proc_run('php','include/onepoll.php',$contact_id); } // Refresh the structure in memory with the new data diff --git a/mod/follow.php b/mod/follow.php index 9f5a8183b..1d29dab2e 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -15,7 +15,7 @@ function follow_init(&$a) { $confirm = intval($_REQUEST['confirm']); $result = new_contact($uid,$url,$a->get_channel(),true,$confirm); - + if($result['success'] == false) { if($result['message']) notice($result['message']); diff --git a/mod/zotfeed.php b/mod/zotfeed.php index 2ca049563..6d84a5a1e 100644 --- a/mod/zotfeed.php +++ b/mod/zotfeed.php @@ -21,7 +21,7 @@ function zotfeed_init(&$a) { $channel_address = ((argc() > 1) ? argv(1) : ''); if($channel_address) { - $r = q("select channel_id from channel where channel_address = '%s' limit 1", + $r = q("select channel_id, channel_name from channel where channel_address = '%s' limit 1", dbesc(argv(1)) ); } @@ -30,6 +30,8 @@ function zotfeed_init(&$a) { json_return_and_die($result); } + logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); + $result['messages'] = zot_feed($r[0]['channel_id'],$observer['xchan_hash'],$mindate); $result['success'] = true; json_return_and_die($result); -- cgit v1.2.3 From 13538cdd21c6e13a2ff108f1b42dbecaab8b375a Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 19:22:24 -0800 Subject: pull in some posts when we first connect with a new channel (if allowed to) - if not allowed to, do it if that condition changes --- mod/follow.php | 6 ++++++ mod/item.php | 8 -------- mod/network.php | 4 ++-- 3 files changed, 8 insertions(+), 10 deletions(-) (limited to 'mod') diff --git a/mod/follow.php b/mod/follow.php index 1d29dab2e..364fe76b9 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -24,6 +24,12 @@ function follow_init(&$a) { info( t('Channel added.') . EOL); + // If we can view their stream, pull in some posts + + if($result['abook']['abook_their_perms'] & PERMS_R_STREAM) + proc_run('php','include/onepoll.php',$result['abook']['abook_id']); + + goaway(z_root() . '/connections/' . $result['abook']['abook_id']); } diff --git a/mod/item.php b/mod/item.php index b564c7545..7eebbe287 100644 --- a/mod/item.php +++ b/mod/item.php @@ -774,14 +774,6 @@ function item_post(&$a) { // NOTREACHED } - // update the commented timestamp on the parent - - q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1", - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($parent) - ); - $page_type = ''; if($webpage & ITEM_WEBPAGE) diff --git a/mod/network.php b/mod/network.php index 81b38a5ae..9ee21dc05 100644 --- a/mod/network.php +++ b/mod/network.php @@ -512,7 +512,7 @@ function network_content(&$a, $update = 0, $load = false) { . "'; var profile_page = " . $a->pager['page'] . ";"; -logger('Search: ' . $search); + $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( '$baseurl' => z_root(), @@ -734,7 +734,7 @@ logger('Search: ' . $search); $o .= alt_pager($a,count($items)); if($load) { - logger('mod_network: load: ' . count($items) . ' items', LOGGER_DATA); +// logger('mod_network: load: ' . count($items) . ' items', LOGGER_DATA); profiler($start,$first,'network parents'); profiler($first,$second,'network children'); -- cgit v1.2.3 From dd6c64f95adc89895d4adf9ede8fbc8fdae41750 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 17 Nov 2013 23:12:34 -0800 Subject: magic auth issues --- mod/magic.php | 2 +- mod/post.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'mod') diff --git a/mod/magic.php b/mod/magic.php index 21f703192..6c8ad24ed 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -159,7 +159,7 @@ function magic_init(&$a) { logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); goaway($target_url - . '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname() + . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname()) . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION); } diff --git a/mod/post.php b/mod/post.php index 3b98fce81..6eab0988e 100644 --- a/mod/post.php +++ b/mod/post.php @@ -55,7 +55,7 @@ function post_init(&$a) { if(! $x) { // finger them if they can't be found. - $ret = zot_finger($addr,null); + $ret = zot_finger($address,null); if($ret['success']) { $j = json_decode($ret['body'],true); if($j) @@ -66,7 +66,7 @@ function post_init(&$a) { } } if(! $x) { - logger('mod_zot: auth: unable to finger ' . $addr); + logger('mod_zot: auth: unable to finger ' . $address); goaway($desturl); } @@ -131,7 +131,7 @@ function post_init(&$a) { logger('mod_zot: still not authenticated: ' . $x[0]['xchan_addr']); q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_addr = '%s'", intval(HUBLOC_RECEIVE_ERROR), - $x[0][xchan_addr] + dbesc($x[0]['xchan_addr']) ); } -- cgit v1.2.3 From fa8f26c544060b01fc8f6d0df22eea71ae8770fd Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 18 Nov 2013 00:55:41 -0800 Subject: change the way magic-auth works - we rarely need a destination channel and if that channel has problems it shouldn't mess up authentication to the hub. --- mod/post.php | 211 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 105 insertions(+), 106 deletions(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 6eab0988e..ceb41b19d 100644 --- a/mod/post.php +++ b/mod/post.php @@ -15,140 +15,139 @@ function post_init(&$a) { // as a get request, and the only communications to arrive this way. if(argc() > 1) { - $webbie = argv(1); - - if(array_key_exists('auth',$_REQUEST)) { - logger('mod_zot: auth request received.'); - $address = $_REQUEST['auth']; - $dest = $_REQUEST['dest']; - $sec = $_REQUEST['sec']; - $version = $_REQUEST['version']; - - switch($dest) { - case 'channel': - $desturl = z_root() . '/channel/' . $webbie; - break; - case 'photos': - $desturl = z_root() . '/photos/' . $webbie; - break; - case 'profile': - $desturl = z_root() . '/profile/' . $webbie; - break; - default: - $desturl = $dest; - break; - } + } + + if(array_key_exists('auth',$_REQUEST)) { + logger('mod_zot: auth request received.'); + $address = $_REQUEST['auth']; + $dest = $_REQUEST['dest']; + $sec = $_REQUEST['sec']; + $version = $_REQUEST['version']; + + switch($dest) { + case 'channel': + $desturl = z_root() . '/channel/' . $webbie; + break; + case 'photos': + $desturl = z_root() . '/photos/' . $webbie; + break; + case 'profile': + $desturl = z_root() . '/profile/' . $webbie; + break; + default: + $desturl = $dest; + break; + } + if($webbie) { $c = q("select * from channel where channel_address = '%s' limit 1", dbesc($webbie) ); if(! $c) { logger('mod_zot: auth: unable to find channel ' . $webbie); // They'll get a notice when they hit the page, we don't need two of them. - goaway($desturl); + // In fact we only need the name to map the destination, auth can proceed + // without it. + // goaway($desturl); } + } - // Try and find a hubloc for the person attempting to auth - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", - dbesc($address) - ); + // Try and find a hubloc for the person attempting to auth + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + dbesc($address) + ); - if(! $x) { - // finger them if they can't be found. - $ret = zot_finger($address,null); - if($ret['success']) { - $j = json_decode($ret['body'],true); - if($j) - import_xchan($j); - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", - dbesc($address) - ); - } - } - if(! $x) { - logger('mod_zot: auth: unable to finger ' . $address); - goaway($desturl); + if(! $x) { + // finger them if they can't be found. + $ret = zot_finger($address,null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + dbesc($address) + ); } + } + if(! $x) { + logger('mod_zot: auth: unable to finger ' . $address); + goaway($desturl); + } - logger('mod_zot: auth request received from ' . $x[0]['xchan_addr'] . ' for ' . $webbie); + logger('mod_zot: auth request received from ' . $x[0]['xchan_addr'] . ' for ' . (($webbie) ? $webbie : 'undefined')); - // check credentials and access + // check credentials and access - // If they are already authenticated and haven't changed credentials, - // we can save an expensive network round trip and improve performance. + // If they are already authenticated and haven't changed credentials, + // we can save an expensive network round trip and improve performance. - $remote = remote_user(); - $result = null; + $remote = remote_user(); + $result = null; - $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote)) ? true : false); + $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote)) ? true : false); - if(! $already_authed) { - // Auth packets MUST use ultra top-secret hush-hush mode - $p = zot_build_packet($c[0],$type = 'auth_check', - array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), - $x[0]['hubloc_sitekey'], $sec); - $result = zot_zot($x[0]['hubloc_callback'],$p); - if(! $result['success']) { - logger('mod_zot: auth_check callback failed.'); - goaway($desturl); - } - $j = json_decode($result['body'],true); + if(! $already_authed) { + // Auth packets MUST use ultra top-secret hush-hush mode + $p = zot_build_packet($c[0],$type = 'auth_check', + array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), + $x[0]['hubloc_sitekey'], $sec); + $result = zot_zot($x[0]['hubloc_callback'],$p); + if(! $result['success']) { + logger('mod_zot: auth_check callback failed.'); + goaway($desturl); } + $j = json_decode($result['body'],true); + } - if($already_authed || $j['success']) { - if($j['success']) { - // legit response, but we do need to check that this wasn't answered by a man-in-middle - if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { - logger('mod_zot: auth: final confirmation failed.'); - goaway($desturl); - } + if($already_authed || $j['success']) { + if($j['success']) { + // legit response, but we do need to check that this wasn't answered by a man-in-middle + if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { + logger('mod_zot: auth: final confirmation failed.'); + goaway($desturl); } - // everything is good... maybe - if(local_user()) { + } + // everything is good... maybe + if(local_user()) { - // tell them to logout if they're logged in locally as anything but the target remote account - // in which case just shut up because they don't need to be doing this at all. + // tell them to logout if they're logged in locally as anything but the target remote account + // in which case just shut up because they don't need to be doing this at all. - if($a->channel['channel_hash'] != $x[0]['xchan_hash']) { - logger('mod_zot: auth: already authenticated locally as somebody else.'); - notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); - } - goaway($desturl); + if($a->channel['channel_hash'] != $x[0]['xchan_hash']) { + logger('mod_zot: auth: already authenticated locally as somebody else.'); + notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); } - // log them in - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $x[0]['xchan_hash']; - $_SESSION['my_address'] = $address; - $arr = array('xchan' => $x[0], 'url' => $desturl, 'channel_address' => $webbie); - call_hooks('magic_auth_success',$arr); - $a->set_observer($x[0]); - require_once('include/security.php'); - $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); - info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); - logger('mod_zot: auth success from ' . $x[0]['xchan_addr'] . ' for ' . $webbie); - - } else { - logger('mod_zot: still not authenticated: ' . $x[0]['xchan_addr']); - q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_addr = '%s'", - intval(HUBLOC_RECEIVE_ERROR), - dbesc($x[0]['xchan_addr']) - ); + goaway($desturl); } + // log them in + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $x[0]['xchan_hash']; + $_SESSION['my_address'] = $address; + $arr = array('xchan' => $x[0], 'url' => $desturl, 'channel_address' => $webbie); + call_hooks('magic_auth_success',$arr); + $a->set_observer($x[0]); + require_once('include/security.php'); + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); + logger('mod_zot: auth success from ' . $x[0]['xchan_addr'] . ' for ' . $webbie); + + } else { + logger('mod_zot: still not authenticated: ' . $x[0]['xchan_addr']); + q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_addr = '%s'", + intval(HUBLOC_RECEIVE_ERROR), + dbesc($x[0]['xchan_addr']) + ); + } -// FIXME - we really want to save the return_url in the session before we visit rmagic. -// This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again. -// But z_root() probably isn't where you really want to go. - - if(strstr($desturl,z_root() . '/rmagic')) - goaway(z_root()); + // FIXME - we really want to save the return_url in the session before we visit rmagic. + // This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again. + // But z_root() probably isn't where you really want to go. - goaway($desturl); - } + if(strstr($desturl,z_root() . '/rmagic')) + goaway(z_root()); - logger('mod_zot: invalid args: ' . print_r($a->argv,true)); - killme(); + goaway($desturl); } - return; } -- cgit v1.2.3 From 718f69c6fc090752238bb64e7486d6a3eef5b518 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 18 Nov 2013 00:57:56 -0800 Subject: to clarify the fact, we'll remove the line we no longer need instead of commenting it --- mod/post.php | 1 - 1 file changed, 1 deletion(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index ceb41b19d..6a5c919e1 100644 --- a/mod/post.php +++ b/mod/post.php @@ -48,7 +48,6 @@ function post_init(&$a) { // They'll get a notice when they hit the page, we don't need two of them. // In fact we only need the name to map the destination, auth can proceed // without it. - // goaway($desturl); } } -- cgit v1.2.3 From b1a4dc7d7ed9ae19c7f8c0cb1d706eb57872ff28 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 18 Nov 2013 01:00:04 -0800 Subject: set a default value for $webbie - it's the right thing to do. --- mod/post.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 6a5c919e1..2778621d3 100644 --- a/mod/post.php +++ b/mod/post.php @@ -17,6 +17,8 @@ function post_init(&$a) { if(argc() > 1) { $webbie = argv(1); } + else + $webbie = ''; if(array_key_exists('auth',$_REQUEST)) { logger('mod_zot: auth request received.'); -- cgit v1.2.3 From fce5f2042db1a9d0b13c3bd5f6d37980fa98ca7f Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 18 Nov 2013 14:06:34 -0800 Subject: resetting password tries to update email address even if it didn't change - and if you've got the admin email this spits out a warning. --- mod/settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/settings.php b/mod/settings.php index 4e122607b..ba7540b91 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -319,8 +319,8 @@ function settings_post(&$a) { } $email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : ''); + $account = $a->get_account(); if($email != $account['account_email']) { - $account = $a->get_account(); if(! valid_email($email)) $errs[] = t('Not valid email.'); $adm = trim(get_config('system','admin_email')); -- cgit v1.2.3 From dc6cd8a701f2225070bf6c37833279768f1a3b10 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 18 Nov 2013 15:38:02 -0800 Subject: admin/users - add expiration date to table and ability to sort by reverse expiration and also filter by service class through url options --- mod/admin.php | 49 +++++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 20 deletions(-) (limited to 'mod') diff --git a/mod/admin.php b/mod/admin.php index 3608f6eda..1615412b5 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -640,26 +640,35 @@ function admin_page_users(&$a){ // WEe'll still need to link email addresses to admin/users/channels or some such, but this bit doesn't exist yet. // That's where we need to be doing last post/channel flags/etc, not here. - $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_service_class` FROM `account`", - intval($a->pager['start']), - intval($a->pager['itemspage']) - ); - - function _setup_users($e){ - $accounts = Array( - t('Normal Account'), - t('Soapbox Account'), - t('Community/Celebrity Account'), - t('Automatic Friend Account') - ); - $e['page_flags'] = $accounts[$e['page-flags']]; - $e['register_date'] = relative_date($e['register_date']); - $e['login_date'] = relative_date($e['login_date']); - $e['lastitem_date'] = relative_date($e['lastitem_date']); - return $e; - } - $users = array_map("_setup_users", $users); + + $serviceclass = (($_REQUEST['class']) ? " and account_service_class = '" . dbesc($_REQUEST['class']) . "' " : ''); + + + $order = " order by account_email asc "; + if($_REQUEST['order'] === 'expires') + $order = " order by account_expires desc "; + + $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, `account_service_class` FROM `account` where true $serviceclass $order limit %d , %d ", + intval($a->pager['start']), + intval($a->pager['itemspage']) + ); + +// function _setup_users($e){ +// $accounts = Array( +// t('Normal Account'), +// t('Soapbox Account'), +// t('Community/Celebrity Account'), +// t('Automatic Friend Account') +// ); + +// $e['page_flags'] = $accounts[$e['page-flags']]; +// $e['register_date'] = relative_date($e['register_date']); +// $e['login_date'] = relative_date($e['login_date']); +// $e['lastitem_date'] = relative_date($e['lastitem_date']); +// return $e; +// } +// $users = array_map("_setup_users", $users); $t = get_markup_template("admin_users.tpl"); @@ -679,7 +688,7 @@ function admin_page_users(&$a){ '$unblock' => t('Unblock'), '$h_users' => t('Users'), - '$th_users' => array( t('Email'), t('Register date'), t('Last login'), t('Service Class')), + '$th_users' => array( t('Email'), t('Register date'), t('Last login'), t('Expires'), t('Service Class')), '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), -- cgit v1.2.3 From d7ee552c570f4fca760c3d1573f32c005cf73bb8 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 20 Nov 2013 15:20:12 -0800 Subject: Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable. --- mod/editpost.php | 4 ++-- mod/message.php | 2 +- mod/post.php | 4 ++-- mod/probe.php | 2 +- mod/register.php | 8 ++++++++ 5 files changed, 14 insertions(+), 6 deletions(-) (limited to 'mod') diff --git a/mod/editpost.php b/mod/editpost.php index b01afe9b3..f25d6d21d 100644 --- a/mod/editpost.php +++ b/mod/editpost.php @@ -57,9 +57,9 @@ function editpost_content(&$a) { if($itm[0]['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); if($itm[0]['title']) - $itm[0]['title'] = aes_unencapsulate(json_decode_plus($itm[0]['title']),$key); + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); if($itm[0]['body']) - $itm[0]['body'] = aes_unencapsulate(json_decode_plus($itm[0]['body']),$key); + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); } $tpl = get_markup_template("jot.tpl"); diff --git a/mod/message.php b/mod/message.php index f992a6fa1..a0382f63d 100644 --- a/mod/message.php +++ b/mod/message.php @@ -79,7 +79,7 @@ function message_post(&$a) { $global_perms = get_perms(); if($j['permissions']['data']) { - $permissions = aes_unencapsulate($j['permissions'],$channel['channel_prvkey']); + $permissions = crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']); if($permissions) $permissions = json_decode($permissions); logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA); diff --git a/mod/post.php b/mod/post.php index 2778621d3..64e08e632 100644 --- a/mod/post.php +++ b/mod/post.php @@ -172,7 +172,7 @@ function post_post(&$a) { */ if(array_key_exists('iv',$data)) { - $data = aes_unencapsulate($data,get_config('system','prvkey')); + $data = crypto_unencapsulate($data,get_config('system','prvkey')); logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA); // susceptible to Bleichenbacher's attack @@ -312,7 +312,7 @@ function post_post(&$a) { ); } } - $encrypted = aes_encapsulate(json_encode($ret),$sitekey); + $encrypted = crypto_encapsulate(json_encode($ret),$sitekey); json_return_and_die($encrypted); /** pickup: end */ diff --git a/mod/probe.php b/mod/probe.php index bd792d52e..e2dd4ef77 100644 --- a/mod/probe.php +++ b/mod/probe.php @@ -26,7 +26,7 @@ function probe_content(&$a) { $j = json_decode($res['body'],true); } if($j && $j['permissions'] && $j['permissions']['iv']) - $j['permissions'] = json_decode(aes_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); + $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); $o .= str_replace("\n",'
',print_r($j,true)); $o .= ''; } diff --git a/mod/register.php b/mod/register.php index bc1603f25..2040732ff 100644 --- a/mod/register.php +++ b/mod/register.php @@ -7,6 +7,14 @@ function register_init(&$a) { $result = null; $cmd = ((argc() > 1) ? argv(1) : ''); + // Provide a stored request for somebody desiring a connection + // when they first need to register someplace. Once they've + // created a channel, we'll try to revive the connection request + // and process it. + + if($_REQUEST['connect']) + $_SESSION['connect'] = $_REQUEST['connect']; + switch($cmd) { case 'invite_check.json': $result = check_account_invite($_REQUEST['invite_code']); -- cgit v1.2.3 From 6ddb57e0da54b291504638247a77889f5b631caa Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 14:19:31 -0800 Subject: mod/help - load Site.md (if it exists) before Home.md. Site.md will typically provide local resources. Site.md can either include the complete contents of Help.md or link to it, as you choose. --- mod/help.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/help.php b/mod/help.php index 770a0a8af..10061b851 100644 --- a/mod/help.php +++ b/mod/help.php @@ -25,9 +25,13 @@ function help_content(&$a) { $text = ''; - if($a->argc > 1) { + if(argc() > 1) { $text = load_doc_file('doc/' . $a->argv[1] . '.md'); - $a->page['title'] = t('Help:') . ' ' . str_replace('-',' ',notags($a->argv[1])); + $a->page['title'] = t('Help:') . ' ' . str_replace('-',' ',notags(argv(1))); + } + if(! $text) { + $text = load_doc_file('doc/Site.md'); + $a->page['title'] = t('Help'); } if(! $text) { $text = load_doc_file('doc/Home.md'); -- cgit v1.2.3 From 7f4e4ab688be440a3efae2e0b0af7b9bbc6b7053 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 14:41:31 -0800 Subject: Add #include mechanism for help pages - see the top of mod/help.php for details --- mod/help.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'mod') diff --git a/mod/help.php b/mod/help.php index 10061b851..e78f9e61c 100644 --- a/mod/help.php +++ b/mod/help.php @@ -1,5 +1,16 @@ language; @@ -45,7 +56,20 @@ function help_content(&$a) { '$message' => t('Page not found.' ) )); } + + $text = preg_replace_callback("/#include (.*?)\;/ism", 'preg_callback_help_include', $text); + return Markdown($text); } + + +function preg_callback_help_include($matches) { + print_r($matches); + + if($matches[1]) + return str_replace($matches[0],load_doc_file($matches[1]),$matches[0]); + +} + -- cgit v1.2.3 From 8f236771c675ba18fa053182c4d25199e3f98277 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 14:42:48 -0800 Subject: mark hublocs with incorrect sitekeys deleted --- mod/post.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 64e08e632..0ce58ec9f 100644 --- a/mod/post.php +++ b/mod/post.php @@ -265,6 +265,7 @@ function post_post(&$a) { if((! $forgery) && (! $secret_fail)) break; } + if($forgery) { $ret['message'] = 'possible site forgery'; logger('mod_zot: pickup: ' . $ret['message']); @@ -312,6 +313,7 @@ function post_post(&$a) { ); } } + $encrypted = crypto_encapsulate(json_encode($ret),$sitekey); json_return_and_die($encrypted); @@ -355,6 +357,18 @@ function post_post(&$a) { intval($hub['hubloc_id']) ); + /** + * This hub has now been proven to be valid. + * Any hub with the same URL and a different sitekey cannot be valid. + * Get rid of them (mark them deleted). There's a good chance they were re-installs. + * + */ + + q("update hubloc set hubloc_flags = ( hubloc_flags | %d ) where hubloc_url = '%s' and hubloc_sitekey != '%s' ", + intval(HUBLOC_FLAGS_DELETED), + dbesc($hub['hubloc_url']), + dbesc($hub['hubloc_sitekey']) + ); // TODO: check which hub is primary and take action if mismatched -- cgit v1.2.3 From 3e0ac769aad2ae15934c32eef2f4992bde73e178 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 17:23:14 -0800 Subject: white screen --- mod/settings.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'mod') diff --git a/mod/settings.php b/mod/settings.php index ba7540b91..af9113202 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -357,7 +357,7 @@ function settings_post(&$a) { $openid = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); $maxreq = ((x($_POST,'maxreq')) ? intval($_POST['maxreq']) : 0); $expire = ((x($_POST,'expire')) ? intval($_POST['expire']) : 0); - $def_gid = ((x($_POST,'group-selection')) ? intval($_POST['group-selection']) : 0); + $def_group = ((x($_POST,'group-selection')) ? notags(trim($_POST['group-selection'])) : ''); $expire_items = ((x($_POST,'expire_items')) ? intval($_POST['expire_items']) : 0); @@ -506,9 +506,9 @@ function settings_post(&$a) { if($page_flags == PAGE_PRVGROUP) { $hidewall = 1; if((! $str_contact_allow) && (! $str_group_allow) && (! $str_contact_deny) && (! $str_group_deny)) { - if($def_gid) { + if($def_group) { info( t('Private forum has no privacy permissions. Using default privacy group.'). EOL); - $str_group_allow = '<' . $def_gid . '>'; + $str_group_allow = '<' . $def_group . '>'; } else { notice( t('Private forum has no privacy permissions and no default privacy group.') . EOL); @@ -519,7 +519,7 @@ function settings_post(&$a) { */ /* - $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d LIMIT 1", + $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_group` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($openid), @@ -535,7 +535,7 @@ function settings_post(&$a) { intval($maxreq), intval($expire), dbesc($openidserver), - intval($def_gid), + intval($def_group), intval($blockwall), intval($hidewall), intval($blocktags), @@ -545,7 +545,7 @@ function settings_post(&$a) { ); */ - $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d where channel_id = %d limit 1", + $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d where channel_id = %d limit 1", dbesc($username), intval($pageflags), dbesc($timezone), @@ -554,6 +554,7 @@ function settings_post(&$a) { intval($unkmail), intval($maxreq), intval($expire), + dbesc($def_group), intval($arr['channel_r_stream']), intval($arr['channel_r_profile']), intval($arr['channel_r_photos']), @@ -1045,7 +1046,7 @@ function settings_content(&$a) { require_once('include/group.php'); - $group_select = mini_group_select(local_user(),$a->user['def_gid']); + $group_select = mini_group_select(local_user(),$channel['channel_default_group']); $o .= replace_macros($stpl,array( '$ptitle' => t('Channel Settings'), -- cgit v1.2.3 From 8cdbd0e2a65cac16a5bad0fca1c3e2e5ec91e348 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 17:31:37 -0800 Subject: make default group for new connections work --- mod/connections.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index a40a8fa90..ba5e8920e 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -129,6 +129,15 @@ function connections_post(&$a) { } if($new_friend) { + $channel = $a->get_channel(); + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash(local_user(),$default_group); + if($g) + group_add_member(local_user(),'',$a->data['abook_xchan'],$g['id']); + } + // Check if settings permit ("post new friend activity" is allowed, and // friends in general or this friend in particular aren't hidden) // and send out a new friend activity -- cgit v1.2.3 From f2435ed4cdee6e20a92f2acfd60399cb92b2c1e3 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 21 Nov 2013 17:49:14 -0800 Subject: follow and accept_follow hooks --- mod/connections.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index ba5e8920e..d7adf775b 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -138,6 +138,8 @@ function connections_post(&$a) { group_add_member(local_user(),'',$a->data['abook_xchan'],$g['id']); } + + // Check if settings permit ("post new friend activity" is allowed, and // friends in general or this friend in particular aren't hidden) // and send out a new friend activity @@ -145,6 +147,7 @@ function connections_post(&$a) { // pull in a bit of content if there is any to pull in proc_run('php','include/onepoll.php',$contact_id); + } // Refresh the structure in memory with the new data @@ -159,6 +162,11 @@ function connections_post(&$a) { $a->data['abook'] = $r[0]; } + if($new_friend) { + $arr = array('channel_id' => local_user(), 'abook' => $a->data['abook']); + call_hooks('accept_follow', $arr); + } + connections_clone($a); return; -- cgit v1.2.3 From 3a4c32475e33e1cad6610c8e4fa0e9cc18bbc31a Mon Sep 17 00:00:00 2001 From: marijus Date: Fri, 22 Nov 2013 14:17:47 +0100 Subject: search should respect max items to load as well --- mod/search.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'mod') diff --git a/mod/search.php b/mod/search.php index 539241268..bad071936 100644 --- a/mod/search.php +++ b/mod/search.php @@ -186,6 +186,8 @@ function search_content(&$a,$update = 0, $load = false) { $pub_sql = public_permissions_sql(get_observer_hash()); if(($update) && ($load)) { + $itemspage = get_pconfig(local_user(),'system','itemspage'); + $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); if($load) { -- cgit v1.2.3 From 2e4177796364ca4edb3a29e7646545649d57c56a Mon Sep 17 00:00:00 2001 From: tuscanhobbit Date: Sat, 23 Nov 2013 19:46:07 +0100 Subject: a reference to account_id was missing in user admin table --- mod/admin.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/admin.php b/mod/admin.php index 1615412b5..5a3ec48f7 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -649,7 +649,8 @@ function admin_page_users(&$a){ if($_REQUEST['order'] === 'expires') $order = " order by account_expires desc "; - $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, `account_service_class` FROM `account` where true $serviceclass $order limit %d , %d ", + $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, `account_service_class`, ( account_flags & %d ) > 0 as `blocked` FROM `account` where true $serviceclass $order limit %d , %d ", + intval(ACCOUNT_BLOCKED), intval($a->pager['start']), intval($a->pager['itemspage']) ); @@ -686,7 +687,7 @@ function admin_page_users(&$a){ '$delete' => t('Delete'), '$block' => t('Block'), '$unblock' => t('Unblock'), - + '$h_users' => t('Users'), '$th_users' => array( t('Email'), t('Register date'), t('Last login'), t('Expires'), t('Service Class')), -- cgit v1.2.3 From 421cacfc8d968f981e6c3420017910c3a8d047ab Mon Sep 17 00:00:00 2001 From: tuscanhobbit Date: Sun, 24 Nov 2013 23:06:03 +0100 Subject: admin user table now shows the channel list, minor changes to summary --- mod/admin.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'mod') diff --git a/mod/admin.php b/mod/admin.php index 5a3ec48f7..031fe7852 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -474,7 +474,7 @@ function admin_page_hubloc(&$a) { '$title' => t('Administration'), '$page' => t('Server'), '$queues' => $queues, - '$accounts' => $accounts, + //'$accounts' => $accounts, /*$accounts is empty here*/ '$pending' => Array( t('Pending registrations'), $pending), '$plugins' => Array( t('Active plugins'), $a->plugins ) )); @@ -649,7 +649,10 @@ function admin_page_users(&$a){ if($_REQUEST['order'] === 'expires') $order = " order by account_expires desc "; - $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, `account_service_class`, ( account_flags & %d ) > 0 as `blocked` FROM `account` where true $serviceclass $order limit %d , %d ", + $users =q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d ) > 0 as `blocked`, " . + "(SELECT GROUP_CONCAT( ch.channel_address SEPARATOR ' ') FROM channel as ch " . + "WHERE ch.channel_account_id = ac.account_id) as `channels` " . + "FROM account as ac where true $serviceclass $order limit %d , %d ", intval(ACCOUNT_BLOCKED), intval($a->pager['start']), intval($a->pager['itemspage']) @@ -689,7 +692,7 @@ function admin_page_users(&$a){ '$unblock' => t('Unblock'), '$h_users' => t('Users'), - '$th_users' => array( t('Email'), t('Register date'), t('Last login'), t('Expires'), t('Service Class')), + '$th_users' => array( t('ID'), t('Email'), t('All Channels'), t('Register date'), t('Last login'), t('Expires'), t('Service Class')), '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), -- cgit v1.2.3 From c63a18a2506778fff37c3e82881e90e24ce545a8 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 24 Nov 2013 20:28:51 -0800 Subject: Add some message_id meta information for wordpress posts so we'll know where to send comments --- mod/item.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'mod') diff --git a/mod/item.php b/mod/item.php index 7eebbe287..dba9f01b6 100644 --- a/mod/item.php +++ b/mod/item.php @@ -58,6 +58,12 @@ function item_post(&$a) { // If you are unsure, it is prudent (and important) to leave it unset. $origin = (($api_source && array_key_exists('origin',$_REQUEST)) ? intval($_REQUEST['origin']) : 1); + + // To represent message-ids on other networks - this will create an item_id record + + $namespace = (($api_source && array_key_exists('namespace',$_REQUEST)) ? strip_tags($_REQUEST['namespace']) : ''); + $remote_id = (($api_source && array_key_exists('remote_id',$_REQUEST)) ? strip_tags($_REQUEST['remote_id']) : ''); + $owner_hash = null; $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); @@ -782,6 +788,10 @@ function item_post(&$a) { $page_type = 'BUILDBLOCK'; elseif($webpage & ITEM_PDL) $page_type = 'PDL'; + elseif($namespace && $remote_id) { + $page_type = $namespace; + $pagetitle = $remote_id; + } if($page_type) { -- cgit v1.2.3 From cbe096dd90292613e21725c8468eaf77f934d079 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 25 Nov 2013 14:20:57 -0800 Subject: wp-to-red: now supports editing, titles, and native permalinks --- mod/item.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'mod') diff --git a/mod/item.php b/mod/item.php index dba9f01b6..1893bb684 100644 --- a/mod/item.php +++ b/mod/item.php @@ -77,6 +77,8 @@ function item_post(&$a) { $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : ''); $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); + $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); + /* Check service class limits */ @@ -196,6 +198,16 @@ function item_post(&$a) { $orig_post = null; + if($namespace && $remote_id) { + // It wasn't an internally generated post - see if we've got an item matching this remote service id + $i = q("select iid from item_id where service = '%s' and sid = '%s' limit 1", + dbesc($namespace), + dbesc($remote_id) + ); + if($i) + $post_id = $i[0]['iid']; + } + if($post_id) { $i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), @@ -616,6 +628,7 @@ function item_post(&$a) { $datarray['layout_mid'] = $layout_mid; $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); $datarray['term'] = $post_tags; + $datarray['plink'] = $plink; // preview mode - prepare the body for display and send it via json -- cgit v1.2.3 From fe9162395ae703adf91f7ac32833211ca60ac216 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 25 Nov 2013 14:54:14 -0800 Subject: sort out the preview icons --- mod/item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/item.php b/mod/item.php index 1893bb684..f5df854ee 100644 --- a/mod/item.php +++ b/mod/item.php @@ -823,7 +823,7 @@ function item_post(&$a) { } $datarray['id'] = $post_id; - $datarray['plink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id; + $datarray['llink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id; call_hooks('post_local_end', $datarray); -- cgit v1.2.3 From 7aa7f0f4eb201627b89c0587185ad72efc7e6606 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 26 Nov 2013 15:50:30 -0800 Subject: allow editing posts on connectors that support edits --- mod/item.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/item.php b/mod/item.php index f5df854ee..6781eba2d 100644 --- a/mod/item.php +++ b/mod/item.php @@ -273,6 +273,7 @@ function item_post(&$a) { $private = $orig_post['item_private']; $item_flags = $orig_post['item_flags']; $item_restrict = $orig_post['item_restrict']; + $postopts = $orig_post['postopts']; } else { @@ -305,6 +306,7 @@ function item_post(&$a) { $verb = notags(trim($_REQUEST['verb'])); $title = escape_tags(trim($_REQUEST['title'])); $body = $_REQUEST['body']; + $postopts = ''; $private = ( ( strlen($str_group_allow) @@ -622,7 +624,7 @@ function item_post(&$a) { $datarray['item_private'] = $private; $datarray['attach'] = $attachments; $datarray['thr_parent'] = $thr_parent; - $datarray['postopts'] = ''; + $datarray['postopts'] = $postopts; $datarray['item_restrict'] = $item_restrict; $datarray['item_flags'] = $item_flags; $datarray['layout_mid'] = $layout_mid; -- cgit v1.2.3 From 64b467ea98fd4cf3cb6215be9ff8e5a9d13ba1a8 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 27 Nov 2013 02:51:16 -0800 Subject: reduce the likelihood that a given channel will have 30-40 valid hublocs with the same hubloc_url. --- mod/zfinger.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/zfinger.php b/mod/zfinger.php index 59cef5549..2eb6adc75 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -164,7 +164,7 @@ function zfinger_init(&$a) { $ret['locations'] = array(); - $x = zot_get_hubloc(array($e['channel_hash'])); + $x = zot_get_hublocs($e['channel_hash']); if($x && count($x)) { foreach($x as $hub) { if(! ($hub['hubloc_flags'] & HUBLOC_FLAGS_UNVERIFIED)) { -- cgit v1.2.3 From d1ab865ccf8a9200236e310c93ad56b8a7f93aad Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 28 Nov 2013 19:17:20 -0800 Subject: make the template processor (e.g. replace_macros) pluggable --- mod/connections.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index d7adf775b..39bef0209 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -464,7 +464,7 @@ function connections_content(&$a) { '$cautious' => t('Cautious Sharing'), '$follow' => t('Follow Only'), '$permlbl' => t('Individual Permissions'), - '$permnote' => t('Some permissions may be inherited from your privacy settings, which have higher priority. Changing those on this page will have no effect.'), + '$permnote' => t('Some permissions may be inherited from your channel privacy settings, which have higher priority. Changing those inherited settings on this page will have no effect.'), '$advanced' => t('Advanced Permissions'), '$quick' => t('Quick Links'), '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'], -- cgit v1.2.3 From df66c510c9e47750ec7382d6933ff72372c426c1 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 29 Nov 2013 00:57:47 -0800 Subject: allow zot-info to return results for address= with webbies or naked nicknames --- mod/zfinger.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/zfinger.php b/mod/zfinger.php index 2eb6adc75..ff1bf3a35 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -53,7 +53,8 @@ function zfinger_init(&$a) { } elseif(strlen($zaddr)) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash - where channel_address = '%s' limit 1", + where ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", + dbesc($zaddr), dbesc($zaddr) ); } -- cgit v1.2.3 From 1c5f98440da1b4713d0f5b9f8f6a2d3ca39e23af Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 29 Nov 2013 14:08:37 -0800 Subject: quite a bit of work on default acl permissions and various acl quirks --- mod/channel.php | 9 ++++++++- mod/display.php | 10 +++++++++- mod/network.php | 40 +++++++++++++++++++++++----------------- mod/photos.php | 13 ++++++++++++- mod/settings.php | 19 ++++++++++++++++--- 5 files changed, 68 insertions(+), 23 deletions(-) (limited to 'mod') diff --git a/mod/channel.php b/mod/channel.php index e5af91b53..f36636023 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -131,6 +131,13 @@ function channel_content(&$a, $update = 0, $load = false) { $o .= common_friends_visitor_widget($a->profile['profile_uid']); + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + if($perms['post_wall']) { @@ -140,7 +147,7 @@ function channel_content(&$a, $update = 0, $load = false) { 'default_location' => (($is_owner) ? $a->profile['channel_location'] : ''), 'nickname' => $a->profile['channel_address'], 'lockstate' => (((strlen($a->profile['channel_allow_cid'])) || (strlen($a->profile['channel_allow_gid'])) || (strlen($a->profile['channel_deny_cid'])) || (strlen($a->profile['channel_deny_gid']))) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel, false) : ''), + 'acl' => (($is_owner) ? populate_acl($channel_acl) : ''), 'showacl' => (($is_owner) ? 'yes' : ''), 'bang' => '', 'visitor' => (($is_owner || $observer) ? 'block' : 'none'), diff --git a/mod/display.php b/mod/display.php index e95a038ea..9aafec8c3 100644 --- a/mod/display.php +++ b/mod/display.php @@ -40,6 +40,14 @@ function display_content(&$a, $update = 0, $load = false) { $channel = $a->get_channel(); + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + $x = array( 'is_owner' => true, 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), @@ -47,7 +55,7 @@ function display_content(&$a, $update = 0, $load = false) { 'nickname' => $channel['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => populate_acl($channel, false), + 'acl' => populate_acl($channel_acl, false), 'bang' => '', 'visitor' => 'block', 'profile_uid' => local_user(), diff --git a/mod/network.php b/mod/network.php index 9ee21dc05..6c0b84873 100644 --- a/mod/network.php +++ b/mod/network.php @@ -278,8 +278,21 @@ function network_content(&$a, $update = 0, $load = false) { $_GET['order'] = 'post'; if($gid) { + $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1", + intval($gid), + intval(local_user()) + ); + if(! $r) { + if($update) + killme(); + notice( t('No such group') . EOL ); + goaway($a->get_baseurl(true) . '/network'); + // NOTREACHED + } + $group = $gid; - $def_acl = array('allow_gid' => '<' . $group . '>'); + $group_hash = $r[0]['hash']; + $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); } $o = ''; @@ -409,7 +422,13 @@ function network_content(&$a, $update = 0, $load = false) { nav_set_selected('network'); - $celeb = false; + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + $x = array( 'is_owner' => true, @@ -417,8 +436,7 @@ function network_content(&$a, $update = 0, $load = false) { 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), -// FIXME - 'acl' => populate_acl((($group || $cid || $nets) ? $def_acl : $channel), $celeb), + 'acl' => populate_acl((($group || $cid) ? $def_acl : $channel_acl)), 'bang' => (($group || $cid) ? '!' : ''), 'visitor' => 'block', 'profile_uid' => local_user() @@ -443,18 +461,6 @@ function network_content(&$a, $update = 0, $load = false) { $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; if($group) { - $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1", - intval($group), - intval(local_user()) - ); - if(! $r) { - if($update) - killme(); - notice( t('No such group') . EOL ); - goaway($a->get_baseurl(true) . '/network'); - // NOTREACHED - } - $contact_str = ''; $contacts = group_get_members($group); if($contacts) { @@ -469,7 +475,7 @@ function network_content(&$a, $update = 0, $load = false) { info( t('Group is empty')); } - $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str)) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; + $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; } diff --git a/mod/photos.php b/mod/photos.php index 43c74851a..64ca86941 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -699,8 +699,19 @@ function photos_content(&$a) { $usage_message = sprintf( t('You have used %1$.2f Mbytes of photo storage.'), $r[0]['total'] / 1024000 ); } + if($_is_owner) { + $channel = $a->get_channel(); + + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + } + $albumselect_e = $albumselect; - $aclselect_e = (($_is_owner) ? populate_acl($a->get_channel(), false) : ''); + $aclselect_e = (($_is_owner) ? populate_acl($channel_acl) : ''); $tpl = get_markup_template('photos_upload.tpl'); $o .= replace_macros($tpl,array( diff --git a/mod/settings.php b/mod/settings.php index af9113202..35210eaba 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -141,6 +141,8 @@ function settings_post(&$a) { if(! local_user()) return; +// logger('mod_settings: ' . print_r($_REQUEST,true)); + if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) return; @@ -502,6 +504,8 @@ function settings_post(&$a) { set_pconfig(local_user(),'system','blocktags',$blocktags); + + /* if($page_flags == PAGE_PRVGROUP) { $hidewall = 1; @@ -545,7 +549,7 @@ function settings_post(&$a) { ); */ - $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d where channel_id = %d limit 1", + $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d, channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d limit 1", dbesc($username), intval($pageflags), dbesc($timezone), @@ -572,6 +576,10 @@ function settings_post(&$a) { intval($arr['channel_r_pages']), intval($arr['channel_w_pages']), intval($arr['channel_a_republish']), + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), intval(local_user()) ); @@ -1042,7 +1050,12 @@ function settings_content(&$a) { ); - + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); require_once('include/group.php'); @@ -1079,7 +1092,7 @@ function settings_content(&$a) { '$maxreq' => array('maxreq', t('Maximum Friend Requests/Day:'), intval($channel['channel_max_friend_req']) , t('May reduce spam activity')), '$permissions' => t('Default Post Permissions'), '$permdesc' => t("\x28click to open/close\x29"), - '$aclselect' => populate_acl($a->user,$celeb), + '$aclselect' => populate_acl($perm_defaults), '$suggestme' => $suggestme, '$group_select' => $group_select, -- cgit v1.2.3 From b1e775a7a14e3665ab27bf6511f6ea1aa14ede89 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 16:11:18 -0800 Subject: zot documentation inline in the code where we need it most. --- mod/post.php | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 0ce58ec9f..076f26039 100644 --- a/mod/post.php +++ b/mod/post.php @@ -153,6 +153,126 @@ function post_init(&$a) { } +/** + * @function post_post(&$a) + * zot communications and messaging + * + * Sender HTTP posts to this endpoint ($site/post typically) with 'data' parameter set to json zot message packet. + * This packet is optionally encrypted, which we will discover if the json has an 'iv' element. + * $contents => array( 'alg' => 'aes256cbc', 'iv' => initialisation vector, 'key' => decryption key, 'data' => encrypted data); + * $contents->iv and $contents->key are random strings encrypted with this site's public key. + * Currently only 'aes256cbc' is used, but this is extensible should that algorithm prove inadequate. + * + * Once decrypted, one will find the normal json_encoded zot message packet. + * + * Standard packet: + * + * { + * "type": $message_type, + * "sender":{ + * "guid":"kgVFf_1...", + * "guid_sig":"PT9-TApzp...", + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j5...", + * }, + * "recipients": { optional recipient array }, + * "callback":"\/post", + * "version":1, + * "secret":"1eaa...", + * "secret_sig": "df89025470fac8..." + * } + * + * Signature fields are all signed with the sender's private key. + * Recipients are arrays of guid and guid_sig which were signed with the recipients private + * key and obtained via channel discovery. + * + * "pickup" packet: + * The pickup packet is sent in response to a notify packet from another site + * + * { + * "type":"pickup", + * "url":"http:\/\/example.com", + * "callback":"http:\/\/example.com\/post", + * "callback_sig":"teE1_fLI...", + * "secret":"1eaa...", + * "secret_sig":"O7nB4_..." + * } + * + * In the pickup packet, the sig fields are the relevant data element signed with this site's system private key. + * The "secret" is the same as the original secret from the notify packet. + * + * If verification is successful, a json structure is returned + * containing a success indicator and an array of type 'pickup'. + * Each pickup element contains the original notify request and a message field whose contents are + * dependent on the message type + * + * This JSON array is AES encapsulated using the site public key of the site that sent the initial zot pickup packet. + * Using the above example, this would be example.com. + * + * + * { + * "success":1, + * "pickup":{ + * "notify":{ + * "type":"notify", + * "sender":{ + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TApz...", + * "url":"http:\/\/z.podunk.edu", + * "url_sig":"T8Bp7j5D..." + * }, + * "callback":"\/post", + * "version":1, + * "secret":"1eaa661..." + * }, + * "message":{ + * "type":"activity", + * "message_id":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "message_top":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "message_parent":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "created":"2012-11-20 04:04:16", + * "edited":"2012-11-20 04:04:16", + * "title":"", + * "body":"Hi Nickordo", + * "app":"", + * "verb":"post", + * "object_type":"", + * "target_type":"", + * "permalink":"", + * "location":"", + * "longlat":"", + * "owner":{ + * "name":"Indigo", + * "address":"indigo@podunk.edu", + * "url":"http:\/\/podunk.edu", + * "photo":{ + * "mimetype":"image\/jpeg", + * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" + * }, + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TAp...", + * }, + * "author":{ + * "name":"Indigo", + * "address":"indigo@podunk.edu", + * "url":"http:\/\/podunk.edu", + * "photo":{ + * "mimetype":"image\/jpeg", + * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" + * }, + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TAp..." + * } + * } + * } + *} + * + * Currently defined message types are 'activity', 'mail', 'profile' and 'channel_sync', which each have + * different content schemas. + */ + + + -- cgit v1.2.3 From 77186fa7cdc8e4db0b5270be255373d8cd91e808 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 17:12:29 -0800 Subject: magic auth fix plus doco --- mod/post.php | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 076f26039..56ab3e1e0 100644 --- a/mod/post.php +++ b/mod/post.php @@ -14,6 +14,72 @@ function post_init(&$a) { // Here we will pick out the magic auth params which arrive // as a get request, and the only communications to arrive this way. +/** + * Magic Auth + * ========== + * + * So-called "magic auth" takes place by a special exchange. On the remote computer, a redirection is made to the zot endpoint with special GET parameters. + * + * Endpoint: https://example.com/post/name (name is now optional - we are authenticating to a site, not a channel) + * + * where 'name' is the left hand side of the channel webbie, for instance 'mike' where the webbie is 'mike@zothub.com' + * + * Additionally four GET parameters are supplied: + * + ** auth => the webbie of the person requesting access + ** dest => the desired destination URL (urlencoded) + ** sec => a random string which is also stored locally for use during the verification phase. + ** version => the zot revision + * + * When this packet is received, a zot message is sent to the site hosting the request auth identity. + * (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post) + * If no information has been recorded about the requesting identity a zot information packet will be retrieved before + * continuing. + * + * The sender of this packet is the name attached to the request endpoint. e.g. 'mike' in this example. If this channel + * cannot be located, we will choose any local channel as the sender. The recipients will be a single recipient corresponding + * to the guid and guid_sig we have associated with the auth identity + * + * + * { + * "type":"auth_check", + * "sender":{ + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TApz...", + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j..." + * }, + * "recipients":{ + * { + * "guid":"ZHSqb...", + * "guid_sig":"JsAAXi..." + * } + * } + * "callback":"\/post", + * "version":1, + * "secret":"1eaa661", + * "secret_sig":"eKV968b1..." + * } + * + * + * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see + * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the + * destination channel's private key and base64url encoded. If everything checks out, a json packet is returned: + * + * { + * "success":1, + * "confirm":"q0Ysovd1u..." + * } + * + * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the + * base64url encoded whirlpool hash of the source guid and guid_sig; signed with the source channel private key. + * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful + * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. + * + * + * + */ + if(argc() > 1) { $webbie = argv(1); } @@ -46,10 +112,17 @@ function post_init(&$a) { dbesc($webbie) ); if(! $c) { - logger('mod_zot: auth: unable to find channel ' . $webbie); + // They are authenticating ultimately to the site and not to a particular channel. + // Any channel will do. We just need to have an identity to attach to the + // packet we send back. + + $c = q("select * from channel where true limit 1"); + if(! $c) + logger('mod_zot: auth: unable to find channel ' . $webbie); // They'll get a notice when they hit the page, we don't need two of them. // In fact we only need the name to map the destination, auth can proceed // without it. + } } @@ -160,7 +233,7 @@ function post_init(&$a) { * Sender HTTP posts to this endpoint ($site/post typically) with 'data' parameter set to json zot message packet. * This packet is optionally encrypted, which we will discover if the json has an 'iv' element. * $contents => array( 'alg' => 'aes256cbc', 'iv' => initialisation vector, 'key' => decryption key, 'data' => encrypted data); - * $contents->iv and $contents->key are random strings encrypted with this site's public key. + * $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded. * Currently only 'aes256cbc' is used, but this is extensible should that algorithm prove inadequate. * * Once decrypted, one will find the normal json_encoded zot message packet. -- cgit v1.2.3 From fa5366bb95f3f9e241510f29054dbd4ceb0deb73 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 17:18:09 -0800 Subject: don't magic-auth against a deleted channel --- mod/post.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 56ab3e1e0..b425bc59d 100644 --- a/mod/post.php +++ b/mod/post.php @@ -111,18 +111,23 @@ function post_init(&$a) { $c = q("select * from channel where channel_address = '%s' limit 1", dbesc($webbie) ); + } + if(! $c) { + + // They are authenticating ultimately to the site and not to a particular channel. + // Any channel will do, providing it's currently active. We just need to have an + // identity to attach to the packet we send back. So find one. + + $c = q("select * from channel where not ( channel_pageflags & %d ) limit 1", + intval(PAGE_REMOVED) + ); + if(! $c) { - // They are authenticating ultimately to the site and not to a particular channel. - // Any channel will do. We just need to have an identity to attach to the - // packet we send back. - $c = q("select * from channel where true limit 1"); - if(! $c) - logger('mod_zot: auth: unable to find channel ' . $webbie); - // They'll get a notice when they hit the page, we don't need two of them. - // In fact we only need the name to map the destination, auth can proceed - // without it. + // nobody here + logger('mod_zot: auth: unable to find channel ' . $webbie); + goaway($desturl); } } -- cgit v1.2.3 From 71e67f6347ebb9cb0f4efd87fd383d05bc39a8c7 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 19:02:36 -0800 Subject: document the ping packet - and remove the ancient rusty brown square default profile photos. --- mod/post.php | 175 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 165 insertions(+), 10 deletions(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index b425bc59d..d61f5d69e 100644 --- a/mod/post.php +++ b/mod/post.php @@ -243,10 +243,134 @@ function post_init(&$a) { * * Once decrypted, one will find the normal json_encoded zot message packet. * - * Standard packet: + * Defined packet types are: notify, purge, refresh, auth_check, ping, and pickup + * + * Standard packet: (used by notify, purge, refresh, and auth_check) + * + * { + * "type": "notify", + * "sender":{ + * "guid":"kgVFf_1...", + * "guid_sig":"PT9-TApzp...", + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j5...", + * }, + * "recipients": { optional recipient array }, + * "callback":"\/post", + * "version":1, + * "secret":"1eaa...", + * "secret_sig": "df89025470fac8..." + * } + * + * Signature fields are all signed with the sender channel private key and base64url encoded. + * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private + * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates + * a public message or visible to all potential listeners on this site. + * + * "pickup" packet: + * The pickup packet is sent in response to a notify packet from another site + * + * { + * "type":"pickup", + * "url":"http:\/\/example.com", + * "callback":"http:\/\/example.com\/post", + * "callback_sig":"teE1_fLI...", + * "secret":"1eaa...", + * "secret_sig":"O7nB4_..." + * } + * + * In the pickup packet, the sig fields correspond to the respective data element signed with this site's system + * private key and then base64url encoded. + * The "secret" is the same as the original secret from the notify packet. + * + * If verification is successful, a json structure is returned + * containing a success indicator and an array of type 'pickup'. + * Each pickup element contains the original notify request and a message field whose contents are + * dependent on the message type + * + * This JSON array is AES encapsulated using the site public key of the site that sent the initial zot pickup packet. + * Using the above example, this would be example.com. + * + * + * { + * "success":1, + * "pickup":{ + * "notify":{ + * "type":"notify", + * "sender":{ + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TApz...", + * "url":"http:\/\/z.podunk.edu", + * "url_sig":"T8Bp7j5D..." + * }, + * "callback":"\/post", + * "version":1, + * "secret":"1eaa661..." + * }, + * "message":{ + * "type":"activity", + * "message_id":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "message_top":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "message_parent":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", + * "created":"2012-11-20 04:04:16", + * "edited":"2012-11-20 04:04:16", + * "title":"", + * "body":"Hi Nickordo", + * "app":"", + * "verb":"post", + * "object_type":"", + * "target_type":"", + * "permalink":"", + * "location":"", + * "longlat":"", + * "owner":{ + * "name":"Indigo", + * "address":"indigo@podunk.edu", + * "url":"http:\/\/podunk.edu", + * "photo":{ + * "mimetype":"image\/jpeg", + * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" + * }, + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TAp...", + * }, + * "author":{ + * "name":"Indigo", + * "address":"indigo@podunk.edu", + * "url":"http:\/\/podunk.edu", + * "photo":{ + * "mimetype":"image\/jpeg", + * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" + * }, + * "guid":"kgVFf_...", + * "guid_sig":"PT9-TAp..." + * } + * } + * } + *} + * + * Currently defined message types are 'activity', 'mail', 'profile' and 'channel_sync', which each have + * different content schemas. + * + * Ping packet: + * A ping packet does not require any parameters except the type. It may or may not be encrypted. + * + * { + * "type": "ping" + * } + * + * On receipt of a ping packet a ping response will be returned: + * + * { + * "success" : 1, + * "site" { + * "url" : +ping, and pickup + * + * Standard packet: (used by notify, purge, refresh, and auth_check) * * { - * "type": $message_type, + * "type": "notify", * "sender":{ * "guid":"kgVFf_1...", * "guid_sig":"PT9-TApzp...", @@ -260,9 +384,10 @@ function post_init(&$a) { * "secret_sig": "df89025470fac8..." * } * - * Signature fields are all signed with the sender's private key. - * Recipients are arrays of guid and guid_sig which were signed with the recipients private - * key and obtained via channel discovery. + * Signature fields are all signed with the sender channel private key and base64url encoded. + * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private + * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates + * a public message or visible to all potential listeners on this site. * * "pickup" packet: * The pickup packet is sent in response to a notify packet from another site @@ -276,7 +401,8 @@ function post_init(&$a) { * "secret_sig":"O7nB4_..." * } * - * In the pickup packet, the sig fields are the relevant data element signed with this site's system private key. + * In the pickup packet, the sig fields correspond to the respective data element signed with this site's system + * private key and then base64url encoded. * The "secret" is the same as the original secret from the notify packet. * * If verification is successful, a json structure is returned @@ -347,12 +473,41 @@ function post_init(&$a) { * * Currently defined message types are 'activity', 'mail', 'profile' and 'channel_sync', which each have * different content schemas. + * + * Ping packet: + * A ping packet does not require any parameters except the type. It may or may not be encrypted. + * + * { + * "type": "ping" + * } + * + * On receipt of a ping packet a ping response will be returned: + * + * { + * "success" : 1, + * "site" { + * "url":"http:\/\/podunk.edu", + * "url_sig":"T8Bp7j5...", + * "sitekey": "-----BEGIN PUBLIC KEY----- + * MIICIjANBgkqhkiG9w0BAQE..." + * } + * } + * + * The ping packet can be used to verify that a site has not been re-installed, and to + * initiate corrective action if it has. The url_sig is signed with the site private key + * and base64url encoded - and this should verify with the enclosed sitekey. Failure to + * verify indicates the site is corrupt or otherwise unable to communicate using zot. + * This return packet is not otherwise verified, so should be compared with other + * results obtained from this site which were verified prior to taking action. For instance + * if you have one verified result with this signature and key, and other records for this + * url which have different signatures and keys, it indicates that the site was re-installed + * and corrective action may commence (remove or mark invalid any entries with different + * signatures). + * If you have no records which match this url_sig and key - no corrective action should + * be taken as this packet may have been returned by an imposter. + * */ - - - - function post_post(&$a) { -- cgit v1.2.3 From 194c1e7abcab681510f57d8bb36d8d5fb76d9354 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 19:29:11 -0800 Subject: file corruption --- mod/post.php | 122 ----------------------------------------------------------- 1 file changed, 122 deletions(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index d61f5d69e..2422afa8c 100644 --- a/mod/post.php +++ b/mod/post.php @@ -364,128 +364,6 @@ function post_init(&$a) { * { * "success" : 1, * "site" { - * "url" : -ping, and pickup - * - * Standard packet: (used by notify, purge, refresh, and auth_check) - * - * { - * "type": "notify", - * "sender":{ - * "guid":"kgVFf_1...", - * "guid_sig":"PT9-TApzp...", - * "url":"http:\/\/podunk.edu", - * "url_sig":"T8Bp7j5...", - * }, - * "recipients": { optional recipient array }, - * "callback":"\/post", - * "version":1, - * "secret":"1eaa...", - * "secret_sig": "df89025470fac8..." - * } - * - * Signature fields are all signed with the sender channel private key and base64url encoded. - * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private - * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates - * a public message or visible to all potential listeners on this site. - * - * "pickup" packet: - * The pickup packet is sent in response to a notify packet from another site - * - * { - * "type":"pickup", - * "url":"http:\/\/example.com", - * "callback":"http:\/\/example.com\/post", - * "callback_sig":"teE1_fLI...", - * "secret":"1eaa...", - * "secret_sig":"O7nB4_..." - * } - * - * In the pickup packet, the sig fields correspond to the respective data element signed with this site's system - * private key and then base64url encoded. - * The "secret" is the same as the original secret from the notify packet. - * - * If verification is successful, a json structure is returned - * containing a success indicator and an array of type 'pickup'. - * Each pickup element contains the original notify request and a message field whose contents are - * dependent on the message type - * - * This JSON array is AES encapsulated using the site public key of the site that sent the initial zot pickup packet. - * Using the above example, this would be example.com. - * - * - * { - * "success":1, - * "pickup":{ - * "notify":{ - * "type":"notify", - * "sender":{ - * "guid":"kgVFf_...", - * "guid_sig":"PT9-TApz...", - * "url":"http:\/\/z.podunk.edu", - * "url_sig":"T8Bp7j5D..." - * }, - * "callback":"\/post", - * "version":1, - * "secret":"1eaa661..." - * }, - * "message":{ - * "type":"activity", - * "message_id":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", - * "message_top":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", - * "message_parent":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu", - * "created":"2012-11-20 04:04:16", - * "edited":"2012-11-20 04:04:16", - * "title":"", - * "body":"Hi Nickordo", - * "app":"", - * "verb":"post", - * "object_type":"", - * "target_type":"", - * "permalink":"", - * "location":"", - * "longlat":"", - * "owner":{ - * "name":"Indigo", - * "address":"indigo@podunk.edu", - * "url":"http:\/\/podunk.edu", - * "photo":{ - * "mimetype":"image\/jpeg", - * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" - * }, - * "guid":"kgVFf_...", - * "guid_sig":"PT9-TAp...", - * }, - * "author":{ - * "name":"Indigo", - * "address":"indigo@podunk.edu", - * "url":"http:\/\/podunk.edu", - * "photo":{ - * "mimetype":"image\/jpeg", - * "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5" - * }, - * "guid":"kgVFf_...", - * "guid_sig":"PT9-TAp..." - * } - * } - * } - *} - * - * Currently defined message types are 'activity', 'mail', 'profile' and 'channel_sync', which each have - * different content schemas. - * - * Ping packet: - * A ping packet does not require any parameters except the type. It may or may not be encrypted. - * - * { - * "type": "ping" - * } - * - * On receipt of a ping packet a ping response will be returned: - * - * { - * "success" : 1, - * "site" { * "url":"http:\/\/podunk.edu", * "url_sig":"T8Bp7j5...", * "sitekey": "-----BEGIN PUBLIC KEY----- -- cgit v1.2.3 From 92f60ef51fc8c85f632a245847c75ab27980d0de Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 19:52:18 -0800 Subject: get rid of deprecated post_url() function --- mod/match.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'mod') diff --git a/mod/match.php b/mod/match.php index 23eeb9370..5447f755d 100644 --- a/mod/match.php +++ b/mod/match.php @@ -1,5 +1,9 @@ pager['page'] != 1) $params['p'] = $a->pager['page']; - if(strlen(get_config('system','directory_submit_url'))) - $x = post_url('http://dir.friendica.com/msearch', $params); - else - $x = post_url($a->get_baseurl() . '/msearch', $params); +// if(strlen(get_config('system','directory_submit_url'))) +// $x = post_url('http://dir.friendica.com/msearch', $params); +// else +// $x = post_url($a->get_baseurl() . '/msearch', $params); $j = json_decode($x); -- cgit v1.2.3 From 3fdc3515b5dbfee4582467144d3c2d5eefc6a708 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Dec 2013 23:49:52 -0800 Subject: some work on events permissions --- mod/events.php | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'mod') diff --git a/mod/events.php b/mod/events.php index f43a99cba..77756fb13 100755 --- a/mod/events.php +++ b/mod/events.php @@ -11,7 +11,7 @@ function events_post(&$a) { return; $event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0); - $cid = ((x($_POST,'cid')) ? intval($_POST['cid']) : 0); + $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : ''); $uid = local_user(); $startyear = intval($_POST['startyear']); $startmonth = intval($_POST['startmonth']); @@ -28,6 +28,11 @@ function events_post(&$a) { $adjust = intval($_POST['adjust']); $nofinish = intval($_POST['nofinish']); + // only allow editing your own events. + + if(($xchan) && ($xchan !== get_observer_hash())) + return; + // The default setting for the `private` field in event_store() is false, so mirror that $private_event = false; @@ -389,11 +394,9 @@ function events_content(&$a) { else $sh_checked = (($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' ); - if($cid) + if($orig_event['event_xchan']) $sh_checked .= ' disabled="disabled" '; - - $tpl = get_markup_template('event_form.tpl'); $sdt = ((x($orig_event)) ? $orig_event['start'] : 'now'); @@ -426,6 +429,15 @@ function events_content(&$a) { require_once('include/acl_selectors.php'); + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + + $o .= replace_macros($tpl,array( '$post' => $a->get_baseurl() . '/events', '$eid' => $eid, @@ -453,8 +465,7 @@ function events_content(&$a) { '$t_orig' => $t_orig, '$sh_text' => t('Share this event'), '$sh_checked' => $sh_checked, -// FIXME - '$acl' => (($cid) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $a->user),false)), + '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults))), '$submit' => t('Submit') )); -- cgit v1.2.3 From d9f67876dce5da9ed056726f792e087d142699cb Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Dec 2013 15:15:02 -0800 Subject: refactor magic-auth --- mod/connections.php | 1 - mod/magic.php | 30 +++++-------------------- mod/nogroup.php | 65 ----------------------------------------------------- mod/post.php | 22 +++++------------- 4 files changed, 10 insertions(+), 108 deletions(-) delete mode 100644 mod/nogroup.php (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index 39bef0209..6b3ed113c 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -669,7 +669,6 @@ function connections_content(&$a) { $contacts[] = array( 'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']), 'edit_hover' => t('Edit contact'), - 'photo_menu' => contact_photo_menu($rr), 'id' => $rr['abook_id'], 'alt_text' => $alt_text, 'dir_icon' => $dir_icon, diff --git a/mod/magic.php b/mod/magic.php index 6c8ad24ed..e3b14db62 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -91,8 +91,8 @@ function magic_init(&$a) { if($rev) goaway($dest); else { - logger('mod_magic: channel not found.' . print_r($_REQUEST,true)); - notice( t('Channel not found.') . EOL); + logger('mod_magic: no channels found for requested hub.' . print_r($_REQUEST,true)); + notice( t('Hub not found.') . EOL); return; } } @@ -113,24 +113,9 @@ function magic_init(&$a) { goaway($dest); if($x[0]['hubloc_url'] === z_root()) { - $webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr'])); - switch($dest) { - case 'channel': - $desturl = z_root() . '/channel/' . $webbie; - break; - case 'photos': - $desturl = z_root() . '/photos/' . $webbie; - break; - case 'profile': - $desturl = z_root() . '/profile/' . $webbie; - break; - default: - $desturl = $dest; - break; - } // We are already authenticated on this site and a registered observer. // Just redirect. - goaway($desturl); + goaway($dest); } if(local_user()) { @@ -142,20 +127,15 @@ function magic_init(&$a) { $channel['token'] = $token; $channel['token_sig'] = $token_sig; - - $recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])); - - $hash = random_string(); - $r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')", dbesc('auth'), intval($channel['channel_id']), dbesc($token), - dbesc($x[0]['hubloc_hash']), + dbesc($x[0]['hubloc_url']), dbesc(datetime_convert()) ); - $target_url = $x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@')) ; + $target_url = $x[0]['hubloc_callback']; logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); goaway($target_url diff --git a/mod/nogroup.php b/mod/nogroup.php deleted file mode 100644 index 31ccaadbf..000000000 --- a/mod/nogroup.php +++ /dev/null @@ -1,65 +0,0 @@ -page,'aside')) - $a->page['aside'] = ''; - - $a->page['aside'] .= group_side('contacts','group',false,0,$contact_id); -} - - -function nogroup_content(&$a) { - - if(! local_user()) { - notice( t('Permission denied.') . EOL); - return ''; - } - - require_once('include/Contact.php'); - $r = contacts_not_grouped(local_user()); - if(count($r)) { - $a->set_pager_total($r[0]['total']); - } - $r = contacts_not_grouped(local_user(),$a->pager['start'],$a->pager['itemspage']); - if(count($r)) { - foreach($r as $rr) { - - - $contacts[] = array( - 'img_hover' => sprintf( t('Visit %s\'s profile [%s]'),$rr['name'],$rr['url']), - 'edit_hover' => t('Edit contact'), - 'photo_menu' => contact_photo_menu($rr), - 'id' => $rr['id'], - 'alt_text' => $alt_text, - 'dir_icon' => $dir_icon, - 'thumb' => $rr['thumb'], - 'name' => $rr['name'], - 'username' => $rr['name'], - 'sparkle' => $sparkle, - 'itemurl' => $rr['url'], - 'link' => $url, - 'network' => network_to_name($rr['network']), - ); - } - } - $tpl = get_markup_template("nogroup-template.tpl"); - $o .= replace_macros($tpl,array( - '$header' => t('Contacts who are not members of a group'), - '$contacts' => $contacts, - '$paginate' => paginate($a), - )); - - return $o; - -} diff --git a/mod/post.php b/mod/post.php index 2422afa8c..95821307b 100644 --- a/mod/post.php +++ b/mod/post.php @@ -89,24 +89,11 @@ function post_init(&$a) { if(array_key_exists('auth',$_REQUEST)) { logger('mod_zot: auth request received.'); $address = $_REQUEST['auth']; - $dest = $_REQUEST['dest']; + $desturl = $_REQUEST['dest']; $sec = $_REQUEST['sec']; $version = $_REQUEST['version']; - switch($dest) { - case 'channel': - $desturl = z_root() . '/channel/' . $webbie; - break; - case 'photos': - $desturl = z_root() . '/photos/' . $webbie; - break; - case 'profile': - $desturl = z_root() . '/profile/' . $webbie; - break; - default: - $desturl = $dest; - break; - } + if($webbie) { $c = q("select * from channel where channel_address = '%s' limit 1", dbesc($webbie) @@ -707,6 +694,7 @@ function post_post(&$a) { $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($sender_hash) ); + // We created a unique hash in mod/magic.php when we invoked remote auth, and stored it in // the verify table. It is now coming back to us as 'secret' and is signed by the other site. // First verify their signature. @@ -731,13 +719,13 @@ function post_post(&$a) { $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); - // This additionally checks for forged senders since we already stored the expected result in meta + // This additionally checks for forged sites since we already stored the expected result in meta // and we've already verified that this is them via zot_gethub() and that their key signed our token $z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' and meta = '%s' limit 1", intval($c[0]['channel_id']), dbesc($data['secret']), - dbesc($sender_hash) + dbesc($data['sender']['url']) ); if(! $z) { logger('mod_zot: auth_check: verification key not found.'); -- cgit v1.2.3 From e0f4a76856bc891f7195ba0044518c24fbfac5a9 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Dec 2013 17:35:44 -0800 Subject: magic-auth re-factor --- mod/magic.php | 78 +++++---------------- mod/post.php | 217 ++++++++++++++++++++++++++++------------------------------ 2 files changed, 122 insertions(+), 173 deletions(-) (limited to 'mod') diff --git a/mod/magic.php b/mod/magic.php index e3b14db62..29d16eec5 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -13,64 +13,20 @@ function magic_init(&$a) { $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); - if($hash) { - $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hubloc_hash = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", - dbesc($hash), - intval(HUBLOC_FLAGS_PRIMARY) - ); - } - elseif($addr) { - $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", - dbesc($addr), - intval(HUBLOC_FLAGS_PRIMARY) - ); - } - else { - - // See if we know anybody at the dest site that will unlock the door for us - // This is the equivalent of buzzing every apartment in an apartment block - // to get inside the front gate. The thing about magic auth is that we're - // authenticating to the other site. Permissions provided by various - // channels will still affect what we can do once authenticated. - - $b = explode('/',$dest); - - if(count($b) >= 2) { - $u = $b[0] . '//' . $b[2]; - - if(local_user()) { - // first look for a connection or anybody who knows us - $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - left join abook on abook_xchan = hubloc_hash - where abook_channel = %d and hubloc_url = '%s' order by hubloc_id desc limit 5", - intval(local_user()), - dbesc($u) - ); - } - if(! $x) { - // no luck - ok anybody will do - $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hubloc_url = '%s' order by hubloc_id desc limit 5", - dbesc($u) - ); - } - - if($x) { - // They must have a valid hubloc_addr - while(! strpos($x[0]['hubloc_addr'],'@')) { - array_shift($x); - } - } + $parsed = parse_url($dest); + if(! $parsed) + goaway($dest); - } - } + $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1" + dbesc($basepath) + ); + if(! $x) { - // Finger them if they've never been seen here before + // Somebody new? Finger them if they've never been seen here before if($addr) { $ret = zot_finger($addr,null); @@ -78,10 +34,11 @@ function magic_init(&$a) { $j = json_decode($ret['body'],true); if($j) import_xchan($j); - $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", - dbesc($addr), - intval(HUBLOC_FLAGS_PRIMARY) + + // Now try again + + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1" + dbesc($basepath) ); } } @@ -112,7 +69,7 @@ function magic_init(&$a) { if(! $arr['proceed']) goaway($dest); - if($x[0]['hubloc_url'] === z_root()) { + if((get_observer_hash()) && ($x[0]['hubloc_url'] === z_root())) { // We are already authenticated on this site and a registered observer. // Just redirect. goaway($dest); @@ -143,7 +100,6 @@ function magic_init(&$a) { . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION); } - if(strpos($dest,'/')) - goaway($dest); - goaway(z_root()); + goaway($dest); + } diff --git a/mod/post.php b/mod/post.php index 95821307b..a0628bbfa 100644 --- a/mod/post.php +++ b/mod/post.php @@ -18,27 +18,26 @@ function post_init(&$a) { * Magic Auth * ========== * - * So-called "magic auth" takes place by a special exchange. On the remote computer, a redirection is made to the zot endpoint with special GET parameters. + * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), + * a redirection is made via $mysite/magic to the zot endpoint of the remote site ($remotesite) with special GET parameters. * - * Endpoint: https://example.com/post/name (name is now optional - we are authenticating to a site, not a channel) + * The endpoint is typically https://$remotesite/post - or whatever was specified as the callback url in prior communications + * (we will bootstrap an address and fetch a zot info packet if possible where no prior communications exist) * - * where 'name' is the left hand side of the channel webbie, for instance 'mike' where the webbie is 'mike@zothub.com' + * Four GET parameters are supplied: * - * Additionally four GET parameters are supplied: - * - ** auth => the webbie of the person requesting access + ** auth => the urlencoded webbie (channel@host.domain) of the channel requesting access ** dest => the desired destination URL (urlencoded) - ** sec => a random string which is also stored locally for use during the verification phase. + ** sec => a random string which is also stored on the remote site for use during the verification phase. ** version => the zot revision * - * When this packet is received, a zot message is sent to the site hosting the request auth identity. + * When this packet is received, an "auth-check" zot message is sent to $mysite. * (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post) * If no information has been recorded about the requesting identity a zot information packet will be retrieved before * continuing. * - * The sender of this packet is the name attached to the request endpoint. e.g. 'mike' in this example. If this channel - * cannot be located, we will choose any local channel as the sender. The recipients will be a single recipient corresponding - * to the guid and guid_sig we have associated with the auth identity + * The sender of this packet is a random site user. The recipients will be a single recipient corresponding + * to the guid and guid_sig we have associated with the requesting auth identity * * * { @@ -72,19 +71,13 @@ function post_init(&$a) { * } * * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the - * base64url encoded whirlpool hash of the source guid and guid_sig; signed with the source channel private key. + * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. * * * */ - - if(argc() > 1) { - $webbie = argv(1); - } - else - $webbie = ''; if(array_key_exists('auth',$_REQUEST)) { logger('mod_zot: auth request received.'); @@ -94,28 +87,19 @@ function post_init(&$a) { $version = $_REQUEST['version']; - if($webbie) { - $c = q("select * from channel where channel_address = '%s' limit 1", - dbesc($webbie) - ); - } - if(! $c) { - - // They are authenticating ultimately to the site and not to a particular channel. - // Any channel will do, providing it's currently active. We just need to have an - // identity to attach to the packet we send back. So find one. - - $c = q("select * from channel where not ( channel_pageflags & %d ) limit 1", - intval(PAGE_REMOVED) - ); + // They are authenticating ultimately to the site and not to a particular channel. + // Any channel will do, providing it's currently active. We just need to have an + // identity to attach to the packet we send back. So find one. - if(! $c) { + $c = q("select * from channel where not ( channel_pageflags & %d ) limit 1", + intval(PAGE_REMOVED) + ); - // nobody here + if(! $c) { + // nobody here - logger('mod_zot: auth: unable to find channel ' . $webbie); - goaway($desturl); - } + logger('mod_zot: auth: unable to find a response channel'); + goaway($desturl); } // Try and find a hubloc for the person attempting to auth @@ -140,7 +124,7 @@ function post_init(&$a) { goaway($desturl); } - logger('mod_zot: auth request received from ' . $x[0]['xchan_addr'] . ' for ' . (($webbie) ? $webbie : 'undefined')); + logger('mod_zot: auth request received from ' . $x[0]['xchan_addr'] ); // check credentials and access @@ -153,10 +137,12 @@ function post_init(&$a) { $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote)) ? true : false); if(! $already_authed) { - // Auth packets MUST use ultra top-secret hush-hush mode - $p = zot_build_packet($c[0],$type = 'auth_check', - array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), - $x[0]['hubloc_sitekey'], $sec); + + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key + // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender + // which can be verified + + $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); $result = zot_zot($x[0]['hubloc_callback'],$p); if(! $result['success']) { logger('mod_zot: auth_check callback failed.'); @@ -198,7 +184,7 @@ function post_init(&$a) { logger('mod_zot: auth success from ' . $x[0]['xchan_addr'] . ' for ' . $webbie); } else { - logger('mod_zot: still not authenticated: ' . $x[0]['xchan_addr']); + logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_addr = '%s'", intval(HUBLOC_RECEIVE_ERROR), dbesc($x[0]['xchan_addr']) @@ -378,6 +364,7 @@ function post_post(&$a) { logger('mod_zot: ' . print_r($_REQUEST,true), LOGGER_DEBUG); + $encrypted_packet = false; $ret = array('success' => false); $data = json_decode($_REQUEST['data'],true); @@ -390,17 +377,10 @@ function post_post(&$a) { */ if(array_key_exists('iv',$data)) { + $encrypted_packet = true; $data = crypto_unencapsulate($data,get_config('system','prvkey')); logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA); - -// susceptible to Bleichenbacher's attack -// if(! $data) { -// $ret['message'] = 'Decryption failed.'; -// json_return_and_die($ret); -// } - $data = json_decode($data,true); - } if(! $data) { @@ -539,6 +519,8 @@ function post_post(&$a) { } + + /** * All other message types require us to verify the sender. This is a generic check, so we * will do it once here and bail if anything goes wrong. @@ -593,6 +575,78 @@ function post_post(&$a) { if(array_key_exists('recipients',$data)) $recipients = $data['recipients']; + + if($msgtype === 'auth_check') { + + logger('mod_zot: auth_check', LOGGER_DEBUG); + + if(! $encrypted_packet) { + logger('mod_zot: auth_check packet was not encrypted.'); + json_return_and_die($ret); + } + + $arr = $data['sender']; + $sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); + + // garbage collect any old unused notifications + q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE"); + + $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", + dbesc($sender_hash) + ); + + // We created a unique hash in mod/magic.php when we invoked remote auth, and stored it in + // the verify table. It is now coming back to us as 'secret' and is signed by a channel at the other end. + // First verify their signature. We will have obtained a zot-info packet from them as part of the sender + // verification. + + if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { + logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); + json_return_and_die($ret); + } + + // There should be exactly one recipient, the original auth requestor + + if($data['recipients']) { + + $arr = $data['recipients'][0]; + $recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); + $c = q("select channel_id, channel_prvkey from channel where channel_hash = '%s' limit 1", + dbesc($recip_hash) + ); + if(! $c) { + logger('mod_zot: auth_check: recipient channel not found.'); + json_return_and_die($ret); + } + + $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); + + // This additionally checks for forged sites since we already stored the expected result in meta + // and we've already verified that this is them via zot_gethub() and that their key signed our token + + $z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' and meta = '%s' limit 1", + intval($c[0]['channel_id']), + dbesc($data['secret']), + dbesc($data['sender']['url']) + ); + if(! $z) { + logger('mod_zot: auth_check: verification key not found.'); + json_return_and_die($ret); + } + $r = q("delete from verify where id = %d limit 1", + intval($z[0]['id']) + ); + + logger('mod_zot: auth_check: success', LOGGER_DEBUG); + $ret['success'] = true; + $ret['confirm'] = $confirm; + json_return_and_die($ret); + + } + json_return_and_die($ret); + } + + if($msgtype === 'purge') { if($recipients) { // basically this means "unfriend" @@ -683,67 +737,6 @@ function post_post(&$a) { } - if($msgtype === 'auth_check') { - logger('mod_zot: auth_check'); - $arr = $data['sender']; - $sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); - - // garbage collect any old unused notifications - q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE"); - - $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", - dbesc($sender_hash) - ); - - // We created a unique hash in mod/magic.php when we invoked remote auth, and stored it in - // the verify table. It is now coming back to us as 'secret' and is signed by the other site. - // First verify their signature. - - if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { - logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); - json_return_and_die($ret); - } - - // There should be exactly one recipient - if($data['recipients']) { - - $arr = $data['recipients'][0]; - $recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); - $c = q("select channel_id, channel_prvkey from channel where channel_hash = '%s' limit 1", - dbesc($recip_hash) - ); - if(! $c) { - logger('mod_zot: auth_check: recipient channel not found.'); - json_return_and_die($ret); - } - - $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); - - // This additionally checks for forged sites since we already stored the expected result in meta - // and we've already verified that this is them via zot_gethub() and that their key signed our token - - $z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' and meta = '%s' limit 1", - intval($c[0]['channel_id']), - dbesc($data['secret']), - dbesc($data['sender']['url']) - ); - if(! $z) { - logger('mod_zot: auth_check: verification key not found.'); - json_return_and_die($ret); - } - $r = q("delete from verify where id = %d limit 1", - intval($z[0]['id']) - ); - - logger('mod_zot: auth_check: success', LOGGER_DEBUG); - $ret['success'] = true; - $ret['confirm'] = $confirm; - json_return_and_die($ret); - - } - json_return_and_die($ret); - } - // catchall json_return_and_die($ret); -- cgit v1.2.3 From 645e897852c1e9b95923ba5a2faf07f63a49d537 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Dec 2013 19:06:54 -0800 Subject: more work on magic-auth --- mod/magic.php | 4 ++-- mod/post.php | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 4 deletions(-) (limited to 'mod') diff --git a/mod/magic.php b/mod/magic.php index 29d16eec5..a268f1ecb 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -20,7 +20,7 @@ function magic_init(&$a) { $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); - $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1" + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", dbesc($basepath) ); @@ -37,7 +37,7 @@ function magic_init(&$a) { // Now try again - $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1" + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", dbesc($basepath) ); } diff --git a/mod/post.php b/mod/post.php index a0628bbfa..a7143aaf1 100644 --- a/mod/post.php +++ b/mod/post.php @@ -28,7 +28,7 @@ function post_init(&$a) { * ** auth => the urlencoded webbie (channel@host.domain) of the channel requesting access ** dest => the desired destination URL (urlencoded) - ** sec => a random string which is also stored on the remote site for use during the verification phase. + ** sec => a random string which is also stored on $mysite for use during the verification phase. ** version => the zot revision * * When this packet is received, an "auth-check" zot message is sent to $mysite. @@ -36,7 +36,7 @@ function post_init(&$a) { * If no information has been recorded about the requesting identity a zot information packet will be retrieved before * continuing. * - * The sender of this packet is a random site user. The recipients will be a single recipient corresponding + * The sender of this packet is a random site channel. The recipients will be a single recipient corresponding * to the guid and guid_sig we have associated with the requesting auth identity * * @@ -578,6 +578,19 @@ function post_post(&$a) { if($msgtype === 'auth_check') { + /** + * Requestor visits /magic/?dest=somewhere on their own site with a browser + * magic redirects them to $destsite/post [with auth args....] + * $destsite sends an auth_check packet to originator site + * The auth_check packet is handled here by the originator's site + * - the browser session is still waiting + * inside $destsite/post for everything to verify + * If everything checks out we'll return a token to $destsite + * and then $destsite will verify the token, authenticate the browser + * session and then redirect to the original destination. + * If authentication fails, the redirection to the original destination + * will still take place but without authentication. + */ logger('mod_zot: auth_check', LOGGER_DEBUG); if(! $encrypted_packet) { -- cgit v1.2.3 From 6c321be03c8edd062866b1775bca560beec9d602 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 3 Dec 2013 15:35:13 -0800 Subject: reorganise a few included functions - notably identity related functions --- mod/profile.php | 1 - 1 file changed, 1 deletion(-) (limited to 'mod') diff --git a/mod/profile.php b/mod/profile.php index d59602ba0..cd5c3eeef 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -116,7 +116,6 @@ function profile_content(&$a, $update = 0) { $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); - require_once('include/profile_advanced.php'); $o .= advanced_profile($a); call_hooks('profile_advanced',$o); return $o; -- cgit v1.2.3 From f57909d19075ffe74358ce2cb48c4be66e964a7c Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 3 Dec 2013 16:31:05 -0800 Subject: on successful magic-auth, put remote_service_class and remote_hub into the session --- mod/post.php | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index a7143aaf1..e65cb0968 100644 --- a/mod/post.php +++ b/mod/post.php @@ -36,7 +36,7 @@ function post_init(&$a) { * If no information has been recorded about the requesting identity a zot information packet will be retrieved before * continuing. * - * The sender of this packet is a random site channel. The recipients will be a single recipient corresponding + * The sender of this packet is an arbitrary/random site channel. The recipients will be a single recipient corresponding * to the guid and guid_sig we have associated with the requesting auth identity * * @@ -68,12 +68,15 @@ function post_init(&$a) { * { * "success":1, * "confirm":"q0Ysovd1u..." + * "service_class":(optional) * } * * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. + * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is + * a string whose contents are not defined by protocol. Example: "basic" or "gold". * * * @@ -133,6 +136,8 @@ function post_init(&$a) { $remote = remote_user(); $result = null; + $remote_service_class = ''; + $remote_hub = $x[0]['hubloc_url']; $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote)) ? true : false); @@ -158,6 +163,8 @@ function post_init(&$a) { logger('mod_zot: auth: final confirmation failed.'); goaway($desturl); } + if(array_key_exists('service_class',$j)) + $remote_service_class = $j['service_class']; } // everything is good... maybe if(local_user()) { @@ -172,16 +179,20 @@ function post_init(&$a) { goaway($desturl); } // log them in + $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $x[0]['xchan_hash']; $_SESSION['my_address'] = $address; - $arr = array('xchan' => $x[0], 'url' => $desturl, 'channel_address' => $webbie); + $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_hub'] = $remote_hub; + + $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); call_hooks('magic_auth_success',$arr); $a->set_observer($x[0]); require_once('include/security.php'); $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); - logger('mod_zot: auth success from ' . $x[0]['xchan_addr'] . ' for ' . $webbie); + logger('mod_zot: auth success from ' . $x[0]['xchan_addr']); } else { logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); @@ -624,7 +635,7 @@ function post_post(&$a) { $arr = $data['recipients'][0]; $recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); - $c = q("select channel_id, channel_prvkey from channel where channel_hash = '%s' limit 1", + $c = q("select channel_id, channel_account_id, channel_prvkey from channel where channel_hash = '%s' limit 1", dbesc($recip_hash) ); if(! $c) { @@ -650,9 +661,15 @@ function post_post(&$a) { intval($z[0]['id']) ); + $u = q("select account_service_class from account where account_id = %d limit 1", + intval($c[0]['channel_account_id']) + ); + logger('mod_zot: auth_check: success', LOGGER_DEBUG); $ret['success'] = true; $ret['confirm'] = $confirm; + if($u && $u[0]['account_service_class']) + $ret['service_class'] = $u[0]['account_service_class']; json_return_and_die($ret); } -- cgit v1.2.3 From 7187c493e16abc98a8e1ed53d63a3d93e63db4af Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 3 Dec 2013 17:55:10 -0800 Subject: add hooks to zot-finger and import_xchan --- mod/zfinger.php | 1 + 1 file changed, 1 insertion(+) (limited to 'mod') diff --git a/mod/zfinger.php b/mod/zfinger.php index ff1bf3a35..0827f3424 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -252,6 +252,7 @@ function zfinger_init(&$a) { $ret['site']['location'] = get_config('system','site_location'); } + call_hooks('zot_finger',$ret); json_return_and_die($ret); } -- cgit v1.2.3 From d8903f09f5a6d637b4258632eee16859373e1893 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 4 Dec 2013 00:19:29 -0800 Subject: include re-organisation and more doco, post_to_red fix ampersands in categories --- mod/channel.php | 31 +++++++++---------------------- mod/post.php | 4 ++-- mod/profile.php | 17 +++++++++-------- 3 files changed, 20 insertions(+), 32 deletions(-) (limited to 'mod') diff --git a/mod/channel.php b/mod/channel.php index f36636023..2014cd08b 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -1,5 +1,14 @@ profile['profile_uid']) return; @@ -64,16 +71,6 @@ function channel_content(&$a, $update = 0, $load = false) { $category = $datequery = $datequery2 = ''; - // if(argc() > 2) { - // for($x = 2; $x < argc(); $x ++) { - // if(is_a_date_arg(argv($x))) { - // if($datequery) - // $datequery2 = escape_tags(argv($x)); - // else - // $datequery = escape_tags(argv($x)); - // } - // } - // } $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); @@ -81,16 +78,6 @@ function channel_content(&$a, $update = 0, $load = false) { return login(); } - - - require_once("include/bbcode.php"); - require_once('include/security.php'); - require_once('include/conversation.php'); - require_once('include/acl_selectors.php'); - require_once('include/items.php'); - require_once('include/permissions.php'); - - $category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : ''); $groups = array(); diff --git a/mod/post.php b/mod/post.php index e65cb0968..627e13fa0 100644 --- a/mod/post.php +++ b/mod/post.php @@ -196,9 +196,9 @@ function post_init(&$a) { } else { logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); - q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_addr = '%s'", + q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", intval(HUBLOC_RECEIVE_ERROR), - dbesc($x[0]['xchan_addr']) + intval($x[0]['hubloc_id']) ); } diff --git a/mod/profile.php b/mod/profile.php index cd5c3eeef..a307905e6 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -1,4 +1,12 @@ - Date: Wed, 4 Dec 2013 18:30:14 -0800 Subject: add poco and follow to default xchan creation --- mod/import.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/import.php b/mod/import.php index e2e54c0cd..94d41455d 100644 --- a/mod/import.php +++ b/mod/import.php @@ -214,7 +214,7 @@ function import_post(&$a) { dbesc($channel['channel_hash']) ); - $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_photo_date, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", dbesc($channel['channel_hash']), dbesc($channel['channel_guid']), dbesc($channel['channel_guid_sig']), @@ -224,6 +224,8 @@ function import_post(&$a) { dbesc($a->get_baseurl() . "/photo/profile/s/" . $channel['channel_id']), dbesc($channel['channel_address'] . '@' . get_app()->get_hostname()), dbesc(z_root() . '/channel/' . $channel['channel_address']), + dbesc(z_root() . '/follow?f=&url=%s'), + dbesc(z_root() . '/poco/' . $channel['channel_address']), dbesc($channel['channel_name']), dbesc('zot'), dbesc(datetime_convert()), -- cgit v1.2.3 From cc1e906825dd30f74d0a30190a7dd2a26d6b1642 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 4 Dec 2013 23:54:46 -0800 Subject: generate a small amount of entropy to avoid duplicate notifications from essentially simultaneous deliveries. --- mod/post.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 627e13fa0..e589378dc 100644 --- a/mod/post.php +++ b/mod/post.php @@ -127,7 +127,7 @@ function post_init(&$a) { goaway($desturl); } - logger('mod_zot: auth request received from ' . $x[0]['xchan_addr'] ); + logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] ); // check credentials and access @@ -139,7 +139,9 @@ function post_init(&$a) { $remote_service_class = ''; $remote_hub = $x[0]['hubloc_url']; - $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote)) ? true : false); + // Also check that they are coming from the same site as they authenticated with originally. + + $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); if(! $already_authed) { -- cgit v1.2.3 From 0e9df93a69b79cf50d7fe882ef0ca3f87b8fdccb Mon Sep 17 00:00:00 2001 From: zottel Date: Thu, 5 Dec 2013 13:44:31 +0100 Subject: Make it possible to change visibility without changing name. --- mod/group.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/group.php b/mod/group.php index 46386be0d..5a34ab6fb 100644 --- a/mod/group.php +++ b/mod/group.php @@ -49,7 +49,7 @@ function group_post(&$a) { $groupname = notags(trim($_POST['groupname'])); $public = intval($_POST['public']); - if((strlen($groupname)) && ($groupname != $group['name'])) { + if((strlen($groupname)) && (($groupname != $group['name']) || ($public != $group['visible']))) { $r = q("UPDATE `group` SET `name` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($groupname), intval($public), @@ -57,7 +57,7 @@ function group_post(&$a) { intval($group['id']) ); if($r) - info( t('Collection name changed.') . EOL ); + info( t('Collection updated.') . EOL ); } goaway(z_root() . '/group/' . argv(1) . '/' . argv(2)); -- cgit v1.2.3 From d66d8ff524203ccc0fae894b483178b2f706b711 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 5 Dec 2013 15:40:50 -0800 Subject: mod_authtest --- magic-auth diagnostic for those that are too freaking important to read logs or code and expect others to be able to debug complex authentication transactions with no information beyond "it didn't work". This will provide a transaction report including both sides of the exchange that you can paste into a bug report and that a developer can actually figure out where in the transaction that things went wrong and maybe even be able to then figure out why. --- mod/authtest.php | 43 +++++++++++++++++++++++++++++++++++++ mod/magic.php | 48 +++++++++++++++++++++++++++++++++++------- mod/post.php | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 146 insertions(+), 9 deletions(-) create mode 100644 mod/authtest.php (limited to 'mod') diff --git a/mod/authtest.php b/mod/authtest.php new file mode 100644 index 000000000..ec32fe171 --- /dev/null +++ b/mod/authtest.php @@ -0,0 +1,43 @@ +Magic-Auth Diagnostic'; + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return $o; + } + + $o .= '
'; + $o .= 'Target URL: '; + $o .= '
'; + + $o .= '

'; + + if(x($_GET,'dest')) { + $_REQUEST['test'] = 1; + $x = magic_init($a); + $o .= 'Local Setup returns: ' . print_r($x,true); + + + + if($x['url']) { + $z = z_fetch_url($x['url'] . '&test=1'); + if($z['success']) { + $j = json_decode($z['body'],true); + $o .= 'Remote site responded: ' . print_r($j,true); + } + else { + $o .= 'fetch url failure.' . print_r($z,true); + } + } + } + + return str_replace("\n",'
',$o); +} diff --git a/mod/magic.php b/mod/magic.php index a268f1ecb..03d09e70d 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -4,6 +4,7 @@ function magic_init(&$a) { + $ret = array('success' => false, 'url' => '', 'message' => ''); logger('mod_magic: invoked', LOGGER_DEBUG); logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA); @@ -11,12 +12,18 @@ function magic_init(&$a) { $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); $hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : ''); $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); - $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); + $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); $parsed = parse_url($dest); - if(! $parsed) + if(! $parsed) { + if($test) { + $ret['message'] .= 'could not parse ' . $dest . EOL; + return($ret); + } goaway($dest); + } $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); @@ -49,6 +56,10 @@ function magic_init(&$a) { goaway($dest); else { logger('mod_magic: no channels found for requested hub.' . print_r($_REQUEST,true)); + if($test) { + $ret['message'] .= 'This site has no previous connections with ' . $basepath . EOL; + return $ret; + } notice( t('Hub not found.') . EOL); return; } @@ -66,12 +77,22 @@ function magic_init(&$a) { call_hooks('magic_auth',$arr); $dest = $arr['destination']; - if(! $arr['proceed']) + if(! $arr['proceed']) { + if($test) { + $ret['message'] .= 'cancelled by plugin.' . EOL; + return $ret; + } goaway($dest); + } if((get_observer_hash()) && ($x[0]['hubloc_url'] === z_root())) { // We are already authenticated on this site and a registered observer. // Just redirect. + if($test) { + $ret['success'] = true; + $ret['message'] .= 'Local site - you are already authenticated.' . EOL; + return $ret; + } goaway($dest); } @@ -92,12 +113,25 @@ function magic_init(&$a) { dbesc(datetime_convert()) ); - $target_url = $x[0]['hubloc_callback']; + $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname()) + . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION; + logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); - goaway($target_url - . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . $a->get_hostname()) - . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION); + if($test) { + $ret['success'] = true; + $ret['url'] = $target_url; + $ret['message'] = 'token ' . $token . ' created for channel ' . $channel['channel_id'] . ' for url ' . $x[0]['hubloc_url'] . EOL; + return $ret; + } + + goaway($target_url); + + } + + if($test) { + $ret['message'] = 'Not authenticated or invalid arguments to mod_magic' . EOL; + return $ret; } goaway($dest); diff --git a/mod/post.php b/mod/post.php index e589378dc..31f17a873 100644 --- a/mod/post.php +++ b/mod/post.php @@ -83,12 +83,15 @@ function post_init(&$a) { */ if(array_key_exists('auth',$_REQUEST)) { + + $ret = array('success' => false, 'message' => ''); + logger('mod_zot: auth request received.'); $address = $_REQUEST['auth']; $desturl = $_REQUEST['dest']; $sec = $_REQUEST['sec']; $version = $_REQUEST['version']; - + $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); // They are authenticating ultimately to the site and not to a particular channel. // Any channel will do, providing it's currently active. We just need to have an @@ -100,8 +103,12 @@ function post_init(&$a) { if(! $c) { // nobody here - logger('mod_zot: auth: unable to find a response channel'); + if($test) { + $ret['message'] .= 'no local channels found.' . EOL; + json_return_and_die($ret); + } + goaway($desturl); } @@ -124,6 +131,12 @@ function post_init(&$a) { } if(! $x) { logger('mod_zot: auth: unable to finger ' . $address); + + if($test) { + $ret['message'] .= 'no hubloc found for ' . $address . ' and probing failed.' . EOL; + json_return_and_die($ret); + } + goaway($desturl); } @@ -143,6 +156,8 @@ function post_init(&$a) { $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + $j = array(); + if(! $already_authed) { // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key @@ -150,9 +165,21 @@ function post_init(&$a) { // which can be verified $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); + if($test) { + $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL; + $ret['message'] .= 'packet contents: ' . $p . EOL; + } + $result = zot_zot($x[0]['hubloc_callback'],$p); + + $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; + if(! $result['success']) { logger('mod_zot: auth_check callback failed.'); + if($test) { + json_return_and_die($ret); + } + goaway($desturl); } $j = json_decode($result['body'],true); @@ -163,6 +190,11 @@ function post_init(&$a) { // legit response, but we do need to check that this wasn't answered by a man-in-middle if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { logger('mod_zot: auth: final confirmation failed.'); + if($test) { + $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true); + json_return_and_die($ret); + } + goaway($desturl); } if(array_key_exists('service_class',$j)) @@ -177,11 +209,23 @@ function post_init(&$a) { if($a->channel['channel_hash'] != $x[0]['xchan_hash']) { logger('mod_zot: auth: already authenticated locally as somebody else.'); notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); + if($test) { + $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; + json_return_and_die($ret); + } + } goaway($desturl); } // log them in + if($test) { + $ret['success'] = true; + $ret['message'] .= 'Success' . EOL; + json_return_and_die($ret); + } + + $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $x[0]['xchan_hash']; $_SESSION['my_address'] = $address; @@ -197,6 +241,11 @@ function post_init(&$a) { logger('mod_zot: auth success from ' . $x[0]['xchan_addr']); } else { + if($test) { + $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + json_return_and_dir($ret); + } + logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", intval(HUBLOC_RECEIVE_ERROR), @@ -208,6 +257,11 @@ function post_init(&$a) { // This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again. // But z_root() probably isn't where you really want to go. + if($test) { + $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + json_return_and_dir($ret); + } + if(strstr($desturl,z_root() . '/rmagic')) goaway(z_root()); @@ -608,6 +662,7 @@ function post_post(&$a) { if(! $encrypted_packet) { logger('mod_zot: auth_check packet was not encrypted.'); + $ret['message'] .= 'no packet encryption' . EOL; json_return_and_die($ret); } @@ -628,11 +683,14 @@ function post_post(&$a) { if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); + $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; json_return_and_die($ret); } // There should be exactly one recipient, the original auth requestor + $ret['message'] .= 'recipients ' . print_r($recipients,true) . EOL; + if($data['recipients']) { $arr = $data['recipients'][0]; @@ -642,6 +700,7 @@ function post_post(&$a) { ); if(! $c) { logger('mod_zot: auth_check: recipient channel not found.'); + $ret['message'] .= 'recipient not found.' . EOL; json_return_and_die($ret); } @@ -657,6 +716,7 @@ function post_post(&$a) { ); if(! $z) { logger('mod_zot: auth_check: verification key not found.'); + $ret['message'] .= 'verification key not found' . EOL; json_return_and_die($ret); } $r = q("delete from verify where id = %d limit 1", -- cgit v1.2.3 From 539988b62f20d73f097ee24d5a7fb6d23fa9fd4d Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 5 Dec 2013 15:55:14 -0800 Subject: couple of additional checks --- mod/post.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/post.php b/mod/post.php index 31f17a873..73345c4e9 100644 --- a/mod/post.php +++ b/mod/post.php @@ -172,19 +172,30 @@ function post_init(&$a) { $result = zot_zot($x[0]['hubloc_callback'],$p); - $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; if(! $result['success']) { logger('mod_zot: auth_check callback failed.'); if($test) { + $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; json_return_and_die($ret); } goaway($desturl); } $j = json_decode($result['body'],true); + if(! $j) { + logger('mod_zot: auth_check json data malformed.'); + if($test) { + $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; + json_return_and_die($ret); + } + } } + if($test) { + $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; + } + if($already_authed || $j['success']) { if($j['success']) { // legit response, but we do need to check that this wasn't answered by a man-in-middle -- cgit v1.2.3 From 38577cf26cc241245731f786704ac773bfc52952 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 5 Dec 2013 18:17:16 -0800 Subject: issue #225 --- mod/authtest.php | 2 ++ mod/profile_photo.php | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/authtest.php b/mod/authtest.php index ec32fe171..2c8d7b4b4 100644 --- a/mod/authtest.php +++ b/mod/authtest.php @@ -31,6 +31,8 @@ function authtest_content(&$a) { $z = z_fetch_url($x['url'] . '&test=1'); if($z['success']) { $j = json_decode($z['body'],true); + if(! $j) + $o .= 'json_decode failure from remote site. ' . print_r($z['body'],true); $o .= 'Remote site responded: ' . print_r($j,true); } else { diff --git a/mod/profile_photo.php b/mod/profile_photo.php index f8eda43cf..7893cc302 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -42,7 +42,7 @@ function profile_photo_post(&$a) { intval($_REQUEST['profile']), intval(local_user()) ); - if(count($r) && (! intval($r[0]['is_default']))) + if(($r) && (! intval($r[0]['is_default']))) $is_default_profile = 0; } -- cgit v1.2.3 From 1c3c3c64bc5811d91521eaaba4c2bd5fce21ebcb Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 5 Dec 2013 19:07:59 -0800 Subject: issue #224 --- mod/network.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index 6c0b84873..cf157fad6 100644 --- a/mod/network.php +++ b/mod/network.php @@ -477,6 +477,12 @@ function network_content(&$a, $update = 0, $load = false) { $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; + $x = group_rec_byhash(local_user(), $group_hash); + + if($x) + $o = '

' . t('Collection: ') . $x['name'] . '

' . $o; + + } elseif($cid) { -- cgit v1.2.3 From b3f622022608567334406475b190b315815361b3 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 5 Dec 2013 19:23:30 -0800 Subject: make some "selection-is-selected" classes work again --- mod/network.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index cf157fad6..8375dada2 100644 --- a/mod/network.php +++ b/mod/network.php @@ -99,7 +99,7 @@ function network_init(&$a) { } - $a->page['aside'] .= group_side('network','network',true,$group_id); + $a->page['aside'] .= group_side('network','network',true,$_GET['gid']); $a->page['aside'] .= posted_date_widget($a->get_baseurl() . '/network',local_user(),false); $a->page['aside'] .= saved_searches($search); -- cgit v1.2.3 From 28ac593e67be5ad649a90752ebac533a972a227c Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 5 Dec 2013 20:34:39 -0800 Subject: remove some cruft --- mod/network.php | 74 ++++----------------------------------------------------- 1 file changed, 5 insertions(+), 69 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index 8375dada2..b108b763f 100644 --- a/mod/network.php +++ b/mod/network.php @@ -1,6 +1,11 @@ profile_uid = local_user(); head_set_icon($channel['xchan_photo_s']); - $is_a_date_query = false; - - if($a->argc > 1) { - for($x = 1; $x < $a->argc; $x ++) { - if(is_a_date_arg($a->argv[$x])) { - $is_a_date_query = true; - break; - } - } - } - // convert query string to array and remove first element (wich is friendica args) - $query_array = array(); - parse_str($a->query_string, $query_array); - array_shift($query_array); - - // fetch last used tab and redirect if needed - $sel_tabs = network_query_get_sel_tab($a); - $last_sel_tabs = get_pconfig(local_user(), 'network.view','tab.selected'); - if (is_array($last_sel_tabs)){ - $tab_urls = array( - '/network?f=&order=comment',//all - '/network?f=&order=post', //postord - '/network?f=&conv=1', //conv - '/network/new', //new - '/network?f=&star=1', //starred - '/network?f=&spam=1', //spam - ); - - // redirect if current selected tab is 'no_active' and - // last selected tab is _not_ 'all_active'. - // and this isn't a date query - - if ($sel_tabs[0] == 'active' && $last_sel_tabs[0]!='active' && (! $is_a_date_query)) { - $k = array_search('active', $last_sel_tabs); - - // merge tab querystring with request querystring - $dest_qa = array(); - list($dest_url,$dest_qs) = explode("?", $tab_urls[$k]); - parse_str( $dest_qs, $dest_qa); - $dest_qa = array_merge($query_array, $dest_qa); - $dest_qs = build_querystring($dest_qa); - - // groups filter is in form of "network/nnn". Add it to $dest_url, if it's possible - if ($a->argc==2 && is_numeric($a->argv[1]) && strpos($dest_url, "/",1)===false){ - $dest_url .= "/".$a->argv[1]; - } - -// goaway($a->get_baseurl() . $dest_url."?".$dest_qs); - } - } - - - require_once('include/group.php'); - require_once('include/contact_widgets.php'); - require_once('include/items.php'); - if(! x($a->page,'aside')) $a->page['aside'] = ''; @@ -247,7 +196,6 @@ function network_query_get_sel_tab($a) { function network_content(&$a, $update = 0, $load = false) { - require_once('include/conversation.php'); if(! local_user()) { $_SESSION['return_url'] = $a->query_string; @@ -255,7 +203,6 @@ function network_content(&$a, $update = 0, $load = false) { } - $arr = array('query' => $a->query_string); call_hooks('network_content_init', $arr); @@ -359,17 +306,6 @@ function network_content(&$a, $update = 0, $load = false) { - - // save selected tab, but only if not in search or file mode -// if(!x($_GET,'search') && !x($_GET,'file')) { -// set_pconfig( local_user(), 'network.view','tab.selected',array($all_active, $postord_active, $conv_active, $new_active, $starred_active, $bookmarked_active, $spam_active) ); -// } - - - $contact_id = $a->cid; - - require_once('include/acl_selectors.php'); - $cid = ((x($_GET,'cid')) ? intval($_GET['cid']) : 0); $star = ((x($_GET,'star')) ? intval($_GET['star']) : 0); $order = ((x($_GET,'order')) ? notags($_GET['order']) : 'comment'); -- cgit v1.2.3 From 7ae371d2865c063144490fbd6e1097f90c75eaf3 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 5 Dec 2013 20:40:27 -0800 Subject: couple of errant SQL queries --- mod/profile_photo.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/profile_photo.php b/mod/profile_photo.php index 7893cc302..e86e2a828 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -119,7 +119,7 @@ function profile_photo_post(&$a) { dbesc($base_image['resource_id']), intval(local_user()) ); - $r = q("UPDATE photo SET ( photo_flags ^ %d ) WHERE (photo_flags & %d ) + $r = q("UPDATE photo SET photo_flags = ( photo_flags ^ %d ) WHERE ( photo_flags & %d ) AND resource_id != '%s' AND `uid` = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), @@ -236,7 +236,7 @@ function profile_photo_content(&$a) { // unset any existing profile photos $r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d", intval(local_user())); - $r = q("UPDATE photo SET (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d", + $r = q("UPDATE photo SET photo_flags = (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), intval(local_user())); -- cgit v1.2.3 From 78d19f3395e8fd0660e58498c15850e1323ec4b3 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 5 Dec 2013 21:00:14 -0800 Subject: move profile tabs and network/matrix tabs to include/conversation --- mod/network.php | 127 +------------------------------------------------------- 1 file changed, 2 insertions(+), 125 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index b108b763f..18173043e 100644 --- a/mod/network.php +++ b/mod/network.php @@ -129,69 +129,6 @@ function saved_searches($search) { } -/** - * Return selected tab from query - * - * urls -> returns - * '/network' => $no_active = 'active' - * '/network?f=&order=comment' => $comment_active = 'active' - * '/network?f=&order=post' => $postord_active = 'active' - * '/network?f=&conv=1', => $conv_active = 'active' - * '/network/new', => $new_active = 'active' - * '/network?f=&star=1', => $starred_active = 'active' - * '/network?f=&spam=1', => $spam_active = 'active' - * - * @return Array ( $no_active, $comment_active, $postord_active, $conv_active, $new_active, $starred_active, $spam_active ); - */ -function network_query_get_sel_tab($a) { - $no_active=''; - $starred_active = ''; - $new_active = ''; - $all_active = ''; - $search_active = ''; - $conv_active = ''; - $spam_active = ''; - $postord_active = ''; - - if(x($_GET,'new')) { - $new_active = 'active'; - } - - if(x($_GET,'search')) { - $search_active = 'active'; - } - - if(x($_GET,'star')) { - $starred_active = 'active'; - } - - if(x($_GET,'conv')) { - $conv_active = 'active'; - } - - if(x($_GET,'spam')) { - $spam_active = 'active'; - } - - - - if (($new_active == '') - && ($starred_active == '') - && ($conv_active == '') - && ($search_active == '') - && ($spam_active == '')) { - $no_active = 'active'; - } - - if ($no_active=='active' && x($_GET,'order')) { - switch($_GET['order']){ - case 'post': $postord_active = 'active'; $no_active=''; break; - case 'comment' : $all_active = 'active'; $no_active=''; break; - } - } - - return array($no_active, $all_active, $postord_active, $conv_active, $new_active, $starred_active, $spam_active); -} function network_content(&$a, $update = 0, $load = false) { @@ -244,67 +181,9 @@ function network_content(&$a, $update = 0, $load = false) { $o = ''; - // item filter tabs - // TODO: fix this logic, reduce duplication - //$a->page['content'] .= '
'; - list($no_active, $all_active, $postord_active, $conv_active, $new_active, $starred_active, $spam_active) = network_query_get_sel_tab($a); - // if no tabs are selected, defaults to comments - if ($no_active=='active') $all_active='active'; - //echo "
"; var_dump($no_active, $all_active, $postord_active, $conv_active, $new_active, $starred_active, $bookmarked_active, $spam_active); killme();
-
-	$cmd = (($datequery) ? '' : $a->cmd);
-	$len_naked_cmd = strlen(str_replace('/new','',$cmd));		
-
-	// tabs
-	$tabs = array(
-		array(
-			'label' => t('Commented Order'),
-			'url'=>$a->get_baseurl(true) . '/' . $cmd . '?f=&order=comment' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), 
-			'sel'=>$all_active,
-			'title'=> t('Sort by Comment Date'),
-		),
-		array(
-			'label' => t('Posted Order'),
-			'url'=>$a->get_baseurl(true) . '/' . $cmd . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), 
-			'sel'=>$postord_active,
-			'title' => t('Sort by Post Date'),
-		),
-
-		array(
-			'label' => t('Personal'),
-			'url' => $a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1',
-			'sel' => $conv_active,
-			'title' => t('Posts that mention or involve you'),
-		),
-		array(
-			'label' => t('New'),
-			'url' => $a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&new=1',
-			'sel' => $new_active,
-			'title' => t('Activity Stream - by date'),
-		),
-
-	);
-
-	if(feature_enabled(local_user(),'star_posts')) 
-		$tabs[] = array(
-			'label' => t('Starred'),
-			'url'=>$a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1',
-			'sel'=>$starred_active,
-			'title' => t('Favourite Posts'),
-		);
-
-	// Not yet implemented
-
-	if(feature_enabled(local_user(),'spam_filter')) 
-		$tabs[] = array(
-			'label' => t('Spam'),
-			'url'=>$a->get_baseurl(true) . '/network?f=&spam=1',
-			'sel'=> $spam_active,
-			'title' => t('Posts flagged as SPAM'),
-		);	
-
 
+	// if no tabs are selected, defaults to comments
 
 	$cid = ((x($_GET,'cid')) ? intval($_GET['cid']) : 0);
 	$star = ((x($_GET,'star')) ? intval($_GET['star']) : 0);
@@ -344,10 +223,8 @@ function network_content(&$a, $update = 0, $load = false) {
 			$o .= $arr['html']; 
 		}
  	
-		$arr = array('tabs' => $tabs);
-		call_hooks('network_tabs', $arr);
 
-		$o .= replace_macros(get_markup_template('common_tabs.tpl'), array('$tabs'=> $arr['tabs']));
+		$o .= network_tabs();
 
 		// --- end item filter tabs
 
-- 
cgit v1.2.3


From 1aa79d9ee69bbb7afb2c9b87579aad252ef66730 Mon Sep 17 00:00:00 2001
From: friendica 
Date: Fri, 6 Dec 2013 00:02:39 -0800
Subject: some code cleanup - gad I forgot what a mess the "other"
 notifications tabs (everything but system) were in. Maybe I'll just remove
 them so we can start over.

---
 mod/notifications.php | 106 +++++---------------------------------------------
 mod/settings.php      |  64 ------------------------------
 2 files changed, 9 insertions(+), 161 deletions(-)

(limited to 'mod')

diff --git a/mod/notifications.php b/mod/notifications.php
index 397ed272b..18f515704 100644
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -106,110 +106,22 @@ function notifications_content(&$a) {
 	
 	$o = "";
 
-//Disabled
 	
-	if( (($a->argc > 1) && ($a->argv[1] == 'intros')) || (($a->argc == 1))) {
+	if((argc() > 1) && (argv(1) == 'intros')) {
 		nav_set_selected('introductions');
-		if(($a->argc > 2) && ($a->argv[2] == 'all'))
-			$sql_extra = '';
-		else
-			$sql_extra = " AND `ignore` = 0 ";
-		
-		$notif_tpl = get_markup_template('notifications.tpl');
 		
-		$notif_content .= ''
-			. ((strlen($sql_extra)) ? t('Show Ignored Requests') : t('Hide Ignored Requests')) . '
' . "\r\n"; - - $r = q("SELECT COUNT(*) AS `total` FROM `intro` - WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ", - intval($_SESSION['uid']) + $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where uid = %d and (abook_flags & %d) and not (abook_flags & %d)", + intval(local_user()), + intval(ABOOK_FLAG_PENDING), + intval(ABOOK_FLAG_IGNORED) ); - if($r && count($r)) { - $a->set_pager_total($r[0]['total']); - $a->set_pager_itemspage(20); - } - - $r = q("SELECT `intro`.`id` AS `intro_id`, `intro`.*, `contact`.*, `fcontact`.`name` AS `fname`,`fcontact`.`url` AS `furl`,`fcontact`.`photo` AS `fphoto`,`fcontact`.`request` AS `frequest` - FROM `intro` LEFT JOIN `contact` ON `contact`.`id` = `intro`.`contact-id` LEFT JOIN `fcontact` ON `intro`.`fid` = `fcontact`.`id` - WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ", - intval($_SESSION['uid'])); - - if(($r !== false) && (count($r))) { - - $sugg = get_markup_template('suggestions.tpl'); - $tpl = get_markup_template("intros.tpl"); + if($r) { + // FIXME finish this foreach($r as $rr) { - if($rr['fid']) { - - $return_addr = bin2hex($a->user['nickname'] . '@' . $a->get_hostname() . (($a->path) ? '/' . $a->path : '')); - $notif_content .= replace_macros($sugg,array( - '$str_notifytype' => t('Notification type: '), - '$notify_type' => t('Friend Suggestion'), - '$intro_id' => $rr['intro_id'], - '$madeby' => sprintf( t('suggested by %s'),$rr['name']), - '$contact_id' => $rr['contact-id'], - '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/person-175.jpg"), - '$fullname' => $rr['fname'], - '$url' => zid($rr['furl']), - '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''), - '$activity' => array('activity', t('Post a new friend activity'), (intval(get_pconfig(local_user(),'system','post_newfriend')) ? '1' : 0), t('if applicable')), - - '$knowyou' => $knowyou, - '$approve' => t('Approve'), - '$note' => $rr['note'], - '$request' => $rr['frequest'] . '?addr=' . $return_addr, - '$ignore' => t('Ignore'), - '$discard' => t('Discard') - - )); - - continue; - } - $friend_selected = (($rr['network'] !== NETWORK_OSTATUS) ? ' checked="checked" ' : ' disabled '); - $fan_selected = (($rr['network'] === NETWORK_OSTATUS) ? ' checked="checked" disabled ' : ''); - $dfrn_tpl = get_markup_template('netfriend.tpl'); - - $knowyou = ''; - $dfrn_text = ''; - - if($rr['network'] === NETWORK_DFRN || $rr['network'] === NETWORK_DIASPORA) { - if($rr['network'] === NETWORK_DFRN) - $knowyou = t('Claims to be known to you: ') . (($rr['knowyou']) ? t('yes') : t('no')); - else - $knowyou = ''; - $dfrn_text = replace_macros($dfrn_tpl,array( - '$intro_id' => $rr['intro_id'], - '$friend_selected' => $friend_selected, - '$fan_selected' => $fan_selected, - '$approve_as' => t('Approve as: '), - '$as_friend' => t('Friend'), - '$as_fan' => (($rr['network'] == NETWORK_DIASPORA) ? t('Sharer') : t('Fan/Admirer')) - )); - } - - $notif_content .= replace_macros($tpl,array( - '$str_notifytype' => t('Notification type: '), - '$notify_type' => (($rr['network'] !== NETWORK_OSTATUS) ? t('Friend/Connect Request') : t('New Follower')), - '$dfrn_text' => $dfrn_text, - '$dfrn_id' => $rr['issued_id'], - '$uid' => $_SESSION['uid'], - '$intro_id' => $rr['intro_id'], - '$contact_id' => $rr['contact-id'], - '$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/person-175.jpg"), - '$fullname' => $rr['name'], - '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''), - '$activity' => array('activity', t('Post a new friend activity'), (intval(get_pconfig(local_user(),'system','post_newfriend')) ? '1' : 0), t('if applicable')), - '$url' => zid($rr['url']), - '$knowyou' => $knowyou, - '$approve' => t('Approve'), - '$note' => $rr['note'], - '$ignore' => t('Ignore'), - '$discard' => t('Discard') + } - )); - } } else info( t('No introductions.') . EOL); @@ -220,7 +132,7 @@ function notifications_content(&$a) { '$notif_content' => $notif_content, )); - $o .= paginate($a); +// $o .= paginate($a); return $o; } diff --git a/mod/settings.php b/mod/settings.php index 35210eaba..4d95f75b3 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -491,11 +491,6 @@ function settings_post(&$a) { $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); - set_pconfig(local_user(),'expire','items', $expire_items); - set_pconfig(local_user(),'expire','notes', $expire_notes); - set_pconfig(local_user(),'expire','starred', $expire_starred); - set_pconfig(local_user(),'expire','photos', $expire_photos); - set_pconfig(local_user(),'expire','network_only', $expire_network_only); set_pconfig(local_user(),'system','use_browser_location',$allow_location); set_pconfig(local_user(),'system','suggestme', $suggestme); set_pconfig(local_user(),'system','post_newfriend', $post_newfriend); @@ -504,51 +499,6 @@ function settings_post(&$a) { set_pconfig(local_user(),'system','blocktags',$blocktags); - - -/* - if($page_flags == PAGE_PRVGROUP) { - $hidewall = 1; - if((! $str_contact_allow) && (! $str_group_allow) && (! $str_contact_deny) && (! $str_group_deny)) { - if($def_group) { - info( t('Private forum has no privacy permissions. Using default privacy group.'). EOL); - $str_group_allow = '<' . $def_group . '>'; - } - else { - notice( t('Private forum has no privacy permissions and no default privacy group.') . EOL); - } - } - } - -*/ - -/* - $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_group` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d LIMIT 1", - dbesc($username), - dbesc($email), - dbesc($openid), - dbesc($timezone), - dbesc($str_contact_allow), - dbesc($str_group_allow), - dbesc($str_contact_deny), - dbesc($str_group_deny), - intval($notify), - intval($page_flags), - dbesc($defloc), - intval($allow_location), - intval($maxreq), - intval($expire), - dbesc($openidserver), - intval($def_group), - intval($blockwall), - intval($hidewall), - intval($blocktags), - intval($unkmail), - intval($cntunkmail), - intval(local_user()) - ); -*/ - $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d, channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d limit 1", dbesc($username), intval($pageflags), @@ -1038,18 +988,6 @@ function settings_content(&$a) { $celeb = false; - $expire_arr = array( - 'days' => array('expire', t("Automatically expire posts after this many days:"), $expire, t('If empty, posts will not expire. Expired posts will be deleted')), - 'advanced' => t('Advanced expiration settings'), - 'label' => t('Advanced Expiration'), - 'items' => array('expire_items', t("Expire posts:"), $expire_items, '', array(t('No'),t('Yes'))), - - 'starred' => array('expire_starred', t("Expire starred posts:"), $expire_starred, '', array(t('No'),t('Yes'))), - 'photos' => array('expire_photos', t("Expire photos:"), $expire_photos, '', array(t('No'),t('Yes'))), - 'network_only' => array('expire_network_only', t("Only expire posts by others:"), $expire_network_only, '', array(t('No'),t('Yes'))), - ); - - $perm_defaults = array( 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], @@ -1098,8 +1036,6 @@ function settings_content(&$a) { '$group_select' => $group_select, - '$expire' => $expire_arr, - '$profile_in_dir' => $profile_in_dir, '$hide_friends' => $hide_friends, '$hide_wall' => $hide_wall, -- cgit v1.2.3 From 5382f607d9d67951fe50ed88e87875086276b4d3 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 6 Dec 2013 00:11:15 -0800 Subject: yeah - that's what I'm going to do. we'll just keep system notifications. If somebody wants web pages for the others we'll start fresh. It's easier than starting with curfty friendica code that doesn't work anymore and will never work without starting over. --- mod/notifications.php | 326 -------------------------------------------------- 1 file changed, 326 deletions(-) (limited to 'mod') diff --git a/mod/notifications.php b/mod/notifications.php index 18f515704..f327c2fe2 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -71,157 +71,6 @@ function notifications_content(&$a) { $o = ''; - $tabs = array( - array( - 'label' => t('System'), - 'url'=>$a->get_baseurl(true) . '/notifications/system', - 'sel'=> (($a->argv[1] == 'system') ? 'active' : ''), - ), -// array( -// 'label' => t('Network'), -// 'url'=>$a->get_baseurl(true) . '/notifications/network', -// 'sel'=> (($a->argv[1] == 'network') ? 'active' : ''), -// ), - array( - 'label' => t('Personal'), - 'url'=>$a->get_baseurl(true) . '/notifications/personal', - 'sel'=> (($a->argv[1] == 'personal') ? 'active' : ''), - ), -// array( -// 'label' => t('Home'), -// 'url' => $a->get_baseurl(true) . '/notifications/home', -// 'sel'=> (($a->argv[1] == 'home') ? 'active' : ''), -// ), - array( - 'label' => t('Introductions'), - 'url' => $a->get_baseurl(true) . '/connections/pending', - 'sel'=> (($a->argv[1] == 'intros') ? 'active' : ''), - ), - array( - 'label' => t('Messages'), - 'url' => $a->get_baseurl(true) . '/message', - 'sel'=> '', - ), - ); - - $o = ""; - - - if((argc() > 1) && (argv(1) == 'intros')) { - nav_set_selected('introductions'); - - $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where uid = %d and (abook_flags & %d) and not (abook_flags & %d)", - intval(local_user()), - intval(ABOOK_FLAG_PENDING), - intval(ABOOK_FLAG_IGNORED) - ); - - if($r) { - // FIXME finish this - foreach($r as $rr) { - - } - - } - else - info( t('No introductions.') . EOL); - - $o .= replace_macros($notif_tpl,array( - '$notif_header' => t('Notifications'), - '$tabs' => $tabs, - '$notif_content' => $notif_content, - )); - -// $o .= paginate($a); - return $o; - - } - - elseif (($a->argc > 1) && ($a->argv[1] == 'network')) { - - $notif_tpl = get_markup_template('notifications.tpl'); - - $r = q("SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, - `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` as `object`, - `pitem`.`author-name` as `pname`, `pitem`.`author-link` as `plink` - FROM `item` INNER JOIN `item` as `pitem` ON `pitem`.`id`=`item`.`parent` - WHERE `item`.`unseen` = 1 AND `item`.`visible` = 1 AND - `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0 ORDER BY `item`.`created` DESC" , - intval(local_user()) - ); - - $tpl_item_likes = get_markup_template('notifications_likes_item.tpl'); - $tpl_item_dislikes = get_markup_template('notifications_dislikes_item.tpl'); - $tpl_item_friends = get_markup_template('notifications_friends_item.tpl'); - $tpl_item_comments = get_markup_template('notifications_comments_item.tpl'); - $tpl_item_posts = get_markup_template('notifications_posts_item.tpl'); - - $notif_content = ''; - - if (count($r) > 0) { - - foreach ($r as $it) { - switch($it['verb']){ - case ACTIVITY_LIKE: - $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - break; - - case ACTIVITY_DISLIKE: - $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - break; - - case ACTIVITY_FRIEND: - - $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - $obj = parse_xml_string($xmlhead.$it['object']); - $it['fname'] = $obj->title; - - $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), - '$item_when' => relative_date($it['created']) - )); - break; - - default: - $item_text = (($it['id'] == $it['parent']) - ? sprintf( t("%s created a new post"), $it['author-name']) - : sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname'])); - $tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments); - - $notif_content .= replace_macros($tpl,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => $item_text, - '$item_when' => relative_date($it['created']) - )); - } - } - - } else { - - $notif_content = t('No more network notifications.'); - } - - $o .= replace_macros($notif_tpl,array( - '$notif_header' => t('Network Notifications'), - '$tabs' => $tabs, - '$notif_content' => $notif_content, - )); - - } else if (($a->argc > 1) && ($a->argv[1] == 'system')) { - $notif_tpl = get_markup_template('notifications.tpl'); $not_tpl = get_markup_template('notify.tpl'); @@ -246,183 +95,8 @@ function notifications_content(&$a) { $o .= replace_macros($notif_tpl,array( '$notif_header' => t('System Notifications'), - '$tabs' => $tabs, '$notif_content' => $notif_content, )); - } else if (($a->argc > 1) && ($a->argv[1] == 'personal')) { - - $notif_tpl = get_markup_template('notifications.tpl'); - - $myurl = $a->get_baseurl(true) . '/channel/'. $a->user['nickname']; - $myurl = substr($myurl,strpos($myurl,'://')+3); - $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); - $diasp_url = str_replace('/channel/','/u/',$myurl); - $sql_extra .= sprintf(" AND ( `item`.`author-link` regexp '%s' or `item`.`tag` regexp '%s' or `item`.`tag` regexp '%s' ) ", - dbesc($myurl . '$'), - dbesc($myurl . '\\]'), - dbesc($diasp_url . '\\]') - ); - - - $r = q("SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, - `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` as `object`, - `pitem`.`author-name` as `pname`, `pitem`.`author-link` as `plink` - FROM `item` INNER JOIN `item` as `pitem` ON `pitem`.`id`=`item`.`parent` - WHERE `item`.`unseen` = 1 AND `item`.`visible` = 1 - $sql_extra - AND `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 0 ORDER BY `item`.`created` DESC" , - intval(local_user()) - ); - - $tpl_item_likes = get_markup_template('notifications_likes_item.tpl'); - $tpl_item_dislikes = get_markup_template('notifications_dislikes_item.tpl'); - $tpl_item_friends = get_markup_template('notifications_friends_item.tpl'); - $tpl_item_comments = get_markup_template('notifications_comments_item.tpl'); - $tpl_item_posts = get_markup_template('notifications_posts_item.tpl'); - - $notif_content = ''; - - if (count($r) > 0) { - - foreach ($r as $it) { - switch($it['verb']){ - case ACTIVITY_LIKE: - $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - break; - - case ACTIVITY_DISLIKE: - $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - break; - - case ACTIVITY_FRIEND: - - $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - $obj = parse_xml_string($xmlhead.$it['object']); - $it['fname'] = $obj->title; - - $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), - '$item_when' => relative_date($it['created']) - )); - break; - - default: - $item_text = (($it['id'] == $it['parent']) - ? sprintf( t("%s created a new post"), $it['author-name']) - : sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname'])); - $tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments); - - $notif_content .= replace_macros($tpl,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => $item_text, - '$item_when' => relative_date($it['created']) - )); - } - } - - } else { - - $notif_content = t('No more personal notifications.'); - } - - $o .= replace_macros($notif_tpl,array( - '$notif_header' => t('Personal Notifications'), - '$tabs' => $tabs, - '$notif_content' => $notif_content, - )); - - - } else if (($a->argc > 1) && ($a->argv[1] == 'home')) { - - $notif_tpl = get_markup_template('notifications.tpl'); - - $r = q("SELECT `item`.`id`,`item`.`parent`, `item`.`verb`, `item`.`author-name`, - `item`.`author-link`, `item`.`author-avatar`, `item`.`created`, `item`.`object` as `object`, - `pitem`.`author-name` as `pname`, `pitem`.`author-link` as `plink` - FROM `item` INNER JOIN `item` as `pitem` ON `pitem`.`id`=`item`.`parent` - WHERE `item`.`unseen` = 1 AND `item`.`visible` = 1 AND - `item`.`deleted` = 0 AND `item`.`uid` = %d AND `item`.`wall` = 1 ORDER BY `item`.`created` DESC", - intval(local_user()) - ); - - $tpl_item_likes = get_markup_template('notifications_likes_item.tpl'); - $tpl_item_dislikes = get_markup_template('notifications_dislikes_item.tpl'); - $tpl_item_friends = get_markup_template('notifications_friends_item.tpl'); - $tpl_item_comments = get_markup_template('notifications_comments_item.tpl'); - - $notif_content = ''; - - if (count($r) > 0) { - - foreach ($r as $it) { - switch($it['verb']){ - case ACTIVITY_LIKE: - $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - - break; - case ACTIVITY_DISLIKE: - $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - - break; - case ACTIVITY_FRIEND: - - $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; - $obj = parse_xml_string($xmlhead.$it['object']); - $it['fname'] = $obj->title; - - $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), - '$item_when' => relative_date($it['created']) - )); - - break; - default: - $notif_content .= replace_macros($tpl_item_comments,array( - '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], - '$item_image' => $it['author-avatar'], - '$item_text' => sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname']), - '$item_when' => relative_date($it['created']) - )); - } - } - - } else { - $notif_content = t('No more home notifications.'); - } - - $o .= replace_macros($notif_tpl,array( - '$notif_header' => t('Home Notifications'), - '$tabs' => $tabs, - '$notif_content' => $notif_content, - )); - } - - $o .= paginate($a); return $o; } -- cgit v1.2.3 From 6c6c8a245150a49dbd6191d15452366c3522f56e Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Fri, 6 Dec 2013 12:00:43 +0100 Subject: add option to hide login form from homepage --- mod/admin.php | 3 +++ mod/home.php | 1 + 2 files changed, 4 insertions(+) (limited to 'mod') diff --git a/mod/admin.php b/mod/admin.php index 031fe7852..2fd762e27 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -234,6 +234,7 @@ function admin_page_site_post(&$a){ $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); $block_public = ((x($_POST,'block_public')) ? True : False); $force_publish = ((x($_POST,'publish_all')) ? True : False); + $no_login_on_homepage = ((x($_POST,'no_login_on_homepage')) ? True : False); $global_directory = ((x($_POST,'directory_submit_url')) ? notags(trim($_POST['directory_submit_url'])) : ''); $no_community_page = !((x($_POST,'no_community_page')) ? True : False); @@ -291,6 +292,7 @@ function admin_page_site_post(&$a){ set_config('system','poll_interval',$poll_interval); set_config('system','maxloadavg',$maxloadavg); set_config('system','sitename',$sitename); + set_config('system','no_login_on_homepage',$no_login_on_homepage); if ($banner=="") { del_config('system','banner'); @@ -440,6 +442,7 @@ function admin_page_site(&$a) { '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")), '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.")), '$force_publish' => array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")), + '$no_login_on_homepage' => array('no_login_on_homepage', t("No login on Homepage"), get_config('system','no_login_on_homepage'), t("Check to hide the login form from your sites homepage when visitors arrive who are not logged in (e.g. when you put the content of the homepage in via the site channel).")), '$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""), '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""), diff --git a/mod/home.php b/mod/home.php index d17d477c8..edcaa938d 100644 --- a/mod/home.php +++ b/mod/home.php @@ -78,6 +78,7 @@ require_once('include/conversation.php'); $o .= file_get_contents('home.html'); } + if (!$a->config['system']['no_login_on_homepage']) $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); call_hooks("home_content",$o); -- cgit v1.2.3 From e70b0d4e202cea1b1dc430400c034345a63a00f5 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 6 Dec 2013 20:01:32 -0800 Subject: need include/conversation for events now --- mod/events.php | 1 + 1 file changed, 1 insertion(+) (limited to 'mod') diff --git a/mod/events.php b/mod/events.php index 77756fb13..265c74fce 100755 --- a/mod/events.php +++ b/mod/events.php @@ -1,5 +1,6 @@ Date: Fri, 6 Dec 2013 21:40:01 -0800 Subject: suggestion widget --- mod/network.php | 1 + 1 file changed, 1 insertion(+) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index 18173043e..f087149f3 100644 --- a/mod/network.php +++ b/mod/network.php @@ -50,6 +50,7 @@ function network_init(&$a) { $a->page['aside'] .= group_side('network','network',true,$_GET['gid']); $a->page['aside'] .= posted_date_widget($a->get_baseurl() . '/network',local_user(),false); + $a->page['aside'] .= suggest_widget(); $a->page['aside'] .= saved_searches($search); $a->page['aside'] .= fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : '')); -- cgit v1.2.3 From 6d3aebb4838262e4eaebb9c5f39946cd97636b0e Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 6 Dec 2013 21:45:36 -0800 Subject: add suggestions to a couple of other pages --- mod/connections.php | 2 ++ mod/directory.php | 2 ++ 2 files changed, 4 insertions(+) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index 6b3ed113c..b29e4dde8 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -43,6 +43,8 @@ function connections_aside(&$a) { } $a->set_widget('collections', group_side('connections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : ''))); + + $a->set_widget('suggest',suggest_widget()); $a->set_widget('findpeople',findpeople_widget()); } diff --git a/mod/directory.php b/mod/directory.php index 1f22e9bf8..e6c003099 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -213,6 +213,8 @@ function directory_content(&$a) { if($j['keywords']) { $a->set_widget('dirtagblock',dir_tagblock(z_root() . '/directory',$j['keywords'])); } + $a->set_widget('suggest',suggest_widget()); + // logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA); -- cgit v1.2.3 From 08bbab9a06e56e2305ec3d48f5507ce3b909d286 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 6 Dec 2013 22:54:21 -0800 Subject: show a clean url in the hovertip for suggested friends --- mod/suggest.php | 1 + 1 file changed, 1 insertion(+) (limited to 'mod') diff --git a/mod/suggest.php b/mod/suggest.php index f891ebefc..bfa471fa5 100644 --- a/mod/suggest.php +++ b/mod/suggest.php @@ -50,6 +50,7 @@ function suggest_content(&$a) { $arr[] = array( 'url' => chanlink_url($rr['xchan_url']), + 'profile' => $rr['xchan_url'], 'name' => $rr['xchan_name'], 'photo' => $rr['xchan_photo_m'], 'ignlnk' => $a->get_baseurl() . '/suggest?ignore=' . $rr['xchan_hash'], -- cgit v1.2.3 From 6dc157a9f9f46dbb4fe694d32e733eb1a2f5444f Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 7 Dec 2013 13:05:17 -0800 Subject: finish ACL's in personal menus --- mod/mitem.php | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) (limited to 'mod') diff --git a/mod/mitem.php b/mod/mitem.php index 6a5785114..8e60e2d65 100644 --- a/mod/mitem.php +++ b/mod/mitem.php @@ -1,6 +1,7 @@ data['menu']) return; + + $channel = $a->get_channel(); + $_REQUEST['mitem_channel_id'] = local_user(); $_REQUEST['menu_id'] = $a->data['menu']['menu_id']; @@ -34,29 +38,6 @@ function mitem_post(&$a) { if($_REQUEST['newwin']) $_REQUEST['mitem_flags'] |= MENU_ITEM_NEWWIN; -// FIXME!!!! - - if ((! $_REQUEST['contact_allow']) - && (! $_REQUEST['group_allow']) - && (! $_REQUEST['contact_deny']) - && (! $_REQUEST['group_deny'])) { - $str_group_allow = $channel['channel_allow_gid']; - $str_contact_allow = $channel['channel_allow_cid']; - $str_group_deny = $channel['channel_deny_gid']; - $str_contact_deny = $channel['channel_deny_cid']; - } - else { - - // use the posted permissions - - $str_group_allow = perms2str($_REQUEST['group_allow']); - $str_contact_allow = perms2str($_REQUEST['contact_allow']); - $str_group_deny = perms2str($_REQUEST['group_deny']); - $str_contact_deny = perms2str($_REQUEST['contact_deny']); - } - - - $mitem_id = ((argc() > 2) ? intval(argv(2)) : 0); if($mitem_id) { @@ -98,6 +79,8 @@ function mitem_content(&$a) { return ''; } + $channel = $a->get_channel(); + $a->set_widget('design',design_tools()); @@ -135,11 +118,24 @@ function mitem_content(&$a) { if(argc() > 2) { + + + if(argv(2) === 'new') { + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + $o = replace_macros(get_markup_template('mitemedit.tpl'), array( '$header' => t('New Menu Element'), '$menu_id' => $a->data['menu']['menu_id'], + '$permissions' => t('Menu Item Permissions'), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($perm_defaults), '$mitem_desc' => array('mitem_desc', t('Link text'), '', '','*'), '$mitem_link' => array('mitem_link', t('URL of link'), '', '', '*'), '$usezid' => array('usezid', t('Use Red magic-auth if available'), true, ''), @@ -180,6 +176,9 @@ function mitem_content(&$a) { $o = replace_macros(get_markup_template('mitemedit.tpl'), array( '$header' => t('Edit Menu Element'), '$menu_id' => $a->data['menu']['menu_id'], + '$permissions' => t('Menu Item Permissions'), + '$permdesc' => t("\x28click to open/close\x29"), + '$aclselect' => populate_acl($mitem), '$mitem_id' => intval(argv(2)), '$mitem_desc' => array('mitem_desc', t('Link text'), $mitem['mitem_desc'], '','*'), '$mitem_link' => array('mitem_link', t('URL of link'), $mitem['mitem_link'], '', '*'), -- cgit v1.2.3 From 48c650c715dde9ab7f748b4ba9a82bd2e51e8eb2 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 7 Dec 2013 15:20:12 -0800 Subject: improve editing ability of webpages - acls, photos, location, page link title, etc. --- mod/editwebpage.php | 36 +++++++++++++++++++++++++++++++----- mod/webpages.php | 19 ++++++++++++++++++- 2 files changed, 49 insertions(+), 6 deletions(-) (limited to 'mod') diff --git a/mod/editwebpage.php b/mod/editwebpage.php index 5a21aa78d..840bda336 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -19,6 +19,8 @@ function editwebpage_content(&$a) { $owner = intval($r[0]['channel_id']); //logger('owner: ' . print_r($owner,true)); } + + $is_owner = ((local_user() && local_user() == $owner) ? true : false); $o = ''; @@ -52,6 +54,23 @@ function editwebpage_content(&$a) { ); + if($itm[0]['item_flags'] & ITEM_OBSCURED) { + $key = get_config('system','prvkey'); + if($itm[0]['title']) + $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']),$key); + if($itm[0]['body']) + $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); + } + + $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", + $itm[0]['id'] + ); + if($item_id) + $page_title = $item_id[0]['sid']; + + + + $plaintext = true; if(feature_enabled($itm[0]['uid'],'richtext')) @@ -112,9 +131,14 @@ function editwebpage_content(&$a) { //FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. $rp = '/webpages/' . $which; + $lockstate = $o .= replace_macros($tpl,array( '$return_path' => $rp, + '$webpage' => true, + '$placeholdpagetitle' => t('Page link title'), + '$pagetitle' => $page_title, + '$action' => 'item', '$share' => t('Edit'), '$upload' => t('Upload photo'), @@ -131,9 +155,11 @@ function editwebpage_content(&$a) { '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => $a->get_baseurl(), - '$defloc' => $channel['channel_location'], - '$visitor' => 'none', - '$pvisit' => 'none', + '$defloc' => $itm[0]['location'], + '$visitor' => ($is_owner) ? 'block' : 'none', + '$acl' => populate_acl($itm[0]), + '$showacl' => true, + '$pvisit' => ($is_owner) ? 'block' : 'none', '$public' => t('Public post'), '$jotnets' => $jotnets, '$mimeselect' => $mimeselect, @@ -143,8 +169,8 @@ function editwebpage_content(&$a) { '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), - '$lockstate' => $lockstate, - '$acl' => '', + 'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'), + '$acl' => populate_acl($itm[0]), '$bang' => '', '$profile_uid' => (intval($owner)), '$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''), diff --git a/mod/webpages.php b/mod/webpages.php index 5257bc91d..90004faa1 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -60,13 +60,30 @@ function webpages_content(&$a) { require_once ('include/conversation.php'); require_once('include/acl_selectors.php'); + + if(local_user() && local_user() == $a->profile_uid) { + $channel = $a->get_channel(); + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + } + else + $channel_acl = array(); + + + + + $x = array( 'webpage' => ITEM_WEBPAGE, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), 'bang' => (($group || $cid) ? '!' : ''), - 'acl' => ((local_user() && local_user() == $owner) ? populate_acl($a->get_channel()) : ''), + 'acl' => ((local_user() && local_user() == $owner) ? populate_acl($channel_acl) : ''), 'visitor' => 'block', 'profile_uid' => intval($owner), 'mimetype' => $mimetype, -- cgit v1.2.3 From d32e05fb5e30dc634754e9d2e55cc7702a883ede Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 8 Dec 2013 16:04:28 -0800 Subject: starting on the journey to comanche everywhere - beginning with widget conversions. There are approximately 20 which need to be wrapped for accessibility to comanche. --- mod/network.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index f087149f3..b2eed8a73 100644 --- a/mod/network.php +++ b/mod/network.php @@ -47,8 +47,8 @@ function network_init(&$a) { ); } - - $a->page['aside'] .= group_side('network','network',true,$_GET['gid']); + require_once('include/widgets.php'); + $a->page['aside'] .= widget_collections(array()); $a->page['aside'] .= posted_date_widget($a->get_baseurl() . '/network',local_user(),false); $a->page['aside'] .= suggest_widget(); -- cgit v1.2.3 From 8959487f1c7e5b785df2f8e7658da8b2534b2ad9 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 8 Dec 2013 16:16:54 -0800 Subject: transition to $a->set_widget in /network on the short term - long term this will be in view/pdl files --- mod/network.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index b2eed8a73..e6cb2b6c6 100644 --- a/mod/network.php +++ b/mod/network.php @@ -48,12 +48,12 @@ function network_init(&$a) { } require_once('include/widgets.php'); - $a->page['aside'] .= widget_collections(array()); - $a->page['aside'] .= posted_date_widget($a->get_baseurl() . '/network',local_user(),false); - $a->page['aside'] .= suggest_widget(); - $a->page['aside'] .= saved_searches($search); - $a->page['aside'] .= fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : '')); + $a->set_widget('collections',widget_collections(array())); + $a->set_widget('archives',posted_date_widget($a->get_baseurl() . '/network',local_user(),false)); + $a->set_widget('suggestions',suggest_widget()); + $a->set_widget('savedsearch',saved_searches($search)); + $a->set_widget('filer',fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : ''))); if($search) { -- cgit v1.2.3 From 082ac6777829c98ded48c271f4210ac5d6e1a68f Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 8 Dec 2013 20:08:50 -0800 Subject: suggestion widget tweaked to make it comanche capable. Remove old versions of specs that are so obsolete it isn't funny. Zot protocol reference is in red's github wiki, and in the code. We should move the github copy to /doc once it is updated to match the code. There's no point in documenting dfrn in the red code base. --- mod/connections.php | 4 +++- mod/directory.php | 3 ++- mod/network.php | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index b29e4dde8..b3532efbf 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -6,6 +6,7 @@ require_once('include/contact_selectors.php'); require_once('include/group.php'); require_once('include/contact_widgets.php'); require_once('include/zot.php'); +require_once('include/widgets.php'); function connections_init(&$a) { @@ -32,6 +33,7 @@ function connections_init(&$a) { function connections_aside(&$a) { + if (! local_user()) return; @@ -44,7 +46,7 @@ function connections_aside(&$a) { $a->set_widget('collections', group_side('connections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : ''))); - $a->set_widget('suggest',suggest_widget()); + $a->set_widget('suggest',widget_suggestions(array())); $a->set_widget('findpeople',findpeople_widget()); } diff --git a/mod/directory.php b/mod/directory.php index e6c003099..616035339 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -1,6 +1,7 @@ set_widget('dirtagblock',dir_tagblock(z_root() . '/directory',$j['keywords'])); } - $a->set_widget('suggest',suggest_widget()); + $a->set_widget('suggest',widget_suggestions(array())); // logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA); diff --git a/mod/network.php b/mod/network.php index e6cb2b6c6..efb3116ae 100644 --- a/mod/network.php +++ b/mod/network.php @@ -51,7 +51,7 @@ function network_init(&$a) { $a->set_widget('collections',widget_collections(array())); $a->set_widget('archives',posted_date_widget($a->get_baseurl() . '/network',local_user(),false)); - $a->set_widget('suggestions',suggest_widget()); + $a->set_widget('suggestions',widget_suggestions(array())); $a->set_widget('savedsearch',saved_searches($search)); $a->set_widget('filer',fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : ''))); @@ -286,7 +286,7 @@ function network_content(&$a, $update = 0, $load = false) { } else { $contact_str = ' 0 '; - info( t('Group is empty')); + info( t('Collection is empty')); } $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; -- cgit v1.2.3 From 00f4ee271789b61393edd384f12cda1c14af4b94 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 9 Dec 2013 00:12:44 -0800 Subject: migrate follow widget to comanche and remove obsolete mod/intro.php --- mod/connections.php | 2 +- mod/intro.php | 110 ---------------------------------------------------- mod/suggest.php | 3 +- 3 files changed, 3 insertions(+), 112 deletions(-) delete mode 100644 mod/intro.php (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index b3532efbf..5711b2b3f 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -41,7 +41,7 @@ function connections_aside(&$a) { $a->set_widget('vcard',vcard_from_xchan($a->data['abook'],$a->get_observer())); } else { - $a->set_widget('follow', follow_widget()); + $a->set_widget('follow', widget_follow(array())); } $a->set_widget('collections', group_side('connections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : ''))); diff --git a/mod/intro.php b/mod/intro.php deleted file mode 100644 index 5b660485a..000000000 --- a/mod/intro.php +++ /dev/null @@ -1,110 +0,0 @@ -set_widget('follow', follow_widget()); - -} - - -function intro_content(&$a) { - - if( ! local_user()) { - notice( t('Permission denied.') . EOL); - return; - } - - - $o = replace_macros(get_markup_template('intros_header.tpl'),array( - '$title' => t('Introductions and Connection Requests') - )); - - $r = q("select count(abook_id) as total from abook where abook_channel = %d and (abook_flags & %d) and not (abook_flags & %d) ", - intval(local_user()), - intval(ABOOK_FLAG_PENDING), - intval(ABOOK_FLAG_SELF) - ); - if($r) { - $a->set_pager_total($r[0]['total']); - if(! intval($r[0]['total'])) { - notice( t('No pending introductions.') . EOL); - return $o; - } - } - else { - notice( t('System error. Please try again later.') . EOL); - return $o; - } - - $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and (abook_flags & %d) and not (abook_flags & %d) LIMIT %d, %d", - intval(local_user()), - intval(ABOOK_FLAG_PENDING), - intval(ABOOK_FLAG_SELF), - intval($a->pager['start']), - intval($a->pager['itemspage']) - ); - - if($r) { - - $tpl = get_markup_template("intros.tpl"); - - foreach($r as $rr) { - $o .= replace_macros($tpl,array( - '$uid' => local_user(), - - '$contact_id' => $rr['abook_id'], - '$photo' => ((x($rr,'xchan_photo_l')) ? $rr['xchan_photo_l'] : "images/person-175.jpg"), - '$fullname' => $rr['xchan_name'], - '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['abook_flags'] & ABOOK_FLAG_HIDDEN), ''), - '$activity' => array('activity', t('Post a new friend activity'), (intval(get_pconfig(local_user(),'system','post_newfriend')) ? '1' : 0), t('if applicable')), - '$url' => zid($rr['xchan_url']), - '$approve' => t('Approve'), - '$block' => t('Block'), - '$ignore' => t('Ignore'), - '$discard' => t('Discard') - - )); - } - } - - $o .= paginate($a); - return $o; - -} \ No newline at end of file diff --git a/mod/suggest.php b/mod/suggest.php index bfa471fa5..baccbd38f 100644 --- a/mod/suggest.php +++ b/mod/suggest.php @@ -2,6 +2,7 @@ require_once('include/socgraph.php'); require_once('include/contact_widgets.php'); +require_once('include/widgets.php'); function suggest_init(&$a) { @@ -20,7 +21,7 @@ function suggest_init(&$a) { function suggest_aside(&$a) { - $a->set_widget('follow', follow_widget()); + $a->set_widget('follow', widget_follow(array())); $a->set_widget('findpeople', findpeople_widget()); } -- cgit v1.2.3 From c20f207cde7c4bfcfc856542cffe7db273694c6e Mon Sep 17 00:00:00 2001 From: zottel Date: Mon, 9 Dec 2013 13:30:35 +0100 Subject: enable JS-less display of channel --- mod/channel.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'mod') diff --git a/mod/channel.php b/mod/channel.php index 2014cd08b..7879f72ee 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -189,7 +189,7 @@ function channel_content(&$a, $update = 0, $load = false) { $a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20)); $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); - if($load) { + if($load || ($_COOKIE['jsAvailable'] != 1)) { $r = q("SELECT distinct id AS item_id FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE uid = %d AND item_restrict = 0 @@ -281,9 +281,13 @@ function channel_content(&$a, $update = 0, $load = false) { } - $o .= conversation($a,$items,'channel',$update,'client'); + if($_COOKIE['jsAvailable'] == 1) { + $o .= conversation($a,$items,'channel',$update,'client'); + } else { + $o .= conversation($a,$items,'channel',$update,'traditional'); + } - if(! $update) + if((! $update) || ($_COOKIE['jsAvailable'] != 1)) $o .= alt_pager($a,count($items)); return $o; -- cgit v1.2.3 From 75ebf06131e935795b7072acc012c9e37669eade Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 9 Dec 2013 14:05:52 -0800 Subject: some work on modularising the default profile photo so we can make them site selectable. Also red != friendica so we don't need all these friendica logos taking up space --- mod/photo.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'mod') diff --git a/mod/photo.php b/mod/photo.php index 3e86b02ba..591d7198a 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -24,7 +24,7 @@ function photo_init(&$a) { $observer_xchan = get_observer_hash(); - $default = 'images/person-175.jpg'; + $default = 'images/default_profile_photos/rainbow_man/175.jpg'; if(isset($type)) { @@ -38,11 +38,11 @@ function photo_init(&$a) { case 'm': $resolution = 5; - $default = 'images/person-80.jpg'; + $default = 'images/default_profile_photos/rainbow_man/80.jpg'; break; case 's': $resolution = 6; - $default = 'images/person-48.jpg'; + $default = 'images/default_profile_photos/rainbow_man/48.jpg'; break; case 'l': default: @@ -135,15 +135,15 @@ function photo_init(&$a) { switch($resolution) { case 4: - $data = file_get_contents('images/person-175.jpg'); + $data = file_get_contents('images/default_profile_photos/rainbow_man/175.jpg'); $mimetype = 'image/jpeg'; break; case 5: - $data = file_get_contents('images/person-80.jpg'); + $data = file_get_contents('images/default_profile_photos/rainbow_man/80.jpg'); $mimetype = 'image/jpeg'; break; case 6: - $data = file_get_contents('images/person-48.jpg'); + $data = file_get_contents('images/default_profile_photos/rainbow_man/48.jpg'); $mimetype = 'image/jpeg'; break; default: -- cgit v1.2.3 From f85cba10eb3d976d715c7a80fe69fe15d9dc468c Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 9 Dec 2013 15:27:46 -0800 Subject: notes widget --- mod/network.php | 2 +- mod/notes.php | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 mod/notes.php (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index efb3116ae..13092d47d 100644 --- a/mod/network.php +++ b/mod/network.php @@ -54,7 +54,7 @@ function network_init(&$a) { $a->set_widget('suggestions',widget_suggestions(array())); $a->set_widget('savedsearch',saved_searches($search)); $a->set_widget('filer',fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : ''))); - + $a->set_widget('notes',widget_notes(array())); if($search) { if(strpos($search,'@') === 0) { diff --git a/mod/notes.php b/mod/notes.php new file mode 100644 index 000000000..ce3460aa4 --- /dev/null +++ b/mod/notes.php @@ -0,0 +1,16 @@ + true); + if($_REQUEST['note_text']) { + $body = escape_tags($_REQUEST['note_text']); + set_pconfig(local_user(),'notes','text',$body); + } + logger('notes saved.'); + json_return_and_die($ret); + +} \ No newline at end of file -- cgit v1.2.3 From 76d8501d671ae7d4234f1a905cd0e506c7f9b23e Mon Sep 17 00:00:00 2001 From: marijus Date: Tue, 10 Dec 2013 00:32:49 +0100 Subject: saved search icon work and bugfixes for #tags not beeing deletable and save button showing if saved search is disabled --- mod/search.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/search.php b/mod/search.php index bad071936..7651b3a4e 100644 --- a/mod/search.php +++ b/mod/search.php @@ -17,7 +17,7 @@ function search_saved_searches() { $o .= '

' . t('Saved Searches') . '

' . "\r\n"; $o .= '
' . "\r\n"; } -- cgit v1.2.3 From aaf21e892437320ddf63735fa7334bf21836b121 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 9 Dec 2013 18:31:13 -0800 Subject: slight mod of connections widgets --- mod/connections.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index 5711b2b3f..d1bb33748 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -42,9 +42,9 @@ function connections_aside(&$a) { } else { $a->set_widget('follow', widget_follow(array())); + $a->set_widget('collections', group_side('connections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : ''))); } - $a->set_widget('collections', group_side('connections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : ''))); $a->set_widget('suggest',widget_suggestions(array())); $a->set_widget('findpeople',findpeople_widget()); -- cgit v1.2.3 From ed9f10872240231125007cf32b95007281558cac Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 9 Dec 2013 21:20:55 -0800 Subject: comanchify the savedsearch widget --- mod/network.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index 13092d47d..6c9cef11e 100644 --- a/mod/network.php +++ b/mod/network.php @@ -24,7 +24,7 @@ function network_init(&$a) { $search = ((x($_GET,'search')) ? $_GET['search'] : ''); - +/* if(x($_GET,'save') && $search) { $r = q("select * from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", intval(local_user()), @@ -46,13 +46,13 @@ function network_init(&$a) { dbesc($search) ); } - +*/ require_once('include/widgets.php'); $a->set_widget('collections',widget_collections(array())); $a->set_widget('archives',posted_date_widget($a->get_baseurl() . '/network',local_user(),false)); $a->set_widget('suggestions',widget_suggestions(array())); - $a->set_widget('savedsearch',saved_searches($search)); + $a->set_widget('savedsearch',widget_savedsearch(array())); $a->set_widget('filer',fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : ''))); $a->set_widget('notes',widget_notes(array())); -- cgit v1.2.3 From e873f6e95ed167e48a557365089ec97abee473cc Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 10 Dec 2013 00:05:31 -0800 Subject: we're almost ready to turn on comanche for mod_network. All the widgets are done. --- mod/network.php | 131 +++++++++++--------------------------------------------- 1 file changed, 24 insertions(+), 107 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index 6c9cef11e..31b377432 100644 --- a/mod/network.php +++ b/mod/network.php @@ -16,46 +16,34 @@ function network_init(&$a) { $channel = $a->get_channel(); $a->profile_uid = local_user(); head_set_icon($channel['xchan_photo_s']); - - - if(! x($a->page,'aside')) - $a->page['aside'] = ''; - - $search = ((x($_GET,'search')) ? $_GET['search'] : ''); - - -/* - if(x($_GET,'save') && $search) { - $r = q("select * from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - if(! count($r)) { - q("insert into `term` ( `uid`,`type`,`term` ) values ( %d, %d, '%s') ", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - } - } - if(x($_GET,'remove')) { - q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", - intval(local_user()), - intval(TERM_SAVEDSEARCH), - dbesc($search) - ); - } -*/ + require_once('include/widgets.php'); $a->set_widget('collections',widget_collections(array())); - $a->set_widget('archives',posted_date_widget($a->get_baseurl() . '/network',local_user(),false)); + $a->set_widget('archives',widget_archive(array())); $a->set_widget('suggestions',widget_suggestions(array())); $a->set_widget('savedsearch',widget_savedsearch(array())); - $a->set_widget('filer',fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : ''))); + $a->set_widget('filer',widget_filer(array())); $a->set_widget('notes',widget_notes(array())); +} + +function network_content(&$a, $update = 0, $load = false) { + + + if(! local_user()) { + $_SESSION['return_url'] = $a->query_string; + return login(false); + } + + + $arr = array('query' => $a->query_string); + + call_hooks('network_content_init', $arr); + + $channel = $a->get_channel(); + + $search = (($_GET['search']) ? $_GET['search'] : ''); if($search) { if(strpos($search,'@') === 0) { $r = q("select abook_id from abook left join xchan on abook_xchan = xchan_hash where xchan_name = '%s' and abook_channel = %d limit 1", @@ -72,80 +60,7 @@ function network_init(&$a) { } } - $group_id = ((x($_GET,'gid')) ? intval($_GET['gid']) : 0); - - - - -} - -function saved_searches($search) { - if(! feature_enabled(local_user(),'savedsearch')) - return ''; - - $a = get_app(); - - $srchurl = '/network?f=' - . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '') - . ((x($_GET,'star')) ? '&star=' . $_GET['star'] : '') - . ((x($_GET,'conv')) ? '&conv=' . $_GET['conv'] : '') - . ((x($_GET,'cmin')) ? '&cmin=' . $_GET['cmin'] : '') - . ((x($_GET,'cmax')) ? '&cmax=' . $_GET['cmax'] : '') - . ((x($_GET,'file')) ? '&file=' . $_GET['file'] : ''); - ; - - $o = ''; - - $r = q("select `tid`,`term` from `term` WHERE `uid` = %d and `type` = %d ", - intval(local_user()), - intval(TERM_SAVEDSEARCH) - ); - - $saved = array(); - - if(count($r)) { - foreach($r as $rr) { - $saved[] = array( - 'id' => $rr['tid'], - 'term' => $rr['term'], - 'displayterm' => htmlspecialchars($rr['term']), - 'encodedterm' => urlencode($rr['term']), - 'delete' => t('Remove term'), - 'selected' => ($search==$rr['term']), - ); - } - } - - - $tpl = get_markup_template("saved_searches_aside.tpl"); - $o = replace_macros($tpl, array( - '$title' => t('Saved Searches'), - '$add' => t('add'), - '$searchbox' => search('','netsearch-box',$srchurl,true), - '$saved' => $saved, - )); - - return $o; - -} - - - -function network_content(&$a, $update = 0, $load = false) { - - - if(! local_user()) { - $_SESSION['return_url'] = $a->query_string; - return login(false); - } - - - $arr = array('query' => $a->query_string); - - call_hooks('network_content_init', $arr); - - $channel = $a->get_channel(); $datequery = $datequery2 = ''; @@ -229,7 +144,9 @@ function network_content(&$a, $update = 0, $load = false) { // --- end item filter tabs - $search = (($_GET['search']) ? $_GET['search'] : ''); + + + // search terms header if($search) $o .= '

' . t('Search Results For:') . ' ' . htmlspecialchars($search) . '

'; -- cgit v1.2.3 From 0043ef66b68cbdf1ae978e04f8bdeca39e6efa64 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 10 Dec 2013 00:25:32 -0800 Subject: mod_network is now running under Comanche. Yay. --- mod/network.php | 9 --------- 1 file changed, 9 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index 31b377432..754978949 100644 --- a/mod/network.php +++ b/mod/network.php @@ -16,15 +16,6 @@ function network_init(&$a) { $channel = $a->get_channel(); $a->profile_uid = local_user(); head_set_icon($channel['xchan_photo_s']); - - require_once('include/widgets.php'); - - $a->set_widget('collections',widget_collections(array())); - $a->set_widget('archives',widget_archive(array())); - $a->set_widget('suggestions',widget_suggestions(array())); - $a->set_widget('savedsearch',widget_savedsearch(array())); - $a->set_widget('filer',widget_filer(array())); - $a->set_widget('notes',widget_notes(array())); } -- cgit v1.2.3 From e5ea4a009b81c7f3fa987ba34d20a996055775d6 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 10 Dec 2013 20:36:11 -0800 Subject: mod channel is now Comanchified --- mod/admin.php | 2 +- mod/channel.php | 24 ------------------------ 2 files changed, 1 insertion(+), 25 deletions(-) (limited to 'mod') diff --git a/mod/admin.php b/mod/admin.php index 2fd762e27..9a6aea35a 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -628,7 +628,7 @@ function admin_page_users(&$a){ } /* get pending */ - $pending = q("SELECT * from account where (account_flags & %d ) ", + $pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) ", intval(ACCOUNT_PENDING) ); diff --git a/mod/channel.php b/mod/channel.php index 7879f72ee..149936dd7 100644 --- a/mod/channel.php +++ b/mod/channel.php @@ -43,30 +43,6 @@ function channel_init(&$a) { } - -function channel_aside(&$a) { - - - if(! $a->profile['profile_uid']) - return; - - $channel_display = get_pconfig($a->profile['profile_uid'],'system','channel_format'); - if(! $channel_display) - profile_create_sidebar($a); - - if($channel_display === 'full') - $a->page['template'] = 'full'; - else { - $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat']) : ''); - $a->set_widget('archive',posted_date_widget($a->get_baseurl(true) . '/channel/' . $a->profile['channel_address'],$a->profile['profile_uid'],true)); - $a->set_widget('categories',categories_widget($a->get_baseurl(true) . '/channel/' . $a->profile['channel_address'],$cat)); - } - if(feature_enabled($a->profile['profile_uid'],'tagadelic')) - $a->set_widget('tagcloud',tagblock('search',$a->profile['profile_uid'],50,$a->profile['channel_hash'],ITEM_WALL)); - -} - - function channel_content(&$a, $update = 0, $load = false) { $category = $datequery = $datequery2 = ''; -- cgit v1.2.3 From 5279f3bf6f0a61ed925e91016e27cd345e0c8b75 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 10 Dec 2013 20:48:54 -0800 Subject: issue #237 - when manually changing an uploaded photo URL in a post to an invalid URL that happens to not throw an error, it affects the ability to parse the URL to see if it's a local image and correct permissions. The correct way to do this is to change the '-2' to '-1' if you want 640 instead of 320 and '-0' if you want the original size - which is not likely to win you many friends if it happens to be a 42 megapixel photo. We might have limits in place to prevent monster photos from destroying everybody's streams, but many services you export the post to will probably not. --- mod/item.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/item.php b/mod/item.php index 6781eba2d..7f881d28d 100644 --- a/mod/item.php +++ b/mod/item.php @@ -1049,7 +1049,10 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, if(! stristr($image,get_app()->get_baseurl() . '/photo/')) continue; $image_uri = substr($image,strrpos($image,'/') + 1); - $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + if(strpos($image_uri,'-') !== false) + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + if(strpos($image_uri,'.') !== false) + $image_uri = substr($image_uri,0, strpos($image_uri,'.')); if(! strlen($image_uri)) continue; $srch = '<' . $xchan_hash . '>'; -- cgit v1.2.3 From 652959678f47b84830123df4fac8add31657b4c9 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 10 Dec 2013 23:27:17 -0800 Subject: cleanup and Comanchification of mod_profile --- mod/profile.php | 50 +++++--------------------------------------------- 1 file changed, 5 insertions(+), 45 deletions(-) (limited to 'mod') diff --git a/mod/profile.php b/mod/profile.php index a307905e6..fca7c8f9f 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -43,72 +43,32 @@ function profile_init(&$a) { $a->profile = $x[0]; } } -// $channel_display = get_pconfig($a->profile['profile_uid'],'system','channel_format'); -// if(! $channel_display) - profile_load($a,$which,$profile); - - -} - - -function profile_aside(&$a) { + profile_load($a,$which,$profile); - profile_create_sidebar($a); } - function profile_content(&$a, $update = 0) { if(get_config('system','block_public') && (! get_account_id()) && (! remote_user())) { return login(); } - - $groups = array(); $tab = 'profile'; $o = ''; - - $contact = null; - $remote_contact = false; - - $contact_id = 0; - - if(is_array($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $a->profile['profile_uid']) { - $contact_id = $v['cid']; - break; - } - } - } - - if($contact_id) { - $groups = init_groups_visitor($contact_id); - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($contact_id), - intval($a->profile['profile_uid']) - ); - if(count($r)) { - $contact = $r[0]; - $remote_contact = true; - } + if(! (perm_is_allowed($a->profile['profile_uid'],get_observer_hash(), 'view_profile'))) { + notice( t('Access to this profile has been restricted.') . EOL); + return; } - if(! $remote_contact) { - if(local_user()) { - $contact_id = $_SESSION['cid']; - $contact = $a->contact; - } - } $is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false); - if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) { + if($a->profile['hidewall'] && (! $is_owner) && (! remote_user())) { notice( t('Access to this profile has been restricted.') . EOL); return; } -- cgit v1.2.3 From 48610a85dc2954074b2123b090207dcb4a4ab2be Mon Sep 17 00:00:00 2001 From: marijus Date: Wed, 11 Dec 2013 11:25:20 +0100 Subject: make empty notes saveable as well --- mod/notes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/notes.php b/mod/notes.php index ce3460aa4..468b4ef26 100644 --- a/mod/notes.php +++ b/mod/notes.php @@ -6,11 +6,11 @@ function notes_init(&$a) { logger('mod_notes: ' . print_r($_REQUEST,true)); $ret = array('success' => true); - if($_REQUEST['note_text']) { + if($_REQUEST['note_text'] || $_REQUEST['note_text'] == '') { $body = escape_tags($_REQUEST['note_text']); set_pconfig(local_user(),'notes','text',$body); } logger('notes saved.'); json_return_and_die($ret); -} \ No newline at end of file +} -- cgit v1.2.3 From d93ba783f54cf862bd91b231b7a9f7a19c657675 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Wed, 11 Dec 2013 15:35:19 +0000 Subject: Don't let nobody set an xconfig in safe search. --- mod/toggle_safesearch.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'mod') diff --git a/mod/toggle_safesearch.php b/mod/toggle_safesearch.php index 5fb18f694..3c800c4f3 100644 --- a/mod/toggle_safesearch.php +++ b/mod/toggle_safesearch.php @@ -3,6 +3,8 @@ function toggle_safesearch_init(&$a) { $observer = get_observer_hash(); +if (! $observer) + return; if($observer) $safe_mode = get_xconfig($observer,'directory','safe_mode'); -- cgit v1.2.3 From 40e2900326a25ba0e2feedb802d38b7052b194cc Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 11 Dec 2013 14:54:36 -0800 Subject: comanchify all the simple cases - those that only load a profile. Rework permission checks for the profile sidebar so that it is all done internally. Remove crepair which we aren't using. --- mod/common.php | 8 --- mod/crepair.php | 171 ------------------------------------------------ mod/hcard.php | 53 --------------- mod/profile_photo.php | 10 --- mod/profiles.php | 11 ---- mod/profperm.php | 9 --- mod/viewconnections.php | 11 ---- 7 files changed, 273 deletions(-) delete mode 100644 mod/crepair.php delete mode 100644 mod/hcard.php (limited to 'mod') diff --git a/mod/common.php b/mod/common.php index 4afaf37eb..e19a9d3a9 100644 --- a/mod/common.php +++ b/mod/common.php @@ -21,14 +21,6 @@ function common_init(&$a) { } -function common_aside(&$a) { - if(! $a->profile['profile_uid']) - return; - - profile_create_sidebar($a); -} - - function common_content(&$a) { $o = ''; diff --git a/mod/crepair.php b/mod/crepair.php deleted file mode 100644 index f749fac0e..000000000 --- a/mod/crepair.php +++ /dev/null @@ -1,171 +0,0 @@ -argc == 2) && intval($a->argv[1])) { - $contact_id = intval($a->argv[1]); - $r = q("SELECT * FROM `contact` WHERE `uid` = %d and `id` = %d LIMIT 1", - intval(local_user()), - intval($contact_id) - ); - if(! count($r)) { - $contact_id = 0; - } - } - - if(! x($a->page,'aside')) - $a->page['aside'] = ''; - - if($contact_id) { - $a->data['contact'] = $r[0]; - $o .= '
'; - $o .= '
' . $a->data['contact']['name'] . '
'; - $o .= '
' . $a->data['contact']['name'] . '
'; - $o .= '
'; - $a->page['aside'] .= $o; - - } -} - - -function crepair_post(&$a) { - if(! local_user()) - return; - - $cid = (($a->argc > 1) ? intval($a->argv[1]) : 0); - - if($cid) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), - intval(local_user()) - ); - } - - if(! count($r)) - return; - - $contact = $r[0]; - - $name = ((x($_POST,'name')) ? $_POST['name'] : $contact['name']); - $nick = ((x($_POST,'nick')) ? $_POST['nick'] : ''); - $url = ((x($_POST,'url')) ? $_POST['url'] : ''); - $request = ((x($_POST,'request')) ? $_POST['request'] : ''); - $confirm = ((x($_POST,'confirm')) ? $_POST['confirm'] : ''); - $notify = ((x($_POST,'notify')) ? $_POST['notify'] : ''); - $poll = ((x($_POST,'poll')) ? $_POST['poll'] : ''); - $attag = ((x($_POST,'attag')) ? $_POST['attag'] : ''); - $photo = ((x($_POST,'photo')) ? $_POST['photo'] : ''); - - $r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `url` = '%s', `request` = '%s', `confirm` = '%s', `notify` = '%s', `poll` = '%s', `attag` = '%s' - WHERE `id` = %d AND `uid` = %d LIMIT 1", - dbesc($name), - dbesc($nick), - dbesc($url), - dbesc($request), - dbesc($confirm), - dbesc($notify), - dbesc($poll), - dbesc($attag), - intval($contact['id']), - local_user() - ); - - if($photo) { - logger('mod-crepair: updating photo from ' . $photo); - require_once('include/photo/photo_driver.php'); - - $photos = import_profile_photo($photo,local_user(),$contact['id']); - - $x = q("UPDATE `contact` SET `photo` = '%s', - `thumb` = '%s', - `micro` = '%s', - `name_date` = '%s', - `uri_date` = '%s', - `avatar_date` = '%s' - WHERE `id` = %d LIMIT 1 - ", - dbesc($photos[0]), - dbesc($photos[1]), - dbesc($photos[2]), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($contact['id']) - ); - } - - if($r) - info( t('Contact settings applied.') . EOL); - else - notice( t('Contact update failed.') . EOL); - - - return; -} - - - -function crepair_content(&$a) { - - if(! local_user()) { - notice( t('Permission denied.') . EOL); - return; - } - - $cid = (($a->argc > 1) ? intval($a->argv[1]) : 0); - - if($cid) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), - intval(local_user()) - ); - } - - if(! count($r)) { - notice( t('Contact not found.') . EOL); - return; - } - - $contact = $r[0]; - - $msg1 = t('Repair Contact Settings'); - - $msg2 = t('WARNING: This is highly advanced and if you enter incorrect information your communications with this contact may stop working.'); - $msg3 = t('Please use your browser \'Back\' button now if you are uncertain what to do on this page.'); - - $o .= '

' . $msg1 . '

'; - - $o .= '
' . $msg2 . EOL . EOL. $msg3 . '
'; - - $o .= EOL . '' . t('Return to contact editor') . '' . EOL; - - $tpl = get_markup_template('crepair.tpl'); - $o .= replace_macros($tpl, array( - '$label_name' => t('Name'), - '$label_nick' => t('Account Nickname'), - '$label_attag' => t('@Tagname - overrides Name/Nickname'), - '$label_url' => t('Account URL'), - '$label_request' => t('Friend Request URL'), - '$label_confirm' => t('Friend Confirm URL'), - '$label_notify' => t('Notification Endpoint URL'), - '$label_poll' => t('Poll/Feed URL'), - '$label_photo' => t('New photo from this URL'), - '$contact_name' => $contact['name'], - '$contact_nick' => $contact['nick'], - '$contact_id' => $contact['id'], - '$contact_url' => $contact['url'], - '$request' => $contact['request'], - '$confirm' => $contact['confirm'], - '$notify' => $contact['notify'], - '$poll' => $contact['poll'], - '$contact_attag' => $contact['attag'], - '$lbl_submit' => t('Submit') - )); - - return $o; - -} diff --git a/mod/hcard.php b/mod/hcard.php deleted file mode 100644 index ab2fa88a1..000000000 --- a/mod/hcard.php +++ /dev/null @@ -1,53 +0,0 @@ -argc > 1) - $which = $a->argv[1]; - else { - notice( t('No profile') . EOL ); - $a->error = 404; - return; - } - - $profile = 0; - if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) { - $which = $a->user['nickname']; - $profile = $a->argv[1]; - } - - profile_load($a,$which,$profile); - - if((x($a->profile,'page-flags')) && ($a->profile['page-flags'] == PAGE_COMMUNITY)) { - $a->page['htmlhead'] .= ''; - } - if(x($a->profile,'openidserver')) - $a->page['htmlhead'] .= '' . "\r\n"; - if(x($a->profile,'openid')) { - $delegate = ((strstr($a->profile['openid'],'://')) ? $a->profile['openid'] : 'http://' . $a->profile['openid']); - $a->page['htmlhead'] .= '' . "\r\n"; - } - - if(! $blocked) { - $keywords = ((x($a->profile,'keywords')) ? $a->profile['keywords'] : ''); - $keywords = str_replace(array(',',' ',',,'),array(' ',',',','),$keywords); - if(strlen($keywords)) - $a->page['htmlhead'] .= '' . "\r\n" ; - } - - $a->page['htmlhead'] .= '' . "\r\n" ; - $uri = urlencode('acct:' . $a->profile['nickname'] . '@' . $a->get_hostname() . (($a->path) ? '/' . $a->path : '')); - $a->page['htmlhead'] .= '' . "\r\n"; - header('Link: <' . $a->get_baseurl() . '/xrd/?uri=' . $uri . '>; rel="lrdd"; type="application/xrd+xml"', false); - - $dfrn_pages = array('request', 'confirm', 'notify', 'poll'); - foreach($dfrn_pages as $dfrn) - $a->page['htmlhead'] .= "get_baseurl()."/dfrn_{$dfrn}/{$which}\" />\r\n"; - -} - -function hcard_aside(&$a) { - profile_create_sidebar($a); -} diff --git a/mod/profile_photo.php b/mod/profile_photo.php index e86e2a828..876e3a931 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -14,16 +14,6 @@ function profile_photo_init(&$a) { } -function profile_photo_aside(&$a) { - - if(! local_user()) { - return; - } - - profile_create_sidebar($a); -} - - function profile_photo_post(&$a) { if(! local_user()) { diff --git a/mod/profiles.php b/mod/profiles.php index 173d97138..4625a8805 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -146,17 +146,6 @@ function profiles_init(&$a) { } } -function profiles_aside(&$a) { - - if(! local_user()) { - return; - } - - if((argc() > 1) && (intval(argv(1)))) { - profile_create_sidebar($a); - } -} - function profiles_post(&$a) { if(! local_user()) { diff --git a/mod/profperm.php b/mod/profperm.php index 8054851e8..b31dfc128 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -13,15 +13,6 @@ function profperm_init(&$a) { } -function profperm_aside(&$a) { - - if(! local_user()) - return; - - profile_create_sidebar($a); -} - - function profperm_content(&$a) { if(! local_user()) { diff --git a/mod/viewconnections.php b/mod/viewconnections.php index 9c85d63b6..e0b1af346 100644 --- a/mod/viewconnections.php +++ b/mod/viewconnections.php @@ -11,17 +11,6 @@ function viewconnections_init(&$a) { profile_load($a,argv(1)); } - -function viewconnections_aside(&$a) { - - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - return; - } - - profile_create_sidebar($a); -} - - function viewconnections_content(&$a) { if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { -- cgit v1.2.3 From 2c02f57f276658269a6cc2031fb0fc9ac0a9077c Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 11 Dec 2013 15:04:09 -0800 Subject: remove hidden and deleted channels from viewconnections --- mod/viewconnections.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'mod') diff --git a/mod/viewconnections.php b/mod/viewconnections.php index e0b1af346..4f6f81d82 100644 --- a/mod/viewconnections.php +++ b/mod/viewconnections.php @@ -30,14 +30,11 @@ function viewconnections_content(&$a) { - $r = q("SELECT COUNT(abook_id) as total FROM abook WHERE abook_channel = %d AND abook_flags = 0 ", - intval($a->profile['uid']) - ); - if($r) - $a->set_pager_total($r[0]['total']); - - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_flags = 0 order by xchan_name LIMIT %d , %d ", + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_flags = 0 and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", intval($a->profile['uid']), + intval(XCHAN_FLAGS_HIDDEN), + intval(XCHAN_FLAGS_ORPHAN), + intval(XCHAN_FLAGS_DELETED), intval($a->pager['start']), intval($a->pager['itemspage']) ); -- cgit v1.2.3 From b4e1e8a4a43721d0134e41944afaa9f45bcd8aa8 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 11 Dec 2013 19:43:41 -0800 Subject: The affinity tool is not a "traditional" widget. But it is nevertheless a widget. It just makes fewer page layout decisions which are hard-coded. If you want to shrink it down and put it on the sidebar in your theme, go for it. --- mod/network.php | 25 ------------------------- 1 file changed, 25 deletions(-) (limited to 'mod') diff --git a/mod/network.php b/mod/network.php index 754978949..1da5524c9 100644 --- a/mod/network.php +++ b/mod/network.php @@ -111,33 +111,8 @@ function network_content(&$a, $update = 0, $load = false) { if(! $update) { - - if(feature_enabled(local_user(),'affinity')) { - $tpl = get_markup_template('main_slider.tpl'); - $x = replace_macros($tpl,array( - '$val' => intval($cmin) . ';' . intval($cmax), - '$refresh' => t('Refresh'), - '$me' => t('Me'), - '$intimate' => t('Best Friends'), - '$friends' => t('Friends'), - '$coworkers' => t('Co-workers'), - '$oldfriends' => t('Former Friends'), - '$acquaintances' => t('Acquaintances'), - '$world' => t('Everybody') - )); - $arr = array('html' => $x); - call_hooks('main_slider',$arr); - $o .= $arr['html']; - } - - $o .= network_tabs(); - // --- end item filter tabs - - - - // search terms header if($search) $o .= '

' . t('Search Results For:') . ' ' . htmlspecialchars($search) . '

'; -- cgit v1.2.3 From b3fe221b7fe9c6ecc151d9c00f36d3913526f6a3 Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 11 Dec 2013 23:13:36 -0800 Subject: issue #240 - we were using htmlentities instead of htmlspecialchars in several places, and this was a bit greedy in the set of characters which were converted from utf-8 to HTML entities. Also brought mail attachments up to date so they are rendered identically to item attachments. --- mod/admin.php | 4 ++-- mod/message.php | 34 +--------------------------------- mod/setup.php | 2 +- 3 files changed, 4 insertions(+), 36 deletions(-) (limited to 'mod') diff --git a/mod/admin.php b/mod/admin.php index 9a6aea35a..91dd0b56e 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -425,7 +425,7 @@ function admin_page_site(&$a) { '$baseurl' => $a->get_baseurl(true), // name, label, value, help string, extra data... - '$sitename' => array('sitename', t("Site name"), htmlentities(get_config('system','sitename'), ENT_QUOTES), ""), + '$sitename' => array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''), '$banner' => array('banner', t("Banner/Logo"), $banner, ""), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - change theme settings"), $theme_choices), @@ -436,7 +436,7 @@ function admin_page_site(&$a) { '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), '$register_policy' => array('register_policy', t("Register policy"), get_config('system','register_policy'), "", $register_choices), '$access_policy' => array('access_policy', t("Access policy"), get_config('system','access_policy'), "", $access_choices), - '$register_text' => array('register_text', t("Register text"), htmlentities(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), + '$register_text' => array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')), '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")), '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")), diff --git a/mod/message.php b/mod/message.php index a0382f63d..bee3b68f3 100644 --- a/mod/message.php +++ b/mod/message.php @@ -425,39 +425,7 @@ function message_content(&$a) { foreach($messages as $message) { - $s = $arr = ''; - - if($message['attach']) - $arr = json_decode_plus($message['attach']); - if($arr) { - $s .= '
'; - foreach($arr as $r) { - $matches = false; - $icon = ''; - $icontype = substr($r['type'],0,strpos($r['type'],'/')); - - switch($icontype) { - case 'video': - case 'audio': - case 'image': - case 'text': - $icon = '
'; - break; - default: - $icon = '
'; - break; - } - - $title = htmlentities($r['title'], ENT_COMPAT,'UTF-8'); - if(! $title) - $title = t('unknown.???'); - $title .= ' ' . $r['length'] . ' ' . t('bytes'); - - $url = $a->get_baseurl() . '/magic?f=&hash=' . $message['from_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; - $s .= '' . $icon . ''; - } - $s .= '
'; - } + $s = theme_attachments($message); $mails[] = array( 'id' => $message['id'], diff --git a/mod/setup.php b/mod/setup.php index 429be43af..0198f1f09 100755 --- a/mod/setup.php +++ b/mod/setup.php @@ -543,7 +543,7 @@ function check_htaccess(&$checks) { function manual_config(&$a) { - $data = htmlentities($a->data['txt']); + $data = htmlspecialchars($a->data['txt'],ENT_COMPAT,'UTF-8'); $o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.'); $o .= ""; return $o; -- cgit v1.2.3 From 941f81eb300074b203dd480924f9cf8b9d41a08d Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 12 Dec 2013 02:01:42 -0800 Subject: check that every invocation of htmlspecialchars has the right arg list --- mod/editblock.php | 2 +- mod/editlayout.php | 2 +- mod/editpost.php | 2 +- mod/editwebpage.php | 2 +- mod/message.php | 2 +- mod/network.php | 2 +- mod/search.php | 6 +++--- 7 files changed, 9 insertions(+), 9 deletions(-) (limited to 'mod') diff --git a/mod/editblock.php b/mod/editblock.php index 9c691640b..8b5b2d16c 100644 --- a/mod/editblock.php +++ b/mod/editblock.php @@ -132,7 +132,7 @@ function editblock_content(&$a) { '$pvisit' => 'none', '$public' => t('Public post'), '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title']), + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), '$placeholdertitle' => t('Set title'), '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), diff --git a/mod/editlayout.php b/mod/editlayout.php index f8906d981..542bb8357 100644 --- a/mod/editlayout.php +++ b/mod/editlayout.php @@ -117,7 +117,7 @@ function editlayout_content(&$a) { '$pvisit' => 'none', '$public' => t('Public post'), '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title']), + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), '$placeholdertitle' => t('Set title'), '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), diff --git a/mod/editpost.php b/mod/editpost.php index f25d6d21d..e731c04fe 100644 --- a/mod/editpost.php +++ b/mod/editpost.php @@ -114,7 +114,7 @@ function editpost_content(&$a) { '$pvisit' => 'none', '$public' => t('Public post'), '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title']), + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), '$placeholdertitle' => t('Set title'), '$category' => $category, '$placeholdercategory' => t('Categories (comma-separated list)'), diff --git a/mod/editwebpage.php b/mod/editwebpage.php index 840bda336..85bd9e918 100644 --- a/mod/editwebpage.php +++ b/mod/editwebpage.php @@ -164,7 +164,7 @@ function editwebpage_content(&$a) { '$jotnets' => $jotnets, '$mimeselect' => $mimeselect, '$layoutselect' => $layoutselect, - '$title' => htmlspecialchars($itm[0]['title']), + '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), '$placeholdertitle' => t('Set title'), '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), diff --git a/mod/message.php b/mod/message.php index bee3b68f3..b5420e5b3 100644 --- a/mod/message.php +++ b/mod/message.php @@ -321,7 +321,7 @@ function message_content(&$a) { '$preid' => $preid, '$subject' => t('Subject:'), '$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''), - '$text' => ((x($_REQUEST,'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''), + '$text' => ((x($_REQUEST,'body')) ? htmlspecialchars($_REQUEST['body'], ENT_COMPAT, 'UTF-8') : ''), '$readonly' => '', '$yourmessage' => t('Your message:'), '$select' => $select, diff --git a/mod/network.php b/mod/network.php index 1da5524c9..072f718ec 100644 --- a/mod/network.php +++ b/mod/network.php @@ -115,7 +115,7 @@ function network_content(&$a, $update = 0, $load = false) { // search terms header if($search) - $o .= '

' . t('Search Results For:') . ' ' . htmlspecialchars($search) . '

'; + $o .= '

' . t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '

'; nav_set_selected('network'); diff --git a/mod/search.php b/mod/search.php index 7651b3a4e..2b31002fa 100644 --- a/mod/search.php +++ b/mod/search.php @@ -17,7 +17,7 @@ function search_saved_searches() { $o .= '

' . t('Saved Searches') . '

' . "\r\n"; $o .= '
' . "\r\n"; } @@ -272,9 +272,9 @@ function search_content(&$a,$update = 0, $load = false) { if($tag) - $o .= '

Items tagged with: ' . htmlspecialchars($search) . '

'; + $o .= '

Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '

'; else - $o .= '

Search results for: ' . htmlspecialchars($search) . '

'; + $o .= '

Search results for: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '

'; $o .= conversation($a,$items,'search',$update,'client'); -- cgit v1.2.3 From 0215043826c2c036c3a2c88fa6e42089138c7c52 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 13 Dec 2013 13:30:33 -0800 Subject: prepare for Comanchification of mod_photos --- mod/photos.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/photos.php b/mod/photos.php index 64ca86941..0e23aa5bf 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -19,6 +19,9 @@ function photos_init(&$a) { if(argc() > 1) { $nick = argv(1); + + profile_load($a,$nick); + $channelx = channelx_by_nick($nick); if(! $channelx) @@ -35,7 +38,7 @@ function photos_init(&$a) { - $a->set_widget('vcard',vcard_from_xchan($a->data['channel'],$observer)); + $a->set_widget('vcard',vcard_from_xchan('',$observer)); head_set_icon($a->data['channel']['xchan_photo_s']); if($a->data['perms']['view_photos']) { $a->data['albums'] = photos_albums_list($a->data['channel'],$observer); -- cgit v1.2.3 From c00f0d4b282f2242b9c2e154a5381029cf0dc812 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 14 Dec 2013 13:26:40 -0800 Subject: a couple more comanche conversions --- mod/allfriends.php | 60 ------------------------------------------------------ mod/message.php | 23 --------------------- mod/settings.php | 4 ++-- 3 files changed, 2 insertions(+), 85 deletions(-) delete mode 100644 mod/allfriends.php (limited to 'mod') diff --git a/mod/allfriends.php b/mod/allfriends.php deleted file mode 100644 index bb4df30be..000000000 --- a/mod/allfriends.php +++ /dev/null @@ -1,60 +0,0 @@ - 1) - $cid = intval(argv(1)); - if(! $cid) - return; - - $c = q("select name, url, photo from contact where id = %d and uid = %d limit 1", - intval($cid), - intval(local_user()) - ); - - $a->page['aside'] .= '
' - . '
' . $c[0]['name'] . '
' - . '
' - . '' . $c[0]['name'] . '
' - . '
'; - - - if(! count($c)) - return; - - $o .= '

' . sprintf( t('Friends of %s'), $c[0]['name']) . '

'; - - - $r = all_friends(local_user(),$cid); - - if(! count($r)) { - $o .= t('No friends to display.'); - return $o; - } - - $tpl = get_markup_template('common_friends.tpl'); - - foreach($r as $rr) { - - $o .= replace_macros($tpl,array( - '$url' => $rr['url'], - '$name' => $rr['name'], - '$photo' => $rr['photo'], - '$tags' => '' - )); - } - - $o .= cleardiv(); -// $o .= paginate($a); - return $o; -} diff --git a/mod/message.php b/mod/message.php index b5420e5b3..6a33f1db7 100644 --- a/mod/message.php +++ b/mod/message.php @@ -7,29 +7,6 @@ require_once("include/bbcode.php"); require_once('include/Contact.php'); -function message_aside(&$a) { - - if (! local_user()) - return; - - $a->set_widget('msgaside',replace_macros(get_markup_template('message_side.tpl'), array( - '$tabs'=> array(), - - '$check'=>array( - 'label' => t('Check Mail'), - 'url' => $a->get_baseurl(true) . '/message', - 'sel' => (argv(1) == ''), - ), - '$new'=>array( - 'label' => t('New Message'), - 'url' => $a->get_baseurl(true) . '/message/new', - 'sel'=> (argv(1) == 'new'), - ) - - ))); - -} - function message_post(&$a) { if(! local_user()) diff --git a/mod/settings.php b/mod/settings.php index 4d95f75b3..c2a540063 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -32,7 +32,7 @@ if (! local_user()) $a->argc = 2; $a->argv[] = 'channel'; } - +/* $channel = $a->get_channel(); $abook_self_id = 0; @@ -132,7 +132,7 @@ if (! local_user()) '$class' => 'settings-widget', '$items' => $tabs, )); - +*/ } -- cgit v1.2.3 From d14e2db6b436b3190db0c506cf5f907bd1a7fcc9 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 14 Dec 2013 17:03:37 -0800 Subject: make home.html fullpage mode - make directory search work for non-logged in, but leave off suggest and invite --- mod/directory.php | 10 ++++------ mod/home.php | 8 ++++---- 2 files changed, 8 insertions(+), 10 deletions(-) (limited to 'mod') diff --git a/mod/directory.php b/mod/directory.php index 616035339..92fb36ea7 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -11,15 +11,13 @@ function directory_init(&$a) { function directory_aside(&$a) { - if(local_user()) { - require_once('include/contact_widgets.php'); - $a->set_widget('find_people',findpeople_widget()); - } - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { return; } - + + require_once('include/contact_widgets.php'); + $a->set_widget('find_people',findpeople_widget()); + $a->set_widget('safe_search',dir_safe_mode()); $a->set_widget('dir_sort_order',dir_sort_links()); diff --git a/mod/home.php b/mod/home.php index edcaa938d..3f862b596 100644 --- a/mod/home.php +++ b/mod/home.php @@ -1,6 +1,6 @@ Date: Sat, 14 Dec 2013 17:06:50 -0800 Subject: missed this --- mod/home.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'mod') diff --git a/mod/home.php b/mod/home.php index 3f862b596..2b8e83c30 100644 --- a/mod/home.php +++ b/mod/home.php @@ -1,6 +1,6 @@ ' . ((x($a->config,'sitename')) ? sprintf( t("Welcome to %s") ,$a->config['sitename']) : "" ) . ''; - if(file_exists('home.html')) - $o .= file_get_contents('home.html'); -} + if(file_exists('home.html')) { + $o .= file_get_contents('home.html'); + $a->page['template'] = 'full'; + } + } if (!$a->config['system']['no_login_on_homepage']) $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); @@ -85,4 +87,4 @@ require_once('include/conversation.php'); return $o; } - +} -- cgit v1.2.3 From 0272ab4cd9a6428396489d88c7a1a89be76e5810 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 15 Dec 2013 14:36:43 -0800 Subject: Provide a fallback channel to probe for magic-auth when we have no prior communications with a site. This will be a system channel if one exists, otherwise any channel will do. We'll try to use the first valid channel on the site because that was probably created when the site was installed and is the closest thing to a system channel we've got. --- mod/magic.php | 37 ++++++++++++++++++++++--------------- mod/zfinger.php | 32 +++++++++++++++++++++++++++----- 2 files changed, 49 insertions(+), 20 deletions(-) (limited to 'mod') diff --git a/mod/magic.php b/mod/magic.php index 03d09e70d..aead559a7 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -33,21 +33,28 @@ function magic_init(&$a) { if(! $x) { - // Somebody new? Finger them if they've never been seen here before - - if($addr) { - $ret = zot_finger($addr,null); - if($ret['success']) { - $j = json_decode($ret['body'],true); - if($j) - import_xchan($j); - - // Now try again - - $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", - dbesc($basepath) - ); - } + /* + * We have no records for, or prior communications with this hub. + * If an address was supplied, let's finger them to create a hub record. + * Otherwise we'll use the special address '[system]' which will return + * either a system channel or the first available normal channel. We don't + * really care about what channel is returned - we need the hub information + * from that response so that we can create signed auth packets destined + * for that hub. + * + */ + + $ret = zot_finger((($addr) ? $addr : '[system]@' . $parsed['host']),null); + if($ret['success']) { + $j = json_decode($ret['body'],true); + if($j) + import_xchan($j); + + // Now try again + + $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", + dbesc($basepath) + ); } } diff --git a/mod/zfinger.php b/mod/zfinger.php index 0827f3424..aad8e224d 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -52,11 +52,33 @@ function zfinger_init(&$a) { ); } elseif(strlen($zaddr)) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash - where ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", - dbesc($zaddr), - dbesc($zaddr) - ); + if(strpos($zaddr,'[system]') === false) { /* normal address lookup */ + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", + dbesc($zaddr), + dbesc($zaddr) + ); + } + + else { + + /** + * The special address '[system]' will return a system channel if one has been defined, + * Or the first valid channel we find if there are no system channels. + * + * This is used by magic-auth if we have no prior communications with this site - and + * returns an identity on this site which we can use to create a valid hub record so that + * we can exchange signed messages. The precise identity is irrelevant. It's the hub + * information that we really need at the other end - and this will return it. + * + */ + + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where (( channel_pageflags & %d ) or not ( channel_pageflags & %d )) order by channel_id limit 1", + intval(PAGE_SYSTEM), + intval(PAGE_REMOVED) + ); + } } else { $ret['message'] = 'Invalid request'; -- cgit v1.2.3 From 731ab80ac2ea78f595730ecb8f4d62d7b468d084 Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 15 Dec 2013 15:37:51 -0800 Subject: set system.projecthome to 1 if you want the project page for a home page. There was a bit of re-org of mod/home, which might alter the behaviour for some existing sites. Basically we're not showing a login box at all if you've got home.html - there should be a login link in th nav bar. If you haven't defined anything at all we'll fall back to the old behaviour but still allow the home contents to be set via plugin. --- mod/home.php | 92 ++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 49 insertions(+), 43 deletions(-) (limited to 'mod') diff --git a/mod/home.php b/mod/home.php index 2b8e83c30..05626dcb5 100644 --- a/mod/home.php +++ b/mod/home.php @@ -1,6 +1,9 @@ profile = array('profile_uid' => $u[0]['channel_id']); + $o .= prepare_page($r[0]); + return $o; } - $r = q("select item.* from item left join item_id on item.id = item_id.iid - where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and - item_restrict = %d limit 1", - intval($u[0]['channel_id']), - dbesc($page_id), - intval(ITEM_WEBPAGE) - ); - - if(! $r) { - notice( t('Item not found.') . EOL); - return; + if(get_config('system','projecthome')) { + $o .= file_get_contents('assets/home.html'); + $a->page['template'] = 'full'; + return $o; } - xchan_query($r); - $r = fetch_post_tags($r,true); - $a->profile = array('profile_uid' => $u[0]['channel_id']); - $o .= prepare_page($r[0]); + if(file_exists('home.html')) { + $o .= file_get_contents('home.html'); + } + else { -} + // If there's no site channel or home contents configured, fallback to the old behaviour -// If there's no site channel specified, fallback to the old behaviour - else { $o .= '

' . ((x($a->config,'sitename')) ? sprintf( t("Welcome to %s") ,$a->config['sitename']) : "" ) . '

'; - if(file_exists('home.html')) { - $o .= file_get_contents('home.html'); - $a->page['template'] = 'full'; - } + $sitename = get_config('system','sitename'); + if($sitename) + $o .= '

' . sprintf( t("Welcome to %s") ,$sitename) . '

'; + if (! $a->config['system']['no_login_on_homepage']) + $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); } - - if (!$a->config['system']['no_login_on_homepage']) - $o .= login(($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1); - - call_hooks("home_content",$o); - return $o; -} + call_hooks('home_content',$o); + return $o; } -- cgit v1.2.3 From 5a3a72604bf0e1c7ec04fbdbdee7a08c2a340c5a Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 15 Dec 2013 20:59:52 -0800 Subject: some re-work of mod_sources --- mod/sources.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'mod') diff --git a/mod/sources.php b/mod/sources.php index 125184d47..87bab60df 100644 --- a/mod/sources.php +++ b/mod/sources.php @@ -9,11 +9,25 @@ function sources_post(&$a) { $source = intval($_REQUEST['source']); $xchan = $_REQUEST['xchan']; + $abook = intval($_REQUEST['abook']); $words = $_REQUEST['words']; $frequency = $_REQUEST['frequency']; $channel = $a->get_channel(); + if($abook) { + $r = q("select abook_xchan from abook where abook_id = %d and abook_channel = %d limit 1", + intval($abook), + intval(local_user()) + ); + if($r) + $xchan = $r[0]['abook_xchan']; + } + + if(! $xchan) { + notice ( t('Failed to create source. No channel selected.') . EOL); + return; + } if(! $source) { $r = q("insert into source ( src_channel_id, src_channel_xchan, src_xchan, src_patt ) @@ -92,6 +106,12 @@ function sources_content(&$a) { intval(argv(1)), intval(local_user()) ); + if($r) { + $x = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($r[0]['src_xchan']), + intval(local_user()) + ); + } if(! $r) { notice( t('Source not found.') . EOL); return ''; @@ -106,6 +126,7 @@ function sources_content(&$a) { '$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'), '$words' => array( 'words', t('Only import content with these words (one per line)'),$r[0]['src_patt'],t('Leave blank to import all public content')), '$xchan' => $r[0]['src_xchan'], + '$abook' => $x[0]['abook_id'], '$name' => array( 'name', t('Channel Name'), $r[0]['xchan_name'], ''), '$submit' => t('Submit') )); -- cgit v1.2.3 From a7a775a718ef92c9bd623849baab1e386071d70b Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 16 Dec 2013 00:25:08 -0800 Subject: install redbasic during setup so that at least one theme is registered. Otherwise none of the display settings seem to work very well. --- mod/setup.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'mod') diff --git a/mod/setup.php b/mod/setup.php index 0198f1f09..245508683 100755 --- a/mod/setup.php +++ b/mod/setup.php @@ -577,6 +577,8 @@ function load_database($db) { function what_next() { $a = get_app(); + // install the standard theme + set_config('system','allowed_themes','redbasic'); $baseurl = $a->get_baseurl(); return t('

What next

') -- cgit v1.2.3 From 50731fa6a6edbd5d4223de239ae791cc03efe9be Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 16 Dec 2013 13:34:34 -0800 Subject: bring back the collection edit sidebar widget on the connection edit page until I sort out Comanche on that page. --- mod/connections.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index d1bb33748..cb859e4a6 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -39,10 +39,10 @@ function connections_aside(&$a) { if(x($a->data,'abook')) { $a->set_widget('vcard',vcard_from_xchan($a->data['abook'],$a->get_observer())); + $a->set_widget('collections', group_side('connections','group',false,0,$a->data['abook']['abook_xchan'])); } else { $a->set_widget('follow', widget_follow(array())); - $a->set_widget('collections', group_side('connections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : ''))); } -- cgit v1.2.3 From b3e3073b991c2ee898b0d8f4edd2df221a538631 Mon Sep 17 00:00:00 2001 From: zottel Date: Tue, 17 Dec 2013 12:23:39 +0100 Subject: JS-less display --- mod/display.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'mod') diff --git a/mod/display.php b/mod/display.php index 9aafec8c3..65114272a 100644 --- a/mod/display.php +++ b/mod/display.php @@ -139,13 +139,13 @@ function display_content(&$a, $update = 0, $load = false) { $sql_extra = public_permissions_sql(get_observer_hash()); - if($update && $load) { + if(($update && $load) || ($_COOKIE['jsAvailable'] != 1)) { $updateable = false; $pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage'])); - if($load) { + if($load || ($_COOKIE['jsAvailable'] != 1)) { $r = null; if(local_user()) { $r = q("SELECT * from item @@ -202,8 +202,11 @@ function display_content(&$a, $update = 0, $load = false) { } - - $o .= conversation($a, $items, 'display', $update, 'client'); + if ($_COOKIE['jsAvailable'] == 1) { + $o .= conversation($a, $items, 'display', $update, 'client'); + } else { + $o .= conversation($a, $items, 'display', $update, 'traditional'); + } if($updateable) { $x = q("UPDATE item SET item_flags = ( item_flags ^ %d ) -- cgit v1.2.3 From 44ead61339745b975d4cff60894afb18b83fa55f Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 17 Dec 2013 16:35:22 -0800 Subject: authtest: do a better job of success/failure indication --- mod/authtest.php | 7 ++++++- mod/post.php | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'mod') diff --git a/mod/authtest.php b/mod/authtest.php index 2c8d7b4b4..7747ea504 100644 --- a/mod/authtest.php +++ b/mod/authtest.php @@ -6,7 +6,7 @@ require_once('mod/magic.php'); function authtest_content(&$a) { - + $auth_success = false; $o .= '

Magic-Auth Diagnostic

'; if(! local_user()) { @@ -34,11 +34,16 @@ function authtest_content(&$a) { if(! $j) $o .= 'json_decode failure from remote site. ' . print_r($z['body'],true); $o .= 'Remote site responded: ' . print_r($j,true); + if(strpos($j,'Authentication Success')) + $auth_success = true; } else { $o .= 'fetch url failure.' . print_r($z,true); } } + + if(! $auth_success) + $o .= 'Authentication Failed!' . EOL; } return str_replace("\n",'
',$o); diff --git a/mod/post.php b/mod/post.php index 73345c4e9..7f495140e 100644 --- a/mod/post.php +++ b/mod/post.php @@ -232,7 +232,7 @@ function post_init(&$a) { if($test) { $ret['success'] = true; - $ret['message'] .= 'Success' . EOL; + $ret['message'] .= 'Authentication Success!' . EOL; json_return_and_die($ret); } -- cgit v1.2.3 From 1780684c57a068f0278ad576703e044c64a70aa5 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 17 Dec 2013 20:26:08 -0800 Subject: split mod/connections for comanchification --- mod/connedit.php | 708 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 708 insertions(+) create mode 100644 mod/connedit.php (limited to 'mod') diff --git a/mod/connedit.php b/mod/connedit.php new file mode 100644 index 000000000..777127c4f --- /dev/null +++ b/mod/connedit.php @@ -0,0 +1,708 @@ +data['abook'] = $r[0]; + } + } + + $channel = $a->get_channel(); + if($channel) + head_set_icon($channel['xchan_photo_s']); + +} + +function connedit_aside(&$a) { + + + if (! local_user()) + return; + + if(x($a->data,'abook')) { + $a->set_widget('vcard',vcard_from_xchan($a->data['abook'],$a->get_observer())); + $a->set_widget('collections', group_side('connections','group',false,0,$a->data['abook']['abook_xchan'])); + } + else { + $a->set_widget('follow', widget_follow(array())); + } + + + $a->set_widget('suggest',widget_suggestions(array())); + $a->set_widget('findpeople',findpeople_widget()); + +} + + + +function connedit_post(&$a) { + + if(! local_user()) + return; + + $contact_id = intval(argv(1)); + if(! $contact_id) + return; + + $orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", + intval($contact_id), + intval(local_user()) + ); + + if(! $orig_record) { + notice( t('Could not access contact record.') . EOL); + goaway($a->get_baseurl(true) . '/connections'); + return; // NOTREACHED + } + + call_hooks('contact_edit_post', $_POST); + + $profile_id = $_POST['profile-assign']; + if($profile_id) { + $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1", + dbesc($profile_id), + intval(local_user()) + ); + if(! count($r)) { + notice( t('Could not locate selected profile.') . EOL); + return; + } + } + + $hidden = intval($_POST['hidden']); + + $priority = intval($_POST['poll']); + if($priority > 5 || $priority < 0) + $priority = 0; + + $closeness = intval($_POST['closeness']); + if($closeness < 0) + $closeness = 99; + + $abook_my_perms = 0; + + foreach($_POST as $k => $v) { + if(strpos($k,'perms_') === 0) { + $abook_my_perms += $v; + } + } + + $abook_flags = $orig_record[0]['abook_flags']; + $new_friend = false; + + if(($_REQUEST['pending']) && ($abook_flags & ABOOK_FLAG_PENDING)) { + $abook_flags = ( $abook_flags ^ ABOOK_FLAG_PENDING ); + $new_friend = true; + } + + $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d + where abook_id = %d AND abook_channel = %d LIMIT 1", + dbesc($profile_id), + intval($abook_my_perms), + intval($closeness), + intval($abook_flags), + intval($contact_id), + intval(local_user()) + ); + if($r) + info( t('Connection updated.') . EOL); + else + notice( t('Failed to update connection record.') . EOL); + + if((x($a->data,'abook')) && $a->data['abook']['abook_my_perms'] != $abook_my_perms + && (! ($a->data['abook']['abook_flags'] & ABOOK_FLAG_SELF))) { + proc_run('php', 'include/notifier.php', 'permission_update', $contact_id); + } + + if($new_friend) { + $channel = $a->get_channel(); + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash(local_user(),$default_group); + if($g) + group_add_member(local_user(),'',$a->data['abook_xchan'],$g['id']); + } + + + + // Check if settings permit ("post new friend activity" is allowed, and + // friends in general or this friend in particular aren't hidden) + // and send out a new friend activity + // TODO + + // pull in a bit of content if there is any to pull in + proc_run('php','include/onepoll.php',$contact_id); + + } + + // Refresh the structure in memory with the new data + + $r = q("SELECT abook.*, xchan.* + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and abook_id = %d LIMIT 1", + intval(local_user()), + intval($contact_id) + ); + if($r) { + $a->data['abook'] = $r[0]; + } + + if($new_friend) { + $arr = array('channel_id' => local_user(), 'abook' => $a->data['abook']); + call_hooks('accept_follow', $arr); + } + + connedit_clone($a); + + return; + +} + +function connedit_clone(&$a) { + + if(! array_key_exists('abook',$a->data)) + return; + $clone = $a->data['abook']; + + unset($clone['abook_id']); + unset($clone['abook_account']); + unset($clone['abook_channel']); + + build_sync_packet(0 /* use the current local_user */, array('abook' => array($clone))); +} + + +function connedit_content(&$a) { + + $sort_type = 0; + $o = ''; + + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return login(); + } + + if(argc() == 3) { + + $contact_id = intval(argv(1)); + if(! $contact_id) + return; + + $cmd = argv(2); + + $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) and not ( abook_flags & %d ) LIMIT 1", + intval($contact_id), + intval(local_user()), + intval(ABOOK_FLAG_SELF), + // allow drop even if pending, just duplicate the self query + intval(($cmd === 'drop') ? ABOOK_FLAG_SELF : ABOOK_FLAG_PENDING) + ); + + if(! count($orig_record)) { + notice( t('Could not access address book record.') . EOL); + goaway($a->get_baseurl(true) . '/connections'); + } + + if($cmd === 'update') { + + // pull feed and consume it, which should subscribe to the hub. + proc_run('php',"include/poller.php","$contact_id"); + goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + + } + + if($cmd === 'refresh') { + if(! zot_refresh($orig_record[0],get_app()->get_channel())) + notice( t('Refresh failed - channel is currently unavailable.') ); + goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + } + + if($cmd === 'block') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_BLOCKED)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_BLOCKED) + ? t('Channel has been unblocked') + : t('Channel has been blocked')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + } + + if($cmd === 'ignore') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_IGNORED)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_IGNORED) + ? t('Channel has been unignored') + : t('Channel has been ignored')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + } + + if($cmd === 'archive') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_ARCHIVED)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_ARCHIVED) + ? t('Channel has been unarchived') + : t('Channel has been archived')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + } + + if($cmd === 'hide') { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_HIDDEN)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_HIDDEN) + ? t('Channel has been unhidden') + : t('Channel has been hidden')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + } + + // We'll prevent somebody from unapproving a contact. + + if($cmd === 'approve') { + if($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) { + if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_PENDING)) { + info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) + ? t('Channel has been approved') + : t('Channel has been unapproved')) . EOL ); + connedit_clone($a); + } + else + notice(t('Unable to set address book parameters.') . EOL); + } + goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + } + + + if($cmd === 'drop') { + + require_once('include/Contact.php'); +// FIXME +// terminate_friendship($a->get_channel(),$orig_record[0]); + + contact_remove(local_user(), $orig_record[0]['abook_id']); +// FIXME - send to clones + info( t('Contact has been removed.') . EOL ); + if(x($_SESSION,'return_url')) + goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']); + goaway($a->get_baseurl(true) . '/contacts'); + + } + } + + if((x($a->data,'abook')) && (is_array($a->data['abook']))) { + + $contact_id = $a->data['abook']['abook_id']; + $contact = $a->data['abook']; + + + $tabs = array( + + array( + 'label' => t('View Profile'), + 'url' => $a->get_baseurl(true) . '/chanview/?f=&cid=' . $contact['abook_id'], + 'sel' => '', + 'title' => sprintf( t('View %s\'s profile'), $contact['xchan_name']), + ), + + array( + 'label' => t('Refresh Permissions'), + 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/refresh', + 'sel' => '', + 'title' => t('Fetch updated permissions'), + ), + + array( + 'label' => t('Recent Activity'), + 'url' => $a->get_baseurl(true) . '/network/?f=&cid=' . $contact['abook_id'], + 'sel' => '', + 'title' => t('View recent posts and comments'), + ), + + array( + 'label' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? t('Unblock') : t('Block')), + 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/block', + 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? 'active' : ''), + 'title' => t('Block or Unblock this connection'), + ), + + array( + 'label' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? t('Unignore') : t('Ignore')), + 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/ignore', + 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? 'active' : ''), + 'title' => t('Ignore or Unignore this connection'), + ), + array( + 'label' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? t('Unarchive') : t('Archive')), + 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/archive', + 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? 'active' : ''), + 'title' => t('Archive or Unarchive this connection'), + ), + array( + 'label' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? t('Unhide') : t('Hide')), + 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/hide', + 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? 'active' : ''), + 'title' => t('Hide or Unhide this connection'), + ), + + array( + 'label' => t('Delete'), + 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/drop', + 'sel' => '', + 'title' => t('Delete this connection'), + ), + + ); + + $self = false; + + if(! ($contact['abook_flags'] & ABOOK_FLAG_SELF)) { + $tab_tpl = get_markup_template('common_tabs.tpl'); + $t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); + } + else + $self = true; + + $a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array( + '$baseurl' => $a->get_baseurl(true), + '$editselect' => $editselect + )); + + require_once('include/contact_selectors.php'); + + $tpl = get_markup_template("abook_edit.tpl"); + + if(feature_enabled(local_user(),'affinity')) { + + $slider_tpl = get_markup_template('contact_slider.tpl'); + $slide = replace_macros($slider_tpl,array( + '$me' => t('Me'), + '$val' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 99), + '$intimate' => t('Best Friends'), + '$friends' => t('Friends'), + '$oldfriends' => t('Former Friends'), + '$acquaintances' => t('Acquaintances'), + '$world' => t('Unknown') + )); + } + + $perms = array(); + $channel = $a->get_channel(); + + $global_perms = get_perms(); + $existing = get_all_perms(local_user(),$contact['abook_xchan']); + + $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication')); + + foreach($global_perms as $k => $v) { + $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : ''); + + // For auto permissions (when $self is true) we don't want to look at existing + // permissions because they are enabled for the channel owner + + if((! $self) && ($existing[$k])) + $thisperm = "1"; + + $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4]); + } + + $o .= replace_macros($tpl,array( + + '$header' => (($self) ? t('Automatic Permissions Settings') : sprintf( t('Connections: settings for %s'),$contact['xchan_name'])), + '$addr' => $contact['xchan_addr'], + '$notself' => (($self) ? '' : '1'), + '$self' => (($self) ? '1' : ''), + '$autolbl' => t('When receiving a channel introduction, any permissions provided here will be applied to the new connection automatically and the introduction approved. Leave this page if you do not wish to use this feature.'), + '$viewprof' => t('View Profile'), + '$lbl_slider' => t('Slide to adjust your degree of friendship'), + '$slide' => $slide, + '$tabs' => $t, + '$tab_str' => $tab_str, + '$is_pending' => (($contact['abook_flags'] & ABOOK_FLAG_PENDING) ? 1 : ''), + '$unapproved' => $unapproved, + '$inherited' => t('inherited'), + '$approve' => t('Approve this connection'), + '$noperms' => (((! $self) && (! $contact['abook_my_perms'])) ? t('Connection has no individual permissions!') : ''), + '$noperm_desc' => (((! $self) && (! $contact['abook_my_perms'])) ? t('This may be appropriate based on your privacy settings, though you may wish to review the "Advanced Permissions".') : ''), + '$submit' => t('Submit'), + '$lbl_vis1' => t('Profile Visibility'), + '$lbl_vis2' => sprintf( t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), + '$lbl_info1' => t('Contact Information / Notes'), + '$infedit' => t('Edit contact notes'), + '$close' => $contact['abook_closeness'], + '$them' => t('Their Settings'), + '$me' => t('My Settings'), + '$perms' => $perms, + '$forum' => t('Forum Members'), + '$soapbox' => t('Soapbox'), + '$full' => t('Full Sharing'), + '$cautious' => t('Cautious Sharing'), + '$follow' => t('Follow Only'), + '$permlbl' => t('Individual Permissions'), + '$permnote' => t('Some permissions may be inherited from your channel privacy settings, which have higher priority. Changing those inherited settings on this page will have no effect.'), + '$advanced' => t('Advanced Permissions'), + '$quick' => t('Quick Links'), + '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'], + '$all_friends' => $all_friends, + '$relation_text' => $relation_text, + '$visit' => sprintf( t('Visit %s\'s profile - %s'),$contact['xchan_name'],$contact['xchan_url']), + '$blockunblock' => t('Block/Unblock contact'), + '$ignorecont' => t('Ignore contact'), + '$lblcrepair' => t("Repair URL settings"), + '$lblrecent' => t('View conversations'), + '$lblsuggest' => $lblsuggest, + '$delete' => t('Delete contact'), + '$poll_interval' => contact_poll_interval($contact['priority'],(! $poll_enabled)), + '$poll_enabled' => $poll_enabled, + '$lastupdtext' => t('Last update:'), + '$lost_contact' => $lost_contact, + '$updpub' => t('Update public posts'), + '$last_update' => $last_update, + '$udnow' => t('Update now'), + '$profile_select' => contact_profile_assign($contact['abook_profile']), + '$multiprofs' => feature_enabled(local_user(),'multi_profiles'), + '$contact_id' => $contact['abook_id'], + '$block_text' => (($contact['blocked']) ? t('Unblock') : t('Block') ), + '$ignore_text' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ), + '$blocked' => (($contact['blocked']) ? t('Currently blocked') : ''), + '$ignored' => (($contact['readonly']) ? t('Currently ignored') : ''), + '$archived' => (($contact['archive']) ? t('Currently archived') : ''), + '$pending' => (($contact['archive']) ? t('Currently pending') : ''), + '$hidden' => array('hidden', t('Hide this contact from others'), ($contact['hidden'] == 1), t('Replies/likes to your public posts may still be visible')), + '$photo' => $contact['photo'], + '$name' => $contact['name'], + '$dir_icon' => $dir_icon, + '$alt_text' => $alt_text, + '$sparkle' => $sparkle, + '$url' => $url + + )); + + $arr = array('contact' => $contact,'output' => $o); + + call_hooks('contact_edit', $arr); + + return $arr['output']; + + } + + $blocked = false; + $hidden = false; + $ignored = false; + $archived = false; + $unblocked = false; + $pending = false; + + $all = false; + + $_SESSION['return_url'] = $a->query_string; + + $search_flags = 0; + $head = ''; + + if(argc() == 2) { + switch(argv(1)) { + case 'blocked': + $search_flags = ABOOK_FLAG_BLOCKED; + $head = t('Blocked'); + $blocked = true; + break; + case 'ignored': + $search_flags = ABOOK_FLAG_IGNORED; + $head = t('Ignored'); + $ignored = true; + break; + case 'hidden': + $search_flags = ABOOK_FLAG_HIDDEN; + $head = t('Hidden'); + $hidden = true; + break; + case 'archived': + $search_flags = ABOOK_FLAG_ARCHIVED; + $head = t('Archived'); + $archived = true; + break; + case 'pending': + $search_flags = ABOOK_FLAG_PENDING; + $head = t('New'); + $pending = true; + nav_set_selected('intros'); + break; + + case 'all': + $head = t('All'); + default: + $search_flags = 0; + $all = true; + break; + + } + + $sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " ) " : ""); + + + } + else { + $sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " ) "; + $unblocked = true; + } + + $search = ((x($_REQUEST,'search')) ? notags(trim($_REQUEST['search'])) : ''); + + $tabs = array( + array( + 'label' => t('Suggestions'), + 'url' => $a->get_baseurl(true) . '/suggest', + 'sel' => '', + 'title' => t('Suggest new connections'), + ), + array( + 'label' => t('New Connections'), + 'url' => $a->get_baseurl(true) . '/connections/pending', + 'sel' => ($pending) ? 'active' : '', + 'title' => t('Show pending (new) connections'), + ), + array( + 'label' => t('All Connections'), + 'url' => $a->get_baseurl(true) . '/connections/all', + 'sel' => ($all) ? 'active' : '', + 'title' => t('Show all connections'), + ), + array( + 'label' => t('Unblocked'), + 'url' => $a->get_baseurl(true) . '/connections', + 'sel' => (($unblocked) && (! $search) && (! $nets)) ? 'active' : '', + 'title' => t('Only show unblocked connections'), + ), + + array( + 'label' => t('Blocked'), + 'url' => $a->get_baseurl(true) . '/connections/blocked', + 'sel' => ($blocked) ? 'active' : '', + 'title' => t('Only show blocked connections'), + ), + + array( + 'label' => t('Ignored'), + 'url' => $a->get_baseurl(true) . '/connections/ignored', + 'sel' => ($ignored) ? 'active' : '', + 'title' => t('Only show ignored connections'), + ), + + array( + 'label' => t('Archived'), + 'url' => $a->get_baseurl(true) . '/connections/archived', + 'sel' => ($archived) ? 'active' : '', + 'title' => t('Only show archived connections'), + ), + + array( + 'label' => t('Hidden'), + 'url' => $a->get_baseurl(true) . '/connections/hidden', + 'sel' => ($hidden) ? 'active' : '', + 'title' => t('Only show hidden connections'), + ), + + ); + + $tab_tpl = get_markup_template('common_tabs.tpl'); + $t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); + + $searching = false; + if($search) { + $search_hdr = $search; + $search_txt = dbesc(protect_sprintf(preg_quote($search))); + $searching = true; + } + $sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : ""); + + + $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash + where abook_channel = %d and not (abook_flags & %d) $sql_extra $sql_extra2 ", + intval(local_user()), + intval(ABOOK_FLAG_SELF) + ); + if(count($r)) { + $a->set_pager_total($r[0]['total']); + $total = $r[0]['total']; + } + + $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash + WHERE abook_channel = %d and not (abook_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", + intval(local_user()), + intval(ABOOK_FLAG_SELF), + intval($a->pager['start']), + intval($a->pager['itemspage']) + ); + + $contacts = array(); + + if(count($r)) { + + foreach($r as $rr) { + if($rr['xchan_url']) { + $contacts[] = array( + 'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']), + 'edit_hover' => t('Edit contact'), + 'id' => $rr['abook_id'], + 'alt_text' => $alt_text, + 'dir_icon' => $dir_icon, + 'thumb' => $rr['xchan_photo_m'], + 'name' => $rr['xchan_name'], + 'username' => $rr['xchan_name'], + 'sparkle' => $sparkle, + 'link' => z_root() . '/connections/' . $rr['abook_id'], + 'url' => $rr['xchan_url'], + 'network' => network_to_name($rr['network']), + ); + } + } + } + + + $tpl = get_markup_template("contacts-template.tpl"); + $o .= replace_macros($tpl,array( + '$header' => t('Connections') . (($head) ? ' - ' . $head : ''), + '$tabs' => $t, + '$total' => $total, + '$search' => $search_hdr, + '$desc' => t('Search your connections'), + '$finding' => (($searching) ? t('Finding: ') . "'" . $search . "'" : ""), + '$submit' => t('Find'), + '$cmd' => $a->cmd, + '$contacts' => $contacts, + '$paginate' => paginate($a), + + )); + + return $o; +} -- cgit v1.2.3 From 38fd8410eb5c66928cb24bb87ad38657f53aec3a Mon Sep 17 00:00:00 2001 From: friendica Date: Wed, 18 Dec 2013 01:00:08 -0800 Subject: split off mod_connections into mod_connections & mod_connedit - lots of links to fix --- mod/connections.php | 336 +--------------------------------------------------- mod/connedit.php | 219 ++-------------------------------- mod/follow.php | 2 +- mod/settings.php | 2 +- 4 files changed, 18 insertions(+), 541 deletions(-) (limited to 'mod') diff --git a/mod/connections.php b/mod/connections.php index cb859e4a6..10f0468b6 100644 --- a/mod/connections.php +++ b/mod/connections.php @@ -13,18 +13,6 @@ function connections_init(&$a) { if(! local_user()) return; - if((argc() == 2) && intval(argv(1))) { - $r = q("SELECT abook.*, xchan.* - FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d and abook_id = %d LIMIT 1", - intval(local_user()), - intval(argv(1)) - ); - if($r) { - $a->data['abook'] = $r[0]; - } - } - $channel = $a->get_channel(); if($channel) head_set_icon($channel['xchan_photo_s']); @@ -37,13 +25,8 @@ function connections_aside(&$a) { if (! local_user()) return; - if(x($a->data,'abook')) { - $a->set_widget('vcard',vcard_from_xchan($a->data['abook'],$a->get_observer())); - $a->set_widget('collections', group_side('connections','group',false,0,$a->data['abook']['abook_xchan'])); - } - else { - $a->set_widget('follow', widget_follow(array())); - } + + $a->set_widget('follow', widget_follow(array())); $a->set_widget('suggest',widget_suggestions(array())); @@ -202,319 +185,6 @@ function connections_content(&$a) { return login(); } - if(argc() == 3) { - - $contact_id = intval(argv(1)); - if(! $contact_id) - return; - - $cmd = argv(2); - - $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) and not ( abook_flags & %d ) LIMIT 1", - intval($contact_id), - intval(local_user()), - intval(ABOOK_FLAG_SELF), - // allow drop even if pending, just duplicate the self query - intval(($cmd === 'drop') ? ABOOK_FLAG_SELF : ABOOK_FLAG_PENDING) - ); - - if(! count($orig_record)) { - notice( t('Could not access address book record.') . EOL); - goaway($a->get_baseurl(true) . '/connections'); - } - - if($cmd === 'update') { - - // pull feed and consume it, which should subscribe to the hub. - proc_run('php',"include/poller.php","$contact_id"); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - - } - - if($cmd === 'refresh') { - if(! zot_refresh($orig_record[0],get_app()->get_channel())) - notice( t('Refresh failed - channel is currently unavailable.') ); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - if($cmd === 'block') { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_BLOCKED)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_BLOCKED) - ? t('Channel has been unblocked') - : t('Channel has been blocked')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - if($cmd === 'ignore') { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_IGNORED)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_IGNORED) - ? t('Channel has been unignored') - : t('Channel has been ignored')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - if($cmd === 'archive') { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_ARCHIVED)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_ARCHIVED) - ? t('Channel has been unarchived') - : t('Channel has been archived')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - if($cmd === 'hide') { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_HIDDEN)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_HIDDEN) - ? t('Channel has been unhidden') - : t('Channel has been hidden')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - // We'll prevent somebody from unapproving a contact. - - if($cmd === 'approve') { - if($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) { - if(abook_toggle_flag($orig_record[0],ABOOK_FLAG_PENDING)) { - info((($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) - ? t('Channel has been approved') - : t('Channel has been unapproved')) . EOL ); - connections_clone($a); - } - else - notice(t('Unable to set address book parameters.') . EOL); - } - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); - } - - - if($cmd === 'drop') { - - require_once('include/Contact.php'); -// FIXME -// terminate_friendship($a->get_channel(),$orig_record[0]); - - contact_remove(local_user(), $orig_record[0]['abook_id']); -// FIXME - send to clones - info( t('Contact has been removed.') . EOL ); - if(x($_SESSION,'return_url')) - goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']); - goaway($a->get_baseurl(true) . '/contacts'); - - } - } - - if((x($a->data,'abook')) && (is_array($a->data['abook']))) { - - $contact_id = $a->data['abook']['abook_id']; - $contact = $a->data['abook']; - - - $tabs = array( - - array( - 'label' => t('View Profile'), - 'url' => $a->get_baseurl(true) . '/chanview/?f=&cid=' . $contact['abook_id'], - 'sel' => '', - 'title' => sprintf( t('View %s\'s profile'), $contact['xchan_name']), - ), - - array( - 'label' => t('Refresh Permissions'), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/refresh', - 'sel' => '', - 'title' => t('Fetch updated permissions'), - ), - - array( - 'label' => t('Recent Activity'), - 'url' => $a->get_baseurl(true) . '/network/?f=&cid=' . $contact['abook_id'], - 'sel' => '', - 'title' => t('View recent posts and comments'), - ), - - array( - 'label' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? t('Unblock') : t('Block')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/block', - 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? 'active' : ''), - 'title' => t('Block or Unblock this connection'), - ), - - array( - 'label' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? t('Unignore') : t('Ignore')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/ignore', - 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? 'active' : ''), - 'title' => t('Ignore or Unignore this connection'), - ), - array( - 'label' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? t('Unarchive') : t('Archive')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/archive', - 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? 'active' : ''), - 'title' => t('Archive or Unarchive this connection'), - ), - array( - 'label' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? t('Unhide') : t('Hide')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/hide', - 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? 'active' : ''), - 'title' => t('Hide or Unhide this connection'), - ), - - array( - 'label' => t('Delete'), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/drop', - 'sel' => '', - 'title' => t('Delete this connection'), - ), - - ); - - $self = false; - - if(! ($contact['abook_flags'] & ABOOK_FLAG_SELF)) { - $tab_tpl = get_markup_template('common_tabs.tpl'); - $t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); - } - else - $self = true; - - $a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array( - '$baseurl' => $a->get_baseurl(true), - '$editselect' => $editselect - )); - - require_once('include/contact_selectors.php'); - - $tpl = get_markup_template("abook_edit.tpl"); - - if(feature_enabled(local_user(),'affinity')) { - - $slider_tpl = get_markup_template('contact_slider.tpl'); - $slide = replace_macros($slider_tpl,array( - '$me' => t('Me'), - '$val' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 99), - '$intimate' => t('Best Friends'), - '$friends' => t('Friends'), - '$oldfriends' => t('Former Friends'), - '$acquaintances' => t('Acquaintances'), - '$world' => t('Unknown') - )); - } - - $perms = array(); - $channel = $a->get_channel(); - - $global_perms = get_perms(); - $existing = get_all_perms(local_user(),$contact['abook_xchan']); - - $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication')); - - foreach($global_perms as $k => $v) { - $thisperm = (($contact['abook_my_perms'] & $v[1]) ? "1" : ''); - - // For auto permissions (when $self is true) we don't want to look at existing - // permissions because they are enabled for the channel owner - - if((! $self) && ($existing[$k])) - $thisperm = "1"; - - $perms[] = array('perms_' . $k, $v[3], (($contact['abook_their_perms'] & $v[1]) ? "1" : ""),$thisperm, $v[1], (($channel[$v[0]] == PERMS_SPECIFIC) ? '' : '1'), $v[4]); - } - - $o .= replace_macros($tpl,array( - - '$header' => (($self) ? t('Automatic Permissions Settings') : sprintf( t('Connections: settings for %s'),$contact['xchan_name'])), - '$addr' => $contact['xchan_addr'], - '$notself' => (($self) ? '' : '1'), - '$self' => (($self) ? '1' : ''), - '$autolbl' => t('When receiving a channel introduction, any permissions provided here will be applied to the new connection automatically and the introduction approved. Leave this page if you do not wish to use this feature.'), - '$viewprof' => t('View Profile'), - '$lbl_slider' => t('Slide to adjust your degree of friendship'), - '$slide' => $slide, - '$tabs' => $t, - '$tab_str' => $tab_str, - '$is_pending' => (($contact['abook_flags'] & ABOOK_FLAG_PENDING) ? 1 : ''), - '$unapproved' => $unapproved, - '$inherited' => t('inherited'), - '$approve' => t('Approve this connection'), - '$noperms' => (((! $self) && (! $contact['abook_my_perms'])) ? t('Connection has no individual permissions!') : ''), - '$noperm_desc' => (((! $self) && (! $contact['abook_my_perms'])) ? t('This may be appropriate based on your privacy settings, though you may wish to review the "Advanced Permissions".') : ''), - '$submit' => t('Submit'), - '$lbl_vis1' => t('Profile Visibility'), - '$lbl_vis2' => sprintf( t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), - '$lbl_info1' => t('Contact Information / Notes'), - '$infedit' => t('Edit contact notes'), - '$close' => $contact['abook_closeness'], - '$them' => t('Their Settings'), - '$me' => t('My Settings'), - '$perms' => $perms, - '$forum' => t('Forum Members'), - '$soapbox' => t('Soapbox'), - '$full' => t('Full Sharing'), - '$cautious' => t('Cautious Sharing'), - '$follow' => t('Follow Only'), - '$permlbl' => t('Individual Permissions'), - '$permnote' => t('Some permissions may be inherited from your channel privacy settings, which have higher priority. Changing those inherited settings on this page will have no effect.'), - '$advanced' => t('Advanced Permissions'), - '$quick' => t('Quick Links'), - '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'], - '$all_friends' => $all_friends, - '$relation_text' => $relation_text, - '$visit' => sprintf( t('Visit %s\'s profile - %s'),$contact['xchan_name'],$contact['xchan_url']), - '$blockunblock' => t('Block/Unblock contact'), - '$ignorecont' => t('Ignore contact'), - '$lblcrepair' => t("Repair URL settings"), - '$lblrecent' => t('View conversations'), - '$lblsuggest' => $lblsuggest, - '$delete' => t('Delete contact'), - '$poll_interval' => contact_poll_interval($contact['priority'],(! $poll_enabled)), - '$poll_enabled' => $poll_enabled, - '$lastupdtext' => t('Last update:'), - '$lost_contact' => $lost_contact, - '$updpub' => t('Update public posts'), - '$last_update' => $last_update, - '$udnow' => t('Update now'), - '$profile_select' => contact_profile_assign($contact['abook_profile']), - '$multiprofs' => feature_enabled(local_user(),'multi_profiles'), - '$contact_id' => $contact['abook_id'], - '$block_text' => (($contact['blocked']) ? t('Unblock') : t('Block') ), - '$ignore_text' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ), - '$blocked' => (($contact['blocked']) ? t('Currently blocked') : ''), - '$ignored' => (($contact['readonly']) ? t('Currently ignored') : ''), - '$archived' => (($contact['archive']) ? t('Currently archived') : ''), - '$pending' => (($contact['archive']) ? t('Currently pending') : ''), - '$hidden' => array('hidden', t('Hide this contact from others'), ($contact['hidden'] == 1), t('Replies/likes to your public posts may still be visible')), - '$photo' => $contact['photo'], - '$name' => $contact['name'], - '$dir_icon' => $dir_icon, - '$alt_text' => $alt_text, - '$sparkle' => $sparkle, - '$url' => $url - - )); - - $arr = array('contact' => $contact,'output' => $o); - - call_hooks('contact_edit', $arr); - - return $arr['output']; - - } - $blocked = false; $hidden = false; $ignored = false; @@ -680,7 +350,7 @@ function connections_content(&$a) { 'name' => $rr['xchan_name'], 'username' => $rr['xchan_name'], 'sparkle' => $sparkle, - 'link' => z_root() . '/connections/' . $rr['abook_id'], + 'link' => z_root() . '/connedit/' . $rr['abook_id'], 'url' => $rr['xchan_url'], 'network' => network_to_name($rr['network']), ); diff --git a/mod/connedit.php b/mod/connedit.php index 777127c4f..7fc4bfaf8 100644 --- a/mod/connedit.php +++ b/mod/connedit.php @@ -41,10 +41,6 @@ function connedit_aside(&$a) { $a->set_widget('vcard',vcard_from_xchan($a->data['abook'],$a->get_observer())); $a->set_widget('collections', group_side('connections','group',false,0,$a->data['abook']['abook_xchan'])); } - else { - $a->set_widget('follow', widget_follow(array())); - } - $a->set_widget('suggest',widget_suggestions(array())); $a->set_widget('findpeople',findpeople_widget()); @@ -228,14 +224,14 @@ function connedit_content(&$a) { // pull feed and consume it, which should subscribe to the hub. proc_run('php',"include/poller.php","$contact_id"); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if($cmd === 'refresh') { if(! zot_refresh($orig_record[0],get_app()->get_channel())) notice( t('Refresh failed - channel is currently unavailable.') ); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if($cmd === 'block') { @@ -247,7 +243,7 @@ function connedit_content(&$a) { } else notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if($cmd === 'ignore') { @@ -259,7 +255,7 @@ function connedit_content(&$a) { } else notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if($cmd === 'archive') { @@ -271,7 +267,7 @@ function connedit_content(&$a) { } else notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if($cmd === 'hide') { @@ -283,7 +279,7 @@ function connedit_content(&$a) { } else notice(t('Unable to set address book parameters.') . EOL); - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } // We'll prevent somebody from unapproving a contact. @@ -299,7 +295,7 @@ function connedit_content(&$a) { else notice(t('Unable to set address book parameters.') . EOL); } - goaway($a->get_baseurl(true) . '/connections/' . $contact_id); + goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } @@ -336,7 +332,7 @@ function connedit_content(&$a) { array( 'label' => t('Refresh Permissions'), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/refresh', + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/refresh', 'sel' => '', 'title' => t('Fetch updated permissions'), ), @@ -350,33 +346,33 @@ function connedit_content(&$a) { array( 'label' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? t('Unblock') : t('Block')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/block', + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/block', 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_BLOCKED) ? 'active' : ''), 'title' => t('Block or Unblock this connection'), ), array( 'label' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? t('Unignore') : t('Ignore')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/ignore', + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/ignore', 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_IGNORED) ? 'active' : ''), 'title' => t('Ignore or Unignore this connection'), ), array( 'label' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? t('Unarchive') : t('Archive')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/archive', + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/archive', 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_ARCHIVED) ? 'active' : ''), 'title' => t('Archive or Unarchive this connection'), ), array( 'label' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? t('Unhide') : t('Hide')), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/hide', + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/hide', 'sel' => (($contact['abook_flags'] & ABOOK_FLAG_HIDDEN) ? 'active' : ''), 'title' => t('Hide or Unhide this connection'), ), array( 'label' => t('Delete'), - 'url' => $a->get_baseurl(true) . '/connections/' . $contact['abook_id'] . '/drop', + 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/drop', 'sel' => '', 'title' => t('Delete this connection'), ), @@ -515,194 +511,5 @@ function connedit_content(&$a) { } - $blocked = false; - $hidden = false; - $ignored = false; - $archived = false; - $unblocked = false; - $pending = false; - - $all = false; - - $_SESSION['return_url'] = $a->query_string; - - $search_flags = 0; - $head = ''; - - if(argc() == 2) { - switch(argv(1)) { - case 'blocked': - $search_flags = ABOOK_FLAG_BLOCKED; - $head = t('Blocked'); - $blocked = true; - break; - case 'ignored': - $search_flags = ABOOK_FLAG_IGNORED; - $head = t('Ignored'); - $ignored = true; - break; - case 'hidden': - $search_flags = ABOOK_FLAG_HIDDEN; - $head = t('Hidden'); - $hidden = true; - break; - case 'archived': - $search_flags = ABOOK_FLAG_ARCHIVED; - $head = t('Archived'); - $archived = true; - break; - case 'pending': - $search_flags = ABOOK_FLAG_PENDING; - $head = t('New'); - $pending = true; - nav_set_selected('intros'); - break; - - case 'all': - $head = t('All'); - default: - $search_flags = 0; - $all = true; - break; - - } - - $sql_extra = (($search_flags) ? " and ( abook_flags & " . $search_flags . " ) " : ""); - - - } - else { - $sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " ) "; - $unblocked = true; - } - - $search = ((x($_REQUEST,'search')) ? notags(trim($_REQUEST['search'])) : ''); - - $tabs = array( - array( - 'label' => t('Suggestions'), - 'url' => $a->get_baseurl(true) . '/suggest', - 'sel' => '', - 'title' => t('Suggest new connections'), - ), - array( - 'label' => t('New Connections'), - 'url' => $a->get_baseurl(true) . '/connections/pending', - 'sel' => ($pending) ? 'active' : '', - 'title' => t('Show pending (new) connections'), - ), - array( - 'label' => t('All Connections'), - 'url' => $a->get_baseurl(true) . '/connections/all', - 'sel' => ($all) ? 'active' : '', - 'title' => t('Show all connections'), - ), - array( - 'label' => t('Unblocked'), - 'url' => $a->get_baseurl(true) . '/connections', - 'sel' => (($unblocked) && (! $search) && (! $nets)) ? 'active' : '', - 'title' => t('Only show unblocked connections'), - ), - - array( - 'label' => t('Blocked'), - 'url' => $a->get_baseurl(true) . '/connections/blocked', - 'sel' => ($blocked) ? 'active' : '', - 'title' => t('Only show blocked connections'), - ), - - array( - 'label' => t('Ignored'), - 'url' => $a->get_baseurl(true) . '/connections/ignored', - 'sel' => ($ignored) ? 'active' : '', - 'title' => t('Only show ignored connections'), - ), - - array( - 'label' => t('Archived'), - 'url' => $a->get_baseurl(true) . '/connections/archived', - 'sel' => ($archived) ? 'active' : '', - 'title' => t('Only show archived connections'), - ), - - array( - 'label' => t('Hidden'), - 'url' => $a->get_baseurl(true) . '/connections/hidden', - 'sel' => ($hidden) ? 'active' : '', - 'title' => t('Only show hidden connections'), - ), - - ); - - $tab_tpl = get_markup_template('common_tabs.tpl'); - $t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); - - $searching = false; - if($search) { - $search_hdr = $search; - $search_txt = dbesc(protect_sprintf(preg_quote($search))); - $searching = true; - } - $sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : ""); - - - $r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - where abook_channel = %d and not (abook_flags & %d) $sql_extra $sql_extra2 ", - intval(local_user()), - intval(ABOOK_FLAG_SELF) - ); - if(count($r)) { - $a->set_pager_total($r[0]['total']); - $total = $r[0]['total']; - } - - $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - WHERE abook_channel = %d and not (abook_flags & %d) $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d , %d ", - intval(local_user()), - intval(ABOOK_FLAG_SELF), - intval($a->pager['start']), - intval($a->pager['itemspage']) - ); - - $contacts = array(); - - if(count($r)) { - - foreach($r as $rr) { - if($rr['xchan_url']) { - $contacts[] = array( - 'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']), - 'edit_hover' => t('Edit contact'), - 'id' => $rr['abook_id'], - 'alt_text' => $alt_text, - 'dir_icon' => $dir_icon, - 'thumb' => $rr['xchan_photo_m'], - 'name' => $rr['xchan_name'], - 'username' => $rr['xchan_name'], - 'sparkle' => $sparkle, - 'link' => z_root() . '/connections/' . $rr['abook_id'], - 'url' => $rr['xchan_url'], - 'network' => network_to_name($rr['network']), - ); - } - } - } - - $tpl = get_markup_template("contacts-template.tpl"); - $o .= replace_macros($tpl,array( - '$header' => t('Connections') . (($head) ? ' - ' . $head : ''), - '$tabs' => $t, - '$total' => $total, - '$search' => $search_hdr, - '$desc' => t('Search your connections'), - '$finding' => (($searching) ? t('Finding: ') . "'" . $search . "'" : ""), - '$submit' => t('Find'), - '$cmd' => $a->cmd, - '$contacts' => $contacts, - '$paginate' => paginate($a), - - )); - - return $o; } diff --git a/mod/follow.php b/mod/follow.php index 364fe76b9..962bb71a7 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -30,7 +30,7 @@ function follow_init(&$a) { proc_run('php','include/onepoll.php',$result['abook']['abook_id']); - goaway(z_root() . '/connections/' . $result['abook']['abook_id']); + goaway(z_root() . '/connedit/' . $result['abook']['abook_id']); } diff --git a/mod/settings.php b/mod/settings.php index c2a540063..7fb6f8317 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -99,7 +99,7 @@ if (! local_user()) array( 'label' => t('Automatic Permissions (Advanced)'), - 'url' => $a->get_baseurl(true) . '/connections/' . $abook_self_id, + 'url' => $a->get_baseurl(true) . '/connedit/' . $abook_self_id, 'selected' => '' ), -- cgit v1.2.3