harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
zottel 2015-09-23 08:59:28 +02:00
commit 0bfdb45b41
26 changed files with 465 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
boot.php
View File

@ -50,7 +50,7 @@ define ( 'PLATFORM_NAME', 'hubzilla' );
define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'H');
define ( 'ZOT_REVISION', 1 );
define ( 'DB_UPDATE_VERSION', 1153 );
define ( 'DB_UPDATE_VERSION', 1154 );
/**
* @brief Constant with a HTML line break.

55
include/DReport.php Normal file
View File

@ -0,0 +1,55 @@
<?php
class DReport {
private $location;
private $sender;
private $recipient;
private $message_id;
private $status;
private $date;
function __construct($location,$sender,$recipient,$message_id,$status = 'deliver') {
$this->location = $location;
$this->sender = $sender;
$this->recipient = $recipient;
$this->message_id = $message_id;
$this->status = $status;
$this->date = datetime_convert();
}
function update($status) {
$this->status = $status;
$this->date = datetime_convert();
}
function addto_recipient($name) {
$this->recipient = $this->recipient . ' ' . $name;
}
function addto_update($status) {
$this->status = $this->status . ' ' . $status;
}
function set($arr) {
$this->location = $arr['location'];
$this->sender = $arr['sender'];
$this->recipient = $arr['recipient'];
$this->message_id = $arr['message_id'];
$this->status = $arr['status'];
$this->date = $arr['date'];
}
function get() {
return array(
'location' => $this->location,
'sender' => $this->sender,
'recipient' => $this->recipient,
'message_id' => $this->message_id,
'status' => $this->status,
'date' => $this->date
);
}
}

2
include/ItemObject.php
View File

@ -286,6 +286,7 @@ class Item extends BaseObject {
'body' => $body,
'text' => strip_tags($body),
'id' => $this->get_id(),
'mid' => $item['mid'],
'isevent' => $isevent,
'attend' => $attend,
'consensus' => $consensus,
@ -301,6 +302,7 @@ class Item extends BaseObject {
'vwall' => t('via Wall-To-Wall:'),
'profile_url' => $profile_link,
'item_photo_menu' => item_photo_menu($item),
'dreport' => t('Delivery Report'),
'name' => $profile_name,
'thumb' => $profile_avatar,
'osparkle' => $osparkle,

2
include/chat.php
View File

@ -91,7 +91,7 @@ function chatroom_destroy($channel,$arr) {
return $ret;
}
create_sync_packet($channel['channel_id'],array('chatroom' => $r));
build_sync_packet($channel['channel_id'],array('chatroom' => $r));
q("delete from chatroom where cr_id = %d",
intval($r[0]['cr_id'])

23
include/deliver.php
View File

@ -15,7 +15,10 @@ function deliver_run($argv, $argc) {
logger('deliver: invoked: ' . print_r($argv,true), LOGGER_DATA);
for($x = 1; $x < $argc; $x ++) {
$dresult = null;
$r = q("select * from outq where outq_hash = '%s' limit 1",
dbesc($argv[$x])
);
@ -98,11 +101,29 @@ function deliver_run($argv, $argc) {
}
else {
$msg = array('body' => json_encode(array('success' => true, 'pickup' => array(array('notify' => $notify,'message' => $m)))));
zot_import($msg,z_root());
$dresult = zot_import($msg,z_root());
}
$r = q("delete from outq where outq_hash = '%s'",
dbesc($argv[$x])
);
if($dresult && is_array($dresult)) {
foreach($dresult as $xx) {
if(is_array($xx) && array_key_exists('message_id',$xx)) {
q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ",
dbesc($xx['message_id']),
dbesc($xx['location']),
dbesc($xx['recipient']),
dbesc($xx['status']),
dbesc(datetime_convert($xx['date'])),
dbesc($xx['sender'])
);
}
}
}
q("delete from dreport where dreport_queue = '%s' limit 1",
dbesc($argv[$x])
);
}
}
else {

13
include/items.php
View File

@ -836,6 +836,7 @@ function title_is_body($title, $body) {
function get_item_elements($x,$allow_code = false) {
$arr = array();
if($allow_code)
$arr['body'] = $x['body'];
else
@ -4417,6 +4418,18 @@ function delete_item_lowlevel($item, $stage = DROPITEM_NORMAL, $force = false) {
intval($item['uid'])
);
// remove delivery reports
$c = q("select channel_hash from channel where channel_id = %d limit 1",
intval($item['uid'])
);
if($c) {
q("delete from dreport where dreport_xchan = '%s' and dreport_mid = '%s'",
dbesc($c[0]['channel_hash']),
dbesc($item['mid'])
);
}
// network deletion request. Keep the message structure so that we can deliver delete notifications.
// Come back after several days (or perhaps a month) to do the lowlevel delete (DROPITEM_PHASE2).

5
include/nav.php
View File

@ -94,9 +94,8 @@ EOT;
require_once('include/chat.php');
$has_chats = chatroom_list_count(local_channel());
if($has_chats) {
$nav['usermenu'][] = Array('chat/' . $channel['channel_address'],t('Chat'),"",t('Your chatrooms'),'chat_nav_btn');
}
$nav['usermenu'][] = Array('chat/' . $channel['channel_address'] . (($has_chats) ? '' : '/new'), t('Chat'),"",t('Your chatrooms'),'chat_nav_btn');
require_once('include/menu.php');
$has_bookmarks = menu_list_count(local_channel(),'',MENU_BOOKMARK) + menu_list_count(local_channel(),'',MENU_SYSTEM|MENU_BOOKMARK);

12
include/notifier.php
View File

@ -662,6 +662,18 @@ function notifier_run($argv, $argc){
dbesc($n),
dbesc(json_encode($encoded_item))
);
// only create delivery reports for normal undeleted items
if(array_key_exists('postopts',$target_item) && (! $target_item['item_deleted'])) {
q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan, dreport_queue ) values ( '%s','%s','%s','%s','%s','%s','%s' ) ",
dbesc($target_item['mid']),
dbesc($hub['hubloc_host']),
dbesc($hub['hubloc_host']),
dbesc('queued'),
dbesc(datetime_convert()),
dbesc($channel['channel_hash']),
dbesc($hash)
);
}
}
$deliver[] = $hash;

11
include/poller.php
View File

@ -201,6 +201,17 @@ function poller_run($argv, $argc){
db_utcnow(), db_quoteinterval('30 DAY')
);
// expire old delivery reports
$keep_reports = intval(get_config('system','expire_delivery_reports'));
if($keep_reports === 0)
$keep_reports = 30;
q("delete from dreport where dreport_time < %s - INTERVAL %s",
db_utcnow(),
db_quoteinterval($keep_reports . ' DAY')
);
// expire any expired accounts
downgrade_accounts();

150
include/zot.php
View File

@ -487,20 +487,17 @@ function zot_refresh($them, $channel = null, $force = false) {
if($y) {
logger("New introduction received for {$channel['channel_name']}");
$new_perms = get_all_perms($channel['channel_id'],$x['hash']);
if($new_perms != $previous_perms) {
// Send back a permissions update if permissions have changed
$z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1",
dbesc($x['hash']),
intval($channel['channel_id'])
);
if($z)
proc_run('php','include/notifier.php','permission_update',$z[0]['abook_id']);
}
$new_connection = q("select abook_id, abook_pending from abook where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1",
intval($channel['channel_id']),
dbesc($x['hash'])
// Send a clone sync packet and a permissions update if permissions have changed
$new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 order by abook_created desc limit 1",
dbesc($x['hash']),
intval($channel['channel_id'])
);
if($new_connection) {
if($new_perms != $previous_perms)
proc_run('php','include/notifier.php','permission_update',$new_connection[0]['abook_id']);
require_once('include/enotify.php');
notification(array(
'type' => NOTIFY_INTRO,
@ -508,12 +505,17 @@ function zot_refresh($them, $channel = null, $force = false) {
'to_xchan' => $channel['channel_hash'],
'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'],
));
}
if($their_perms & PERMS_R_STREAM) {
if(($channel['channel_w_stream'] & PERMS_PENDING)
|| (! intval($new_connection[0]['abook_pending'])) )
proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']);
}
if($new_connection && ($their_perms & PERMS_R_STREAM)) {
if(($channel['channel_w_stream'] & PERMS_PENDING)
|| (! intval($new_connection[0]['abook_pending'])) )
proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']);
unset($new_connection[0]['abook_id']);
unset($new_connection[0]['abook_account']);
unset($new_connection[0]['abook_channel']);
build_sync_packet($channel['channel_id'], array('abook' => $new_connection));
}
}
}
@ -955,6 +957,25 @@ function zot_process_response($hub, $arr, $outq) {
logger('zot_process_response: headers: ' . print_r($arr['header'],true), LOGGER_DATA);
}
if(is_array($x) && array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) {
foreach($x['delivery_report'] as $xx) {
if(is_array($xx) && array_key_exists('message_id',$xx)) {
q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ",
dbesc($xx['message_id']),
dbesc($xx['location']),
dbesc($xx['recipient']),
dbesc($xx['status']),
dbesc(datetime_convert($xx['date'])),
dbesc($xx['sender'])
);
}
}
}
q("delete from dreport where dreport_queue = '%s' limit 1",
dbesc($outq['outq_hash'])
);
// update the timestamp for this site
q("update site set site_dead = 0, site_update = '%s' where site_url = '%s'",
@ -1530,6 +1551,7 @@ function allowed_public_recips($msg) {
function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $request = false) {
$result = array();
require_once('include/DReport.php');
$result['site'] = z_root();
@ -1544,16 +1566,30 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
foreach($deliveries as $d) {
$local_public = $public;
$DR = new DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']);
$r = q("select * from channel where channel_hash = '%s' limit 1",
dbesc($d['hash'])
);
if(! $r) {
$result[] = array($d['hash'], 'recipients not found');
$DR->update('recipient not found');
$result[] = $DR->get();
continue;
}
$channel = $r[0];
$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
// uncomment this once we find out what's stopping the clone sync of the item from working
// if($d['hash'] === $sender['hash']) {
// $DR->update('self delivery ignored');
// $result[] = $DR->get();
// continue;
// }
// allow public postings to the sys channel regardless of permissions, but not
// for comments travelling upstream. Wait and catch them on the way down.
@ -1589,7 +1625,8 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) {
logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}");
$result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('permission denied');
$result[] = $DR->get();
continue;
}
@ -1606,7 +1643,8 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
intval($channel['channel_id'])
);
if(! $r) {
$result[] = array($d['hash'],'comment parent not found',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('comment parent not found');
$result[] = $DR->get();
// We don't seem to have a copy of this conversation or at least the parent
// - so request a copy of the entire conversation to date.
@ -1661,7 +1699,8 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
if($last_hop && $last_hop != $sender['hash']) {
logger('comment route mismatch: parent route = ' . $r[0]['route'] . ' expected = ' . $current_route, LOGGER_DEBUG);
logger('comment route mismatch: parent msg = ' . $r[0]['id'],LOGGER_DEBUG);
$result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('comment route mismatch');
$result[] = $DR->get();
continue;
}
@ -1690,12 +1729,14 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
$arr['uid'] = $channel['channel_id'];
$item_id = delete_imported_item($sender,$arr,$channel['channel_id'],$relay);
$result[] = array($d['hash'],(($item_id) ? 'deleted' : 'delete_failed'),$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update(($item_id) ? 'deleted' : 'delete_failed');
$result[] = $DR->get();
if($relay && $item_id) {
logger('process_delivery: invoking relay');
proc_run('php','include/notifier.php','relay',intval($item_id));
$result[] = array($d['hash'],'relayed',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('relayed');
$result[] = $DR->get();
}
continue;
@ -1711,7 +1752,9 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
if(intval($r[0]['item_deleted'])) {
// It was deleted locally.
$result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('update ignored');
$result[] = $DR->get();
continue;
}
// Maybe it has been edited?
@ -1719,17 +1762,21 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
$arr['id'] = $r[0]['id'];
$arr['uid'] = $channel['channel_id'];
if(($arr['mid'] == $arr['parent_mid']) && (! post_is_importable($arr,$abook))) {
$result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('update ignored');
$result[] = $DR->get();
}
else {
update_imported_item($sender,$arr,$r[0],$channel['channel_id']);
$result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('updated');
$result[] = $DR->get();
if(! $relay)
add_source_route($item_id,$sender['hash']);
}
}
else {
$result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('update ignored');
$result[] = $DR->get();
// We need this line to ensure wall-to-wall comments are relayed (by falling through to the relay bit),
// and at the same time not relay any other relayable posts more than once, because to do so is very wasteful.
@ -1750,7 +1797,8 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
$item_id = 0;
if(($arr['mid'] == $arr['parent_mid']) && (! post_is_importable($arr,$abook))) {
$result[] = array($d['hash'],'post ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update('post ignored');
$result[] = $DR->get();
}
else {
$item_result = item_store($arr);
@ -1762,14 +1810,16 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
if(! $relay)
add_source_route($item_id,$sender['hash']);
}
$result[] = array($d['hash'],(($item_id) ? 'posted' : 'storage failed:' . $item_result['message']),$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->update(($item_id) ? 'posted' : 'storage failed: ' . $item_result['message']);
$result[] = $DR->get();
}
}
if($relay && $item_id) {
logger('process_delivery: invoking relay');
proc_run('php','include/notifier.php','relay',intval($item_id));
$result[] = array($d['hash'],'relayed',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
$DR->addto_update('relayed');
$result[] = $DR->get();
}
}
@ -2766,7 +2816,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) {
$channel = $r[0];
$h = q("select * from hubloc where hubloc_hash = '%s'",
$h = q("select * from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0",
dbesc($channel['channel_hash'])
);
@ -2938,12 +2988,19 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
sync_menus($channel,$arr['menu']);
if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) {
if(array_key_exists('channel_page_flags',$arr['channel']) && intval($arr['channel']['channel_pageflags'])) {
$arr['channel']['channel_removed'] = (($arr['channel']['channel_pageflags'] & 0x8000) ? 1 : 0);
$arr['channel']['channel_system'] = (($arr['channel']['channel_pageflags'] & 0x1000) ? 1 : 0);
if(array_key_exists('channel_pageflags',$arr['channel']) && intval($arr['channel']['channel_pageflags'])) {
// These flags cannot be sync'd.
// remove the bits from the incoming flags.
if($arr['channel_pageflags'] & 0x8000)
$arr['channel_pageflags'] = $arr['channel_pageflags'] - 0x8000;
if($arr['channel_pageflags'] & 0x1000)
$arr['channel_pageflags'] = $arr['channel_pageflags'] - 0x1000;
}
$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address', 'channel_notifyflags');
$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', 'channel_system');
$clean = array();
foreach($arr['channel'] as $k => $v) {
@ -3255,7 +3312,27 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
}
}
$result[] = array($d['hash'],'channel sync updated',$channel['channel_name'],'');
if(array_key_exists('item',$arr) && $arr['item'])
sync_items($channel,$arr['item']);
if(array_key_exists('item_id',$arr) && $arr['item_id'])
sync_items($channel,$arr['item_id']);
// we should probably do this for all items, but usually we only send one.
require_once('include/DReport.php');
if(array_key_exists('item',$arr) && is_array($arr['item'][0])) {
$DR = new DReport(z_root(),$d['hash'],$d['hash'],$arr['item'][0]['message_id'],'channel sync processed');
$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
}
else
$DR = new DReport(z_root(),$d['hash'],$d['hash'],'sync packet','channel sync delivered');
$result[] = $DR->get();
}
return $result;
@ -3697,4 +3774,5 @@ function zotinfo($arr) {
}
call_hooks('zot_finger',$ret);
return($ret);
}

2
install/schema_mysql.sql
View File

@ -359,11 +359,13 @@ CREATE TABLE IF NOT EXISTS `dreport` (
`dreport_result` char(255) NOT NULL DEFAULT '',
`dreport_time` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`dreport_xchan` char(255) NOT NULL DEFAULT '',
`dreport_queue` char(255) NOT NULL DEFAULT '',
PRIMARY KEY (`dreport_id`),
KEY `dreport_mid` (`dreport_mid`),
KEY `dreport_site` (`dreport_site`),
KEY `dreport_time` (`dreport_time`),
KEY `dreport_xchan` (`dreport_xchan`),
KEY `dreport_queue` (`dreport_queue`),
KEY `dreport_channel` (`dreport_channel`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

2
install/schema_postgres.sql
View File

@ -350,6 +350,7 @@ CREATE TABLE IF NOT EXISTS "dreport" (
"dreport_result" char(255) NOT NULL DEFAULT '',
"dreport_time" timestamp NOT NULL DEFAULT '0001-01-01 00:00:00',
"dreport_xchan" char(255) NOT NULL DEFAULT '',
"dreport_queue" char(255) NOT NULL DEFAULT '',
PRIMARY KEY ("dreport_id")
);
@ -357,6 +358,7 @@ create index "dreport_mid" on dreport ("dreport_mid");
create index "dreport_site" on dreport ("dreport_site");
create index "dreport_time" on dreport ("dreport_time");
create index "dreport_xchan" on dreport ("dreport_xchan");
create index "dreport_queue" on dreport ("dreport_queue");
create index "dreport_channel" on dreport ("dreport_channel");

13
install/update.php
View File

@ -1,6 +1,6 @@
<?php
define( 'UPDATE_VERSION' , 1153 );
define( 'UPDATE_VERSION' , 1154 );
/**
*
@ -1854,3 +1854,14 @@ function update_r1152() {
return UPDATE_FAILED;
}
function update_r1153() {
$r1 = q("ALTER TABLE dreport ADD dreport_queue CHAR( 255 ) NOT NULL DEFAULT '' ");
$r2 = q("create index dreport_queue on dreport ( dreport_queue) ");
if($r1 && $r2)
return UPDATE_SUCCESS;
return UPDATE_FAILED;
}

2
mod/chat.php
View File

@ -67,7 +67,7 @@ function chat_post(&$a) {
intval(local_channel())
);
create_sync_packet(0, array('chatroom' => $x));
build_sync_packet(0, array('chatroom' => $x));
if($x)
goaway(z_root() . '/chat/' . $channel['channel_address'] . '/' . $x[0]['cr_id']);

34
mod/cloud.php
View File

@ -73,6 +73,8 @@ function cloud_init(&$a) {
$server->addPlugin($lockPlugin);
/* This next bit should no longer be needed... */
// The next section of code allows us to bypass prompting for http-auth if a
// FILE is being accessed anonymously and permissions allow this. This way
// one can create hotlinks to public media files in their cloud and anonymous
@ -83,24 +85,24 @@ function cloud_init(&$a) {
// In order to avoid prompting for passwords for viewing a DIRECTORY, add
// the URL query parameter 'davguest=1'.
$isapublic_file = false;
$davguest = ((x($_SESSION, 'davguest')) ? true : false);
// $isapublic_file = false;
// $davguest = ((x($_SESSION, 'davguest')) ? true : false);
if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
try {
$x = RedFileData('/' . $a->cmd, $auth);
if($x instanceof RedDAV\RedFile)
$isapublic_file = true;
}
catch (Exception $e) {
$isapublic_file = false;
}
}
// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
// try {
// $x = RedFileData('/' . $a->cmd, $auth);
// if($x instanceof RedDAV\RedFile)
// $isapublic_file = true;
// }
// catch (Exception $e) {
// $isapublic_file = false;
// }
// }
if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
logger('mod_cloud: auth exception');
http_status_exit(401, 'Permission denied.');
}
// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
// logger('mod_cloud: auth exception');
// http_status_exit(401, 'Permission denied.');
// }
require_once('include/RedDAV/RedBrowser.php');
// provide a directory view for the cloud in Hubzilla

43
mod/dreport.php Normal file
View File

@ -0,0 +1,43 @@
<?php
function dreport_content(&$a) {
if(! local_channel()) {
notice( t('Permission denied') . EOL);
return;
}
$channel = $a->get_channel();
$mid = ((argc() > 1) ? argv(1) : '');
if(! $mid) {
notice( t('Invalid message') . EOL);
return;
}
$r = q("select * from dreport where dreport_xchan = '%s' and dreport_mid = '%s'",
dbesc($channel['channel_hash']),
dbesc($mid)
);
if(! $r) {
notice( t('no results') . EOL);
return;
}
$o .= '<h2>' . sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...' . '</h2>';
$o .= '<table>';
foreach($r as $rr) {
$name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' ')));
$o .= '<tr><td>' . $name . '</td><td>' . escape_tags($rr['dreport_result']) . '</td><td>' . escape_tags($rr['dreport_time']) . '</td></tr>';
}
$o .= '</table>';
return $o;
}

1
mod/item.php
View File

@ -641,6 +641,7 @@ function item_post(&$a) {
$item_unseen = ((local_channel() != $profile_uid) ? 1 : 0);
$item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0);
$item_origin = (($origin) ? 1 : 0);
$item_consensus = (($consensus) ? 1 : 0);
// determine if this is a wall post

15
mod/locs.php
View File

@ -50,8 +50,17 @@ function locs_post(&$a) {
return;
}
if(intval($r[0]['hubloc_primary'])) {
notice( t('Primary location cannot be removed.') . EOL);
return;
$x = q("select hubloc_id from hubloc where hubloc_primary = 1 and hubloc_hash = '%s'",
dbesc($channel['channel_hash'])
);
if(! $x) {
notice( t('Location lookup failed.'));
return;
}
if(count($x) == 1) {
notice( t('Please select another location to become primary before removing the primary location.') . EOL);
return;
}
}
$r = q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d and hubloc_hash = '%s'",
@ -91,8 +100,6 @@ function locs_content(&$a) {
$r[$x]['deleted'] = (intval($r[$x]['hubloc_deleted']) ? true : false);
}
$o = replace_macros(get_markup_template('locmanage.tpl'), array(
'$header' => t('Manage Channel Locations'),
'$loc' => t('Location (address)'),

256
mod/post.php
View File

@ -117,7 +117,7 @@ function post_init(&$a) {
}
// Try and find a hubloc for the person attempting to auth
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1",
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc",
dbesc($address)
);
@ -128,7 +128,7 @@ function post_init(&$a) {
$j = json_decode($ret['body'], true);
if ($j)
import_xchan($j);
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1",
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc",
dbesc($address)
);
}
@ -144,152 +144,159 @@ function post_init(&$a) {
goaway($desturl);
}
logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] );
// check credentials and access
foreach($x as $xx) {
logger('mod_zot: auth request received from ' . $xx['hubloc_addr'] );
// If they are already authenticated and haven't changed credentials,
// we can save an expensive network round trip and improve performance.
// check credentials and access
$remote = remote_channel();
$result = null;
$remote_service_class = '';
$remote_level = 0;
$remote_hub = $x[0]['hubloc_url'];
$DNT = 0;
// If they are already authenticated and haven't changed credentials,
// we can save an expensive network round trip and improve performance.
// Also check that they are coming from the same site as they authenticated with originally.
$remote = remote_channel();
$result = null;
$remote_service_class = '';
$remote_level = 0;
$remote_hub = $xx['hubloc_url'];
$DNT = 0;
$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
if($delegate && $delegate !== $_SESSION['delegate_channel'])
$already_authed = false;
// Also check that they are coming from the same site as they authenticated with originally.
$j = array();
$already_authed = ((($remote) && ($xx['hubloc_hash'] == $remote) && ($xx['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
if($delegate && $delegate !== $_SESSION['delegate_channel'])
$already_authed = false;
if (! $already_authed) {
$j = array();
// Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key
// The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender
// which can be verified
if (! $already_authed) {
// Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key
// The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender
// which can be verified
$p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec);
if ($test) {
$ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL;
$ret['message'] .= 'packet contents: ' . $p . EOL;
}
$result = zot_zot($x[0]['hubloc_callback'],$p);
if (! $result['success']) {
logger('mod_zot: auth_check callback failed.');
$p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $xx['hubloc_guid'],'guid_sig' => $xx['hubloc_guid_sig'])), $xx['hubloc_sitekey'], $sec);
if ($test) {
$ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
json_return_and_die($ret);
$ret['message'] .= 'auth check packet created using sitekey ' . $xx['hubloc_sitekey'] . EOL;
$ret['message'] .= 'packet contents: ' . $p . EOL;
}
goaway($desturl);
}
$j = json_decode($result['body'], true);
if (! $j) {
logger('mod_zot: auth_check json data malformed.');
if($test) {
$ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
json_return_and_die($ret);
}
}
}
$result = zot_zot($xx['hubloc_callback'],$p);
if ($test) {
$ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
}
if ($already_authed || $j['success']) {
if ($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
if (! $result['success']) {
logger('mod_zot: auth_check callback failed.');
if ($test) {
$ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true);
json_return_and_die($ret);
$ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
continue;
}
goaway($desturl);
continue;
}
if (array_key_exists('service_class',$j))
$remote_service_class = $j['service_class'];
if (array_key_exists('level',$j))
$remote_level = $j['level'];
if (array_key_exists('DNT',$j))
$DNT = $j['DNT'];
}
// everything is good... maybe
if(local_channel()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($test) {
$ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
json_return_and_die($ret);
$j = json_decode($result['body'], true);
if (! $j) {
logger('mod_zot: auth_check json data malformed.');
if($test) {
$ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
continue;
}
}
goaway($desturl);
}
// log them in
if ($test) {
$ret['success'] = true;
$ret['message'] .= 'Authentication Success!' . EOL;
json_return_and_die($ret);
$ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
}
$delegation_success = false;
if ($delegate) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
dbesc($delegate)
);
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate');
if ($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $x[0]['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once('include/security.php');
change_channel($r[0]['channel_id']);
$delegation_success = true;
if ($already_authed || $j['success']) {
if ($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (! rsa_verify($sec . $xx['xchan_hash'],base64url_decode($j['confirm']),$xx['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
if ($test) {
$ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($xx,true);
continue;
}
continue;
}
if (array_key_exists('service_class',$j))
$remote_service_class = $j['service_class'];
if (array_key_exists('level',$j))
$remote_level = $j['level'];
if (array_key_exists('DNT',$j))
$DNT = $j['DNT'];
}
// everything is good... maybe
if(local_channel()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if ($a->channel['channel_hash'] != $xx['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($test) {
$ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
continue;
}
}
continue;
}
// log them in
if ($test) {
$ret['success'] = true;
$ret['message'] .= 'Authentication Success!' . EOL;
json_return_and_die($ret);
}
$delegation_success = false;
if ($delegate) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
dbesc($delegate)
);
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'],$xx['xchan_hash'],'delegate');
if ($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $xx['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once('include/security.php');
change_channel($r[0]['channel_id']);
$delegation_success = true;
}
}
}
$_SESSION['authenticated'] = 1;
if (! $delegation_success) {
$_SESSION['visitor_id'] = $xx['xchan_hash'];
$_SESSION['my_url'] = $xx['xchan_url'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
$_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$_SESSION['DNT'] = $DNT;
}
$arr = array('xchan' => $xx, 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success',$arr);
$a->set_observer($xx);
require_once('include/security.php');
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf( t('Welcome %s. Remote authentication successful.'),$xx['xchan_name']));
logger('mod_zot: auth success from ' . $xx['xchan_addr']);
}
else {
if ($test) {
$ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
continue;
}
logger('mod_zot: magic-auth failure - not authenticated: ' . $xx['xchan_addr']);
}
$_SESSION['authenticated'] = 1;
if (! $delegation_success) {
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
$_SESSION['my_url'] = $x[0]['xchan_url'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
$_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$_SESSION['DNT'] = $DNT;
if ($test) {
$ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
continue;
}
$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success',$arr);
$a->set_observer($x[0]);
require_once('include/security.php');
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
logger('mod_zot: auth success from ' . $x[0]['xchan_addr']);
}
else {
if($test) {
$ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
json_return_and_die($ret);
}
logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']);
}
/**
@ -299,14 +306,13 @@ function post_init(&$a) {
* But z_root() probably isn't where you really want to go.
*/
if ($test) {
$ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
json_return_and_die($ret);
}
if(strstr($desturl,z_root() . '/rmagic'))
goaway(z_root());
if ($test) {
json_return_and_die($ret);
}
goaway($desturl);
}
}

2
version.inc
View File

@ -1 +1 @@
2015-09-18.1159
2015-09-22.1163

2
view/php/default.php
View File

@ -14,7 +14,7 @@
<div id="page-footer"></div>
<div id="pause"></div>
</section>
<aside id="region_3" class="hidden-sm hidden-xs"><?php if(x($page,'right_aside')) echo $page['right_aside']; ?></aside>
<aside id="region_3" class="hidden-sm hidden-xs hidden-md"><?php if(x($page,'right_aside')) echo $page['right_aside']; ?></aside>
</main>
<footer><?php if(x($page,'footer')) echo $page['footer']; ?></footer>
</body>

2
view/tpl/bookmarkedchats.tpl
View File

@ -1,7 +1,7 @@
{{if $rooms}}
<div class="widget">
<h3>{{$header}}</h3>
<ul class="bookmarkchat">
<ul class="bookmarkchat nav nav-pills nav-stacked">
{{foreach $rooms as $room}}
<li><a href="{{$room.xchat_url}}">{{$room.xchat_desc}}</a></li>
{{/foreach}}

2
view/tpl/chatroom_new.tpl
View File

@ -2,7 +2,7 @@
<form action="chat" method="post" >
{{include file="field_input.tpl" field=$name}}
<button id="dbtn-acl" class="btn btn-default btn-xs" data-toggle="modal" data-target="#aclModal" onclick="return false;" >{{$permissions}}</button>
<button id="dbtn-acl" class="btn btn-default" data-toggle="modal" data-target="#aclModal" onclick="return false;" >{{$permissions}}</button>
{{$acl}}
<div class="clear"></div>
<br />

2
view/tpl/chatrooms.tpl
View File

@ -2,7 +2,7 @@
{{if $is_owner}}
<p>
<a href="{{$baseurl}}/chat/{{$nickname}}/new">{{$newroom}}</a>
<span class="btn btn-default"><a href="{{$baseurl}}/chat/{{$nickname}}/new">{{$newroom}}</a></span>
</p>
{{/if}}

5
view/tpl/conv_item.tpl
View File

@ -123,6 +123,11 @@
{{if $item.item_photo_menu}}
<li role="presentation" class="divider"></li>
{{$item.item_photo_menu}}
{{if $item.edpost}}
<li role="presentation"><a role="menuitem" href="dreport/{{$item.mid}}">{{$item.dreport}}</a></li>
{{/if}}
{{/if}}
</ul>
</div>

2
view/tpl/locmanage.tpl
View File

@ -19,7 +19,7 @@ function drophub(id) {
{{if $hub.primary}}<button class="btn btn-std"><i class="icon-check"></i></button>{{else}}<button class="btn btn-std" onclick="primehub({{$hub.hubloc_id}}); return false;" ><i class="icon-check-empty" ></i></button>{{/if}}
</td>
<td>{{if $hub.primary}}{{else}}{{if ! $hub.deleted}}<button class="btn btn-std" onclick="drophub({{$hub.hubloc_id}}); return false;"><i class="icon-trash"></i></button>{{/if}}{{/if}}</td>
<td>{{if ! $hub.deleted}}<button class="btn btn-std" onclick="drophub({{$hub.hubloc_id}}); return false;"><i class="icon-trash"></i></button>{{/if}}</td>
</tr>
{{/foreach}}
</table>